IT@Intel Blog

59 Posts 1 2 3 4 Previous Next
Click to view Ilene's profile
1

Come join us!

The success of a security program is measured by an event that doesn't happen, so how do you know if you were successful? Matt Rosenquist, Intel’s Information Security Strategist will do a three-part series on Blog Talk Radio discussing the difficulties of measuring a security program.

Segment 1: May 20th at 10:30 AM (Pacific): The Problem of Measuring Security Part 1 of 3

Segment 2: May 29th at 10:30 AM (Pacific): Return on Security Investment - Intel Cast Study Part 2 of 3

Segment 3: June 4th at 10:30 AM (Pacific): Future State of Security Measurement Part 3 of 3


Our Blog Talk Radio segments are interactive and we will be taking live calls from listeners (Call-in Number: (347) 326-9831) and live chat over the Web.


What are your questions for Matt around security metrics?

1 Comments Permalink Tags: security, roi, rosi, rosenquist, information_security, matthew_rosenquist, cost_savings, corporate_security
Click to view Matthew Rosenquist's profile
6

Recently, security expert Bruce Schneier expounded security ROI figures were meaningless! Is it true? Well, yes and no.

The brutal truth.
Well respected information security expert Bruce Schneier recently provided a stark opinion regarding the value of ROI's.
http://www.zdnetasia.com/news/security/0,39044215,62037905,00.htm


In brief, Bruce stated security because numbers can be manipulated to justify anything.

He explained that the amount spent on a product can change significantly by simply playing with the equation.
"If the chance of you being attacked is one in a million and I change it to one in two million... I have halved the amount of money you should spend.
"I can make an ROI model say whatever I want. I could justify or not justify anything based on these very, very rare and very, very damaging events," he said.

Tell me it is not true!
I believe Bruce is both right and is delivering a message which is a little incomplete. His general message is accurate and shocking enough to garner the right level of attention. Most of the information security ROI's I have read were speculative, could not be validated, were impossible to reproduce, and had great latitude to provide results which benefit the desires of the author. Nowadays audiences are being provided ‘information' under the auspices of ‘fact', when in reality they are more of an opinion. Such valuation assessments are based on qualitative data versus quantitative metrics.

I blogged about the The Problem of Measuring Information Security back in August 2007

Awareness must be raised. I applaud Bruce in helping to make this happen. His message, as brutal as it sounds, is bringing to light a shadowy area in our industry. I think the follow-up message for audiences is to scrutinize and apply common sense to any ROI they come across. Understand the methodology and if it makes sense in their context. Lifting the curtain can quickly reveal a puppet master pulling the strings to artificially show value.

Like Bruce, I too have a jaded perspective. I have seen some WILD ROI's. Much of what I have read from security vendors is pure folly. However, just because most are fiction, it does not mean all methodologies are without merit.

Intel published a Whitepaper - Measuring the Return on IT Security Investments which is applicable to some situations. This method, far from being a silver-bullet, is a good start and has proven its truthfulness.

For any method, the accuracy should be scrutinized. Can it be validated, repeated? Was the method exclusively developed solely for self serving purposes from someone trying to sell something shiny? Does it make sense? These are the questions I ask myself.

On the bright side, many bright sharp people are working very hard to make the industry better and develop more rigid processes to insure both accuracy and confidence.

In the end, there is much work to be done in the information security valuation space. In the meanwhile, savvy consumers should be aware of the challenges and dive deeper into prospective ROI's and determine if they are ‘meaningless'.

6 Comments Permalink Tags: security, roi, value, rosi, information_security, optimal_security, model, risk, matthew_rosenquist, rosenquist
Click to view tamant's profile
0

Wouldn't it be great if we could buy an application and not have to worry about whether it was designed to run on Windows XP, Windows Vista, MAC OS X or some flavor of linux?

How about when you buy a personal computer you don't have to make a decison on whether it should come with Windows XP, Windows Vista, MAC OS X (don't you wish that was a choice today) or some flavor of linux - or nothing and you figure it out later?

