More than 300 top IT executives who responded to a recent poll indicated that IT investments that enable business process innovations continue to be a top priority (36 percent in 2011 and 33 percent in 2010), followed by lower business operation costs (25 percent), creating top line revenue growth (21 percent),and managing IT infrastructure more efficiently (17 percent).
While the top three technologies currently in production -- mobile/wireless, server virtualization and ERP -- remain the same year-over-year, the results demonstrate a significant increase in the number of participants implementing these technologies, showing additional IT spending. One other technology shift can be seen in investments in storage virtualization which climbed steeply, from 25 percent in 2010 to 45 percent in 2011.
-----------------------------------------------------------
Top Technologies in Production 2011 2010
-----------------------------------------------------------
Mobile/Wireless 58 percent 48 percent
-----------------------------------------------------------
Server Virtualization 56 percent 42 percent
-----------------------------------------------------------
ERP 45 percent 39 percent
-----------------------------------------------------------
Over the next twelve months budgets will increase for many technologies, especially those that are actively being researched by participants. Technologies that respondents report an investment increase are cloud computing services (61 percent), business intelligence and analytics (52 percent), server virtualization (50 percent) and desktop PC virtualization (50 percent); where as printing/output services will see the most decrease (21 percent).
Comment from Maryfran Johnson, editor in chief, CIO magazine and events: We noticed in these findings how the stabilizing economy is pushing revenue growth even higher as a key focus area for CIOs. This is an important strategic shift for CIOs as IT's contribution to business growth moves to a higher priority than cost-cutting and streamlining, which was a primary focus last year.
Comment from Adam Dennison, associate publisher, CIO: The CIO Magazine Tech Poll showcases what I have been hearing from CIOs at our events, IT budgets are stabilizing and growing, allowing projects to be completed and new technologies implemented. IT executives continue to investigate ways to improve efficiencies and increase knowledge which is confirmed with the cloud computing and business intelligence and analytics spending increases.
About the survey: The CIO Magazine Tech Poll is conducted twice a year, among heads of IT, to gauge which technology areas are the focus of IT in the coming year and to measure the direction of spending within those areas. The current CIO Magazine Tech Poll was conducted between January 6, 2011 and January 18, 2011 through the CIO LinkedIn Forum. Results are based on 305 respondents who indicated they are the top IT executive at their organization or business unit. The margin of error on a sample of a sample size of 305 is +/- 5.6 percent.
Contact: http://www.idgenterprise.com
Wednesday, February 23, 2011
Friday, February 18, 2011
Cyber Security Staffs Are Challenged By Latest Technologies Straining
A growing number of technologies being widely adopted by businesses are challenging information security executives and their staffs, potentially endangering the security of government agencies, corporations and consumers worldwide over the next several years, according to a study.
New threats stemming from mobile devices, the cloud, social networking and insecure applications, as well as added responsibilities such as addressing the security concerns of customers, have led to "information security professionals being stretched thin, and like a series of small leaks in a dam, the current overworked workforce may be showing signs of strain."
The study also shows a severe gap in skills needed industry-wide. Information security professionals admitted they needed better training yet reported in significant numbers that many of these technologies are already being deployed without security in mind.
Other key findings:
-- As of 2010, Frost & Sullivan estimates that there are 2.28 million information security professionals worldwide. Demand for professionals is expected to increase to nearly 4.2 million by 2015, with a compound annual growth rate (CAGR) of 13.2 percent, creating career opportunities for those with the right skills.
-- Secure software development is a significant new area of focus for information security professionals worldwide.
-- Application vulnerabilities ranked as the No. 1 threat to organizations by 72 percent of respondents, while 20 percent said they are involved in secure software development.
-- Nearly 70 percent of respondents reported having policies and technology in place to meet the security challenges of mobile devices, yet mobile devices were still ranked second on the list of highest concerns by respondents.
-- Mobile security could be the single most dangerous threat to organizations for the foreseeable future.
-- Cloud computing illustrates a serious gap between technology implementation and the skills necessary to provide security. More than 50 percent of respondents reported having private clouds in place, while more than 70 percent reported the need for new skills to properly secure cloud-based technologies.
-- Professionals aren't ready for social media threats. Respondents reported inconsistent policies and protection for end-users visiting social media sites, and just less than 30 percent had no social media security policies whatsoever.
-- Viruses and worms, hackers and internal employees all fell in significance as top threats from 2008, the most recent year of the study.
-- The main drivers for the continued growth of the profession are regulatory compliance demands, greater potential for data loss via mobile devices and mobile workforce, and the potential loss of control as organizations shift data to cloud-based services.
-- Nearly two-thirds of respondents don't expect to see any increase in budget for information security personnel and training in 2011. Salaries showed healthy growth despite a global recession, with three out of five respondents reported receiving a salary increase in 2010.
Comment from Robert Ayoub, global program director - network security for Frost & Sullivan: In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around. Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide. We can reduce the risks, however, if we invest now in attracting high-quality entrants to the field and make concurrent investments in professional development for emerging skills. As the study finds, these solutions are underway, but the question remains whether enough new professionals and training will come soon enough to keep global critical infrastructures in the private and public sectors protected. The good news from this study is that information security professionals finally have management support and are being relied upon and compensated for the security of the most mission-critical data and systems within an organization. The bad news is that they are being asked to do too much, with little time left to enhance their skills to meet the latest security threats and business demands.
Comment from W. Hord Tipton, executive director of (ISC)(2): We need a paradigm shift in our global cyber security strategy to address the skills gaps revealed by the study. (ISC)(2) believes it will take a combined effort of industry, government, academia and the profession to attract and educate a new generation of high-quality information security personnel and equip current professionals to address the latest threats.
About the study: The (ISC)(2)-sponsored study was based on a survey of more than 10,000 information security professionals worldwide conducted by Frost & Sullivan. The objective of the 2011 Global Information Security Workforce Study (GISWS) was to provide meaningful research about the information security profession to industry stakeholders, including professionals, corporations, government agencies, academia, and hiring managers.
