Home > Intel Communities > Open Port IT Community > IT@Intel > Blog > Tags > it
Up to Blog Posts in IT@Intel
1 2 3 Previous Next

IT@Intel Blog

38 Posts tagged with the it tag
Matthew Rosenquist
2

Russell C Thomas delivers a great post on How to Value Digital Assets.  It covers many basics and more importantly gives a good direction to take while spotlighting common pitfalls in the valuation journey.


“This tutorial article presents one method aimed at helping line-of-business managers (”business owners” of digital assets) make economically rational decisions.  It’s somewhat simplistic, but it does take some time and effort.    Yet it should be feasable for most organizations if you really care about getting good answers.  Warning: No simple spreadsheet formulas will do the job.  Resist the temptation to put together magic valuation formulas based on traffic, unique visits, etc.”

 

Definitely a good read for anyone wondering where to start the valuation process.  I especially like the Three Principles section.  He makes a logical separation between assets which provide direct revenue (Class 1) and those which are in a support function (Class 2).

 

As follow-on, I believe some other aspects may be covered under the Class 2 section including liability avoidance, direct efficiency gain, life safety, and regulatory compliance.  In certain cases we must apply a different method to determine the value, outside what has been explained.  As management may be willing to replace or upgrade, but typically such investments must have a positive ROI, therefore they provide much more value than the replacement/repair costs.

 

Years ago I had a stimulating conversation with the late (and some would say infamous) Dr. Bill Hancock.  Bill had trudged through the information security swamps for decades and had a unique insight to valuations of vulnerable systems, particularly single-points-of-critical-failure.  He recanted his experience evaluating an airline’s security and discovery of a minor system which was largely ignored, a weights and balances server.  Apparently when planes take off, the distribution of weight must be calculated to insure they don’t become giant ‘lawn darts’ (Bill’s colorful description) at the end of the airfield.  A data integrity compromise of this system could cause catastrophic consequences, leading to the end of the business.  Who would fly on an airline which had several take-off crashes in a single day?  It would be the critical factor to likely cause the airline to no longer exist as a viable business.  Although this was a support system, the integral value was far beyond the cost of the equipment, software, and support.

 

Secondly, the blog is written with the assumption the assets are already in place.  Thus, in a perfect world, a proper ROI/justification has already been made to assist the decision to acquire and land these assets.  But what if a decision to purchase or not, is the objective?  The Class 2 method then becomes circular.  The value is the expenditure management is willing to invest?  How do they know?

 

Overall it is a great blog.  I think it would be helpful if the author could give an example for a medium sized enterprise, with particular focus on Class 2 areas (specifically security or safety assets).  Hopefully he is willing to post such details.

2 Comments Permalink Tags: security, roi, rosi, information_security, optimal_security, model, matthew, rosenquist, asset, value, risk, matthew_rosenquist, intel, it, it@intel
Matthew Rosenquist
0

No.  Just the people who use them.


Passwords of reasonable strength (8 characters or more consisting of upper/lower case and special keys) coupled with timely expiration, are secure.  Passphrases with comparable measures are equally secure.  The systems and users are currently the weakest links in the security chain.  Security Chain.jpg


The interfaces and tools which we input the passwords may be vulnerable.  This includes but is not limited to key-loggers, sniffers, input redirections, etc.  But it is the user, where the most significant weakness exists.  They can be duped into divulging their passwords (phone, web, chat, email, etc.) and in many cases make them available in other ways (sticky note under the keyboard).


A recent Newsweek article covered the topic of building a better password:

"...a short but hard-to-remember string like "J4fS<2" can be broken by what is called a brute-force attack (in which a computer attempts "a," then "ab," then "abc," and so on) in 219 years, while a long but easy-to-remember phrase like "du-bi-du-bi-dub" will stand for 531,855,448,467 years. (Two hundred nineteen years is actually very good, but the lesson remains: simpler can be stronger.) The idea of passphrases isn't new. But no one has ever told you about it, because over the years, complexity-mandating a mix of letters, numbers, and punctuation that AT&T researcher William Cheswick derides as "eye-of-newt, witches'-brew password fascism"-somehow became the sole determinant of password strength."


The difference between passwords which can be cracked in two-hundred versus a billion years is immaterial if users are forced to change passwords every few months.   The bad guys just don’t have the time to crack the password before it is changed or the data is sufficiently aged to not be of value. 