What if every computer you bought came with a smal, highly efficient operating system that basically only acted similar to a virtual machine hypervisor, managing the allocation of resources to virtual machines (or applications). And by the way it was built into the "platform" supplied by the chip vendor and OEM's only aggregated components and added value where it counts - tools to better manage the virtual enviornments, as a peer process not as a "host" operating system.

This is the world that I would like to see evolve over the next couple of years (okay maybe 5).

Applications are compiled with the operating system extensions (purchased from today or tomorrow's operating system vendors) and sold as one package that runs on top of the thin/efficient operating system mentioned above. This way we as the consumers can worry about selecting applications and functionality and get out of the business of worrying about which operating system to buy - or worrying about which operating sytem the application will run on. We just buy the application!!! What a concept!!!

A nice extension to this would be to allow the ability to still have a more traditional "container" of applications for secure, managed interaction between applications and for providing a policy managed environment. But the applications should still be the same apps I buy to run independently - So how about an install option - standalone or in a "container" or ???

Now that would be cool.

0 Comments Permalink Tags: client_architecture, software_development, virtualization, alternate_compute_models
Click to view Tim Casey's profile
1

In the summer of 2002 I received a phone call from one of Intel’s senior information security experts, Brian Willis. Brian had just returned from an event in Washington D.C. that he was very excited about. Gartner and the U.S. Naval War College had hosted a three-day seminar-style war game called “Digital Pearl Harbor.” The purpose of the war game was to involve industry for the first time in investigating the possibilities for catastrophic attack of and through the U.S. internet system. They had invited a number of private corporations to participate in this new methodology, and Brian attended as Intel’s representative.

At the time I was working on some risk modeling techniques, so Brian figured I’d be interested in what he had learned. He called and started with, “We have to do this!” He described the event and the possibilities he saw for Intel. The event was very successful and provided much valuable information to the sponsors as defenders, but Brian saw a different aspect. As an “attacker” in the game, he saw how easily and dynamically the attackers in cyberspace were able to build their own systems, business as well as technological, and emphasize their own priorities. The visibility that the game gave into this process came as a bit of a surprise to him and other participants, and Brian recognized how valuable this perspective was to understanding risks facing any defender.

So we decided to stage something similar at Intel, but focusing on the attacker viewpoint rather than the defenders. Although this is somewhat different than a classical war game, we kept the basic process (and the name “war game”) to keep it different from other risk assessment methods. It wasn’t easy to come up with our own game. At the time, there was very little about war gaming that wasn’t based on military objectives, and it was almost all from the defender’s point of view. I even called the U.S. Naval War College; they were very interested and supportive but had little they could share. But through the collective effort of many people, by the summer of 2003 we had put together our own Intel Digital Wargame. The game event itself lasted for two days, and involved nearly every Intel business unit organized in six cells spread across three U.S. cities. It was wildly successful, beyond our expectations, and all the participants said it was exhausting but also both the most instructive and the most fun event they had attended in a long time.

Since then, we have conducted a number of smaller games and continue to have good success with the process. Along the way we have refined it, although we consider it still very much a work in progress. The paper published here is a detailed description of our current process. If war gaming sounds interesting to you, or you are already doing something similar, I hope this will be of use to you. In any case, I would like to hear of your thoughts or experiences or best practices in this area, as we are always looking to learn and improve.

Wargames: Serious Play that Tests Enterprise Security Assumptions

1 Comments Permalink Tags: war, game, wargame, information_security, corporate_security, security
Click to view BrianMcCann's profile
1

Hello community,

Since this is my first blog on this site so I thought it would be nice to introduce myself. My name is Brian McCann and I'm an Automation Engineer at Intel that focuses on platforms support. In short this means I'm in the trenches everyday supporting Intel's manufacturing environment. This blog is going to be focused on sharing my tools and best practices when managing a server environment, it is not going to be a sales and marketing blog...sorry to disappoint. :-) My interests are hardware and software...in fact I'm a little biased toward Microsoft since I've supported Microsoft environments for some time now. If you want to find out a little more about me feel free to visit my other blog where I focus most of those blogs on Active Directory. Hopefully you'll like what you see here and come back for more.