Contact: The full study can be found here.
New threats stemming from mobile devices, the cloud, social networking and insecure applications, as well as added responsibilities such as addressing the security concerns of customers, have led to "information security professionals being stretched thin, and like a series of small leaks in a dam, the current overworked workforce may be showing signs of strain."
The study also shows a severe gap in skills needed industry-wide. Information security professionals admitted they needed better training yet reported in significant numbers that many of these technologies are already being deployed without security in mind.
Other key findings:
-- As of 2010, Frost & Sullivan estimates that there are 2.28 million information security professionals worldwide. Demand for professionals is expected to increase to nearly 4.2 million by 2015, with a compound annual growth rate (CAGR) of 13.2 percent, creating career opportunities for those with the right skills.
-- Secure software development is a significant new area of focus for information security professionals worldwide.
-- Application vulnerabilities ranked as the No. 1 threat to organizations by 72 percent of respondents, while 20 percent said they are involved in secure software development.
-- Nearly 70 percent of respondents reported having policies and technology in place to meet the security challenges of mobile devices, yet mobile devices were still ranked second on the list of highest concerns by respondents.
-- Mobile security could be the single most dangerous threat to organizations for the foreseeable future.
-- Cloud computing illustrates a serious gap between technology implementation and the skills necessary to provide security. More than 50 percent of respondents reported having private clouds in place, while more than 70 percent reported the need for new skills to properly secure cloud-based technologies.
-- Professionals aren't ready for social media threats. Respondents reported inconsistent policies and protection for end-users visiting social media sites, and just less than 30 percent had no social media security policies whatsoever.
-- Viruses and worms, hackers and internal employees all fell in significance as top threats from 2008, the most recent year of the study.
-- The main drivers for the continued growth of the profession are regulatory compliance demands, greater potential for data loss via mobile devices and mobile workforce, and the potential loss of control as organizations shift data to cloud-based services.
-- Nearly two-thirds of respondents don't expect to see any increase in budget for information security personnel and training in 2011. Salaries showed healthy growth despite a global recession, with three out of five respondents reported receiving a salary increase in 2010.
Comment from Robert Ayoub, global program director - network security for Frost & Sullivan: In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around. Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide. We can reduce the risks, however, if we invest now in attracting high-quality entrants to the field and make concurrent investments in professional development for emerging skills. As the study finds, these solutions are underway, but the question remains whether enough new professionals and training will come soon enough to keep global critical infrastructures in the private and public sectors protected. The good news from this study is that information security professionals finally have management support and are being relied upon and compensated for the security of the most mission-critical data and systems within an organization. The bad news is that they are being asked to do too much, with little time left to enhance their skills to meet the latest security threats and business demands.
Comment from W. Hord Tipton, executive director of (ISC)(2): We need a paradigm shift in our global cyber security strategy to address the skills gaps revealed by the study. (ISC)(2) believes it will take a combined effort of industry, government, academia and the profession to attract and educate a new generation of high-quality information security personnel and equip current professionals to address the latest threats.
About the study: The (ISC)(2)-sponsored study was based on a survey of more than 10,000 information security professionals worldwide conducted by Frost & Sullivan. The objective of the 2011 Global Information Security Workforce Study (GISWS) was to provide meaningful research about the information security profession to industry stakeholders, including professionals, corporations, government agencies, academia, and hiring managers.
Contact: The full study can be found here.
Tuesday, February 15, 2011
SMBs See Cloud Adoption As Way To Boost Productivity, ROI
Cloud-based business applications or AaaS (Anything as a Service) will be increasingly embraced by small and mid-size businesses to control costs, and return on investment (ROI) is a key factor in their decision-making, a survey has found.
Key findings:
-- ROI of increased productivity from office communications is the most compelling factor in technology adoption 88 percent cite "maximizing working capital and/or cash flow" as a major factor in SMB technology decisions
-- Minimizing total cost of ownership is the "ultimate goal" of adopting service-based offerings
-- Mobility and Unified Communications are recognized by a strong majority of those surveyed as key technologies to increase efficiency and profitability Most respondents see their current communications solutions as being "good," but 78 percent also seek to improve their capabilities
-- There is a very high amount of interest in cloud-based solutions and an excellent prognosis for cloud-based AaaS (Anything as a Service), with market opportunities still emerging
Comment from Fonality president and CEO, Dean Mansfield: Based on the results of this survey, it's clear that SMBs see the value of cloud-based solutions and are eager to benefit from a productivity and ROI perspective. Cloud-based communications tools in particular can be leveraged by companies to drive competitive differentiation while maximizing working capital.
Comment from Steve Taylor, editor-in-chief and publisher for Webtorials: The needs of small and mid-size businesses differ significantly from large enterprises. This study shows that SMBs have a notable disposition to leveraging cloud-based technology to enhance their operations and their communications capabilities in particular.
About the survey: Fonality's survey, conducted by Webtorials, polled highly skilled, technically proficient professionals considered to be on the "leading edge" of technology adoption.
Contact: The complete findings are here.
Key findings:
-- ROI of increased productivity from office communications is the most compelling factor in technology adoption 88 percent cite "maximizing working capital and/or cash flow" as a major factor in SMB technology decisions
-- Minimizing total cost of ownership is the "ultimate goal" of adopting service-based offerings
-- Mobility and Unified Communications are recognized by a strong majority of those surveyed as key technologies to increase efficiency and profitability Most respondents see their current communications solutions as being "good," but 78 percent also seek to improve their capabilities
-- There is a very high amount of interest in cloud-based solutions and an excellent prognosis for cloud-based AaaS (Anything as a Service), with market opportunities still emerging
Comment from Fonality president and CEO, Dean Mansfield: Based on the results of this survey, it's clear that SMBs see the value of cloud-based solutions and are eager to benefit from a productivity and ROI perspective. Cloud-based communications tools in particular can be leveraged by companies to drive competitive differentiation while maximizing working capital.
