Information technology experts know that with a highly connected world emerges more data breach threats, especially for business data.

To protect your databases, you need to plan ahead because in a large measure, “failing to plan is planning to fail” and such failure could cost an organization time, money, productivity and reputation.

Above the obvious advice that every employee should be allowed access to information on a need to know basis, namely through role-based controls, monitoring all systems (including the mobile devices) for data leaks help a great deal.

Here are a few things serious IT professionals can do to protect their businesses against all flavors of potentially damaging data breaches:

• Directly monitor financial databases to keep on top of unusual activities;
• Assess and remediate weaknesses to guard against unauthorized access (even with proper authentication);
• Audit user access and use of resources;
• Learn how users are using the databases to detect unauthorized activities;
• Check transaction authenticity (cross-check with the paper trail);
• Sollicit independent reviews to get that all important second opinion;
• Automate as many controls as possible to reduce manual audit errors;
• Make use of encryption to protect the information.

Remember that different types of businesses need to brace for different types of data breaches so keep in mind that what works well for your neighbor might not work as well for you.

In any business, there needs to be a response team which can take decisions when a breach is identified and that can go as far as shutting down all the database systems until the threat is properly dealt with. The general counsel should be part of that “emergency team” and proper training should be given so they understand the importance of dealing swiftly with a threat to prevent aggravated damages.

IT forensics teams can be called in to properly trace the source of an attack that has lead to a data breach. This team can conduct triage which can include heavy activity monitoring and the temporary deactivation of key services, until the threat is properly addressed.

It should also be mandatory for PR to be in on the action because you’d rather hear the bad news, in a controlled manner, from them than, say, the New York Times. Furthermore, in a case where customer data has been breached, they need to be properly presented with the facts.

Once the data breach is remediated, the organization must modify the business practices that allowed for such a breach to happen, in the first place. As always, preparation is key.

Tags: security, data breach, database breach, unauthorized access, user access, it audit, transaction authenticity, manual audits, automated controls, encryption, data protection, unusual activities, data monitoring

If you’re not yet familiar with software as a service, or SaaS for the tech-inclined, there’s a good chance you already know what it is. Think Hotmail, Gmail, Zoho and scores of other online-only applications which are made available to users, on-demand.

For the highly mobile users, SaaS provides a much needed alternative to desktop software, in part because the data is stored remotely and then, instantly made available to the properly authentified owner, wherever he or she may be.

SaaS also comes in handy for people who jockey between computers, for instance, between a laptop computer and a desktop. Logging into the web service grants them access to their work, whichever computer they be working on at that time.

But if you’re still unsure about bringing in more complex web services into your company, the following checklist should help you decide if SaaS is right for you, in a given line of work:

• Will modifications of IT or network integration be necessary, to accomodate the SaaS?
• Can I retire redundant IT infrastructure, by using the SaaS application?
• How long will the SaaS deployment take versus software?
• What training is need to use the SaaS application?
• How does the end-user experience compare between the SaaS application and software?
• Is SaaS data security up to corporate standards?
• What’s the operational security of SaaS compared to software?
• Will SaaS subscription fees end up costing more or less than a software setup?
• What kind of support do I get for SaaS compared to software?
• How easily can each solution be scaled, over time?
• What’s the financial stability like for the SaaS provider?
• Generally speaking, will SaaS better serve our business than software?
• Will the management and employees notice any difference with SaaS?

Depending on your answers, you’ll have a better idea if you’re ready to jump on the SaaS bandwagon that’s gaining speed in the online world, right now.

Successful upstarts, such as Salesforce.com, WebEx, RightNow, Taleo, Blackboard and NetSuite are benefiting the most from their disruptive offerings, in terms of SaaS applications. Companies can simply subscribe to their services online and start using them right away. This business model, depending on the needs, provides for a credible alternative to software, especially when applications need to be heavily networked across multiple locations.

It goes without saying that users that don’t have a reliable internet connection will shy away from SaaS as that entire business model is based on quality internet connectivity. That means the internet providers, including the big telcos, need to massively upgrade their network, all the way to the user (in offices or homes, whichever).

