Insight into IT Strategic Challenges

Insight into today's IT Strategic Challenges Jorge Sebastião Founder and CEO [email_address] www.esgulf.com

The Net is very different Internet Instantaneous Any- to-any Standards- based Always- on Mobility In person Phone Mail Private networks

How Do We Manage Enterprise Complexity? ERP Solutions Mainframe Client/Server Heterogeneous distributed databases Mission Critical Availability The Internet heightens availability requirements Inter-dependencies of applications with business

Products Are Not Enough People Technology Process

Management Requirements

10 Challenges

End User Awareness

Unavailability Technical skills

Leveraging New Generation Networks

New devices Mobile Computing

Security and Privacy

Evolving Risks

Compliance and Regulation

New Technologies Biometrics

Smart Cards and eGov Challenges

Infrastructure Management

“… disasters are not technical, they’re people and culture related…

“ The soft stuff is the hard stuff.”

Bryan Fiman

Principle and Co-Founder,

Implementation Management Associates

User Awareness and Adoption?

Support Requirements

“ … . uneducated users require 3 to 6 times more support than educated users over the life of a new technology and process.”

Research Note

Unavailability Technical skills

Rapid rate of change of technologies

Shortage of skilled staff

Key to recognize the risk areas

Take appropriate preventive actions:

obtaining training

hiring consultants

right people

These factors might apply to your team:

inadequate training

poor understanding of methods, tools, & techniques

inadequate application domain experience

new technologies or methods

ineffective, poorly documented, or neglected processes

Professional Development

Balanced approach

Education

Training

Experience

Certification

Networking

Interpersonal / Soft Skills

Professional Development

Professional Goals

S pecific

M easurable

A chievable

R elevant

T ime-bounded

Adapted over time

Telephone Services Data Services (WWW, e-mail, etc) Video Services (TV, movie, etc) Telephone Services Network Video Services Network Data Services Network Policy Area 1 Policy Area 2 Policy Area 3 Legacy: Vertically-Integrated Networks pre-NGN Network Challenges - Legacy Networks

Network Challenges– NGN challenges Source TIPHON Control Area lP/MPLS Core Network Transport Area Service/ Application Area PSTN Internet Soft Switch

IP Service and

Application Control

QoS

Authentication

Security

Multicast

Multimedia Call Control

VoIP and Video

IP endpoint control (H.323/SIP)

Media Gateway control (H.248)

Messaging Application Media Gateways Application Hosting

Programmability

3rd party applications

Web access

Open APl's

Web based Service selection Application Mediation Layer Enterprise ASP 3rd party Application Policy Server Aggregation Network Metro Optical RAS DSL Cable Frame/ATM Wireless Service Switch

Manage QoS

Security

Interoperability

Openness

Programmability

Interworking

Network Challenges– Business Drivers Service Control Layer lP/MPLS Core Network Layer Application Layer PSTN Internet Soft Switch

IP Service and

Application Control

QoS

Authentication

Security

Multicast

Multimedia Call Control

VoIP and Video

IP endpoint control (H.323/SIP)

Media Gateway control (H.248)

Messaging Application Media Gateways Application Hosting

Programmability

3rd party applications

Web access

Open APl's

Web based Service selection Application Mediation Layer Enterprise ASP 3rd party Application Policy Server LDAP based Aggregation Network Metro Optical RAS DSL Cable Frame/ATM Wireless IP Service Switch IP Video Internet Offload IP Voice IP VPN IP Transport Multimedia Conferencing Unified Messaging Virtual Office Tele Education E-Business Margin

Users Want Mobility? Home working 89% of top 100 US companies offer telecommuting 2 60%+ Britons & Germans equipped to work remotely 1 Mobility How many of us using Mobile Today ≥ 66% workers will use mobile & wireless computing 1 Branch Offices 60 % of employees work at Branches Virtual 58% companies consider theirs to be a virtual workplace today 1 interpretation of analyst data 2 ComputerWorld survey