Today I wanted to share with you a tool that will help simplify the management of your servers...especially if you have a lot of servers to manage like I do. Its name is VisionApp Remote Desktop and it is a great freeware program to manage Windows servers. I've always disliked the built-in MMC snap-in Remote Desktops. It is a very simple tool that is only good for managing about ten servers. Like you, I manage way more than ten servers. This tool has the following benefits to help you manage those remote desktop sessions:

  • Sort Servers Alphabetically (This made me so angry that I couldn't do this with Microsoft's Remote Desktop MMC. When you have to manage a lot of servers it is a pain when you add new ones that follow a naming convention that now fall out of order)
  • Create folders to help sort different types of servers (I created folders for my Production, Integration, Development and Virtual servers. This has made it extremely easy to find what I'm looking for.)
  • Tabbed Remote Desktops (Tabs are huge right now and this tool takes full advantage of them. I can now open several different types of servers from different folders and access them via the tabs on the top.)

Hopefully this tool relieves some of the stress you have when managing your environment. I have plenty of tools and best practices stored up so let me know what you think about them. Also if you have any questions please don't hesitate to ask.

1 Comments Permalink Tags: servers, server_management, remote_desktop, tools, best_practices, brian_mccann
Click to view Doug Garday's profile
1

If you invested one dollar and it returned 10 dollars, you'd think that was an excellent return wouldn't you? So what if you could get this same 10X return on energy? An industrial heat pump system called Heat Recovery where an additional 100 kW of power used returns 1 megawatt of heat energy.

This return or ratio of energy in vs energy out is called Coefficient Of Performance (COP). A resistance heater uses 1kW of power to produce 1kW of heat, providing a COP of 1. Residential Heat Pumps are efficient but very dependent on ambient weather conditions and produce less usable heat when outside conditions are colder. So how about a system that works at a COP of 10 regardless of weather conditions outside?

I hope you have seen our discussion on whether the data center is green or efficient Greening Data Centers or Make 'em Efficient? but either way you slice it the data center consumes energy. How can we reuse that energy for other purposes? Check out Part 1 of a two-part podcast (look for this next week) that describes how we have designed a system to capture the heat coming off all the equipment in the data center and recycle it to heat offices and warm water for cafeterias and other domestic water purposes.


Check out the brief for more details Data Center Heat Recovery Helps Intel Create Green Facility.
Update: Part II of the podcast series is now available Part II: What if you invested a dollar and it returned 10? This is where I get into discussing the numbers and the total cost of ownership.

1 Comments Permalink Tags: power, green, data_center, data_center_cooling, heat_recovery, cop, data_center_power, energy_efficiency, energy
Click to view GeorgeClement's profile
0

Just finished my green belt project analyzing how effective web analytics is in identifying applications no longer required by IT (and should be archived) . the project went well I had some interesting data to show for it and it def drove a decision.

I'd have to say that LSS gave me some new tools to use. The templates we use internally are ok but If I was outside I'd probably stop by http://lssacademy.com/downloads/ and check out their C&E and FMEA.

Some advice to others looking to start a GB project I'd like to mention a couple of general things I learned from setting up and running mine:

  • Don't boil the ocean - Improve an existing process as your green belt project.
  • Use Six Sigma tools to measure process output and identify where failures impact results (FMEA, C&E, etc).
  • Apply Lean Thinking to a step that has a lot of failure.
  • Measure improvement using Six Sigma tools (remesure your failure rate / speed / or what every you has as the cause of your failure).

0 Comments Permalink Tags: lean, six, sigma, it, roi
Click to view John Simpson's profile
2

Up to this point I have covered Application inventory as a cost savings initiative followed by a discussion of Application inventory starts with a definition, and finally Application inventory, what do you capture?

Following the natural progression of:

  • Why inventory
  • Boundaries of what to capture
  • What to capture
  • How to capture

The "How to capture" is not a simple task completed in a week or two. For a company our size this task is still ongoing after fourteen months. And our progress shows us that we will need at least till the end of year to approach some semblance of sustainability. By sustainability I mean that the information, process and people will be in place to keep the data in a fresh state so that true data-based decisions can be made at near real-time.