To undermine cracking attempts, we force users to use 'strong' passwords so that dictionary attacks are fruitless and threat agents must resort to a laborious brute force attack, trying massive numbers of combinations in order to be successful.  All passwords can be cracked via brute force, but it takes time.   It becomes an exercise in how many attempts can be made over a given period.  The faster the process the more combinations can be tried and therefore the shorter the time to discover the one which works.  The length and possible characters determines the number of combinations.

Undermining the strength of a password is not the biggest concern.  It is far more likely for a password to be sniffed on the network, captured on a system, or duped from a user, rather than be cracked.

The most significant vulnerability is with the user and systems where passwords are entered and stored.  There is no practical benefit to further abuse users with new diabolical password schemes.  We should pay less attention to stronger and better password formats and instead invest in better behavioral controls, user education, and the strengthening of system and interfaces.

0 Comments Permalink Tags: value, information_security, rosenquist, it@intel, password, optimal_security, model, risk, matthew, intel, it, threat, vulnerability, security, matthew_rosenquist
Matthew Rosenquist
0
With a painful taste of irony, it was recently reported that the Ministry of Defense's (MoD) manual explaining how to prevent leaks, was itself leaked. 

Source: The telegraph.co.uk

 

"The Defense Manual of Security is intended to help MoD, armed forces and intelligence personnel maintain information security in the face of hackers, journalists, foreign spies and others.  But the 2,400-page restricted document has found its way on to Wikileaks, a website that publishes anonymous leaks of sensitive information from organizations including governments, corporations and religions."

 

Is this a fluke or is the world suffering from abhorrent information security practices, culture, and capabilities? 

 

YES, the world is terrible at securing data!  Yes, you and I are part of the problem!  Yes it can be fixed, but it is unlikely unless dramatic steps are taken!

To hear my full rant and opinions, check out my blog/video "It is Time for a Data Security Revolution!"

Is data security really that bad?  What do you think?  Don't be shy.  YOUR data is at risk too.

 

 

 

It is Time for a Data Security Revolution!

0 Comments Permalink Tags: value, information_security, risk, it@intel, information, roi, rosi, intel, security, model, matthew, rosenquist, it, data, optimal_security, matthew_rosenquist
Chris P_Intel
2

As I started my transition into a new job within Intel IT a few months ago, I discovered that one our internal IT strategic imperatives was “Partnership”.  I have to admit that at first I dismissed this a simply one of many standard business leadership terms that any organization could choose to operate on (I hope Diane Bryant, Intel CIO, is not reading this ).  However, I’m learning how critical partnerships are for a high functioning and value driven IT organization, both within the IT organization and between IT and the business groups they support.

 

With much of the focus these days on the lack of capital budgets limiting IT investment and innovation, I’m learning that a larger underlying barrier for IT organizations to enhance and maximize value inside their businesses, centers around the themes of trust, alignment and ultimately, partnership.  Organizational Silos inside any business create natural barriers to innovation.  Some silos exist naturally and others are self imposed.

 

Let’s look inside a typical IT organization where you are likely to find three functional areas: Architecture, Engineering, Operations.  These functions exist naturally inside most IT organizations.  Recently, I had an opportunity to talk about the inner workings of these functions inside an IT organization with Gregg Wyant, Intel IT CTO and Chief Architect.  These groups are designed to fulfill very unique roles in the IT organization and designed to create an expertise in these functional areas to maximize effectiveness within their chartered goals (chart below). However, if partnership (or at least an understanding of these different roles and goals) doesn’t exist across these groups the credibility of the IT organization can be at risk and the value IT delivers to the business undermined.

IT2ITpartnership.jpg

Imagine if the architecture group creates a vision that can not be implemented by engineering or was is cost prohibitive in the manpower or solutions needed to implement it operationally.  IT’s costs would rise dramatically and/or the architecture design efforts would simply be wasted.  Or imagine if IT never challenged the status quo operational processes and just continued to operate “the way it has always been done”.  If this happens, we would never improve business processes.  Obviously there is a balance required here and partnership across these disciplines can help an organization operate at a higher level of delivered business value and IT efficiency.  After completing a recent job coverage rotation himself, Gregg articulated to me the importance of IT to IT partnership across these disciplines and cross functional job rotations within IT.  The benefits help an IT organization maximize operational cost savings and service levels, react quickly to changing business and technical conditions while balancing and prioritizing investments for the good of the overall business - versus optimizing any one individual discipline or organization.

