IT leadership & innovation
THE MOBILITY MIRACLE Enterprises on the move
AUG 2015 VO L .3 NO. 6 PP100009359
Avoiding ‘black swan’ IT crashes
Are female CIOs more risk aware?
Implement a security campaign
In my previous editorial, I waxed lyrical on industry fads
a u g u s t
mobility’ is one example of a buzzword that is anything but a fad. Rather, it is a powerful force for driving efficiency and productivity within the enterprise, and for boosting satisfaction and retention levels with customers. In this issue’s From the Frontline feature, we canvass three very different examples of enterprise mobility use cases that are either improving the bottom line, vastly boosting service delivery or, in the case of Mater Health,
2 0 1 5
INSIDE
and buzzwords. ‘Enterprise
10 | 12 | 14 | 16 |
No smoke without fire Harmonise and tame the date deluge Preparing for ‘black swan’ IT events Are female CIOs more risk aware than males?
ing to see where it takes us five or 10 years from now.
28 | IoT powers the health care of the future 36 | Ignorance is not bliss for IT security 41 | Cutting your losses with a unified
You might have seen the announcement of the relaunch
of Government Technology Review (GTR) magazine,
42 | Identity management in the age of the customer
doing both while also undertaking the most vital job of them all — keeping people alive. Enterprise mobility is here to stay, and it will be fascinat-
communications solution
now published by Westwick-Farrow Media (publisher of Technology Decisions). It’s great to have GTR aboard as our sister publication. If you’re an ICT industry professional who deals in any way with government, and you’re not already a GTR subscriber, head to the Technology Decisions website to sign up for your free subscription. Jonathan Nally, Editor
F E A T U R E S 04 | Security awareness
18 | Digital governance CIOs must comply with regulations and minimise risk, while maximising value and building profit.
cover image: © vege/Dollar Photo Club
Developing a culture of security awareness is key to protecting your enterprise against data breaches and economic loss.
24 | The mobility miracle Mobility solutions are transforming the way enterprises deliver services, while also improving their bottom lines.
32 | Going prefab As converged infrastructure gains momentum in Australia, so too will prefab data centres.
3
w w w . t e c h n o l o g y d e c i s i o n s . c o m . a u
Security awareness
Educating your employees could save your business Andrew Collins
Y
ou can spend all the money in
sauce’, IBRS analyst James Turner writes that
the world on security technolo-
the impact of hacking attacks against Sony
gies, but it won’t make much of
and Target has prompted a renewed focus
a difference if your staff don’t
on cybersecurity at the board level across
follow security protocols. The daily news
Australia and New Zealand.
provides a continual stream of examples of
4
Developing a culture of security awareness is key to protecting your enterprise against data breaches and economic loss.
security or data breaches, and in many cases
“More enlightened boards recognise that
these breaches have occurred because staff
their people are their best or worst line of
don’t know what best security practices are,
defence, depending on how well trained and
or simply aren’t following those practices.
resourced these people are. Leading CISOs consider that the most significant threat to
In a research note titled ‘Security awareness
their organisation can be their own staff
campaigns — Engagement is the magic
— not necessarily through malice, but in
titude ideally results in changed behaviour.
best. I have seen 85-90% attendance for
This changed behaviour is then supposed
these sessions, as it is an area where people
to permeate the organisation and become
have low/no awareness. The argument be-
part of ‘the way we do things around here’.”
ing that unless you can protect yourself at home then it is hard to drive relevance in
Training
their working life.”
Educating people about security — and, importantly, making sure that those ideas
In such a program, you weave in the impor-
stick — is an involved process.
tance of the difference between home and work identity, Dodds said. “Then comes
Ian Trump, Security Lead at ITSM vendor
role play scenarios where by employees are
LogicNow, said there are “lots of really
able to see the impact of poor security and
interesting ways to approach staff security
what happens next.
awareness”.
