To protect your databases, you need to plan ahead because in a large measure, “failing to plan is planning to fail” and such failure could cost an organization time, money, productivity and reputation.

Above the obvious advice that every employee should be allowed access to information on a need to know basis, namely through role-based controls, monitoring all systems (including the mobile devices) for data leaks help a great deal.

Here are a few things serious IT professionals can do to protect their businesses against all flavors of potentially damaging data breaches:

• Directly monitor financial databases to keep on top of unusual activities;
• Assess and remediate weaknesses to guard against unauthorized access (even with proper authentication);
• Audit user access and use of resources;
• Learn how users are using the databases to detect unauthorized activities;
• Check transaction authenticity (cross-check with the paper trail);
• Sollicit independent reviews to get that all important second opinion;
• Automate as many controls as possible to reduce manual audit errors;
• Make use of encryption to protect the information.

Remember that different types of businesses need to brace for different types of data breaches so keep in mind that what works well for your neighbor might not work as well for you.

In any business, there needs to be a response team which can take decisions when a breach is identified and that can go as far as shutting down all the database systems until the threat is properly dealt with. The general counsel should be part of that “emergency team” and proper training should be given so they understand the importance of dealing swiftly with a threat to prevent aggravated damages.

IT forensics teams can be called in to properly trace the source of an attack that has lead to a data breach. This team can conduct triage which can include heavy activity monitoring and the temporary deactivation of key services, until the threat is properly addressed.

It should also be mandatory for PR to be in on the action because you’d rather hear the bad news, in a controlled manner, from them than, say, the New York Times. Furthermore, in a case where customer data has been breached, they need to be properly presented with the facts.

Once the data breach is remediated, the organization must modify the business practices that allowed for such a breach to happen, in the first place. As always, preparation is key.

Tags: security, data breach, database breach, unauthorized access, user access, it audit, transaction authenticity, manual audits, automated controls, encryption, data protection, unusual activities, data monitoring

For the highly mobile users, SaaS provides a much needed alternative to desktop software, in part because the data is stored remotely and then, instantly made available to the properly authentified owner, wherever he or she may be.

SaaS also comes in handy for people who jockey between computers, for instance, between a laptop computer and a desktop. Logging into the web service grants them access to their work, whichever computer they be working on at that time.

But if you’re still unsure about bringing in more complex web services into your company, the following checklist should help you decide if SaaS is right for you, in a given line of work:

• Will modifications of IT or network integration be necessary, to accomodate the SaaS?
• Can I retire redundant IT infrastructure, by using the SaaS application?
• How long will the SaaS deployment take versus software?
• What training is need to use the SaaS application?
• How does the end-user experience compare between the SaaS application and software?
• Is SaaS data security up to corporate standards?
• What’s the operational security of SaaS compared to software?
• Will SaaS subscription fees end up costing more or less than a software setup?
• What kind of support do I get for SaaS compared to software?
• How easily can each solution be scaled, over time?
• What’s the financial stability like for the SaaS provider?
• Generally speaking, will SaaS better serve our business than software?
• Will the management and employees notice any difference with SaaS?

Depending on your answers, you’ll have a better idea if you’re ready to jump on the SaaS bandwagon that’s gaining speed in the online world, right now.

Successful upstarts, such as Salesforce.com, WebEx, RightNow, Taleo, Blackboard and NetSuite are benefiting the most from their disruptive offerings, in terms of SaaS applications. Companies can simply subscribe to their services online and start using them right away. This business model, depending on the needs, provides for a credible alternative to software, especially when applications need to be heavily networked across multiple locations.

It goes without saying that users that don’t have a reliable internet connection will shy away from SaaS as that entire business model is based on quality internet connectivity. That means the internet providers, including the big telcos, need to massively upgrade their network, all the way to the user (in offices or homes, whichever).

Security will also need to be reinforced in conjunction with ironclad privacy protection for serious work to be hosted in the internet cloud, meaning that at any given time, a specific user can’t be sure of the exact location where his or her data is stored — which is very different from using desktop software and saving the work on a local hard drive.

