Risque Management : CxOs

Let's have a security czar?

Slav — Tue, 09 Dec 2008 03:10:00 GMT

First, a follow-up to my previous message: it turns out that the investment is to be twice as that initially indicated, resulting in half of the jobs, and the jobs will be all kinds thereof, not green only. Good luck.

Now, there's something that is more of concern than just hot air promises: information security industry is asking Mr. Obama to appoint a security czar. Since all the signs are to more regulation from the nanny state, this might as well become a reality. the report - Securing Cyberspace for the 44th Presidency - is written in typical bureaucratic style. If you have a courage to read it, you'll find few fascinating ideas. For example, the authors come up with enabler for online collaboration:

Our proposed management structure would enable a collaborative social network among the offices and functions involved in cyberspace.

I can only remind about the previous make-work program for information security people, the Sarbanes-Oxley Act implementation. At huge cost that resulted in exactly nothing.

Now is the chance to dwarf SarbOx with somethink bigger and more ridiculous.

Election day mathematics

Slav — Tue, 04 Nov 2008 06:01:00 GMT

Reading the US presidential candidates final pleas, one sentence in Sen. Obama's The Change We Need piece drew may attention:

I'll invest $15 billion a year over the next decade in renewable energy, creating five million new, green jobs that pay well, can't be outsourced, and can help end our dependence on Middle East oil.

That's right - a $3000-dollar investment will create a well-paying, stable job. However you stretch the plan, this is still bulldust. I wouldn't vote for lies or utopia.

Motorola's Ed Zander reinvents SIM

Slav — Mon, 10 Dec 2007 08:09:00 GMT

With all the buzz around major US wireless operators opening their networks to devices bought by the users, one may wonder if those businesspeople understand what they're talking about. There's no need to open anything at all in GSM and 3G (UMTS etc) worlds. CDMA was trickier but you usually could talk support person on the phone into connecting anything, provided you pay accounts. So opening up varies from symbolic act to... symbolic act. There's no need to reinvent the concept of openness.

Motorola CEO Ed Zander reinvents another concept - SIM, the Subscriber Information Module. here's what he said in a recent magazine interview:

Eventually, you'll have one SIM card for your mobile devices, and when you plug that card in, it will recognize the device and shut off all your other devices.

Some news for Mr. Zander: this is exactly how SIM always worked.

"Business intelligence" is category of software packages that helps organisations - and the execs - understand their business. Mr. Zander needs some, or Motorola is in big trouble.

Virtually hopeless

Slav — Mon, 30 Jul 2007 08:54:00 GMT

I don't know if that's CIOs, or the press, or both. Recently Byte & Switch, CMP Technology's zine on storage networking, published a chef d'oeuvre on troubles with virtualisation. Some amazing thoughts by the captains of the industry. Take this one:

Time is definitely a major concern of ours," said Jim Steinmark, director of architecture and engineering at Fidelity Investments. "One of the big challenges is the time that it is taking to get people to accept virtualization as a production-ready technology," added the exec, who uses VMware, Citrix, and SoftGrid within his infrastructure. For this reason, Steinmark estimates that it probably takes 40 to 50 percent longer to get an application deployed on virtual machines than it would on physical servers. A complex virtual application shared by a number of different users, he said, could easily take a year to deploy.

The whole idea and practice of virtualisation is to implement an efficient hardware abstraction layer. Applications don't know and don't care if they are running in a virtual machine. Even detecting virtual environment is not a trivial task. How it will increase implementation time at all is beyond me. Any clues? Here's another product of disturbed minds:

Another attendee, George Scangas, lead IT infrastructure analyst at Welch's Foods, warned that developers are often the hardest group to get on board. "A lot of them are from the old school of thinking -- they want to run [applications] on a physical box," he added.

If developers have concerns like that, they are thoroughly unprofessional (Mr. Scangas's colleagues definitely are).You cannot develop application for a box with redundant power supplies and six cooler fans inside. With few exceptions (like device drivers, operating systems and virtual machine hypervisors) applications have requirements like certain operatins system, runtime libraries, disk space and available RAM - nothing that cannot be provided in a virtual environment. And if there's somebody who's hard to get onboard, that is not developers or system administrators.

Decision making too hard

Slav — Wed, 04 Apr 2007 03:22:00 GMT

Amazing news from the US:

The Federal Communications Commission has officially grounded the idea of allowing airline passengers to use cellular telephones while in flight.

