Why this sudden view that all is well?  Have we knocked out these cyber nasties?  Hardly. Estimates discussed at this year’s RSA Security Conference in February were that from 10% to 20% of the Internet is infected with something. 

The days when bored college students and macho programmers vied to create and distribute the most elegant or loudest and annoying malware are long over.  Stealing information and identities has become big business.  Organized crime and nation state-sponsored cyber-espionage are quiet activities – they don’t want to attract attention.  

These groups are using remote management capabilities that would be the envy of many corporate IT departments to accumulate and maintain herds of zombie PCs – PCs that belong to unsuspecting computer users everywhere.  Once they’ve infected a system, they patch it, suppress the anti-virus software that may be present, and variously manage its configuration. In this way, they ensure that rival botnet herders can’t steal it from them, and the legitimate owner never even knows they are there.

Remember last year when Aunt Sue was driving you crazy asking for help fixing her PC?  Haven’t heard from her for a while?  “The PC is working just fine, thank you.”  Yes, she’s no longer concerned … but the rest of us should be because her infected system can be used to attack ours.

This problem of users who don’t understand their systems well enough to tell something is wrong isn’t going to be solved by educating them.  As computers get easier to use, there is less incentive for users to understand how they work internally.  Who can fix their car by themselves these days? 

The organizations best positioned to detect these infected systems are the major Internet Service Providers (ISPs).   So far, they haven’t been incentivized to do anything about the problem.  ISPs are in a position relative to their customers to perform the same role corporate IT departments carry out with workstations on their intranets.  They can run monitoring systems to detect infected machines, provide mechanisms to help fix them, and not let them on the network until they are fixed. 

I don’t think anyone would argue against the result this would produce; the rub is figuring out who pays for it.

These findings are especially significant for our public sector clients, because they directly relate to the way these organizations should offer online services to citizens. Citizens who want to access their social security records or tax information online will expect the government to protect their identities and their privacy. Public sector organizations will have to provide secure authentication and strong protection from cyber criminals.

This will hold true in the private sector as well. Commercial services providers in areas such as financial services and healthcare are facing the same challenges with regard to how they interact with consumers on line. Solutions to challenges such as data protection and securing mobile devices will be essential.

Cybersecurity issues are reported in the headlines on a weekly basis, and consumers are more aware of the threats than ever. With this awareness will come expectations that the organizations they trust to protect their data will do just that.

View my new video on the Unisys Security Index.

The so-called client/server revolution of the late 1980s to early 1990s illustrates what can go wrong. The goal was to replace mainframes with PCs connected to central file and database servers. The cheap and apparently powerful hardware dominated thinking, leading to major cost items being ignored. For example, people costs – mostly managing and supporting the systems – accounted for as much as 70% of the total cost of ownership. Much of the management work was performed by end users – it was not obvious or anticipated in advance.

I’ve been looking at the economics of Unisys ClearPath systems based on four sets of factors:

1. Delivering IT services: the provisioning and continued operation of systems, with the necessary operations and system support people
2. Reliability, availability and security: how the systems meet business requirements for mission-critical usage
3. Developing and supporting applications: the cost of implementing new application services, including the integration of other systems and databases
4. The business value of applications, measured in lost revenue, productivity, and business opportunity if the applications were unavailable for an appreciable amount of time.

As platforms for intensive transaction and associated batch processing, especially in mission-critical environments, Unisys ClearPath systems are excellent value when all the relevant economic factors are considered. You can read the full analysis in my recently-updated White Paper, Delivering Value: The Economics of ClearPath® Systems, so I’ll just mention three highlights.

First, the pay-for-use business model, based on metering technology, significantly reduces costs while improving performance. Planned peaks and unplanned traffic surges can be accommodated without the need to buy sufficient power to cope with any peak.

Secondly, the very high reliability of the systems allows the 24×7 availability that critical systems increasingly need to meet business commitments. Systems have run for over four years without a restart.

Finally, exceptional security levels – Unisys ClearPath systems are the only ones with no data access vulnerabilities in the NIST dataset – protect critical data in a threatening world. The economic consequences of data compromise can be ruinous, so security really matters.

We’ve also been developing a Total Cost of Ownership (TCO) model for Unisys ClearPath systems, and indeed other systems. The model comes in two forms. There’s a quick analysis, based on a small amount of input data, to give a rapid high-level view, deliverable in a day or so. And there’s a much deeper analysis of all the factors affecting costs.

The model calculates the TCO and its breakdown into various components – hardware, software, people, resources consumed and so on. Using this information, we calculate the cost per business item or items produced or processed by the organisation concerned. The items obviously depend on the business – some examples are passengers booked, banks accounts managed and vehicles produced.

Benchmarking against industry IT averages can also be done – how does an organisation stack up against its peers and others using a similar kind of technology? The model has been aligned with recognised sources of industry averages, so comparisons with factors such as cost per installed MIPS and efficiency of personnel can be made. The results so far show that Unisys ClearPath systems stand up very well, outperforming industry averages. Do read the White Paper to find out more!

It seems like an opportunity lost that the Border Agency didn’t look at the Easter holidays as an opportunity to showcase its preparedness for the Olympics, given the natural surge in outgoings and incomings to the UK borders. Instead, the impression given is that a plan for expanding both departure and arrival procedures simply isn’t in place. Unless BAA and the Border Agency are able to pull a rabbit out of the hat in the coming months, then we’re looking at a serious problem at our airport and seaport terminals during the summer. And if they pull such a rabbit now it clearly will be a panic measure. UKBA preparedness has to be judged, at this late stage, by what is evident now.

With 11 million tickets available for the Olympic Games, the influx of international attendees, athletes, visitors and media will be a significant proportion of this number. There are a number of scenarios which UKBA could play with at this late stage to mitigate this disastrous situation:  firstly, if the number of border staff reductions continues at its current rate, and the full scrutiny procedures remain the same, the worst case is that a situation could evolve quickly whereby planes are forced to turn away from our major airports because other planes are stuck at airbridges, not unloaded, because the arrivals immigration hall is packed. Alternatively, if border procedures are relaxed and Brodie Clark’s plan for intelligence led screening is fully followed by a committed and coherently led UKBA, then some sort of order might be imposed. It didn’t happen before – hence the removal of Mr Clark – so the probability of it being imposed now is slim. The likelihood now is that stringent document scrutiny no longer takes place and we run the risk of letting through potentially dangerous and serious criminals.

But there is still time to improve the situation. The Home Office and Border Agency need to sort out their differences and put in place some sort of short term but dramatic measures at our borders ahead of The Games.  In a recession, spending on our borders was likely to be lean but a combination of technology and increased personnel in the short term should be well worth the outgoing to keep our country safe when all eyes will be on us from around the globe.  Can you imagine the media fallout if we get this wrong.

With Iris technology and e-Gates assisting in reducing the number of staff required to process incoming passengers, the obvious solution would be to start by increasing the amount of automatic scrutiny afforded by these technologies. Rent it, don’t buy it, and insist on the latest technology, whilst increasing staff to supervise the automation. They do not need to be UKBA since all they are doing is keeping an automatic process going.  At this short notice the only answer is to enhance the integration of staff and technology.  From our (Unisys) previous work around cargo traffic and delivery at the Beijing Olympics, we understand the importance of planning in advance for these types of events but when you only have less than 100 days to go, you need to do something drastic.

The UK is set to experience the biggest surge at our borders for the next ten years and we have next to no time left to prepare adequate processes for dealing with this influx of visitors to UK and the Olympics. Action is needed now to ensure the UK is protected so those travelling to London for The Games can enjoy their experience from the moment they arrive at any UK airport or sea port terminal. The Olympics should be a celebration of the achievements of the UK in preparing for such a global event. It won’t happen again in UK for decades or longer.  Show the world that UK Borders are open to visitors not a barrier to tourism.

You might have noticed in the recent ClearPath Connection newsletter that Enterprise Output Manager release 9.1 now provides the ability to generate and print QR Codes from reports that you route to it from your OS 2200 and other systems. EOM 9.1 is included in Release 13.1 of the ClearPath OS 2200 operating system, so you might already have a copy on hand.

If you are using EOM to generate shipping documents, invoices, or account statements that go to your customers, you now have an opportunity to send a big marketing message in a small amount of space on those documents. Ask your advertising and marketing departments what they would want to put there.

Did you know that QR Codes were invented in the auto industry to facilitate the flow of material and documents through the supply chain and manufacturing processes? Many such processes track what is being processed at each step using bar code scans, OCR scans, or (gasp) human typing of job numbers or lot numbers. Adopting QR Codes instead of those other mechanisms can provide more information to the process steps more easily, and could enable process changes that improve efficiency and reduce errors.

If your systems are printing labels or documents that are used in the flow of material or jobs, you have an opportunity to add QR Codes that will improve the process flows. EOM can accept “print” files from ClearPath systems, other mainframe systems, UNIX and Windows systems, and more. You can use the DDA Designer capability of EOM to capture textual information from the files and encode the information into QR Codes that are printed on the final labels or documents. Since QR Codes can be reasonably small, you should be able to add them alongside the existing bar codes or numbers. That will enable a gradual adoption of QR Code usage at the various stations of the process flow.

For specific examples showing how others have used QR Codes to improve their business processes, see the case studies published by the inventor.

Whether you use them for advertising or internal process control, QR Codes enable you to respond. Quickly!

® QR Code is registered trademark of DENSO WAVE INCORPORATED.

Does your mainframe team avoid talking with your Windows team? Is your web development team reluctant to make their project dependent on something from your COBOL development team? Does your enterprise architecture team view your OS 2200 system as untouchable? These examples of silo behavior can inhibit progress on critical projects and reduce the business value of the results.

With Release 13.1 of the ClearPath OS 2200 operating system, you receive several new features that can help your teams break out from their silo behavior without moving too far from their individual comfort zones. Release 13.1 includes the newest versions of middleware and development products that help multiple technologies and environments work together. Your OS 2200 experts will find ways to extend beyond the boundaries of the system using products they already know and love. Your experts in other systems and other environments will find familiar open technologies they can use for access to business data and business rules that reside in your OS 2200 systems. Mainframes actually are open systems – see the recent blog post by Peter Bye, What is an Open System?

Mobility! ClearPath ePortal for OS 2200 provides easy ways to make mainframe transactions available to new classes of users through web and mobile user interfaces as well as web services. Often with little or no change to the transaction programs. Put one of your web or mobile interface experts together with one of your transaction program experts, and see how quickly they can show you working prototypes on tablets and smartphones using ePortal.

Java! The OS 2200 JProcessor provides Java SE and Java EE capabilities running under control of the OS 2200 operating system. The OS 2200 IDE for Eclipse brings workstation-based development tools to the OS 2200 environment. Your Java programmers who have been deploying their programs on other system types can also write code for deployment on OS 2200 systems using familiar Java libraries and services. With a bit of guidance from your mainframe programmers they will be able to use our suite of JCA-compliant Resource Adapters to access databases and transactions on OS 2200 systems using familiar Java tools and calls. They can browse the schema and content of RDMS databases directly using SQL tools. They can access DMS databases through class files generated from the DMS schemas.

Websites! If your website developers are using PHP for some or all of their work, show them how they can use the ClearPath Database Extensions for PHP to access OS 2200 data in RDMS. If you currently are not using RDMS, consider extending some of your application programs to store significant data values in a new RDMS database at the same time they are storing the values into DMS, SFS, or FCSS. OS 2200 Step Control will coordinate the updates to all databases with a single commit point, and your website will have easy access to real-time data from the transaction system. The website team will have to talk to the mainframe team, but the SQL schema will give them a common language for the discussion.

SOA! If your enterprise architecture includes use of an Enterprise Service Bus, consider using message queuing to get onto the bus. The OS 2200 QProcessor and IBM® WebSphere® MQ Version 7.0 can connect your mainframe transactions and data to the rest of the enterprise. Your mainframe transaction experts will have to negotiate service interface details with other experts, but the ESB environment will give them definition tools to help with the discussion.

Green! You are probably using Enterprise Output Manager to handle “printer” report output from your OS 2200 systems, but how about the other system types in the data center? EOM can receive output from nearly any system type including ClearPath MCP systems, IBM zSeries and Power Systems, UNIX, Windows, and Linux systems. If you routinely print and distribute large reports from any systems, and suspect that many of them go onto a shelf unread, start routing the reports through EOM to cost-effective electronic distributions. Your other system administrators can easily learn how to save tons of paper using EOM, and if they are not too shy they might ask an OS 2200 administrator for a bit of coaching.

Release 13.1 includes many more features than have been described here. Watch a replay of the March 2012 webinar, Unisys ClearPath OS 2200 Release 13.1,  for more information, and find details in the ClearPath OS 2200: Software Release Announcement for Release 13.1.

If your experts on other systems are looking for a gentle introduction to OS 2200 capabilities, they can find dozens of short understandable video briefings on the ClearPath Channel at YouTube.

Expect holes to start appearing in those silo walls as your teams embrace OS 2200 Release 13.1!

We’ve launched this series in the spirit of debate that drives so much of IT decision-making today. Our first post asked, How Much Security is Enough?

Today Nick Evans, Vice President and General Manager within the Office of the CTO and Roberto Tavano, Vice President of Global Security Sales for Technology, Consulting & Integration Services will ponder the question: SHOULD SECURITY BE OFFENSIVE OR DEFENSIVE?

Nick’s answer: “It depends who the enemy is.”
Roberto counters with “Security must be preemptive.”

What’s your counterpoint? What do you think about Nick’s and Roberto’s advice? What’s your security posture in your organization? Please share it with your fellow readers in the comments section that follows this post.

