Intel Communities : All Content - Open Port IT Community : IT@Intel

Our New PC Delivery Process Cuts Employee Downtime

webadmin@intel.com — Wed, 15 May 2013 19:49:16 GMT

Getting a new PC used to take valuable time out of the workday. But as part of our focus on a user-centered model of delivering IT services, Intel IT recently optimized our PC delivery process, resulting in improved employee productivity, a better employee experience, and reduced operational costs. These process improvements allow our employees to return to work more quickly, reducing their downtime from an average of 4.5 hours to 1 hour, a 77-percent reduction. Read the paper "New PC Delivery Process Cuts Employee Downtime" to learn about the changes we made.

Enterprises Security Choices and Tradeoffs for BYOD

webadmin@intel.com — Mon, 13 May 2013 19:34:26 GMT

Bring Your Own Devices (BYOD) continues to gain momentum as users bring devices into work environments by the droves. Enterprises must make tricky security decisions to balance the tradeoffs of costs, user productivity, and security.

BYOD is effecting organizations both large and small. In our highly connected world, workers bring in familiar and favored smartphones, tablets, and other compute devices into work and expect to leverage them for convenience and to improve productivity. It can have a great positive effect on the business but also raises security concerns. Management can’t hide from taking a position, establishing boundaries, and understanding the tradeoffs.

In today’s responsible corporate environment, enterprises realize the danger of uncontrolled devices on their network and accessing business data. It introduces chaos to security and IT manageability, driving up risks and expenses. Organizations want to enable productivity of employees but must maintain a level of acceptable risks and keep costs flat, or at the very least justifiable. It is a tough balancing act between risks, costs, and user productivity.

Management has a number of high level choices, each with pro/cons and other tradeoffs. Before committing to a particular path, leaders must understand these options in order to select the best direction to set for their organization:

1. No personal devices allowed. Forbid personal smartphones, tablets, and non-managed computers from accessing work systems, networks, and data.
Pro: This stratagem manages security risks and keeps costs relatively flat. It has been the traditional solution.
Con: Not practical for 99.9% of the world. It’s like trying to hold back a tidal wave with a paper cup. Workers, starting with the tech savvy, will bring in devices and connect them, soon to be followed by the rest of the staff. Most likely they and the less technical community has already been doing this for some time. It starts with email forwarding, access to work calendars, meeting logistics, file sharing, instant messaging, etc. Implementing such a policy ignores the opportunity for significant worker productivity gains and stifles flexibility which is so desired by everyone. When employees have convenient access to such data, they are more effective, efficient, and happy.

2. Company provides mobile devices. Providing corporate managed devices in lieu of employees’ personal devices, allows vetting of systems before they access work networks and data.
Pro: Security standards, selective deployment, and the ability to enforce controls, allows the organization to manage risks and costs.
Con: Upfront expenses are high, user happiness tends to be low, and manageability costs slowly creeps up over time. The out-of-pocket equipment and service costs can be very expensive. To control costs, most organizations will not provide everyone a company device. So there emerges a “have” and “have-not’s” class system which spawns resentment. Those who are provided devices must manage their personal devices in addition to the company provided ones. If you have ever been forced to carry two phones, you know how much of a pain this becomes.

Even in a perfect environment with happy users, a different problem emerges. The comingling of personal and private data on employer managed devices. This can be a nightmare, fraught with legal and ethical pitfalls.

Each class, brand, and even model must be configured and secured. IT departments must support users trying to access services and data. The more types of devices, the more complex and expensive the support becomes. One of the keys to managing support costs is scalability. So, it is normal for an organization to settle on one or two to start. Which will not make everyone happy as people have their own preferences. Demand can grow to expand the list of supported configurations, especially as new options become available in the marketplace. Expanded support is great for users, but a nightmare for IT as it increases the legacy support of older configurations which are still in use. Over time the cost to support will steadily increase and the cost of refreshing old and damaged devices will be ever present.

From a productivity perspective, users get an initial boost from the latest equipment and software, but will soon see a degradation as the organization cannot keep up with the latest features coming to market.

