In the last two blogs, I talked about the reasons for IT Transformation, understanding Enterprise Environment and how to effectively set management goals. As more and more companies begin to move towards IT Transformation, there are mistakes that businesses should be weary of. Today I will discuss the pitfalls that can slump the IT transformation process, as well as, the services Cisco has been developing to help Enterprise on the journey to IT transformation. Read More »
In my last blog, I established reasons behind today’s need for IT Transformation. We know that CIOs hope to cut their budget in half, but this will be difficult unless they understand their Enterprise Environment, as well as, the management goals that align with their organization’s overall IT transformation efforts. Today we will take a deeper dive into understanding both. Because there is no “one size fits all” way of embarking on an IT Transformation journey, it is important that each organization looking to begin this process makes their own set of assessments, starting with a baseline assessment of their Enterprise Environment: Read More »
IT organizations face several challenges: a globalizing economy, the increasing cost of IT ownership, business users directly going to public Cloud providers, the difficulty of operating complex environments, effectively enabling innovation as well as variety of risks around security and compliance. Given these challenges, IT decision makers must innovate and conduct business differently in order to remain effective. Data shows that despite years of IT cost reduction programs, the industry on average has only managed to shift an additional 1% of IT spend towards growth and innovation.
Does transforming your IT mean moving from a cost center to a business enabler? Changing your architecture to include Cloud? Redesigning applications or selecting off-the-shelf application? Or moving from a centralized IT delivery to IT services broker? A majority of business leaders have said “yes” to all of the above. Read More »
Information Technology (IT) and Operational Technology (OT) networks have historically been completely separate, with users of each living in blissful isolation. But the Internet of Things (IoT) is changing all of that! In the IoT paradigm, IT and OT professionals will need to work together to drive pervasive security across the extended network. The same security tools will need to be applied consistently across the extended network, but with differentiated policy enforcement to account for differences between the two environments.
Read the full blog post to learn more.
Based on 25 years of professional experience in various businesses around the globe, I can say that many industry verticals have a pretty good state of safety culture as it relates to the health and safety of their employees. This is especially true for companies involved in high-risk businesses such as oil and gas, (nuclear) energy, manufacturing, chemicals, food processing, and so on. In such industries, it is pretty clear that there is a risk that something may blow up, hurt, or even kill people.
However, it seems that the next big driver for them is business alone, and they are not as focused on information or IT security when it comes to the logic side of security like bits and bytes, document handling of confidential information, and similar subjects. This is in stark contrast to their keen attention to physical safety and security issues.
It would seem intuitive that any organization with a commitment to safety by counting (and incentivizing) the hours (days, weeks, months, …) of safety-incident-free time should also be easy to convince that taking a similar approach to information security would be a good thing. But it is not that easy. Operations in these businesses are very physical, so it is not really in the mind-set of a rig guy or gal, a welder, a component mixer, machine operator, or similar, that another devastating incident (attack) could happen from “within” the system(s), by a human adversary committed to do harm in the interest of their nation state or paying agent. All those systems in the above mentioned industries that are working at the process level (sensors/actuators, process control, SCADA (supervisory control and data acquisition) are designed for efficient and effective, good performing, and reliable operation, but they were not really designed and built to resist logic attacks from a human smart guy who can outsmart almost every defense.
In industrial networks, spanning the areas of instrumentation, control bus, operations, business, or enterprise, the often cited Purdue reference model that provides for several “levels” or “zones” of abstraction and segregation can be used. A really good introduction can be found in the Secure Data Transfer Guidance for Industrial Control and SCADA Systems.
The main security points to address are: