The new IT imperative: Make it bulletproof
We've heard government officials talk about how all the rules on everything from airport security to profiling terrorists need to be rewritten. Your company's IT strategy is no different.
Researchers estimate that over the next 10 years, IT expenditures, as an overall percentage of corporate spending, will eventually reach about 50 percent. IT is no longer just another one of those cost centers essential to business. IT and lifeblood are now synonymous. The survival of your company--as well as that of the free world--now depends on IT. Internet and Web services have accelerated the consolidation of the global market. Just one destabilized information infrastructure--be it yours, the stock market's, or anyone's--can create ripple effects too profound to ignore. Entire businesses, industries, and governments can be brought to their knees.
Building and evolving the right IT infrastructure is obviously the first imperative. Protecting it is next on the list. It's that simple.
Top Action Items
Your first action item, if you haven't done this already, is to make sure you are organized to deal with this imperative. Decide who is in charge of bulletproofing your IT. It could be you, or someone you appoint. Recently, threats to digital assets posed by those with malicious intent, whether inside or outside of the company, have given rise to a new type of CxO: the chief security officer. Some organizations have one, some don't, and the responsibilities of this person vary from one organization to the next. Depending on the size of the company, just managing digital security and customer privacy through authentication schemes, firewalls, and encryption practices are enough to keep the CSO busy.
Indeed, bulletproofing IT goes well beyond security-related issues, stretching into the realm of being ready for any disaster (including war) that can physically upset your information infrastructure. I say "information infrastructure" because that includes paper documents. Many of the organizations and companies affected by the events of September 11 have no idea what paperwork they're missing, let alone what to do about it. The person in charge of shoring up your information assets will need to discover all such weaknesses and deploy solutions that roll-up into your company's broader disaster recovery initiatives. These solutions range from off-site backup storage to mirrored data centers to outsourcing applications to ASPs and application-hosting outfits. (Just make sure they have mirrored data centers.)
Once you've identified everything that needs to be protected, there are literally hundreds of ways to skin the "bulletproofing IT" cat, addressed by thousands of products and services. To choose the best ones, you will need to question the approach your organization takes to everything it does.
Should you continue to use paper documents that can be backed up with the help of scanners? Or should you go 100% paperless, using forms software and handhelds that can capture information in the field? yes Should backups go to local devices, or to services across the Internet? In addition to backing up, should you mirror drives, cluster servers or both? And where should the redundant devices be located? End users are notorious for not backing up their systems. Should you rely on them? Or should you take matters into your own hands with something mandatory that works in the background?
Imagine if companies whose sites are wiped out by weather, fire, or war had 100% paperless offices and were using Microsoft's centrally managed IntelliMirror or Citrix's MetaFrame. Basically, these technologies allow a user to start working on another workstation as if it were his or her own.
What about containing worms, viruses and Trojan horses? In one day, Nimda generated 100 times the traffic that Code Red took three days to generate. For the biggies--Melissa, Anna Kournikova, Love Bug, and Code Red--some experts estimate the loss to American businesses to exceed $4 billion. Have your servers contributed to the mess? Gartner has already recommended that you drop Microsoft IIS like a hot potato. What should you do?
We used to think personal firewalls were for consumers. Think again. They may be your best protection against corporate e-mail users who can't resist the temptation to open attachments. Perhaps it's time to revisit centrally administered desktop firewall solutions like InfoExpress' CyberArmor.
For years now, many have turned their backs on technology insurance, claiming they couldn't afford the effort. Now I ask: Can you afford not to? Take the New York Board of Trade for example. Said Pat Gambaro, executive vice president of operations "we could have switched over [to another facility] the same day [as the attacks]." (See story.) It's a great success story. But it's also a reminder that it often takes one disaster (in NYBOT's case, the 1993 World Trade Center bombing) to be ready for another. Do you need more justification?
To help you keep on top of this new imperative, ZDNet is launching a new feature called Bulletproofing IT, our third in a series of on-going special reports designed to track issues considered strategic by IT managers. As with our first two rolling special reports--App Server Supremacy, and Web Services Face-off--we will be keeping this one updated with a wide-range of relevant information: everything from news that highlights the realities of this new era to case studies of how your peers are coping, preparing, and protecting, to discussion of products, services, and strategies that you should incorporate into your thinking.
For those of you looking to focus on security issues, ZDNet will continue to run its Security Update Center, which is updated daily. As always, you don't have to remember to visit us. You can stay up to date on our special reports by subscribing to our daily newsletter Tech Update Today and for you security buffs, we have a Security Update as well.
Finally, while this report acknowledges the many information assets that were lost in the attacks of September 11, we at ZDNet know there is no loss greater than the loss of life. As the list of victims grows, we are deeply saddened by all that's happened. Our hearts, prayers, and deepest sympathies go out to the families and friends of the victims, many of whom were IT personnel, staff members of companies we cover (Oracle, Sun, Cisco, Netegrity, APC, eLogic, Xerox, Akamai, Verizon, and others), and fellow media professionals. There is no better way to honor their sacrifice than to involve information technology in the rebuilding of an even stronger future for freedom and peace.