Year: 2016

April 20, 2016 Leave a Comment
Avatar

Q&A: 1 CTO sheds light on his battle with Shadow IT

Meet Derek: the man, the myth, the legend. As deputy CIO and the CTO, he is tasked with the overall technology strategy and oversees day-to-day operations for infrastructure, enterprise apps and research computing teams at the University of Arizona. By 5pm, he is enjoying the finer things in life like his scotch, the walking dead, or hiking with his 2 sons.

Although you just met him, something tells me you can relate to his perils. See Derek loves the agility and flexibility cloud delivers. However, he found himself restless and anxious at night. To Derek, cloud is safe if used properly. But when he isn’t enjoying zombie battles, he is battling cloud sprawl in his day-to-day. A lack of visibility into how and what his constituents are doing in the cloud. See he was in the dark about his stakeholders. Ironically, Shadow IT not only operates in the shadows, but put Derek in the dark about his own users.

  • What data was in the cloud and how were his users storing it?
  • How much Cloud sprawl existed?
  • How much were we spending?

These are all questions Derek and many CXOs wonder.

So we sat down with Derek for a quick Q&A. 10 Questions. Unfiltered. One CTO and his journey to squash cloud sprawl and minimize the risk of Shadow IT.  

Quick shameless plug: if you want to learn more about managing the risk of Shadow IT, cloud sprawl, and implementing cloud governance attend our: Shadow IT and Cloud Governance Webinar Series

 Screen Shot 2016-04-20 at 9.29.51 AM

Derek Masseth: CTO and Deputy CIO at the University of Arizona

Q: Derek What’s your charter at UoA?

“Our goal is delivering the right IT service at the right Time to facilitate teaching, research, and learning. Whether big Data, connectivity, or cloud services to all our constituents.”

Q: How do view the cloud?

“Driving agility and flexibility into IT, that’s what cloud is about to me.”

Q: Previously you mentioned anxiety. What specifically gave you anxiety as CTO about cloud sprawl?

“The bulk of the anxiety that we felt in IT was around privacy, regulatory concern, and the security of data getting out in ways that were endorsed…

The cloud can be quite secure, as long as the provider and consumer are leveraging it with the right controls. Ensuring the controls exist is where we focused to minimize the bulk of our exposure.”

Q: Why did you decide to implement multi-cloud governance?

“If we can’t monitor and measure, we can’t meet the needs of our constituents. We can’t be sure that data is being properly governed. We can’t be sure we are getting the best value for our dollar.”

Q: Elaborate on what you mean by cloud sprawl?

“Cloud sprawl is the condition where multiple cloud providers are leveraged for fundamentally the same service. That leads to waste since there is overhead. Our goal was to drive costs down and ensures that there were proper controls…

(Cloud Sprawl) is incredibly inefficient. And efficiency in IT and everything in Higher Ed is important, particularly with IT as a cost center. IT must be very efficient in delivery of its service. We knew sprawl existed, driven by individual consumption of cloud services. And we knew we could do better.”

Q: So what did you do?

We knew we had all this cloud sprawl, but didn’t know what to do about. We heard about Cisco Cloud Consumption Assessment, and it seemed to really fit the bill.”

Q: So what sprawl did you find?

“We went into the cloud discovery process thinking we had 50 cloud services. A few weeks later, we found 900 cloud services being used! The amount of overlap was astonishing. We knew we would find sprawl but at 50 it’s sprawl, at 900?!!! It’s more than that! What’s more than sprawl right? It gave us insight into how our constituents were using the cloud more than we could have anticipated.

Cloud Consumption Service told us that IaaS was wildy the most popular service being consumed. So that was the thing we needed to address.”

Q: You said IaaS was wildly the most popular use case, how did you meet the IaaS needs of your users?

“The value of Cisco metapod is we tried to build and deliver private cloud functionality prior, and it’s hard! We selected Cisco Metapod for our Private Cloud because it delivered public cloud functionality, in our facility in a manner that we dont have to manage. The beauty of public cloud is not having to manage the infrastructure. The notion that I can get that in my data center without having to buildup and maintain the staff involved with building private cloud infrastructure is amazing.”

