Cloud

The CTOvision.com blog has moved!

Posted on

If you have found this post you might be looking for our new location.

The CTOvision.com blog has been operating on its own server for quite a while now, and we continue to provide content on items of interest to enterprise CTOs.

Please follow us at http://ctovision.com

Thanks!

Bob Gourley

This entry was posted in CCSA, CERT, chief technology officer, Cloud, collaboration, Computer Security, CTO, Web/Tech and tagged , , , , , , .

Video for the Enterprise CTO

Posted on

I enjoy learning from and interacting with great CTO teachers face to face, which is why direct meetings are an incredibly important part of life.  But that model does not scale well.  There is no way any human can begin to schedule enough time/meetings/conferences/interactions to tap into all the great teachers there.  

Social media can help in a couple ways.   For example, when used properly, it can help you connect with and learn from others in a way that is non-obtrusive to them.  It can also help you determine who has credibility in their field, which can be of use at times.  Social media can also help you find the best works to read and study which is another way learning from the masters but also in dealing with information overload. 

I’ve just integrated another way of learning from the masters into the site at http://ctovison.com The site is now leveraging a YouTube channel designed specifically for enterprise CTOs.  It also embeds automated searches on YouTube focused on Information Technology and provides simple ways to kick off your own search.

Here is how it works and what the social media connection is:  A video I find that I believe to be relevant to enterprise CTOs (like, for example, Nicholas Carr talking about “The Big Switch” or a product demo for a hot technology like Plastic Logic)  is tagged as a “favorite” on YouTube.  Then it will automatically be available as the first choice of a video in the player I have embedded on the front page at http://ctovison.com  That player and other videos, including all that are relevant to searches on terms like “Information Technology” are also on the new CTOvideo page at http://www.ctovision.com/cto-video.html  

Additionally, the sidebar of the blog now has videos the Google and YouTube search algorithms think are relevant to the content. 

How can you help drive the content of the video displayed?  As always I really appreciate your feedback, via any path that is easy for you.  You can send e-mail or leave comments on any post suggesting any video.  You can also connect to me on Twitter or Facebook and we can interact on the topic there.   And if you have a YouTube account we can connect there.  I’m http://www.youtube.com/user/ctovision

 

This entry was posted in chief technology officer, Cloud, Computer Security, CTO, Cyber Initiative, Disruptive IT, Enterprise, Google, Social Computing, Video, YouTube.

Vivek Kundra: Still the Alpha CTO and now the First Fed CIO

Posted on Updated on

Vivek_Kundra.jpgToday’s news on Vivek Kundra’s role in the federal space made me think of another CTO, Yuvi Kochar. Yuvi, the CTO of the Washington Post, is a great connector of CTOs who leads the informal collective of the Washington Area CTO Roundtable.  Although I had heard Vivek speak a time or two, the first really deep interactions I had with
Vivek were through Yuvi’s work in service to the tech community and I much appreciate that.

For a quick update on Vivek from a CTO perspective see: Read the rest of this entry »

This entry was posted in Apps for Democracy, chief technology officer, Cloud, collaboration, Computer Security, CTO, CTO Principles, Disruptive IT, Enterprise, Great CTOs, Mashup, Technology Leadership, Vivek Kundra.

Open Source Databases

Posted on

All indications are the next significant growth segment for open source software will be in databases. This follows the trend of open source operating systems (Open Solaris and Linux). 