NICK EVANS: It depends on who the enemy is

Nick Evans, Vice President and General Manager
Office of the CTO

First, we should start off by defining what we mean by offensive security. At the extreme end of the scale, we are talking about coordinating attacks on cyber-criminals via cyber-related means. I think this is appropriate for certain areas of the public sector or the military, where data protection and confidentiality are paramount, and where cyber warfare is a legal part of the playbook. In fact, last year, as part of unveiling a new offensive strategy, Deputy Defense Secretary William J. Lynn III stated that a new “dynamic defense” would seek to deter potential attackers by searching for them on the Internet instead of waiting for an attack.

For non-governmental organizations, however, you can’t fight cyber-criminals by becoming a cyber-criminal yourself. Commercial security should always be defensive; that is to say, be able to protect, detect, and respond to threats. But as the threat evolves, commercial organizations might feel it necessary to take on a more offensive posture, while remaining within the letter of the law.

So what can a commercial organization do beyond a defensive security program? One example is to employ the use of offensive systems such as honeypots. These contain a data cache that’s attractive to hackers, but doesn’t actually contain any sensitive information. What the system does contain: A trap.

Hackers lured into the honeypot are monitored as they work to exploit the fictitious system. The organization’s security team learns about the hacker’s behaviors, tools, and techniques; and works to gather sufficient evidence to track them down, pursue them legally, and ultimately, take them offline for good. For more background on this, a useful article is this piece from Symantec which looks at entrapment, privacy and liability considerations.

At Unisys, we are seeing organizations start to move from a reactive security defense posture to a proactive enterprise security intelligence methodology, where advanced data analysis is helping to predict threats before they cause significant damage. The key aspects of this proactive enterprise security intelligence methodology are the integration of an array of sensors such as intrusion detection, malware and antivirus detection, and data loss prevention coupled with continuous compliance capabilities, forensics and situational awareness all built into the operational model. To read more about this, check out our CyberSecurity Predictions for 2012.

ROBERTO TAVANO: Security must be preemptive

RobertoTavano, Vice President of Global Security Sales
Technology, Consulting & Integration Services

I prefer the terms preemptive and reactive instead of offensive or defensive. Offensive and defensive relate well to a military enterprise; not so much to commercial IT. And by taking a preemptive approach to security, you are proactively anticipating the risks, vulnerabilities, and channels of attack against your enterprise.

But in order to adopt a preemptive posture, the organization needs to be adaptive. Unfortunately, few commercial organizations are adaptive in terms of their CyberSecurity. Risk assessment in most enterprises is done once, put into a formal plan, and filed away to live in obscurity, in perpetuity.

To be adaptive means to be constantly assessing risk. It’s not just a matter of building a wall to protect the organization, or reacting quickly when it’s attacked. Organizations that are adaptive evolve their security measures fluidly in sync with potential threats.

The good news is that this issue is coming into sharper focus with the rise of IT consumerization and the rise of brick-and-mortar businesses embracing the benefits of the cloud. The enterprise is extending its reach and opening its doors beyond previously conceived physical and logical boundaries.

For me, the right answer going forward is designing and upholding a preemptive approach to security. The alternative – always chasing, understanding, and reacting to an attack – isn’t attractive or effective, and is by definition perennially behind the curve.

Take a preemptive stance, and you can lead the way to the future of cybersecurity.

When it comes to IT strategies, however, there are few absolutes. IT leaders, teammates, and consulting organizations often draw lines in the sand when it comes to any given approach to solving a technical or business matter.

But the fact is, in IT, there are often several ways to approach and attack a problem. While each approach is equally valid, at the end of the day it comes down to which among the valid approaches aligns best to a given organization’s business and culture.

It is in the spirit of debate and decision that we offer a new series of blog posts focused on CyberSecurity that provide a point and a counterpoint, featuring Unisys Nick Evans, Vice President and General Manager within the Office of the CTO and Roberto Tavano, Vice President of Global Security Sales for Technology, Consulting & Integration Services.

Today’s question: HOW MUCH SECURITY IS ENOUGH?

Nick answers: “You need a balanced and adaptive approach.”
Roberto counters with “Security is not an exotic matter. It’s just part of your life.”

Nick Evans: You Need A Balanced and Adaptive Approach

Nick Evans, Vice President and General Manager
Office of the CTO

Over the past decade, we’ve seen instances of cybercrime increase in frequency, scale, and sophistication. As a result, there’s a growing need for ever-more robust CyberSecurity measures for businesses in order to keep up with this “cyber arms race.” Coincidentally, today’s high tech workplace is driving the need for sensitive data protection systems, dealing with an increasingly porous enterprise security perimeter, and other security vulnerabilities.

Considering that the threat level for cybercrime is constantly changing, it’s important to be able to understand the relative risk levels and determine how much, and when, to invest, in terms of an appropriate level of insurance. I’m talking about the well-known risk-reward continuum, one that will change year-over-year or even more frequently. According to a recent study by the Ponemon Institute, just released in March, it’s estimated that recovery from a successful data breach will now cost a typical enterprise an average of $5.5 million.

Besides rising year over year threat levels, the actual physical layout of enterprise security is also changing. Traditionally, you put your security at the perimeter – either the building or firewall – forming a simple boundary. Today, with the explosive growth of the Consumerization of IT, where information workers bring their own personally-acquired devices to work, we’ve entered the era of what I call “the borderless enterprise.”

IT departments are increasingly asked to secure progressively porous and blurring security perimeters in a situation where data is residing on smartphones, tablets, netbooks, and myriad other Internet-connected consumer devices well beyond the organization’s four walls. Now compound all this with cloud computing, and software as a service, where an increasing amount of transactions are conducted in the public cloud or within externally-hosted private cloud environments. You have to take an holistic approach, and think about all the potential areas of vulnerability where a person (or, increasingly, persons) can gain access to sensitive data, wherever it resides.

So to design your most appropriate security measures, you need to constantly balance your risk/reward equation and invest accordingly, while carefully monitoring emerging technologies for potential new security vulnerabilities.

RobertoTavano: Security is not an Exotic Matter. It’s Just Part of Your Life.

RobertoTavano, Vice President of Global Security Sales
Technology, Consulting & Integration Services

Perfect security does not exist. We all know that. Furthermore, everybody in an enterprise has their own point of view on security. Management sees IT security as purely a technical matter, while end users might find it annoying to have to change usernames and passwords every few months.

Security professionals understand their current level of security is never enough. They know that risk cannot be zero at any time under any circumstance. So the question to ask isn’t “how much security is enough?” The question to ask is, “are you truly capable of calculating the cost of stopping a potential attack?”

Direct costs are often straightforward to calculate. But what about the indirect costs? Brand value, legal actions, tarnished image, loss of credibility, etc. – assigning a value tag to such elements depends solely on your organization’s business model and environment.

Incidentally, indirect costs could be vastly bigger then direct ones. You want your security to be like the oxygen in the air we breathe. Without it your chances of survival are zero. Yet you are hardly aware of its existence – it’s just an integral, invisible part of the environment. Security should not stand out as a fence or as a special feature, but rather seamlessly weave into the very fabric of your organization.

So when talking about the cost of security and who is responsible for driving security, for me, it’s all about a team effort. The CEO has to consider CyberSecurity very high on his or her agenda. And the organization must educate their employees to behave in a secure fashion.

With ClearPath OS 2200 13.1, you have compatibility.  Our clients take this for granted because we’ve delivered it release after release.   This means that the investment you have made in your applications that run on ClearPath is safe.  You don’t have to spend months and months making certain that your applications will still work – they will.  That’s a real cost savings for our clients.    Of course there are new capabilities that you may want to take advantage of.   For example, we’ve added enhanced security offerings, better database optimization, and high availability of our specialty engines.

This compatibility and reliability doesn’t happen magically.  It comes from clear design principles that we use in creating the products and from a highly skilled work force that diligently applies those principles while creating new and innovative features and functionality.  We won’t give away all of our secrets here, but let’s say we make certain that it works before we ship it.   While you can’t test quality in, we believe in validation.  We spend thousands of hours over all kinds of configurations to make certain that it not only works correctly but it also recovers flawlessly if there is a problem.   Until we can measure mean time between failures in years, we don’t ship.   Years! 

We take a lot of pride in the integration of the software we release and we think it shows.

From the earliest days of the software industry, technologies such as modular and structured programming, component and object technologies, together with methodologies for design and implementation, have attempted to impose order on software development and encourage reuse. In more recent years, a number of factors have made the need for good systems engineering even more critical.

First, time and cost pressures are becoming ever-more acute – do more with less is the mantra. Greater technical complication is a second factor: IT services are increasingly delivered by a collaboration of separate systems. The systems may be within a single organisation but external collaboration is more and more prevalent. Although not a new phenomenon – airline systems have been collaborating for decades – the rise of the Internet has increased the level of inter-communication by orders of magnitude.

A third factor is history. Few organisations start from scratch but have a collection of existing systems running the business. Attempting to rewrite or otherwise replace these systems is a high risk and time-consuming activity. It is much more effective to incorporate them into a collaborative structure.

Building such structures cannot be done on an ad hoc basis, inventing the rules as we go along. That way leads to chaos, just as it would with any large engineering project. Success depends on working within a coherent framework of patterns, rules and standards: architecture is the name we give to such a framework. Service-oriented architecture (SOA) has emerged as the leading framework.

In the SOA approach, IT is regarded as providing services for its users, the consumers of the services. The services are delivered by one or more service providers, which are existing and new application programs. All that is known externally about a service provider is what it does and how to request its services. They are independent of each other, may be implemented in any technology and be located in different organisations.

In addition to providing a pattern for building systems in this way, SOA recommends standards such as Web Services for interconnection.  It also describes approaches for incorporating existing application systems, which may not have been written with SOA in mind. There is extensive collaboration in the industry, in bodies such as the World-Wide Web Consortium (W3C), to develop the standards required.

The industry in general and Unisys in particular now have a considerable body of experience in adapting existing applications to fit an SOA approach. ClearPath systems, for example, frequently host critical applications which represent a massive investment in intellectual property. In the majority of cases, adapting them to run in an SOA implementation is proving to be straightforward, using the rich set of tools available. The level of effort, risk and cost involved is trivial compared with rewriting the applications from scratch.

I’ve written a lot more on SOA and ClearPath systems in the following White Papers: Service-Oriented Architecture: Delivering for Business and Service-Oriented Architecture: ClearPath Systems in SOA.

However, creating a model for strategic communities may require significant investment of time and resources.

First and foremost, it requires planning.  Positioning strategic communities to support a company’s market areas of strength, target industries, and key employee roles, and aligning them to business objectives and goals is essential. 

Second, developing a framework for enablement and evolution is critical to sustaining a successful community environment.  Effective frameworks include a project plan, a communication plan for socializing the purpose of the community in order to attract and retain members, and a culture transformation plan to help employees understand the value of community participation.

Third, communities must be well managed.  I like to use an analogy created by my former Booz Allen colleague, Walton Smith, who likened communities to gardens, each requiring a gardener to “seed, feed, weed and harvest.”  Too often companies launch communities with a “build it and they will come” mindset.  Employees may come, but will they stay and engage? 

In order to sustain and attract new members, communities must provide ongoing value. Community managers play a pivotal role in keeping communities viable and helping them grow.  They engage subject matter experts who can provide the right answers to questions at the right time and transfer knowledge and best practices to help community members evolve their skill sets. They seed content and motivate members to share and engage with each other through newsfeeds and community webinars. They promote the exchange of ideas and harvest and repurpose valuable knowledge. They also capture metrics to measure community growth and effectiveness.

Finally, communities cannot be successful without employees who are enthusiastic, engaged and willing to share.  This is where culture transformation comes into play. Successful strategic communities have clearly defined key benefits areas and related use cases to illustrate how community involvement delivers value to its members as well as to the business. Nothing drives behavior change more than a colleague’s positive experience with a new tool, a process or community involvement. Savvy community managers capture and repurpose these success stories to drive membership, increase adoption and validate business value.

Strategic communities that are well-planned, properly enabled and effectively managed can significantly impact the success of social collaboration within the business enterprise. Just ask the next knowledge and collaboration strategist you meet. Better yet, take a look within your own organization and assess how strategic communities can play a role in the success of your social collaboration efforts.

For example, here in rugby-loving New Zealand, 14 percent of New Zealand iWorkers said they use iPhones for work purposes, compared with just 2 percent in 2010.  By 2012, 10 percent of Kiwi iWorkers expect that iPhones or other smartphones will be their most critical business devices in 2012, compared to 5 percent currently.  This is in line with the global trends.

Consumer devices and applications are more technologically advanced than their corporate device counterparts. Is this then the death knell for the high-end server?  Not at all; in fact the server plays a key role when rolling out true mobility – enterprise-class applications – to employees and customers alike.

Moving with the times

It’s a “no brainer” that organisations that embrace mobile devices satisfy customer, employee and partner expectations.  Yet most organisations have only scratched the surface of the potential benefits from the increased productivity these devices allow. 

Our research also found 12 percent of Kiwi organisations plan to develop mobile apps for use by their employees in the next 12 months. This will enable greater efficiency in existing business processes by allowing access to update corporate data while out of the office, as well as the potential to develop whole new business models made possible by mobile applications. 

Mobility and the Mainframe

Ironically, while smartphones and tablets are fast replacing desktops as critical business devices, they bring a new lease of life to the mainframe.  IT and service management applications are one of the key areas being redeveloped to be used on mobile devices so that IT managers have increased flexibility in managing their organisation’s servers. This means they can work from multiple locations, while still monitoring system utilisation, available memory, waiting entries and policy compliance. Unisys has even built dynamic application support into its ClearPath servers to handle the frequent logging in and out that is typical of mobile users. 

Working from a smartphone, however, doesn’t mean accepting a compromise in security or functionality.  For example, Unisys ClearPath MCP Mobile Monitor App enables an IT manager to work remotely using an iPhone, iPad or iPod touch, while still having desktop functionality.  Security is taken care of by iOS Keychain, which stores server passwords in the mobile device and Hypertext Transfer Protocol Secure (HTTPS), which encrypts data exchanged between the mobile device and the ClearPath MCP server. 

