STRATEGIC_INFORMATIONTECHNOLOGY: Solving Increased Data Backup and Recovery

2015-Feb-26

*** begin quote ***

Live Webcast: Solving Increased Data Backup and Recovery

Date: Wednesday, March 11, 2015
Time: 10 am Pacific Time / 1 pm Eastern Time
Presented by: Michael Krutikov, Sr. Product Marketing Manager

With ever–increasing amounts of data, whether driven by datacenter evolution or just plain growth, there is a definite need for better solutions in today’s enterprise data centers. So the big question is, how do you solve for the increased amount of data while obtaining operational efficiency that delivers success for IT and ROI for an organization?

*** end quote ***

Interesting concept focusing on the data in the datacenter.

But what good does it do to have your data if your recovered systems are a mess. 

That is, for example, what about:

  • The various job schedulers —autosys, job track, cron, tape management systems, job control language, job instructional language, batch, pseudo batch, etc. etc. — all have to be “resynchronized”.
  • The various third parties that one receives and sends to. In a disaster, one assumes that life elsewhere went on. Perhaps, even complicated, by your own organization, using contingent methods to up date data that the recovering systems are unaware of.
  • What about the “appliances” and “firewalls” — of various and sundry types — that keep state information in strange places.

In several previous employment “lives”, the solution was found in “Start of Day / End of Day” backups.

What this does is established known good points where the datacenter can restart from with the sure and certain knowledge that ALL business and technology data is good and consistent across the enterprise. If, and this is a big if, the applications and systems can speed the clock from “the recovery point” to the “interruption point”, then the Business and Technology people can pick up right where they left off. Every “Third Party Involved” interface needs to have a “reconciliation procedure” to align the recovered data with that held in the Third Parties systems.

It’s rare to see a recovery that can happen this way. (I’ve never seen it. Despite advocating for it with many different Clients and Employers.)

It’s as if they can’t imagine a disaster, and as such prefer to gamble: (1) that it will never happen; and (2) somehow someway they will muddle through. With that as their “strategy”, they do just enough to fool the auditors and their Leadership. Of course, it all comes tumbling down when “hard questions” are asked.

— 30 —

FIGURING: “Know Thyself!”

http://www.forbes.com/sites/georgeanders/2013/09/04/how-gallup-hit-a-goldmine-with-strengthsfinder/

9/04/2013 @ 9:26AM 55,904 viewsNeed A Career Tuneup? Gallup’s Tom Rath Has A Quiz For You

*** begin quote ***

Are you a learner, an achiever or an includer? If you’ve seen those terms before, you’re probably one of the nine million people who has taken Gallup Inc.’s StrengthsFinder test. The workplace diagnostic quiz is a favorite at companies ranging from Facebook to Harley-Davidson. And it’s become a financial goldmine for Gallup, generating more than $100 million of revenue to date.

These are challenging times overall at Gallup, the opinion-research and business-consulting firm, as I explain in a major Forbes magazine story this month. But the company’s StrengthsFinder franchise keeps on humming. Prime evidence: the unstoppable appeal of “StrengthsFinder 2.0,” a book by Gallup executive Tom Rath. He book explains the test, offers some coaching and provides a security key that allows one reader per book to take the quiz online.

*** end quote ***

http://reinkefj.com/?page_id=53

2015-Feb-23 Strengths Insight Report

# – # – #

Seems like a great idea for all those who are interested in understanding themselves.

“Know Thyself!” – ascribed to Socrates

— 30 —

 

LEADERSHIP_PROJECT: The difference between a “Book of Work” and a “Workbook”

2015-Feb-19

http://www.keyedin.com/project-success-blog/article/15-great-ways-project-management-can-help-your-growing-business

15 Great Ways Project Management Can Help Your Growing Business
01/17/2014 Written by: Ian Needs

*** begin quote ***

Many SME’s are simply scared of the term “Project Management” or end up implementing a host of non-connected, counter-productive tools. 

*** end quote ***

Recently, I was involved with an application portfolio, “Book of Work”, that was so tightly integrated, that a full 75% of the portfolio was required to run any one application in the portfolio.

And, humorously, no one seemed upset about that. And, consequently, no one did anything about it.

Old Wall adage: “When in a hole, stop digging.”

I did some unofficial of the “soil” from this particular “hole” and found 23 different ways that applications were allowed to become dependent up each other. Interesting, I found some direct dependencies (i.e., an app writes a file that it later reads back into itself) as well as indirect (i.e., app1 writes a file1, app2 reads file2 and writes file2, app1 requires file2 to complete its work). Amusing!

In my experience, this comes from not having having a development methodology, with policies, procedures, and processes, that will prevent “just get it done” type work.

But, that’s why I’m not in charge. 

No, you can’t have it now, if it leaves us in a bigger hole than when we started.

The journey of a thousand miles starts with the first step. Make it in the correct direction.

I find it humorous that Microsoft Project is “too expensive” for any large organization. Have they ever looked at what they “waste”?

Argh!

I like my projects — “small” and bounded by “time”, “resources”, and “deliverables”. IF you can’t slice it into bite-size subproject, THEN you deserve every over run and under delivery you get.