Existing rules require cellular phones to be turned off once an aircraft leaves the ground in order to avoid interfering with cellular network systems on the ground. The agency began examining the issue in December 2004.
...
In an order released Tuesday, the FCC noted that there was "insufficient technical information" available on whether airborne cell phone calls would jam networks on the ground.

It takes more than two years for a bunch of government employees (with employment benefits many Americans can only dream about) to make decision that they cannot make decision. And therefore leave restrictions in place. The restrictions that are wrongly presented to us the airline customers as a safety measure (responsible for the flight safety is another authority, the Federal Aviation Administration).

It probably would be cheaper for American taxpayers to finance full-scale testing, with cell networks and airplanes stuffed with hundreds of active mobile phones flying above those somewhere in Arizona desert. But apparently the government bureaucrats aren't interested in making decisions based on facts. That's sad.

A new cult of personality

Slav — Fri, 09 Mar 2007 17:53:00 GMT

Inspired by Qantas inflight entertainment.

Devil Wears Prada is about a despotic CEO who turns out to be kinda cool - after transforming somebody to someone else, more to her standards.

The Queen is not about a CEO. Well, not only. It's about a chairwoman who is detached from what's going on in her organisation (having only a limited exposure through senior management) and tries to get to terms with the CEO. Tony Blair in the movie looks more like Nicolas Sarközy today - I wonder if the authors plan a sequel.

Anyhow the micro cults are all over the place, fueled by the media. Linus Torvalds doesn't play the cool CEO game, and suddenly he doesn't matter. Meanwhile, Eric Schmidt, a hired suit who presided over chain of failures at Novell and Sun, suddenly becomes a visionary. That is really stupid.

Readers who are current or aspiring CxOs - please don't take it personally. There's nothing wrong with your aspirations or achievements as such. Plus, I have an ultra-excuse: I'm very jet lagged.

Kashrut, Sarbanes and Oxley

Slav — Wed, 21 Feb 2007 07:30:00 GMT

This is about interpretations, and how they transform law into something unrecognisable. The first example is karshrut, the orthodox jewish diet. Its origins can be traced mostly to the eleventh chapter of the third book of Bible (or Torah, if you like...(read more)

What scares Cisco Security CTO?

Slav — Sun, 18 Feb 2007 07:32:00 GMT

Vista is out, to everybody's love or hate. And some people are scared. Bob Gleichauf, the chief technology officer in Cisco Systems' security technology group, is one of them : Parts of Vista scare me. Anything with that level of systems complexity will...(read more)

Do you still need PSTN?

Slav — Fri, 16 Feb 2007 04:10:00 GMT

Why old technologies are bad for security? Because they aren't flexible enough. Almost everyone is using Internet banking and takes SSL encryption of the session for granted. But most banks also offer telephone banking, where you manage your account using telephone line. Usually you put your account number (or its equivalent), PIN and then you can transfer money etc. Phone line wiretapping is a trivial thing - I've done that back in school. Phone banking is inherently insecure in that regard.

Now, a business story. Telstra is Australia's almost-monopoly telco. Think of AT&T not broken up, or Ukrtelecom. In early 2006, Telstra's then-new CEO Sol Trujillo was worried about something:

PSTN decline had accelerated slightly faster than expected.

Later that year, he was more optimistic:

The shift in revenue from traditional higher margin products and services to new and emerging products and services with lower margins has continued. However, we are tackling this hard and have slowed the PSTN decline by integrating services, bundling initiatives and customer winback programs.

And most recently Mr. Trujillo sounds upbeat:

We have slowed the PSTN decline.

Apparently, PSTN decline is a ongoing thing, and Telstra is trying to slow it - successfully, according to Mr. Trujillo. I wonder if the intention is to stop customer migration to new technologies and eventually start growing PSTN customer base.

This is exactly what I don't need. All the goodness of new telecoms aside. When new technologies become secure, legacy technologies are targeted by criminals. Enable strong authentication for Internet banking - and check fraud will grow (and yes, we don't need the whole check payments thing today). Besides, many people are concerned about govenments eavesdropping on the citizens' phone calls - but your neighbor can do same, because technology allows them to.

Meanwhile, I cannot get rid of my PSTN service. And there are people who don't want me to.