Every day the clarity of our inventory gets sharper and sharper as we identify and pull in the data owners. The quality of the information becomes more focused as more of the profile is filled out. There are internal systems that are starting to rely on the data we have captured. That data is being transformed into true business information which has value and can be used to make the right decisions at the right time. At times, it still feels like an uphill battle. Each day we stand side-by-side with those who see the value and push on the back of our partners as we slowly progress up the hill.

Now knowing the definition and what data we want to capture we could have progressed in a multitude of ways:
  • Distributed work-load, individual owners
  • Focused work-load, our team owning (interviewing)
  • Centralized gathering (combination of above, driving people to a single location)

We chose to adopt the creation of a simple to use, centrally located (Intranet Application), that stored the data we needed. As mentioned in the past, we did our analysis by looking at applications on our enterprise that already contained the types of data we were interested in. What we discovered was that none of them had the flexibility to store the additional information nor the development resources to alter their systems. This pushed us to obtain permission to build a new application.

At this point you may be saying, "You built an application to reduce the number of applications?" Sometimes it is necessary to do the wrong thing in order to do the right thing. It would have been too easy to drop a spreadsheet out there and start gathering information. Short-term this would have cost the least and potentially would have allowed us to get part of the way there. The issue is the long-term sustainability and trust that comes from a solution like that. We would have security concerns, updating collision as well as the reduced ability to share the data easily with other applications.

Yes, we built a new application, using two people, in four weeks. Since implementation started we have supported weekly releases while expanding the data being captured, the usability for customers (and consumers) as well as enabling the removal of the majority of those other systems with parallel capabilities. We have great internal hosting solutions and have been operating non-stop since December 2006.

Our goal is still to do the right thing and properly manage our inventory through reduction. We were instrumental in providing the information and process needed to remove over 500 applications (and associated hardware) from our environment since we started our process.

In my next entry I will talk about some future enhancements to get us through the next year and the further reduction in application inventory we are charged with. Perhaps its time to start looking at how our original analysis for "Low Hanging Fruit" was successful and now we find ourselves making hard decisions in order to continue refining our inventory.

Have you had similar issues at your company? Do you currently have this challenge before you? I'm curious to hear some of those challenges and potential solutions.

2 Comments Permalink Tags: value, software_development, application_inventory, cost_savings
Click to view tamant's profile
2

Some general thoughts and ramblings on application streaming - where it is better than web applications and where it might not be.

Application streaming is an interesting technology - you can create a client rich application with sophisticated graphics and processing and yet have a high degree of security and the benefits of server side manageability. In my mind this is the best of two worlds. On the one hand you can leverage the full strength of the latest processors and graphics cabilities and on the other you can manage security and upgrades quickly and efficiently.

The application doesn't go through an install process on the client so you eliminate some of the problems associated with different people installing the same application differently. The installation can be "isolated" to protect against conflicts (in some cases this provides backwards compatibility) which also raises some challanges, although this also provides some "challenges" for the integration of mulitple applications on the same device.

Upgrades are simple and guaranteed - since you only upgrade the server and anyone using that application gets the update at next use, true for security patches as well. For those that are using the applications offline (which you can do, try that with a web app) they will get the update the next time they connect to the network.

Streaming (some products anyway) provides a means for license management, so perhaps you don't need to own as many licenses as you thought by tracking concurrent usage and preventing over subscribing. This is can be important for some expensive purchased applications.

Streaming applications are also not subject to the multitude of exploits that are written to attach web browsers and web applications. I believe that for corporate applications they are safer and easier to protect. That alone may be reason enough to justify moving in this direction.

One area where web based applications COULD be better is if they are written to work on multiple platforms with multiple browsers (such as Windows and OS X). However in practice this seems to be seldom done, most apps are still written for one environment or the other and it's more of chance that the application works in the other environments. This could be a big plus if developers would truly develop for the heterogenous world we live in.

Another is that with client rich applications there is often more database traffic being routed over the network between the client and the server infrastructure whereas in a web application the database traffic can be kept between the application server and the database server. This puts the onus on the application developer to take this into account when architecting their application. It can be done efficiently but it does raise that "old" argument and problem.