Comment from Steve Taylor, editor-in-chief and publisher for Webtorials: The needs of small and mid-size businesses differ significantly from large enterprises. This study shows that SMBs have a notable disposition to leveraging cloud-based technology to enhance their operations and their communications capabilities in particular.
About the survey: Fonality's survey, conducted by Webtorials, polled highly skilled, technically proficient professionals considered to be on the "leading edge" of technology adoption.
Contact: The complete findings are here.
Lack Of Adequate Protection Leaves Web Applications Vulnerable
Web site attacks are the biggest concern for companies, yet 88 percent spend more on coffee than securing Web applications, according to a survey. Sixty-nine percent of organizations rely on network layer firewalls to protect their Web sites, leaving Web applications wide open for attack. Seventy-two percent of organizations test less than 10 percent of their Web applications for security holes, some knowing they have been hacked in the past.
According to 74 percent of respondents, Web application security is either more critical or equally critical to other security issues faced by their organizations. Despite this, the study shows there are many misconceptions around the methods used to secure Web applications, primarily Web application firewalls and vulnerability assessment.
Other key findings:
-- Data protection (62 percent) and compliance (51 percent) were the top reasons for securing Web apps. Job protection was also a significant reason cited by 15 percent of respondents.
-- Despite 51 percent listing compliance as a key driver for Web application security, 43 percent are not familiar with or have no knowledge of OWASP, a key component to compliance standards like PCI.
-- With 41 percent reporting they have over 100 Web applications or more, the majority (66 percent) test less than 25 percent of these applications for vulnerabilities.
-- More than half (53 percent) expect their Web hosting provider to secure their Web applications.
-- Of those respondents who own a Web application firewall, nearly twice as many agreed that a reverse proxy is a better and more secure technology than a transparent bridge technology.
Comment from Dr. Paul Judge, chief research officer and VP for Barracuda Networks: While it is encouraging to see that Web application security is on the minds of most organizations, there still seems to be a real disconnect between the desire and implementation of security countermeasures required for Web application security. The fact that 69 percent of respondents are relying upon network firewalls to secure Web applications is like relying upon a cardboard shield for protection in a sword fight -- eventually your shield will prove that it's insufficient and an attack will reach you that can fly past a network firewall.
Comment from Mandeep Khera, CMO for Cenzic: The fact that a quarter of respondents could not provide a range for how many Web applications they have is a huge red flag right off the bat. Furthermore, that 20 percent of organizations do not test at all and 40 percent test only 5 percent of their Web applications is shocking. And, most of these companies have been hacked multiple times through insecure Web applications. If you know that burglars come through a broken door repeatedly wouldn't you want to fix that door?
Comment from Dr. Larry Ponemon, chairman and founder, Ponemon Institute: While IT practitioners recognize the criticality of secure Web applications, their organizations do not provide adequate resources and expertise to manage the risk. Over half of the respondents we polled believe they do not have resources to detect and remediate insecure Web applications, and 64 percent said they believe that their organization have inadequate governance and usage policies.
About the survey: The Ponemon Institute conducted the "State of Application Security Survey," which reveals respondents' perceptions and experiences protecting Web applications.The results are based on responses from 637 practitioners in a variety of industries with an average of 11 years of experience in their profession.
Contact: Survey results are here.
According to 74 percent of respondents, Web application security is either more critical or equally critical to other security issues faced by their organizations. Despite this, the study shows there are many misconceptions around the methods used to secure Web applications, primarily Web application firewalls and vulnerability assessment.
Other key findings:
-- Data protection (62 percent) and compliance (51 percent) were the top reasons for securing Web apps. Job protection was also a significant reason cited by 15 percent of respondents.
-- Despite 51 percent listing compliance as a key driver for Web application security, 43 percent are not familiar with or have no knowledge of OWASP, a key component to compliance standards like PCI.
-- With 41 percent reporting they have over 100 Web applications or more, the majority (66 percent) test less than 25 percent of these applications for vulnerabilities.
-- More than half (53 percent) expect their Web hosting provider to secure their Web applications.
-- Of those respondents who own a Web application firewall, nearly twice as many agreed that a reverse proxy is a better and more secure technology than a transparent bridge technology.
Comment from Dr. Paul Judge, chief research officer and VP for Barracuda Networks: While it is encouraging to see that Web application security is on the minds of most organizations, there still seems to be a real disconnect between the desire and implementation of security countermeasures required for Web application security. The fact that 69 percent of respondents are relying upon network firewalls to secure Web applications is like relying upon a cardboard shield for protection in a sword fight -- eventually your shield will prove that it's insufficient and an attack will reach you that can fly past a network firewall.
Comment from Mandeep Khera, CMO for Cenzic: The fact that a quarter of respondents could not provide a range for how many Web applications they have is a huge red flag right off the bat. Furthermore, that 20 percent of organizations do not test at all and 40 percent test only 5 percent of their Web applications is shocking. And, most of these companies have been hacked multiple times through insecure Web applications. If you know that burglars come through a broken door repeatedly wouldn't you want to fix that door?
Comment from Dr. Larry Ponemon, chairman and founder, Ponemon Institute: While IT practitioners recognize the criticality of secure Web applications, their organizations do not provide adequate resources and expertise to manage the risk. Over half of the respondents we polled believe they do not have resources to detect and remediate insecure Web applications, and 64 percent said they believe that their organization have inadequate governance and usage policies.
About the survey: The Ponemon Institute conducted the "State of Application Security Survey," which reveals respondents' perceptions and experiences protecting Web applications.The results are based on responses from 637 practitioners in a variety of industries with an average of 11 years of experience in their profession.
Contact: Survey results are here.