 

If we look outside the walls of the IT organization, we can also see how silos can negatively affect the business – this brings me to the subject of Server Huggers. 

 

A Server Hugger is someone who currently has or is demanding to IT that they have a physical server (or many servers) dedicated to their business function or department --> they want to touch it, know it is theirs and know that they don’t have to share it with anyone else (either in IT or another business unit).  Server Huggers can be individuals or business groups.  And in a world where most servers still run an average of 5-10% utilization, it is easy to see how these silo-oriented “server huggers” can create inefficiency in the business. To deploy virtualization (or accelerate the rate of virtualization adoption) inside any business, the business teams and IT often need to breakdown this silo’d approach and find ways to delivered required or higher service levels while running on shared, virtualized hardware resources. 

 

This was at the heart of a discussion I recently had around Intel IT’s strategy to accelerate virtualization inside our Office and Enterprise computing environments.  The first step in executing this strategy is to identify the target servers, document who owns them (if IT doesn’t – in many cases we don’t), size the new environment and convince the business owners that virtualizing is OK.  With demonstrated proof of concept virtualization ratios at up to 20:1 using the latest Intel Xeon 5500 based servers, our opportunity for savings is dramatic if we can rid our organization of server hugger behavior.  With tops down support from IT management and an environment of partnership already established with our business customers, I believe we have a clear path to success.

 

Partnerships inside Intel IT can be seen in how we create and measure business value with our business partners, how our own IT organization encourages IT rotation and how we strategically align our IT planning efforts with our business plans. 

 

It is clear to me that our Intel IT Strategic Imperative of Partnership is much more than management lip-service … it is at the heart of our IT operational philosophy … and for good reason.

 

Good bye Silos!  Good bye Server Huggers!  … we have no use for you any more.

 

Chris Peters, Intel IT

Engage Intel experts in IT to IT discussions inside the IT@Intel community

Follow me on Twitter

2 Comments Permalink Tags: partnership, engineering, operations, strategy, 5500, business_value, intel_it, chris_peters, value, server, huggers, architecture, it@intel, virtualization, nehalem, xeon, cto, silo, it, cio, it_operations
Jimmy Wai
0

Watch Diane Bryant, Intel CIO, talks about the cash machines in data centers in this press breifing. Haven't heard about the amazing cash machines for your data centers yet?! Better check it out now: Installing Cash Machines in your Data Center

0 Comments Permalink Tags: it@intel, xeon, performance, power, energy_efficiency, intel, virtualization, value, cost_savings, intel_it, it, cio, server, data_center, xeon_5500, roi, case_study, jimmy_wai
Jimmy Wai
0

At a recent event our CIO, Diane Bryant, talked about our continued plan to replace old servers in our Data Centers (http://www.tgdaily.com/content/view/44213/135/). Here is a summary of her key points:

  • Not replaceing servers could have costed Intel $19 million due to high maintenance and cooling cost
  • Our plan of refreshing old servers with Nehalem servers will save Intel $250 million over 8 years

 

If you are an IT manager looking at where you can find extra dollar in your IT budget to invest in new technology, new innovation and new competitive capability for your organization, this must be good news for you! Moreover, if you do nothing, you are opening a hole in your IT budget.

 

Here is a recent white paper and a video we published to discuss our server refresh strategy and how we are getting the cost benefit Diane Bryant shared:

Realizing Data Center Savings with an Accelerated Server Refresh Strategy

 

We have also developed a Server Refresh ROI estimator so you can calculater the amount of savings you can get from these cash machines:

http://www.intel.com/go/xeonestimator

 

If you ain't satisfied, here is a video showing you how to use the estimator!

 

Go and install those cash machines into your data centers now! 8-)

0 Comments Permalink Tags: intel_it, it, it@intel, jimmy_wai, roi, server, server_refresh, nehalem, data_center, data_center_cooling, data_center_power, virtualization, energy_efficiency, intel, case_study, value, cost_savings
Jimmy Wai
0

Reading from news (http://news.cnet.com/8301-13577_3-10368956-36.html) today, a survey has shown that 54% workplaces block social networks completely. I'm glad to be in a company which is the 10% which allow social-network use at work so I can stay connected with my external partners and industry peers. It seems the debate on whether social media is a effective business tool or a productivity drain is still going on.