So perhaps it is time to look at how we develop applications and rather than swinging the pendelum back to all client rich applications, maybe we should be looking at a better balance of applications leveraging the best technology for the requirements.

Just a thought

2 Comments Permalink Tags: software_development, streaming, client, client_architecture, client, _management
Click to view Tomas Mcinerney's profile
2

So we are on the home run of deploying the new pilot cube
environment, in fact I’m on site helping supporting day one move in at our
third US site installation which has certainly been interesting. Flight over
went quickly, though at some points it was rather roller coaster (to the point
coffee was spilt on laps)

But I digress…


I wanted to discuss an item I have brought up before;
benchmarking. The project has moved on and worth asking some questions around.
Intel IT has used classic benchmarking applications to compare platforms when
going to RFP (using standard off the shelf applications) but we discovered this
testing wasn’t helping us improve the performance of our software on the client
it was simply giving us faster clients (not a bad thing) We were missing some
critical decision making criteria for evaluating newer versions of
applications, client builds or software tweaks (identifying performance improvement
or impact) As we drive towards more out of the box applications we will also be
using the tool to evaluate impact on the environment.


So we kicked off a project to begin recording certain
productivity metrics to evaluate user perception performance; not necessarily
aimed at just understanding how fast each client is; but more what impact it
has to users


Some of these timing metrics include


  • Time into operating system
  • Time into email application (first email)
  • Time into first instant message conversation
  • Time to first spreadsheet/document application

Once changes are made to the client build or application
stack an impact is recorded through the metrics. This means we can start to set
goals and performance targets (10% faster build in 3 months…etc)

We hope to publish this data with some fellow travellers to get
some indicators on quantify the overhead an ‘IT’ build compared to an off the
shelf build (we classify it as vanilla OS)


Are you recording productivity metrics to compare
applications and build generations? Any thoughts on if this data would be
useful to you?

2 Comments 0 References Permalink Tags: performance
Click to view Heath Buckmaster's profile
3

I've got profiles everywhere these days, and not just on the internet, but on the intranet as well. I'm sure we've all got a variety of external faces, whether on Yahoo*, MSN Spaces*, Facebook*, myspace.com*, LinkedIn*, or the myriad of other social networking sites out there.

But what about on the corporate intranet? It can get just as complicated there, especially if you are trying to find someone who knows something about something that no one in your organization knows anything about!

We're starting to see social networking tools for the enterprise show up in evaluations, and I really do hope we implement something within the company - there's incredible value in knowing that I could search for organization development and find a person who is in another division that did an OD project last year that's exactly what I'm trying to do now. But we're not quite there.

Right now I've got a pseudo-profile on my internal blog, another on our internal wiki, another on our document collaboration environment, another that's part of my email signature line, and I'm sure there's yet another floating around somewhere. If someone wanted to know what I've been up to for the last 12 years at Intel, they would have to look around in three or four different places to get the full story, or just ask me for a copy of my resume.

Part of that is my fault - I just need to pick one place to keep updated and point everything else to it, but the problem there is that now I'm sending people to sites that might not be their PREFERRED location for social networking. As an external example, let's say you've got a personal blog on wordpress.org, but you've also got a myspace account and another on MSN Spaces. All three have blog functionality, which do you pick? Do you post to all three at the same time, or do you point people to one or the other? What if one of your friends prefers MSN Spaces, but you keep sending them to wordpress.org to read your blog?

It's profile overload! Not only do you have profile/personal info in 10 different places, but you're trying to communicate redundantly based on other people's preferences. Stop the madness!

I'm now to the point where I'm shutting down my profiles on sites that are just secondary or tertiary, and if people want to know who I am and what I'm wearing, they will go to the one site that has it all, because realistically, whichever site you choose will have another competitor in 6 months that everyone will flock to and add 500 friends they've never actually met before. In my mind, I'm seeing a group huddled together moving in unison from one corner of the room to the next as the latest social media site pops up.

Will it settle any time soon? I doubt it. There are many competitors that are getting into niche areas and offering more for your money (which in most cases is free). It's a challenge outside and a challenge inside. At least within the company you can create a "mandate" that says here is the site to create your profile and it's what the company is going to use.

