It is the passenger who feels the pain when there are disruptions to smooth and normal airport operations – long queues at check-ins and security checkpoints, flight delays and cancellations, painfully long deplaning, stressful and missed transfers, and mishandled bags. These disruptions not only increase passenger dissatisfaction and operational costs, they can greatly reduce the growth engine of airport revenues –non-aeronautical revenues during dwell time, transfer and baggage retrieval.

Dwell time is sell time. Non-aeronautical revenues will fuel airport growth

Of the $101B of airport revenue in 2010, 46.5% came from non-aeronautical revenue. And of the non-aeronautical slice, almost a third comes from Retail and Food & Beverage. While airline revenues are expected to grow modestly, airports are projecting Retail and F&B to grow between 8% and 25% per year over the next few years. This growth relies on the ability of airports to optimize interactions with passengers during dwell times.

Airports have focused on research and airport design. The tipping point will be passenger engagement with timely, valuable information.

Airports have renovated retail space, tweaked commercial offerings, and researched passenger desires. Now that it is built, the next step is to engage with passengers to effectively promote the right offers to the right customer at the right time.

What if you could provide specific passengers with all the information they needed in one single mobile device or smartphone regardless of who they are and when and where they are in their journey? What if you could engage with a passenger and let them know they have 17 minutes until their bags come out—and that there is a flower shop on the way – based on their geo-location? What if you could send text updates to passengers via opt-in allowing them to browse duty free shops or pick up a bite to eat while waiting to board or during transfers without worry? The average spend per passenger has been flat for years and ranges between $2.50 in the U.S., €8-16 in Europe, and $13.50 in the Middle East. Since Retail and F&B account for 31% of non-aero revenues, increasing spend by just $1-$2 per passenger could increase airport revenues by a minimum of 50% in the U.S.

To make this seamless flow of information a reality, integration between airport systems is mandatory. But this presents a unique challenge from an information technology (IT) perspective. On a daily basis a typical airport’s infrastructure and systems support hundreds of systems and business processes that must be handled in real-time with little margin for error. These processes may include passenger and baggage handling, security management and air-traffic control, among many others that are mission critical to the daily operations of the airports, airlines, security agencies, ground handlers, and tenants.

Centralizing passenger and operations intelligence is an operations issue.

Centralized information drives major operational benefits, including real-time business intelligence that allows for predictive deployment of resources to resolve security chokepoints and potential bottlenecks. For example: deplaning passengers faster which leads to even more shopping and eating time during dwell time and transfer) .

Operationally, integrated systems are a critical component of Airport Collaborative Decision Making (ACDM), one of the five priority measures in the Flight Efficiency Plan published by IATA, CANSO and EUROCONTROL. One study showed that for every $1 invested by an airport in ACDM, $8 would be returned after a decade and the initial investment would be recouped within 24 months. The ability to share high quality, timely and reliable information across airport operations and between partners generates significant and quantifiable benefits.

A complete view of passenger and operations intelligence will fuel the next wave of growth

Airport growth today focuses on a much broader range of activities including the retail business. These growth drivers all have something in common—they all require timely, reliable, high-quality information to be shared throughout the operations and between partners.

The ability of an airport to enable the seamless flow of information across a highly complex array of intertwined processes and systems is a key driver for future growth and success. This, coupled with a repository of customer information that can be used to provide business tracking, promotions, auxiliary service usage, etc. sets the stage for the Integrated Airport Center and a powerful ‘passenger-centric’ airport.

The Integrated Airport Center is one that takes advantage of the intersection of industry – i.e. Passenger Self Service – and Unisys Disruptive Trends – e.g. mobility and smart computing – to create an intelligent, predictive environment for the most effective and efficient flow of passengers, resources, goods and services during normal as well as disruptive day to day operations. The underlying technology is critical to make this futuristic environment a reality. The Airport Operational Data Base (AODB) that underpins integrated airport operations must be able to handle massive increases in passenger self-service and mobile transaction volume and to capture data and feed the core systems.

Integrated Airport Center propelled by the central repository of all airport operational and passenger information.

Many of the key elements to realize the Integrated Airport Center are already underway. Implemented as part of high profile infrastructure upgrade projects for major events and deployed to meet industry initiatives such as IATA’s Fast Travel initiatives, many airports are laying down the foundations necessary to make an integrated airport center a reality.

Guangzhou Baiyun International Airport, for example, operates the Unisys Airport Operations Management Solution and the Central Integrated Information System (CIIMS). The Airport Operations Management is a comprehensive and modular solution that underlies all aspects of the Guangzhou’s airport operations management. At the center of this suite sits the Unisys Airport Operations Database (AODB) which is a high volume database that is tightly integrated through middleware systems to the systems that serve all corners of airport operations. In addition, these middleware systems are also applied to integrate other disparate airport systems with the CIIMS so that flight-related data from airlines, handling agents and air-traffic control is extracted from these systems and compiled in the AODB and is deployed to airport staff, government agencies and the general public in real-time information.

Bilund Airport, Denmark’s 2nd Largest Airport, operates the Unisys Airport Passenger Processing System (APPS) which is a comprehensive suite of passenger facilitation and passenger self-service solutions including internet check-in platforms, self-service check-in kiosks, fast and common bag drop, and home-printed bag tags. These self-service options have not only improved passenger satisfaction but also have provided Bilund and its tenant airlines with key information that has reduced costs and accelerated passenger flow. In 2012, 2.7 passengers passed through Bilund, 200k more than in 2008, but the total passenger handling working hours decreased from 199k to 185k– leading to a 16% increase in passenger handling productivity.

The critical next step for airports will be to extract data from these multiple systems and deliver predictive decision making and analysis to passenger mobile and mobile workforce devices, to improve airport worker productivity and passenger engagement.

By taking advantage of these convergence of disruptive trends – i.e. Passenger Self Service – and Unisys Disruptive Trends – e.g. mobility and smart computing – airports and their partners will able to seize the next wave of growth and productivity despite limitations in infrastructure and opportunities to optimize space.

While SOA was the right vision, organizations could not see beyond immediate challenges and opportunities. They failed to recognise that organizing applications as “services” would be ideal for adopting new or future technologies, Cloud Computing for example. Furthermore, results did not match expectations. The SOA approach, it appeared, often offered no immediate clear objectives, no specific focus, and yielded poor results. The reason for this apparent failure is clear. In the year 2000, making large IT investments, especially in long term initiatives was not considered prudent. Furthermore, IT Providers were focused on selling infrastructure. Organizational culture, policies, consulting experts and aligning applications to larger business goals were not taken into consideration by IT decision makers. Bearing in mind that Cloud technology was not “visible” it is understandable that the full benefits of SOA were not evident or realised. The effort and investment required seemed high and the cultural aspect of SOA remained untapped.

Today, our clients see the need to break out of silos and organize “applications as services.” Without this shift they will not be able to implement cloud infrastructure or leverage cloud services to improve, modernize or extend existing IT investments.

According to “Executive’s Guide to Cloud Computing” by Erik A. Martz and Bob Lozano (ISBN: 9780470521724), business models can be classified as a) Cloud-enabled and b) Cloud-based. The latter is more Cloud-oriented, but in both cases, medium and large companies cannot exploit the power of “Cloud Computing” if they do not think, shape and build their solutions as “services.”

Although, it is possible to embrace Cloud in specific areas with siloed IT, sooner or later, silos will block the journey to Cloud and restrict savings and flexibility that can be gathered through it. Additionally, companies seeking to sell solutions “as services” have to organize their IT in a “service-oriented” manner if they are to gain the right granularity, flexibility and speed needed to remain competitive.

This explains why some large companies have (re)started their SOA initiatives; the added value that SOA brings is now clearly visible. When a goal is articulated clearly and perceived correctly it is easier for the entire company to move to that direction. Easier, not easy.

A large IT infrastructure is usually complex; it constitutes legacy systems and several technology layers built over the years into the data center. Unisys understands the need to modernize IT; our SOA-based offering Application Modernization Platform as a Service (AMPS), helps clients address challenges of modernization. The offering includes services and products that are linked but not tied to each other; clients choose the services and/or the product stack.

SOA might conjure images of complexity for a CIO. Dealing with different product vendors, each of them with unique licensing strategies, SLAs, etc., is certainly a cumbersome proposition. Unisys solves this issue quite simply. We give clients a “One Stop Shop” to meet their SOA needs. We provide the entire stack tailor-made for each client with a single point of access, support, and single pricing schema. It’s our job to deal with the vendors, not the client’s pain anymore!

When IT is layered with several technologies and products across Business Units with different policies, it is no longer a matter of implementing SOA initiatives across the entire organization. One needs to assess the existing environment, then shape, plan, build, deploy and support the SOA infrastructure step by step, while simultaneously replacing, evolving or adjusting application silos. Unisys has built and engineered a specific set of blueprints, which our consultants reuse to speed up the process keeping it simple and safe for our clients.

We know that skipping or failing the SOA initiative would waste our clients’ Cloud journey, we know where potential issues, risks, shortcuts, opportunities lie and we bring this expertise to our clients; our focus is on helping clients embrace the Cloud starting from the core and not on selling just a product!

To counter this technological silo-effect that threatens the premise of social collaboration objectives, we believe that organizations will need to ensure they have enterprise-wide social computing strategies that incorporate business objectives for social enablement and, additionally, rationalize their overall technical approaches for implementation. These technical approaches will consider integration among disparate social engine platforms and with appropriate enterprise applications from which more effective knowledge sharing and collaboration can speed cycle times, improve operating efficiencies and enhance employee learning.

The clock is ticking. Even several years ago, predictions from the technology research firm, Gartner, indicated that social technologies would be integrated with most business applications by 2016. Once considered a “nice to have” collaboration enabler, social technologies are now an essential driver of effective business collaboration both within the business enterprise as well as externally through marketing channels. The current focus on socially-modernizing enterprise applications that support key customer facing process such as case management and problem resolution will continue as collaboration among and speed to information for knowledge workers begin to demonstrate expected productivity and customer engagement gains. However, greater emphasis will be placed on leveraging social technology to improve more transparent sharing of ideas that contribute to new or refined innovations and to increase the speed of innovation processes.

In 2013, leading edge companies will focus their attention on integrating social technologies into Human Resource functions, specifically recruiting, employee onboarding, and contextual and experiential learning as a means to attract, develop and retain top talent. In her book, “The 2020 Workplace,” author Jeanne Meister states “Millennials are likely to select an employer based on the ability to access the latest tools and technologies at work”. As we look toward the future 2020 workforce, the lines between managing one’s personal life and business career will be blurred as the next generation of workers, the “2020s”, will expect companies to provide an environment that enables them to manage both. BYOD programs, unified communications platforms, mobile applications and advanced use of video streaming to capture, share and consume tacit knowledge and learning will also become commonplace.

Gamification – the ability to influence and drive desired behaviors and imbed learning into game-based activities, including spotlighting and badging, will become more prominent within the business enterprise as well as in external social channels as a means to educate and train employees, influence and transform cultural behaviors and increase customer engagement. In fact, Gartner predicts that “70 percent of Global 2000 businesses will be managing at least one game-based application or system by 2014.”

In support of these cultural and technology shifts, CIOs’ social computing strategies will begin to incorporate cloud e-mail, collaboration services and social computing platforms into an overall approach for next generation enterprise-wide collaboration.

Finally, as more social data becomes available for analysis, from inside the organization and from external social networks, organizations will also look to gain insights that go beyond usage and activity metrics and sentiment analysis to include data which aids complex decision-making processes in support of competitive marketplace advantage, real-time refinements, and course, corrections for their customer-facing product and service strategies.

We have observed that the current limited deployment of brokering technologies to seamlessly procure capacity and the low penetration of integrated enterprise systems management to enable end-to-end management of cloud and non-cloud environments limit the ability for organizations to fully leverage cloud benefits.

With these challenges in mind, we anticipate that in 2013, organizations will begin to identify their strategy and implementation plans for management tools and brokering platforms to better manage their hybrid environments while tightly integrating into their existing process, policy, governance and compliance frameworks. The brokering platforms will provide broader choice, helping enable the selection of a “fit for purpose” cloud environment, provide faster time to deployment, and a “one stop service” to procure and manage cloud providers.

To counteract the “shadow IT” phenomenon, whereby business units directly procure cloud services from third-party providers, we expect that CIOs will press their internal cloud teams to seek out more automated techniques for rapidly deploying and operating their cloud infrastructure. This will include automated tools to help assess which enterprise applications are best suited to which cloud deployment models while meeting SLAs and compliance requirements, and self-service portals for cloud provisioning as part of their private cloud implementations. In effect, these internal IT services groups will become the providers of sophisticated brokerage, procurement and enterprise systems management capabilities to the organization, enabling workloads of all types to be provisioned and managed seamlessly regardless of IT delivery model.

As computing networks and applications become highly virtualized via cloud computing and emerging trends such as software-defined networks, Cybersecurity will need to be a foundational part of the enterprise architecture in order to protect and partition data and applications effectively across all these various pathways. These virtualized environments create an increasingly more sophisticated infrastructure that naturally increases the complexity of securing these environments. No single cloud providers’ security model is the same and as companies progress towards utilizing more than one cloud providers’ infrastructure, it will be important to put in place a consistent security model across these disparate environments. Unisys expects new security reference architectures will be needed to provide the Cyber framework for CISOs to implement these measures in a consistent and cost effective manner.

In line with the current trend towards zero-trust security models, we expect organizations will look to new tools and techniques to hide their sensitive data, even from inside their own organizations, so that only trusted communities of interest can gain visibility and access to data where needed. This data cloaking approach will be implemented not only within the corporate network, but out to external cloud and mobile environments as a key strategy to protect against today’s advanced threats.

In addition to a focus on Cybersecurity architectures and sensitive data protection in the form of data cloaking, we anticipate that enterprises will also look towards more advanced techniques for establishing and maintaining their trusted identities in Cyberspace. This will include federated identity management in complex hybrid cloud environments, context aware authentication particularly in business scenarios related to mobile and social computing, and next generation biometrics-based authentication systems in mission-critical applications.

There will be widespread use of active cyber defense measures, especially in government. Active defense takes on another level of sophistication by automatically shutting down threats based on pre-defined business rules. This approach allows an organization to stop an attack before it causes damage to their infrastructure or exfiltrates data from their network.

In a recent article for ComputerWorld, I outlined 10 CIO considerations for disruptive trends in 2013. Rather than predictions, these were considerations that we anticipate CIOs to encounter throughout the year looking across all of these disruptive trends. Some of the major themes included leveraging unique new combinations of the trends, driving initiatives from the end user perspective, managing complexity while transforming the entire IT stack on the fly, and re-thinking application development frameworks.

In our set of six blogs highlighted below, our Unisys subject matter experts examine each disruptive trend individually. Within each blog, they provide their views in terms of both new and ongoing business benefits we anticipate CIOs will be extracting from these trends, and also some of the underlying challenges and complexities they will need to address as part of the journey. You can review each blog by clicking on each trend below:

• Cloud Computing
• Mobile Computing
• Social Computing
• Big Data / Smart Computing
• IT Appliances
• CyberSecurity

We hope you enjoy reading our thoughts related to how these trends will further evolve in 2013 and look forward to hearing from you!