3. BYOD of Any Device. All devices welcome with open arms! Users are able to bring in, connect, and use their favorite devices. Security controls are usually network based or via containerization technology on the device itself.
Pro: Initial hardware costs are very low for the organization, as the user absorbs initial out-of-pocket costs for the device. Productivity remains high, as users will continually install latest applications and refresh to current hardware as they see fit.
Con: Expensive to manage and secure. Costs skyrocket to provide and maintain security controls and connectivity support over a wide swath of different devices and applications. Security solutions, many with a high per-seat cost, is required. Not all devices are created or configured equally, adding to the cost and frustration of IT and security departments. The expenses continue to increase and never plateau as users follow the non-stop march of evolving technology, applications, and shiny devices

Challenges with co-mingling of users private data with enterprise oversight can still persist depending upon controls and access configurations

4. BYOD of Certain Devices. The middle ground, allowing users to front the initial costs and enterprises can focus on security and management of a much smaller subset of devices. Network, cloud, and device containerization technology provide security.
Pro: Low initial costs as users purchase the devices. It is a flexible model where the optimal balance of cost, productivity, and security can be adjusted as needed.
Con: Still costly, as the enterprise must invest in security solutions for allowed devices, but policy will limit the number of configurations and therefore help keep costs and risks more manageable. As new devices are supported costs will rise due to legacy support and other complexities. Security is managed based upon the vetting and controls mandated for approved configurations.

Productivity varies based upon the breadth and timeliness of support for new technologies. Satisfaction and productivity also follow this curve. The more devices and applications supported in a timely manner, the happier and more productive the users, but the costs skyrocket accordingly.

Sadly, the pesky problem of data comingling is still present.

There is no universal winning choice. It really depends on the organization, risk appetite, budget, worker productivity needs, and the sway of the most vocal users. A very small number of organizations can disallow all personal devices, mostly government types. Only companies willing to spend a tremendous amount of money on hardware or those which already have a strong caste systems to support a limited distribution will be interested in providing workers with such devices in addition to primary work PC’s. Organizations which have little need for confidentiality, integrity, and availability aspects of security might be able to live with openly connecting any BYOD their users may bring into the office. Although a significant number of organizations may try to dabble in this area before realizing the rapidly growing support costs and security issues before changing to a different strategy. In the end, I believe the majority of organizations will choose to embrace the last option of supporting only certain BYOD devices. They will select a mix of devices, software, and controls which satisfy a broad community while keeping costs and risks predictable. This is no small feat as these solutions are not yet mature.

Every organization must find their own path. They must consider the options and tradeoffs of costs, productivity, and risk. No perfect solution exists, but with forethought, collaboration with users, and solid execution, a manageable solution might be within grasp.

Maximizing IT Value by Using High-End Server Processors

webadmin@intel.com — Thu, 09 May 2013 19:31:34 GMT

Intel IT has standardized on Intel® Xeon® processors with a core frequency of 2.6 gigahertz (GHz) for two-socket servers to offer maximum IT value for design computing and enterprise server virtualization. Our analysis demonstrates that higher-end processors significantly enhance server performance throughput for a minimal increase in total cost of ownership (TCO). Our analysis demonstrated to Intel IT management and purchasing groups that software acquisition and licensing costs—which represent 3x to 6x the cost of the hardware platform—are the largest drivers of overall TCO for servers deployed at Intel. We concluded that standardizing on high-end processors is a cost-effective way for Intel IT to maximize server return on investment (ROI). You can find more information around our analysis in this recently released white paper Maximizing IT Value by Using High-End Server Processors.

Inside IT: Cloud Aware Applications "Code-a-Thon"

webadmin@intel.com — Thu, 09 May 2013 19:13:21 GMT

Earlier this year, Intel IT started conducting a series of Cloud Aware “Code-a-Thon’s”. These were created in response to a skills gap around applications that were being written in a traditional way and ones that needed to be developed to take advantage of the cloud. This event is an inventive way to bring application developers together, introduce them to concepts of programming applications for the cloud and think in new ways. The intent is to have developers experiment with the cloud and be immersed for an entire day. In this podcast we talk to Cathy Spence, an Enterprise Architect in Intel IT. Spence tells us how the Code-a-Thon came about and what it takes to create an app for cloud. We’ll also hear from participants in a recently held Code-a-Thon at Intel’s Santa Clara headquarters.