This being said, SaaS is big enough for everybody to notice and even though software is still the foundation of desktop computing, more web services are being launched regularly and it’s possible that some of them may end up changing our relationship with computing and how we get things done.

Tags: saas, web services, online services, software, desktop, computing, working online, web technology, web 2.0, end users, operational stability, application ownership, network infrastruction, web connectivity

While this kind of bold statement of direction simply piggypacks on common sense, coming from the Remond giant, known to be the champion of secrecy, meticulous direspect of standards and engineered hurdles against straightforward interoperability, this kind of statement left most people wondering if they heard right.

After all, Microsoft’s multi-billion dollar business has been built on closed sourced code, non-standard formats and a paranoid race to accumulate patents, wether they made sense or not. So is Microsoft’s willingness to open up its heavily guarded gates genuine or is it just for show? According to many observers, the final word isn’t spoken yet.

Although Microsoft is used to playing the part of the bully in the proverbial software schoolyard, the open source movement is a hard target to intimidate. After all, everyone openly shares their findings (not wasting time trying to re-invent the wheel all the time), most coders work out of sheer passion and this means the development pace is downright impossible to match for a closed-source and rather slow moving software shop, however rich it is.

So why is Microsoft opening up, in the first place?

Two main reasons being that (1) customers want (and now require) it and (2) also to properly address the regulatory and competitive pressures against its “traditional” business model.

In the current market conditions, Microsoft clearly can’t beat open source so it must shift from being its demonized antagonist to become —against all odds— part of the trend. So that’s what Ray Ozzie is trying to do but in real life, making Microsoft a credible open source proponent is, by all means, akin to a Herculanean task.

Because it’s such a huge undertaking, Microsoft is moving on its own terms and at its own pace and predictably, this has made it an easy target for those who believe their “open source move” was just for show and changes nothing to their previous market domination plans.

In fact, despite Ray Ozzie’s cozy words, Microsoft continues to accuse open source developers of violating 235 of its patents. While those accusations are unsubstantiated, Microsoft’s threat of legal action still hangs over the developers’ heads — this doesn’t help the software behemoth’s image, at all.

So while Microsoft’s PR department is saying nice things about open source, the legal department is playing dirty with developers who are very highly regarded, worldwide. Saying that it’s a “profoundly inappropriate approach” would be a gross understatement.

So what’s Microsoft doing about its open source commitment?

Well, it introduced the Live Mesh strategy for synchronizing data across platforms and devices, which takes into account Adobe Flash, MacOS X, non-MS browsers and programming languages. Also, Microsoft has added cross-platform extensions to System Center Operations Manager 2007 which (finally) make it possible to manage Linux and Unix servers from MS’ flagship management platform. To do this, Microsoft is incorporating two open source components, WS-Management and OpenPegasus, into Operation Manager. It’s a 180-degree turn from the company’s legacy mindset.

While the US Justice Dept and the European Union‘s ruling (in 2001 and 2004) are (still) trying to get Microsoft to document and license its protocols, the open source movement is zipping away with an enormous momentum.

Microsoft’s Open Specification Promise is a legally binding assertion that it won’t enforce certain patents but longtime competitors know this might just be another strategy to force industry standards into its own mold, an approach known as “‘extend, embrace and extinguish”. If what Microsoft did to its proprietary extention to CSS and JavaScript is any indication of things to come regarding its open source stance, then we’re heading towards a great “open source deception”.

All in all, Microsoft still has a lot to understand about the open and participatory nature of the web — for everyone’s benefit, let’s hope they get it right, this time around.

Tags: microsoft, open source, patents, lawsuits, law, lawyers, developers, open standards, technologies, software, interoperability, integration, transparency, secrecy, closed-source, ray ozzie, linux, unix

As most companies are still wondering how they can tap into the whole web 2.0 paradigm shift, you can lead the evolution by attending this event which is held from June 9 to 12, at the Westin Boston Waterfront.

Over 1,000 IT and business leaders are expected to learn how enterprise 2.0 can make businesses more agile, connected and responsive while being exposed to case studies of those who make the whole 2.0 thing work wonders for various uses, today.