 

In Intel, we are embracing social media as a mean to transform collaboration in Intel. We see the opportunity out weights the potential risk. We are deploying a social media platform for our employees. You can find out more about our social media strategy from our recent white paper (Developing an Enterprise Social Computing Strategy) and the blogs from Laurie Buczek (Why Intel is investing in Social Computingand Intel's Enterprise Social Computing Strategy Revealed).

 

Personally, I think social media is going to repeat the history of email and instant messaging (IM) at work. Few years ago, there were skeptics about IM at work. Our CIO at that time, John Johnson, took the risk and deployed IM in Intel. Today, it's a productivity tool that I cannot live without. This morning I was troubleshooting a problem with a colleague waiting to broad a plane 16 hours away thru IM. I frequently talk to my colleagues around the world. They could be anywhere in office, at home, or on the road, when I need to connect with them. Whenever they pop up online, I can get hold of them. Without IM, life will be much more difficult and less productive.

 

I have been participating in a IT pilot program testing out Windows 7 in our environment. We have a Windows 7 group setup in our social media platform where we share BKM and help each other. I got workarounds from the forum for issues I ran into with the beta version of the operating system. I also contribute my findings and solutions back to the group. Together we are creating a rich knowledge base for the Windows 7 program team. The pilot users around the world were helping each other and saving each one of us a lot of time learning about the new OS, troubleshooting and finding workarounds. This is an excellent success story for social media at work. (Find out our Windows 7 experience here: The Value of PC Refresh with Microsoft Windows 7*)

 

What is your view of social media at work? Is your company putting up a strategy to adopt the technology?

0 Comments Permalink Tags: it, it@intel, social_networking, social_media, social_computing, strategy, intel_it, value, productivity, risk, jimmy_wai
Chris P_Intel
0

I just read this paper authored by some of Intel's IT experts in the area of client management.  As an employee of Intel, I am now a huge fan of these rock stars.  Why? because they were able, through proactive IT management practices, reduce blue screens inside Intel's employee base by over 50% in the last year (Q2'08 to Q3'09).  There are now 3,000 fewer laptop blue screens than there were a year ago --> that is a huge productivity advantage for Intel workers.

 

blue scree reduction q2'08 - q3'09.JPG

Issue Tracking, Pareto Analysis and use of new management capabilities and technologies like Intel vPro Technology were at the center of these capabilities.

 

Read about how Refael Mizrahi, Shachaf Levi and Jeff Kilford made my life as an intel employee a whole lot easier by Improving Client Stability with Proactive Problem Management.  You Rock!

 

Chris

0 Comments Permalink Tags: client, intel_it, it, it@intel, measure, value, vpro, chris_peters, blue_screen, business_continuity, business_value, productivity, employee, solutions
Chris P_Intel
0

    Last week I had the opportunity to attend the CIO Forum held in conjunction with the Insight 2009 Annual Conference in Orlando, FL.  While being held adjacent to Disney’s theme park, the theme of this event was appropriately titled “Vision Voice Value”.


    I spent two days discussing best practices, sharing lessons learned from Intel IT and comparing notes and strategies with leading CIOs, IT Directors, Managers and Administrators in the Health Care profession.  Our focus? ways to deliver and articulate the business value of IT. I had the opportunity to:


    • participate in a roundtable discussion of ~15 Health Care CIOs titled “The value of IT in improving financial performance
    • present to 50-60 CIOs on the business value of server refresh
    • present to 20-30 IT Directors and Administrators on using the Xeon ROI tool as a way to justify server investment


    One of the most thought provoking questions at the CIO roundtable that has stuck with me is … “How does your CEO (or your business customers) view IT?”  … as a cost center (necessary evil) or as a value center (strategic enabler).  While no one directly answered this rhetorical question, it was clear that our collective mission is to migrate IT from cost center to value center.  This migration will not be immediate.  It happens over time.


    To enable this transformation from cost center to value center, we concluded that the accountability remains with IT, as IT professionals and CIOs must individually and collectively demonstrate business value through our investments and establish are relationship of IT predictability, trust and credibility with our business partners.   These are core themes I have seen very visibly inside Intel IT as I began my journey to the center of IT a few short months ago.