In addition, organisations may choose to make their applications available as software as a service (SaaS) via a private cloud so that sensitive corporate data does not sit on the device itself, but rather resides on the company’s secured mainframe where access to the data can be protected via encryption and setting “communities of interest” so that only those who should have access can access the data.

The big picture

Organisations can reap fantastic benefits from mobilising existing processes with smart devices, but there is also potential for much more.  Mobile enablement is an opportunity to re-think and re-design business models and processes.  Making applications work with mobile devices makes them real business tools and helps organisations improve the efficiency of existing business processes or even create whole new business models.

Making it happen

Many business applications are now available online for mobile devices.  These programs are often easy to set up and some even allow you to turn your existing applications into iPhone and iPad applications.  For example, the ClearPath ePortal specialty engine is used to modernise mission-critical enterprise applications without altering the app itself so that it can be accessed on mobile phones via easy to use web interfaces.   This is how Rio de Janeiro water utility company CEDAE offered customers the ability to pay their water bills using their smartphones.

In addition, some point and click graphical solutions mean applications don’t even require programming, like the Unisys ClearPath MCP Mobile Monitor App available via the Apple App Store.  This approach is particularly important in these cost conscious times when organisations want to increase the functionality of existing IT infrastructure rather than “rip and replace” the whole thing.

With smart devices, people have the choice and flexibility they demand, and organisations can continue to manage costs and security and provide support.  Mobilising processes can bring improved productivity, efficiency, quality and even better working relationships across multiple levels in an organisation. 

Now that the technology is here to safeguard and facilitate business processes, organisations have the freedom to enhance their businesses with mobilisation technology, from changing customers’ experience at the coalface to creating entire new business models.

While I couldn’t say it at the time, we were busy planning the future of ClearPath.  Our best and brightest were trying to answer that very question.  Well, we have the answer and have begun the journey with a program called ClearPath Forward!   With ClearPath Forward! we are no longer content to reflect on the past, or even keep pace.  No, we have chosen to lead and in the process create the Mother of all Mainframes.

ClearPath Forward! is about embracing the best of what ClearPath is and combining it with the best of what the industry has to offer both in terms of raw technology and operating environments and creating a platform the delivers what we are known for … security, reliability, ease of use, efficient resource utilization and expands that to include workloads designed for Windows & Linux.  So ClearPath with run Windows & Linux applications alongside traditional MCP and OS 2200 applications and will allow seamless integration of these environments for our clients.  Even better, those environments will enjoy the ClearPath computing experience with levels of security, reliability and scalability not previously available to them.

In the coming months, subject matter experts in all our geographies will be sharing detailed information about the ClearPath Forward! strategy and our associated product plans, not in an attempt to sell anything, but instead to help our clients understand where we are going and to help us understand where they would like to be.  It is our firm belief that ClearPath processing environments are the most secure and most efficient available today and that we can bring much of that to other processing environments.

Some say necessity is the mother of invention.  In this case, with ClearPath leaning forward and going places no other “mainframe vendor” has ever gone before we need to invent the future of mainframe computing.  Changing out the underlying processor architecture from proprietary hardware designs to industry standard designs based on Intel’s 64bit  x86 Xeon was just the beginning.  ClearPath Forward redefines what a mainframe is and should be.  It is the future of mission critical information processing and as such is the Mother of all future Mainframes.

At Sears, leveraging the API economy by unlocking their legacy data into open APIs is core to their strategic vision.  Creating open APIs to access their legacy data (e.g. product catalogs, historical purchases, customer preferences, user recommendations) means innovation is happening out there. Open APIs are critical elements of expanding their brand, and creating opportunities for engaging customers wherever they are.

Netflix outsources innovation by letting developers integrate the Netflix service into apps with full control over the user experience.

A solution in itself, APIs are now a strategic resource, requiring an ongoing combination of marketing, usability, design, promotion, and in many cases pricing. All of these elements factor into whether an enterprise will compete successfully in the mobile space with the APIs themselves, and the products and services that are offered through them. The Business of APIs is no longer just a technology play but a business play where the APIs need to be managed and launched as a business, requiring ongoing diligent business and technical planning, functionally and non-functionally.

The most effective way to expose APIs for consumption by mobile devices is to offer them as a packaged set of Service Oriented Architecture (SOA) services, implemented using SOA principles and technologies.  This will be simple to accomplish for enterprises that are already SOA-enabled. For enterprises that are not SOA-enabled, it’s time to invest in building SOA expertise in order to ready themselves to compete and succeed in the Business of APIs.

The newly announced Unisys Application Modernization Platform as a Service (AMPS^SM) solution employs a full lifecycle service-oriented approach for providing a Business of APIs perspective to an enterprise’s API solutions. With AMPS, an enterprise can manage its API portfolio from the core business model perspective, govern its development, and provide comprehensive production API management, where APIs can be published, promoted, and managed in a secure, scalable way.

AMPS uses its patent-pending modernization framework, proven technologies and Center of Excellence services to bring together the business and technical communities to provide a holistic approach to the Business of APIs.  AMPS provides the mechanism for discovering and harnessing an enterprise’s APIs as well as blending them with complementary APIs from partner companies.

With AMPS, the result is a rich flow of information and collaboration across the enterprise, promoting faster innovation and growth in ways that may never have been thought possible before.

¹ An application programming interface (API) is an interface that an application provides in order to allow requests for service to be made of it by other computer programs including mobile applications to allow data to be exchanged between them.

This leaves IT organizations with the challenge of developing a coherent, consistent and smart data analytics capability across their application portfolio which is rapidly aging and growing in both size and complexity.  Today’s application portfolios include large numbers of software components with intricate dependencies and a wide variety of technologies.  Most of these aging applications store a wealth of data that, if made accessible to smart analytics engines, can provide valuable business insights to operate efficiently, grow competitively and comply with regulations effectively. 

As a result of aging application portfolios, however, IT managers find themselves struggling to rapidly adapt yesterday’s technology to today’s business needs while trying to assure that the budgets are not exceeded, planned returns are achieved and business is not exposed to excessive risks.  This application modernization problem has reached a point where it is way beyond the capabilities of traditional “rip-and-replace” approaches.  This problem directly affects the quality of business services, revenue, company reputation and business continuity. What is needed is a new approach to application modernization – one with minimal cost and risk that can help open up the vast amount of information that is collected on a daily basis and unlock new business potential.

Over the past years, the service-oriented approach to application modernization has proven to be successful in delivering the premise of business flexibility and cost savings – but at the expense of increased complexity and overhead if service governance and management is neglected.  An important step in achieving complex enterprise service-oriented modernization initiatives is adopting a comprehensive platform that can provide seamless, full life-cycle governance that extends from design-time management to run-time performance, utilization and security of software services.  A solid service management foundation with smart governance controls is a key success factor in achieving a cost-effective, secure and manageable service-oriented enterprise. 

Unisys Application Modernization Platform as a Service^SM (AMPS^SM) solution achieves just that.  With its best-in-class service management and monitoring approach, AMPS delivers on its key principle of strategic IT service governance and transparency.  Using proven technologies and a patent-pending modernization framework, AMPS provides an open, standards-based architecture.  This allows you to incrementally modernize and open up enterprise applications and expose valuable business data to external analytical engines using an optimized shared-service application development process.  AMPS mitigates the complexity, risk and time-to-market issues associated with similar Service-Oriented Enterprise platforms by providing policy-based, automated governance processes through a subscription-based,  hosted service.  AMPS provides rapid enablement of legacy enterprise applications so that the valuable mission-critical business data can be made available for intelligent analytical engines, helping to tame the information beast.

Implementation and integration of socially-enabled applications into the fabric of an enterprise’s business processes and supporting applications portfolio is increasingly the rule rather than an exception.

Beginning with changes that need to be made to business processes, the organization has to modify existing enterprise IT systems – such as, Knowledge Management, Case Management, Customer Relationship Management and Enterprise Content Management – as well as decide how these plans fit with the enterprise’s strategy for related activities such as mobile computing. Organizations must ensure these modernization initiatives are synchronized with existing business/system modernization projects, to weave social technologies into the fabric of an enterprise’s core applications.

As with other disruptive IT technologies (Mobile, Cloud, and Smart Computing), Social Computing adds to the burdens faced by beleaguered IT departments, in particular challenging the application modernization programs already underway.

Like Service-Oriented Architecture (SOA) initiatives, the most widely accepted approach to IT modernization, Social Computing offers consistent capture, repurpose and reuse of knowledge and delivers measurable business value through increased employee/stakeholder/partner productivity and improved operating efficiency.  By capturing and sharing lessons learned, the enterprise can improve the quality of business offerings and solutions, generate new ideas and innovations, and increase client satisfaction and business agility.

The newly announced Unisys Application Modernization Platform as a Service (AMPS^SM) solution delivers these key modernization initiatives. Unisys AMPS solution ensures the enterprise incorporates modernization imperatives, like Social Computing, into the fabric of the applications portfolio.  AMPS achieves this by: maximizing the economies of scale by re-using assets rather than creating new ones; eliminating overlap or redundant IT assets and their corresponding business processes and functionality; and establishing information sharing across the enterprise. AMPS ensures that these modernization programs commence in weeks and not months/years, with predictable and consistent operational costs.

With AMPS, the enterprise can live up to the speed of change demanded by the market to deliver new and improved services to its customers and ensure incremental business growth.

Professional cybercriminals are well-organized, methodical, and patient. Defending against them starts with understanding the methods they use. Let’s take a look at one of those

One method to attack a server is to send data to one of its network ports, in hopes of finding a vulnerability to exploit. If the attack doesn’t succeed in compromising data on the server, it might cause a denial of service if it makes the listening process fail or get so tied up handling spurious requests that legitimate ones can’t get through.

If the attack fails to penetrate the server’s defenses, at least it might help the attacker learn more about the server. For example, an SNMP query might identify the operating system build level, or a TCP/IP fingerprint might tell the attacker about the server’s operating system based on knowledge of detailed differences among TCP implementations. With that knowledge, the attacker can be more efficient with follow-up attacks, concentrating on those that have a history of succeeding on that particular server type.

Now let’s look at one of the steps the ClearPath OS 2200 developers are taking to make sure you can protect your ClearPath server against these attacks. First, as background, you may already be aware that the Payment Card Industry Data Security Standard (PCI DSS) calls for payment card processors to perform quarterly vulnerability scans, so that they will have essential information to identify and remediate their vulnerabilities. Each scan must cover all externally accessible (Internet-facing) IP addresses in existence at the entity and comply with the PCI DSS security scanning procedures. Scanning procedures similar to these can help you understand your possible vulnerabilities, even if you don’t process payment cards.

Using software from an Approved Scanning Vendor (ASV) makes it easier to adhere to the proper procedures. ClearPath OS 2200 development and system test procedures include using port scans from Qualys, a leading ASV, to identify potential vulnerabilities so they can be addressed before the software is released.

Among the port scans the Unisys development and test groups use, QualysGuard software can run a port scan that matches the PCI DSS requirements and provide a report that identifies potential vulnerabilities in a non-intrusive manner. What’s non-intrusive about it? As an example, if the software guesses an administrator userid and password—you did change those from the defaults, didn’t you?—the default QualysGuard PCI scan does not take the next step and log on and perform mischief on the vulnerable server. The cybercriminal won’t be so kind.

The scan report classifies each confirmed or potential vulnerability by its severity and, in the case of QualysGuard PCI, offers an analysis of the vulnerability and suggestions to remediate it.

That’s why port scanning leads to insight. As Richard Hamming said in Numerical Methods for Scientists and Engineers (McGraw-Hill, 1962), “The purpose of computing is insight, not numbers.” And that insight helps us build in the security that ClearPath servers are famous for.

An early view of an open system was one where the hardware was obtainable from more than one source. In particular, the availability of plug-compatible hardware suppliers such as Amdahl was regarded as making the IBM S360 and S370 systems open because they were alternative sources. Later definitions of open inclined much more towards software, in particular operating systems (primarily UNIX and Windows and, latterly, Linux).

Two factors require a different interpretation of open. First, application environments such as Java EE insulate the applications from the underlying platform of hardware and operating system. As a result, applications can be moved with relative ease between different platforms.

Secondly, systems increasingly have to co-operate with others in the same organisation and externally. Intersystem communication requires agreed standards and technologies which make no assumptions about the run-time environments of the various applications. They are regarded as black boxes. How they are implemented is not relevant; they just need to know how to talk to each other.

The result is a shift towards defining openness by the internal and external interfaces offered by a system, rather than the operating system or hardware platform on which it runs. Independent bodies such as The Open Group and the World Wide Web Consortium (W3C) take this approach.

Characterising openness by the internal and external interfaces supported means that there is not a simple open/not open distinction but rather a spectrum of openness. All systems are somewhere along the spectrum. Adding new interfaces makes systems more open. And the appearance of new interfaces in the industry reduces openness until the interfaces are implemented.

ClearPath systems are at the ‘open end’ of the spectrum for many reasons. Internally, they provide Implementations of industry-standard application environments, including Java, Java EE, and Open Group DTP. These environments are integrated with the native application servers COMS and TIP/HVTIP, and can access native databases and other data stores.

Externally, they support all the standard communications protocols and encryption algorithms. Distributed processing is a particularly strong feature. All the major middleware technologies are supported, enabling a wide range of collaboration options, including participation in distributed transactions across multiple platform types, and service-oriented architecture (SOA) implementations.

But openness is not the only desirable attribute of a system. ClearPath systems are typically used in mission-critical environments. Attributes such as reliability, efficiency, responsiveness to rapidly changing conditions and security are essential.

Security is particularly critical. If it is compromised, especially if valuable information is damaged or extracted from a database and used for fraudulent purposes, the results can be catastrophic. Information on system vulnerabilities in a NIST database shows that ClearPath systems have never allowed data to be compromised – the only system types with that record.