It got me thinking and I came out on the side of… invest a lot. The most successful companies in the world today are the companies that are most attentive to the client and end-user experience. What vendor’s product experiences standout for you?

Today’s IT users are looking for the most efficient means of getting their desired outcome whether it be entertainment or their job responsibilities. The more difficult and frustrating the journey – the greater the chance they will seek alternatives. The better the user experience – the more likely they will advocate to others. The more we can anticipate and invest to design out negative user experiences the greater the success of our solutions. It is not ours to judge whether the end-user should have known better but, instead, to assure the question is never raised.

Therein lies the opportunity for IT Appliances. IT Appliances are turnkey combinations of packaged hardware and software that handle specialized functions to jumpstart new technology initiatives and avoid complex, lengthy systems integration efforts. They are designed to streamline the path to desired end-user outcome while optimizing the experience along the way.

Unisys anticipates that in 2013 there will be increased interest in the IT appliance trend, in terms of both supply and demand, as CIOs look to these packages to support a number of areas that would otherwise require significant time and resources. For example, appliances can be utilized to address growing data center complexity issues in areas such as cloud infrastructure, information management and Cybersecurity.

IT appliances will increasingly bundle multiple related functions into a single appliance to provide a stronger value proposition for CIOs. For example, Big data appliances will expand beyond just analytics and cloud appliances will offer full featured stacks of functionality including robust management, provisioning and reporting capabilities. Cybersecurity appliances will take on broader footprints in areas such as sensitive data protection as part of the overall trend in Cybersecurity software towards more integrated suites of functionality.

In 2013, as more and more computing devices and intelligent sensors become connected to the cloud, there will be an increasing focus on cloud- and mobility-friendly appliances that can plug into this enterprise architecture and provide mission-critical functions with premium service levels that meet end user expectations.

IT appliances are the industry’s newest approach to improving the client experience and investing in the client experience is the most intelligent business decision IT vendors can make.

New for 2013, mobile computing initiatives will require considerable business analysis skills as well as comprehensive IT management and support processes to fully realize the benefits of re-inventing customer- and employee-facing business processes. Additionally, there will be a focus on mobile application lifecycle management and flexible, lightweight mobile worker support models.

As mobile applications proliferate within the enterprise, in part due to the Bring Your Own Application (BYOA) trend, CIOs will require comprehensive frameworks to provide full lifecycle management of these applications from initial inspection and deployment to eventual retirement to avoid application sprawl and downstream support issues. In addition, these mobile application strategies will be integrated into existing enterprise software development lifecycles to ensure a seamless, efficient, and unified approach to developing and managing all applications.

On the mobile worker support model front, organizations will redesign their support models to deal with both the lightweight needs of today’s mobile devices, such as connectivity and security, together with the more standardized and controlled, image-based needs of the traditional desktop. As evidenced in the recent Unisys Consumerization of IT survey, these new, flexible support models will need to deal with mobile workers , and in particular a new class of “mobile elite”, who often have three or more devices that they regularly use to get their work done.

Organizations will be working towards determining where to start with their redesigns and extending applications to mobile devices. This will become a primary challenge as organizations will look to areas where employee productivity will be greatly improved, increasing their ROI. Most organizations to date have been focusing on extending their reach to customers using the mobile channel. This focus as analysts predict, will turn towards maximizing the use of mobility for their workforce.

Opportunities abound for organizations when considering the redesign of their applications and what applications to mobilize. They will need to closely consider coordinating the movement of applications to the cloud and mobile in order to optimize their investments. Cloud based applications are the perfect fit for mobile applications if designed right up-front. The cloud infrastructure is built for scale up and down which is well suited for the expected mobile demand on enterprise applications.

These are exciting times for businesses. Businesses that view mobile opportunities from a strategic perspective will be most suited for success in the new market, however it shakes out, and those who simply respond to mobility from a tactical standpoint could stand to lose. Unisys has the mobility solutions to help organizations win in the new mobile environment.

Looking at the first theme of “big data readiness”, as enterprises seek to tap into the flood of data being collected in real-time across their business operations to better serve customers, open new markets, and reduce costs, we anticipate they will transform their underlying information infrastructures as part of their overall roadmap for big data implementation. These IT hygiene steps will help them to assess and optimize areas such as storage infrastructure and data management so that their subsequent big data analytics is built upon a robust and future-ready foundation.

Related to the second theme, we believe that organizations paying the most attention to determining and carefully prioritizing their high-value functional areas for analytics will stand to gain the most from big data investments. This is no simple task and we believe that last year’s emphasis on identifying which data streams can provide the greatest payback via real-time decision-making will continue into 2013. Organizations will start to focus in on highly targeted areas for big data analytics, moving beyond sales data and customer sentiment and into aspects that can directly impact and help to optimize areas such as IT service levels and mission-critical operational processes. We’ve all heard about applying big data analytics for preventative maintenance in heavy industry, but imagine the potential when this same approach is applied across all computing devices and IT infrastructure in any industry. Intelligent analytics will be a powerful means for IT departments to better manage the growing diversity and complexity of bring-your-own-devices (BYOD) and bring-your-own-applications (BYOA).

Organizations will also realize there is no, single, magic skill-set for big data that they can easily specify and secure. We expect organizations will look for a combination of technical skills in platforms such as Hadoop together with industry-oriented analytics skills. We see the best leverage from building the confidence of business analysts within their own organizations to ask deep questions, working with people skilled in Hadoop and related technologies to derive answers to the questions – iteratively. It’s not a “once and done” undertaking.

One of the interesting things about big data initiatives, is that they necessitate strategic thinking in terms of asking strategic questions for the business and then coming up with innovative answers to these questions. For example, what data, if it was more timely, could yield operational improvements or competitive advantage? What combinations of data, previously treated distinctly, could help identify patterns which could then be rapidly acted upon to optimize business processes and adapt on-the-fly to the changing business environment? Of course, there’s many more questions that can be posed, and in 2013, those organizations that can best mine the insights hidden in their data will have the best chance of turning data into information, and ultimately into competitive advantage.

Tablets, which were rarely used up until a couple of years ago, are now increasingly becoming the computing device of choice for many in today’s workforce. Clearly, Mobility is driving change for enterprises. Enterprises need to determine how to support this new technology throughout their organization. What I would like to highlight in this blog is a look at how your infrastructure can be geared up to address mobility.

The impact resulting from mobility on organizational infrastructure has put IT in a precarious position. In the past, IT was the technical leader for the enterprise. With mobility, technology expertise has moved to the user. As a result, the enterprise governance needs to ensure the entire organization is invested in a mobile strategy with a set of leaders who understand the importance of mobility. In many cases, a mobile governance team needs to be assembled with members from IT, Business, and Operations departments to ensure a mobile strategy that covers all aspects of the enterprise requirements. For some companies, it is becoming more common to have a single person in charge to ensure a mobile strategy is created and implemented.

With billions of devices being used by your employees and customers, you can be sure that your physical infrastructure will need to be geared up to address mobility. A few significant infrastructure areas that are impacted include:

Network Infrastructure – With the potential for thousands of devices requiring low latency transactions, the current enterprise network infrastructure needs to be reviewed. Networks that supported primarily PC to web based applications may no longer be adequate. They now need to be able to address data access from multiple (home, business or public) locations to either a company or employee owned device.

Storage Infrastructure – The use of mobility is driving the creation and growth in unstructured data like never before. Videos are becoming a primary way of communication using up bandwidth and storage needs. Instant messaging and social networking usage growth are driving the need for discrete document retention and security requirements.

Cloud – Cloud computing is optimally designed for today’s mobile world. The ability to scale is perfect for mobile devices and business applications. Cloud computing will likely soon be the most predominant means of accessing information through mobile devices.

Mobile Infrastructure – All mobile devices typically contain GPS, gyroscopes, accelerometers, cameras, and other features. Rich mobile applications are being developed to take advantage of these features aimed at improving productivity, driving revenue and improving customer service. Enterprises must ensure that their mobile architecture is suitably designed to enable these technologies while ensuring scalability and security.

Mobile Applications – Mobile applications developed today need to be context aware to provide the optimal user experience. Organizations need to determine if they will develop apps natively, use a cross platform MEAP, or employ a hybrid platform technology such as HTML5.

Mobile Environment Management – Enabling mobility while minimizing costs and maintaining a level of security and control to protect for the organization is critical. Managing mobile devices and applications appropriately is a critical step to ensure that adequate levels of security and management are achieved as needed.

After gearing up these infrastructure components to address mobility, enterprises need a holistic goal focusing on the progress made at all stages. How do you know that your mobility goals are being achieved on day one, mid-way and at your project’s end? Key performance indicators must be established for areas such as customer satisfaction, employee productivity, cost reduction per service among others.

Conclusion

Today’s world is enabled by near-universal connectivity options and an ever-increasing choice of mobile devices that allow organizations to deliver their services at any time through any network. As a global provider of end-to-end services across the mobile ecosystem, Unisys provides flexible and scalable engagement models that allow today’s businesses to take full advantage of the benefits of a mobile enterprise.

The question is: how do you adequately address this need when federal data center managers have additional mandates from the Office of Management and Budget policy requiring steep budget reductions, data center consolidations, intra-agency resource sharing, moving to the cloud, and the shifting of storage expenses from fixed capital expenditures to variable operational expenses?

One creative solution is business tiering – the promoting and demoting of data based upon the importance of the data to the organization’s mission. This process allows for critical data prioritization decisions without the risk, added cost or historical time delays to position data in the appropriate storage class.

As an example, the IRS – Unisys’ latest data center customer – can ensure the right data sets be promoted directly to the fastest storage tiers during next year’s tax season. Less important data sets will be re-assigned to less expensive storage. This will improve performance when needed, drive down costs to taxpayers, and possibly enable tax returns to be provided earlier.

Empowering an agency to make data prioritization decisions is a fundamental shift in data center transformation.

The solution for the IRS also created an on-premise storage cloud that addressed all mandates and requirements. The 10-year contract to manage the agency’s mission critical data can also substantially reduce costs.

With an estimated data center storage hardware market size of $38.37 billion worldwide, and hardware spending to surpass $126.2 billion in 2015, both federal and commercial entities need a creative and cost effective approach to their growing data needs.

In this post, I would like to go into more depth on each of these five areas.

1. Organization and People: This pillar focuses on the culture of an agency and openness of employees to change. For example, it wouldn’t have been unusual for some federal employees in the 1980s to spend 70% of their time in the field, interfacing with clients. With the advent of computers, these same employees became dramatically more office bound – in the field only 30% of the time. This required a culture change at many agencies as employees gradually moved to this new office-based way of conducting government business.

   Now, utilizing a mobility program, an agency’s goal could be to return those employees to the field by giving them useful mobile devices that allow them to enter data and share information remotely.  Focusing on “on the spot,“ “in the field” and “in real time” greatly enhances the time employees need to interact face-to-face with citizens that rely on their government services.  But it also requires a culture that accepts new ways of doing business.

2. Policies and Governance: This pillar concentrates on what is necessary to move the organization away from outdated and restrictive models, who has the responsibilities of leading that move, and how the changes will be managed through deployment and operations. In some cases, outdated policies that inhibit useful adoption of mobility must be changed. These policies might include: not allowing employees to use their own devices, requiring employees to report to the office every day, requirements to record vast amounts of data regularly, or a policy that forbids Wi-Fi in an office. All these policies need to be addressed thoroughly before a mobility model can be considered.

   From a governance perspective, the entire enterprise must be invested in the strategy, with a set of leaders who understand the importance of mobility and know what levels of funding and resources are needed to deliver a successful program.

3. Business Processes: If an organization’s goal is to move employees to the customer site, processes associated with being “at the right location” and “in real time” must be leveraged.  For example, I’m reminded a recent experience when my car was damaged in hail storm. I saw firsthand how my insurance company had dramatically maximized the efficiency of claim agents in the field by using a mobile strategy. My insurance adjuster came to my home with a mobile device, which he used to take multiple pictures of my damaged car and measure the damage. The information was then transmitted to the company’s data processing system, which soon came back with a printout on how much they would pay to repair the car. I signed the printout on the spot, and a check was immediately generated for the body shop.

   By reengineering its business processes to take advantage of mobile technology, the insurance company improved my customer experience and made its agent more efficient. There’s no reason this can’t be applied to government operations.

4. Technology: The focus here is to ensure the organization has the appropriate hardware, software and support services in place. Agencies need to address questions such as:

   -How do you engage business and IT to deliver a “ship ready” mobile app in 4-16 weeks?-How do you deliver a drop-box tool efficiently, securely and cost-effectively?

   -How do you implement strong authentication, single sign-on and access controls?-How do you start improving your critical infrastructure when funds for this may not exist?

5. Performance Management: A holistic, enterprise-wide goal focusing on “are we making progress?” also is essential.  How do you know that on day one, day 90 and at your project’s end that your mobility goals are being achieved? Key performance indicators must be established for areas such as customer satisfaction, employee productivity, cost reduction per service and other metrics.

Most experts agree that mobile devices and applications present a goldmine of opportunity for organizations to make their employees more productive and their clients happier. By focusing on these five pillars, enterprises can help to ensure that their mobility strategies are well-defined and likely to achieve their goals.

Unfortunately, however, off-the-shelf cloud service provider technologies alone don’t often provide the greatest impact. Rather, the power of integration reaps the most benefit. Linking separate cloud applications together yield the highest return on investment with the most flexible environments, along with additional security, authentication, provisioning and management capabilities to leverage the power of multiple best-of-class products.

As a recent speaker at the DevFest D.C. technical conference, I highlighted how systems integrators like Unisys make the most of an agency’s existing investment by developing simple adapters to combine useful user information together on a single screen. For example, we recently demonstrated how Salesforce Chatter feeds and task management activities could be integrated directly into a Google Apps site to provide a full comprehensive view of a project’s operational status.

We have several other examples of the power of integration in the areas of secure cloud authentication; secure mobility of Blackberry, iOS and Android devices; voice and VoIP technologies; and secure data encryption from our successfully completed Google Apps cloud e-mail and collaboration experiences at the General Services Administration (GSA), the National Oceanic and Atmospheric Administration (NOAA), and most recently the Department of Energy’s Idaho National Lab.

Mobile app stores, thanks to the smartphone and tablet revolution, the focus of developer community is shifting to building consumer applications for the mobile environment. With thousands of apps available at the Mobile App stores for free or at unimaginably low prices, users are only a click away from choosing an application that suits their needs.

Cloud based consumer apps, by virtue of the benefits they offer – cost-savings, scalability and anytime-anywhere availability, employees are willing to bypass the constraints imposed by IT.

Social Media has become such an integrated part of our lives it is almost impossible to keep it out of corporate environment for long. Customer facing employees are in tuned to the fact that customers like to be contacted via mediums and are therefore willing to use social media applications despite the lack of support or opposition from IT.