    My second observation from this event reinforces some personal experiences I have had working with many other IT professionals in the past several months.  With the global recession and it’s impacts to capital funding, the need to justify IT investment is greater than ever – and the competition internally for capital $ is very high.  We may never go back to the way it was.  We have seen this inside Intel IT’ organization as well and as a result, created at server refresh savings estimator tool to share what we learned in justifying our investment a proactive server refresh strategy in 2007 and staying committed to that investment in 2009.


    I demonstrated the server refresh savings estimator tool at the event to both the CIOs and IT Directors / Administrators and the feedback was very positive (“session was well worth my time”).   Prior to the event, I also had the opportunity to work with Deborah Gash (CIO for Saint Luke’s Health Services) and her staff.  Debe provided a glowing endorsement of the tool (Thanks Debe !!) after demonstrating the business value from a project already completed and the in intent to use it for several future projects. I invite you to learn more about why we created this tool and how to use it.  If you have a question or want to give us feedback on how to enhance it – just let me know with a comment on this blog.


    My final thought comes from a blog written by Don Sears at eweek.  Don discusses about the need for IT to be right, accurate, credible and trustworthy is so important whether you are working inside IT or with IT.  Credibility and Trust is something that is hard to gain and easy to lose … so it is easy to understand why being right is key to working with IT.  Getting it wrong can have huge consequences.


    Join us at IT@Intel and share your insights on our shared journey to transform IT from a cost center to a value center for business.  I look forward to hearing from you.


    Thanks, Chris

    If you like this, follow me on twitter

0 Comments Permalink Tags: it@intel, value, efficiency, cost, credibity, cost_savings, intel_it, it, business, cio, server, refresh, justify, investment, transform, eweek, chris_peters, roi
Chris P_Intel
2

Yesterday I wrote a blog titled “Submarines, Stealth Fighters and Evolving Needs of Information Security in the Server Room where I discuss some new server technologies aimed at better securing data from hackers, viruses and new malware called rootkits.

 

After writing that blog, I began to think about the variety of levels by which information security is delivered.  To truly manage risk and provide information security for a business, you need many levels of controls and defenses. In fact, I learned that Intel IT has a Defense in Depth strategy for information security

 

Within Intel IT, every strategic discussion I have witnessed from implementing cloud architectures, deploying server virtualization and client virtualization, evaluating Windows 7  (more coming soon on our plans here), developing business intelligence and social media collaboration solutions, designing for security is a paramount factor.  Every IT solution must take into account aspects of information security – the risks of not considering it are too great.  There is a rich set on content dedicated to Intel IT’s approach to security solutions.

 

Of course the question for IT is how much is enough. Is meeting the minimum regulatory requirements sufficient – or should we strive for a higher level of protection – at what cost.  There is no formula here.  It is a delicate balance to match risk, investment costs and ROI to deliver sufficient information security protection.  Over-invest in security and you could be constraining business growth or restricting process improvement … under-invest and you risk exposure to information loss could be too high; or (worst of all) don’t innovate business processes because of worries concerning security exposure

 

It was only after taking our required annual IT security training mandated for all Intel employees last week did it really hit me that PEOPLE are our primary defense against information theft.  Within the Intel IT organization, I have found a huge focus on the value of our people – our subject matter experts.  From the engineers, architects and IT strategists to the training of all employees on the principles, expectations and tools we all need to use to maximize the effectiveness of what IT has put in place.  This was reinforced by a recent Gartner call I attended where the speaker proposed that people are our most agile and important asset.  I agree.

 

The bottom line: IT’s job is simultaneously deliver business value through innovation aimed at enabling growth, boosting productivity, maximizing efficiency and maintaining continuity.  This is what makes PEOPLE so critical because the balancing act is a question of IT governance – the formal means to evaluate, benchmark and decide how to balance these critical questions – in close collaboration with partner business units, HR, legal and senior management.

 

Technology can’t do it alone – we have to deploy technology with intelligence, purpose and controls.  That is only possible by enabling people to be trained, educated and empowered with the ability, tools and support to be successful. 

 

Do you agree?

 

Chris Peters

@Chris_P_Intel (twitter)

2 Comments Permalink Tags: it, it@intel, slealth, defense, security, technology, win7, intel, information, submarines, solutions, leadership, governance, people
Chris P_Intel
0

I hate fixing the roof.  In fact, I have been postponing a roof repair over my garage for about 2 years now.  I recently read an article by Peter Kretzmen titled “IT, The CIO, and the Business Need for Roof Projects” and realized that while I can put off my roof repair, IT may not be able to postpone routine upgrades. 