Maybe some day everyone on the planet will have an ID number and their own website. I want to be 0100100001000101010000010101010001001000.com.

  • Websites and locations mentioned in this blog are trademarks and properties of their respective companies.

3 Comments 0 References Permalink Tags: social_networking, social_media, communities, profiles
Click to view John Simpson's profile
0

Up to this point I have covered Application inventory as a cost savings initiative followed by a discussion of Application inventory starts with a definition.

In our specific implementation, we started with a base set of attributes. Some of those were very obvious while others were necessary for managing some of our base enterprise capabilities. Items that were only captured in a 1:1 (one-to-one) relationship to any single specific application were:

  • Name
  • Description
  • Importance (a tiered level detailing the impact to our company)
  • Status (or state of the implementation)
  • Type (of application)
  • Manufacturer (if purchased)
  • Version
  • Owning Group
  • User Count

We also had some 1:M (one-to-many) related attributes which we cataloged in order to further build out the metadata for each instance.
  • Contact
  • Cost (develop, host, support, license)
  • Link (to external data)
  • Support
  • Technology

This was sufficient information for us to move along and begin consolidating data. As we engaged more and more teams and discovered localized stores of this data, our metamodel expanded to include a few more elements. Some of these also included associated increase in our own inventory tool capability. As this capability was implemented we were able to start turning off applications through consolidation (one of our key goals).

Additional Items (one-to-one)
  • Product Line (for ease of grouping and management)
  • Hosting Platform
  • User Description
  • Cross-Site Consumption
  • Customer Located External (to Intel)
  • Data Classifications (for information security and control)
  • Disaster Recovery Details
  • End of Life Tracking (legal and recovery data)

Additional Items (one-to-many)
  • Alias (alternate naming; the key to our success)
  • Capability
  • Component/Module
  • Customer Country/Region
  • Interface (consumption and providing)
  • Network Ports/Protocol
  • Product Testing (results, for future enterprise releases)

Many of them are specific to how we do business inside our company, however, you might find value in some of our learning's.

As I mentioned we discovered pockets of data and some little (and big) applications utilizing some of this data. It has become increasingly easy to implement an additional module that relates and consumes the data from the larger metamodel. From an architecture stand-point, we need to be careful not to develop this into a "jack-of-all-trades" application that does everything for everyone.

Up to this point we still only capture data (and functionality) that is related to the Application through direct relationship. As an example, we associate the application to what network port/protocol it uses, but not necessarily the network that is can pass across. We will capture the hosting platform name but not the specifics of that host. Instead we rely on interrelated systems to draw the larger picture of the whole enterprise.

Are we done?
Not even close. As noted in our Intel Information Technology 2007 Performance Report (page 12), this application and the associated capabilities we are developing is having a big impact. During 2007 we were instrumental in the end-of-life of over 450 applications. The metadata we capture and maintain have helped to identity instances of duplicity as well as opportunities where support and consumption have dropped to the point we can turn off the application.

In my next entry I will talk about how we were able to use two people resources and build an application in four weeks to solve this problem. Also how that solution has been running non-stop, for fifteen months with no downtime or impact to customers while increasing capability and usability while doing releases on average of every two weeks. Future posts will talk about some future enhancements to get us through the next year and the further reduction in application inventory we are charged with.

Have you had similar issues at your company? Do you currently have this challenge before you? I'm curious to hear some of those challenges and potential solutions.

0 Comments 0 References Permalink Tags: value, software_development, application_inventory, cost_savings
Click to view John Simpson's profile
1

Every software project I have worked on always started with some form of conflict and complicated interactions. This usually resolved itself through the use of a definition regarding roles and responsibilities. That definition kept people on the same page and helped everyone to understand who was doing what.

Now depending on when you happened to look at my job title over the last 13 years, you may have seen one of the following:

  • Software Engineer
  • Application Developer
  • Enterprise Application Developer
  • Software Developer

This means only that I moved from one department to another, however, the physical tasks I employed were the same. My output may have had a different installer/wrapper/output, however, it was the same. I designed, developed, tested and deployed an application into our environment.