Turning Big Data into Big Answers

webadmin@intel.com — Wed, 01 May 2013 18:40:53 GMT

Talk live with an Intel IT Center expert: Sure, Big Data is a big deal. But with new sources and growing volumes of data flooding in daily, how do you turn all of that data into meaningful insights that give your business a competitive advantage? In this live interactive webinar, Intel IT experts Ajay Chandramouly and Ron Kasabian will distill what the Intel Big Data Solutions Group has learned about maximizing the value of big data analytics and the cloud. Bryce Olson, Business Strategist at Intel Corporation, will moderate the interactive discussion.

Based on three years of planning and hands-on experience, they will provide practical steps for guiding your Big Data and Cloud initiatives. The discussion will include:

How Intel is optimizing Apache Hadoop deployments
How Intel is using Big Data to bring new products to market faster
How predictive analytics are saving millions across the company

Join this live forum, ask questions, and learn how to turn Big Data into hugely beneficial information your company can act on. Live May 15th at 9am PDT. Register Here

It’s time to put users first

webadmin@intel.com — Wed, 01 May 2013 13:00:50 GMT

Managing the Changing IT Landscape: User-Centered Computing

Are you ready to let users determine what IT services you deliver? Like it or not, they’re already using their own devices, not to mention the cloud-based services they want. Wouldn't it be easier to include them right from the start?

I've been writing a lot on the importance of finding the right tool for the job. At the heart of that idea is user-centered computing—an inclusive approach to managing consumerization that puts all users’ needs first.

When I worked for Intel IT, we put this to action by moving away from the one-size-fits-all model to a customized approach that emphasizes the right fit and design for the job. We did this by:

Conducting segmentation studies to understand job roles and how people work
Inviting employees to participate in pilot studies and early adopter programs to improve and stabilize IT solutions before full deployment
Conducting surveys that help:
- Measure customer satisfaction with existing IT products and services
- Identify the services that are most important to employees
- Solicit input on gaps and unfulfilled needs in our service portfolio
Providing greater choice and flexibility by offering more options for primary computing devices
Establishing and supporting Bring Your Own Device (BYOD) and BYO-PC programs

This approach may seem radical, and it does involve changing the culture of IT. However, this change is necessary to fulfill the mission of IT: creating and delivering greater business value.

Chris
@chris_p_intel
#UserCenteredComputing #Consumerization

IT Center

Inside IT: Evaluating McAfee Deep Defender

webadmin@intel.com — Sat, 20 Apr 2013 04:27:10 GMT

The evolution of threats to the security of the enterprise has driven innovation in how that enterprise defends itself. New tools need to be developed to meet today’s threat landscape. McAfee has introduced such a tool, Deep Defender. It’s designed to detect kernel-based attacks that other traditional software security solutions would miss. In this podcast we talk with Intel IT Security Specialist Greg Bassett and Project Manager Stephanie Mahvi as they discuss the pilot study the company conducted to evaluate McAfee Deep Defender for the enterprise.

Join me at the Intel IT Center Experts Tour in Folsom CA on June 13th 2013

webadmin@intel.com — Fri, 12 Apr 2013 18:40:32 GMT

Fellow security professionals, come join me at the Intel IT Center Experts tour in Folsom CA, June 13th 2013. I will be one of the many speakers discussing challenges and experiences gained by Intel's IT organization. This is an opportunity to ask questions and share insights.

Complete Tour Listing Link

Direct Registration Link for the Folsom 06/13/2013 session

https://secure1.regsvc.com/registration/index.aspx?TYPE=t&ID=4&LC=&LC=intel&PIN=&REF=&dbGUID=29D3CA22-240C-4BFF-80F3-4619CCFC83B0&

Folsom Event Details:

June 13th 2013 8:00 AM - 2:00 PM
Intel Corporation
1900 Prairie City Road Building FM-7
Folsom, CA 95630

Folsom Tour Event Topics:

The Future of Enterprise IT – Enabling New Uses, Trends and Technologies
     Presented by one of Intel IT’s Client Technology Evangelists
     IT organizations must define and drive the right balance between their
     employees’ expectations and their companies' business objectives, and then
     look for opportunities to implement solutions that address tomorrow's
     needs as well as today's challenges. What are the new disruptive
     technologies or mobility trends that IT needs to prepare for? How does
     security need to change to meet the needs of the new IT world? How are
     generational culture changes impacting the IT organization's response to
     IT consumerization? And finally what are the skill sets your IT shop
     should be focusing on moving forward? Models like BYOD and COPE are addressed
     as well as infrastructure impacts.

Intel IT Cloud Journey and Overview
     Presented by one of Intel IT’s Cloud Enterprise Architects
     Cloud technologies are moving at a rapid pace. Enterprises are wrestling
     with private vs. public vs. hybrid cloud solutions. The need for high
     levels of customizability, flexibility, and agility will drive many
     enterprises to the public cloud. The foundation for this vision will be
     defined by an open approach that delivers best of breed technologies +
     flexibility + choice from data center to client. This session will cover
     the cutting edge cloud progress that Intel has made internally within our
     own IT organization as well as what to expect in 2013.

Cybersecurity Briefing: Trends, Solutions and Opportunities
     Presented by one of Intel’s Enterprise Technologists
     Inadequate security remains the number-one concern about cloud computing.
     Find out what Intel is doing now to manage information security and risk,
     learn the rationale behind Intel’s 2011 acquisition of McAfee Inc., and
     discover the new opportunities this collaboration brings your company.

Deploying Microsoft Windows* 8 in the Enterprise
Presented by one of Intel IT’s Business Client Product Line Managers

Culture's impact on Innovation

webadmin@intel.com — Thu, 11 Apr 2013 22:32:24 GMT

In my initial overview, I stated that I felt that there were 3 items necessary for innovation. The first, the resources, I covered in my first entry. This one is geared towards the second which is the Culture to support innovation.

THE CULTURE

It is easy for many organizations to say that they support innovation. They discuss how they are going about it and how they are providing some resources towards the effort. But when you pull back the surface, you find that they are not really supporting it. Their reward systems that do not support innovation just stifle it. They have review systems designed to ensure only completed projects and programs are recognized and they only reward success. Lastly, they only look at today's results and not towards the future. The talk says "go innovate," but the walk clearly supports only taking risks that will ensure success.

By only supporting the incremental improvements within the organization, we take no risks. This will force teams to think about small next steps and will in turn hamper our organizations ability to drive innovative thinking. This keeps us away from the art of the possible. Here at Intel, we use possibility thinking in order to keep the innovation going. Possibility thinking is starting with a clear definition of where you want to be and then spending time trying to figure out what has to happen to make it true. Not focusing on the next single improvement, but rather the whole picture first. This frees us from the constraints of the current system and processes and allows for a more open field of possible routes to get to a solution. I like to think of it as the difference between a great sprint hurdler and a fair one...A great one focuses on the finish line and the hurdles are where they know them to be; a fair one only focuses on the next hurdle.

This helps set the mindset, but does not always lead to success. In order to drive towards innovative thinking, failure has to be an option. Understanding that the lessons that you learn from failure leads to success is the key to any learning organization. When you are a child, you do lots of things you should not, but through learning the hard way, you find the paths that work. Within companies, we need to do the same. If every project was exactly the same, every issue was exactly the same, all the same people were involved and no human error possible, then maybe we could follow exactly the same method to get to the same result. But in my experience, that is seldom the true. Budgets are different, new people come onto the projects, new businesses are being driven, new capabilities are desired, and these force us into coming up with new capabilities and solutions. Also, in my experience, any successful project or innovation is made up of lots of failure to achieve the results. Support of these failures is critical to their ultimate success. Innovation happens more frequently.

Support of failure does not mean that you need to build out a new reward system that provides monetary compensation for each failure Congratulations Bob that is your third failure this week, here is your bonus!" It means that you recognize it, don't spend time looking for who is at fault and penalize everyone, but focus on what was learned from the failure and how to overcome it. How can you avoid it in the future and strive for better results? This is one reason that small companies or newer companies can innovate faster in many cases. They do not have the time to search for all the guilty parties and punish them in their reviews, they have to continuously evolve and deliver quickly, which forces them to adapt and learn from these mistakes. They are also very focused on the goal and not always married to the path to deliver. This frees them from the constraints and allows for more dynamic approaches.

The third, and hardest part of innovation culture is to simply stop things. When innovations are not panning out, delivering the results expected, or driving to the capability you thought, you need to stop the work and simply move on. This is much harder for people and organizations to do as any innovation begins with a passionate individual or group that truly invests in the direction. Stopping this is a bit like stopping an aircraft carrier in that it takes time and much directed energy to stop. While very difficult, it is a critical step in managing those critical resources you have directed towards innovation.