So while BYOA trend is still at a nascent stage, benefits of BYOA are more pronounced than the BYOD trend. There are obvious risks which BYOA introduces, but it’s fair to say that the benefits outweigh the risk making a strong business case for the adoption of BYOA. The key benefits of BYOA are:

• Availability of diverse functionalities at very low price
• Enterprise can replace costly software licensing with cheaper apps
• Continuous innovations in the consumer world can give great ideas that can transform business
• Enhanced Productivity as the employees accomplish their work with their desired app
• Cutting down on Employee training time and allowing employees to feel more invested

On the flipside if BYOA is implemented without appropriate policies/tools, it could result in the following consequences:

• Data is likely to be stored in mobile devices or in a cloud hosted by a third party vendor rendering very less control to IT and can pose a very serious threat to enterprise
• Multiple versions of the same app across different OS will create unnecessary management headaches for IT
• With consumer apps, provider will not be able to guarantee the long-term viability of the app or product

Innovation today is driven by customers and employees as they demand apps that help them be more productive than the prescribed software and processes offered by IT. Already it seems clear that Cloud-based apps are ushering in a new culture in many organizations. It is safe to say now is the time to embrace the brave new world of enterprise applications that will dictate the future.

As you know, consumerization of IT focuses on the business impact of information workers’ growing use of mobile technologies – often personally owned – to do their jobs.

This year’s study found that consumerization of IT is increasingly driven by a class of super-connected, tech-savvy mobile workers. These workers are willing to defy IT policies, using unsupported, “bring your own” devices and applications to get work done and serve customers on the front lines of business.

In effect, these “mobile elite” workers are the new corporate superheroes. Striving to achieve new levels of collaboration and customer service, they push the envelope of innovation and change within their organizations.

Like all superheroes, though, the “mobile elite” have a vulnerability. Their kryptonite, so to speak, is a habit of risk-taking that can create fresh support and security challenges for their IT departments, which often have a different view of how personally owned technologies should be used.

This compelling evidence prompted Unisys to create a comic-book infographic chronicling the adventures of the enterprise superhero “Mobileman.” The story and illustrations intrigued the editors at popular social media blog Mashable, who recently spotlighted the “Mobileman” infographic in an article.

We trust that you’ll find the research and infographic compelling. And we hope that you’ll use them as an impetus to think of ways you can work with the mobile superheroes in your organization to discover new ways to empower high-productivity workers and make your business more competitive.

It is evident that banks may not embrace, due to the aforementioned risks, the ‘outsourced cloud strategy.’ However, cost-wise, it is still a very interesting option to consider.

What are the recommendations of the FFIEC?

1. Cloud Provider. Perform thorough due diligence on the Cloud Provider. Investigate the company profile of the provider that fits within the goals of the bank. Think especially on how data is being treated operationally. How is it being secured? The gap analysis will give you the option of finding another provider if it does not fit your requirement.
2. Vendor Management. Inspect the provider as much as possible on all kind of aspects, including knowledge of financial processes and legal liability issues.
3. Audit process controls. Examine how the bespoke service provider implemented those controls. Do this on a regular basis and make sure your audit department is well-trained on this.
4. Information Security. Keep a tab on information Security by encrypting everything and maintaining bookkeeping of all data sources. And whenever data is being deleted, make sure that it is really deleted and not sleeping in a quite cloud corner.
5. Legal affairs. Ideally there should be a “dashboard” indicator to see how compliant is an outsourced Cloud. By the way, there are some tools on the market that cover this but the FFIEC does not mention any.
6. Continuity planning. This security risk will be found in most of the corporate security handbooks. Test the provider on the continuity aspect according to the plans they have in place. Pull the plug, literally.

Is this new?

Yes and no. Most of the documents come from early 2000 and look a bit outdated. But there are developments within specific banking domains that give hope. For the card payment domain most of the topics above are tackled within the Payment Card Industry / Data Security Standard (PCI/DSS) 2.0 specifications. There is a special outsourcing aspect to this, like transferring security responsibilities to a third party data center.

So are these recommendations valid for the banking sector?

Absolutely! Current Security Policies will have to be reviewed against the proposition of the Cloud. A good analysis gives insight in the gaps and things which need to be done.

Driven by this evolution of end-user mobile devices, information workers (iWorkers) are driving their organizations efforts to create new ways of conducting business. The new wave of productivity isn’t just driven by devices, either:  tech-savvy are also using a broad range of consumer technologies, including self-procured application tools to get things done in the workplace. These consumer technologies are fast becoming iWorkers’ primary means of staying informed, connected and productive, both professionally and personally.

As a result, organizations must embrace this new world. In doing so, they can mobilize their businesses, transform their operations and modernize their technical infrastructures.

Establishing an effective vision, building a lean strategy and achieving objectives that benefit the organization’s mission, however, are often elusive tasks.  To achieve these goals, organizations need to have a mobile business enablement strategy that focuses on five key “pillars of success.”  These are represented in the following graphic:

In order to take a holistic approach to implementing a mobility strategy, organizations should assess their readiness to align each of these five pillars to the objectives of their mobile business model:

• Organization & People: Do you have a culture in your enterprise with the willingness and the flexibility to accommodate the change to a mobile workplace?
• Policies & Governance: Do the organization’s policies support the mobility strategy, and are leaders invested in its success?
• Business Processes: To what extent do you need to reengineer your business processes to leverage the benefits of the mobility strategy?
• Technology: How will you ensure that you can provide, operate and maintain the technology needed to achieve your mobility goals?
• Performance: How will you measure the success of your mobility program and keep things on track?

These five pillars are interrelated and sometimes overlap, but they are all essential aspects of a mobility strategy. In subsequent posts, I will dive deeper into each of these five areas.

Sound familiar? It’s a story we hear over and over again. It’s what we, as an IT organization, analyze, it’s what we plan for, it’s the services we orchestrate to deliver, on time, and within the razor thin budgets we all operate with. So, what are you to do? How do you effectively manage change, bring new skill sets to your organization, and provide relevant data and real-time feedback on how IT is meeting the end users’ requirements?

The answer lies in flipping the model from managing to service levels (one component of a service delivery organization), to managing quality outcomes. Manage to an EXPERIENCE by putting the end user first as the driver and consumer of critical business services and data. This strategic move can help your organization deliver services faster, smarter, flexibly and more adept to handling change.

While organizational changes aren’t easy, they can be effectively managed by working with partners who can offload the significant costs associated with the daily support of your organization, while providing repeatable solutions, high quality service delivery and fiscal certainty over extended periods of time.

So this is the challenge to you: Catalog your services. Look at your support infrastructure through three classic filters – people, process and technology. Then analyze how much you’re spending (and wasting) by just trying to keep up with the current demand of your user base rather than managing to outcomes and results. Take stock of how many service requests you support and the related breakdown of those services (e.g. PC break/fix, login/password changes, applications support). Consider how many service providers you have assisting you. Have you calculated the cost per ticket of those services? What’s your mean time to resolve service requests? There are many tools, industry barometers and frameworks (e.g. ITIL) that can help and guide your understanding of these services and arrive at answers to these questions.

Now consider the benefit of sharing that information with a partner who, based on historical data and analytics gathered from deploying over hundreds of projects worldwide and cataloging millions of calls per year, tells you that you can save money and precious resources. Almost 20-60% of your ongoing support costs could be reduced by rethinking, redeveloping and re-invigorating your organization with a standards-based (CMMI Level 5, ITIL V3, ISO 20000), world-class service delivery partner organization that will help you manage to quality outcomes, not just SLAs.

What’s the cost of doing nothing?

The first one of such areas is Social Workflow. As organizational and product complexity increase so does the need for collaboration for daily ad-hoc tasks and workflows. Enterprise Social Computing has the potential to go from being a platform on which employees can connect and share content to a platform for decision support, task management and execution. Socially-enabled daily workflow can spark a new burst in office productivity by automating highly-collaborative, improvisational tasks and inject social collaboration into the flow of everyday work. Today, these tasks are hardly addressed by office productivity tools, email or enterprise applications. Social workflow can bridge simple to-do lists and complex, rigid business process management (BPM) systems, bringing value to an unaddressed functional space in the middle. It seems the market has already started to address this space (see Sparqlight Ramps Up Enterprise Social Workflow Capabilities).

The second potential area is using Social networking to deliver more relevant and contextual content to enterprise users. Today, in most cases, knowledge workers are either overloaded with a large amount of out of context data or cannot have timely access to relevant information to do their work. Providing highly-relevant information within the right context will greatly improve the productivity of workers. Enterprise Social networks have the potential to become the prime distribution channel for highly relevant and contextual content, providing the much-needed tacit context for business transactions. This context is derived from the user’s identity, intent, history and environment – core information found in social networks – and is used to filter and route information enhancing the effectiveness of traditional Enterprise Content Management (ECM) systems and again we have already started see initial implementations of this concept (see Salesforce Launch Social Workflow, Merging Analytics Rules with CRM).

Last, but not least, we have been talking about the Enterprise Social Layer – social integration or enablement of enterprise applications for a while. Nick Evans’ bylined article, Moving the new wave of technology from disruptive to productive, he talks about the importance of integration for adoption of Social Computing in the enterprise. Unfortunately, today some organizations still see Social Computing as just another standalone platform for collaboration – an oxymoron by definition. What is worst, there has been a proliferation of siloed Social Computing solutions since most of the new ERP, CRM and ECM applications have started to come out with their own social capabilities and various departments around the organization adopt different social computing solutions. This ever increasing complexity of enterprise integration presents significant challenges to the realization of a “social layer” – a vision for broad, unified social capability across the enterprise. Enterprise Social Computing should be seen and developed as a true horizontal business capability which can integrate collaborative tasks across business units and functions, realizing the Enterprise Social Layer vision.

In summary, Social Computing can go beyond the core premise of improving business collaboration, going further into improving enterprise workflow, streamlining business processes, enhancing the value of enterprise content and integrating collaborative tasks. It is time to get your enterprise strategists and architects to explore future uses of this promising new capability with a futuristic perspective.

Certainly, a separate cloud could be created for each application owner, but then we would be right back where we started, with dedicated, underutilized resources, a lack of standardization, and escalating administrative expenses. Instead, a robust private cloud must be capable of providing disparate service and compliance objectives for the various applications within a single, automated environment.

Secure Private Cloud has provided our customers with a mechanism to automatically provision VMs from various pools of infrastructure resources to meet service level objectives. High availability can be provided by provisioning redundant VMs on disparate pools. Tenant isolation can be enforced through automatic configuration of separate virtual LANS (vLANs). What is new for SPC 2.2 is the option to select encryption and invisibility through our Stealth for selected tenants. Specific tenants have a requirement to protect data as it is transmitted through the infrastructure beyond the current best practices of vLAN isolation. For those tenants, Stealth Communities of Interest (COI) can be defined and deployed as part of the standard SPC onboarding process. In this way, application owners/tenants who are required to comply with stringent security regulations can choose this new option without impacting other tenants who are not required to comply.

Cloud computing provides the most value when IT processes and procedures can be standardized and then automated. This is how Amazon and other public clouds can afford to sell their cloud services at a relatively low price. But the service and compliance objectives for enterprise applications cannot be standardized. If the cloud is configured to meet the most stringent objectives, the cost of ownership will be unnecessarily high. Therefore, a heterogeneous approach is needed. In the future, mission critical applications will be expected to co-exist in the same cloud as non-critical test/dev/demo workloads. For Unisys, the introduction of Stealth in SPC 2.2 is the first step in providing this type of heterogeneity on a tenant by tenant basis.

Private cloud computing is a very different beast than public cloud computing.  An enterprise that has chosen to implement a private cloud has probably picked this computing model because there are very specific requirements regarding service and compliance objectives that cannot be addressed by a public cloud.  But most private clouds are not necessarily architected to manage critical Governance, Risk and Compliance (GRC) issues.  Most private clouds are happy to dispense virtual machines (VMs) in the style of a cup dispenser.  You can get cups in various sizes and colors, but the focus is on standardization and automation of the basic infrastructure, with very few capabilities to address critical application requirements and objectives.  In most cloud environments, these objectives may be met on a cloud-wide basis, but not on an application by application basis.  This can lead to either failure to meet these objectives or, a cloud-wide commitment to the objectives, which can unnecessarily increase the cost of the cloud.  In most cases, many of the unique attributes needed to support an enterprise-class deployment are not available from the “standard” cloud management environment at all.  This is true because cloud computing is still in a nascent state.  Amazon’s Elastic Compute Cloud (EC2) went into full production in October 2008. Back then, watching someone demo infrastructure-as-a-service was like watching a parlor trick:

Demonstrator – “Please tell the audience – have I ever met you before?”
Spectator – “No you have not.”
Demonstrator – “OK – please select a service – any service – from the catalog and tell me what it is.”
Spectator – “It’s a Windows 2008 server.”
Demonstrator – “OK – now watch that my fingers do not leave my hand.”
<relatively short pause of a few minutes>
Demonstrator – “… and here’s a lovely VM for the pretty lady.”
<demonstrator exits stage left to thunderous applause>

Remember? A few years later, we moved past the initial awe and recognized the game-changing implications within the enterprise.  Although “Utility Computing” sounded like a good idea, that type of computing needed this service-oriented approach as well as the proof point (provided by Amazon) to appeal to the stakeholders who, up until 2008, insisted they had to hug their servers for dear life.  Around 2010, savvy CIOs were “kicking the tires” by using cloud computing to automate a particularly operational-intensive part of their workloads – test, development and demonstrations.  In this area, Unisys has leveraged the value of the Secure Private Cloud to avoid over $5 million of infrastructure costs in 2011.  In addition, we have found that standardization onto a single cloud environment has been instrumental in bringing the computing environment under compliance with best practices and corporate regulations, thus reducing risks such as unavailability and network penetration.

But now, we are moving beyond the “kicking the tires” stage and stepping up to critical enterprise applications.  We have moved beyond supporting test/development/demonstration workloads and into supporting production and mission-critical workloads.  Just as our effort to standardize and virtualize our test/development/demonstration workloads was non-trivial, so is this next step.

“Open source intelligence” (OSINT) is insight derived from collating and analysing unclassified, publically available information. It is the process of analysis to identify patterns and hot spots that transforms mere information into intelligence.

OSINT has long been used by governments and businesses as a method to build intelligence on their industry, target market and competitors.

However, in today’s online world the detail and sheer amount of data available from public information sources has exploded and the internet has made it much more accessible. Such sources include media, web-based communities, social networking sites, wikis and blogs, government and official reports, professional and industry associations, and academic papers. It involves massive amounts of data, constantly being published. This provides both an opportunity and a challenge.

Patterns Transform Information into Intelligence

Such a plethora of information offers great opportunity for data mining to gain intelligence. But as I noted above it is not the gathering of lots of information that provides insight – it is separating the “good” data from the noise, identifying and prioritising that data based on relevance, and then analysing what remains to determine what it really means before the data ages to the point that it is no longer relevant. The good news is that much of this analysis can be automated using advanced data analytics and heuristics tools such as neural-network technology. These are advanced computing techniques based on our growing understanding of how brains store information as patterns and use those patterns to solve problems. It involves mimicking how an analyst would work through the data manually by creating and continuously evolving business rules to automate the analytical process.