We selected Cisco Metapod for our Private Cloud because it delivered public cloud functionality, in our facility in a manner that we dont have to manage. The beauty of public cloud is not having to manage the infrastructure. The notion that I can get that in my data center without having to buildup and maintain the staff involved with building private cloud infrastructure is amazing.”

Q: What results have you seen since using Cloud Consumption Service? 

“The results have been an ability to focus efforts where our staff needs us. Insights into how cloud is used at UoA has been invaluable in directing our efforts for cloud adoption. Because IT has been given insight on what matter most in cloud to our constituents. The ability to focus has enabled us to deliver high-value services where and when they are needed most!”

Q: What advice do you have for fellow CIOs and CTOs?

“If I had any advice, if you’re experiencing anxiety or need to get handle on cloud sprawl, services like Cisco Cloud Consumption Service provide the visibility you need to focus your efforts in an area that is difficult to navigate…. I talk about visibility and the ability to focus, but what that does too, is it drives up our confidence level. Now we can make sure we are doing the right thing at the right time.

Now I can turn on dime, and I couldn’t do that before.”

 

If you would like to learn more about Cisco Cloud Consumption Service please visit our site. You can register for a Free Shadow IT Risk Assesment with our SaaS, analyzing up to 1 million records across 150+ risk parameters.

 

Authors

Avatar

Jamie Alfieri

Product Marketing: Cisco Intercloud Services

Leave a Comment
Avatar

CEOs Are Missing a Huge Opportunity with Cybersecurity

Every time I hear about a new high-profile data breach—and it’s happening more often all the time—I picture what must be going on in the executive suite of that company. Are the leaders hunkering down in a defensive position, looking for someone to blame? Will they throw money at the problem as they scramble to shore up their cybersecurity perimeter defense? Will they halt innovative digital initiatives for fear of greater digital vulnerability?

In many companies, the answer is probably “all of the above.”

Chief executive officers can no longer just focus on driving sales. Chief operating officers can no longer just focus on achieving operational efficiencies. Chief financial officers can no longer focus solely on forecasting and planning. In the digital era, cybersecurity strategy is now intrinsically tied to the growth of the company, its innovation, and its overall competitive position.

Some leading-edge executives and their firms are taking a new approach. They recognize the tight connection between digitization and growth — with cybersecurity as a critical foundation.

A new Cisco study being released in May, “Cybersecurity as a Growth Advantage” shows that more and more C-suite executives are beginning to view cybersecurity beyond its traditional defensive role. In fact, nearly one-third of the survey’s 1014 respondents believe that the primary purpose of cybersecurity is growth enablement. In addition, 44 percent consider it a competitive advantage versus just “a cost of doing business.”

The idea of cybersecurity as a growth driver may seem surprising at first glance. It’s not when you look at examples of what is happening in the market today. We conducted the market’s most comprehensive economic analysis of 414 private and public sector digital use cases. Seven “defensive” use cases, focused on protecting intellectual property and avoiding data breach costs, are equivalent to $1.8 trillion in value over the next 10 years. These use cases, however, are table stakes. The real opportunity lies within 407 digital use cases across 16 industries. These equate to $5.8 trillion, stemming from cybersecurity’s role in enabling innovation and growth.

Among industries, mining/energy, retail, and transportation/logistics had the highest percentages of respondents viewing cybersecurity as a source of growth (see chart below).

Cyber_Fig07_industires 1024x512 copy

All of the use cases in our Digital Value at Stake analysis depend on strong cybersecurity. If you are going to implement a digital solution that connects people, processes, data, and things, then customers and partners involved in the solution must be able to trust that their information will remain secure and private.

Consider the retail industry. Last year, a Cisco study showed that many customers want a “hyper-relevant” shopping experience, in which the retailer offers exactly what the customer wants and needs at any given moment. This sort of contextually aware experience requires trust. Customers must trust the retailer enough to allow access to a wide array of personal information about their shopping history, likes and dislikes, and even current location. If the retailer has suffered a data breach, the trust is broken. Customers will not feel comfortable sharing personal information, and the innovative shopping experience will be squelched.