Here in Intel IT, we build stage gates to manage our ability to stop things. We look at innovation in four steps:

1. Basic Research - Where we are scanning technologies, futurists, research companies and some universities for leading-edge thought on what we might want to work on next. (10% of our time in IT Labs, with no expectation of yield)

2. Proof of technology - Where we bring in capability and test our hypothesis on whether this will work to help us solve problems (30% of our time, with an expectation of about 50% yield)

3. Proof of concepts - This is where we know what we would like to solve based on the capabilities we discovered in the proof of technologies, and we assign goals to the business case and test in live situations (30% of our time, with an expectation of about 60-70% yield)

4. Pilot/transfer - This is where we work with our services delivery groups to do the final proof and production implementation of the capability (30% of our time, with about a 90% yield)

Our process is completely supported by our reward system and our culture to ensure that we focus on our big business problems and deliver solutions to help move us faster. We also are lucky that here at Intel, innovation is in our DNA. We keep in mind some wise words of one of our original founders, Robert Noyce.

Don't be encumbered by the past, go off and do something wonderful! - Robert Noyce

In my next entry, I will discuss the problems and how you need to think in order to guide any innovation process.

Information Security – it’s not only about the technical controls!

webadmin@intel.com — Thu, 11 Apr 2013 20:49:41 GMT

Security means many different things in different contexts. With Information Security, it should be about protection of an asset from a known threat. But many times there are biases to security solutions based on controls that are predetermined. The most important questions that should be asked before the how part is defined for a security solution are;

Why is there a need to establish security? It’s an important premise that you determine the value of information to your organization and to your adversaries.
Secondly, who are you protecting this information from? If one is to protect something, one has to identify what the threats are, so as to take appropriate steps to mitigate them.
Thirdly, protection or prevention is one aspect of security controls. Considere detective and corrective mitigating controls addition to preventative mechanisms that could fail.

Because of biases in specialty areas, there could be a tendency to emphasize specific technical controls in defining a security solution. This leaves a great deal of ambiguity and more fuel for fear, uncertainty, and doubt that plagues the field of protecting computer information systems. And as Matthew Rosenquist described in one of his blog posts last year when asked for one word to describe the biggest challenge in information security these days, he used the word ambiguity. While many security researchers are trying to find the latest security flaw, other security professionals are trying to determine how the next security tools provide better technical protection capabilities. But it’s important to realize that information security is not only about the technical solution, it should be a business decision first.

Information Security is not only about technical threats and so technical security controls should not be the first consideration for protection. Technology is often among several other countermeasures used to implement a security solution after defining what it is that needs protecting and from whom it needs protection. This is where administrative controls should be considered first so that the definition of what needs to protect can be defined through procedural controls. Some industries have policies, standards and guidelines that must be followed based on the type (classification) of information, but risk should be evaluated based on threats in context of the environment for which the information made available through processes, transferred, stored, or destroyed. A defense-in-depth strategy should be considered during the earliest stages of the development lifecycle but oftentimes there are changes to the environment that are made well after the deployment of a system or software solution that can introduce risk from new threats or greater exposure to existing ones. Before administrative controls are defined, a risk assessment should be completed to analyze the threats for which any system is vulnerable to.

The real value of a risk assessment is that some systems may process information that is not under industry regulations for protection but still have value to an organization. In many cases an organization will focus on risk from audit failures and apply most of the security dollars to mitigate risks defined by audit report because information classification levels require regulatory protection such as Sarbanes-Oxley Act (SOX), PCI Data Security Standard (DSS), or Health Insurance Portability and Accounting Act (HIPAA) just to name a few. But information of value does not only fall under classifications that have industry standards for protection levels. The risk assessment is a way to have dialog amongst the team and is helpful to communicate with management across the board for all information protection requirements becuase ultimately it is a business decision to implement security controls. Additionally, security controls can be protective but detective and corrective security controls should always be a consideration for a Defense-In-Depth security strategy. One strategy that is taking a more reasonable approach to increasing the level of information assurance is the focus on the threat rather than the vulnerability through the use of a Threat Agent Risk Assessment methodology developed by Intel. This approach places emphasis on what is reasonably possible from a threat perspective in order to address the most likely events.