© kasto/Dollar Photo Club
“Finally, engaging employees in setting “It’s easy to find something provocative to
business-level policy is important. Talking
educate and entertain staff about security
about where the risks lie and then subse-
— such as a recent security news story
quently developing processes for dealing with
that’s got everyone talking. There should
those scenarios in working groups creates
“Educating people about security — and, importantly, making sure that those ideas stick — is an involved process.”
making mistakes and/or breaking process,”
be emphasis on the dangers from email
a connection of understanding the risk in
Turner wrote.
attachments and clicking on sketchy web
business terms (eg, IP risk, financial risk,
links, as more than 90% of attacks today
health and safety risk, etc) and technology
“As a matter of governance, executives should
are via the web and email. The best defence
brings the IT department closer to the
ensure that staff are adequately trained and
against ransomware is ensuring employees
organisation,” he said.
resourced to exercise their responsibilities,”
are security aware,” he said.
he continued.
Haiyan Song, senior vice president, security Adam Dodds, research director, IT services
markets, at machine data search vendor
So how do you educate your users on avoid-
and cloud, IDC New Zealand and Australia,
Splunk, said that the best way to educate
ing information security breaches — whether
said that the key to security awareness educa-
staff will differ by industry, company, roles
it be defending against social engineering/
tion is to take a “programmatic approach”.
and how people interact with IT.
leaks (leaving something on a public FTP
“One training session does not make a lot
“There are many different types of training
or losing a USB key somewhere) or just
of difference to people’s behaviour,” he said.
vehicles today (eg, video, online courses,
targeted hacks, avoiding accidental data
steering clear of stray malware?
email blast, mandated/compliance proDodds suggests a training program that
grams) and even cybersecurity drills/war
A security awareness campaign may be the
relates security awareness in the workplace
games, which can deliver this information
answer. As Turner explained, “A security
to security awareness at home.
to staff effectively. Regardless of which delivery mechanism you choose, key is
awareness campaign is an attempt to change organisational culture. An awareness cam-
“To drive the best engagement with em-
having a ‘knowledge check’ section at
paign is intended to change the thoughts
ployees, any programs that are focused on
the end of each module to validate their
of an individual, and the change in at-
raising individual or home security works
understanding.
5
“This will enable training to be aligned to different threat scenarios while ensuring the student is concentrating on the materials. Successfully passing this routine training should also ideally form part of their KPIs,”
© kasto/Dollar Photo Club
Song said. According to Turner, changing culture requires executive commitment. “The psychological field of organisational behaviour holds that any change in corporate culture/behaviour needs to start at
As for how to provide motivation, the experts
Dodds also recommends asking employees
the top of the organisation, and be visibly
recommend a range of measures, including
to place a value on company data that
and consistently demonstrated, if it has
offering extrinsic rewards.
could potentially be lost or leaked, in an effort to get them to understand the
any hope of widespread adoption. This means the role of the security executive is
Trump says that rewarding positive behav-
potential consequences of non-compliance
to influence the organisation’s executives
iour is key, whether that be with “a coffee
with policy.
to come around to the point where they
or some sort of monthly, or weekly, prize”. “If employees at all levels are compelled
are accepting, and committed to, changes “Security Star programs for identifying is-
to create a value for information with
sues or doing the right thing should really
regards to the project or initiative that
“The attempt to change the culture will
help to get the message across. Security
they are undertaking, then this provides
not last if there is a perception that there’s
is great because everyone can participate,
a frame of reference for the risk (and
‘one rule for them, and one for the rest of
not just technical people. Find a cabinet
therefore the attention or investment
us’,” Turner said.
with confidential information and lock it
required) associated.”
in their own behaviour.
up — Security Star. Identify an email with
Motivation
confidential information in it that should
Dodds suggests asking your employees one
But training staff is only part of the picture.
not have been sent — Security Star.”
of the following questions: • What would value of the data be if it
If you successfully educate employees on what they should be doing, but they don’t
But while he recommends rewards for com-
have any motivation to follow policy, then
pliance, he warns against punishing failure.
educating them has been for naught.