Security concerns not only make customers reluctant to participate in innovative solutions — they also cause organizations to hesitate on pursuing digital products and services. In some cases, cybersecurity worries are halting mission-critical initiatives entirely.

Cybersecurity helps create value across all the industries we studied. For example:

  • Financial Services: Mobile payments depend entirely upon consumer confidence. With cybersecurity capabilities in place, mobile payments will generate as much as $396 billion from 2015-2024.
  • Retail: In-store analytics improve workforce efficiency through dashboards, real-time information, operational analytics, workforce management tools, and shopping analytics. With a good cybersecurity foundation, in-store analytics has the potential to generate $285 billion from 2015-2024.
  • Oil and Gas: When digital oil-control systems are hacked, oil spills can go undetected, often resulting in massive litigation, cleanup, and downtime costs. With the right cybersecurity practices in place, however, oil and gas firms can take their share of $16 billion that oil-spill control will create over the next 10 years.

Regardless of industry, it’s important that cybersecurity is designed into digital products and services from the beginning, rather than “bolted on” after the fact. CEOs who prioritize cybersecurity in their growth and digital agenda will not only be more effective in protecting their data and systems from intrusion—they’ll also be ahead of the game when it comes to innovation, value, and growth.

Authors

Avatar

Michael Riegel

Vice President

Industries, Platforms, and Services Marketing

3 Comments
Avatar

Setting the Stage for Co-Innovation Success

The new model for co-innovation can be messy. No longer a one-thing-at-a-time, linear methodology, today’s development process involves people from different organizations, with different backgrounds and cultures working on several different tracks at once, with rapid prototyping, real-time customer feedback, and multiple iterations all along the way. It involves frequent failures, fast recovery, and new attempts based on lessons learned.

It’s a fertile field for innovation. But the field is also scattered with landmines that can blow the whole process apart if you’re not careful.

This week, I want to look at some of the factors that can help assure the success of your co-innovation initiative—as well as some of the pitfalls you should avoid along the way.

First of all, it’s important to recognize that the way you run your co-innovation effort will vary widely depending on the kind of problem you’re trying to solve and the outcome you’re trying to achieve. You’ll probably take a relatively focused, time-limited approach to solving a specific customer problem or improving on an existing product or process.  But developing a new technology will take a more expansive approach. And tackling a “Big Hairy Audacious Goal”—to use a term coined by James Collins and Jerry Porras—will require a sustained, long-term effort that remains fresh and focused throughout the process.

Berlin Innovation Event
A team at Cisco’s openBerlin innovation center presents the solution they developed during a two-day co-innovation event focused on developing mobile and enterprise collaboration apps.

Regardless of the type of innovation project you are looking at, here are some broad best practices that can maximize your chances of success: Continue reading “Setting the Stage for Co-Innovation Success”

Authors

Avatar

Maciej Kranz

Vice President and General Manager

Corporate Strategic Innovation Group

Leave a Comment
Avatar

Flexible Service Delivery with Hybrid IT

Data center professionals are under incredible pressure to help their business move with greater speed, offer flexible solutions and win new customers.   To achieve these business outcomes, cloud has become a core component to every organization’s strategic agenda.

Cloud is not like other technology trends of the past. First, it is moving at logarithmic speed, disrupting the complete solution life cycle and creating the need for new business models.  If you have been in this industry for more than one year, you already see the incredible velocity of change as well as the disruption that has moved from the data center to the solution life cycle.  An example of this disruption is the shift from private to hybrid cloud.

Forrester defines hybrid cloud as “something you manage not something that you build.”   Based on what I am hearing from customers, this definition is right on target.   The business doesn’t want IT to build anything.   What they want is flexibility to quickly and cost-effectively deploy the technology needed to support and enable new strategic initiatives across multiple platforms.

