With the old year grinding to a close and opportunities of a new year opening before us, it is a good time to take a moment and make some new year's information security resolutions. Some are good holdovers from last year and a few are new to the list. I think all are good practices to promote security and hopefully will keep a smile on my face throughout the year (no matter what cyber meltdown may occur).

1. Vigilance. Maintaining effective legacy security programs is critical. Loss of such capabilities opens the door to old, known, and well refined attacks

2. Embrace/Beware of disruptive technology. Double edged bleeding technology can be a blessing and a curse. It can reduce costs, increase efficiency, open markets, and change your way of thinking, but is also like walking into a darkened room in a horror movie. You never know what may jump out at you and in hindsight you may think "well that was painful". On the hot-list:

• Virtualization technology in all its glory

• Smart-phones and other PC OS/application based portable devices

• Social media sites, tools, and accompanying behaviors

3. Careful with my PII. Our Personally Identifiable Information (PII) is more important than anyone can measure. I will handle mine with care, insure others do the same, and simply say ‘no' more often than not, when asked.

4. Don't be a fish. Just say no to phishing and spam. Filters are wonderful but a few will creep through. If it looks suspicious, it probably is. Don't be shy, even with the weird stuff sent by people you trust. Just pick up the phone and call them: "Hey Ralph, did you send me this executable attachment via email?" Is it not that tough.

5. Give an effort for disaster preparedness. Regular backups and encryption are my friends. Nothing huge mind you, but at least apply where it makes sense

6. Choose not to be a victim and let common sense prevail. Two types of victims exist: those with something of value, and those who are easy targets. Therefore, don't be an easy target and protect your valuables

7. Talk and share security. We are stronger as a team striving for security, than alone. The bad guys are working together; it is about time we do the same. Talk about security and share what works or doesn't. Don't be shy.

Not rocket science, but most of the great ideas rarely are. Feel free to chime in and be heard. What are your security resolutions for 2008?

After over 10 years of engineering enterprise application hosting systems, my current assignment is as Product Manager of Platform Reference Designs (PRDs). PRDs define the technology, capability, and service standards blueprint for hosting platforms. Essentially, PRDs are the standard technology blueprints used to build hosting service(s). While the statement may appear to be a simple endeavor, the reality of successfully defining and managing hosting standards that support a large developer community is a daunting proposition. (I use the term developer community to mean a diverse set of developers who use a diverse set of tools and technologies to meet business objectives.) As with many areas where standards add value, balance must be maintained between the value of standardization and the value of flexibility that embraces innovation. I intend this blog to provide a vehicle to debate hosting standardization and solicit opinions to achieve the necessary balance.

Yesterday, standards could be effectively managed at the component level technology roadmaps, however as the availability and cost of new tools and technologies (components) has improved, server computing environments are not sufficiently homogeneous to achieve the efficiencies business demands. Hence, we have technologies such as virtualization that allow great flexibility while still achieving economies of consolidation. Virtualization however, does not necessarily improve the operational management costs of supporting disparate systems. It is still clear that a healthy level of standardization is required if operational costs are to remain in check. Standards must begin to be managed at the "packaged" PRD platform level vs. the component technology level to improve the operational efficiency of hosting services. Is this possible/realistic? Does standardization to achieve efficiency, at some point, sacrifice too much flexibility resulting in a loss in competitive advantage? My belief is that PRD platform level standardization is not only realistic, but necessary to ensure a supportable environment and that standards governance is key in ensuring flexibility and standardization remain balanced so that competitive advantage is realized.