Two open source databases of note are Hadoop and MySQL
Hadoop is not for everyone. It is a very powerful open source software focused on highly scalable distributed computing. It implements the MapReduce distributing computing metaphor in use at some very large computer powerhouses. In general, I don’t believe it will be of immediate use to the average enterprise, it is for the big guys with high end problems.  My recommendation is that all CTOs at least download it at home and try it out just for familiarity (I’m running Hadoop on my home systems now so I can kick the tires and will be writing more about it in coming posts). But I don’t recommend every enterprise everywhere adopt it. 
MySQL, on the other hand, should be of interest to any enterprise, big or small.  I’m a MySQL user and really enjoy it. I’m not alone in that regard. MySQL has over 11 million installations and is the driver behind most major web technologies today. It is the database for a variety of development platforms including popular software bundles like LAMP, BAMP, MAMP, SAMP, and WAMP Popular websites using MySQL include Facebook, Zappos, Cox Communications, NASA, Flickr, Wikipedia, Google and YouTube. The Obama campaign was also run with technology based on MySQL. 
How much does MySQL cost? It is available for free under the GNU General Public License, which is a great way to get and use software. Enterprises like support, and support costs money. How much will support for MySQL cost? I don’t know, since I’ve never required enterprise support, but from what I understand the cost is about 20% the cost of support for proprietary systems. MySQL lacks some features of the higher end high cost enterprise systems, but at such a reduced cost it will increasingly be the alternative of choice for solutions that don’t require every feature of a massive ERP-type capability.
Additionally, MySQL can result in better reliability and more uptime, which should also be factored into your TCO calculations. 
In your engineering trades you will likely find that MySQL will run more calculations per second on lower cost hardware, and, adminstration/services costs are also significantly lower.
So, those are cost reasons to move to MySQL. Other, perhaps more important reasons include: 
  • It is easy to learn and easy to administrate 
  • It helps prevent vendor lock-in and companies that will try to place you over the barrel 
  • Security is built in and in my opinion there will continue to be fewer vulnerabilities in MySQL because of its open source model 
  • There are very large numbers of developers supporting MySQL, so it is easy to find highly qualified developers and administrators. 
The big providers like Oracle, Sybase, Microsoft and IBM continue to roll out improvements and advanced features and and they have powerful capabilities that will likely be with us for a long long time. But my recommendation is that every CTO check out MySQL and use it everywhere you can. It will help you deliver more functionality faster and for a much more economical cost. 
Comments?

This entry was posted in chief technology officer, Cloud, Computer Security, CTO, Disruptive IT, Enterprise, General Musings, IBM, Open Source.

Enhancing Security and Functionality At The Same Time

Posted on

Have you ever been sucked into the false debate over how much IT spending should be spent on security?  I used to all the time.  Some folks point to a rule of thumb that goes something like “ten percent of the IT budget should be applied to security.”  That old school formula may well be part of the reason we got into the mess we are currently in.  It contributes to thoughts that lead you to think security can be separated.  By my way of thinking, 100% of the budget goes to security and functionality and that is the calculus.

Really, security is about ensuring information confidentiality, availability and integrity. And those constructs are totally connected to functionality of IT.   I try whenever possible to use the term security and functionality in the same context just to underscore that point. 

For example, the goal I continually push regarding security in the federal space is not just one dealing with security.  I put it this way:  “Security and functionality of all federal IT will be increased by two orders of magnitude in the next 24 months.”  Putting the goal this ways also underscores that it is not security vs. functionality.  Both need to increase. 

This goal also cries out for the need for metrics in security and functionality.  For functionality there are many customer focused survey methods that can help collect the right metrics.  For security, I think one metric stands out above all others:  Detected unauthorized intrusions.  There are many other important metrics for other dimensions of the security problem, but that one is key.  So, a goal that expects both security and functionality of federal enterprise IT to improve by two orders of magnitude will expect customer survey satisfaction to go through the roof, and will expect detected intrusions to drop significantly.  If there were 50,000 detected intrusions in 2008, there should be less than 5000 in 2010.  

That is a dramatic goal.  What makes me think it is achievable?  In part the dramatic action being put in place today in the federal space.  And in part by dramatic new technologies and approaches like private clouds and thin client computing and enhanced identity management and authorization methods.  But of more importance and more relevance than all of that, in my opinion, is the coordinated action and leadership underway by CIOs and CISOs and the security  experts in the federal space today.

As evidence of this incredible positive action I’d like to bring your attention to a release by a Consortium of US Federal Cybersecurity Experts on Consensus Audit Guidelines.  Details of this effort are at http://www.sans.org/cag/

The Consensus Audit Guidelines provide the twenty most important controls and metrics for effective cyber defense and continuous FISMA compliance.   These controls and metrics include:

Critical Controls Subject to Automated Measurement and Validation:

  1. Inventory of Authorized and Unauthorized Hardware.

  2. Inventory of Authorized and Unauthorized Software.

  3. Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers.