Security will also need to be reinforced in conjunction with ironclad privacy protection for serious work to be hosted in the internet cloud, meaning that at any given time, a specific user can’t be sure of the exact location where his or her data is stored — which is very different from using desktop software and saving the work on a local hard drive.

This being said, SaaS is big enough for everybody to notice and even though software is still the foundation of desktop computing, more web services are being launched regularly and it’s possible that some of them may end up changing our relationship with computing and how we get things done.

Tags: saas, web services, online services, software, desktop, computing, working online, web technology, web 2.0, end users, operational stability, application ownership, network infrastruction, web connectivity

Ray Ozzie, Microsoft’s now famous chief software architect, told thousands of developers and customers that “transparency, standards and interoperability are key” at the company’s MIX conference, in March of 2008.

While this kind of bold statement of direction simply piggypacks on common sense, coming from the Remond giant, known to be the champion of secrecy, meticulous direspect of standards and engineered hurdles against straightforward interoperability, this kind of statement left most people wondering if they heard right.

After all, Microsoft’s multi-billion dollar business has been built on closed sourced code, non-standard formats and a paranoid race to accumulate patents, wether they made sense or not. So is Microsoft’s willingness to open up its heavily guarded gates genuine or is it just for show? According to many observers, the final word isn’t spoken yet.

Although Microsoft is used to playing the part of the bully in the proverbial software schoolyard, the open source movement is a hard target to intimidate. After all, everyone openly shares their findings (not wasting time trying to re-invent the wheel all the time), most coders work out of sheer passion and this means the development pace is downright impossible to match for a closed-source and rather slow moving software shop, however rich it is.

So why is Microsoft opening up, in the first place?

Two main reasons being that (1) customers want (and now require) it and (2) also to properly address the regulatory and competitive pressures against its “traditional” business model.

In the current market conditions, Microsoft clearly can’t beat open source so it must shift from being its demonized antagonist to become —against all odds— part of the trend. So that’s what Ray Ozzie is trying to do but in real life, making Microsoft a credible open source proponent is, by all means, akin to a Herculanean task.

Because it’s such a huge undertaking, Microsoft is moving on its own terms and at its own pace and predictably, this has made it an easy target for those who believe their “open source move” was just for show and changes nothing to their previous market domination plans.

In fact, despite Ray Ozzie’s cozy words, Microsoft continues to accuse open source developers of violating 235 of its patents. While those accusations are unsubstantiated, Microsoft’s threat of legal action still hangs over the developers’ heads — this doesn’t help the software behemoth’s image, at all.

So while Microsoft’s PR department is saying nice things about open source, the legal department is playing dirty with developers who are very highly regarded, worldwide. Saying that it’s a “profoundly inappropriate approach” would be a gross understatement.

So what’s Microsoft doing about its open source commitment?

Well, it introduced the Live Mesh strategy for synchronizing data across platforms and devices, which takes into account Adobe Flash, MacOS X, non-MS browsers and programming languages. Also, Microsoft has added cross-platform extensions to System Center Operations Manager 2007 which (finally) make it possible to manage Linux and Unix servers from MS’ flagship management platform. To do this, Microsoft is incorporating two open source components, WS-Management and OpenPegasus, into Operation Manager. It’s a 180-degree turn from the company’s legacy mindset.

While the US Justice Dept and the European Union‘s ruling (in 2001 and 2004) are (still) trying to get Microsoft to document and license its protocols, the open source movement is zipping away with an enormous momentum.

Microsoft’s Open Specification Promise is a legally binding assertion that it won’t enforce certain patents but longtime competitors know this might just be another strategy to force industry standards into its own mold, an approach known as “‘extend, embrace and extinguish”. If what Microsoft did to its proprietary extention to CSS and JavaScript is any indication of things to come regarding its open source stance, then we’re heading towards a great “open source deception”.

All in all, Microsoft still has a lot to understand about the open and participatory nature of the web — for everyone’s benefit, let’s hope they get it right, this time around.