IT Organizations Lack Funding, Management Support Needed To Ensure Database Security
Organizations lack a sense of urgency for securing critical data, a survey has found. And the greatest challenges to securing application and data environments are primarily organizational and budget related. Fifty-three percent of respondents stated that budget was the greatest impediment holding back information security efforts. Thirty-three percent claimed a lack of an understanding of the threats prevents them from rallying support for countermeasures. And more than one-fourth cited a disconnect between IT teams and executive management as a major impediment to implementing proper security measures.
During a period when the proliferation of cloud computing is increasing, the report found that forty-five percent of the respondents see some risk in the rise of "private cloud" computing and were concerned about the security implications of sharing data and application services outside of their business units. While cloud computing continues to be a growing industry trend, three out of four have not defined a strategy for cloud security.
Adding to the risk, a large segment of companies rely on third parties external to the organization's firewall to help manage application and data environments. Nearly forty percent indicated that they outsource or offshore at least some of their database and application administration functions.
Forty-three percent were most-concerned with passing compliance audits, however, only fifty-six percent have successfully passed audits most or all of the time, while thirty-six percent are unsure on their standing.
Additional key findings:
-- 91 percent are unsure of the costs associated with data breaches
-- 48 percent declared that human error is the greatest challenge to information security, followed by a tie for second place (30 percent) between insider threats and accidental loss of storage media device
-- 14 percent are deploying databases in the cloud
-- 53 percent stated that budget was the greatest impediment holding back information security efforts, while 33 percent claimed a lack of understanding of the threats
-- 43 percent believe that they will see a better alignment between business IT security, and IT operations because of compliance while 38 percent anticipate improved accuracy and security of its organization's financial reporting data
-- SOX, HIPAA, and PCI-DSS are the key compliance initiatives being addressed by respondents.
-- 78 percent conduct periodic compliance audits 55 percent Monitor Production Databases for Security Issues, with 31 percent taking advantage of automated tools
Comment from Joe McKendrick, Lead Analyst for Unisphere Research: Private cloud computing, by its very nature, crosses enterprise departmental boundaries. While it is perceived as safer than public cloud computing, private cloud also introduces new information security risks. The survey confirms that sensitive data is handled across many parts of organizations -- from development shops to backup sites -- without safeguards such as data encryption, masking and de-identification. Private cloud may exacerbate this risk.
Comment from OAUG President Mark C. Clark: This OAUG ResearchLine report points to a troubling lack of awareness and funding support by management toward application and data security. The OAUG is committed to raising awareness throughout the enterprise of the serious vulnerabilities that currently exist and encouraging action that treats security as a required strategic investment. A careful reading of the findings in this report is a good first step toward closing the gap in awareness that exists between IT departments and managers who will ultimately be held accountable when data security is breached.
Comment from Thom VanHorn, Vice President Global Marketing, AppSec: The study highlights a serious lack of understanding and concern for data and application security in today's organizations. Given the increased number of threats and the acceleration of database attacks, the failure of organizations to support and implement proactive data security measures is a formula for disaster.
About the survey: Application Security, Inc.(AppSec), a provider of database security, risk and compliance solutions (SRC) for the enterprise, Unisphere Research, and the Oracle Applications Users Group (OAUG) polled 430 OAUG members.
Contact: http://www.appsecinc.com
During a period when the proliferation of cloud computing is increasing, the report found that forty-five percent of the respondents see some risk in the rise of "private cloud" computing and were concerned about the security implications of sharing data and application services outside of their business units. While cloud computing continues to be a growing industry trend, three out of four have not defined a strategy for cloud security.
Adding to the risk, a large segment of companies rely on third parties external to the organization's firewall to help manage application and data environments. Nearly forty percent indicated that they outsource or offshore at least some of their database and application administration functions.
Forty-three percent were most-concerned with passing compliance audits, however, only fifty-six percent have successfully passed audits most or all of the time, while thirty-six percent are unsure on their standing.
Additional key findings:
-- 91 percent are unsure of the costs associated with data breaches
-- 48 percent declared that human error is the greatest challenge to information security, followed by a tie for second place (30 percent) between insider threats and accidental loss of storage media device
-- 14 percent are deploying databases in the cloud
-- 53 percent stated that budget was the greatest impediment holding back information security efforts, while 33 percent claimed a lack of understanding of the threats
-- 43 percent believe that they will see a better alignment between business IT security, and IT operations because of compliance while 38 percent anticipate improved accuracy and security of its organization's financial reporting data
-- SOX, HIPAA, and PCI-DSS are the key compliance initiatives being addressed by respondents.
-- 78 percent conduct periodic compliance audits 55 percent Monitor Production Databases for Security Issues, with 31 percent taking advantage of automated tools
Comment from Joe McKendrick, Lead Analyst for Unisphere Research: Private cloud computing, by its very nature, crosses enterprise departmental boundaries. While it is perceived as safer than public cloud computing, private cloud also introduces new information security risks. The survey confirms that sensitive data is handled across many parts of organizations -- from development shops to backup sites -- without safeguards such as data encryption, masking and de-identification. Private cloud may exacerbate this risk.
Comment from OAUG President Mark C. Clark: This OAUG ResearchLine report points to a troubling lack of awareness and funding support by management toward application and data security. The OAUG is committed to raising awareness throughout the enterprise of the serious vulnerabilities that currently exist and encouraging action that treats security as a required strategic investment. A careful reading of the findings in this report is a good first step toward closing the gap in awareness that exists between IT departments and managers who will ultimately be held accountable when data security is breached.
Comment from Thom VanHorn, Vice President Global Marketing, AppSec: The study highlights a serious lack of understanding and concern for data and application security in today's organizations. Given the increased number of threats and the acceleration of database attacks, the failure of organizations to support and implement proactive data security measures is a formula for disaster.
About the survey: Application Security, Inc.(AppSec), a provider of database security, risk and compliance solutions (SRC) for the enterprise, Unisphere Research, and the Oracle Applications Users Group (OAUG) polled 430 OAUG members.
