This week is National Telework week. I’m working from home using WebEx video to collaborate with Cisco colleagues around the world.
My 3-day telework pledge will save me $81.90 in transporation costs and 122 pounds of pollutants for the week. If I continue the 3-day telework routine for a year, I will save $4,095 in transporation costs and 6,120 pounds of pollutants or 3.06 tons for the year. Imagine how much we could all save if every government worker and citizen was able to use network collaboration and video to work from home.
Also this week, the President members of the Pacific Alliance participated in the first Virtual Presidential Summit through TelePresence without the need to travel. During the 90-minute “Historic Presidential Summit,” the Presidents of Colombia, Mexico, Chile, Peru, Costa Rica and Panama (by telephone) were able to specify the fundamental points for the signature of the treaty for the “Pacific Alliance.”
There are many exciting video applications for government including:
Please let me know how you are using video apps in your government agency to cut costs and enhance services for citizens and constituents in your community.
Tags: Connected Government, Connected Justice, TelePresence, telework, video conferencing, WebEX
Organizations implementing Continuous Monitoring strategies are remiss if they are not taking into account the value of network telemetry in their approach. NIST Special Publication 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations provides guidance on the implementation of a Continuous Monitoring strategy, but fails to address the importance of network telemetry into that strategy. In fact the 38 page document only mentions the word “network” 36 times. The SP 800-137 instead focuses on two primary areas: configuration management and patch management. Both are fundamental aspects of managing an organizations overall risk, but to rely on those two aspects alone for managing risk falls short of achieving an effective Continuous Monitoring strategy for the following reasons
First, the concepts around configuration and patch management are very component specific. Individual components of a system are configured and patched. While these are important the focus is on vulnerabilities of improper configuration or known weaknesses in software. Second, this approach presumes that with proper configuration control and timely patch management that the overall risk of exploitation to the organization’s information system is dramatically reduced.
While an environment that has proper configuration and patch management is less likely to be exposed to known threats, they are no more prepared to prevent or detect sophisticated threats based on unknown or day-zero exploits. Unfortunately, the customization and increase in sophistication of malware is only growing. A recent threat report indicated that nearly 2/3 of Verizon’s data breach caseload were due to customized malware. It is also important to keep in mind that there is some amount of time that passes between a configuration error is determined and fixed or the time it takes to patch vulnerable software. This amount of time can potentially afford an attacker a successful vector. For these reasons organizations looking to implement a Continuous Monitoring strategy should depend on the network to provide a near real-time view of the transactions that are occurring. Understanding the behavior of the network is important to create a more dynamic risk management focused Continuous Monitoring strategy.
Network telemetry can consist of different types of information describing network transactions in various locations on the network. Two valuable telemetry sources are NetFlow and Network Secure Event Logging (NSEL). NetFlow is a mechanism that organizations can use to offer a more holistic view of the enterprise risk picture. NetFlow is available in the majority of network platforms and builds transaction records of machine-to-machine communications both within the enterprise boundary as well as connections leaving the enterprise boundary. These communication records provide invaluable information and identify both policy violations and configuration errors. Additionally, NetFlow also provides insight into malicious software communications and large quantities of information leaving an enterprise. Network Secure Event Logging uses the NetFlow protocol to transmit important information regarding activities occurring on enterprise firewalls. This is valuable data that can be aggregated with other NetFlow sources to bring additional context to the network behavior occurring.
Coupling the configuration and patch management guidance in SP 800-137 with an active NetFlow monitoring capability will provide organizations with a Continuous Monitoring strategy that is more system focused and more apt to fostering a dynamic risk management environment. Cisco will be discussing NetFlow, NSEL and other security topics at the March 21st, Government Solutions Forum in Washington, D.C. If you’re interested in learning more, click on the following URL:
Tags: 800-137, configuration management, Continuous Monitoring, cyber security, dynamic risk management, netflow, network secure event logging, NIST, Risk Management, vulnerabilities
How exactly are companies and cities going to successfully finance dramatic upgrades of urban connectivity? When will the financial engineers develop the tools which, when used, result in smarter and more prosperous communities where efficiencies are realized; where multiple urban systems are integrated; and where the return on investment shows up in improved local economies?