  4. Secure Configurations of Network Devices Such as Firewalls and Routers.

  5. Boundary Defense

  6. Maintenance and Analysis of Complete Security Audit Logs

  7. Application Software Security

  8. Controlled Use of Administrative Privileges

  9. Controlled Access Based On Need to Know

  10. Continuous Vulnerability Testing and Remediation

  11. Dormant Account Monitoring and Control

  12. Anti-Malware Defenses

  13. Limitation and Control of Ports, Protocols and Services

  14. Wireless Device Control

  15. Data Leakage Protection

Additional Critical Controls (not directly supported by automated measurement and validation):

  1. Secure Network Engineering

  2. Red Team Exercises

  3. Incident Response Capability

  4. Data Recovery Capability

  5. Security Skills Assessment and Training to Fill Gaps

The site at http://www.sans.org/cag provides more details on each, including detailed descriptions of the controls, how to implement them, how to measure them, and how to continuously improve them.   The site also spells out the fact that this is a work in progress and processes are in place to ensure this great effort remains relevant and maximizes our ability to protect ourselves.  

What should CTOs think about this guidance?  As for me, I most strongly endorse it. In my mind the appropriate implementation of these controls will reduce unauthorized intrusions in any enterprise. 

The deeply respected community leader Alan Paller said it this way:

“This is the best example of risk-based security I have ever seen,” said
Alan Paller, director of research at the SANS Institute.  “The team that was
brought together represents the nation’s most complete understanding of
the risk faced by our systems. In the past cybersecurity was driven by
people who had no clue of how the attacks are carried out. They created an
illusion of security. The CAG will turn that illusion to reality.”
 

Please give these controls a read, and please help get them into the hands of the security and functionality professionals in your enterprise.

This entry was posted in CCSA, CERT, chief technology officer, Cloud, Computer Security, CTO, Cyber Initiative, Cyber War, CyberTrust, Disruptive IT, FDCC, Hathaway, Identity Management, Information Warfare, Network Security, standards, Technology Leadership, Thin Client, Triumfant.

The Future of the Grid: From Telecommunications to Cloud-Based Servers

Posted on

netra-ct-900-ATCA-blade-server.gifThere was once a time long long ago when telecommunications and
computing were two different concepts.  That was the age when phone
company operators manually switched calls and computers like ENIAC
were programmed by patches and cables.  Since then the two fields have
been on a convergence path.   The many advances in both fields since
the 1940’s make for exciting reading for computer and telecom fans, but
rather than recount those achievements here I’d rather talk about a
more modern achievement of note, the establishment of the Advanced
Telecommunications Computing Architecture (ATCA or AdvancedTCA). 

ATCA is an open standard that has been around since about 2003.  It has
been continually enhanced and today it is perhaps the most broadly
accepted standard in the telecom industry, with over 100 companies
participating in development and implementation of the specification.  Perhaps more important is the adoption of the standard in the telecommunications industry.  A review of wikipedia entries and other open info (like the Intel Embedded and Communciations Alliance) indicates typical “hockey-stick” implementation seen in other highly reliable, highly virtuous standards.  IDC projects the ATCA market will be about $2.7 billion in size by 2013.   I think the global financial crisis and the ongoing wave of mergers  and purchases of smaller comms and equipment providers by larger ones will accelerate this trend even faster, as the need for modular low cost, highly relieable standards is needed even more.  

Network equipment providers face two challenges that they are addressing with ATCA: 1) the need to continue to deliver new platforms and applications and, 2) the need to reduce costs and improve productivity.  ATCA provides a great opportunity to address these needs.  ATCA standards provide a common platform which provides lower cost, reduced maintenance, the ability to use third party boards, and the ability to reduce vendor lock-in (more on ATCA capabilities is below). 

In my opinion, enterprise CTOs should work to accelerate moving the
ATCA standard and compliant products into data centers.  It results in
more computer power per square inch, higher reliability, power savings,
cost savings, long term maintainability, and a path for upgrade that
does not require forklifts.  ATCA is not something that currently scales down to small network devices, but it is something that I believe will prove to be perfect for data center server support.