Contact: http://www.appsecinc.com
Key Obstacles To Disaster Recovery Initiatives
Eighty-two percent of respondents to a recent survey indicated that the complexity of procuring and managing multiple data protection tools was the number one obstacle to deploying a comprehensive data protection environment.
In addition:
-- 69 percent revealed that the total cost of ownership of purchasing and managing multiple point products was another top concern to implementing a robust disaster recovery plan
-- 43 percent of those surveyed highlighted network bandwidth costs as the third barrier to implementing an end-to-end disaster recovery plan
Today's data center is mired with multiple legacy data protection tools that can't keep up with data demands and invites risk at every step. The challenges of managing multiple copies of data across these point tools for backup, disaster recovery, business continuity, analytics and compliance result in an additional 13 to 120 copies of production data stored within the IT infrastructure. This duplication of effort costs 3 to 5 times more than managing the production data itself. The issue is further intensified by the inability to manage data within available business windows -- leaving organizations vulnerable to data and productivity loss and increased risk.
Comment from Ash Ashutosh, CEO of Actifio: The survey confirms the pain administrators face every day in managing the complexity, cost and risk of multiple islands of data protection tools that strain IT resources and stretch network bandwidth performance. Our customers are solving the issue by virtualizing data protection to consolidate disparate disaster recovery applications into a single, fluid data protection environment across the data lifecycle.
About the survey: The survey, conducted by Actifio at the VMware Users Group (VMUG) in January among more than 900 IT professionals, asked data center managers and decision makers at large and medium organizations to rank disaster protection priorities for 2011, based on importance.
Contact: http://www.actifio.com
In addition:
-- 69 percent revealed that the total cost of ownership of purchasing and managing multiple point products was another top concern to implementing a robust disaster recovery plan
-- 43 percent of those surveyed highlighted network bandwidth costs as the third barrier to implementing an end-to-end disaster recovery plan
Today's data center is mired with multiple legacy data protection tools that can't keep up with data demands and invites risk at every step. The challenges of managing multiple copies of data across these point tools for backup, disaster recovery, business continuity, analytics and compliance result in an additional 13 to 120 copies of production data stored within the IT infrastructure. This duplication of effort costs 3 to 5 times more than managing the production data itself. The issue is further intensified by the inability to manage data within available business windows -- leaving organizations vulnerable to data and productivity loss and increased risk.
Comment from Ash Ashutosh, CEO of Actifio: The survey confirms the pain administrators face every day in managing the complexity, cost and risk of multiple islands of data protection tools that strain IT resources and stretch network bandwidth performance. Our customers are solving the issue by virtualizing data protection to consolidate disparate disaster recovery applications into a single, fluid data protection environment across the data lifecycle.
About the survey: The survey, conducted by Actifio at the VMware Users Group (VMUG) in January among more than 900 IT professionals, asked data center managers and decision makers at large and medium organizations to rank disaster protection priorities for 2011, based on importance.
Contact: http://www.actifio.com
Number Of Companies Using Cloud Services Rises 67 Percent
Companies can't resist the lure of cloud services: the number of companies using cloud services increased from 18 percent in February 2009 to 30 percent in October 2010, a leap of 67 percent, according to a survey.
But in their rush to save time and money, many are neglecting such bread-and-butter fundamentals as integration, security, connectivity, monitoring, continuity planning and long-term staffing. This shortsightedness makes them vulnerable to potential failure.
Other findings:
-- Another 13 percent of respondents say they plan to use cloud services within 12 months.
-- Only 29 percent of firms using or planning to use the cloud have evaluated its impact on their existing architectures.
-- Just 20 percent of those polled say they monitor cloud applications and throughput.
-- 40 percent say they don't have any monitoring program in place for cloud services.
Comment from Lorna Garey, content director of InformationWeek Analytics: The up-front cost savings and speed to market you get from the cloud make it extremely tempting. And that's great - you should take advantage of it. But first you have to put some processes in place so cloud services - and responsibility for those services - are integrated into your existing set-up. Cloud applications must be monitored and measured just like any other application.
About the survey: The survey was conducted by InformationWeek Analytics, which provides peer-based IT research and analysis. The report, "State of Cloud 2011: Time for Process Maturation," includes analysis of cloud computing survey results and includes an ROI analysis and customizable worksheet to calculate costs of internal vs. cloud deployments. More than 600 business technology decision makers responded to the survey.
Contact: http://www.informationweek.com/
Contact: http://www.techweb.ubm.com
But in their rush to save time and money, many are neglecting such bread-and-butter fundamentals as integration, security, connectivity, monitoring, continuity planning and long-term staffing. This shortsightedness makes them vulnerable to potential failure.
Other findings:
-- Another 13 percent of respondents say they plan to use cloud services within 12 months.
-- Only 29 percent of firms using or planning to use the cloud have evaluated its impact on their existing architectures.
-- Just 20 percent of those polled say they monitor cloud applications and throughput.
-- 40 percent say they don't have any monitoring program in place for cloud services.
Comment from Lorna Garey, content director of InformationWeek Analytics: The up-front cost savings and speed to market you get from the cloud make it extremely tempting. And that's great - you should take advantage of it. But first you have to put some processes in place so cloud services - and responsibility for those services - are integrated into your existing set-up. Cloud applications must be monitored and measured just like any other application.
About the survey: The survey was conducted by InformationWeek Analytics, which provides peer-based IT research and analysis. The report, "State of Cloud 2011: Time for Process Maturation," includes analysis of cloud computing survey results and includes an ROI analysis and customizable worksheet to calculate costs of internal vs. cloud deployments. More than 600 business technology decision makers responded to the survey.
Contact: http://www.informationweek.com/
Contact: http://www.techweb.ubm.com
Thursday, February 3, 2011
Cloud Computing Has Become A Significant IT Cost Containment Priority
A report that finds continued stabilization in IT spending -- with a majority of survey respondents planning to increase spending over 2010 levels -- also finds increased use of server virtualization, managing data growth, information security, major application deployments and upgrades, and improving data backup and recovery are the top five strategic IT initiatives for their organizations over the next 12-18 months.