When it was time to define the characteristic (metadata) of an application, we needed to start with definitions. Not only what an "Application" is but what "Software" is and how (if) it differs from each other and from an "Operating System".

This is vitally important because no matter who you talk to, they will have a difference of opinion in this area. Let me give you an example that we are currently dealing with. We are implementing a CMDB (Change Management Database) for our Service and Support organization. As our application data is pumped into that solution we had to decide whether it is an application or software. The CMDB definitions basically stated that software was the core items used to build a hosting platform whereas an application is the code hosted on that platform. A very specific definition for their very specific implementation.

Our definition was much more simple.
If it's coded, if you develop it, it is a software application simply referred to as an "Application". This can be developed internally or purchased. An application is not an operating system.
That means that everything running on our environment, that is loaded on top of an operating system, is an application and needs to be inventories. That also means if it is a web-based solution, with software code, hosted within a web-hosting solution, however, it is still an application.

We did draw a very discreet line in that we did not want to inventory certain things. Those are items that are "configured" inside of other applications. Item such as:
  • Web sites without dynamic content, hosted within a dynamic web solution such as Microsoft Sharepoint or created with Microsoft Frontpage or another WYSIWYG client.
  • Templates configured for an application.
  • Fileshare
  • Hosting Platforms (configuration of hardware and application software)

To put forth some simple rules, that people can evaluate their "Application" before attempting to add it for evaluation, we came up wtih some simple rules. It has to meet all of these with a yes response.
  • Installed on Intel (or contracted) hardware?
  • Initially used by more than one person (or application) at Intel?
  • Does this have (or has it ever had) a development/support team?
  • Does this have (or has it ever had) a development/release process?

This minimizes the possibility that we inventory applications that are sitting in a box, not installed on the environment. It also means that items we paid for, installed, licensed and such, are included. Whether on a server or on a client, we need to know about them so that we can work towards the simplification of our inventory.

Next I will cover how we have gone about gathering this data. Some approaches work well while others don't. Additionally, before you start gathering data you must have a solid review, maintenance and data quality processes in place or the data will be of no use for future analysis.

Have you undergone a similiar process? Are you struggling with doing this inside your company? Have questions? Let us know.

1 Comments 199,001 References Permalink Tags: value, software_development, application_inventory, cost_savings
Click to view Tomas Mcinerney's profile
1


For decades Intel employees have started and ended the day looking at the same gray/blue/brown (depending on your site) sound soak dividers. They provided solace and security, a place to get on with your work. They give you something to pin things to and space to hang your all important white board.

It's been the norm to start a ‘Meerkat' discussion with your neighbour, or throw foam balls to a team mate whilst a long call drags out. Cubes have been part of Intel's culture, as much as transistors and the bing bong.

This is about to change

I'm working on the IT side of a large project currently underway in the halls of several US sites. The project has one focus; challenge the way we currently work. Several organisation reports and visiting other companies have shown it's just not as effective for the employees we now have.

10 years ago people came in Monday to Friday; they worked in teams within the same geo or even exclusively on the same site. Teams or even whole groups sat near each other (from designers to manufacturers) they went to lunch together and all left for home around the same time.

This just isn't the case today. Intel's workforce, like many, is globally diverse. Your cube neighbour now manages a team out of the US that is working on a large project in Asia for delivery to a customer in Africa. These changes in workforce have had several impacts

People are not physically around as much: Technology at home has meant you can be as connected in the office as out of it. Wireless technology coupled with video and voice can mean employees can meet each other when cross over times allow.

When people are around they want to network, they want to use some flexible space to crunch a problem or perhaps hold private phone conversations

Private calls are not private any more, people want a smaller space they can make calls with remote managers

Because of these changes the pilots we are working on aims to re-enforce better facilitate those requirements. We are aiming to achieve this through several things

Smaller conference rooms designed for just one or two people. Enough space to sit and take calls, but not enough to be booked by teams. These meetings happen today but can hold up larger rooms making it harder for larger teams to meet

Deploying a more flexible IT environment allowing quick deployment and high demands. Mobile technology is something Intel IT has always focused on, here we are taking it a step further by using 100% wireless, even for desk areas (you can find out more about the primary wireless campus in our IT@Intel site) IT are also integrating phone services into the notebook to remove the need to have a desk phone. Those that specifically want to have a phone can also log into any handset.