Neural-network technology is already being used today for fraud prevention and customer behaviour prediction. For example fraud prevention software can help identify patterns of suspicious behaviour to calculate a claim’s degree of risk. Similarly, pattern analytics are being incorporated into smart video surveillance solutions to identify and act on threats quickly.

It is no surprise that the same approach is being used in the intelligence community leading to the development of dedicated OSINT agencies – many of which grew out of previous traditional media monitoring services.

In the U.S., the Director of National Intelligence’s Open Source Center is an agency based within the Central Intelligence Agency (CIA) to provide analysis of open sources for U.S. intelligence. The U.S. Secure Border Initiative (SBINet) used open source intelligence to provide actionable indicators of changes in illegal migration and smuggling including analytical tools to detect patterns and predict illegal activity.

In Australia the National Open Source Intelligence Centre was established in 2001 to provide state and federal agencies with a dedicated open source issue monitoring, research and analytical support capability.

Of course automated technology does not remove the need for the human analyst – but a human would never be able to wade through the massive amount of data publically available – let alone do it quickly enough, and share it with the right people, for it be acted upon in real time. Rather it is a tool to enable open source intelligence gathering and analysis to be effective.

Understanding the Context

In addition to sheer volume, open source information is also characterised by the potential of erroneous or misleading information. The ability to automatically recognise patterns of interest in open source information is insufficient if the source information itself is untrue. As such, it is critical that the context be taken into account when determining what weight to give a particular piece of open source information.

For example, is the source of the information considered to be a highly reliable or typically unreliable source? Does the source have “an agenda”? What was the timeframe and location in which the information was published and what other events or activities might bias the source? Are there corroborating alternative sources, and if so how reliable are they?

Although open source can provide a wealth of information not easily obtained through targeted intelligence collection, it can also be used as a tool for counter intelligence through disinformation and distraction. As such, open source information needs to be treated with a healthy dose of scepticism.

Classifying Intelligence

While managing the sheer volume of publically available data is a huge challenge in itself, one of the more critical issues arising, particularly in government circles, is the classification of the intelligence gained by aggregating and analysing that data. With analysis its value and potential sensitivity increases.

This raises questions about what the threshold is to go from “open” to “secret”? Who makes the decision about how to classify data obtained from open sources? And with whom can that data be shared? Consider the advantages of being able to share intelligence across departments, between the public and private sector, and across international borders. Then look at the risks (think Wikileaks)!

Much of this comes back to the need to find balance between protecting sensitive data while being able to securely share that data between trusted parties. Sensitive data in the wrong hands can pose real danger. But valuable intelligence that is unavailable to decision makers is worthless.

Intel may need to be secured to protect the source. It may also need to be secured if could reveal sensitive information to adversaries. Classified data is information that a government claims is sensitive information – for example, in the U.S. classified data is defined as data the release of which would damage the national security of the U.S.

Post 9/11 there was a public call for greater cooperation between governments globally to share information against common threats. Many agencies publically promoted how they were using open source intelligence to better identify potential threats. However, in the last few years there has been debate about to what degree data should be shared – particularly if doing so would remove a competitive edge or “decision advantage”.

There is also some public backlash fuelled by fears of privacy being breached by governments that create digital dossiers on their citizens. Others query that if the government is funding OSINT using taxpayer funds then the results should be made available to its citizens. Perhaps this comes down to what the intelligence is being used for: national security vs where to focus investment on new schools.

How to Share Data Securely

Once it is determined who should have access to the intelligence, the issue comes down to how to share data securely. Traditionally restricting access to data has been achieved by restricting access to the network. This means that access to data on the network is restricted based on the highest level of classification found on that network (i.e. the high water mark). This inevitably led the proliferation of multiple networks to service different classification levels which required replication of data across those networks that needed to be maintained and updated. However, in today’s reality of constrained IT budgets, remote workers, cloud computing and mobility, the focus needs to shift to more efficient and effective means of securing the data based on the person trying to access it and the circumstance in which access is being requested.

Not all data is the same – the level of sensitivity varies. Different levels of classification of data can be grouped together by the level of confidence needed to ensure that it is secure. Then apply security measures based on this classification of data.

You must assume that even the internal network is a hostile environment. Rather than rely solely on controlling access to the data, look at securing the data itself via encryption. That way even if the wrong people gain access to where the data resides, they still can’t read the data. For example, Unisys Stealth, which was built for the U.S. Department of Defense to secure sensitive information, uses certified encryption, then bit-splits data into multiple slices or shares as it moves through the network or is written to local or remote storage.

Stealth also provides a means of controlling access to data by setting up communities of interest based on “need-to-know”. Stealth allows multiple communities of interest to share the same IT infrastructure without fear of another group accessing their data. That way only those roles that need to have access to data can do so.

In addition, attribute-based access control is an emerging technology that grants access based not only on the nature of the data and the individual requesting access, but also on the location from which access is being requested, the method used to authenticate your identity (for example using a password offers a lower level of identity authentication than using a biometric fingerprint and so may restrict access to sensitive information) and whether there is anything about the access request that is outside your normal pattern such as access to information you don’t normally access or at hours outside your normal work schedule.

These are all ways for access to be based on the data and the person trying to access it, rather than the ability to get into the network.

So open source intelligence is not a new concept, but with the explosion of online information and social media it has become a much bigger job than it used to be. Neural-network and related technologies are playing a key role in identifying patterns in both commercial and national security contexts that turn mountains of information into nuggets of valuable intelligence. The key is being able to securely share that intel with the right people.

Overall there is tremendous enthusiasm for mobility across federal, state and local governments. Mobility is really the next model for engaging the public because it goes beyond the web browser to the mobile device as a way to catch eyeballs and create a two-way discussion with citizens.

The second annual Consumerisation of IT study, conducted for Unisys by IDC, found that 28 percent of Australian workers in enterprise organisations said they used iPhones for work purposes – while that is a healthy adoption, the global rate is even higher at 69 percent. But we Aussies up the rest of the world when it came to using tablets for work purposes – 14 percent of Aussies and 13 percent globally

However, the true power of mobility in the workplace is not just that more employees are using mobile devices for work. Yes, mobility can help improve worker productivity and provide another channel for customers to access to services, but the really exciting thing is the opportunity to better engage and collaborate with the public. This means governments can also better serve what have been traditionally underserved demographic groups in ways that were not possible with the internet because of the digital divide.

Mobility represents something which in this century is probably the most exciting evolutionary change in the way IT can help society transform itself. The public sector is at the centre of this, and what they are doing is very exciting.

Overseas, the U.S. Internal Revenue Service has a mobile app that allows citizens to find out the status of their tax refunds, which is something that a lot of people want to see.

The U.S. Federal Communications Commission developed an app for citizens to test their broadband connection speed via their mobile device. This is actually a great example of changing a business process to put the process of collecting information in the the hands of the public. It illustrates a new model based on public use of inexpensive mobile applications to collect information, in this case saving money that the FCC would have would have otherwise been required to spend to collect information about performance across the country for future broadband initiatives.

But it is not all smooth sailing. The U.K. Government faced criticism for how much money it had spent on developing mobile apps. But a truly disruptive trend is rarely without some hiccups.

Meanwhile, Australian governments are embracing mobile devices and apps to meet our local needs, such as more efficient communication of important information to our dispersed population, allowing public servants the ability to take action on the spot rather than having to wait until they have returned to the the office¹.

For example, the Attorney-General’s Department released its DisasterWatch mobile app to improve access to disaster information and help reduce call volumes to Triple Zero (000) during natural disasters.

City of Sydney Rangers trialled using of iPads to identify and fine people on the spot for fraudulently parking their cars in disabled car spaces. Rangers use an iPad to access a large state government database of invalid Australian Disability Parking Scheme (ADPS) cards that have been lost, stolen, destroyed, revoked, or were once for the deceased to identify invalid cards.

At the end of last year, NSW Police launched a mobile website to give smartphone and tablet users greater access to the latest crime news, traffic alerts and emergency warnings.

Australia Post uses a mobile website and smartphone apps to provide easy access to information and services such as to calculate postage costs, search for a postcode, view and track parcel items, pay bills online, find a nearby posting box and locate any Australia Post retail outlet.

The NSW Government Transport Info 131500 app provides up-to-date trip planning details and maps for using train, bus and ferry services across greater metropolitan Sydney.

In March this year, the Australian Department of Immigration and Citizenship offered a mobile app to drive community participation in its Harmony Day initiative providing information about how to participate in the campaign, watch videos, upload photos and participate in social media conversations.

Yet there is still have a long way to go. Many Australian organisations, both government and commercial, have not yet moved corporate applications other than email onto mobile devices. For example, only four percent of organisations responding to the Unisys Consumerisation of IT study had modernised customer-facing applications for tablets or smartphones and only another four percent expected to do so by June 2012.

However the possibilities are amazing – and Australian government at all levels is at the forefront of innovation.

¹ Many Australian Government mobile apps are available here: http://australia.gov.au/news-and-media/social-media/apps.

What are some of the biggest misconceptions you think IT people have about mobile apps? What do they most often overlook?

Most people believe that building a mobile app is just a technical issue. It is often presumed to be an extension of web based applications. But there is more than just technology at work. It involves, thinking about improving productivity, grater engagement with individuals and building an alternate revenue source. It is important to think about how this app increases the organizations customer base with greater interaction. You have to think about how you can reduce the work load of an employee and introduce features that will reduce manual intervention. Most organizations are tempted to provide many features but you must realize that not all features are necessary on mobile channel. In fact, some may prove to be counter -productive. So it really is more than just ‘go put this in a mobile device’; it is about solving the larger business problem and ensuring increased productivity.

What are some of the typical technology challenges you are seeing that drive people to come to Unisys for help with mobile apps?

Organizations grapple with a couple of large issues today. One is a technology and the other is security. Most clients worry about developing apps for multiple platforms and there is a growing concern about apps not being compatible with different technologies. But the fact is that you don’t have to move your applications to different technologies when it is in the mainstream. The ‘smartness’ can be built into the app regardless of the technology and it can be used across platforms. Using device capabilities like camera for bio metric authentication is an example of building smartness within the application. Another cause of concern is security risks. Customers are apprehensive about losing sensitive corporate information. They want to be assured that only the right people have access to certain types of information. Progressive enterprises who are embracing mobility are looking for solutions with data encryption capabilities, remote wiping of sensitive data, (an essential capability in case of device theft) and strong user authentication mechanisms. I believe people are aware of the challenges of mobile enablement they just lack the right approach, tools and resources to address them.

What are some important elements to bear in mind while developing mobile apps?

Achieving the best results from building enterprise mobile apps requires business savvy and technical expertise. As organizations enter the development cycle, a recommended first step would be to assess what they are trying to accomplish. For example, rather than simply extending a web-based application, they need to how the application could become more interactive or decide what additional features it could provide to serve as a new revenue channel or meet other goals by adding “smartness” to the application.

We helped a leading air cargo organization take advantage of this approach and improve their air cargo services. First, we examined the process used to book and track cargo—identifying what manual data entry steps could be removed from the process. Second, we mobile-enabled the streamlined process and eliminated the need to work from a fixed computer. This increased the engagement level of the employees with continuous access to information on the move.

This seems to be particularly true of many Australian government organisations, which are already gun shy about moving to a cloud environment because of the potential risks, and are far less likely to run applications in the cloud than their commercial counterparts. For instance, a poll of 111 attendees at the CA World Expos in Sydney, Melbourne and Canberra¹ found that 57 percent of government respondents said they run no applications in the cloud compared to 36 percent of commercial organisations.

Unfortunately, they are also so tired of the hype around cloud computing that they risk overlooking the potential for other cloud-like approaches such as virtualisation and automation. These approaches, often used to prepare an IT environment for cloud adoption, can by themselves serve to reduce costs and make IT infrastructure more scalable, modular and mobile. These happen to be some of the same positive features driving the adoption of cloud, thus, you can be “cloud like” without actually entering the cloud.

Government agencies face many of the same IT issues as commercial organisations: managing capacity demands, streamlining processes and building an organisation that can quickly respond to changing business needs. However, they must achieve these levels of innovation within the unique constraints of a government environment; from citizen expectation and public scrutiny around data security and privacy, through to requirements for data sovereignty while also taking into account the impact of foreign government legislation such as the U.S. Patriot Act.

So it is surprising that when asked what they would do differently next time they implemented cloud services into their IT environment, 25 percent of government respondents said they wanted to make better use of existing IT infrastructure, yet only 9 percent said they would put greater focus on virtualising and automating the existing environment, compared to 25 percent of their peers in commercial organisations.

While the survey indicates that government organisations want to make better use of their existing IT infrastructure, they could be overlooking virtualisation and automation techniques as a means of achieving that goal.

Perhaps they are overlooking these approaches as they are often used in a cloud environment or context, and are not being considered on their own merit – i.e. they may be throwing the baby out with the bathwater.

¹ The survey was conducted by Unisys as a poll of 111 attendees at CA World Expo, a series of CA Technologies end-user events held in Sydney, Canberra and Melbourne in July 2011. The 111 responses comprised of 46 responses from government organisations, 61 from commercial organisations, and 4 from non-profits. 61 percent of organisations had at least 3,000 employees.

Sensing the convergence of business and technology trends, in September 2011 the TechAmerica Foundation formed a group of experts to develop guidance for helping state and local governments evaluate, adopt and implement cloud computing. This initiative follows the Foundation’s earlier release of a blueprint for the U.S. federal government’s adoption of cloud computing, which supported President Obama’s Administration’s cloud-first strategy for government technology and for driving U.S. commercial leadership and innovation.

The Commission believes, cloud computing and its surrounding technologies will continue to evolve rapidly. As needs and requirements change, technologies and processes will respond. The Commission encourages state and local governments to engage on cloud and, quite frankly, to join the cloud revolution and welcomes them to the cloud transformation of IT-based services.

The Tech America Foundation report shows how state and local governments can use cloud computing. It explains what cloud is and how it can transform government. It identifies successful uses of cloud and sources of advice on how to better serve citizens — and annually save up to tens of millions of dollars. It shows that cloud’s support for enhanced collaboration and improved services make it an imperative for state and local governments.

Governments, much like users in the commercial space, have traditionally purchased and operated their own hardware and software. With the new cloud computing approach, a provider entity offers some or all of these IT resources as a service, reducing what the government must do for itself. The provider supports a group of cloud consumers, reducing cost, increasing flexibility and promising improved operations. Like all new technologies, cloud raises some important questions and concerns, but it also offers compelling opportunities. The Tech America report draws on industry experts and early adopter experience to help state and local governments answer questions and resolve concerns so they can benefit from opportunities.