The most significant change in the IT priorities of respondents is the increased importance attached to cloud computing services. Compared to 2010 survey results, the use of cloud infrastructure has increased from number 22 to number 12 on respondents' list of relative IT priorities, and the increased use of Software-as-a-Service (SaaS) for application delivery has risen from number 24 to number 14.
Comment from John McKnight, vice president of research at Enterprise Strategy Group: One key finding of this year's research is the ongoing emergence of cloud computing as a viable cost containment strategy for IT groups. ESG has witnessed a steady three-year increase in organizations looking to increase their use of cloud computing as a more cost-effective alternative to traditional IT delivery methods. Indeed, companies looking to reduce IT costs are now more likely to be considering cloud services than they are to be reducing IT headcount, a complete reversal of organizational priorities from just two years ago, when shedding staff was one of the first places CIOs looked to trim costs.
About the survey: The Enterprise Strategy Group (ESG), an IT industry analyst and business strategy firm, issued the report (2011 IT Spending Intentions Survey), based upon data gathered from 611 North American and Western European senior IT professionals from midmarket (100 to 999 employees) and enterprise-class (1,000 employees or more) organizations.
Contact: http://www.esg-global.com
The most significant change in the IT priorities of respondents is the increased importance attached to cloud computing services. Compared to 2010 survey results, the use of cloud infrastructure has increased from number 22 to number 12 on respondents' list of relative IT priorities, and the increased use of Software-as-a-Service (SaaS) for application delivery has risen from number 24 to number 14.
Comment from John McKnight, vice president of research at Enterprise Strategy Group: One key finding of this year's research is the ongoing emergence of cloud computing as a viable cost containment strategy for IT groups. ESG has witnessed a steady three-year increase in organizations looking to increase their use of cloud computing as a more cost-effective alternative to traditional IT delivery methods. Indeed, companies looking to reduce IT costs are now more likely to be considering cloud services than they are to be reducing IT headcount, a complete reversal of organizational priorities from just two years ago, when shedding staff was one of the first places CIOs looked to trim costs.
About the survey: The Enterprise Strategy Group (ESG), an IT industry analyst and business strategy firm, issued the report (2011 IT Spending Intentions Survey), based upon data gathered from 611 North American and Western European senior IT professionals from midmarket (100 to 999 employees) and enterprise-class (1,000 employees or more) organizations.
Contact: http://www.esg-global.com
Storage Costs Exceed Virtualization Software Investments By A Factor of Three
The high cost of storage purchases is diluting the benefits of sever virtualization, a survey of storage and IT administrators has found.
The survey asked respondents to rate how the cost of their storage investments compared to their investments in server virtualization software. Fifty-four percent said the ratio of the cost of storage to the cost of server virtualization software was three to one or higher. Sixty-two percent paid a whopping $2,000 or more per terabyte of storage for their last server virtualization project.
The survey also asked respondents which storage technology they planned on deploying for public or private cloud projects in 2011. By a ratio of nearly four to one, survey respondents preferred Ethernet SAN (AoE protocol) to Fibre Channel over Ethernet (FCoE).
Comment from Kevin Brown, CEO of Coraid: The benefits of server virtualization are both financially and operationally compelling. Unfortunately, advances in the computing layer of the data center, with x86 servers and virtualization, have not been matched at the network and storage layers. In fact, this latest survey shows the negative impact that legacy storage is having on the economics of the virtual data center. The good news is that Ethernet SAN is rapidly emerging as an alternative to costly, complex Fibre Channel storage technologies that grew out of the mainframe era.
Comment from Mark Peters, senior analyst at the Enterprise Strategy Group: The survey findings are consistent with what we are seeing in the data center. Our data shows that the implementation of server virtualization inevitably and invariably requires substantial upgrades to existing storage infrastructures. Specifically, storage groups find themselves adding new or additional networked storage and designing for higher IO and throughput densities in order to respond to the stresses and demands that server virtualization places upon them. There is, however, a little-discussed 'dirty little secret' behind the technology curtain: in many cases, the cost of upgrading to faster storage systems can negate a large portion of the savings enabled by virtualization.
About the survey: Coraid Inc., a developer of Ethernet SAN solutions, surveyed 254 storage and IT administrators in mid- to large-size enterprises covering a variety of industries including healthcare, education, high technology, government, media and hosting conducting business in the U.S. Respondents ranged from small and medium enterprises with under $10 million in revenue to large enterprises with more than $1 billion in revenue.
Contact: http://www.coraid.com
The survey asked respondents to rate how the cost of their storage investments compared to their investments in server virtualization software. Fifty-four percent said the ratio of the cost of storage to the cost of server virtualization software was three to one or higher. Sixty-two percent paid a whopping $2,000 or more per terabyte of storage for their last server virtualization project.
The survey also asked respondents which storage technology they planned on deploying for public or private cloud projects in 2011. By a ratio of nearly four to one, survey respondents preferred Ethernet SAN (AoE protocol) to Fibre Channel over Ethernet (FCoE).
Comment from Kevin Brown, CEO of Coraid: The benefits of server virtualization are both financially and operationally compelling. Unfortunately, advances in the computing layer of the data center, with x86 servers and virtualization, have not been matched at the network and storage layers. In fact, this latest survey shows the negative impact that legacy storage is having on the economics of the virtual data center. The good news is that Ethernet SAN is rapidly emerging as an alternative to costly, complex Fibre Channel storage technologies that grew out of the mainframe era.