Continue reading “Flexible Service Delivery with Hybrid IT”

Authors

Avatar

Joann Starke

No Longer with Cisco

1 Comment
Avatar

Cisco and Fiserv: Transforming the Customer and Employee Experience

Authors:

  • Jason Bettinger, Financial Services Business Transformation Director, Cisco
  • Bradley Mason, Vice President, Sentry Performance Solutions, Fiserv

Changing technology is driving big changes in consumer expectations – and within the workplace. Financial institutions must transform customer experiences to meet the demands of the future, or run the risk of impacting the bottom-line. They must also strive to create workspaces that are highly collaborative and digitally innovative in order to keep and retain top talent. All of this happens with the right mix of technology, people, processes, and culture.

Today, Fiserv, a global leader in financial services technology with more than 13,000 clients worldwide, announced an agreement with Cisco to deliver communications solutions to financial institutions. The solutions are aimed at enhancing internal collaboration, supporting branch transformation strategies, and driving customer engagement. Fiserv will offer these hosted solutions through the company’s portfolio of managed services, Sentry Performance SolutionsSM , which includes network and hosting services, network security services, hardware and software lifecycle management, and unified communications services.

Continue reading “Cisco and Fiserv: Transforming the Customer and Employee Experience”

Authors

Avatar

Jason Bettinger

Practice Director

Financial Services, Americas Business Transformation

1 Comment
Avatar

Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries

city_view_nuclear_final copy
Nuclear Activity Across 10,000+ Cities in 150+ Countries

This post authored by Nick Biasini

Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We were able to gain unprecedented insight into Angler exploit kit and reveal details of the activity that were previously unknown. Now we have focused our attention on the Nuclear exploit kit with similar results.

Nuclear Exploit Kit has been steadily compromising users for years and has been effective in evolving as well as adding new exploits to their arsenal. However, it has been operating largely off the radar compared to some of the more prolific kits that are active today. This lack of deep visibility was one of the driving forces behind the deep investigation into its activity. What we found was a sophisticated threat that has been successfully targeting and compromising users in more than 10,000 different cities in more than 150 countries.

Read More >>

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group

Leave a Comment
Avatar

Drones Give Humanitarian Aid a Lift

Okay, I admit, the headline is a bad pun. But, what isn’t bad is the speed at which drone technology is being used to save lives before, during and after a devastating event. On April 11, I was invited to attend a Discovery Event at Singularity University at Moffett Field on Unmanned Aerial Vehicles (UAVs) in Humanitarian Response. I was invited because I work in the Cisco Corporate Social Responsibility group and we supported the event. But I really went because I love discovering the endless ways technology is positioned to improve the human condition exponentially, and share those stories with the world.

With our nonprofit partner InSTEDD (Innovative Support to Emergencies, Diseases and Disasters), we supported a 3-day workshop that gathered a diverse and savvy group of UAV experts already using drones for humanitarian relief. We asked them to go beyond their current thinking and envision what more can be done with this rapidly advancing technology. It’s a known fact that when technologists are gathered to solve a problem, and unencumbered by daily obligations, amazing things happen. When I walked in, the excitement and enthusiasm in the room was palpable.

We have all seen the recent news on the earthquake that killed more than 480 people in Ecuador. In 2015, according to the UN Office for Disaster Risk Reduction, there were 346 reported disasters that affected 98.6 million people. A disaster takes many forms but most common are earthquakes, heat waves, landslides and floods. What we know is that these types of environmental disasters will continue to increase and have a rippling impact on lives, resources and the economy. What we don’t know is when, where and how they will strike…at least not yet.

InSTEDD CEO Eduardo Jezierski spoke eloquently about the future possibilities of specialized drones. He said, “We need to get past the talk to begin to operationalize UAV use. You have to bring the right people together at the right time in order to scale and be ready for the next disaster.” It is clear that as development costs go down, drones can be used for such activities as mountainous delivery of essential medical and bio-safe materials to remote communities, mapping of historical sites such as the World Heritage Organization sites to track erosion, or delivering sterile Tsetse flies in Ethiopia to prevent epidemics.