— 30 —

BPR: Infosec risk reduced by proper engineering

http://www.itgovernanceusa.com/blog/new-icloud-phishing-campaign-discovered/?utm_source=Email&utm_medium=Macro&utm_campaign=S01&utm_content=2015-01-16

New iCloud phishing campaign discovered
February 13, 2015 by Lewis Morgan

*** begin quote ***

This is a cheeky one. Cyber thieves have been caught red-handed sending out phishing emails that are designed to steal financial information.

*** end quote ***

I NEVER have this problem.

I have my own domain.

I designed my approach around the only thing constant — the email address.

Not the one in the header, which can and is forged often. But the delivery address. It’s got to be authentic otherwise how is it going to get to you.

By using your own domain, you give the BANK and email address for you of “BANK @ reinke.cc”.

Then, anything that purports tone from the BANK, that does NOT come in on that address, is fraudulent.

Laugh. It doesn’t matter how authentic it looks, it CAN NOT come in on “their address” (i.e., the one I assigned them).

Needless to say since I can create an unlimited number of these, and they all sort by a wild card rule in a catch all mail box, it’s a trivial system to maintain.

So go ahead ne’er do wells, spam, phish, and con all you want, you can’t pretend to be my bank unless you crack the BANK and get the email address assigned to them. 

Oh, and BTW, I used “bank@“ as an example. In practice, the “address” is more complex that that. “Bank” may actually be “9B94VPp8HhEU”.

But then what do you expect from a fellow who’s Mom’s Maiden Name might be “UmuCZDBpB5FY” and who’s first car was a “xF9DxMQk8CfK”?

Laugh!

The sad part is that this is such a simple and easy process to implement, but, despite the number of times I have blogged it, talked about it, and demonstrated it, folks just don’t care enough to take a such simple step.

It’s all about simplicity and clarity.

— 30 —

FINANCIAL_JUSTIFICATIONS: Time, Talent, and Treasure?

2015-Feb-17

http://www.idea-sandbox.com/blog/making-better-decisions/

Making Better Decisions Considering Time, Talent & Treasure
CRAFTED  13 FEBRUARY 2015

*** begin quote ***

Is this worth our Time, Talent, and Treasure? Below are suggested questions to ask about the project, plan, or idea…

Time

Is it worth the time investment?
Are there better/more effective things we could be doing with our time?
Does the effort provide a worthwhile return?

*** end quote ***

I personally like: Attention, Effort, and Resources.

But it’s very similar.

I like “attention” as opposed to just “time”. 

We all all have a both a limited attention span and a limited amout of attention we can allocate.

It’s a qualitative and quantitative measure of the Leadership’s most limited resource.

If the decision maker can delegate an “above the waterline” unit of work without spending much attention on it, then that’s a big win.

But how many Leaders don’t consider that amount of “attention” that getting involved in something will take.

It’s more than just “time management”; it’s opportunity portfolio management.

Using “financial justifications” is one way to “focus on first things first”.

Rarely done before the “sunk costs” being to pile up. The financial equivalent of a “body count”.

# – # – # – # – #  

FINANCIAL_COST: Creating negative feedback loops

Time after time, I see Business and IT Leaderships struggle with changing organization behavior.

But they FAIL to use “cost recovery” to affect change.

When I had a severely understaffed InfoSec group and THREE people who did nothing but change passwords, I pitch an idea to my boss at how to eliminate stupidity, laziness, and make work.

It was basically a two pronged attack to reduce the approximately 9,000 password resets we were doing annually in a 5,000 person company. I swagged up a number at how much each one of those password resets cost him — 17$ each in labor. We needed those folks to do other work, but password resets took time away from other more important work. So IT charged back to the individual’s cost center 20$ for each password reset AND an individual could not call in for a password reset, their Boss did. We’d then call back the individual and reset it. We went from 9,000 per year to about 30 per year. 

(And, I was rewarded at bonus time for an excellent idea.)

From this, I formulate the idea of using “cost recovery” as part of a negative feedback loop.

I see meeting with color copies. I see runaway B&W printing from stupidity. And, I see personal printing galore at shared printers.

Seems like an area that’s ripe for cost recovery.

— 30 — 

SME_ITDR: The interesting part about ITDR is timing

Different types of measures can be included in disaster recovery plan (DRP). Disaster recovery planning is a subset of a larger process known as business continuity planning and includes planning for resumption of applications, data, hardware, electronic communications (such as networking) and other IT infrastructure.
Disaster recovery – Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Disaster_recovery

# – # – # – # – # 

The interesting part of splitting this into parts is there is no holistic view of a recovery.

The timing of a recovery is essential to success. It really doesn’t matter if one can “turn the lights on” (i.e., power up back up components and get the parts running). What matters is to resync the whole “mess”.

From my first assignment in ITDR to my latest, no one seems to understand that.

From the internal job schedulers, to the external third parties, and in all the intra-system interfaces — everything must be set to common point in time. 

And, the “real world” keeps on going without you. So that makes “catching up” even harder.