This year’s topics include:

• Social networking in business;
• Microblogging and Twitter;
• Enterprise mash-ups;
• Enterprise RSS and syndication;
• Developing a next generation workforce;
• Socializing search;
• Making the right video conferencing choice;
• Software as a service (SaaS);
• Security for enterprise 2.0;
• Office 2.0;
• Presence;
• Unified communications;
• Integrated collaboration platforms;
• Enterprise mobility.

So there’s a lot of ground to cover but IT and business leaders should learn a few very interesting things about the way the web can yield much better results than the already oldish way of doing things.

Make sure to swing by the Demo Pavilion where roughly 100 established industry leaders as well as hot start-ups will be featuring their latest enterprise 2.0-ready products and services.

Tags: enterprise 2.0, web 2.0, conference, boston, ma, evolution, web, interactive, leaders, start-ups, saas

Companies of all sizes seek to make the most of their IT investments, including storage, while keeping new spending in check. Depending on which company you ask, between 33 and 70 cents of every dollar spent on hardware goes to storage so working on allocation efficiency towards optimum distributed storage system use is just good business sense.

Also, storage is rapidly outpacing servers as the biggest user of power in the data centers so that could eventually impact negatively on the carbon footprint and infrastructure utility costs.

Could something as straightforward as storage resource management (SRM) be the answer to the storage woes IT has to contend with on an ongoing basis? Since lots of companies have urgent needs when it comes to storage, let’s hope the following mini-guide will come in handy.

Here’s how to get your storage sprawl under control by doing your homework pertaining to the following four strategic areas:

Policy management

• Make sure to map business rules pertaining to data storage;
• Report on and forecast infrastructure trends;
• Impose process conformance within your network as changes occur.

Data management

• Manage data provisioning and protection services based on business criteria such as hosting costs, protection, preservation and retention;
• Apply mechanisms for intelligent data movement over time to achieve utilization efficiency.

Capacity management

• Manage existing capacity to achieve allocation efficiency before buying more;
• Monitor data growth trends;
• Impose simple hierarchical storage management capabilities and data protection process monitoring.

Configuration management

• Emphasise hardware asset discovery and configuration;
• Interconnect (server / storage) mapping and optimization;
• Set up status monitoring, maintenance and trouble shooting facilities.

In theory, SRM is supposed to give us clarity and visibility into what we currently have at our disposal, storagewise, so we can manage it more efficiently. The real progress is made, however, when combining SRM with data management (enforced by comprehensive company policies) that leads to more effective storage management.

In other words, like many other things in a company, it’s about teamwork and communications between the team members because otherwise, the data growth issue may quickly get out of hand… and way over-budget.

Saving money over storage hardware purchases will make any IT decision maker a darling with CFOs but let’s not forget there’s a lot of work to be done before getting there. Provisioning, deduplication and virtualization must all be explored, understood and properly implemented to optimize a company’s storage resource management.

Remember that you can’t manage what you can’t see — that’s especially true when it comes to storage so start digging and you’ll eventually become an “SRM hero”.

Tags: srm, storage resource management, storage, storage policies, data management, data centers, capacity management, servers, hosting costs, data growth, infrastructure trends, status monitoring, maintenance

This is major news because this agreement means that HP’s and EDS’ combined revenues reaches a whopping $38 billion a year, a bit behind IBM at $54 billion but clearly ahead of Accenture at $21 billion.

According to the merger plan that’s been released, EDS CEO Ron Rittenmeyer will lead a new organization called “EDS — an HP company” and report directly to HP’s Mark Hurd. EDS will still employ 210,000 people but Wall Street is abuzz with rumors of downsizing.

While HP’s IT services unit was already managing P&G‘s global consumer products’ tech operations (a 10 year, $3 billion contract, started in 2003), EDS brings blue-chip customers to the table, such as American Airlines, Bank of America and Royal Dutch Shell.