Tags: microsoft, open source, patents, lawsuits, law, lawyers, developers, open standards, technologies, software, interoperability, integration, transparency, secrecy, closed-source, ray ozzie, linux, unix

Boston, MA plays host to the 2008 Edition of the Enterprise 2.0 Conference, presented by United Business Media.

As most companies are still wondering how they can tap into the whole web 2.0 paradigm shift, you can lead the evolution by attending this event which is held from June 9 to 12, at the Westin Boston Waterfront.

Over 1,000 IT and business leaders are expected to learn how enterprise 2.0 can make businesses more agile, connected and responsive while being exposed to case studies of those who make the whole 2.0 thing work wonders for various uses, today.

This year’s topics include:

• Social networking in business;
• Microblogging and Twitter;
• Enterprise mash-ups;
• Enterprise RSS and syndication;
• Developing a next generation workforce;
• Socializing search;
• Making the right video conferencing choice;
• Software as a service (SaaS);
• Security for enterprise 2.0;
• Office 2.0;
• Presence;
• Unified communications;
• Integrated collaboration platforms;
• Enterprise mobility.

So there’s a lot of ground to cover but IT and business leaders should learn a few very interesting things about the way the web can yield much better results than the already oldish way of doing things.

Make sure to swing by the Demo Pavilion where roughly 100 established industry leaders as well as hot start-ups will be featuring their latest enterprise 2.0-ready products and services.

Tags: enterprise 2.0, web 2.0, conference, boston, ma, evolution, web, interactive, leaders, start-ups, saas

If you produce data, you need to store it somewhere and if you produce lots of it, the storage resources management issues becomes pivotal to your IT success, in this area.

Companies of all sizes seek to make the most of their IT investments, including storage, while keeping new spending in check. Depending on which company you ask, between 33 and 70 cents of every dollar spent on hardware goes to storage so working on allocation efficiency towards optimum distributed storage system use is just good business sense.

Also, storage is rapidly outpacing servers as the biggest user of power in the data centers so that could eventually impact negatively on the carbon footprint and infrastructure utility costs.

Could something as straightforward as storage resource management (SRM) be the answer to the storage woes IT has to contend with on an ongoing basis? Since lots of companies have urgent needs when it comes to storage, let’s hope the following mini-guide will come in handy.

Here’s how to get your storage sprawl under control by doing your homework pertaining to the following four strategic areas:

Policy management

• Make sure to map business rules pertaining to data storage;
• Report on and forecast infrastructure trends;
• Impose process conformance within your network as changes occur.

Data management

• Manage data provisioning and protection services based on business criteria such as hosting costs, protection, preservation and retention;
• Apply mechanisms for intelligent data movement over time to achieve utilization efficiency.

Capacity management

• Manage existing capacity to achieve allocation efficiency before buying more;
• Monitor data growth trends;
• Impose simple hierarchical storage management capabilities and data protection process monitoring.

Configuration management

• Emphasise hardware asset discovery and configuration;
• Interconnect (server / storage) mapping and optimization;
• Set up status monitoring, maintenance and trouble shooting facilities.

In theory, SRM is supposed to give us clarity and visibility into what we currently have at our disposal, storagewise, so we can manage it more efficiently. The real progress is made, however, when combining SRM with data management (enforced by comprehensive company policies) that leads to more effective storage management.

In other words, like many other things in a company, it’s about teamwork and communications between the team members because otherwise, the data growth issue may quickly get out of hand… and way over-budget.

Saving money over storage hardware purchases will make any IT decision maker a darling with CFOs but let’s not forget there’s a lot of work to be done before getting there. Provisioning, deduplication and virtualization must all be explored, understood and properly implemented to optimize a company’s storage resource management.

Remember that you can’t manage what you can’t see — that’s especially true when it comes to storage so start digging and you’ll eventually become an “SRM hero”.

Tags: srm, storage resource management, storage, storage policies, data management, data centers, capacity management, servers, hosting costs, data growth, infrastructure trends, status monitoring, maintenance