“Security is about learning and helping employees, and shouldn’t be about punish-
As Turner explained, “Employee engagement
ment. Punishment just builds resentment.”
were sold? • What would the impact be if it were lost — could the organisation operate? • What would the impact be if the competition had this information? • What does the employee estimate the value
is a critical aspect to an awareness campaign, because strongly disengaged employees can
Dodds also noted the use of extrinsic re-
be looking for ways to thwart their employer.”
wards for compliance. “Organisations are
of the information to be?
establishing rewards programs for employees
Random social engineering email tests can be
querying situations that they encounter.”
a very effective motivator, according to Song.
the engagement level of staff with the
These queries could cover, for example,
“This is where trusted staff members send
organisation.
concerns about potentially risky emails or
out tailored emails to employees to tempt
USB sticks containing confidential company
them to click on a link or download an at-
information.
tachment. If the employee falls victim, they
He suggests you collaborate with your human resources department, to understand
“If engagement is low, this will need to
are redirected to a webpage outlining what
be addressed before a security awareness
6
campaign will deliver changed behaviour,”
“The rewards can be as simple as chocolate
they did wrong and how to remediate it
Turner said.
through to departmental recognition.”
in the future.
7
“Overarching statistics of these efforts are then provided to the entire company on a
“Any change in corporate culture/behaviour needs to start at
quarterly basis to highlight policy violations
the top of the organisation, and be visibly and consistently
and motivate future adherence to what is
demonstrated, if it has any hope of widespread adoption.”
learned in training.” Song also says that “constant vigilance”
part of an employee survey program. “As
cases technical controls are only a small
is very important for motivating staff to
the HR program seeks to become more
part of preventing unauthorised disclosure.
follow best practices. “Good awareness
granular in their engagement with staff, the
Find an employee that works late and has
of the danger and threats help keep the
simple question of asking about whether
flexi hours and make it their duty to put
vigilance high.
they consider the business secure or the
anything left on a printer in the shred-
information within the business provides a
der bin. Again, this is about saving the
“At Splunk we share monthly Situation
framework to work with alongside a robust
organisation, not putting someone under
Reports (latest breach news, techniques
education program,” Dodds said.
a bus for leaving documents on a printer. Security should be approached with a con-
involves, impacts). Annually, I bring lots of engineers from our team to DefCon to
He says that scenario or penetration testing
listen to the latest stories of hacking, social
is a “great mechanism for measuring success”.
tinuous improvement philosophy,” he said.
Keeping it running
engineering, new exploits, etc. This helps keep the level of paranoia at a healthy level
“This allows for an independent reference
Once you’ve educated your staff, and
for us,” Song said.
of the organisation as a whole.”
motivated them to follow the rules, how
Measuring success
The specific topics of your security awareness
Once you’ve educated employees on secu-
campaign can determine the method you
Accellion’s O’Shaughnessy says that to keep
rity best practices, and established some
choose for judging success. Song explained:
security at the top of employees’ minds,
mechanisms to motivate them to follow
“If the education campaign is around social
organisations must “[keep] staff aware
these policies, it’s important to track the
engineering and phishing, where the goal is
of the latest security risks and offering
success of your security awareness cam-
to lower the amount of clicks/downloads on
guidance, including follow-on trainings
paign. Otherwise, you’ll have no real way
malicious emails and decrease the risk of
on how to best avoid risky behaviour”.
of knowing whether the training has stuck.
a threat actor gaining access to a network,
do you prevent them from becoming lax?
regularly run phishing tests before and after
IDC analyst Dodds emphasises that the
One method of judging success is to keep
the campaign. Success comes where the
best mechanism for education is to “train
an eye on employee behaviour and attitudes
click-throughs or downloads decrease. If
the trainer”.
towards security. Kieran O’Shaughnessy,
the number of people clicking through on
managing director Asia Pacific at mobile
these regular tests starts increasing, kick-start
“The staff that are educated should
content platform vendor Accellion, said:
refresher programs.”
be encouraged to be the educators of tomorrow. Doing so changes the way
“If employees are actively seeking out secure solutions and displaying care around
If your education campaign was about
in which the program is presented and
security risks, it is a positive sign of policy
using complex passwords, “report back to
becomes more personal and business
enforcement and adoption.”
the organisation or specific teams on the
orientated,” he said.
percentage of passwords that meets the Along similar lines, Dodds says one soft
standards”, Song said.