So EDS’ vast vertical and operational expertise which is especially strong in the financial services, health care and government sectors could finally help HP break into the IT services major leagues. The biggest threat to the success of this deal might come from HP’s somewhat “computer and printer” culture that’s still (proverbially speaking) lightyears away from SaaS, cloud computing and other new-wave IT trends for which EDS has proved to be more comfortable with.

HP hopes that with EDS now on its team, big multinationals will look to outsourcers more often to collect, secure, integrate and deliver software and other IT resources over the web.

Of course, the future will tell if giant system integrators, like HP’s newly acquired EDS, will still be required at a time when the SaaS and cloud computing super-efficient duo are removing complexity from many IT activities, across the board.

Tags: hp, eds, operations, merger plan, it, it services, saas, cloud computing, outsourcing, it resources

Being the financial reporting version of XML, XBRL allows for standardized accounting data to be tagged and retrieved more easily as documents can be mined for data without calling up entirely.

So the SEC is basically requiring big changes from large publicly held companies because their PCs aren’t fast enough to process large documents, errr… while that may hold true, the main reason has to do with the structured way in which the XBRL data is stored.

SEC 10-K annual reports and other documents that use XBRL can be read by software, screened for specific data and then, reorganized into new reports. For investigators and investors looking to quickly search for less common financial data such as “assets held for sale”, the XBRL tagging does wonders.

The new SEC requirement affects “large accelerated filers” which likely includes the majority of the Fortune 500 — 75 companies, including Ford, GE, IBM, Pepsi, United Technologies and Xerox already use XBRL.

Once XBRL has become a standard way of making SEC reports, the mandate is expected to be phased in for smaller publicly held companies. Furthermore, the FDIC and the central banks of the European Union have already adopted XBRL in their reporting.

While the XBRL requirement might seem somewhat steep for large companies, it’s probably a good thing since it’ll be easier for investors, including large retirement fund analysts, to finally be able to quickly compare several companies using very specific variables.

For the financial publications’ readers, this means that the financial reports, in the years to come, might yield significantly more comprehensible information that’ll likely be useful when trying to understand what’s happening in a company where an investment is being considered.

Tags: xbrl, xml, sec, fdic, european banks, financial reports, reporting, standards, compliance, mandate

All these questions quickly come to mind for information security experts who look to secure data in all ways possible to prevent that it get leaked into the wrong hands.

The internet connects over 1.5 billion people daily, for anything ranging from email or web surfing to complex remote medical interventions — that makes for a tempting target for ill intended individuals looking to get their hands on sensitive data, which is basically why you need to protect yourself better.

What you did to protect your data a year ago probably isn’t as good today because the very nature of threats keeps shifting in sometimes unforseen territories. Regularly assessing the efficiency of your data protection will become even more critical in the future as attackers, ranging from more or less talented hackers, organized crime and even foreign governments will try their best to steal anything of value (for them) that you may have.

Your computer’s hard drive is like a proverbial safe which instantly becomes (way) more vulnerable from the moment you connect to the internet or even a home wireless network.

If you intend to have the upper hand against those determined to steal your data, you need to be one step ahead of them, namely with the following no non-sense strategies:

• Enclaves – Early on, determine what’s the most sensitive data you must protect and give it special treatment because that’s probably what the data thieves will be looking for.
• Border firewalls – Network-layer firewalls work best when combined with application-layer counterparts so be creative in protecting your “borders”.
• Strong authentication – Require strong passwords (on everything) which must be changed regularly and for more serious security needs, consider using token-based systems (physical USB key-like devices with ever changing “tokens” to access the data).
• Configuration and patch management – Make sure your (1) equipment, (2) software and (3) human resources are always “well maintained”… and up-to-date!
• Host-based firewalls – Server and workstation intrusion, virus and malware protection is still essential to weed out the unwanted stuff that somehow finds a way in (in spite of all the other protections).
• Data encryption – Make sure to especially encrypt data on mobile devices since they’re the ones likely to be lost (or stolen) when in transit — encrypt all you can.
• Awareness and training – An aggressive cybersecurity program will go a long way in efficiently protecting yourself against newer threats.

While some treat data security entirely as a hit-and-miss process, experience shows that luck favors the prepared, when it comes to cybersecurity.