So, “recovery” must be automated. Push that “big red easy button”, with apologies to Staples, and the systems must “automagically” on command: instantiate the recovery environment, fall back to a known good restart point, replay all the transaction “book” between the recovery point and the disaster, and present systems for acceptance by Business Users.

That’s a tall order.

In my first assignment, the arithmetic worked out that regardless of when during the processing week a disaster occurred, the environment would always be ready on the following Monday. (Quite a novel discovery. And shook the Business and IT Leadership awake. “Hey we need a better BCP for Monday disaster!”.)

Unfortunately, without the holistic view, everyone sees “trees”, but not the “forest”.

It’s a good thing that disasters are relatively rare. Most corporations don’t survive them.

— 30 —

QUALITY: 2014 Return problems predicted 2015 Turbo Tz problems

2015-Feb-09

https://ttlc.intuit.com/questions/2453012-how-did-my-turbotax-account-get-hacked-into

*** begin quote ***

TurboTaxChristine , ManagerModerator 6 days ago
I can understand the though of your account being compromised is deeply concerning. Safeguarding your information is very serious for TurboTax.

The tax preparation industry, including Intuit, is actively engaged with IRS to fight fraud. We are deeply concerned about any instance where identity thieves steal names and social security numbers outside of the tax filing process and then use tax software to file fraudulent tax returns.

We have a proactive fraud risk management process in place to prevent, detect and respond to suspicious and fraudulent activity. We apply rigorous practices to detect, investigate and respond to fraudulent activity, and collaborate with others in government and the financial services industries to continuously improve our fraud controls.

Unfortunately, identity thieves steal names and other personal information outside of TurboTax and share them in the black market of information. A common way thieves obtain personal information is through the use of Phishing Sites. When you suspect you are being phished :

1. Do not click on a link in a suspicious email, but rather go to the company site and view the information. Even if a suspicious email is not requesting personal information, it may contain viruses that can retrieve personal information off of a computer.

2. Report any suspicious emails to the institution they are claiming to be. If you have any suspicious TurboTax emails, you may send them to TTaxInvestigations@intuit.com, and we can confirm for you.

3. Be wary of any email requesting personal information or offers that appear to be too good to be true, especially in social networking environments.

If you believe you or a family member is already a victim of identity theft, you will want to check out the resources we have pooled together for you at the below link. While they are more specifically designed around tax-related identity theft the core principles within are a good guideline for you to follow: http://turbotax.intuit.com/support/go/GEN86887

*** end quote ***

Interesting that the same problems reoccured a year later.

This seems to indicate that their “Quality Improvement” program is lacking to say the least.

It’s interesting that of the complaints posted, the fraudulent return is point to an American Express Bank.

Guess they need some quality help too.

Argh!

— 30 —

SMENET: How does the IT pro think about the next internet

2015-Feb-11

http://www.itif.org/files/2009-designed-for-change.pdf

Should we favor “net neutrality”? 

And the challenges of the next internet.

Richard Bennett, a visiting fellow of the American Enterprise Institute, is an expert on Internet technology and public policy. He co-invented Ethernet over Twisted Pair, the Wi-Fi MAC protocol, and miscellaneous network enhancements such as the MPDU Aggregation system for 802.11n, the Distributed Reservation Protocol for UWB, and various tweaks and hacks to the Internet and OSI protocols.

# – # – # – # – # 

The Governments of the world seek to throttle and control the internet for their own purposes.

In actuality, the consumer controls the levers of control. What will they pay for and what will they not pay for are the puppet’s strings.

He reinforces that change is unavoidable. Better to plan for it and “surf the wave”. Rather than be sunk by it.

Email really needs encryption. 

# – # – # – # – # 

PROBANAL: CIN or SSN?

2015-Feb-10

http://www.wired.com/2015/02/breach-health-insurer-exposes-sensitive-data-millions-patients/

Health Insurer Anthem Is Hacked, Exposing Millions of Patients’ Data
BY KIM ZETTER   02.05.15  |   8:28 AM  

*** begin quote ***

“Safeguarding your personal, financial and medical information is one of our top priorities,” the company said in a statement posted online, “and because of that, we have state-of-the-art information security systems to protect your data.”

It seems that state-of-the-art security system didn’t involve encrypting Social Security numbers and birth dates—two pieces of information that are highly valuable to identity thieves.

The company said it would provide credit monitoring and identity protection services free of charge to those who were affected. Anthem discovered the breach last week and is still investigating the number of people whose data was accessed, but a spokeswoman told USA Today that she believes it numbers in the “tens of millions.”

*** end quote ***

Bet the coverage is only for a year.

And, isn’t there a disconnect between what they say and what they do?

We know that SSN is a disaster, and it was never “sold to the people” as an identification number.

But it has become one de facto.

So how do we analyze this “problem”?

Simple, don’t use SSN in corporate systems as an individual’s identifier. Create your own Customer Identification Number (i.e., CIN).

Seems simple enough.

Should a cross reference be required, keep that safe and tightly controlled.

But, what do I know, I remember when corporate systems at AT&T didn’t use SSN.

Sigh!

— 30 —