According to the SLG-CC /Commission, despite a challenging economic environment, state government IT budgets are beginning to trend upwards, but still down approximately nine percent from pre-economic downturn numbers in 2011. If adoption of the cloud is to be cost-effective, state and local governments need to think less about long-term budget cycles and more about near-term savings. This process requires identifying existing applications that could be migrated to cloud-based solutions. Potentially, the savings from adopting cloud solutions could be reinvested into other areas of mission-critical need for the state and its residents.

In its research, which included interviews with state CIO’s and local government IT managers, the SLG-CC Commission found various methods of how state governments are funding cloud projects. Among the Commission’s best practices findings and recommendations:

• A strong state central governing IT body can be extremely beneficial for adopting a state-wide cloud initiative and leveraging existing IT budgets.
• An identified funding stream for enterprise cloud solutions was using funding out of existing data center budgets.
• A single vendor or integrator should be considered that provides an overall solution which leverages best of breed sub-solutions and technologies from a variety of vendors.
• Cloud technology is changing too rapidly and deployments are comprised of too many technologies and subsystems to rely on a single vendor to provide them all.

Unfortunately sometimes it takes an awful tragedy to initiate action. Perhaps this is because public outrage forces officials to look beyond the dollar. A number of violent attacks here in Sydney have highlighted the critical role that effective surveillance solutions can play in public security and law enforcement.

Sydney’s King’s Cross is known as a vibrant inner city night life and entertainment destination. However, an attack that resulted in the tragic death of a young man revealed gaps in security surveillance of the popular night club strip.

It has also highlighted the sometimes complex relationships between various government, council and law enforcement organisations involved in determining who has responsibility for the deployment of effective surveillance solutions. Unfortunately, to the public this may look like a whole lot of finger-pointing. It has certainly added further fuel to the ongoing debate about the benefits of using video surveillance technology to secure our streets.

Of course, it is very easy to be wise in hindsight, and the reality is that CCTV is only part of the wider security requirements in King’s Cross.

But what is clear is that the community supports security surveillance, including the use of sophisticated facial recognition technologies:

• 67% of Australians believe security cameras are an effective anti-crime effort in their community (SDT Security Secure Homes Report 2012 – page 6).
• 92% of Aussies agree with the use of facial recognition technology to help police identify people from security camera footage or video obtained from the public (Unisys Security Index).

The good news is that more cameras are now being deployed in Kings Cross by the City of Sydney local government authority.

However, what we don’t know is whether these cameras are being incorporated into an intelligent surveillance system to identify potential security threats, automate alerts to facilitate prompt action to incidents, and provide the detail to assist law enforcement to do their job.

Are they super-high resolution cameras so that police officers can zoom in on footage to identify key detail that may help investigate an incident? Is there some sort of facial recognition technology installed on it to allow the Police to pull up a face match from the database of all NSW Driver’s Licences holders? Is there intelligent video analytics deployed so that investigators can track objects and patterns on clothing and on vehicles? Is automatic number plate recognition software being used to check for stolen and unregistered vehicles? Can police officers pull up camera feeds on their smart phones or on iPads in their patrol cars to be able to better leverage their effectiveness on the ground?

Just adding more cameras is not always the answer. The time for “dumb CCTV systems” is over. Sophisticated video surveillance tools are readily available and supported by the public.

But doing this is not as simple as it seems, it needs careful planning and technical expertise to reap the benefits of mobility in a practical and secure way.

Improving business process efficiency and increasing productivity are the primary goals of many mobile enablement initiatives. And whether this involves mobile-enabling newer applications like electronic medical records, or revamping existing mobile applications, organizations should begin by taking stock of their priorities. They need to evaluate:

• the current level and effectiveness of the functionality provided through existing mobile applications
• the new features or capabilities they’re looking to support, and their impact on ease of use, user acceptance, and business process value
• the intended audience for the mobile application, as well as their level of sophistication and usage expectations

Doing this allows an organization to identify what is crucial for their mobile technology strategy and develop a course of action to solve specific, concrete challenges.

However, a note of caution: there are no shortcuts to mobile deployment. Moving from a traditional to mobile-enabled application presents technical challenges from an integration perspective. That’s because SAP, Oracle, and other core back-end systems have APIs that are not designed to be consumed by a mobile device. To overcome this limitation and permit data exchange, some type of gateway must be implemented.

Using products such as Sybase Unwired Platform (SUP) or Antenna software streamlines the enablement effort by providing the capabilities to manage wireless transactions and communication between an enterprise backend system and the mobile devices accessing it. Once this integration has been accomplished, the back-end system can easily scale to support a variety of mobile devices and platforms, simplifying what could otherwise be a complex, time-consuming task. Unisys is currently using this approach to develop and integrate a mobile application for a major telecom provider so it can support a marketplace of enterprise applications via a software-as-a-service platform.

For organizations wishing to respond faster to business opportunities, a well-thought through and implemented mobile application must be an extension of their existing services and future business goals.

The question is – are you ready to securely seize new revenue and service opportunities in a mobile, wireless, web-based world?

It’s amazing to see what has happened since then, along with what has not happened.

Here are some of the basic concepts:

1. Application-Centric Computing is the realization of an evolution in computing where IT management can manage how well applications are providing the necessary information and knowledge that is being requested.

• Each application is managed as an independent entity with the following requirements
  • Service
  • Availability
  • Security
• Lower level utilities, such as CPUs / Memory / Storage and Networks are self-managed in a manner that is determined by application-focused policies

2. Virtual Application Cells isolate the application from all other applications. It provides a level of management as if the app was running alone on the Operating System, on a secure server.

Concept #1 assumed that we would solve many of the barriers that were impediments to providing utility computing. Most of those barriers have been lifted and large public clouds have shown the way to providing computer resources as a utility. The technology called “auto-scaling” is available for public clouds. This allows policies to be set up that determine when to provision additional VMs in the cloud to meet escalated workload demands.

Regarding Concept #2, a technology similar to “Virtual Application Cells” is available in some grid computing environments, but not readily available for general purpose computing. Given the current state of Unisys thought leadership, we could now reword Item #2 to read:

Hybrid Applications in a Hybrid Enterprise can be isolated from each other, executing as if each application is alone in the Hybrid Enterprise.

But consider another slide from that same deck:

Essential Elements of Application-Centric Computing Remain unresolved

• What is a “Transaction?”
• How do you achieve a level of service?
• How do you achieve a level of availability?
• How do you enforce security?
  - Access Control
  - Authentication
  - Authorization
• How do you properly charge for application usage?

This brings up an area that the industry has yet to adopt as standard computing practices. Management is still very infrastructure-focused, but now it’s the virtual infrastruture as opposed to the physical one. Some enterprises understand the value of managing at the application level. They deploy extreme automation at all levels of the infrastructure, including physical, virtual, OS and middleware. Instead of devoting the majority of administration time at the infrastructure level, they focus on the application level. This allows them to work directly with their key stakeholders – business unit leaders and application owners. They measure, monitor, report and control at the application level using tools that are considered part of the Application Performance Management (APM) market.

Applications can be deployed where each application can be specified regarding levels of service and compliance.

The purpose of this blog is to discuss where we were and where we have arrived in the last nine years. And – maybe – where we will be going in the next nine years.

In every country, the survey found that individuals were prepared to take strong action against the organisation responsible for the data breach.  For example, in Australia 85% said that they would stop dealing with an organisation if their data was breached, 64% said they would publicly expose the issue and 47% said they would take legal action.  These are all actions that can harm a business’ bottom line, reputation or both.  Clearly this shows that securing against data breaches is in fact a business issue, not just an IT issue.

Whether it is personal client data, valuable intellectual property, or sensitive corporate documents – preventing a data breach is a key concern for most corporates and IT managers.  And WikiLeaks serves as a stark reminder that in some cases the enemy is actually inside the enterprise – trusted (or formerly trusted) employees and contractors with authorized access to sensitive corporate data.

The extent of “insider attacks” ranges from 4% (2012 Verizon Data Breach Report) to over 20% (2011 CyberSecurity Watch Survey conducted by CSO magazine).  But what everyone does agree is that the damage incurred by insider security breach can be far more severe than that caused by external threats.

The insider threat can be unintentional (such as a lost USB drive with corporate financial data, a lost or stolen mobile device with access to corporate systems or emails, or an employee fooled into disclosing data in response to the increasingly sophisticated socially engineered spear-phishing scams) or malicious (such as a disgruntled or compromised employee).  Regardless, the consequences for the organisation can be devastating.  But how can an organisation protect against insider threats?

While there is no single solution, the basic advice Unisys offers organisations is to take the appropriate steps to secure their perimeter, but also treat the internal environment as hostile territory.  In other words, take the insider threat seriously and don’t pretend it doesn’t exist.

There are a plethora of tools that can be employed to detect potential security breaches by monitoring data access/usage by insiders.  For example, Cyber Security Operation Centres (CSOC) employ Security Information and Event Management (SIEM) analytics to capture and analyse data from various event logs and to automatically alert IT security staff of potential security breaches.   The downside of this approach is that detection occurs after the fact.  Also, the additional monitoring and processing required to close the gap between occurrence, detection and response may result in significant performance degradation in the very systems being protected.

Some of the newer end-point protection technologies avoid this problem by focusing on the prevention of data breaches.  For example, data encryption can be used to enforce “need-to-know” access control.  However traditional “need-to-know” security solutions often incur significant administrative overhead as changes are required to multiple system components (e.g., routers) whenever there is a need to add/delete personnel or create/change roles.

Enter Unisys Stealth^TM!  Unisys Stealth overcomes the administration challenge with a new breed of encryption technology that supports highly secure “Communities of Interest” that can be administered easily and efficiently via Microsoft Active Directory or similar tools.

And for organisations providing employees with access to sensitive data from mobile devices, “need-to-know” access control may need to be further augmented by attribute-base access control:

• Need-to-know-WHO: If the data is particularly sensitive, verify the identity of the requestor through a second/stronger form of authentication such as a voice or face biometric.  Mobile devices with integral microphones and cameras are ideal for this.
• Need-to-know-WHERE: If an employee has the requisite need-to-know right to access a particular data resource, but the request comes from a laptop or mobile device in a café or other public area, it may present an unacceptable risk.  Mobile devices with built-in location services are able to support this type of capability.
• Need-to-know-WHEN: If an employee is requesting access to data resources outside normal hours, there may be cause to question the request or enforce additional authentication.

While no technical solution can protect against all forms of insider threats, organisations can significantly reduce their insider threat risk profile by moving beyond perimeter defence and treating their internal environment as hostile territory.  This means employing advanced breach detection/response capabilities like CSOC and breach prevention technologies like Stealth and attribute-based access control.

How can organizations cope with this demand?

Building apps of the future, for a group of diverse users, requires a diverse team:

• Developers who live and breathe mobile, and have worked extensively with multiple mobile device types and platforms,
• Senior IT architects who are expert at integrating mobile applications with enterprise systems, in both traditional and cloud computing environments
• IT security and services specialists who can address all aspects of mobile application and device security and management, including role-based security, and
• Business and industry consultants with keen insight into critical processes and a full understanding of mobility-related policy and compliance concerns

An organization will also have to evaluate the tools that they use to develop mobile applications. With skilled use of native tools such as Apple Xcode, developers can build and release a prototype in just a few weeks time. Development time can be reduced drastically by using a ‘design room’ approach, where organizations discuss and agree upon the aesthetics of the proposed mobile application before a prototype is built.  By doing so, issues around look-and-feel are immediately addressed eliminating copious amount of time spent on this later in the development cycle. Patterns can be another effective tool for app development. For example, workers in certain environments may still rely on a clipboard-based process to record data, entering that information into the supporting application. To streamline this process and eliminate errors that occur from manual data entry, developers can create a documented, reusable pattern that connects “clipboard” style work to data sources and then apply that to current and future mobile application development efforts.

Using a combination of all these tools and techniques organizations can quickly design and deploy business-critical mobile applications.

Here, in a short interview, Bart Hetrick, Portfolio Manager, Mobile Device Management, Unisys Corporation hits upon key elements of a mobile device management strategy that can help organizations keep their users policy compliant while remaining productive and supportable.

As the workforce paves the way for more technology savvy individuals– those who are seasoned in social networking and the use of smartphones — the way forward for our clients is to embrace these devices into their enterprise. Nothing is more exciting than being part of our client’s transformation and in today’s reality nothing is more transformative than empowering customers and employees with a mobile enabled enterprise. Interestingly, most CIOs at our recent event listed four categories of inhibitors to the process of enabling and sustaining mobility:

1. People – Today it is the employees who are driving change within the enterprise and not the IT departments. They expect a better user experience, greater convenience and richer interfaces.  And more importantly employees are finding ways of enabling these devices sanctioned or unsanctioned with IT departments playing catch-up or worse yet losing control of their own processes.
2. Infrastructure – Many organizations are burdened with old architecture not suited for mobility. A primary concern for decision makers is finding a solution that can integrate with their legacy and back end systems. Besides, IT departments are not prepared for the onslaught of changing technologies, form factors, and platforms. Consumers adopt new devices far more quickly than IT can find the means to support them. Finally it is the sheer volume of information being shared that challenges enterprises.
3. Policy – Many organizations have ad-hoc policies in place. There is great uncertainty in the minds of management about the right kind of policy that must be implemented for a sound mobile engagement.
4. Security – Organizations want to capitalize on the surge in mobility but are wary of the risks. They want to make sure their core data remains secure and inaccessible to unauthorized users.  Security breaches and identity theft and misuse of data if a device is lost or misplaced are only some of the many concerns that cause anxiety when it comes to enabling mobility.

The need of the hour is to create cost-effective ways to manage and support employees, customer and devices while maintaining the security of sensitive, mission-critical corporate data and resources.

What are your organizations doing to take advantage of emerging trends?

Stealth, Unisys’s patented cybersecurity technology, can play an important role in creating defense in depth.  First, Stealth can compartmentalize a corporate network, so that systems that have been breached cannot see or access other critical systems.  Second, Stealth is designed to protect the integrity of communications that pass across public networks subject to interference.  Let’s take a look at each of these use cases.

Network Compartmentalization

Most corporate networks are basically flat.  That is, any system on the internal TCP/IP network can see, and access, any other system.  This simplicity allows for great flexibility.  Authorization is handled at “a higher level,” not at the networking level.  Thus, administrators can grant or revoke access rights centrally, through Access Control Lists (ACLs) such as LDAP or Active Directory.

The problem is that a flat network is totally exposed when a compromise occurs.  If a hacker obtains control of an internal system, he may not have access rights to critical systems, but he can see them.  He can map the network, determine system points, probe for open ports, and then use “canned” attacks to move “sideways” within the network and attack other systems.  That is, once the burglar is through the front entrance of the apartment house, he can see all the doors and go test which of them are vulnerable to attack.

Stealth compartmentalizes a flat network.  Systems can only “see” other systems that are in the same community of interest (COI).  Systems in different COIs simply don’t respond to any form of traffic from the compromised system.  The hacker can’t map the network, can’t determine system types, and can’t find open ports.  Thus, the hacker is denied the most common, and most effective, tools of his trade. Before Stealth, the only way to partition a network was by rewiring and inserting routers and other gear at the partition points.  Not only was that expensive, it was inflexible.  If next week a different partitioning was needed, then wires and equipment might have to be moved again.  Stealth does all that in software.