Here is more on ATCA:

– Boards (blades) in an ATCA shelf are hot swapable.
– There is not a “bus” for communications in an ATCA shelf.  Instead,
boards communicate point to point, which is faster and ensures there is
not a single point of failure like in the bus model.
– Any switching fabric can be used.
– Boards can be processors, switches or specially designed advanced cards, if desired.
– The most advanced shelf management capability ever designed is in
the ATCA container.  If any sensor reports a problem the shelf manager
can take action or report the problem to a system manager. This action
could be things like turning up a fan or powering off a component or
telling a human that something needs to be replaced before failing.
– It is designed for very high reliability and very high availability. 
– It runs cooler, even with its higher powered processors.
– It supports a healthy multi-vendor, interoperable ecosystem.
– It is based on open standards vice proprietary (locked-in) solutions.

Now back to the opening idea of this post.  Telecom and data and compute power are not separate things anymore.  Each are closely interwoven and successes in one thrust can make a huge positive difference in capabilities in other areas.  As organizations and users grow more accustom to the power of cloud computing they will demand higher and higher levels of reliability and resiliency from their server providers.  And as service providers provider higher levels of reliability and throughput cloud compute providers will see more and more success which will place increased requirements on their capability.  In both cases, ATCA will provide the agility, resiliency and reliability required, which will drive its adoption further and further into the telecon and data worlds.

So, for
CTOs who are concerned with maximum performance with power and space
efficiency and a path to future upgrades, accelerate ATCA into your
enterprise.  How?  I just typed the words “atca for the datacenter”
into Google and got several links worth diving much deeper into,
including:

Will ATCA Bring Order Out of Chaos for Blade Servers?

Sun Netra CP3220 ATCA Blade Server

This entry was posted in chief technology officer, Cloud, CTO, Network Security, Open Source, standards.

Social Media and the National Security Professional

Posted on

This is an update of an article I published last August in Social Computing Magazine (a great enterprise Web2.0 site edited by Dion Hinchcliffe).   A key goal of this piece has been to encourage more in the national security world to use capabilities like Facebook, LinkedIn, Blogs, and of course Twitter.  If you know someone you would like to encourage to use these sites please feel free to lift from this.  If you know of other sites or capabilities that deserve this sort of tutorial please let me know.

Another key goal of this paper is to enhance the security of our nation, and my thesis is that by getting more senior thought leaders into these web2.0 capabilities we can do just that. 

Social Media and National Security Professionals

24 January 2009

Bob Gourley

Social
Media is a term used to encompass a wide range of technologies used to
enhance shared meaning among participants.  When properly used, Social
Media capabilities also address the information explosion we are all
experiencing.   Social Media includes weblogs, wikis, email, instant
messaging, tagging and broadcast text. Popular social media services
include such familiar names as AIM, TypePad, Facebook, LinkedIn,
Twitter and Plaxo.

This note captures some tips and techniques for the use of social media focused on national security professionals.

First,
for context and background, let me start with the analogy of
traditional media and it’s still significant contribution to dialog in
the national security space.  Great thinkers with something to say
frequently author an editorial submission to news outlets.  Examples
abound, but as a reference let me point out the thought provoking piece
by Mark Lowenthal in the 25 May 2008 Washington Post titled “The Real Intelligence Failure? Spineless Spies.” 
Here one of the more elegant writers in the intelligence community laid
out his personal views and made a contribution to the dialog on the
intelligence community.   This type of article is of value in helping
us collectively think through some key issues.  The article also
underscores that the explosion of social media does not eliminate the
need and value for authoritative voices.

Now let’s discuss how new media helps the dialog.

With
new media, you do not have to be one of the leaders of the national
security domain to publish your thoughts.  You can establish your own
blog.  There are many services that do this. The most popular ones are Moveable Type and TypePad.  I like them both and have used both.  If you are just starting out I recommend you sign up with TypePad.  You can have a blog up in minutes, and with a little more time
you can have your own domain and a blog configured with your own
design.  Having a blog does not mean you are automatically an expert,
but when you have something to say you will have a path to say it.

Part
of the power of new media is that capabilities like blogs give more
people an ability to inject ideas into the dialog, and in many national
security issues more brains with more ideas can be a significant
enhancement to the dialog.  But new media gives even more benefits. 
New media gives others an ability to discover and comment on your
thoughts.  For example, blogs all come with rich commenting and
moderating features so others can share thoughts and endorse, critique,
or add to your original post.  This provides a way to highlight good
ideas from social media.

New media is also known for speed.  The
instant your thought is published you can have it provided to others
via RSS feeds, by e-mail push, and by alerts to Twitter, a micro
blogging site which is also being used by a growing number of national
security professionals.