The major reason for the high levels of security and other mission-critical attributes is the integrated stack approach used for ClearPath systems. All the hardware and software is designed, implemented and tested together before release. Together with the open characteristics, it is a powerful combination.

I’ve covered this topic in much more detail in my white paper, ClearPath as an Open System.

Furthermore, you don’t have to write any code. Just give us your requirements and we’ll totally customize ESP for you.

I’ll give you a few examples, already in use by some customers, to highlight what can be done, but these are just a subset of the many options you have with ESP.

For example, with ESP, you can choose any of these password requirement options:

• Minimum and maximum password length (up to 32)
• Minimum number of characters – alpha, upper-case, lower-case, special and control – as well as of character groups.
• Controls on the use of repeated characters, sequential characters (e.g., 34567, cdefg) and keyboard sequences (e.g., qwerty, zxcv)
• Password reuse control: the number of previous passwords that cannot be reused, with previous passwords saved based on number or age
• Variance controls: how different a password must be from the user-id, how different a new password must be from the current password, and how different a password must be from personal information
• String controls: the dictionary of words that may not be in the password (forward or reverse) and site-specific strings that may not be contained within a password.

You can also display the password strength when a user enters a password and give the user the option to use that one or try again.

Here’s a fun fact to know-and-tell (no bubble gum purchase required): You can contact the Unisys USA Client Support Center (CSC) to provide the Enhanced Security Profile service (ESP) that can enforce your site standards for password security. Simply open a contact against the FLEX product and note ESP in the headline.

The CSC will get right back to you, determine your requirements, customize the software for you, and in a short time for a very reasonable cost you, too, can have ESP – even if you don’t have extra-sensory perception.

In an effort to enable web services for their retail customers, they used the ClearPath ePortal specialty engine. They found it to be a proven product that easily integrated with their ClearPath system and established web services support for their customers without changing their application. Once complete, their customers could assess their catalog easily, without the phone calls required in the past. They then took the next step and enabled the same capabilities for sales executives using an iPhoneTM.  This improved productivity and elevated a sales person’s capabilities in the eyes of their customers. The V F Grace process is discussed in a case study titled, Wholesaler Streamlines Sales Process this case study.

So, why is this relevant to you? Perhaps you have had requests from different departments in your organization requesting support for smart phones or tablets. You may feel they are just a fad, but these devices are increasingly being used as business tools. V F Grace is one of many organizations that have found this to be true. Today, tablets carry a lower price than laptops and can be tailored for specific business applications; they are far more mobile and provide a more contemporary profile for your organization. This last fact is important because it helps to attract more innovative employees and positions an organization as more advanced than competitors. Incorporation of mobile devices into a current solution breathes new life into it, significantly increasing its value.

Importantly, the enhancements that V.F. Grace made do not take an army of programmers or a radical new investment. In V F Grace’s case, training took one week and the full web services implementation was up and running in less than two months (with one person doing all of the work). Three more days and the iPhone was activated. This was achieved because the ClearPath ePortal environment is designed to enable this kind of solution without altering the current ClearPath application.

So, this sounds like the standard sales pitch that promises the world but hides the fine print. It is not. The achievements are documented in the case study. And, there are other case studies showing the same kinds of results. The actions taken by V F Grace changed their image to their customers and improved their economics. Organizations spend a lot of time trying to identify and deliver on these kinds of objectives. It is always great to see them achieved.

But what exactly do we mean by mission critical? I think it’s characterised by four attributes: availability, reliability, performance and security. Shortcomings in one or more of them seriously compromise the system concerned. And they are not independent of each other. Problems in one area may affect others – security violations lead to loss of availability, for example.

Let’s look at each attribute in turn.

Availability means that the system must be functional when required. The requirement depends on the business, which may only be critical for restricted times. An electronic stock exchange may operate from 08.00 to 17.00 on Monday to Friday. During that time, system availability is absolutely vital; at other times, it is not critical. Systems involved in seasonal activities may only be critical for part of the year. Systems recording and tracking fresh produce such as fruit are critical for the few weeks of the picking season, or the produce will be lost.

But 24 x 7 critical operation is becoming the norm. Obviously, systems used in response to emergencies must be available round the clock. Globalisation and rising user expectations are causing more and more commercial systems to require continuous availability.

Reliability goes hand in hand with availability. During the time that they are available, critical systems must not fail. And in the event of a (rare) failure, they must recover quickly. Not all failures are the fault of the system or its operators. External events leading to a data centre loss, for example, require an efficient disaster recovery process.

Performance, the third attribute, means consistently responding in the time required by the user. For interactive systems serving people, speed of response should be accompanied by minimal variation. Users quickly find uneven response times frustrating and will go elsewhere if there is an option to do so. Truly real-time systems, in process control for instance, impose more stringent conditions. Not responding quickly enough – including as a result of system failure – can be very expensive if continuous processes such as steel hot-rolling or aluminium smelting come to a stop. It may even be disastrous – think of reactor control in a nuclear power station!

The final attribute is security. Mission-critical systems must provide protection against data corruption or theft, and other forms of attack, and track violation attempts. Although the level required will vary according to the application, security is moving to the top of a list of CIOs’ concerns.

There are two key factors to consider in delivering mission-critical IT services: the system platforms used and they way they are deployed. As long experience has shown, ClearPath systems are engineered to deliver on all four attributes. As I discussed in an earlier blog post, The Benefits of Integrated Stacks, the integrated stack is in large part responsible for the quality. 

But even the best systems have to be deployed correctly. Network design, appropriate provision for DR and, especially, high levels of automation, are required to capitalise on system qualities. And attitude and understanding play as much a part as technology in creating the right environment.

One I’d like to highlight here is ITSM (IT service management) as a service. Like CRM, it is a critical service for most enterprises. It typically provides key services required by the business such as managing IT resources and providing IT services to either internal or external end users. Functions like asset and configuration management, change and release management and most importantly service and incident management are performed by ITSM solutions. Typically these systems are on-premise and staffed by the IT department. They are capital intensive and consume large amounts of labor. Many organizations who have on-premise ITSM in place are struggling with the high total cost of ownership and administrative burden they pose. Dealing with the inevitable upgrade cycle and on-going maintenance burden are factors causing many to switch to more modern SaaS-based ITSM solutions. The delivery of these solutions mirror CRM offerings and provide the same benefits:

• Reduces overall costs
• Eliminates need to install and operate software or servers
• Provides the latest version, requiring no software upgrades
• Offers modern solutions – built for the web with latest technologies and typically easy to learn and use
• Subscription based which covers license, maintenance, and support fees
• Continuous innovation that provides new features and capabilities
• Shortest time to value – can be deployed quickly and gain full value in days and not months.

Solutions as a Service such as cloud-based sales force automation and cloud-based ITSM provide their services via the utility-based delivery model that works so effectively in the water and power industries.  After all, the cloud delivery model is based on many of the same principles – shared infrastructure, over provisioned, redundant functionality, monthly fees based on usage, and best handled by domain specialists rather than individual IT departments.

One last thought before I end – think about how effortless it is today for entrepreneurs to set themselves up with some of the key infrastructure and application services they need to run their business.  They can be up and running with robust, enterprise class applications in the shortest time ever – and it will only get better. This is just the tip of the cloud iceberg – much more is coming!

I’m in the minority who loves change – the opportunity to learn something new. I will admit, I was reluctant to swap my beloved Razor Phone for an iPhone, swipe my airline card to get my plane ticket, or replace my check book with a debit card, but Google, American Airlines and Bank of America did such a great job of socializing the value of changing my behavior, that all resistance faded. Today, I can’t imagine my life without these conveniences. Can you?

Let’s put “change” in the context of Social Media for the internal business enterprise. Why should social connection, knowledge sharing and collaboration matter to company leadership? Why is it important to imbed these practices into a company’s culture? Let’s look at three aspects:

(1) Social media makes knowledge sharing both explicit (written) and tacit (what people know and are currently thinking), transparent and fluid. Many companies wrestle with knowledge access and management issues caused by multiple silos of authoritative content.  Adopting social collaboration platforms, tools and processes enables companies to break down restrictive access barriers. In the past, employees viewed hoarding knowledge as power and associated it with job security. Today, one who readily shares knowledge and expertise whether by contributing documents to a knowledge base, writing blogs, or posting to newsfeeds wields greater power.

Employees contributing intellectual capital are recognized by peers through ratings and comments on their submissions and, in some cases, employees are incented and rewarded for contributing to the company’s knowledge base.  These “knowledge champions” are seen as high value contributors – empowered by the sharing of knowledge, not the hoarding of knowledge.  Knowledge is now more fluid and far reaching. An email sharing knowledge one to one or one to a designated few is limiting in scope. Conversely, a newsfeed post or a blog post sharing that same knowledge is available to all employees interested in the subject. Similarly, an employee seeking an answer to a question on a specific subject can direct it to all employees with that expertise (known or unknown) and find the right answer quickly.  Social media makes this serendipitous form of learning possible.

(2) Consistent capturing, repurposing and reuse of knowledge, in particular for client proposal, contract and engagement assets, delivers measurable value to the business through increased employee productivity and improved operating efficiency. By capturing and sharing lessons learned, the quality of business offerings and solutions evolve, new ideas and innovations are generated and client satisfaction and marketplace agility is increased.

(3) When subject matter experts share their expertise in a socially-enabled community setting, the opportunity for members to enhance their skills and expertise, and advance career paths increases exponentially.  Socially-enabled communities play an important role in knowledge transfer.  They promote connection and collaboration, diminish the learning curve associated with new hires and employees who are assuming a new job role, and serve as an ecosystem for the development of ideas and innovations. Communities become a knowledge-sharing hub – a place where employees can go “to get work done.” Efficient access to subject matter expertise, relevant information and timely answers to questions make employees more productive.

Research published by Forrester, Global Enterprise Web 2.0 Market Forecast: 2007 To 2013, projects that enterprise spending on Web 2.0 technologies will reach $4.6 billion by 2013 and climb to $6.4 billion by 2016.  Gartner predicts that social technology will be integrated with most business applications by 2016. But, deriving value from social media is not just about implementing Web 2.0 technology. It is, in fact, transforming a company’s knowledge-sharing culture and influencing daily behavior patterns to ensure effective adoption and exploitation of the new social tools and processes. 

Change is not easily accepted across a large business enterprise; the challenge is greater for global companies where cultural behaviors and language barriers add complexity. Companies using a “build it and they will come” or organic implementation model can expect a long transformation journey and run a higher risk of employee frustration and failure because value propositions are often at too high a level to be meaningful to employees. Whereas, companies that use a structured approach to implementation create searchable profiles to help employees build a company presence and to establish a valuable network of colleagues, develop and evolve company-sponsored communities of excellence to foster connection and collaboration, and conduct role-based awareness campaigns, communications, training and support to realize a more rapid rate of adoption and more consistent and effective level of use.  

Transformation is a journey, not a destination and it tells the story of change. It’s been 18 months since Unisys embarked on its journey to socially-enable its global work force. We are well on our way toward achieving that goal with more than 15,000 of our 23,000 global employees connecting and collaborating with social media tools. It is our hope that we will reflect back a year from now and wonder how we ever got along without them.

Overall, the key theme for 2012 will be one of customer-facing business innovation and we’re predicting that organizations will continue to embed and integrate these disruptive IT trends into their mission-critical business applications and processes, having cleared some of the earlier technical hurdles.

We expect organizations will expand the IT and business scenarios in which these trends will be applied and place even greater emphasis on streamlining IT service delivery through intelligent automation and low cost deployment mechanisms such as cloud computing. In addition, with expectations for IT to be a direct contributor to companies’ top-line revenues increasing year-over-year, there will be an intense focus on innovating with these technologies including mobile and social computing around mission-critical, customer-facing scenarios to deliver highly value-added and differentiated services in a more cost-effective manner.

Overall, in the most forward-thinking organizations, we expect these six disruptive IT trends to move from the periphery and become more a seamless part of the enterprise application fabric: more pervasive, embedded, integrated, secure, and insightful, and more directly contributing to both customer-facing and internal business objectives. These are the hallmarks of truly disruptive technologies – offering an approach which is often “faster-better-cheaper” than conventional approaches and thus quickly rendering prior techniques obsolete.

Since there’s so much to discuss in this year’s predictions, we have opted to explore our predictions with a set of blog posts from Unisys subject matter experts covering each disruptive trend which you can visit by clicking on each trend below.

• Cloud Computing
• Mobile Computing
• Social Computing
• Big Data / Smart Computing
• IT Appliances
• CyberSecurity

We hope you enjoy reading our Predictions for 2012 and look forward to hearing from you!

Private Cloud implementations continue to accelerate

We expect that private cloud implementations will continue to accelerate in 2012, as clients seek to leverage them across their infrastructure to drive improved organizational responsiveness and cost savings, while securing these systems within the enterprise perimeter.  In private clouds, we believe that ubiquitous virtualization across servers, storage, networks and applications, coupled with maturity in managing this virtualized IT estate, will be needed to optimize IT cost reductions and drive business agility improvements for the enterprise.

Fueled by private cloud implementations, we expect that hybrid clouds will grow in popularity in 2012, driving decisions on applications and data location to optimize costs, focus on core business enablement and drive business alignment.  In CIO Magazine, Forrester Research analyst Galen Schreck addresses How to Plan Now for Hybrid Cloud Management stating “Over the next three years, leading edge IT shops will start blurring the boundaries between public and private IaaS environments, so that applications can move between them based on immediate needs and economics.”  We therefore expect to see increased interest in enterprise-class cloud management software, with the ability to manage both public and private clouds as an integral part of an overall data center environment.