So, what happens if there is a breach? If a hacker compromises a web server that uses Stealth to talk to its application server(s), the hacker can certainly see and communicate with the application server(s).  He can generate false requests for information and do damage within that application silo.  But he can’t get out into the general corporate network.  With properly (and narrowly) defined COIs, Stealth provides “watertight doors” between the compartments of the corporation.

To see why this is so important, consider the network infrastructure of a typical public utility.  Everything is on the same flat network: from the accounting system to the process control network for critical equipment.  In this age of Stuxnet and other viruses tailored to attack public infrastructure, that’s a very scary scenario.  Malware can be introduced in all sorts of ways – infected USB sticks and flash cards, social engineering, “drive by shootings” that result from browsing compromised web sites.  With Stealth, the critical process control network can be partitioned off from the corporate network, without any rewiring or additional networking hardware.  That flexibility, and Stealth’s strong encryption, are two of the reasons that Stealth is so compelling.

Geographic Isolation

It’s a fact of life that in many overseas locations, so-called private networks use communications lines owned by state-run telephone companies.  These companies have been known to make the data, and the lines themselves, accessible to the governments that own or influence them.  (It even happened in this country, lest we forget.)  This exposes an enterprise not just to interception and theft of confidential data and intellectual property, but to the more insidious problem of impersonation.  If a hacker has access to the traffic of an enterprise, he knows which IP addresses are legitimate, and he can impersonate one of the legitimate addresses not currently in use.  Now he is on the corporate network, even though no system has been compromised (yet).  Or in LOLcat-speak, “I R IN UR NETWORKZ, STEELIN UR DATA.”  Only it’s no laughing matter.

Stealth can help. Here, the solution requires that the problem geography be its own Community of Interest or even better, a set of COIs with differing levels of access.  Every system is equipped with Stealth; every user is placed in a particular COI, depending on his or her access requirements; and every boundary point between that geography and the rest of the corporate network has a Stealth appliance as a “border crossing agent.”  Stealth assures the privacy of communications through encryption, but so would a Virtual Private Network (VPN).  Stealth’s unique added value is again the Community of Interest.  The Stealth appliance will not talk to or pass traffic from a non-Stealth node, even if it has a “legitimate” network address.  In fact, it won’t even talk to a Stealth-equipped node unless the user has the proper credentials to get on the right COI.  With strong two-factor authentication (smart cards or password-extending fobs, as well as passwords), that will be a difficult nut for a hacker to crack.

No security system is fool proof if there is help from the inside.  If a hacker can get ahold of not only a Stealth-equipped system but also its user, through blackmail or subversion, then the hacker will be able to log into the user’s COI, because he’s using legitimate credentials.  But Stealth is designed to make it impossible for a third party to break into the corporate network without cooperation from a local agent.  Further, if the COIs properly separate users into different classes with limited access rights, compromise of a particular user would still limit any exposure to the user’s particular COI.

Summary

Just like the human body has more than just its skin as a defense against infection, corporate networks also need multiple defenses against attacks.  Strong perimeter defenses must be accompanied by other strategies that function even when the perimeter is compromised.  Stealth’s ability to dynamically partition networks provides additional lines of defense for an enterprise, as well as ways to minimize the vulnerabilities that arise from doing business in certain parts of the world.

This never-ending battle to secure the network and intellectual property is inducing IT divisions into a constant state of action – strengthening firewalls, updating virus protection programs, encrypting data, physical division of user networks, and more. But traditional security mechanisms only address the threat of external attacks.

What if the threat comes from within the organization?

The Insider Threat

According to a 2011 survey by the Ponemon Institute, 39% organizations reported “negligent insiders” as the root cause of data breaches. Results also show that malicious insider attacks can take more than 45 days on average to contain.

These are scary numbers given the fact that “negligent insiders” are often privileged users with access to sensitive information or systems who either knowingly or unknowingly compromise them. Furthermore, emerging trends like cloud computing and consumerization of IT are only making matters worse for IT staffers as none of the traditional security solutions account for insiders who can compromise IT systems from within the four walls.

Today, organizations are asking -

“In an environment where the traditional “hard exterior, soft interior” network security model has become outdated, how do I better secure my internal corporate applications from unauthorized access?”

Communities of Interest

The need of the hour is a network security infrastructure that enables sharing without risk of another group accessing data, applications, workstations, servers and virtual machines. Members belonging to one community of interest (CoI) should have zero visibility to anyone or any device not in the same CoI group.

The infrastructure should enable IT administrators to manage CoI members based on user credentials and defined access rights, integrated with the organization’s identity management system. This means a user can logon from any workstation and once authenticated, can access his and only his authorized applications and information.

The integration with the identity access management system must also provide seamless CoI membership control without changes to the network configuration (when a user’s role changes, only the identity management system needs updating).

The CoI approach to network security delivers defense-grade security by rendering enterprise data, users, and the data center invisible to the outside world. It is also cost effective as multiple CoIs can share the same physical network, enhancing an organization’s ability to rapidly respond to business changes.

It is time to eliminate the tradeoff between cost and risk, because tradeoffs are never good.

On this blog site, we have extensively covered the impact of these disruptive technologies on IT from endpoint device management, to social network monitoring, to management of the new hybrid enterprise delivery model. However, there is one more fundamental business change in this story. These individual technologies have just started to come together creating a new “End-User Engagement paradigm shift” for organizations. This is a major shift of approach in how organizations and their customers, employees, partners and the general public interact with each other and create and consume information.

Thanks to mobile access to information and self-service tools, consumers, employees, and the general public can now engage with organizations much more quickly and effectively both as individuals and in groups. Employees can build and join social communities of interest and share their thoughts and ideas with like-minded colleagues. We are now always connected to each other and to vast amounts of digital content. There is hardly a business left without a social customer community. Context-aware mobile applications can react to our location, preferences, habits, calendars, and the proximity of other devices and people. Smart analytics can detect our spending patterns and other activities. Most content is already digitized and it seems we are rapidly pushing it up to the “Cloud” for universal and continuous access. End-users are being liberated from device dependency, adopting multiple devices; using cloud-based content synchronization and demanding their daily workflow work seamlessly across all devices.

In the light of these developments, what should the applications of the future look like? How should we go about designing and architecting new solutions? Will quickly putting together a mobile app, screen scraping a legacy application, mobile-enabling a web site cut it? Or should this be seen in the lens of a more major shift – a change of style in “end-user engagement” that requires a better-coordinated, well thought-out plan of attack?

Once the sole face of IT, transactional back-end applications are being increasingly supported by these new user engagement technology layers.  As important as they still are, the backend applications and databases have moved into the fabric of ubiquitous hybrid cloud that works in the background. Once underestimated “client layer” is now rapidly moving from simple HTML pages to an increasingly important, multi-channel, multi-device experience for the end-user. End-user experience can not anymore be an afterthought or the last step in the design process. Organizations should start with the end-user experience in mind and think about how users will interact with their organization across multiple channels and devices. The end-user experience should be synched with the business approach, strategy, brand, and marketing. A common blueprint should be put in place for an overall user experience that is convenient, consistent, intuitive, natural, efficient, and cost effective.

Here are a few key recommendations for those organizations who want to adopt this new end-user engagement approach:

• Understand your end-user’s expectations and their changing habits in the light of these converging new trends.
• Start with business innovation. Identify new business functions, features, processes that will solve pain points across your organization.
• Do not get caught up with individual, silo technology-focused projects. Focus on the holistic end-user experience. Provide seamless, integrated experience, leverage synergies between these new trends.
• Keep an eye on the cost. Adopt self-service systems and leverage consumerization to your advantage.
• Do not forget to identify organizational changes. Actively drive cultural transformation.
• Focus on end-user satisfaction. It is the only driver for end-user adoption in this new world.
• Put horizontal technology stacks in place which can be leveraged across multiple vertical domains. Most of these technologies require common infrastructure such as mobile device and app management platforms, cloud services and enterprise social computing systems.

This new end-user engagement model will be the new face of organizations. It will redefine the relationship organizations have with their employees, customers, partners and the public. It holds the  keys to business productivity, customer and employee loyalty, service satisfaction and organizational reputation.

Today we close out the series with this question: “WHEN IT COMES TO MOBILE DEVICES, SHOULD THE IT DEPARTMENT SECURE THE DEVICE, THE USER, THE APPLICATION, OR THE DATA?”

Nick’s answer: “All of the above.”
Roberto counters with: “Forget the device. Secure the user.”

When you are done reading today’s debate, tell us how you think we should secure mobile devices? What’s your counterpoint? How is your organization dealing with the growth of mobile devices in the work place? Please share your thoughts and ideas in the comments section.

And then one extra question that we’d like to pose to you today: Did you enjoy the point-counterpoint series? Would you like to see more of these? And if so, what topics? Let us know.

NICK EVANS: All of the Above.

Nick Evans, Vice President and General Manager
Office of the CTO

The textbook approach to this is called a defense-in-depth approach, where there are multiple levels of security. And when it comes to mobility, you can definitely take the same approach. You should set multiple security levels around the user, at the application level, at the data level, and measures to secure the device – such as remote wiping, if it’s lost or stolen.

Throughout the industry, we’ve seen organizations focusing on one level, and then extending that security with controls on additional secondary areas.

User authentication, through conventional security measures or more innovative means like biometrics (think facial, voice, palm or gesture recognition), is the most definitive way for an organization to maintain proper security protocols amidst a growing wave of consumerization.

The upside is that with the ubiquity of consumer devices, intrinsic biometric authentication using the built-in capabilities on the device can provide a new level of authentication and authorization than was available previously.

Next, come the additional layers of security. For example, take application management. Businesses have begun adopting popular concepts from consumer technologies, such as the “app store” model, in order to deal with the growth of mobile applications and end-users need for business productivity.

In other words, companies are deploying their own internal app stores that feature a list of company approved apps, making it easy for users to find and install the apps they need without having to send a request to IT. This also eases the deployment of these apps for IT.

In addition to securing the user, and better managing application delivery, organizations that control their in-house application development are beginning to shift their focus to securing the applications themselves. Security has become an integral part of the overall platform that not only secures the device and the application, but also manages the application life cycle.

Lastly, you need to secure the data which is what all this security is about anyway. The cost of mobile devices continues to fall.  And frankly, even if the device costs a couple of hundred dollars, that’s an inconsequential loss compared to the cost of losing the data on that device which could be proprietary or sensitive.  An organization’s main focus should really be securing that data and putting systems in place to track or stop potential threats.

So at the end of the day, all of the above means: multiple layers of security providing a robust defense-in-depth approach to protect your data through strong authentication, better application management and deployment, intrinsic security within the applications, and more.

ROBERTO TAVANO: Forget the Device! Secure the User.

RobertoTavano, Vice President of Global Security Sales
Technology, Consulting & Integration Services

In a security context, the very mobile device should become irrelevant. Let me re-phrase the concept with a hyperbole: you should consider it disposable; something that will get lost or stolen. But, then, who would care about the device itself as long as you have eliminated the possibility of a security breach originating from that device? This new concept will be upsetting for some in IT who have built careers around securing devices. But essentially, the devices are worthless when you protect the data and can prevent connectivity.

So how do you secure a device that can connect to sensitive information from anywhere in the world? It comes down to balancing all elements into a comprehensive defense strategy that allows flexible, adaptive solutions. Users need to feel that their data is secure, without having to jump through hoops to get it.

You won’t create an adaptive defense strategy overnight; you’ll need to have good business processes and inherent security in place, whether it’s around data, the user’s devices, or the applications. But sticking to a piece-meal approach with your security solution will leave room for weaknesses and vulnerabilities. Every day it becomes clearer that user identity will be recognized, eventually, as the pivot around which all security architectures will yield their maximum potential.

The reality is it’s still extremely difficult to construct a proper security protocol that encompasses all of the digital avenues your employees will use to remain productive and your end-users to operate effectively to their full satisfaction. Currently, we end up using surrogate solutions like hot tokens, which provide some security, but also pave the way for new types of threats.

It’s a delicate balance of all these components, and personally, I would consider the device itself as the least important. Focus on user authentication – get that right, make it solid, and you will have achieved an optimal approach to risk mitigation.

“Security Breaches Shake Confidence in Credit-Card Safety”

“Britain’s Serious Organized Crime Agency website hit by cyber- attack”

“Survey by Ponemon Institute reveals that information theft continues to represent the highest external cost.  On an annualized basis, information theft accounts for 40% of total external costs.”

Gloom in the headlines and statistics that don’t shock us anymore – representative of a world that we all have to live in, organizations have to operate in, and economies have to flourish in.

Cyber criminals are deploying deadlier cyber weapons at a brisk pace and designing malicious software for a spectrum of devices. It’s no surprise then that, a recessionary environment coupled with a competitive market and demanding customers, is making most enterprises feel a heightened sense of insecurity.

The need of the hour is to raise protection levels against cyber-crime with visibility across all aspects of security operations. Deploying a comprehensive security solution that properly assesses and mitigates security risks, monitors and responds to persistent attacks from the outside or inside, and safeguards what the organization values, will go a long way in achieving your enterprise security goals.

The motivation for change is clear. So, what next? How does one define, design, and deploy a comprehensive security solution? How much security is enough?

In an environment where organizations spend millions of dollars on deploying a combination of security solutions from different vendors that create complexity and system overhead, such questions need to be answered. We at Unisys believe that a security posture based on the following 7 security principles is a good place to start:

• Confidentiality – Make data and systems accessible to only authorized users, or restrict information access to unauthorized users
• Integrity – Importance of accurate information can’t be over stated in today’s business environment. Possess the assurance that data being accessed hasn’t been tampered with, and is trustworthy and dependable.
• Availability – Enterprise data must be available at the required level of performance at all times (in security events ranging from normal to catastrophic). Lack of availability is loss of use.
• Authentication –Validate a user’s unique identity to confirm that the end-user is genuine. A strong authentication approach does this by combining two or more authentication factors – “something you know” (password/pin), “something you have” (smartcard), “something you receive” (one-time-password), “where you are” (GPS), and “something you are” (multi-modal biometrics – face, voice).
• Authorization – Once a user is authenticated, ensure that his/her activities within the network are limited to what has been authorized. The idea is to establish a well-defined authorization mechanism with the means of detecting unauthorized activity.
• Non-repudiation – An organization’s information assurance systems must provide a mechanism by which a sender or recipient of a message is able to prove that their counterpart did in fact take the action in question. Systems must ensure that a user cannot deny undertaking a transaction at a later stage.
• Auditing – The security posture must ensure the traceability of every single transaction on the network. In case of a dispute, it should be possible to work back through each step in the process to determine where the problem occurred and who was responsible.

Such an approach helped Spain’s Ministerio de Empleo y Seguridad Social (government agency) develop the solution it needed to monitor the status of key security vectors in real time across data centers separated by several kilometers. The new capabilities ensure that only trusted, credentialed individuals are able to gain access to these facilities, monitor activity inside the data centers, and enable subsequent audit processes.