Song suggests that testing — on top of training — is an effective strategy.
metric for successful training that he’s seen used is the “number of employees
According to Trump, security audits are a
that have raised a question or concern
great opportunity to see if processes and
“Continuous training and testing is the most
regarding something security orientated”.
policies are being followed.
effective way to avoid any lax behaviour
He also notes that both quantitative and
“You will find out if people are effectively
scenarios helps keep people on their toes
qualitative measures are important as
helping each other to be secure. In many
and preventing any complacency.”
creeping back in. Modifying the threat
8
work
No smoke without fire — protecting data centres
V
ocus Communications is a leading supplier of
has previously detected incidents of power supplies failing by
telecommunications, data centre and high-bandwidth
detecting the tiny traces of smoke generated, giving staff enough
connectivity in Australia and New Zealand. Its flagship
time to investigate and mitigate any possible fire threat.
data centre, set in the heart of the Melbourne CBD,
“The previous facility had a legacy VESDA system which
is also the most recent Vocus facility to be built in Australia,
functioned well but did not have the level of granular reporting
joining 10 other data centres spread across the ANZ region. The
that we required, nor [was it] scaled to the size of the new
Melbourne data centre is a premium facility specifically designed
facility,” says Vocus General Manager Adam Gardner. “Given the
for businesses requiring the highest level of connectivity, power
previous VESDA system functioned well, we chose to utilise the
density, performance and security.
same system, albeit the more advanced model, again.”
Providing adequate smoke detection in a data centre facility
VESDA VLC (LaserCOMPACT) and VLF (LaserFOCUS)
is often a challenge in itself, but especially in a facility within a
units were installed in the Melbourne data centre to provide
multitenanted building. Even a small amount of smoke can cause
protection in general areas and communications rooms, while a
corrosion to mission-critical equipment, resulting in disastrous
VESDA VLS (LaserSCANNER) unit was deployed in individual
consequences and service disruption to customers.
pods in data halls due to its multiple-zone addressability.
Vocus’s Melbourne data centre is designed for 250 racks
To accommodate protection of the hot aisles and the need
capable of supporting up to 30 kW of power and cooling per
to comply with AS1670.1 standards and Xtralis guidelines, the
rack via a hot aisle containment cooling methodology. This leads
design incorporated sampling points in the hot aisle sections as
to a large amount of IT equipment stored inside the facility,
well as the open-area ceiling. VESDA is able to locate smoke at
which presents an increased fire risk due to a higher heat density.
the incipient stage and provide a very early warning response
High airflow and air pressure also dilute smoke dispersion into
so that incidents can be attended to early, allowing time to
the environment, making smoke detection extremely difficult.
respond accordingly and avoiding the escalating consequences
Xtralis’s VESDA system was selected for its reputation in reliable and very early smoke detection. In other facilities, VESDA
and potential damage. “As we operate multiple zones in the site, the system permits rapid diagnosis of the fault area to minimise impact on unaffected areas,” says Gardner. VESDA is integrated with the dry-pipe fire suppression system in the facility to initiate suppression activation if required. Its broad sensitivity range, and the ability to program multiple levels of alarm according to the level of the threat, enables the release of suppression at the most opportune time. This minimises any unnecessary costs arising from early or unnecessary suppression activation. “The system was easy to implement from a base installation
© iStockphoto.com/svengine
point of view. After some initial teething challenges with the high level interface, the system was installed successfully,” says Gardner. “The system is integrated into our DCIM platform, so staff receive both emails and SMS to advise of any issues with the facility or system faults.” VESDA is now providing very early warning smoke detection
10
in all Vocus facilities across Australia.
HELPS YOU MEET
FUTURE PERFORMANCE DEMANDS
A10 Networks product line of high-performance, next-generation application delivery controllers enable customers' applications to be highly available, accelerated and secure.