 

For businesses, technology refresh is a standard business process (ie a roof fix).  The question for IT often boils down to WHEN I should upgrade, not IF. Why? … because hardware technology ages, maintenance costs rise, and software solutions can become unresponsive or obsolete as business needs change, user needs evolve and new technology and software become available. In this economy, cost is king and reducing IT costs has clearly become a critical imperative.

 

My colleagues in Intel IT recently conducted two separate and independent studies on how frequent we should refresh our PC fleet and data center servers.

 

PC Fleet Management:  John Mahvi and Avi Zarfaty from Intel IT recently wrote a paper titled “Using TCO to Determine PC Upgrade Cycles”.  The conclusion of this analysis showed that a 3.5 year refresh rate was optimal for total cost management in our IT environment.  Despite the fact that delaying PC refresh this year was initially seen as a cash conservation approach, the analysis showed that not refreshing older PCs increased the business’s overall costs.  As a beneficiary of PC refresh (I got a new laptop a month ago ), I can also personally attest that my productivity has gone up.

 

Data Center Efficiency:  Matt Beckert and Diane Boyington of Intel IT recently published a paper titled “Realizing Data Center Savings with an Accelerated Server Refresh Strategy”.  This paper discusses Intel IT’s movement to a proactive 4-year server refresh cadence in 2007 and illustrates both the long term savings (up to $250M over eight years) and immediate benefit to the corporate bottom line ($45M saved in 2008). After plans to refresh our servers was slowed earlier this year to preserve capital funds, a re-assessment was done that showed that Intel IT could save $19M by refreshing now vrs waiting until 2010.

 

Just like you shouldn’t sleep in a house with a leaking roof … it is prudent to not let old hardware create a hole in your IT budget. In today’s economic environment, Intel IT can’t afford a leaky roof and so we are moving forward with proactive business client PC and Server refresh, proven approaches to reduce TCO and boost business value.

 

Chris Peters, Intel IT

twitter @chris_p_intel

0 Comments Permalink Tags: chris_peters, client, cost_savings, intel_it, it, it@intel, value, strategy, datacenter, data_center, roi, tco, roof, business_value, pc_fleet, economy, it_strategy, server_refresh, pc_refresh, refresh
Matthew Rosenquist
0

Think strategic.  Act competitive.  Be secure.

 

Everyone wants information security to be easy.  Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie?  Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

 

The key to fortune cookie advice is ‘common sense’ in the context of security.  It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

 


Fortune Cookie advice for June, 2009:

 

 

Strategy.gif

Think strategic.  Act competitive.  Be secure.

 

Security is a sustaining commitment where long term planning provides a distinct advantage.  Threats are derived from intelligent adversaries.  Success requires maneuvering in a competitive manner to remain secure.

 

 

 

 

Fortune Cookie Security Advice - June 2008

Fortune Cookie Security Advice - June 2008

Fortune Cookie Security Advice - August 2008

Fortune Cookie Security Advice - September 2008

Fortune Cookie Security Advice - November 2008

Fortune Cookie Security Advice - December 2008

Fortune Cookie Security Advice - January 2009

Fortune Cookie Security Advice - February 2009

Fortune Cookie Security Advice - March 2009

Fortune Cookie Security Advice - April 2009

Fortune Cookie Security Advice - May 2009

0 Comments Permalink Tags: security, it@intel, analysis, secure, matthew_rosenquist, information_security, openportpromo, model, threat, optimal_security, it, value, rosenquist, strategy, measure, corporate_security, intel_it, risk
Matthew Rosenquist
0

Optimal security must not only be attained, but also sustained over time.  A good security strategy must be forward thinking to understand how intervention and continual maintenance will be needed, then implement those capabilities as part of a complete service deployment.

 

Balance.gif

'Optimal Security' is the right balance of security spending and losses prevented where business acceptable losses are achieved.  It changes often and likely maintains different targets for the dissimilar parts of the entity.

 

Organizations are likely to mandate security expectations which typically manifests in a set of configurations, specifications, and operating standards.  The risk is these security controls may be relatively static and entrenched.