Comment from Mark Peters, senior analyst at the Enterprise Strategy Group: The survey findings are consistent with what we are seeing in the data center. Our data shows that the implementation of server virtualization inevitably and invariably requires substantial upgrades to existing storage infrastructures. Specifically, storage groups find themselves adding new or additional networked storage and designing for higher IO and throughput densities in order to respond to the stresses and demands that server virtualization places upon them. There is, however, a little-discussed 'dirty little secret' behind the technology curtain: in many cases, the cost of upgrading to faster storage systems can negate a large portion of the savings enabled by virtualization.
About the survey: Coraid Inc., a developer of Ethernet SAN solutions, surveyed 254 storage and IT administrators in mid- to large-size enterprises covering a variety of industries including healthcare, education, high technology, government, media and hosting conducting business in the U.S. Respondents ranged from small and medium enterprises with under $10 million in revenue to large enterprises with more than $1 billion in revenue.
Contact: http://www.coraid.com
Wednesday, February 2, 2011
Most Healthcare Companies Do Not Protect Patient Data
Examining the widespread use of real patient data in health care application development and test environments, a new report details how this is exposing health-care organizations to the risk of non-compliance to various regulations such as the Health Insurance Portability and Accountability Act (HIPAA).
Additionally, the research provides guidelines for reducing exposure: including the now vital practice of masking and securing live data.
Other key research findings, based on a survey of more than 450 IT professionals in U.S. health care organizations, include:
-- Outsourcing and cloud computing increase the security risk : Outsourcing development and test activities and/or using cloud computing resources introduce additional risk factors, which often prevent health care organizations from turning to these potentially advantageous resources. 40 percent do not outsource due to security concerns, while a mere 19 percent are confident or very confident about security in a cloud environment.
-- Health care industry disillusioned with data protection goals -- Protection of real data in the development and testing environment is important to respondents but the majority does not know or believe they are successful in achieving this goal. Seventy-four percent say that meeting privacy and data protection requirements in the health care services industry is important but only 35 percent say they believe their company is successful in achieving this goal.
-- With only 35 percent of respondents believing their organization is successful at protecting patient privacy in development and test environments, Ponemon Institute recommends immediate actions including: centralized executive oversight; data masking; data masking helps safeguard sensitive, private or confidential data such as protected health information (PHI) or personal health records (PHR) by masking it in-flight or in-place. As a result, fully functional, realistic data sets can be used safely in development, testing, training and other non-production environments. Regardless of whether the work is managed in house, off-shored or outsourced, companies have the peace of mind knowing they will not be exposed to malicious or advertent data spills or in violation of the Health Information Technology for Economic and Clinical Health Act (HITECH Act) or other regulations; with Informatica Data Masking, sensitive data can be discovered and systematically de-identified using algorithms that obfuscate the original data, but retain its original format and properties so that applications that depend on that data continue to function properly during development and test activities.
Contact: http://www.informatica.com
Additionally, the research provides guidelines for reducing exposure: including the now vital practice of masking and securing live data.
Other key research findings, based on a survey of more than 450 IT professionals in U.S. health care organizations, include:
-- Outsourcing and cloud computing increase the security risk : Outsourcing development and test activities and/or using cloud computing resources introduce additional risk factors, which often prevent health care organizations from turning to these potentially advantageous resources. 40 percent do not outsource due to security concerns, while a mere 19 percent are confident or very confident about security in a cloud environment.
-- Health care industry disillusioned with data protection goals -- Protection of real data in the development and testing environment is important to respondents but the majority does not know or believe they are successful in achieving this goal. Seventy-four percent say that meeting privacy and data protection requirements in the health care services industry is important but only 35 percent say they believe their company is successful in achieving this goal.
-- With only 35 percent of respondents believing their organization is successful at protecting patient privacy in development and test environments, Ponemon Institute recommends immediate actions including: centralized executive oversight; data masking; data masking helps safeguard sensitive, private or confidential data such as protected health information (PHI) or personal health records (PHR) by masking it in-flight or in-place. As a result, fully functional, realistic data sets can be used safely in development, testing, training and other non-production environments. Regardless of whether the work is managed in house, off-shored or outsourced, companies have the peace of mind knowing they will not be exposed to malicious or advertent data spills or in violation of the Health Information Technology for Economic and Clinical Health Act (HITECH Act) or other regulations; with Informatica Data Masking, sensitive data can be discovered and systematically de-identified using algorithms that obfuscate the original data, but retain its original format and properties so that applications that depend on that data continue to function properly during development and test activities.
Contact: http://www.informatica.com
Tuesday, February 1, 2011
Automation Is Essential To Address Virtualization, Cloud Computing Complexities, IPv6 Rollouts
Eighty percent of enterprise IT network managers claim to be adopting network automation tools, citing drivers such as reduced error rates, time savings and enabling significant new projects such as virtualization, IPv6, and compliance, but given the number of human errors occurring monthly (an average of five to six) there still seems to be some significant room for improvement, a survey has found.
Despite the fact that respondents most commonly indicated that 16-30 percent of their network team's daily administrative tasks had been automated -- no longer requiring manual intervention or script adaption -- over 80 percent of respondents admitted that network configuration errors requiring corrective actions are being introduced through human/manual mistakes on a regular basis. On average, five to six such errors were experienced per month and those who were in process of or still planning to deploy network automation were the most likely to experience the highest frequency of ten or more per month.
These errors rates in network environments that are considered today to be relatively static are startling enough given the costs associated with downtime resulting from these errors. And, the survey statistics reveal that those with more automation tools deployed experienced less errors. But, as virtualization is broadly adopted and considerably more change is introduced in the network, real-time responses and configurations, such as VLAN, ACLs and firewall settings, are required and call for even more automation tools in the network.
This is compounded by the explosion of IP addresses, which 67 percent of survey respondents are expecting to grow between 1-25 percent in the next twelve months and 16 percent anticipate growth of at least 26-50 percent. This growth is being driven by multiple factors, but the most commonly cited were server virtualization and VM proliferation, more physical servers being deployed, and more desktops/clients.