SSL REQUIREMENTS ARE SKYROCKETING Number of standard servers required to handle 1,000 SSL CPS
INTERNET ATTACKS ARE GROWING 1024-bit 1850%
2048-bit
SOME FACTS:
INCREASE in packet rates for DDoS attacks from
25% - 35%
2011 to 2013 8
The average size of a DDoS attack in 2013 was
10
Gbps
8
4096-bit
of Internet traffic is encrypted with SSL 3
and attacks frequently reached
60 Gbps
4096-bit
8
SSL key use is growing, accounting for of certificates issued according one CA 4
20 %
DNS and NTP REFLECTION amplify DDoS attacks up to
28x - 556x
48% more
9
of the most popular websites use SSL as of January 2014 than a year earlier 5
WEB ATTACKS accounted for
35%
of data breaches in 2013 8
Upgrading 1024-bit to 2048-bit SSL keys can degrade performance 5
3x to 7x
www.a10networks.com/adc-security
2
PEER PEER Armed with the right tools, it’s possible to extract the signals from the IT noise.
Harmonise and tame the date deluge
A
ccording to experts, 80 to 90%
(IVR) data is usually present in large XML
of available data is in amorphic
files which need to be processed and mined.
or unstructured form. Textual
Voice records can be parsed using NLP and
data includes social chatter, elec-
used to determine the sentiments of the caller
tronic documents, word-processed content,
(customer). Unifying all of these channels
blogs, presentations, emails and other
can help manage customer expectations
record-keeping content. Non-textual data
better and improve their satisfaction score.
— such as images files, video, audio and analog communications — usually exists
E-commerce sites use predictive models on
in binary format.
historical content for recommendations. As a customer browses or buys products from
Amorphic data processing requires spe-
their sites, enterprises use content-based
cial techniques such as natural language
and collaborative-based models to better
processing (NLP), part-of-speech tagging,
predict similar items and thus improve
image processing and data mining. With
sales and enhance customer experience.
open-source, big data processing software
The underlying data includes a trove of
that can run on commodity hardware and
customer information.
democratisation of analytics, enterprises are increasingly looking to generate insights from
Airlines are taking customer engagement
unstructured data for revenue generation
beyond mere travel to provide a more com-
or optimisation.
plete experience. Using information from transactional systems along with social data,
Social networking providers are using online
personalised information regarding events,
communication channels and networks for
accommodation, food and dining packages
targeted marketing campaigns. By continu-
are being pushed to users’ smart devices.
ally mining information from conversations
This not only keeps the customer engaged
using an ensemble of NLP models and creat-
with their preferred airlines, it also ensures
ing network graphs of our social connects,
loyalty in the long run, bringing in additional
we can segment customers based on a range
revenue by way of channel partners.
of factors. However, in addition to having
12
Ganesh Moorthy is an Apprentice Leader at Mu Sigma. His role encompasses the responsibilities of a program manager and solution architect for the organisation’s R&D engagements. He has over 16 years’ experience in leading enterprise solution development for global Fortune 500 clients and is currently involved in building industrial internet, augmented reality and analytics and visualisation platforms for both descriptive and predictive analytics.
good demographics data and customer seg-
Banks and financial institutions can apply
ments, they also use social communication
deep learning concepts to bolster security
channels to gauge the general sentiment and
with face recognition software and lever-
overall impact of the campaign.
age video processing for event correlation. Biometric data can be mined and used to
Voice and data operators are using call re-
create new business models for third-party
cords to measure first call resolution (FCR),
validations for banks. These techniques can
which can be leveraged to analyse customer
be employed for purposes ranging from
satisfaction, agent effectiveness and work-
personal security and workforce monitoring
force optimisation. Interactive voice response
to national security.