They now know that anything less, will not do.

For Cloud-minded organizations, automation of operational processes and tasks is the obvious solution that has been used since Clouds were first developed, for increasing operational effectiveness and efficiency.  In Secure Private Cloud and Unisys Secure Cloud, we used uOrchestrate as our automation engine.  uOrchestrate has been part of Unisys Real-Time Infrastructure for years.  The Cloud development team takes automation for granted.  So much so, that the team has moved to work on other exotic Cloud technologies and features. We assume everything should be automated. Unfortunately, many of our IT customers remain on the other side of the automation knothole, wondering how to get through it.

Automation has a long history at Unisys beginning with when it was first deployed in Unisys mainframe systems in the 1960s.  Today those systems are referred to as ClearPath systems.  Unisys ClearPath teams (both MCP and OS 2200) have a proven track record of designing, delivering, and operating secure, reliable, compatible computing systems that are architected to be highly maintainable and performant.  Unisys systems, from their inception, were designed to support multiple users and applications, utilizing unique automation techniques to monitor and manage customer workloads within the mainframe environment.  Unisys engineers have continued to innovate by applying automation to solve many operational issues of the system and ease application development while lowering on-going operational costs.

Unisys ClearPath systems are leaders in using automation to deliver reliability at very low operational costs.  ClearPath systems have an extremely high Mean Time Between Software Stops (MTBSS) in excess of seven years.  This is achieved in part by applying automation to reduce administration and operational errors.  ClearPath databases can be managed and reorganized while remaining in production use, thus improving availability to support business processes.  ClearPath systems provide fully automated disaster recovery and ‘lights out’ operations.  The embedded, intelligent management of workload priorities can be utilized to limit resource bandwidth to ensure backups in such a way that lower priority work doesn’t interfere with mission-critical work.  All of these are due to automation.

When Unisys engineers approached the development of Cloud technology, it was only natural to use these skills while constructing the Unisys Secure Private Cloud product and services for virtualized Windows and Linux/Unix workloads.  Windows/Linux Clouds face the same security, reliability, compatibility, maintenance and performance problems that ClearPath teams have solved over the last five decades.  While Windows/Linux Clouds are based on different technologies than ClearPath systems, Unisys teams have used their Clear Path expertise, design principles, software engineering and verification processes to create the Unisys Secure Private Cloud offering, which addresses many of these problems today.

We have used our experience and creativity with Secure Private Cloud and services to make automation accessible to customers.  We have created a ‘Jumpstart’ version, focused on bringing up an initial ready-to-use Cloud on customer premises with automated operational mechanisms.  We can move in a step-wise manner from the initial Proof of Concept to a Pilot phase where we can start integration of the Cloud into customer’s operational environment, and eventually move to the production phase as capabilities are proven.  We think this stepwise approach will enable our customers to learn and move forward as the system and operations are able to take on work.  Let’s get ahead.  Let’s get started on automation together.

Today, we are facing such similar decisions within our IT shops.  The rise of resource abundance and virtualization has given us options to better utilize the available physical resources.  We’ve come to realize that the operational management of virtual resources has added to our operations teams’ workloads because, they have to manage both the physical resources and virtual resources while continuing to operate with reduced budgets. This has led to the emergence of Cloud computing.

As we begin to explore the operational aspects of ‘Clouds’, we discover that Cloud stacks employ automation mechanisms to help the deployment and management of applications and virtual resources.  We see that our current human-language-based run books and human-augmented processes have to be radically changed to do what Clouds can achieve; and we’re challenged to find knowledgeable people to lead the effort and manage the organizational change.  We are leery of placing big bets on Cloud when new products enter the market or when small companies are acquired by larger companies. And there still remains more Cloud hype than fact in the marketplace.

There are several challenges to overcome as we envision our future IT departments ascending to higher echelons of artistry.  It is important to note that Michelangelo wasn’t immediately world renowned, he too had to study under masters and seek studies of new subjects.  IT departments need the same mentoring to understand what’s different about automation and how they scale up cloud workloads.  Some past decisions, skills, and partnerships will need to be reconsidered.

One example for reconsideration is how human-centric operation processes change radically after automation.  Prior to automation, humans could enter the intervention process to resolve unforeseen issues.  For example, they could examine SNMP events or other systems management statistics.  They were, by design, the central point for monitoring and trouble shooting.  In contrast, automation is machine centric and machine augmented.  Having technicians design and augment the automation code that runs on machines, as well as intervene and remedy problems will have to change.  Interventions will now have to follow an automated course to resolution.  As better versions are designed or implemented, the automation code, like application code, will have to be revised and redeployed.  The revised versions require careful management and deployment to achieve iterative improvement.

Human supervision has to move from monitoring applications to overseeing both the applications and their automated management.  Moving human-centric operations  to the realm of automation allows administrators to manage operations at a higher control plane, such as measuring and verifying service levels and, delivering higher quality to the actual customers.

Even with times of uncertainty, we can see opportunity ahead. Seeking enlightened advice and skilled practitioners in the art is an appropriate step forward and can help us plan for our future success.

In the healthcare industry, lives hang in the balance. Financial services companies need to extend credit to the right people at the right time. Transportation sector strives to fuel the supply and demand sides that impact the entire gamut of social and economic activities of a country.

In such an environment, organizations look for ways to transform business processes for increased operational efficiency and innovation. And this is where disruptive trends like mobility and social collaboration become a reality – to enhance employee productivity and make knowledge sharing an integral part of the workplace culture.

But while mobile devices and collaboration tools increase employee mobility and productivity, they also create new risks in the form of data breaches and information theft. A number of high profile security breaches have occurred recently, putting the limelight on affected organizations. These events have had a negative impact on the reputation of these companies, and may lead to loss of business.

To thwart data leakage, businesses need to enable secure remote access to enterprise data by securing user access and validating identities. It is time to re-evaluate the overall approach to user authentication, and take a fresh look at enterprise identity assurance strategy.

So, the motivation for change is clear. The question is what’s next?

For decades, passwords have been the standard means for user authentication. But the problem with passwords is that a simple password can be guessed or hacked, and a complicated password is difficult to remember so gets compromised by being written down somewhere. Furthermore, forgotten or lost passwords can result in significant costs.

The need of the hour is a strong authentication solution that secures the process of validating identities by combining two or more authentication mechanisms – “something you have” (a smart phone), “something you know” (a PIN/Passphrase), “something you are” (a biometric feature like face/voice), ), “something you receive” (one-time-password), and “where you are” (GPS) to confirm that the end user is genuine.

Biometric technologies provide the most efficient means to uniquely identify a person and enhance the identity confidence within an organization’s decision making process. It is good news then, that, the public has become increasingly accepting of biometrics technologies and systems, rather than view it as an invasion of privacy. According to the latest edition of the Unisys Security Index, 37% of American respondents prefer biometrics such as fingerprints, voice or facial images to secure mobile work devices outside of workplaces, and these figures are reflected similarly elsewhere, for example 50% Colombians prefer biometrics to protect data while using mobile devices.

For organizations wishing to respond faster to business opportunities, comply with regulations, attract customers, and reduce security vulnerabilities, mobile device enablement coupled with a strong and robust authentication system can help them in achieving their security goals. The eco-system must provide employees and end-users with the means to be enrolled, and to authenticate themselves in a variety of different environments and applications.  This enables organizations to resolve significant challenges in managing and auditing user access to information systems, and securely seize new revenue and service opportunities in a web-based world.

Why this sudden view that all is well?  Have we knocked out these cyber nasties?  Hardly. Estimates discussed at this year’s RSA Security Conference in February were that from 10% to 20% of the Internet is infected with something.

The days when bored college students and macho programmers vied to create and distribute the most elegant or loudest and annoying malware are long over.  Stealing information and identities has become big business.  Organized crime and nation state-sponsored cyber-espionage are quiet activities – they don’t want to attract attention.

These groups are using remote management capabilities that would be the envy of many corporate IT departments to accumulate and maintain herds of zombie PCs – PCs that belong to unsuspecting computer users everywhere.  Once they’ve infected a system, they patch it, suppress the anti-virus software that may be present, and variously manage its configuration. In this way, they ensure that rival botnet herders can’t steal it from them, and the legitimate owner never even knows they are there.

Remember last year when Aunt Sue was driving you crazy asking for help fixing her PC?  Haven’t heard from her for a while?  “The PC is working just fine, thank you.”  Yes, she’s no longer concerned … but the rest of us should be because her infected system can be used to attack ours.

This problem of users who don’t understand their systems well enough to tell something is wrong isn’t going to be solved by educating them.  As computers get easier to use, there is less incentive for users to understand how they work internally.  Who can fix their car by themselves these days?

The organizations best positioned to detect these infected systems are the major Internet Service Providers (ISPs).   So far, they haven’t been incentivized to do anything about the problem.  ISPs are in a position relative to their customers to perform the same role corporate IT departments carry out with workstations on their intranets.  They can run monitoring systems to detect infected machines, provide mechanisms to help fix them, and not let them on the network until they are fixed.

I don’t think anyone would argue against the result this would produce; the rub is figuring out who pays for it.

These findings are especially significant for our public sector clients, because they directly relate to the way these organizations should offer online services to citizens. Citizens who want to access their social security records or tax information online will expect the government to protect their identities and their privacy. Public sector organizations will have to provide secure authentication and strong protection from cyber criminals.

This will hold true in the private sector as well. Commercial services providers in areas such as financial services and healthcare are facing the same challenges with regard to how they interact with consumers on line. Solutions to challenges such as data protection and securing mobile devices will be essential.

Cybersecurity issues are reported in the headlines on a weekly basis, and consumers are more aware of the threats than ever. With this awareness will come expectations that the organizations they trust to protect their data will do just that.

View my new video on the Unisys Security Index.

It seems like an opportunity lost that the Border Agency didn’t look at the Easter holidays as an opportunity to showcase its preparedness for the Olympics, given the natural surge in outgoings and incomings to the UK borders. Instead, the impression given is that a plan for expanding both departure and arrival procedures simply isn’t in place. Unless BAA and the Border Agency are able to pull a rabbit out of the hat in the coming months, then we’re looking at a serious problem at our airport and seaport terminals during the summer. And if they pull such a rabbit now it clearly will be a panic measure. UKBA preparedness has to be judged, at this late stage, by what is evident now.

With 11 million tickets available for the Olympic Games, the influx of international attendees, athletes, visitors and media will be a significant proportion of this number. There are a number of scenarios which UKBA could play with at this late stage to mitigate this disastrous situation:  firstly, if the number of border staff reductions continues at its current rate, and the full scrutiny procedures remain the same, the worst case is that a situation could evolve quickly whereby planes are forced to turn away from our major airports because other planes are stuck at airbridges, not unloaded, because the arrivals immigration hall is packed. Alternatively, if border procedures are relaxed and Brodie Clark’s plan for intelligence led screening is fully followed by a committed and coherently led UKBA, then some sort of order might be imposed. It didn’t happen before – hence the removal of Mr Clark – so the probability of it being imposed now is slim. The likelihood now is that stringent document scrutiny no longer takes place and we run the risk of letting through potentially dangerous and serious criminals.

But there is still time to improve the situation. The Home Office and Border Agency need to sort out their differences and put in place some sort of short term but dramatic measures at our borders ahead of The Games.  In a recession, spending on our borders was likely to be lean but a combination of technology and increased personnel in the short term should be well worth the outgoing to keep our country safe when all eyes will be on us from around the globe.  Can you imagine the media fallout if we get this wrong.

With Iris technology and e-Gates assisting in reducing the number of staff required to process incoming passengers, the obvious solution would be to start by increasing the amount of automatic scrutiny afforded by these technologies. Rent it, don’t buy it, and insist on the latest technology, whilst increasing staff to supervise the automation. They do not need to be UKBA since all they are doing is keeping an automatic process going.  At this short notice the only answer is to enhance the integration of staff and technology.  From our (Unisys) previous work around cargo traffic and delivery at the Beijing Olympics, we understand the importance of planning in advance for these types of events but when you only have less than 100 days to go, you need to do something drastic.

The UK is set to experience the biggest surge at our borders for the next ten years and we have next to no time left to prepare adequate processes for dealing with this influx of visitors to UK and the Olympics. Action is needed now to ensure the UK is protected so those travelling to London for The Games can enjoy their experience from the moment they arrive at any UK airport or sea port terminal. The Olympics should be a celebration of the achievements of the UK in preparing for such a global event. It won’t happen again in UK for decades or longer.  Show the world that UK Borders are open to visitors not a barrier to tourism.

We’ve launched this series in the spirit of debate that drives so much of IT decision-making today. Our first post asked, How Much Security is Enough?

Today Nick Evans, Vice President and General Manager within the Office of the CTO and Roberto Tavano, Vice President of Global Security Sales for Technology, Consulting & Integration Services will ponder the question: SHOULD SECURITY BE OFFENSIVE OR DEFENSIVE?

Nick’s answer: “It depends who the enemy is.”
Roberto counters with “Security must be preemptive.”

What’s your counterpoint? What do you think about Nick’s and Roberto’s advice? What’s your security posture in your organization? Please share it with your fellow readers in the comments section that follows this post.

NICK EVANS: It depends on who the enemy is

Nick Evans, Vice President and General Manager
Office of the CTO

First, we should start off by defining what we mean by offensive security. At the extreme end of the scale, we are talking about coordinating attacks on cyber-criminals via cyber-related means. I think this is appropriate for certain areas of the public sector or the military, where data protection and confidentiality are paramount, and where cyber warfare is a legal part of the playbook. In fact, last year, as part of unveiling a new offensive strategy, Deputy Defense Secretary William J. Lynn III stated that a new “dynamic defense” would seek to deter potential attackers by searching for them on the Internet instead of waiting for an attack.

For non-governmental organizations, however, you can’t fight cyber-criminals by becoming a cyber-criminal yourself. Commercial security should always be defensive; that is to say, be able to protect, detect, and respond to threats. But as the threat evolves, commercial organizations might feel it necessary to take on a more offensive posture, while remaining within the letter of the law.

So what can a commercial organization do beyond a defensive security program? One example is to employ the use of offensive systems such as honeypots. These contain a data cache that’s attractive to hackers, but doesn’t actually contain any sensitive information. What the system does contain: A trap.

Hackers lured into the honeypot are monitored as they work to exploit the fictitious system. The organization’s security team learns about the hacker’s behaviors, tools, and techniques; and works to gather sufficient evidence to track them down, pursue them legally, and ultimately, take them offline for good. For more background on this, a useful article is this piece from Symantec which looks at entrapment, privacy and liability considerations.

At Unisys, we are seeing organizations start to move from a reactive security defense posture to a proactive enterprise security intelligence methodology, where advanced data analysis is helping to predict threats before they cause significant damage. The key aspects of this proactive enterprise security intelligence methodology are the integration of an array of sensors such as intrusion detection, malware and antivirus detection, and data loss prevention coupled with continuous compliance capabilities, forensics and situational awareness all built into the operational model. To read more about this, check out our CyberSecurity Predictions for 2012.