To see how Twitter works, visit my site at http://www.twitter.com/bobgourley
.  You will see a series of small posts made by me.  Some were
automatically created when I posted to my blog.  Others were either
sent in from my cell phone while I’m on the road or from my computer at
home.    If you desire to “follow” me on twitter all you have to do is
sign up for a Twitter account and click the “follow” button.  Then you
can read those micro posts whenever they are made.  You can also find
other national security professionals to follow on Twitter, and they
will be able to find you as well. For example, from my page, look for
the graphic that shows Lewis Shepherd and click on his head.  You will
see his Twitter site. Or if you don’t remember what Lewis looks like
can click on the list of people I follow and find him there.  
Following feeds like this will keep you informed of key meetings,
conferences and events and of course blog posts.   Producing your own
Twitter feed will provide you with a way to contribute to the dialog.

Another tool of increasing use by people in this discipline is LinkedIn.  This is a site that lets users add a bio or resume and then helps
them manage their social network.  LinkedIn lets you connect to others
on the site who you know.  You can help out people you know who might
need to meet someone you know and vice versa. This site is very helpful
in learning a bit more about people before you meet with them and in
staying in touch with people when they change positions. LinkedIn also provides simple ways to communicate with others, either all at once or direct person to person and I frequently hear from other CTOs via this path.  How do you
get started with LinkedIn?  Sign up for an account, fill in as much of
your bio as you are comfortable sharing, and follow the instructions to
find people you already know and connect with them. 

A site with a different but somewhat related functionality is Plaxo
and I also recommend you create an account there.  Plaxo specializes in
contact management.  You can keep your entire address book there. 
You can also synchronize Plaxo and LinkedIn so if one of your contacts
changes their information in LinkedIn it will update Plaxo.
Additionally, you can have your blog and your Twitter feed
automatically update Plaxo (many readers in the national security space
prefer to read blogs via Plaxo).   The way to get started here is to
log into Plaxo, create an account and upload your address book to it by
following your instructions.  Is that safe?  It is at least as safe as
having your address book on your own computer.  I’ve never had any
problems doing that.

Another key social media site is Facebook
A growing number of national security experts are using Facebook to
stay in touch with friends and associates.   It is also a good method
for communicating. You can send private messages to Facebook users and
can also send open messages to them by writing on their “wall”.  You
can configure Facebook to display your latest blog posts and twitter
feeds.   You can join up with Facebook from their site, and then
Facebook’s “friend finder” will help you find the right people to
connect to.

Now let’s continue our discussion on the article Mark
Lowenthal published.  In this case, if you had an opinion on his
content you could post a note at the Washington Post website, and I
noticed many did.  Because the Post is an old media powerhouse they
seem to publish most comments, which has the benefit of letting you see
a spectrum of thoughts.   You can also post comments in your own
blog.   I published my thoughts on Mark’s piece here
My blog automatically sent word to Twitter, Facebook and Plaxo when I
did.  It also automatically pinged some key blog search engines so they
could access my content.  Another friend of mine in the community
posted his views on his blog.  Other friends on Twitter began dialog
with me via that channel.  And other associates began an e-mail dialog
with me on the issues raised by Mark.   So within a matter of minutes
wide swaths of people were engaged in collaboration and discussion on
the topics Mark noted.

Perhaps the greatest power of new media,
however, is when it is used to accelerate new ideas that were not
identified by one of the greats like Mark.  For example, I recently
read a Twitter post from a thought leader in this new space named
Jeffrey Carr (see his Twitter Feed at http://www.twitter.com/jeffreycarr)   
He posted a short comment about a blog entry he wrote and said it
included “3D imaging and Virtual Earth – mind blowing video http://bit.ly/3SxtdA
”   His Twitter post alerted me and I checked out his blog and yes, he
was right.  I saw a YouTube video that was absolutely mind blowing and
of direct relevance to others in the national security space.  And the
video, frankly, could change things more dramatically and in a more
positive way that Mark Lowenthal’s well thought out piece ever could
(Jeffrey you rock!). So I’ll be blogging about Jeffrey and will be
talking about the capability he highlighted when I attend a major
intelligence conference next month.  Jeffrey’s other readers in the
national security space will also be considering the significance of
his posting and the result will likely be an acceleration of a
capability into the fabric of the national security apparatus, thanks
to social media.