Siemon’s
8 Siemon’s LightHouse Family of High-Performance Fiber Optic Products includes: • A complete line of high-density Plug and Play solutions supporting up to 40 and 100Gb/s featuring Siemon’s innovative LightStack™ solution with best in class cable management accessibility and ease of use • Comprehensive line of RIC, SWIC and FCP rack and wall-mount fiber enclosures • Rapidly deployed, preterminated and tested trunking assemblies in custom lengths, fiber counts and configurations • High-performance, factory-tested jumpers and pigtails including Siemon’s innovative push-pull LC BladePatch® • Field-terminated connectivity — multiple LC, SC and ST configurations, individual and mass fusion splice solutions • Fiber Cable Offering — Multimode OM1 62.5/125, OM2, OM3 and OM4 50/125, and Singlemode OS1/OS2 • Passive Optical LAN splitters and enclosures • Cost effective Cisco-compatible SFP+ and QSFP high speed interconnect assemblies To learn more about Siemon’s LightHouse advanced fiber cabling solutions visit: www.siemon.com/lighthouse
W W W
.
S I E M O N
.
C O M
KEY
Preparing for
‘black swan’ IT events
WORDS
A
bout a year ago, well-known
of impact on our business can never
US statistician Nate Silver
again occur.
famously got it wrong. Really, really wrong. While known for
But I’m here to tell you that that urge is
his ability to adeptly predict everything
a waste of time and valuable resources.
from elections to baseball finals, Silver was
Don’t believe me? Let’s take a not-so-
completely thrown by Germany’s win over
imaginary case of a company that has
Brazil in the World Cup. As he described
a single, spectacular failure that cost it
it, the result was completely unforeseen
$100,000. Management immediately sets
and unforeseeable — a ‘black swan’ event.
up a task force to identify the root cause of the failure and recommend steps to
The tendency in the face of these things
avoid it in the future. It takes more than
is to do as Nate did, and focus on what
100 man-hours to investigate the trigger.
went wrong with the prediction rather
Let’s be conservative and say that the cost
than what caused the event.
is $50 per hour times five people times 100 hours. A total of $25,000. And let’s
In business, when the unforeseen occurs,
be completely optimistic and say that at
what often happens is management ac-
the end of the effort, the problem is not
quires a dark obsession with post-analysis.
only identified but code is in place to
Meetings are called under the guise of
predict the next one. The company has
‘lessons learned’ exercises, with the express
expended $25,000 to devise a solution
intent of ensuring ‘this’ never happens
which may (or may not) predict the oc-
again. Time is spent not on figuring out
currence of a black swan exactly like the
what went wrong, but instead, why the
one that hit before.
assumedly informed prediction failed. Compare that to a fairly common problem To be clear, I’m not saying that after
— disk failures. Drives fill up, or throw
a failure, business should just blithely
errors until they are unreadable, or just
ignore any lessons which can be learned.
completely stop. But at this not-quite-
Far from it. But what Nate’s observation
fictitious company, there was no alerting
and other black swan events teach us is
for this. Disk space was monitored, but
that one of the first things an organisa-
not alerted on. Alerts on disks which
tion should do is determine whether the
stopped responding or disappeared was
failure was predictable in the first case. If
simply not done.
it isn’t, your efforts and post-analysis are much better spent elsewhere.
A fairly simple set of alerts could save a moderately sized company as much as
14
There’s little doubt that in the face of
$140,000 per year. And disk failures are
black swan events there is a natural urge
no black swan. Even Nate Silver would
to protect ourselves, to ensure this kind
agree they are a sure thing.
Leon Adato is a Head Geek and technical evangelist at SolarWinds, and is a Cisco Certified Network Associate (CCNA), MCSE and SolarWinds Certified Professional. His career includes key roles at Rockwell Automation, Nestlé, PNC and CardinalHealth, providing server standardisation, support and network management and monitoring.
A N A LY S E
THIS
W
Are female CIOs
more risk aware than males?
hile there are more
shared focus on analytics, infrastructure
similarities than differ-
and data centre, cloud, ERP and mobile
ences in the responses
technologies. For good or bad, women
of men and women in
and men view the top priorities virtu-
the Gartner 2015 CIO Survey, there are
ally identically. From our past research,
also a number of notable differences,
variations in top priorities by gender
indicating that female CIOs show more
could often be attributed to significant
adaptability in their leadership roles than
differences in the industries where male
do their male counterparts.
and female CIOs worked. However, more recent data shows little difference
While a large majority of all CIOs believe
in the gender dispersion of CIOs across
that the digital world is creating new and
industries, which may account for the
additional risks in their environment,
consistency in prioritisation.