New Corporate Boundaries

Platforms

Data Center

Laptops

PDA

Mobiles

Distributed Access

Dialup, ADSL, VPN

VSAT

Wifi, WiMax

GPRS/3G

Communication Centric Applications

Web

Email

IPM

VoIP

Multiple Networks

Intranet

Extranet

Internet

Users

Employees

Partners

Suppliers

Customers

Consumers/Prospects

Location

Office

Internet Café/Restaurants

Airport

Hotels

Home

Mobility and Access Management Control Loosely-coupled, Dynamic exterior Tightly-coupled, Persistent interior Intranet Extranets Customers Partners/Suppliers Employees Consumers Internet

Mobility Devices

Laptops

Mobiles

Bluetooth

PDA

Smart Card

What Is Privacy & Why Does It Matter?

Privacy is a malleable concept

Physical security and liberty as one version

Information privacy is another

Information privacy is the issue here

Privacy is a human right that preserves individual autonomy

That autonomy is necessary for a free and democratic society

It is a community interest

Does New Technology Threaten Our Privacy?

US $200 and 24 hours will get you anything you want to know about someone (ex-partners, detailed asset lists, convictions, video rental preferences, etc.)

CVS Pharmacy, Doubleclick, Amazon

HRDC’s detailed, lifelong files on all of us - lacking real controls on use or disclosure

Technology - Opportunities and Challenges

Some opportunities:

Easy access to central data-bases

Use of virtual records ( e.g. , health records)

Digital transaction security

Improved resource allocation and needs predictions

Some challenges:

Improper personal data access

Security breaches

Improper data-linkage, sharing and mining

Mitigating Privacy Risks By Legislation

Establishing principles for all cases

Designing privacy into systems and programs

Building privacy into systems and programs

Dealing with boundary cases - the gray areas lawyers love

Public and private sector rules are needed

Public sector (provincial and federal legislation)

Private sector

Mitigating Risks Using Technology

Privacy enhancing technologies (PETs)

Smart cards, toggles, digital certificates

Technology enhances privacy - it does not define it

Always ask: Who can override the security?

Remembering that design is key

What data, to whom, when and for what purposes?

What happens to it after that?

Data destruction

Evolving Risks – Banking Ex

Phishing new threat

First Phishing – Now Ransomware

Phishing

Pharming

Ransomware- So far theses attacks are quite rare but it brings a new dimension to the usage of the internet and a new generation of attacks.

IT and Corporate Governance Business BSC IT BSC CoBiT ITIL ( & BS15000) ISO27001/BS7799 IT Governance & ITSM

Multitude of Governance

SOX

AML

ISO27001

ISO90000

ISO20000 (BS15000)

CoBIT

PAS56

Basel 2

HIPAA

EMV

...

Biometrics and IT Systems

The automated use behavioral and physiological characteristics to determine or verify an identity.

PIN Rapid! Know Have Be

Biometric Process-1 Enrollment stage Identification stage Biometric Present Sensor Signal Process Reject Accept Sensor Biometric Present Storage Decision Signal Process

Biometrics and Statistics

FAR – Type I

FRR – Type II

FAR vs FRR protection vs ease of use

ERR=“FAR=FRR”

Biometrics-enabled Authentication Applications

Cell phones, Laptops, Work Stations, PDA & Handheld device set.

2. Door, Car, Garage Access

3. ATM Access, Smart card

Forensic : Criminal Tracking

Fingerprints

DNA Matching

Car park Surveillance

Frequent Customers Tracking

Biometrics-Problems

Smartcards-The Wallet Computer

SmartCards Influencing Implementation Multipurpose Secure Personal ID System

Policy

Government

Corporate

Processes

Issuance

Enrollment

Apps Update

Identity Verification

Technology

Architecture

Features

Standards

User Privacy Acceptance Social

SmartCards Impediments to use

infrastructure requirements?