Another example of the power of social media for
national security professionals is in coordinating action and
participation prior to conferences.  How do you decide which
conferences to attend?  I try to pulse experts to see who else is
going.  Once I make up my mind I let everyone I network with know I’ll
be there so they can advise me of their intentions and so we can
arrange side bar meetings as required. This is all so simple in the
world of social media like Twitter, Plaxo and Blogs.

So a key
benefit of Social Media for national security planners is to accelerate
good ideas, whether they be good ideas for policy or good ideas for
technology.  Social Media can also be leveraged to address the
information explosion by enabling people to enlist the capability of
others to seek out and bring the right information to your attention. 
These others can be crowds, random individuals, fields of experts or
trusted friends.  Which of these you leverage can vary from subject to
subject or task to task.

Is there a dark side for national
security?  What are the risks of social media?  Perhaps the greatest
risks are that we not fully engage in the power of these tools,
especially when adversaries are not constraining themselves.   But
there are risks to mitigate in our use of new media.  These include
risks to the confidentiality of ongoing operations and in some cases
risks to personal security.  By identifying these risks and taking
steps to address them now we can accelerate the use of new media faster
through the community.

I have personally encountered several
other examples, but it seems we have just scratched the surface on the
benefit of these capabilities to our nation’s security.  New thinkers
are pioneering paths that are already helping the nation come to grips
with some significant issues. With more participation by thinkers like
you the contributions of social media will likely grow in importance.  
So please, if you have not started engaging in social media sites yet,
jump in now.

Bob Gourley
http://ctovision.com

This entry was posted in Barak Obama, chief technology officer, Cloud, collaboration, CTO, Enterprise, Facebook, LinkedIn, obama, Social Computing, Technology Leadership, The Future of Technology, Web 2.0, Web Services, Weblogs and tagged , , , , , .

The Future of Cyber Security and Cyber Conflict

Posted on

As I write this there is evidence that the Russian’s are once again
attacking another country through massive denial of service attacks. 
For a recap with analysis you will not see elsewhere see The Kyrgyzstan Cyber Attack That No One Is Talking About
This is not the first time that a major nation state has been accused
of launching attacks like this.  Russia has been implicated as responsible for two other large scale attacks (Estonia and Georgia).   In other
investigations China has been implicated of sponsoring/supporting
attacks designed to extract information.  These are very serious high
end attacks that are hard to mitigate, but organized crime is also
becoming increasingly capable, investing large amounts in R&D to
allow their continued ability to sap resources through cyber theft.  
In a recent example a payment processing company called Heartland
Security Systems admitted its security system had been breached and
millions of credit and debit card numbers were extracted.

I’ve previously written about the government’s response and many of us
have been strongly supportive of the efforts and activities of Melissa
Hathaway and the team of coordinators she assembled in government.  
Her approach has been viewed as very positive by all credible
observers and it is good to know she will be continuing to work to make
our nation safe in this area. 

It was also good to see the approach of the Obama team posted on the
Whitehouse.gov site.  In a homeland security policy statement six key
goals were articulated.  They are copied below:
   

    Protect Our Information Networks

    Barack Obama and Joe
    Biden — working with private industry, the research community and our
    citizens — will lead an effort to build a trustworthy and accountable
    cyber infrastructure that is resilient, protects America’s competitive
    advantage, and advances our national and homeland security. They will:

  • Strengthen Federal Leadership on Cyber Security:
    Declare the cyber infrastructure a strategic asset and establish the
    position of national cyber advisor who will report directly to the
    president and will be responsible for coordinating federal agency
    efforts and development of national cyber policy.

  • Initiate a Safe Computing R&D Effort and Harden our Nation’s Cyber Infrastructure:
    Support an initiative to develop next-generation secure computers and
    networking for national security applications. Work with industry and
    academia to develop and deploy a new generation of secure hardware and
    software for our critical cyber infrastructure.

  • Protect the IT Infrastructure That Keeps America’s Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience.

  • Prevent Corporate Cyber-Espionage:
    Work with industry to develop the systems necessary to protect our
    nation’s trade secrets and our research and development. Innovations in
    software, engineering, pharmaceuticals and other fields are being
    stolen online from U.S. businesses at an alarming rate.

  • Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit:
    Shut down the mechanisms used to transmit criminal profits by shutting
    down untraceable Internet payment schemes. Initiate a grant and
    training program to provide federal, state, and local law enforcement
    agencies the tools they need to detect and prosecute cyber crime.

  • Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches:
    Partner with industry and our citizens to secure personal data stored
    on government and private systems. Institute a common standard for
    securing such data across industries and protect the rights of
    individuals in the information age.

Another goal was in the Defense portion  of the Whitehouse.gov site which called for DoD to lead in operational defense.  It reads:

  • Protect the U.S in Cyberspace: The Obama-Biden
    Administration cooperate with our allies and the private sector to
    identify and protect against emerging cyber-threats.

My assessment of these seven goals:  This is too important for us to kibitz on at all.  Now is the time for us to all form up on these goals and execute.  Collectively we have to move faster in all these areas if we are to lesson the impact of the thinking/changing/technologically advanced adversaries that face us.  I only add that we should keep bold visions in mind.  I really believe that security and functionality of IT are totally connected and should always be considered in the same breath.  And both can be dramatically improved, this is not a zero sum game where functionality is compromised by security.  I believe our goal should be, as I’ve stated before, that the security and functionality of the federal enterprise will be improved by two orders of magnitude over the next 24 months.  And I believe the cyber and CTO team of the new administration can deliver on that.

I also believe that DoD will continue to have a key leadership roll in cyber, since increasingly that domain is being used by military adversaries and our own military must be able to operate with knowledge that their IT systems are safe from adversary attack.    

More later.

This entry was posted in Barak Obama, CCSA, chief technology officer, Cloud, Computer Security, Cyber Initiative, Cyber War, Enterprise, Hathaway, Network Security and tagged .

Steve Ballmer and Cloud Computing

Posted on

In this video Steve Ballmer shares some views on Cloud Computing and helps shed some light on why what we have now in most data centers is not really “cloud” computing in the technical sense.  

I think we all need to be ready to use the term two ways.  When talking to users and non-technical types we will probably always hear the term used to refer to anything that occurs in a different location, and this is the simplest definition of the term.  In that context, almost everything we have now is in “the cloud”.  But when we technologists use the term we are primarily talking about architectures specifically designed to support large scale, distributed, replicatable computing that is normally outside the “firewall.” 

This entry was posted in chief technology officer, Cloud, CTO, Disruptive IT, Enterprise, microsoft and tagged .

Federal Government Technology Directions and the Fed CTO

Posted on

Technologists in and out of government have been very excited about the work of the Obama transition team, especially the work of their technologists.   A group known as the TIGR (Technology, Innovation and Government Reform) Team has brought some of the best and brightest minds together to strategize and impact the action plans of the federal government.

We have now been treated to an insider’s view into the workings of this team.  The Change.gov website posted a 4 minute video introducing these thinkers and showing us some of the dialog underway.  See it below:

The video shows glimpses of the entire team, but features :

  • Vivek Kundra, CTO of Washington DC
  • Beth Noveck, Author and idea generator who has written on topics like “Wiki-Government”
  • Andrew McLaughlin, head of global policy and government for Google.
  • Dan Chenok, a former IT executive and Obama advisor.
  • Blair Levin, Telecom analyst and former FCC executive.

Watch the video to see them in action!  Listen for the term “mashups.”  And a good definition of cloud computing relevant to the federal enterprise.

For those who have made it a hobby to speculate on who Obama’s CTO will be, I think the answer now is that it almost doesn’t matter which of the nation’s great tech leaders will be selected.  We know whoever it is will stand on the shoulders of giants and will be served with a group of advisors who have mapped out a vision and an action plan for success (whoever it is, I just hope to have dinner with periodically to pick his or her brain and see how I can serve from the outside- I sure want to see them succeed).

Now things are about to get exciting!  Time for all of us to do what we can to ensure the visions of this group become reality.

This entry was posted in Apps for Democracy, chief technology officer, Cloud, collaboration, Computer Security, CTO, Disruptive IT, Enterprise, Google, Great CTOs, innovation, Mashup, R&D, Social Computing, standards, Technology Leadership, The Future of Technology, Vivek Kundra, Web 2.0, Web/Tech and tagged , , , , , .