women are significantly more likely to express concern that investments in
There are a few other notable similarities
risk management and risk management
between both genders, particularly their
practices are not keeping up with new
desire to lead as a digital business, as well
and higher levels of risk. This difference
as to change their leadership style from
is more pronounced when the CIO re-
commanding to visionary.
ports to the CEO, with female CIOs even more likely than their male counterparts
The good news for CEOs who are hiring
to agree that the enterprise approach is
or working with CIOs today is that they
not keeping up.
can be confident that gender will play no major role in how they view overall
For the second year in a row, women CIOs
technology priorities. Both genders can
are expecting greater budget increases
rest assured that they are consistent with
than men. While it’s not entirely clear why
other CIOs in the industry. At the same
this difference exists, they do appear to be
time, both men and women should
more concerned about under-investment
challenge their view of the priorities
in risk initiatives. The risk data, combined
and ask themselves if they are going
with budget numbers, may indicate that
far enough out of the box to provide
they are more focused on the resource
digital competitive differentiation to
side of the digital equation and are,
their enterprises.
therefore, requesting and accumulating more IT budget.
The hope and vision for the leadership of IT organisations, and women in general,
16
The top five technology priorities identi-
is that they view CIO roles as an opportu-
fied in Gartner’s CIO survey this year are
nity to lead people-orientated businesses
the same for male and female CIOs — with
with diversity of views, solving complex
minor variations in order — reflecting a
real-world problems with technology.
Poh-Ling Lee is an Executive Partner in Gartner Executive Programs (EXP), with more than 26 years’ experience in the IT industry and accredited skills in executive coaching. Ms Lee helps clients in private and public sectors in Australia, Malaysia, Singapore and Indonesia to gain the insights necessary to make decisions that deliver exceptional business results, while building their leadership capabilities.
T E C H N I C A L LY
SPEAKING
Digital governance
The balance between opportunity and risk Mike Lord, Vice President, ANZ, OpenText
B
y 2020, disruptive technolo-
fact, Gartner predicts that the use of the
gies will be responsible for the
IoT will grow exponentially, with at least
production, distribution and
4.9 billion connected devices estimated to
fragmentation of vast amounts
be in use this year. By 2020, this number
of enterprise information. The Internet
is forecast to hit 25 billion.
of Things (IoT), for one, is expected to
18
CIOs must comply with regulations and minimise risk, while maximising value and building profit.
introduce a wave of new data into the
As information rises to become the new
enterprise, which will massively increase
currency in a digital-first world, executives
the amount of information available for
and IT leaders will be required to develop
analysis by all manner of organisations. In
and execute strategies for information and
in place to address compliance issues,
Benefits of digital governance
while making critical information avail-
As the volume of enterprise information
able to improve performance and deliver
increases, so does the need for digital gov-
competitive advantage. With regulatory
ernance to ensure this data is managed,
compliance listed as being the most
secured and searchable. Moreover, laws
significant driver of an information
and regulatory standards also determine
governance program, according to data
compliance requirements. The heavy
compiled by Forrester Research, taking
asset industry, for one, is increasingly
care of information governance has never
adopting asset management standard
been more critical than now.
ISO 55000 in a bid to strengthen its
enterprise to put policies and controls
“Digital governance is not just about complying with regulations and minimising risk — it’s about maximising the value of information to create a profitable business.”
Regulatory compliance
governance of assets as it prepares for
In every industry, organisations are under
digital transformation. Poor information
increasing levels of scrutiny to be ac-
access can impair the business — and
countable and transparent. According to
systems that rely on paper are a prime
Deloitte, Australian organisations spend
example of this.
up to $130 billion in compliance each
© denisismagilov/Dollar Photo Club
year, driven by both external and internal
Take, for example, the engineering and
factors. Externally, the flow of new rules
construction sectors. Infrastructure
and regulations across regional, national
such as buildings, transportation, power
and international borders is continually
plants and oil refineries has a life cycle
intensifying; whilst internally, informa-
that spans decades, creating significant
tion is impacted by corporate social
information challenges for the industry.