 

Establishing a baseline security is a good practice, but in order to remain effective it must adapt to changes in the environment by remaining dynamic to keep in lock-step with rapidly changing threats, vulnerabilities, and resulting exposures.  It must be a fluid posture, able to rapidly change based upon different internal priorities and external changes.  Sustaining business structure must be designed to continually predict areas needing modification and support design and deployment of those changes.  Rigid security postures lack the ability to remain effective over time and are likely derived by an equally rigid infrastructure which will struggle to adapt to new threats and changes within the organization.  Design security to be flexible and you enable the service to keep up with the continual changes in the information branch of security.

 

I recently spoke with an organization who had established a security posture which relied heavily on a hardened OS and application build for their systems.  At the time, they deployed a platform which took into consideration all the best configurations for hardening.  They were so confident they had satisfied security requirements they considered the problem solved.  They integrated the security design into their normal platform refresh cycle of system replacement every few years.  They never comprehended the fact they would need to continually update the build to compensate for changes in threats, new vulnerabilities and malware, and evolving business usage models.

 

The platform’s security, which initially was strong, began to quickly erode.  With no internal mechanism to identify when changes needed to be made, nor the testing and distribution capability, they soon found themselves in a situation where they were responding to individual incidents and changing systems one at a time based upon particular end-user needs.  This created inconsistencies in the builds which was more difficult to support.  Without proper forethought, the security team turned themselves into a firefighting organization, losing the initiative in the war of security.

 

This is one simple technical example.  The same holds true for the expanse of automated solutions and behavioral security controls as well.  Highly effective and efficient security strategies are forward thinking and understand how intervention and continual maintenance will be needed, then implement those capabilities as part of a complete service deployment.  Overall, the concept of ‘optimal security’ is one of fluid adaptations of controls to meet an ever changing target for risk acceptance.

0 Comments Permalink Tags: openportpromo, it, it@intel, strategy, model, rosi, matthew_rosenquist, information_security, corporate_security, intel_it, optimal_security, roi, security, value, risk, rosenquist
Michael Breton
0

 

Back in April I told you about a small proof of concept we were planning to measure energy use in the office environment and then use that established baseline to test different energy saving methods.  I thought it would be good to give you a quick status update on the work done to date.

 

The PoC is currently underway, and in fact, is nearing completion.  Like I mentioned in April, it is pretty small with just 12 users, but we hope the results will help direct what we might later try on a larger scale.

 

We started the PoC on Friday May 15th with meter loggers installed on 6 circuits monitoring energy use for the 12 users in the PoC every 3 minutes.  We ran the metering for 2 weeks before telling the PoC users to establish an uninfluenced baseline.

 

After setting the baseline, we split the 12 users in to 3 groups, each focusing on a different energy savings technique.

 

One group receives information on their energy use every 2 days showing how much energy they are using, what it is costing, and a few simple tips on how they might reduce their energy use.  Nothing is forced.  In this group, we are looking at how “Awareness” alone might change behavior.

 

The second group installed a 3rd party agent on their systems which allows us to enforce more restrictive energy management profiles than they might normally use.  The software also allows us to record time in state on each system, thereby providing a degree of “soft” individual system metering.

 

The last group had USB triggered power strips installed in their offices, connected to their docking stations, which automatically power off all devices in their offices that do not need to be on when they are not there.  We connected devices such as; task lighting, displays, and chargers to these strips.

 

We are in the last week of data collecting now, so stay tuned for some high-level results to be posted soon and possibility a full paper published later.

 

Please let me know if you have any questions or if you are doing or have done anything similar in your enterprise.

 

-Mike

0 Comments Permalink Tags: office_energy_use, energy, sustainability, it@intel, openportpromo, metering, intel_it, green, it, green_it
Soren Andersen
0

As a major global manufacturer Intel works constantly to improve its Supply Chain. Our ERP implementation and key projects are integral ingredients in the process of driving Supply Chain improvements. It was exciting that recently we saw Intel recognized as one of the top leading companies from a Supply Chain perspective. AMR Research published The AMR Research Supply Chain Top 25 for 2009.

 

Check out AMR’s Press release:

http://www.amrresearch.com/Content/View.aspx?compURI=tcm%3a7-43474&title=AMR+Research+Releases+Its+2009+Supply+Chain+Top+25

0 Comments Permalink Tags: soren_andersen, erp, intel_it, it@intel, supply_chain, it
1 2 3 Previous Next

Popular Blog Posts