Software as a Service builds on email and collaboration and expands towards line of business applications and IT infrastructure

We believe organizations – both IT and business units – will accelerate their adoption of SaaS solutions for email and collaboration to further reduce costs and simplify operations. Additionally, in 2012, we predict SaaS will extend into line of business applications, supporting mission-critical transaction processing.  Over the next few years, intelligent analytics built into these SaaS applications will enhance the ability for organizations to support sales, supply chain, logistics and support personnel in real time, making better sense of huge volumes of data more quickly to provide better responsiveness and customer support.

As SaaS extends further into the business, IT Service Management SaaS solutions will become popular, as they can significantly enhance time to value for ITSM process improvement initiatives.  We predict that ITSM SaaS vendors will promote standard configuration solutions, with minimum customization and best practices codified into the software and its workflows.  The resulting reduced implementation cycle will lead to much faster deployment of enterprise management projects.

Overall, we expect organizations to begin the process of broadly assessing their applications portfolio to take greater advantage of cloud computing opportunities. These assessments will provide clients opportunities for consolidating applications and take advantage of a growing suite of SaaS offerings to simplify their IT operations and improve their flexibility.

Deployment Considerations

But how an organization adopts Private Cloud and SaaS solutions can have a significant impact on the long term success of these projects.  In many cases IT has spent too much time building virtualized pools of IT resources and private clouds and not enough time establishing standards for SaaS adoption or hybrid cloud management. This has often left business units free to procure cloud services with corporate security policies and compliance requirements ignored.  Misunderstood SLAs (service level agreements) may not deliver the required performance, capacity and availability, and organizational data ownership, availability and security could be put at risk.  Business unit, legal and IT organizations must be aligned to ensure these possibilities are mitigated.

Finally, let’s also consider the integration requirements between the organization’s software and data and that of the SaaS provider’s applications.  There may be complex, cross-application integration required to get the right information in the right form to the right decision makers at the right time without having to retrain the entire organization on how to navigate an entirely new application.

Recommendations

So what do we recommend given these predictions? 

First, organizations should increasingly consider SaaS a viable option for common line of business applications and IT management solutions, especially if they’re already considering outsourcing, as SaaS vendors may provide more cost-effective solutions than traditional outsourcers. We also believe that effective governance of security, compliance, and corporate policies will help ensure effectiveness and reduced risk when adopting SaaS solutions for mission-critical line of business applications, thus requiring IT’s involvement in business unit purchases of SaaS.  To help make effective governance a reality, IT Service Management SaaS solutions can provide the agility required to quickly implement the software functionality that underpins effective service management processes.

Second, enterprise architects should investigate new enterprise-class cloud management software and roadmaps from vendors to determine the best mid-term strategy. There is a plethora of cloud management stacks to choose from, requiring your ability to separate the wheat from the chaff for your organization.  Base your decision criteria on the necessary levels of security, availability, scalability, flexibility and self service, while ensuring a single management view of services, software and infrastructure across all deployment models in the hybrid enterprise.  CIOs should also engage with managed services vendors on their hybrid cloud management capabilities to consider outsourcing alternatives.  And always keep in mind that the cloud tool is just one part of building a hybrid enterprise capability – so ensure that other elements such as financial policy, security, ITSM, support services and system architecture are well integrated in your approach.

Lastly, we recommend that CIOs establish virtualization practices that encompass all aspects of virtualization to ensure best value is gained from virtualization, consolidation, shared IT services and private clouds.  User self-provisioning of cloud resources should follow an automated process utilizing standard configurations and pre-approved changes that address security and organizational policy compliance.  Workflow automation should be used for requests that can’t be satisfied with standard configurations to allow faster authorization and implementation.

With so many aspects of cloud across the hybrid enterprise – SaaS, IaaS, PaaS, public cloud services, private clouds, potentially community clouds – a balanced approach is needed to strategize, architect and instantiate your cloud services.

In 2012, we expect organizations to move beyond providing basic mobile device management services, and strategically develop more sophisticated methods for managing, securing, maintaining and deploying an ever-growing number of mobile devices and applications within their organizations.

We also predict that organizations will devote significant resources to developing new applications and reengineering business processes as they look to connect with clients and improve employee productivity.  Here’s how.

Mobile Device and Application Management

The rapid adoption of consumer mobile technologies is challenging the traditional model of managing and securing IT endpoints within the enterprise, forcing organizations to alter their approach to device management. To get a better handle on managing and deploying their mobile applications, we expect organizations to adopt enterprise App Stores and emerging Mobile Application Management (MAM) solutions. Enterprise App stores will be used to securely provision, deploy, and audit corporate approved mobile applications. To provide even more robust application management services and address management needs not fulfilled using mobile device management, we expect organizations to begin to adopt MAM solutions.  MAM solutions provide functionality including application provisioning, patching, monitoring, virtualization, license management, and enhanced security by isolating corporate data and protecting personal information on “Bring Your Own Devices” (BYOD).

As noted in Burak Bilir’s recent blog post, Taming the Mobile Application Portfolio in your Enterprise, we believe that organizations will require Mobile Device Management, Mobile Application Management, and well-defined processes in order to effectively manage mobile applications in 2012.

Process Re-Design for Mobility

As part of their mobile application development and application-enablement initiatives, we expect organizations to also review existing business processes to uncover process re-design opportunities in a new, mobile context.  Mobile-enablement can streamline and optimize existing processes, and more importantly can enable business process innovation by re-thinking how processes can be delivered more effectively using mobile devices.  Enhanced information available from mobile device sensors and inherent analytics capabilities will offer prime opportunities to enhance processes as organizations look to connect with clients and improve employee productivity.

In summary, we recommend that as organizations move forward to mobile-enable both internal- and customer-facing mission-critical applications, they also review existing processes to uncover process redesign opportunities in a new, mobile context.  To provide more robust application management services and embrace business opportunities introduced with the Consumerization and BYOD trends, organizations should utilize enterprise App Stores and adopt Mobile Application Management solutions.

In 2012, as mobile devices become the computing platform of choice for employees and customers, we expect organizations to fully embrace enterprise mobility as the preferred channel for doing business.  This will provide important opportunities for IT organizations with a well thought out mobility strategy to support business growth and gain a competitive advantage.

In 2012, we expect that organizations will accelerate the trend towards socially-enabling their client-facing channels and contact points, to gain greater connection to consumers and drive insights into client behavior that can improve service and client loyalty. Organizations will rapidly integrate social technologies into the fabric of their core enterprise applications in areas such as customer relationship management, case management, exception handling, and other transactional systems. There will also be greater use of advanced social networking technologies to enhance employee collaboration in geographically distributed enterprises – helping to improve efficiency, employee satisfaction, and overall client service levels.

Let’s explore these areas in some more detail. So far, investments in social computing have helped organizations create a solid baseline, social computing framework which supports internal employee collaboration and knowledge management and/or external customer engagement initiatives. Over the next couple of years, we expect to see this infrastructure transform into a new ubiquitous architectural layer, some call the “Enterprise Social Layer”. This new enterprise capability will redefine not only how we collaborate with colleagues, prospective and existing customers, and business partners but will also provide a wide range of social collaboration support for critical business processes and transactions.

Today, leading organizations are proactively engaged in building on their initial Social Computing experience, gained through global employee collaboration, knowledge management, corporate communications, marketing, customer forums and technical support communities. These companies have started to take this capability to their transactional, line-of-business applications by social-enabling business-specific functions supporting core business objectives (Figure-1). Early adoption has given sectors such as Customer Relationship Management (CRM) a head start in this direction.

Figure 1: Enterprise Social Computing Scenarios

Social Computing has the potential to greatly improve certain types of business workflow by cutting cycle-time for manual processes like exception handling.  So far, process automation technology has struggled with unstructured, irregular, ad-hoc processes that rely on manual collaboration and expert judgment. Some examples include insurance claims, supply-chain operations, case management, citizen reporting and exception handling. Most enterprise applications that require real-time employee collaboration and knowledge sharing for decision-making purposes, or those that require manual or “out-of-application” actions or holistic reasoning will benefit from the extended-reach, faster cycle-time, and automation of “social-enablement.”

The opportunity is here and the time is now.  Companies that embed social computing into their enterprise application fabric can gain productivity benefits across line of business applications and processes because it can inject a rich social experience and significant, expedited human insight into every end-user touch point.

In 2012, we believe there will be an accelerated use of IT Appliances in three key areas in addition to their well-known deployments related to intelligent analytics:

1. Cloud Infrastructure Appliances:  Highly scalable cloud appliances will leverage inexpensive, off-the-shelf hardware with a choice of open source and vendor cloud software stacks, allowing IT to more quickly deploy and more easily scale their private cloud implementations to support new and unexpected workloads.  Appliances can reduce the time and effort to implement private cloud infrastructures and management through pre-integration, and promote rapid scalability.
2. IT Infrastructure Appliances for Mission-Critical Environments:  IT organizations will begin to look at IT appliance innovations from mainframe vendors to transparently host their Windows and Linux applications, and to take advantage of desirable mainframe attributes such as application isolation, high security, transaction processing rates and availability, and lights-out operations.
3. CyberSecurity Appliances:  Both on premise and highly portable in a variety of form factors, these appliances will come on the scene to improve data security, availability and timeliness and reduce network bandwidth requirements for geographically dispersed enterprises.  High adoption rates will result due to ease of implementation, simplicity of deployment and lower management costs.

To better align with these IT appliance trends, we recommend that:

1. Data Center Architects should evaluate vendor offerings for cloud appliances that provide scalable cloud infrastructures utilizing inexpensive components, to determine whether these can meet their reliability, availability, recoverability and compliance needs.  Training, staffing and policy plans should be developed to complement architectures utilizing these new cloud appliance offerings to gain best long term value.
2. CIOs and Enterprise Architects should examine mainframe appliance abilities to provide desirable attributes to current and planned applications and IT services.  Total Cost of Ownership (TCO) rather than capital investment cost should be formulated for moving applications to mainframe environments, looking at mainframe services based on-premise, hosted and/or in public clouds.
3. CISOs and Security Architects should weigh the use of client-side security and data appliances to help prevent security breaches while using public or private networks and make more efficient use of network bandwidth.  Evaluate using these solutions to implement secure, high performing remote access and data transfer for remote offices, teleworkers, mobile staff, contractors, and in public safety, first responders.  Examine whether these appliances will help meet regulatory compliance related to network security, as well as reduce costs in implementation time, staff overhead and network operations.  Finally, security and data architecture should be developed that takes advantage of these appliances.

Thoughtful application of IT appliances can help speed IT initiatives, reducing both time and total cost to achieve value from these initiatives.  So it’s important to take into account the capabilities and limitations of IT appliances when developing your enterprise architecture.

In 2012, the challenges will move from mostly technical ones such as determining the right solutions and platforms suitable for gathering Big Data-related insights to business challenges of determining how and where to get the optimal business benefit from big data analytics.  With so many different sources of data streaming into the enterprise, including new data streams that have become available from external sources, one of the key considerations will be knowing which streams of data can give the greatest payback in terms of real-time insights and corresponding real-time decision making.

As highlighted in my prior blog post, Big Data and Smart Computing – The Road Ahead for IT, Smart Computing is an excellent complement to the Big Data challenge because once CIOs have transformed their information infrastructures to intelligently collect, store and manage this information, they still need rapid and automated ways to sift through the data, identify patterns, and perform intelligent analytics. Our additional predictions in this space therefore fall into two areas: Data Management & Storage and Data Analytics.

Data Management & Storage

We expect that, driven by the need to address exploding data growth and diversity, organizations will enhance their data audit and security measures for compliance, renew their emphasis on storage rationalization, and prepare to transform their information infrastructures. The time is ripe to fundamentally re-think and re-design how enterprise information is collected, stored and managed and to take advantage of today’s lower costs of storage, processing and analytics. The challenge highlighted earlier, however, will be to determine the key business opportunity areas beyond quick wins in certain areas such as click-stream, ad-targeting and customer sentiment scenarios.

In the storage arena, in particular, we expect that with growing data streams driving up storage costs, organizations will look to rationalize their storage strategies to keep data costs under control.  We anticipate a two-fold benefit as organizations firstly rationalize storage across their existing tiers of storage infrastructure and, secondly, procure and deploy new storage technologies to further optimize these cost savings.

Data Analytics

The ability to gain insight and competitive advantage from Big Data is both an opportunity and a competitive threat.  Businesses and government agencies alike are adopting advanced analytics technologies to build innovative new services, improve service levels, and drive greater efficiency.  We anticipate that use of Smart Computing and Intelligent Analytics will move beyond well-known areas such as predictive analytics for sales data, and become increasingly adopted within the IT domain in areas such as Data Center Automation, Security Event Analytics, Regulatory Compliance, and Problem Management Automation. This approach will help IT continue to automate critical aspects of its operations such as data center, security and help desk functions and free up staff for more specialized and value-added tasks.  The intelligent analytics component will help IT move further along the automation continuum into new areas previously reserved for human decision makers and will help to alleviate manual bottlenecks where throwing more bodies at the problem is no longer tenable.

In summary, we recommend that organizations consider these predictions when formulating their approach to Big Data in 2012, and develop a strategy that takes a lifecycle approach from data acquisition, to access, to availability, and to analytics.  Big Data is much more than just a storage issue – it’s really about your strategic approach to information management and the business value you’re able to extract across the full lifecycle from acquisition to analytics.  In 2012, the topic of Big Data will not be about the attributes of the data per se (i.e. the much-touted volume, velocity, variety etc.), but about what you do with it – the new attributes such as extreme scale merely drive the business case for transformation and new techniques.

In addition, as cyber crime grows more sophisticated and IT infrastructures become more complex, we predicted organizations would take a more holistic, integrated approach to security across the enterprise. Organizations would increasingly work to integrate their myriad physical and digital systems into single-pane dashboards that enable them to better monitor security threats across their organization and manage overall compliance requirements.