On Feb 1st this blogger took a first look at that conundrum, as part of a panel at The Cities Summit, —convened by The City of Vancouver. A few weeks later, I joined another group of leaders assembled at the second annual Conference on Sustainable Real Estate of NYU Schack Institute’s Center for the Sustainable Built Environment, where not surprisingly, the topic came up again, at the conference’s conclusion. Read More »
Tags: 21st century cities, Cisco, city transformation, green business, IBSG, Smart Cities, sustainable development, urban connectivity, urban innovation, urban planning, urban sustainability
Public Sector customers continue to debate the trade-offs of prioritizing lowest price switching, point product solutions, over designing and deploying Cisco network architecture solutions which provide a lower Total Cost of Ownership (TCO).
On February 23, 2012, Deloitte Consulting presented the findings of an in-depth research study that examines the operational, financial, and risk factors associated with the use of single-vendor and multivendor approaches in different types of complex networks which may be viewed here along with the report itself.
They key findings are summarized in the following 7 items:
- Within the context of total IT spending, the use of single-vendor or multivendor architectures does not present material cost differences on a long-term basis. Initial cost savings realized in multivendor network implementations are mitigated by the incremental operating costs over the life of the equipment.
- Enterprise networks are considered critical production systems, key to business operations. Networks must be managed with an appropriate operational risk perspective.
- Customers prefer a single vendor to be responsible for all network components and services. The operational risk associated with network support, not the cost, is the primary factor when influencing the decisions to use single or multivendor architectures.
- Staffing costs are not significantly impacted by the use of multiple vendors; it is more influenced by the mix of functions supported and the types of network services provided.
- Using products from different vendors can bring down initial costs for certain products, but adds higher operating risk in service, support, and operational integration.
- The use of multiple networking vendors introduces additional operational risk based on the need for customers to assume increased risks for integration, interoperability and support.
- When using multiple vendors’ products, customers frequently do not recognize the interdependencies of functionality, long-term costs, and impact on operational risks
And be sure to watch Director of Public Sector Systems Engineering, Dave West on youtube present his version of why low-cost, ” Good Enough” Switching is not Good Enough for Public Sector Customers looking for a reliable, secure, highly available, well supported and investment protected network.
Tags: dave west, Deloitte, good enough, multi vendor, network, pollock, public sector, report, tco, video
The Obama Administration is committed to building a 21st century government and the strategic use of technology will be transformative in making that vision a reality. Organizations are being challenged now, more than ever to balance limited technology resources and budgets with policies and user demands. However, savings is not always measured in dollars, but could include increased employee productivity, lower energy costs, and enhanced end user experience through improved service levels.
The City of Raleigh experienced these and other residual benefits firsthand as they worked to create a unified vision for technology. By leveraging a unified approach to voice, video and wireless solutions, they were able to revitalize downtown area businesses, the convention center, schools and low-income households. In doing so, they not only renewed interest in an emerging community, but recognized significant cost savings. The government network is better positioned to serve the needs of their constituents and businesses and continuously drive improvements for the city and its citizens. Individuals and investors have returned to the downtown Raleigh area and nearly 2,000 low-income households now have wireless internet connectivity. By leveraging the power of a secure, scalable and reliable network, the City of Raleigh has realized the benefits of connecting, innovating and saving, far beyond dollars saved. Learn how “America’s Most Wired City” put this plan into action and how they are better positioned to adapt to the changing demands of the people they serve.
Join us at the Government Solutions Forum on March 21, 2012 from 8:00am-3:45pm at the Grand Hyatt Hotel in Washington, D.C. http://www.cisco.com/web/strategy/government/solutionsforum.html
Follow the live chatter on Twitter using #CiscoGSF. To find out how you can drive down the total cost of ownership for your network and learn innovative ways to cut costs, please visit http://www.cutting-costs.com/