Forget the antiquated (but still active, alas) Nigerian bank scam threat pouring in email boxes all over the world, the newer threats tend to be socially engineered so ensuing phishing attacks are savvily aimed at the intellectual interest of the end user, making them that much harder to debunk. In other words, attacks are getting uncomfortably personal.

As you attempt, most probably armed with gear, software and knowledge, to fend off the attackers’ attempting to break open the gates to your digital kingdom, keep in mind that people are the weak link in any network security effort.

Interestingly, there’s a corollary to the “people are the problem” saying and it has to with the widely recognized fact that people are also the most effective “tool” to fight attackers.

Although you may never be perfectly secure, make an effort to prevent data thieves from succeeding in their highly illegal —and overwhelmingly stealth— attempts to steal from you.

Tags: security, cybersecurity, it, firewall, border, encryption, data theft, hard drives

This is wonderful news for both the aspiring web publishers who will enjoy the excitement of making their ideas “public” and the targeted visitors who will have access to newly available knowledge (usually, for free).

To make your web publishers’ efforts worth their while, here are a few “common sense tips” for those who are getting warm to the idea of e-publishing:

Focus on human-sized challenges – Even if your favorite subject is as expansive as “technology” (for instance), make sure to break up your work in smaller chunks so you don’t choke on the amount of content you’ll want to publish.

Become a specialist – Being different isn’t enough, in the age of online publishing. In fact, specialists will inevitably have the upper hand against the army of generalists who aren’t as knowledgeable on given issues.

Web visitors rule – Whatever you intend to inform your visitors about, keep in mind that visitors who like your content have the means to easily make it more popular (through social bookmarking, for instance) so treat them with due respect.

Monetize your hard work – Creating unique content makes a fertile ground for getting enough visitors to, in turn, justify adding “monetizing zones” throughout your published work.

Explore the many “pay-per-click” publisher programs, including Google’s AdSense and stay away from “pay-per-action” schemes (unless you’re a pro) as they’re usually much harder to “convert” into revenue.

Of course, getting paid for your work is always nice.

Update often to add more value – Your initial content is probably fine as it is -but- the world changes and perhaps, at some point, it’s a sound idea to revisit your previously published work to update it, in the hope of adding more value, for your visitors (and the search engines).

Blogs help this occur “naturally” through the addition, over time, of user-generated comments. Publishers will, nevertheless, usually get extra credibility points for doing this, on their own.

Make your own rules – This tip applies to your online publishing work -and- to your life, in general. Doing anything because you’re told to is bound to make you miserable, at some point. The online opportunities are so numerous that it’s hard to imagine you can’t become a happy publisher without following your heart.

There’s never been a moment in human history when publishing to such a vast audience was this easy. Providing information online for other people to learn from is basically about sharing the wealth of knowledge you come across. Obviously, there’s a lot of merit in web publishing.

Bonus tip – If you’re publishing highly unique content, consider making it multilingual using specialized automatic translation tools (and services) which may easily interface with your favorite blog script. Whenever possible, specify the translation is “automated” so that your foreign readers don’t judge your syntax too severely. Multilingual content creation will multiply the potential readership for your content which, by all means, is a good thing for you.

Good luck in your web publishing ventures!

Tags: web publishing, web content, blogs, wikis, web pages, monetization

As such, here are the many elements of information management you should consider when devising your very own “strategy for staying on top of things”:

Data – Databases, data warehouses, data cleansing, profiling, integration, metadata repositories, networked storage systems.

Content – Document management, web content management, records management, imaging.

Intelligence – Business intelligence, data extraction and mining, analysis, reporting, dashboards, performance management.

Search – Keyword search, content classification, categorization, entity extraction, taxonomy creation, document search, e-mail search.

Think of these elements as parts of your future strategy for winning in the information age. Whoever finds ways to inch ahead of everyone else in fields related to any one of these elements will stand to win big, especially in our increasingly networked world.

It’s not just about buying a bigger hard drive anymore, it’s about managing the information in such a way that truly empowers you.

Tags: information management, data, content, intelligence, search