Instances of data breaches increase

Recently an analysis was released by the Identity Theft Resource Center citing an increase in the instances of data breaches in 2008 compared to 2007. In the report the ITRC indicated that the instances of data breaches were up 47% in 2008 compared to 2007. While instances of breaches in the government sector were down, those in the business enterprise were up nearly 40% from the previous year, now totaling more that one third of all breaches according to the ITRC. While the ITRC did give the financial sector credit as being the most proactive among all the sectors in protecting sensitive data, they did point out that the instances of data breaches in the financial services sector increased over 250% from 2007 to 2008.The big question is what to do about it. Here are a few ideas:

• Data Loss Prevention technology adoption- The numbers are already supporting the wider adoption of this technology, with one study quoting 29% of enterprises indicating having DLP solutions in use. With an additional 37% looking at implementation in the future one might conclude that it is about time we get these solutions in the field to reverse the trend point out by the ITRC.
• The press article citing the ITRC report indicated that only 2.4% of breaches occurred where encryption or other strong protection methods were being employed. While encryption is widely adopted by enterprises it is not used very deeply in those same enterprises.
• The ITRC also reported that insider theft accounted for 15.7% of data breaches, more than doubling from 2007 to 2008. As we have also reported 85% of all enterprises report now that they treat internal threats and external threats with equal weight or emphasis.

It would appear that as an industry we have the portfolio of solutions to reverse the trend cited by the ITRC. What remains to be seen is if the enterprise community will allow economic conditions to slow programs to slow down efforts to fix the underlying issues in their infrastructures that feed the trend.

Employer Values and Employee expectations-continued

In the last increment of the piece on employer values I outlined the importance of valuing a person's ability to communicate effectively and to work well in teams. Recalling that this list is not mine but one that I found from an organization that I have a great deal of respect for here is the rest of the list:

• Is accountable- In this case keeping your word on commitments you make on getting things accomplished is very important. The work of others depend on you. If you are not accountable and people can not trust your word then the organization is weaker for it, as is your value to your company.
• Values diversity- one of the things we have learned over the past few years of watching our government at work is that when you value on the opinions of those you like you tend to get a very clouded view of life. Not everyone is right all the time nor is it likely that your "filter" is the same as mine. I tend to get one really good idea every year but it tends to be a very valuable one, sometimes worth millions in additional business. To think that I am the only one with this capability is insane. We all can contribute regardless of our backgrounds, beliefs, or gender.
• Commits to service- It should be obvious that treating your customers as a valued asset should be number one in people's minds but this is not a universally held view. There are a few managers out there that value customers only for the revenue they bring in. Once the contract is signed they have little use for these customers until it is time for a new contract or a renewal. This is an entitlement mentality, "I am entitled to your business", that few customers appreciate. When your competition treats them better guess where they are going. This same mantra is true if you serve internal customers. We often wonder why there are rogue IT organizations in companies. They have developed competition for the true IT organization, most likely because of poor service.
• Delivers excellence- I like this one because it gets to the type of person you are and your beliefs as a part of a group, which is what a company really is. If you are not always in the mode of delivering an excellent product you will be dealing with problems more than new business. Once you go down this path recovering from it is nearly impossible. Many a great company has suffered from a lack of excellence only to fall victim to competition. We have watched the American steel and auto industries go through this and we all know the results.

Have a great new year every one!

Employer Values and Employee expectations

I recently ran across an organization that insists on having their employees and prospective employees agree to certain behaviors and values. I found the process intriguing and thought I would share what I learned about their expectations and some thoughts on what it means from both the employer and employee perspectives. The list was fairly extensive so I will have to break the list up into parts, in no particular order:

• Effective communications- to include active listening to others; responding to others with "a sense of caring and respect"; keeping others informed; conveying information clearly, concisely and respectfully in speaking and in writing; encouraging and modeling open dialogue; to be positive and supportive in all communications; and displays a willingness to share opinions and or concerns with "positive intent".

This would be tough for some I have worked with in the past as they cherish the opportunity for back stabbing and other modes of back channel communications. Their intent was often not positive in nature.

• Demonstrates Teamwork- This includes working collaboratively with others rather than working separately competitively or adversely. Emphasis is given to working to build collaborative relationships across all functional lines to meet mutually agreed upon goals.

Clearly teamwork can be closely related to the first value of communications. As an employer setting expectations early on in a relationship with your human resources can provide you with an advantage later on should behaviors not aligned with these values crop up.

I have to emphasize that this is not my list but that of a organization I have a great deal of respect for, and one that is highly successful in their given niche.

I will provide the next increment of this list shortly.