Flexible, open zones to encourage quick white board problem solving, not so much about formally booking 60 mins of meeting time, just pulling around some chairs and working with the team around you

Free things like coffee and snacks are being introduced, again to encourage employees to come into the office.

At this stage employees can still choose to have a permanent desk, others have elected to be part of open zones, with no permanent home to call their own.

None of the things we are doing in these pilots haven't been tried and implemented by others - but this is the first time we are trying them with our employees; and as any good IT shop will tell you each customer group has its own requirements.

I will be posting updates as we see how the pilots develop.

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1244/IMG_0281-web.jpg

'Flexible areas' with lots of seating and snack areas

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1243/IMG_0282-web.jpg

Unassigned desks

1 Comments 0 References Permalink Tags: office, wireless
Click to view Heath Buckmaster's profile
0

Over on the IT @ Intel blogs, I talked about whether Corporate Blogs Really Matter some time back. Several of you provided comments and questions, and I wanted to take a moment to answer a couple of them.

Michael commented: "I like reading about what you are thinking about, and how you are making a difference in the lives of Intel staff."

On this topic, I did a two-part post on what we were doing to build a technical community within IT. You can check out these posts at the following links: Building a Community Within IT, and Lets Jam. Those posts are pretty extensive, and talk specifically about how we're making a difference in the lives of IT employees, so I won't repeat that here.
Yvan commented: "I would like to hear some of the management problems you encounter when doing your job."
Here's a specific one that has been a challenge - Many of the employees who post here on the IT @ Intel blog are not directly part of the IT @ Intel program, and therefore don't have social media/networking as part of their job description. That means we have our normal jobs but also participate in this stuff on the side. Making the time for posting and commenting is one thing, but being recognized for it is the bigger challenge. How do you make sure that your manager sees your blog as strategic for Intel and not a waste of time that takes you away from your job?
I've personally been very lucky that part of my job is focused on community development (you can read about that on the links above). On my annual performance review I have an entire section of accomplishments that are directly related to work I've done in support of social media. My manager didn't ask me to put it on my review, I did it because I felt that it was important - but I still had to educate him about it and the value it provides to the company.
Sometimes middle and senior management just don't "get it". Unless they themselves are participating in the community they don't necessarily see the value it brings. To them it's just a diversion from what employees are actually paid to do. But what if the company saw it as a strategic advantage vs. a perk or side effort? What if the entire company, every employee all the way up to the CEO, was actively involved in being a spokesperson for the company?
Paul O., our CEO, is a blogger on our internal systems. It's not a weekly or monthly thing, but he does it, and it's something that employees appreciate and look forward to. Our CIO recently kicked off his first blog as an attempt to change the way he communicates to IT. It's been a huge success already. As soon as we start to see blogging as another form of communication like using the telephone, sending an instant message, or walking down the hall and speaking to a group of people, then it doesn't become a diversion/distraction, it becomes part of your life/job.
Personally, I hate talking on the phone - I'd much rather have someone communicate to me via an email, a blog post, or a face to face conversation.
The way that we communicate as people is changing - blogging is one of those new ways. Making the switch from tapes to CD's was a big change; rotary to touch tone changed the way we dialed; learning how to send a text message instead of calling someone was huge; what's the big deal with blogs and forums??

It takes time to educate management on the value of social media, and it takes time for them to formally recognize it and make the time for it. But if you can get there, and you can start to use social media as a strategic advantage for your company, then you've got it made. It just takes the time to sit down with your boss and say - "Here's how my participation in this activity is adding to Intel's bottom line. And here's how it helps me do my job better." Speak their language, and the change will happen.

Keep the questions coming - let us know what you want to hear about as it relates to IT @ Intel.

0 Comments 0 References Permalink Tags: social_media, social_networking, creating_change, community_building, it@intel, influencing_management, strategic_advantage
1 2 3 4 Previous Next