While local regulatory hurdles keep the barriers high for indiscriminate use, the ethical question of drones is not new. They provoke questions that have been debated in the humanitarian community for years. Evan Huddleson from HaloDrop, a company that provides trained drone response teams, reminded the audience that disasters are chaotic. He stated, “Sometimes global humanitarian groups find themselves going up against the local government agencies, but if you start off with the right intention you will end up in the right place to help people.” But, media organizations and government officials who have a megaphone and a platform must improve their understanding of these new technologies and advance policies that will bring the right people together to promote their good use, so that during the chaos of a disaster, devastation is minimized and goodwill is advanced.

By the evening’s end I had learned so much about unlocking the potential of drone technology. I was feeling a bit guilty about my derisive laughter when my son gave my husband his own little backyard drone. I learned not only about the good this type of technology can do, but the importance for all of us to be educated beyond sensationalized headlines onUAV image the wariness of technology innovations.

John Thompson from Skycatch, a for-profit drone data software company, spoke about how his company is changing perceptions about use and abuse of drones. Skycatch@School is their new initiative that sends pilots and engineers into schools to teach students about drones, engineering and aviation. Imagine the thrill of sparking a child’s imagination to be a drone pilot for good.

There are many times I am frustrated by the slow pace of new technology adoption and disappointed when I read yet another article on the wonders of a technology designed to solve a non-existent problem. But then I attend an event like this where the last question of the evening came from a government official in the Netherlands, where over 20% of the country is already underwater. He stood up and said, “We need someone, right now, to map the erosion of our levees. The sooner we do this the sooner we can save lives.” I am then struck once again by the power of technology combined with the ingenuity of the human mind to solve global problems.

 

Authors

Avatar

Mary Anne Petrillo

Senior Marketing Manager, Digital Strategy

Corporate Social Responsibility

Leave a Comment
Avatar

Data is Only Valuable if You Can Quickly Get to It

Data continues to explode and is becoming increasingly important to achieve business success.  Companies rely on their data to make them smarter, more productive, and better decision makers. Advances in data management, business intelligence and analytics have improved organizational performance, but with data growing everywhere, it is becoming harder to get to the data and act on it quickly.

With more data comes more expectations. Employees, customers, and partners expect more service, speed, and personalization. As a result, there is pressure on IT to deliver the right data (from multiple systems, locations, and sources), to the right person at the right time.

Speaking from my own experience as a marketer, I know my own expectations for data and analysis have gone through the roof. Over the course of my career, marketing has evolved from an art to much more of a science. Today, I continuously challenge my team to prove that something is working or that our strategies are grounded in data and not just opinion.

And it’s not just marketing. All disciplines across every industry are struggling to keep pace with the growing data demands of their employees, customers and partners. The most common request we hear from our customers is to share examples of how organizations are using their data in new ways. So, we decided to share 10 case studies across 10 industries in hopes of inspiring you to see your data challenges as an opportunity.

Join us on Wednesday, April 27th, for a 45-minute webinar, “10 Ways to Solve Your Data Challenges.”

Join the Conversation

Follow @gpalozzi and @CiscoAnalytics.

DV_Card-4A

Authors

Avatar

Gino Palozzi

Marketing Manager

Analytics & Automation Platforms

Leave a Comment
Avatar

Oracle OIT Image Export SDK libvs_pdf XRef Index Code Execution Vulnerability

talos-feature-image

Talos has recently discovered a vulnerability in Oracle’s Outside In Technology  Image Export SDK which, when exploited, allows an attacker to overflow the heap, leading to arbitrary code execution. The vulnerability lies in the Image Export SDK’s parsing of Portable Document Format (PDF) files.

While parsing a PDF file which contains an Xref object, values from the /Index entry are used to handle the decoded stream. A malformed PDF file with many objects specified by the /Index entry can lead to a memory overwrite past the ends of the allocated buffer, overwriting adjacent heap chunks.

Read More

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group