In 2012, we expect that organizations will continue along this trajectory in an effort to integrate their CyberSecurity operations into a proactive enterprise security intelligence methodology that can deal with a wide range of potential threats and vulnerabilities.  These threats are primarily driven by the increasing sophistication, frequency and scale of cyber crime, and the rise of mobile devices and mobile applications as the preferred “new desktop” fueled by the Consumerization of IT.  In addition, the ongoing security and sensitive data protection issues related to the mainstream adoption of cloud and social computing, and the increasing regulatory environment will drive organizations to embrace a proactive security model based on advanced event correlation capabilities.

In this proactive approach, hybrid (physical and cyber) security operations models will employ dedicated analysts coupled with advanced data analytics gathered from an array of sensors to predict and remediate emerging threats before they cause significant damage.  The key aspects of this proactive enterprise security intelligence methodology are the integration of an array of sensors such as intrusion detection, malware and antivirus detection, and data loss prevention coupled with continuous compliance capabilities, forensics and situational awareness all built into the operational model. The focus will be on proactive techniques and intelligent analytics in order to reduce the cycle time between threat detection and remediation. Another step organizations will take will be to follow a defense-in-depth approach and create protected silos within their data operations to prevent access to sensitive information in cases where their network perimeters have been breached.

Notably, as disruptive trends such as cloud, mobile and social computing make the enterprise security perimeter increasingly porous, we expect CIOs and CISOs to employ other disruptive trends such as big data and smart computing to help tighten their defenses.  We expect that big data-style intelligent analytics techniques will be increasingly applied towards fraud detection in financial services as evidenced by some of our recent client work and that advanced data visualization will be increasingly applied to help dedicated analysts identify patterns representing emerging threats to business operations.

An additional focus for 2012 will be on continued cost savings and standardization through consolidation of security systems such as access control and video surveillance particularly in global organizations with a diverse and geographically dispersed amount of infrastructure.

Overall, we anticipate organizations will continue to mature their CyberSecurity frameworks and capabilities whilst at the same time consolidating key systems for cost savings and standardization.  The savings applied through consolidation will then be able to be re-directed towards hardening the CyberSecurity perimeter.

[Brian Daly] What are some of the key global issues facing telcos today?

[Steve Chuey] Increasing competition from non-telco entrants threatening telcos’ future revenues. These new-generation competitors, such as Google, are largely providers of data-driven services and mobile offerings.

[Brian Daly] How do new-generation providers threaten telcos?

[Steve Chuey] Telcos are concerned about losing direct relationships with consumer subscribers. Plus, growing use of handsets and web-based apps makes telcos’ traditional competitive role as network access providers too narrow. Many telcos have made great progress, but for most the relationship with the subscriber is still up for grabs.

[Brian Daly] Sounds ominous for the telcos?

[Steve Chuey] Not necessarily. They’re still in the best position to offer unique services that tie into other services we all rely on. Those include access to banking, shopping, travel, etc. Telcos also have a chance to be at the center of these relationships by offering a consistent and secure experience.

[Brian Daly] Where does Unisys fit into the new competitive environment for the telcos?

[Steve Chuey] Unisys addresses emerging trends, including mobile, cloud, social technology, consumerization of IT, the hybrid enterprise approach to cloud computing and intelligent analytics, or “big data.” We also have more than 25 years of experience providing messaging, and systems integration solutions such as billing, network management and managed services to tier 1 telcos. We’re unique because we have deep experience and focus on disruptive trends that are at the heart of the competitive threats that telcos face.

[Brian Daly] Can you share some specific examples of Unisys’ solutions for telcos?

[Steve Chuey] Our key offerings are our Messaging and Converged User Services. These are anchored by the VoiceSource Express (VSE) family of servers, which are based on the proven Unisys ClearPath platform.  The growth of mobile devices and apps changes infrastructure demands and reinforces security as a key concern of both consumers and enterprises. We have several solutions for this challenge, including mobile device management and security solutions.

[Brian Daly] How can Unisys help the telcos in the application area?

[Steve Chuey] We provide value-added services to help telcos generate revenue and strengthen the relationship with their subscribers. Plus we provide apps that make communications easier and more productive. For example, Visual Voicemail allows users to see messages on their mobile phones and select how and when they want to access and reply to them. Interactive text-based chats enable telcos to facilitate dialogue between customers and apps, allowing them to select alerts of interest.

[Brian Daly] You mentioned voicemail – how has this changed?

[Steve Chuey] With new offerings like Apple’s Siri, voice services are trending as a powerful, personalized way to communicate beyond leaving a voicemail message.  We’ve developed a solution that brings voice recognition to Twitter and Facebook. Unisys VoiceTweets and Speak to Facebook apps empower telco subscribers to publish updates directly to the platforms whenever they want.

[Brian Daly] What other apps does Unisys offer to telcos?

[Steve Chuey] Our application approach is based on unique app middleware that allows fast development and deployment of new services – a critical issue for telcos. We pre-integrate voice-to-text or social network interface components that become building blocks of new services. One example is Mobilewallet service, which lets subscribers use money in their prepaid account to purchase items. We’re also experimenting with Near Field Communications – NFC for short – handsets to build subscriber services for shopping. In addition, we’re using this middleware to provide unified messaging services across email, voicemail, fax and video.

[Brian Daly] What other investments have you made in your solution?

[Steve Chuey] The newest VoiceSource Express server – the VSE 412 – provides virtualization to help our telco clients grow their business and control costs with flexible delivery of voice services. The VSE 412 is the first server in the market to use Unisys’ secure partitioning (s-Par) architecture, which provides enterprise-class virtualization that commodity systems can’t match. Through the s-Par capability, each VSE 412 can support up to 3 million voice users. We also recently allied with BMC Software to deliver and manage advanced cloud solutions to help telcos and clients in other industries be more responsive & efficient.

[Brian Daly] What is your strategy for your telco clients?

[Steve Chuey] It’s a threefold strategy to:

1. Provide the framework and apps that bring innovative services to subscribers, with security and scalability;
2. Reduce telcos’ time-to-market through unique apps that strengthen their relationship with their subscribers; and
3. Leverage Unisys’ expertise in cloud, mobile, datacenter and security to help telcos modernize their infrastructure to serve their subscribers more efficiently and effectively.

So, what was the motivation for appliances?  Back in the ‘90s, I saw it as a shortcoming of software engineering in the following sense.  It was easier to plug in an appliance than to configure the software on a standard commodity server.  Looking back at the original appliances, the information you had to put into the device was overwhelming.  Imagine getting a router and a set of 8 diskettes (remember diskettes?).  After transferring their information into the device, you needed to choose from a complex set of options to set it up to be “just right.”  Of course picking the options would have been a challenge since the user interface device could cost as much as the appliance.  Given the complexities of configuring software, a shrink-wrapped appliance made a lot of sense.

The design decision for appliances that plagued the early manufacturers was to either pick a custom-made processor or implement functionality on a “commodity server.”  History has shown us that commodity servers consistently increased in performance at a rate that surpassed the performance of the custom server selection.   

This conundrum was eliminated with the adoption of virtual appliances allowing a single commodity server to be used to host multiple virtual appliances. For example, the Unisys Secure Private Cloud appliance hosts over 10 virtual appliances that are all pre-configured to work together to provide a “shrink-wrapped” cloud management environment.

But what really makes an appliance an “IT Appliance?”  The term “Datacenter Appliance” has been used to describe a containerized datacenter that is delivered in toto and includes all IT infrastructure needed to run a customer’s applications.  The Virtual Computing Environment Company (VCE) has introduced vBlock which includes processing, storage, network connectivity and virtualization in discrete units. In general, the term “Datacenter Appliance” seems to apply to appliances that provide the physical and virtual resources for a datacenter.  Today, Oracle’s Exadata is pitched as an “IT Appliance.”  It includes processing, storage, network connectivity, an operating system and applications.  As an all-in-one box (significantly bigger than a toaster), it could perhaps suggest a future direction for appliances.

Imagine a real “IT Appliance” that can manage and host all of the IT resources, along with the necessary automation of processes that are required to maintain steady-state execution of applications.  An example of this would be the current integration of Unisys Secure Private Cloud with the Unisys remote infrastructure management offering, called “Unisys Converged Remote Infrastructure Management Services” or simply c-RIM.    The appliance offers self-service provisioning of infrastructure and automatically updates the back end IT Service Management (ITSM) processes that are managed remotely.  In this way, datacenters can keep their critical information within their datacenter but the care and feeding of the resources and applications, along with operational best practices, are handled through a single appliance on the customer’s premises.

OK, it’s not as simple as a toaster, but we’re getting there…

While mobile online shopping is wonderfully convenient, pre-Christmas frantic buying combined with summer holiday laziness (for those of us “down under”) can put customers at risk of cyber-crime, such as scams and phishing attacks designed to enable identity theft and financial fraud.

Consumers need to be sure they are extra vigilant and take some simple steps to better protect themselves.

Did you know:

More of us are shopping online:

• In America, the number of consumers visiting e-commerce sites on Black Friday this year (25 November – seen as the start of holiday shopping in the US) increased by 35% year-on-year.
• Online retail in Australia is expected to reach AU$30.2 billion by the end of the year.

More of us are using mobile devices to shop online:

• According to Google, Australia has the second highest smartphone penetration in the world (behind only Singapore) at 37%, and is expected to reach 50% by the end of the year.
• No wonder the number of shopping queries coming from mobile devices in Australia has increased 220% year-on-year. In fact, one quarter of all Christmas shopping-related Google searches this year now come from mobile devices.

Yet many of us put ourselves unnecessarily at risk when mobile online shopping:

• Many people don’t take even basic steps to protect the information on the mobile devices – for example the Unisys Security Index found that 6 in 10 Aussies and Kiwis, and almost half of Hong Kongers, don’t secure their mobile devices with a PIN or password (November 2010)
• Ironically, we also know consumers in Asia Pacific are unforgiving when businesses don’t protect their data, with 85% of Australians, 81% of Hong Kong people and 80% of New Zealanders saying they would cease doing business with the company if they discovered a data breach. So surely we should put the same expectation on ourselves as individuals to take steps to protect our personal information.

Below are some simple suggestions to reduce your risk of cybercrime while shopping online this holiday season.

Tips for safer online shopping:

• Protect information on your smartphone or tablet by locking it with a PIN or password.  Even better, choose one that is hard to guess and change it regularly.
• Fully log out of an online shopping account when you have finished with it, so that someone else cannot continue shopping in your name if they get hold of your smartphone or tablet.
• Only shop on trusted and secure transaction sites. Check the site has an SSL certification, and the URL starts with https:// (not just http://). The absence of an ‘s’ is often an indication of a rogue trader.
• Be extra careful when creating online accounts via a smartphone as the limited web functionality and smaller screens can make it more difficult to verify the authenticity of online shopping sites.
• Closely check your bank and credit card statements to identify any purchases that are not yours – if you find any, contact your bank or card provider immediately.
• Don’t action emails that ask you to enter personal information about your online banking access into a website – your real bank would never ask you to do this.

Seasonal scams to avoid:

• Too-good-to-be-true promotions, which are actually phishing sites to access all your data.
• Seasonal screen savers and eCards can carry trojans and viruses, so don’t open them or download unless from a trusted source.
• Be selective when downloading smartphone apps and FaceBook apps – remember all apps are a software program.
• Be wary of ‘spirit of giving’ scams that take advantage of people’s generosity over Christmas, asking for donations via emails, tweets or text messages from sources you don’t know.

Cheers,
John Kendall
Unisys Security Program Director, Asia Pacific

NOTE:  This is an opinion piece and is intended only to provide a summary of the subject matter covered. It does not purport to be comprehensive or to render advice. No reader should act on the basis of any matter contained in this piece without first obtaining specific professional advice.

Annual demand is of course the key phrase. In a seasonal business such as this, the load builds up for a couple of months, reaching a peak about now. Having systems that can respond to these peaks, while maintaining performance, reliability and security, is absolutely crucial.

The entire operation is guided by SPA, the service-oriented SantaPrise Architecture. The core applications at SantaSystems run in ClearPath systems, all of which are metered. The main client-facing application is order taking, which is implemented in Dorado systems in an XTC configuration. Metering, says Elf, provides huge amounts of power when required while keeping the annual cost to a minimum. And, when added to general high reliability of ClearPath systems, XTC provides exceptional resilience.

Clients are world-wide, using a variety of channels, including Web browsers, Web services, smart phones, tablets, text messages, voice input and emails. A particularly interesting channel is the letter-up-chimney network, which has proved quite tricky to implement. SantaPrise solved the problem by installing text scanners at the top of chimneys, connected via satellite to a central point, where the messages are wrapped into Web services.

The other side of the operation is manufacturing. ClearPath Libra systems run a factory management application which schedules manufacturing. Materials and stock control are also handled by Libra systems, allowing production to meet the demand with excellent consistency.

Three other systems support the organisation. Scheduling the optimum routing for delivery is a huge task, entrusted to a super-computer delivering over 1.5 Santaflops. A Dorado-based RDMS database contains information on good and naughty children – who gets presents and who doesn’t – while an MCP system manages the finances.

Following the architecture defined in SPA, the systems are interlinked on a high-performance SSB (SantaPrise Service Bus). Various technologies are used to communicate between the systems, depending on requirements. They include Web services, message queuing and file transfer.

Elf stresses that the data centre infrastructure has been designed to avoid loss of service no matter what happens. DR sites are remote, with fully-automated DR implemented using Operations Sentinel, OpCon/XPS, BCA and SRDF. The off-peak season allows time to enhance automation and carry out regular DR testing. The combination of automation and testing minimises any chance that the service will not be available when needed.