What I want for Christmas

It is that time of year once again and I am getting into the mood to make a list of wants and needs for Christmas. Thanksgiving is over and with keyboard in hand here goes:

• A truly modular laptop- recently I had the opportunity to rebuild my 3 year old laptop. It had developed an intermittent problem that was heat related and it took a while to figure out that I needed to replace the motherboard. I would like someone to make a truly modular laptop so that I could purchase the required part and slap it back together. It took me several hours and an eBay purchase to fix my machine. It should not have to be this way.
• An operating system that is universal- I do not believe that computing OS for the end user has benefited from the current competition. We should have one that works, is bug free, and all applications work on it. Windows clearly does not fit this description, MAC might come close but not all the way. Vista is a long way from what I think we need too.
• Smart Network ports- I would like to be able to set up my computer for the services I need from a network, including the destinations I would like to go to, plug it in, and I get the services I need. This ideal set up would be made available to me wherever I go, to any enterprise network regardless of who's equipment it is built on. Think about roaming with your cell phone. Yes I know about 3G and 4G and 2.5G and all the variations but it used to work! I am not thinking that NAC in its current form is what we need.
• My Blackberry to work again- About a month ago my Blackberry stopped working on my BES account. I can receive emails but not send or respond from that account. I can send from other POP accounts but.... It turns out that there is an incompatibility between my software in the device and the BES software. Now if I could only convince the support guy of this I would be in great shape. It worked up until a month ago so one would think that rolling something back to that configuration would do the trick.
• Anti-virus software that does better than blocking 20% of the known infections.
• Real-time vital health statistics monitoring displayed on my wireless device. No wires or anything, just an implant that does all the work and sends the numbers to my screen. Blood pressure, cholesterol, EKG, EEG, blood sugar. I would be able to tell when it was time to eat, not eat, sleep, not sleep, and leave frustrating meetings before bad signs start to appear on the screen. I could keep my doctor fully informed in real time. No office visits, no problems. The perfect gift!

Politics signals IT shortcomings

Like most Americans I have been watching the Presidential election process closely this time around. Given the current state of affairs in this country I figured the better informed I am the better my decisions would be.

We have now elected to the highest office in the country a person who prides himself on being well connected. Barack Obama is an avid Blackberry user, web surfer, email power user, Facebook user, and text messaging guru. This is not normal in Washington, D.C. Most of the elected officials in D.C. are up there in age so they are not used to all the options available to them.

The news recently is that the President Elect might have to give up his Blackberry in order to comply with the Presidential records act and security good practices. What does this really mean? It means that wireless device security and managed services like Blackberry Internet Services are less secure than they should be. It means that the President has just found out that, while he can be the most connected guy in the world when he is in the office or on his plane, he can not carry around his own personal communications device. It means that we in the IT field still have some work to do.

Can you imagine how good it would feel if we could say that it would be safe for the president to carry and use a Blackberry? We may never get there but it is a good target goal to strive for.

We did, We can, and We will

I have to admit to being an on-line news addict. The immediacy of news from all parts of the world is hard to resist for me. Being well informed is a duty we all have, both in our jobs and our communities. The last two years have been especially enlightening with the election of our new President and new leadership in the other branches of government. It also points out some technology insights that are important to enterprise users.

First, examine Barack Obama's use of technology in his run for the Presidency. He used everything we have developed to communicate a message, to organize citizens for his cause, to raise money to fund his campaign and to serve as a cornerstone for his message on the importance of innovation in our society. While some may have criticized his use of text messaging to announce his running mate I thought it was a classy way of doing it. Everyone got a personal note at nearly the same time. President elect Obama used the Web like no other politician has ever done. In doing so he energized a younger electorate (his customers) and they responded by granting him the right to carry some of these innovations to Washington. I have no doubt he will finally be able to get the federal government to successfully automate many of the functions that still need attention, like the processes we use to vote perhaps!

President elect Obama's use of the same technology tools used by many enterprises was not an accident. Collectively the technology community has developed a powerful set of tools that can bring success to any campaign, business or political. How does it feel to know that "we did that". Even more important is the feeling that we now realize that we can apply these solutions to nearly any problem we face. The tools are out there, as is the talent to apply them.

I have no doubt that we will continue or tradition of innovation in this country. New solutions are out there waiting to be discovered or simply applied to different problems in ways that can range from the very simple to the more complex.

We owe President elect Obama a big thank you for successfully demonstrating to us that innovation is not over in this country.

Storage Networking World Conference

Just a note to shamefully publish the fact that I will be speaking at the Storage Networking World conference in Dallas on October 16th. Please stop by and introduce yourself or just say "howdie".