ROBERTO TAVANO: Security must be preemptive

RobertoTavano, Vice President of Global Security Sales
Technology, Consulting & Integration Services

I prefer the terms preemptive and reactive instead of offensive or defensive. Offensive and defensive relate well to a military enterprise; not so much to commercial IT. And by taking a preemptive approach to security, you are proactively anticipating the risks, vulnerabilities, and channels of attack against your enterprise.

But in order to adopt a preemptive posture, the organization needs to be adaptive. Unfortunately, few commercial organizations are adaptive in terms of their CyberSecurity. Risk assessment in most enterprises is done once, put into a formal plan, and filed away to live in obscurity, in perpetuity.

To be adaptive means to be constantly assessing risk. It’s not just a matter of building a wall to protect the organization, or reacting quickly when it’s attacked. Organizations that are adaptive evolve their security measures fluidly in sync with potential threats.

The good news is that this issue is coming into sharper focus with the rise of IT consumerization and the rise of brick-and-mortar businesses embracing the benefits of the cloud. The enterprise is extending its reach and opening its doors beyond previously conceived physical and logical boundaries.

For me, the right answer going forward is designing and upholding a preemptive approach to security. The alternative – always chasing, understanding, and reacting to an attack – isn’t attractive or effective, and is by definition perennially behind the curve.

Take a preemptive stance, and you can lead the way to the future of cybersecurity.

When it comes to IT strategies, however, there are few absolutes. IT leaders, teammates, and consulting organizations often draw lines in the sand when it comes to any given approach to solving a technical or business matter.

But the fact is, in IT, there are often several ways to approach and attack a problem. While each approach is equally valid, at the end of the day it comes down to which among the valid approaches aligns best to a given organization’s business and culture.

It is in the spirit of debate and decision that we offer a new series of blog posts focused on CyberSecurity that provide a point and a counterpoint, featuring Unisys Nick Evans, Vice President and General Manager within the Office of the CTO and Roberto Tavano, Vice President of Global Security Sales for Technology, Consulting & Integration Services.

Today’s question: HOW MUCH SECURITY IS ENOUGH?

Nick answers: “You need a balanced and adaptive approach.”
Roberto counters with “Security is not an exotic matter. It’s just part of your life.”

Nick Evans: You Need A Balanced and Adaptive Approach

Nick Evans, Vice President and General Manager
Office of the CTO

Over the past decade, we’ve seen instances of cybercrime increase in frequency, scale, and sophistication. As a result, there’s a growing need for ever-more robust CyberSecurity measures for businesses in order to keep up with this “cyber arms race.” Coincidentally, today’s high tech workplace is driving the need for sensitive data protection systems, dealing with an increasingly porous enterprise security perimeter, and other security vulnerabilities.

Considering that the threat level for cybercrime is constantly changing, it’s important to be able to understand the relative risk levels and determine how much, and when, to invest, in terms of an appropriate level of insurance. I’m talking about the well-known risk-reward continuum, one that will change year-over-year or even more frequently. According to a recent study by the Ponemon Institute, just released in March, it’s estimated that recovery from a successful data breach will now cost a typical enterprise an average of $5.5 million.

Besides rising year over year threat levels, the actual physical layout of enterprise security is also changing. Traditionally, you put your security at the perimeter – either the building or firewall – forming a simple boundary. Today, with the explosive growth of the Consumerization of IT, where information workers bring their own personally-acquired devices to work, we’ve entered the era of what I call “the borderless enterprise.”

IT departments are increasingly asked to secure progressively porous and blurring security perimeters in a situation where data is residing on smartphones, tablets, netbooks, and myriad other Internet-connected consumer devices well beyond the organization’s four walls. Now compound all this with cloud computing, and software as a service, where an increasing amount of transactions are conducted in the public cloud or within externally-hosted private cloud environments. You have to take an holistic approach, and think about all the potential areas of vulnerability where a person (or, increasingly, persons) can gain access to sensitive data, wherever it resides.

So to design your most appropriate security measures, you need to constantly balance your risk/reward equation and invest accordingly, while carefully monitoring emerging technologies for potential new security vulnerabilities.

RobertoTavano: Security is not an Exotic Matter. It’s Just Part of Your Life.

RobertoTavano, Vice President of Global Security Sales
Technology, Consulting & Integration Services

Perfect security does not exist. We all know that. Furthermore, everybody in an enterprise has their own point of view on security. Management sees IT security as purely a technical matter, while end users might find it annoying to have to change usernames and passwords every few months.

Security professionals understand their current level of security is never enough. They know that risk cannot be zero at any time under any circumstance. So the question to ask isn’t “how much security is enough?” The question to ask is, “are you truly capable of calculating the cost of stopping a potential attack?”

Direct costs are often straightforward to calculate. But what about the indirect costs? Brand value, legal actions, tarnished image, loss of credibility, etc. – assigning a value tag to such elements depends solely on your organization’s business model and environment.

Incidentally, indirect costs could be vastly bigger then direct ones. You want your security to be like the oxygen in the air we breathe. Without it your chances of survival are zero. Yet you are hardly aware of its existence – it’s just an integral, invisible part of the environment. Security should not stand out as a fence or as a special feature, but rather seamlessly weave into the very fabric of your organization.

So when talking about the cost of security and who is responsible for driving security, for me, it’s all about a team effort. The CEO has to consider CyberSecurity very high on his or her agenda. And the organization must educate their employees to behave in a secure fashion.

However, creating a model for strategic communities may require significant investment of time and resources.

First and foremost, it requires planning.  Positioning strategic communities to support a company’s market areas of strength, target industries, and key employee roles, and aligning them to business objectives and goals is essential. 

Second, developing a framework for enablement and evolution is critical to sustaining a successful community environment.  Effective frameworks include a project plan, a communication plan for socializing the purpose of the community in order to attract and retain members, and a culture transformation plan to help employees understand the value of community participation.

Third, communities must be well managed.  I like to use an analogy created by my former Booz Allen colleague, Walton Smith, who likened communities to gardens, each requiring a gardener to “seed, feed, weed and harvest.”  Too often companies launch communities with a “build it and they will come” mindset.  Employees may come, but will they stay and engage? 

In order to sustain and attract new members, communities must provide ongoing value. Community managers play a pivotal role in keeping communities viable and helping them grow.  They engage subject matter experts who can provide the right answers to questions at the right time and transfer knowledge and best practices to help community members evolve their skill sets. They seed content and motivate members to share and engage with each other through newsfeeds and community webinars. They promote the exchange of ideas and harvest and repurpose valuable knowledge. They also capture metrics to measure community growth and effectiveness.

Finally, communities cannot be successful without employees who are enthusiastic, engaged and willing to share.  This is where culture transformation comes into play. Successful strategic communities have clearly defined key benefits areas and related use cases to illustrate how community involvement delivers value to its members as well as to the business. Nothing drives behavior change more than a colleague’s positive experience with a new tool, a process or community involvement. Savvy community managers capture and repurpose these success stories to drive membership, increase adoption and validate business value.

Strategic communities that are well-planned, properly enabled and effectively managed can significantly impact the success of social collaboration within the business enterprise. Just ask the next knowledge and collaboration strategist you meet. Better yet, take a look within your own organization and assess how strategic communities can play a role in the success of your social collaboration efforts.

For example, here in rugby-loving New Zealand, 14 percent of New Zealand iWorkers said they use iPhones for work purposes, compared with just 2 percent in 2010.  By 2012, 10 percent of Kiwi iWorkers expect that iPhones or other smartphones will be their most critical business devices in 2012, compared to 5 percent currently.  This is in line with the global trends.

Consumer devices and applications are more technologically advanced than their corporate device counterparts. Is this then the death knell for the high-end server?  Not at all; in fact the server plays a key role when rolling out true mobility – enterprise-class applications – to employees and customers alike.

Moving with the times

It’s a “no brainer” that organisations that embrace mobile devices satisfy customer, employee and partner expectations.  Yet most organisations have only scratched the surface of the potential benefits from the increased productivity these devices allow. 

Our research also found 12 percent of Kiwi organisations plan to develop mobile apps for use by their employees in the next 12 months. This will enable greater efficiency in existing business processes by allowing access to update corporate data while out of the office, as well as the potential to develop whole new business models made possible by mobile applications. 

Mobility and the Mainframe

Ironically, while smartphones and tablets are fast replacing desktops as critical business devices, they bring a new lease of life to the mainframe.  IT and service management applications are one of the key areas being redeveloped to be used on mobile devices so that IT managers have increased flexibility in managing their organisation’s servers. This means they can work from multiple locations, while still monitoring system utilisation, available memory, waiting entries and policy compliance. Unisys has even built dynamic application support into its ClearPath servers to handle the frequent logging in and out that is typical of mobile users. 

Working from a smartphone, however, doesn’t mean accepting a compromise in security or functionality.  For example, Unisys ClearPath MCP Mobile Monitor App enables an IT manager to work remotely using an iPhone, iPad or iPod touch, while still having desktop functionality.  Security is taken care of by iOS Keychain, which stores server passwords in the mobile device and Hypertext Transfer Protocol Secure (HTTPS), which encrypts data exchanged between the mobile device and the ClearPath MCP server. 

In addition, organisations may choose to make their applications available as software as a service (SaaS) via a private cloud so that sensitive corporate data does not sit on the device itself, but rather resides on the company’s secured mainframe where access to the data can be protected via encryption and setting “communities of interest” so that only those who should have access can access the data.

The big picture

Organisations can reap fantastic benefits from mobilising existing processes with smart devices, but there is also potential for much more.  Mobile enablement is an opportunity to re-think and re-design business models and processes.  Making applications work with mobile devices makes them real business tools and helps organisations improve the efficiency of existing business processes or even create whole new business models.

Making it happen

Many business applications are now available online for mobile devices.  These programs are often easy to set up and some even allow you to turn your existing applications into iPhone and iPad applications.  For example, the ClearPath ePortal specialty engine is used to modernise mission-critical enterprise applications without altering the app itself so that it can be accessed on mobile phones via easy to use web interfaces.   This is how Rio de Janeiro water utility company CEDAE offered customers the ability to pay their water bills using their smartphones.

In addition, some point and click graphical solutions mean applications don’t even require programming, like the Unisys ClearPath MCP Mobile Monitor App available via the Apple App Store.  This approach is particularly important in these cost conscious times when organisations want to increase the functionality of existing IT infrastructure rather than “rip and replace” the whole thing.

With smart devices, people have the choice and flexibility they demand, and organisations can continue to manage costs and security and provide support.  Mobilising processes can bring improved productivity, efficiency, quality and even better working relationships across multiple levels in an organisation. 

Now that the technology is here to safeguard and facilitate business processes, organisations have the freedom to enhance their businesses with mobilisation technology, from changing customers’ experience at the coalface to creating entire new business models.

At Sears, leveraging the API economy by unlocking their legacy data into open APIs is core to their strategic vision.  Creating open APIs to access their legacy data (e.g. product catalogs, historical purchases, customer preferences, user recommendations) means innovation is happening out there. Open APIs are critical elements of expanding their brand, and creating opportunities for engaging customers wherever they are.

Netflix outsources innovation by letting developers integrate the Netflix service into apps with full control over the user experience.

A solution in itself, APIs are now a strategic resource, requiring an ongoing combination of marketing, usability, design, promotion, and in many cases pricing. All of these elements factor into whether an enterprise will compete successfully in the mobile space with the APIs themselves, and the products and services that are offered through them. The Business of APIs is no longer just a technology play but a business play where the APIs need to be managed and launched as a business, requiring ongoing diligent business and technical planning, functionally and non-functionally.

The most effective way to expose APIs for consumption by mobile devices is to offer them as a packaged set of Service Oriented Architecture (SOA) services, implemented using SOA principles and technologies.  This will be simple to accomplish for enterprises that are already SOA-enabled. For enterprises that are not SOA-enabled, it’s time to invest in building SOA expertise in order to ready themselves to compete and succeed in the Business of APIs.

The newly announced Unisys Application Modernization Platform as a Service (AMPS^SM) solution employs a full lifecycle service-oriented approach for providing a Business of APIs perspective to an enterprise’s API solutions. With AMPS, an enterprise can manage its API portfolio from the core business model perspective, govern its development, and provide comprehensive production API management, where APIs can be published, promoted, and managed in a secure, scalable way.

AMPS uses its patent-pending modernization framework, proven technologies and Center of Excellence services to bring together the business and technical communities to provide a holistic approach to the Business of APIs.  AMPS provides the mechanism for discovering and harnessing an enterprise’s APIs as well as blending them with complementary APIs from partner companies.

With AMPS, the result is a rich flow of information and collaboration across the enterprise, promoting faster innovation and growth in ways that may never have been thought possible before.

¹ An application programming interface (API) is an interface that an application provides in order to allow requests for service to be made of it by other computer programs including mobile applications to allow data to be exchanged between them.

This leaves IT organizations with the challenge of developing a coherent, consistent and smart data analytics capability across their application portfolio which is rapidly aging and growing in both size and complexity.  Today’s application portfolios include large numbers of software components with intricate dependencies and a wide variety of technologies.  Most of these aging applications store a wealth of data that, if made accessible to smart analytics engines, can provide valuable business insights to operate efficiently, grow competitively and comply with regulations effectively. 

As a result of aging application portfolios, however, IT managers find themselves struggling to rapidly adapt yesterday’s technology to today’s business needs while trying to assure that the budgets are not exceeded, planned returns are achieved and business is not exposed to excessive risks.  This application modernization problem has reached a point where it is way beyond the capabilities of traditional “rip-and-replace” approaches.  This problem directly affects the quality of business services, revenue, company reputation and business continuity. What is needed is a new approach to application modernization – one with minimal cost and risk that can help open up the vast amount of information that is collected on a daily basis and unlock new business potential.

Over the past years, the service-oriented approach to application modernization has proven to be successful in delivering the premise of business flexibility and cost savings – but at the expense of increased complexity and overhead if service governance and management is neglected.  An important step in achieving complex enterprise service-oriented modernization initiatives is adopting a comprehensive platform that can provide seamless, full life-cycle governance that extends from design-time management to run-time performance, utilization and security of software services.  A solid service management foundation with smart governance controls is a key success factor in achieving a cost-effective, secure and manageable service-oriented enterprise. 

Unisys Application Modernization Platform as a Service^SM (AMPS^SM) solution achieves just that.  With its best-in-class service management and monitoring approach, AMPS delivers on its key principle of strategic IT service governance and transparency.  Using proven technologies and a patent-pending modernization framework, AMPS provides an open, standards-based architecture.  This allows you to incrementally modernize and open up enterprise applications and expose valuable business data to external analytical engines using an optimized shared-service application development process.  AMPS mitigates the complexity, risk and time-to-market issues associated with similar Service-Oriented Enterprise platforms by providing policy-based, automated governance processes through a subscription-based,  hosted service.  AMPS provides rapid enablement of legacy enterprise applications so that the valuable mission-critical business data can be made available for intelligent analytical engines, helping to tame the information beast.