Of course, SantaPrise does not work in isolation. It partners with a number of other commercial and government organisations. Transport, for example has been outsourced to the Ren Deere Company, which gets information on routing and packing from SantaPrise. Other partners include banks, payment systems and suppliers of materials, as well as government organisations such as customs and air traffic control. The SSB supports many technologies for external communication, including Web services, file transfer, and other interfaces using Enterprise Output Manager – emails, faxes, PDF files and more – formatted to meet the partner’s needs.

Finally, Elf says that corporate social responsibility is taken very seriously. The location in Lapland has enabled the design of very efficient data centres, requiring minimal cooling power. And staff welfare is a priority, with a significant investment in elf and safety.

Happy Christmas and all good wishes for 2012!

Navigating this unfamiliar terrain certainly introduces new challenges as it involves a departure from traditional technology and structured process management – the very same factors driving its success. However, the benefits are worth the effort.  For many decades organizations have been working hard to automate the daily enterprise workflow.  We have been successful in transactional, repetitive tasks but missed the mark in human collaboration where expertise, judgment, and intuition are frequently exercised.  Sometimes automation fails as it focuses too much on how work should ideally be done and misses the point on how people actually do the work.

Social computing allows people to communicate their experiences and thoughts in a natural way by taking individual experience, context, knowledge, and relationships into account.  Whether this new method of social collaboration is used to streamline and support a case management process or for customer collaboration or to improve internal knowledge management process, it yields exceptional results.

Allow me to illustrate.  At Unisys we have witnessed the power of social collaboration through our internal social network and knowledge management initiative.  The purpose of this global initiative was to make knowledge sharing and social collaboration an integral part of the corporate culture and improve the reach and quality of internal knowledge exchange.  We used enterprise social computing to enhance the ability of employees to connect and collaborate more efficiently and share knowledge more effectively on our enterprise collaboration platform.  This solution is already being used by 15,000 of our 23,000 employees and fully integrates with our existing global enterprise content management solution.  Plans are to integrate it with our sales force automation solutions and other enterprise applications.

We continue to gain visibility for our progressive use of social media tools internally to build a collaborative, knowledge-sharing environment.  Following the recent case study in Harvard Business Review, Increase Your Company’s Productivity With Social Media, Unisys is one of five companies featured in a new infographic on Five Companies That Are Rocking Social Media where it is featured along with Dell, Morton’s, KLM, and ABC.  You can read more about our social collaboration initiative in Leveraging Social Collaboration to Increase Agility and Competitive Advantage.

While there was hype about the incident, Steve focused on immediate points enterprises should focus on working through.

• Maintaining dialog with solution provider who is under attack
• Preparing for an extended investigation
• Informing user base
• Evaluating internal systems

2011 was a year of unprecedented cybercrime. That is no hype. The scale, sophistication and frequency of cyber crime took most enterprises and governments by surprise.   The pressure will not let up in 2012. So, the question becomes is your enterprise ready for the road ahead? There are so many pathways to that question!

Unisys Security Straight will be here in 2012 to re-engage with you and begin our conversation on the road ahead. Predictions for 2012.

Thank you for your readership, and we welcome your blog topics for next year.

This week I want to bring your attention to one of our most recent additions, Richard Bryant.  He is a passionate man on paper, and if possible to imagine, an even more passionate man in person. What is he so worked up about? -  Hacking threats, and the desire to demystify cyber crime. We had him sit down and talk us through The Six Biggest Hacks and How to Deal With Them.

In this three part series posted this September, Richard goes beyond describing the terminology. He spends time really helping us understand

• Why that threat is even categorized as a threat
• How hackers pull it off
• Why the current IT model fails
• How can you change the dynamics

If hackers are 42 steps ahead of enterprise security, Richard is a one man mission to help enterprises understand the business risk and solve their security challenges. Glad he is on our team!

The goal of Incident Management is to resolve issues before they cause service disruptions, while Problem Management attempts to determine the root cause of incidents after they have occurred. Proactive Problem Management takes it a step further by using Predictive Analytics tools to analyze trends and patterns to prevent incidents from occurring in the first place. The potential benefits are significant (reduced incidents, improved user satisfaction), but many organizations have still not yet adopted mature Problem Management solutions. As indicated in a recent Gartner report, Improving IT Service Support With Incident and Problem Management Integration, 80% of surveyed organizations do not have Incident and Problem Management well integrated from a people, process, and technology perspective.

As I mentioned in a prior blog post, Smartening Up Your End-User Solutions, to cost-effectively reduce incident levels analytic tools collect information from various sources to detect patterns or trends, which provide insight needed to identify and resolve issues before they are noticed by end-users. But to effectively implement a sustainable solution, Incident and Problem Management need to be integrated at the people, process, and technology levels. Armed with known errors, fixes, and workarounds developed by Problem Management, the Service Desk team can more efficiently execute processes to resolve end-user issues. Data produced by the Incident Management (Service Desk) team provides valuable data that helps a separate Problem Management team prioritize workloads and develop fixes that reduce the frequency and impact of incidents. By adopting Analytics tools to identify trends and potential issues early in the process, both Incident and Problem teams will have data needed to prevent incidents rather than react after they have occurred and already impacted business services.

Organizations that successfully mature their Problem Management processes and develop proactive capabilities will recognize benefits including increased customer satisfaction, lower incident levels, improved knowledge management, and improved end-user and analyst productivity. To move forward with proactive Problem Management initiatives, it will be important for IT organizations to clearly justify and link requested investments in people, process, and technology with resulting business benefits. A well formulated business case will help IT communicate the business value of applying Smart Computing to the organization’s senior managers and business leaders.

Unisys has taken a proactive Problem Management approach to delivering services by incorporating use of monitoring, analytics, and resolution optimization in its c-RIM offerings to reduce incident levels, lower costs, and achieve enhanced customer satisfaction for our clients.

In the blog post, Enterprises Beware: Don’t Let Security Fall into the Consumerization Gap, we discussed that the majority of IT decision makers who responded to this year’s survey on the consumerization of IT cited security concerns as a key barrier to enabling employees to use personal devices and consumer applications for work.

So employers realise they need to get on top of the issue but, as they see all actions as urgent, don’t know where to start: from determining the best way to deliver IT support, improving security of data and access, strengthening policies and compliance, setting up employees with mobile devices, and transforming the data centre to effectively deliver data and applications to support the use of mobile devices.

With so many competing priorities it’s no wonder organisations are daunted by the challenge and feel overwhelmed. How do they start proactively managing consumer technology in the workplace?

The following plan of action provides a logical process to bring the influx of consumer technology under control.

1. Take stock – Understand what technologies are being used by employees and address the security risks to gain some control over what’s currently being used.

   Conduct an audit asking employees to identify the technologies they are bringing into the workplace and nominate the others that they would like to use but aren’t yet doing so.

   After doing this you can then create an enhanced security environment comprising a number of elements such as policies, procedures and security software to address the employee-owned mobile devices and any new devices introduced by employees or the organisation, and the use of social media.

   However, balance protection with enough freedom to use the devices and social media in a way that delivers productivity benefits.

2. Identify weakest points – Strengthen security at the weakest points – the devices and the network – to ensure data isn’t compromised. You can do this a number of ways including the use of digital certificates for authenticating users on the network and compulsory PINs to secure mobile devices such as smartphones and tablets.

   Network Access Control (NAC) provides a layer of protection against improperly used, infected or rogue endpoints attempting to connect to internal network segments. NAC does this by requiring devices to prove they are safe to connect to the network (pre-admission), and dictates where endpoints are authorised to go and what they are authorised to do. If the endpoint doesn’t meet the entrance criteria, NAC technology can quarantine and remediate non-compliant, infected or miss-configured systems.

   Create or revamp policies (and enforce them) in combination with IT security solutions to manage employee use of these technologies, and then provide employee education on their appropriate use. 

3. Determine best deployment for business benefit – Look at how to best manage devices and support users. Some ways to support users include self-help portals (covering the most common problems), support via chat/instant messaging, and a virtual service desk with FAQs and training videos is especially good as it can be available 24/7, which matches the ability to “work anytime/anywhere” nature of mobility.

   Decide who in the organisation should get to use consumer-style mobile devices to deliver benefits to the business – it may not be the top brass.

   Integrate new technologies into existing support models rather than create new models just for new devices or applications. Consider building more self-service tools to reduce pressure on the IT support teams.

   As users become more mobile, use remote management technologies such as Mobile Device Management Solutions to deliver security updates, deliver applications and provide support. Consider that managed service providers can support a wider range of new technologies faster than in-house IT teams.

Once the security and support issues have been bedded down, organisations can start to look for innovative ways to modernise or develop new enterprise applications that make use of the mobile devices and social media to improve or replace business processes.

The reality is consumer technology is coming into your organisation in droves; it is time to take control and transform the way you do business to harness the true value these new technologies have to offer.

We would love to hear how you are adopting consumer technology to improve employee productivity or change the way you deal with your customers. Please submit your comments below.

But it’s not just disasters that can compromise IT service delivery. Sudden traffic surges cause dramatic increases in the workload on the systems used, often bringing them to their knees. All the systems and their supporting infrastructure are intact – it’s just that they can’t cope with the demands placed on them.

I’m not talking about planned increases in workload, typically associated with dates or events. Month and year end processing, or big increases in travel associated with holiday seasons, are examples. There is time to plan for them although some systems still manage to crash even when the extra load is anticipated long in advance.

It’s big increases in traffic with little or no advanced warning that cause the real problems. Disasters may in fact be the trigger. Incidents such as floods or earthquakes can put tremendous loads on the IT systems used in the response. Emergency services are the prime examples. Police, fire, ambulance and even military systems could be involved, depending on the scale of the incident. All are likely to have deal with far more than their normal traffic. And systems outside of the emergency services, such as those used for recording faults in telecommunications and other infrastructure and scheduling repairs, are likely to be affected as well.

Less cataclysmic events can also cause sudden surges. Special promotions for products or services such as discounted fares by airlines increase the demands on systems. The business making the promotion should be able to prepare its systems but other organisations affected, such as for payment processing, may not have had the same warning.

It’s obvious that we require technology elastic enough to cope with sudden wide variations in load. One possibility is to provide systems big enough to handle just about any possible peak although predicting peaks has been made more difficult by the ever-rising use of the Internet. The number of end users clearly governs how much load can be generated: the numbers of PCs, smart phones and other user devices are unrestricted.

Assuming that we have configured a system big enough to cope, cost then rears its ugly head. For much of the time, the capacity available would be under-used.  How can we square the circle of providing capacity for peaks while at the same time controlling costs?

The pay-for-use approach with ClearPath systems, using metering technology, overcomes the problems. Hardware technology developments have reduced costs, allowing the delivery of systems with far more power than is needed for normal operation. Headroom is left for planned peaks and sudden shocks. But the user only pays for what is used (in ‘MIP time’ units), not the full capacity available in the system. It’s analogous to electricity supply. The incoming supply allows wide variations in load, for example depending on the weather. The customer pays for the kW hours consumed, not the maximum possible.

Metering is simple and immediately handles sudden increases in load. Alternative approaches, such as repurposing and switching in additional servers or virtual servers, are more complicated and may be less responsive.

More information on metering can be found in two white papers called ClearPath OS 2200 Metering Technology and ClearPath Plus MCP Metering Technology.

According to Forrester¹, organizations will be spending $7.6 billion by 2015 to re-engineer and re-invent the business processes and back-end systems to implement completely digital end-to-end, “straight-through” mobile business processes. This will be in addition to the $5.6 billion they will be spending on building mobile apps the same year.

The challenge for organizations is to identify which business processes and functions will deliver the most business value for mobile enablement and what is necessary to make the technology work effectively. To answer these questions, organizations should take a step back and look in detail at the routine of daily business workflow. They should try to figure out not only if the business processes can be optimized to make mobile workers more productive, but also if the work can be done in a better way with the use of new mobile technologies.

It is imperative to understand that enterprise mobility is not only about task optimization. If all you are doing is reformatting a web form for a mobile browser or building a mobile app for a standard function which is also available on a traditional PC, you may not be maximizing your opportunities. It is important to rethink how core business services can be delivered on mobile devices end-to-end with value-add. The potential for business process innovation on mobile devices is due to a number of factors which include extreme mobility, new rich sensors, new user experience paradigms, continuous connectivity, and cloud-based services.

For example, you may be able to improve the business value by leveraging sensors on the mobile devices such as using GPS and location-based services for field appraisals, using still cameras to scan bar codes, using video cameras for capturing footage for insurance claims, or leveraging Near Field Communication (NFC) chips for mobile payments. Bluetooth connectivity opens up other possibilities such as adding industry sensors. You may also want to extend standalone applications with cloud-based services such as providing text translation, traffic information, voice recognition, or video analytics services which rely on a range of powerful back-end services and databases. Marrying social computing capabilities with mobile devices creates a web of interconnected devices that are aware of each other in close locations, improving employee collaboration.

Therefore, organizations should not be focusing on building replicas of individual PC-based functions, but instead identify and analyze potential business workflows under the light of the new mobility paradigm and ask the question how new business value can be created. A well executed, mobile-enabled business process will allow you to improve customer satisfaction, supply chain optimization, field service productivity, and employee productivity offering new value potential and revenue streams.

 ¹ Forrester Research, Inc. – “Mobile App Internet Recasts the Software and Services Landscape”, February 28, 2011

Perhaps many of you remember this post’s title as a portion of dialog in “2001 – A Space Odyssey.”  I can’t say I understand all of the messages in the movie, but the theme of automation gone wrong is quite clear.  Only when you hear HAL say, “Stop Dave, I’m afraid” do you realize that the fear of loss of control goes both ways.

A number of our cloud conversations with customers touch on a concern about creating and managing a huge number of Virtual Machine (VM) images for their developers because each developer requests his or her own customized VM.  Developers aren’t comfortable with the standardization that goes hand-in-hand with automation.  During these discussions, we explain that when we first started automating within the Unisys engineering labs, we were in a similar situation.  Provisioning was considered a custom request and required a minimum elapsed time of two weeks to be satisfied. Today, 95% of the requests in our lab are “standard” and, through automation, makes a VM available within 5 minutes. This has given our customers courage.