With these pressures facing IT teams, there is no room in the next-generation dynamic network for manual processes, custom scripts and tools or the associated careless keystrokes resulting in errors. More network infrastructure automation is the only way to keep pace with the new dynamic network.
Comment from Jim Frey, director of network management research at EMA: I am afraid many organizations are primed for a rude awakening when they attempt to broadly take advantage of virtualization applications; the amount of change in the network and real-time requirements will be daunting for IT representatives to tackle without the necessary automation tools in place.
Comment from Steve Garrison, Infoblox vice president of corporate marketing: The good news from the survey is that many enterprise IT teams have taken the first necessary steps to build automation into their networks, but the levels of automation required to realize IT at the speed of thought are beyond what most network teams have considered today. Infoblox, which offers platforms that can help automate and control network infrastructure functions, invites enterprise IT teams to learn more about the infrastructure automation required to achieve stability, high availability, business continuity, security, compliance and operational efficiency for tomorrow's next generation dynamic and more complex networks.
About the survey: Research analyst firm Enterprise Management Associates and Infoblox, a developer of advanced network infrastructure automation and control solutions, conducted the survey on the usage of automated network management tools and technologies, which can help speed implementation and reduce costly errors as organizations look to execute strategic IT initiatives such as virtualization, cloud computing, IPv6 and compliance rollouts.
Contact: http://www.infoblox.com
Despite the fact that respondents most commonly indicated that 16-30 percent of their network team's daily administrative tasks had been automated -- no longer requiring manual intervention or script adaption -- over 80 percent of respondents admitted that network configuration errors requiring corrective actions are being introduced through human/manual mistakes on a regular basis. On average, five to six such errors were experienced per month and those who were in process of or still planning to deploy network automation were the most likely to experience the highest frequency of ten or more per month.
These errors rates in network environments that are considered today to be relatively static are startling enough given the costs associated with downtime resulting from these errors. And, the survey statistics reveal that those with more automation tools deployed experienced less errors. But, as virtualization is broadly adopted and considerably more change is introduced in the network, real-time responses and configurations, such as VLAN, ACLs and firewall settings, are required and call for even more automation tools in the network.
This is compounded by the explosion of IP addresses, which 67 percent of survey respondents are expecting to grow between 1-25 percent in the next twelve months and 16 percent anticipate growth of at least 26-50 percent. This growth is being driven by multiple factors, but the most commonly cited were server virtualization and VM proliferation, more physical servers being deployed, and more desktops/clients.
With these pressures facing IT teams, there is no room in the next-generation dynamic network for manual processes, custom scripts and tools or the associated careless keystrokes resulting in errors. More network infrastructure automation is the only way to keep pace with the new dynamic network.
Comment from Jim Frey, director of network management research at EMA: I am afraid many organizations are primed for a rude awakening when they attempt to broadly take advantage of virtualization applications; the amount of change in the network and real-time requirements will be daunting for IT representatives to tackle without the necessary automation tools in place.
Comment from Steve Garrison, Infoblox vice president of corporate marketing: The good news from the survey is that many enterprise IT teams have taken the first necessary steps to build automation into their networks, but the levels of automation required to realize IT at the speed of thought are beyond what most network teams have considered today. Infoblox, which offers platforms that can help automate and control network infrastructure functions, invites enterprise IT teams to learn more about the infrastructure automation required to achieve stability, high availability, business continuity, security, compliance and operational efficiency for tomorrow's next generation dynamic and more complex networks.
About the survey: Research analyst firm Enterprise Management Associates and Infoblox, a developer of advanced network infrastructure automation and control solutions, conducted the survey on the usage of automated network management tools and technologies, which can help speed implementation and reduce costly errors as organizations look to execute strategic IT initiatives such as virtualization, cloud computing, IPv6 and compliance rollouts.
Contact: http://www.infoblox.com
Governance, Risk Management And Compliance In The Cloud: A Major Trend
The cloud-based movement has acceclerated over the past several years, but it's still a relatively new phenomenon in governance, risk management and compliance (GRC), predicts a provider of software-as-a-service (SaaS) solutions for enterprise governance, risk management and compliance (eGRC).
As the industry matures, buyers are increasingly seeking GRC systems that are interconnected with leading providers of legal and regulatory content, to create a single, unified solution.
Cloud-based systems are ideally suited to providing freedom of choice to the legal and regulatory content appropriate for each organization.
The cloud will also be increasingly used to streamline processes and reduce overhead by integrating additional services and providing access for third-party auditors. 2011 will see a significant rise in organizations managing their GRC functions in the cloud as they seek these benefits.
About the predictions: Compliance 360, a provider of software-as-a-aervice (SaaS) solutions for enterprise governance, risk management and compliance (eGRC), offered the forecasts for 2011. Topping the list, corporate boards will shift their focus from survivability to implementing and enhancing corporate risk management programs. With the brunt of the economic storm currently abated, corporate boards are revisiting enterprise risk management (ERM) initiatives and validating those improvements with quantifiable measures.
Contact: http://www.compliance360.com
As the industry matures, buyers are increasingly seeking GRC systems that are interconnected with leading providers of legal and regulatory content, to create a single, unified solution.
Cloud-based systems are ideally suited to providing freedom of choice to the legal and regulatory content appropriate for each organization.
The cloud will also be increasingly used to streamline processes and reduce overhead by integrating additional services and providing access for third-party auditors. 2011 will see a significant rise in organizations managing their GRC functions in the cloud as they seek these benefits.
About the predictions: Compliance 360, a provider of software-as-a-aervice (SaaS) solutions for enterprise governance, risk management and compliance (eGRC), offered the forecasts for 2011. Topping the list, corporate boards will shift their focus from survivability to implementing and enhancing corporate risk management programs. With the brunt of the economic storm currently abated, corporate boards are revisiting enterprise risk management (ERM) initiatives and validating those improvements with quantifiable measures.
Contact: http://www.compliance360.com
Subscribe to:
Posts (Atom)