Integration?

Common standards?

SmartCard Issues-1 What information? Where it is stored? Who is entitled to access it? How it is protected from un-authorized access? Privacy Authority: oversees, administers, enforces ID program. Governance Card is either alternative or mandatory ID. Voluntary vs. Mandatory ID Requirements Policy

Issues-2 Amount and type of information applied for risk profiling? Profiling Allowable means proving identity prior to ID issuance Mechanisms for Issuance Which standards? Interoperability? Standards Degree of authentication? Level of risk mgmt required? P ublic acceptance of the process? Level of Authentication Requirements Policy

Infrastructure Management Challenges Reduce Complexity Bandwidth Utilization Network Resource Accountability Guaranteed Network Performance Security

Infrastructure Mgmt Fragmented IT Desktop Help Desk LAN Admin DBA Operations Mainframe Security Network Management Chaos Business User Non IT Devices Applications Databases Systems Networks

Fragmented Service Delivery Desktop Help Desk LAN Admin DBA Operations Mainframe Security Network Management 97% 97% 97% 97% 97% 97% 97% 97% Business User Non IT Devices Applications Databases Systems Networks 76% Availability

Government Education Dept 0 1 2 3 4 5 Service Level Management Availability Management IT Service Continuity Financial Management Capacity Management Service Desk Incident Management Problem Management Config. Management Change Management Release Management Efficiency & effectiveness Process Maturity

Project Failure Rates

Application Development Projects (The Standish Group)

Challenged Succeeded Failed 28% 46% 26%

Mitigate Risk

Reduce Cost

Improve Productivity

Ensure Regulatory Compliance

Connect Geographically Dispersed Data Centers

Improve Systems and Data Availability and Recovery

Consolidate Data Centers and Storage / Server Resources

Reduce Capital and Operating Expense

Maintain / Increase Availability

Ensure Service Delivery

Increase Productivity

Connect Geographically Dispersed Data Centers

Converge Networks

Enable New Applications Through Increased Bandwidth & Performance

Priorities By Function

Improve BC/DR Processes

Distribute and Protect Data

Reduce Infrastructure Spending

Improve IT ROI

CIO Data Center Networking Operations VP Infrastructure

People Business Processes Technology Delivering ROI Competitive Advantage

Service Improvement A process led approach Maintaining the momentum Where do we want to be? Vision and Business objectives Where are we now? Assessments How do we get where we want? Process Change How do we know we have arrived? Metrics

Maturity

Process Maturity Framework The Five Levels of Service Management Process Maturity Ref: based on Norton / Nolan & CMM In terms of: - vision & strategy - steering - processes - people - technology - culture 1 Initial 2 Repeatable 3 Defined 4 Managed 5 Optimised

Implementation Process Education Standards & Best Practices Support

Solution Building Blocks INTEGRATED ICT SOLUTIONS VOICE FRAME/ATM MPLS BANDWIDTH INTERNET MANAGED WAN MANAGED LAN MANAGED VoIP MANAGED SECURITY MANAGED MOBILITY BUSINESS SERVICES VALUE ADDED SERVICES NETWORK SERVICES NETWORK PRODUCTS NETWORK & ACCESS INTEGRATED SOLUTIONS IT SERVICES & APPLICATIONS WIRELESS SATELLITE xDSL ETHERNET LEASED LINE HOSTING & STORAGE OUTSOURCED CALL CENTRE MESSAGING HOSTED MMVoIP MULTI-MEDIA CALL CENTRE VoIP PORTALS/ INTRANET CRM APPLICATIONS MANAGED DESKTOP SECURITY NETWORK. OUTSOURCING BUSINESS OUTSOURCING ENTERPRISE SECURITY SYSTEMS INTEGRATION TECHNOLOGY CONSULTING

Implementation Challenges Theory… Practice:…

Questions?