Other discussions are more general than addressing the customization issue.  An IT director explained that he was calling their cloud initiative a “cloud architecture” since their stakeholders were very uncomfortable with centralizing control of their computing into a cloud that is shared by multiple business units.  This is just one example of what we’ve discovered.

I’m reminded of a situation I found myself in a long time ago.  I was architecting an automated admissions system for a college.  The admissions officer had a box on her desk that was filled with 3×5 cards.  She literally put her arms around the box and said that she could not possibly work without it.

So, as we worry about which cloud technology is best for our customers, we need to understand something that continues to be the maxim regarding data center transformation.  The real competition to our solution is not technical.  It’s inertia and an inability to articulate the value of overcoming this inertia in the eyes of the stakeholders.

Of course, automation is an inexorable trend in our industry.

Nevertheless, customers will not respond to the attitude that “resistance is futile.”

Instead, we have found it beneficial to share our own experiences in our lab, as well as providing insights into how they can guide their stakeholders through a set of manageable steps to achieve the benefits that we have realized for ourselves and our clients.

This year we focused heavily on challenges rising from cyber security, consumerization of IT and social media. Really, how could we not? While most of the content in the blogosphere focused on the “what” are these challenges, I would like to think we added more to the “how” are enterprises going to be begin addressing these security challenges.

Over the next few weeks I want to highlight three bloggers that challenged us to think beyond the “what”, and gave us content to really dive into the “how”. First up, Jan Wiewiora and his September post on Preventing Data Leaks Before They Occur. While most content is focused on the sensationalism of what happens after a data leak, Jan builds a case for enterprises to never have to show up on the front of the newspaper.

Better yet, Jan tackles challenging “how” questions head on! – “How do we get employees to not become inadvertent security threats?”; “How to determine access controls that will truly help protect data without requiring a “lockdown”?; “how to implement policies and have an impact?”.

This year we focused heavily on challenges rising from cyber security, consumerization of IT and social media. Really, how could we not? While most of the content in the blogosphere focused on the “what” are these challenges, I would like to think we added more to the “how” are enterprises going to be begin addressing these security challenges.

Over the next few weeks I want to highlight three bloggers that challenged us to think beyond the “what”, and gave us content to really dive into the “how”. First up, Jan Wiewiora and his September post on Preventing Data Leaks Before They Occur. While most content is focused on the sensationalism of what happens after a data leak, Jan builds a case for enterprises to never have to show up on the front of the newspaper.

Better yet, Jan tackles challenging “how” questions head on! – “How do we get employees to not become inadvertent security threats?”; “How to determine access controls that will truly help protect data without requiring a “lockdown”?; “how to implement policies and have an impact?”.

The idea of knocking out or blocking access to critical infrastructure to weaken an opponent is nothing new. In ancient times attackers would surround cities and cut off access to food, water and other supplies.  Such blockading is common military offensive strategy.

But with our increased dependence on our technology networks in both our work and personal lives, it is no surprise that today’s attackers seek to exploit security vulnerabilities in the cyber world with the aim of disrupting the physical world.  This applies regardless of whether the cyber attack is designed to take down the IT system itself or is used to damage other critical infrastructure such as water supply.

Interestingly, when we polled the public in 11 countries across the globe in March 2011 as part of the Unisys Security Index™, Australia and New Zealand were the only two countries where the Internet was rated as one of the top two national infrastructure assets vulnerable to malicious or terrorist attack.   

This may be because our nations “down under” are very aware of their remoteness and resulting dependence on the internet to be part of the global market.  Or perhaps it is simply because Aussies and Kiwis are less concerned about the vulnerability of other pieces of national infrastructure, such as public transport or places of large gatherings, than people in other countries are.

Either way, it is clear that effective cyber security is now an essential part of protecting national infrastructure and therefore is a vital part of any national security strategy – not just to protect vital information and communication technologies, but also to ensure they are not used to damage or block access to other physical infrastructure.  This is evident in the renewed focus being placed on cyber security by the Australian, New Zealand and other governments.

Cheers,
John Kendall
Unisys Security Program Director, Asia Pacific

Our IT industry has also moved from resource scarcity to resource abundance. The continued improvement of processing and storage densities has fueled the explosive growth in virtualization technologies. Processor virtualization burns CPU cycles and memory to increase overall system utilization. Most don’t notice this trade-off because more, cheaper resources are readily available. The leap to virtualization enabled the programmatic controls necessary for automation. Automation in turn has fueled the growth of large-scale public infrastructure and software as-a-service clouds. Users expect these public clouds will provide them instant access and perceived infinite resources for their future needs.

This abundance has raised expectations of what is possible so these users now have the same expectations of enterprise IT organizations. They reason that these organizations should benefit from the same explosive growth in processing and storage densities. And, since IT organizations have access to the same technologies from multiple providers, users expect them to provide the same capabilities. Why haven’t they?

Enterprise IT organizations benefit from resource abundance, are adopting virtualization, and are raising their utilization rates. However, they have not created the same instant access and perceived infinite resources that users now expect. Virtualization and its follow-on, automation, demand extensive changes in how enterprise IT shops operate. They seldom appreciate the impact that virtualization and automation will have on their organization, operational processes, management tools and decision making. As examples, the instantiation of a virtual machine differs greatly from the acquisition and installation of a physical server. And, the automation of an application’s deployment on a virtual machine requires programmers in operations. These are just a tip of pending changes.

At Unisys, we create clouds, operate clouds, and help enterprises plan their clouds. We use this knowledge and experience to help customers who are seeking to create their own private cloud since they are often overwhelmed by the complexity and the addition of another paradigm to their already full docket. Unisys Isaac Levy’s 4-part blog posts on Preparing for Your Private Cloud outline many of the considerations to help IT organizations that are struggling with these new concepts and how to best implement them.

One thing we know is that abundance creates opportunity. What abundance did in Tuscany during the 14th century is happening to enterprise IT. A renaissance is coming.

This cannot continue. Unless you take a holistic, systems-oriented view of your information system, you’re inviting failure. The compartmentalized approach isn’t sufficiently agile enough to adapt to today’s asymmetric, globally distributed use of information, and will eventually break. This butterfly effect means that even small changes in your network can have a disruptive impact on security.

For example, an increasingly common practice today is to encourage employees to network with customers and partners using social networking sites. This activity often takes place over the organization’s internal network. Unless you’ve thought it through holistically, you have no idea what the consequences might be. You could end up with a real storm in an unexpected area of your network, simply because you allowed access to social networking.

The pace of change continues to accelerate and, with it, so does the evolution of threats. We live in an era where it’s not only possible, but easy, for anyone with an axe to grind to make off with entire libraries of information and, minutes later, share their haul with the entire planet.

A few years ago, it would have required a crew from “Mission Impossible” to make off with millions of U.S. Armed Forces or State Department documents. But as the WikiLeaks incident proves, today it requires only a logon and some portable rewritable storage.

The key to deflecting this risk is to understand that IT security is no longer a technology or people problem. It is an information problem as well. Take a holistic view of your information system. Encrypt your information at rest and in motion. Monitor its use. Respond to anomalies. Update your policies (including how you authenticate). And enforce your procedures.

These properly integrated business process changes must be ready and tied off with the enterprise stakeholders before any data arrives. Otherwise their value won’t be realized. Even worse, the enterprise’s credibility with its customers will be seriously damaged if customers don’t see evidence that their feedback is being taken into account.  A major driver for social enablement is the importance of deeper and deeper customer/stakeholder engagement; not just to monitor views, but to communicate the messages of your activities, products and plans – i.e. to collaborate.  Consider the potential tidal wave of data that could appear through the increase in mobile computing where the integration of social applications is becoming the rule and not the exception.

As in the adoption of any technology-enabled innovation, the ground work has to be done first.  Identify the component of your business that would benefit from customer or internal stakeholder feedback and collaboration, and be clear on why and, most importantly, how the benefits can be continuously measured.  Are the enterprise departments/stakeholders in full agreement with the benefits and how they’ll be achieved?  What changes need to be made to the business processes (automated and manual)?  How will these changes be co-ordinated with your existing people-centric systems – Knowledge Management, Customer Relationship Management and Enterprise Content Management?  How do these plans fit with the enterprise’s strategy for mobile computing?  What are the associated costs and timescales and are they consistent with the return on investment being committed?  Can the changes be harmonized with existing business/system modernization projects?  Make no mistake, in a very short space of time social enablement will become an institutionalized part of the plumbing of every enterprise, so treat it like any other business-led activity.

Particularly in the case of social computing, a slick and continuous marketing activity needs to be in place.  Tell the internal and external stakeholders what you want, what you will do with what you get, tell them as you go along what you’re doing and give them an appropriate and accurate feel for the aggregate of the intelligence/feedback you’re receiving. And, most importantly how the enterprise is taking account of it.  As with the other business process changes that are necessary, this public relations activity must be pre-planned and diligently managed.

Professionally planned and executed Social Computing initiatives will transform the way that we interact with each other in our businesses and with our customers.  As a result, if planned up front and executed professionally, enterprises will improve their productivity, time to market, relevance of products and services, quality and depth of customer engagement, internal collaboration and quality of service. Unisys prides itself in focusing enterprise change upon predictable and measurable business benefit – the integrity of our offerings demands nothing less.

However increased competition through deregulation of many industry sectors such as banking, telecommunications and energy providers, and access to a much wider market to buy from via the Internet, has moved power into the hands of the consumer to decide whether they want to continue doing business with you, or change to someone else.

Customer trust is key to developing customer loyalty.  But it can be quickly eroded if consumers feel that they have been put at risk – such as if they find out that an organisation they have been dealing with has suffered a data security breach. 

This is particularly the case in Asia Pacific where, according to the latest Unisys Security Index™, at least 8 in 10 people in Australia, Hong Kong, and New Zealand would stop dealing with an organisation, such as close their account, if they found out that the privacy of their personal information had been compromised.  Of the 12 countries surveyed in the global research study, Australians are the most likely to say they would take such action, with Hong Kong and New Zealand not far behind.

Of course this is what people say they would do, and some sceptics point out that Sony hasn’t exactly fallen in a heap after its recent PlayStation security breaches.  But Sony’s PlayStation customers have made a significant investment in their console and games software so there is a deterrent to simply swap to another gaming platform.  In contrast, we are regularly bombarded with marketing offers from mobile phone carriers, home loan lenders and energy providers with attractive rewards to change over, often with the offer to manage the administration of changing providers for you.  In these “utility” markets it has never been easier to change – and the customer knows it.

The survey also found that many people say they would consider other actions such as publically exposing the issue and taking legal action.  It is almost as though they want to punish the organisation for putting them at risk.

There are currently no laws for mandatory data breach notification in Australia, Hong Kong or New Zealand.  Given the possible reaction of customers some might argue there is no incentive for businesses to tell customers about a data breach.  But organisations do have a responsibility to inform their customers immediately if there has been a breach so that customers can take actions to minimise their vulnerability to financial or identity fraud.  They may even win some brownie points if they are seen to act quickly and helpfully.  Also, consider the impact if an organisation is caught trying to cover up such a breach – damage to reputation and loss of customer trust.  Better to have quick and transparent communication with customers and work with them to reduce their vulnerability.  You have more chance of retaining your customers’ trust that way.

Mandatory data breach laws would make sense if it is found that businesses (and government organisations) fail to act responsibly off their own bat.  But the focus should be on those breaches where there is real risk of harm as a result of the breach (eg access to financial details; risk of identity theft; access to biometric data etc).

The Unisys Security Index (conducted since 2006 in Asia Pacific) has consistently found that the top two security concerns for the public are data security related:  people obtaining/using credit/debit card details; and unauthorised access to/misuse of personal information.

No wonder they are putting business and government on notice that that they are not going to passively accept privacy breaches.  

Cheers,
John

If we go back ten years to when I wrote “Business Agility: Strategies for Gaining Competitive Advantage Through Mobile Business Solutions,” Consumerization was just starting to fuel mobility and the bulk of solutions were from specialized providers of enterprise mobile devices and mobility software. At the time, the major enterprise value of a standard mobile phone or smartphone, beyond communication, was for basic functions such as personal information management (i.e. e-mail and calendar etc.). Anything else in terms of enterprise functionality had to be accomplished through much more specialized hardware from companies such as Intermec and Symbol.

In today’s world, due to the sheer numbers of consumers with smartphones and their increasing functionality such as location-based services, multi-media and so forth, we’re now well past a tipping point – companies such as Apple and Google can make large profits in the consumer market and direct those profits back into R&D in order to constantly innovate and improve their products. There’s a great article about this in a recent issue of The Economist called Beyond the PC.

These consumer devices are now far more powerful and feature-rich than most of the corporate-issued devices of the past and are beginning to take on broader roles as mobile computing devices beyond personal information management. Unisys has been studying Consumerization of IT over the past couple of years; our recent survey in conjunction with IDC shows some of the challenges and opportunities faced by the typical enterprise as they embrace this trend for business advantage and attempt to close what we call the “Consumerization Gap.”

It could be argued that the R&D fueled by the sheer scale of the consumer market is where the major innovation is occurring within the IT industry. Hence it is directly fueling innovation in the enterprise arena as employees bring these technologies and approaches into the workplace. This extends not just to mobility, but also to social computing and cloud computing as well. In terms of enterprise mobility, the innovation doesn’t stop at the device of course. There’s plenty of opportunity for companies to innovate and differentiate in terms of how they secure, manage and support these devices and how they mobile-enable their internal and customer-facing applications.

So while Consumerization may not have always fueled enterprise mobility in the past, today it is a driving force and is enabling tremendous opportunities for IT to re-think and re-design their strategies, applications and processes through disruptive trends such as mobile, social and cloud computing.