responsibility (CSR) pressures. How a
Throughout the life cycle of a project
company manages its information and
or asset from design, construction and
operations has a direct impact on profit
handover to operations, the number
and shareholder value. Poor management
of assets that need to be documented,
and non-compliance can lead to busi-
exchanged and referenced can be over-
ness losses, financial penalties and even
whelming. The application of ISO 55000
criminal charges.
can assist organisations in reducing the burden of regulatory compliance and
asset management, including robust capa-
Yet there are greater benefits associated
bilities for governance, risk and compliance
with compliance beyond mitigating risk
(GRC). Strategies for managing GRC will
and avoiding penalties. Organisations that
Effective risk management
help the digital enterprise maximise the
adopt information governance experience
No risk can be mitigated to a 0% likeli-
value of its information while minimising
additional advantages, including business
hood of occurring — so how can the
risk. For many organisations, finding this
continuity; savings on storage and infra-
digital enterprise determine which risks
balance will be critical for survival.
structure; unimpeded knowledge sharing;
to mitigate and which consequences to
stronger security and privacy; and the
prepare for? A risk profile helps the enter-
Fundamentally, information and as-
ability to respond quickly and proactively
prise examine the likelihood of identified
set management empowers the digital
to investigations of all types.
risks and their potential impact.
other risks.
19
If an organisation is a litigation target, it makes very little sense to try and prevent court action. Defensible deletion is a better tactic, as it leads to reduc-
“Digital governance allows access to information on a ‘need to know’ basis, while preserving an overall integrated archive of information.”
tions in discovery costs and legal fees. What this means is that organisations should identify, classify and govern only pertinent information — and eliminate
to avoid information risks that might
doesn’t impede the enterprise’s ability to
that which brings no business value.
violate legislation, cause non-compliance
do good business — it enhances it. Ul-
Furthermore, keeping every single piece
or adversely impact the organisation’s
timately, it helps the enterprise maintain
of data also results in higher storage and
ability to perform. Digital governance
stakeholder trust, improve transparency
infrastructure costs. With the dramatic
allows access to information on a ‘need to
into performance and practices, reduce
growth in content volume, this approach
know’ basis, while preserving an overall
costs related to storage and e-discovery
becomes less tenable.
integrated archive of information.
and, importantly, uncover new business opportunities.
An added benefit of a defensible deletion
A holistic approach
program is that it makes organisations
Digital governance is not just about com-
To thrive in a digital-first world, the
more efficient by reducing the amount
plying with regulations and minimising
strategic CIO must steward the digital
of irrelevant information that users have
risk — it’s about maximising the value
enterprise to meet ongoing compliance
to sift through to get work done.
of information to create a profitable
regulations and requirements, identify
business. This applies to all enterprise
gaps and mitigate risk, as well as properly
The protection of enterprise information
information, regardless of format, func-
protect information to minimise risk
should be holistic, covering all bases
tion or location. Digital governance
and maximise value.
BEST OF THE WEB Legal sanctions for data loss Dylan Bushell-Embling
20
The survey, conducted by security vendor Raytheon Websense, shows that 65% of security professional respondents support mandatory disclosure, 60% believe the law should mandate customers that are affected and 59% are in favour of fines. Around four in 10 believe that the CEO should hold ultimate responsibility for a data breach, and 23% even support jail sentences for the CEO or board members in the event of a serious breach. The scale of the threat is only growing as new technologies emerge, with 72% of respondents believing that the advent of the Internet of Things will make companies more vulnerable to data theft. More than half (62%) of Australian security professionals believe that the increased instances of data theft disclosures reaching the headlines has helped them make a case for budget, focus and resources. But nearly a quarter (24%) believe that the headlines have hindered their efforts by making companies feel powerless to protect against data theft attacks.
“Despite all of the large-scale attacks we’ve seen over the past year, many businesses still don’t recognise the risks they face and the potentially devastating impact of a breach,” Raytheon Websense ANZ Sales Engineering Manager Bradley Anstis said. The survey indicates that 27% of respondents feel that their companies still don’t believe that their business would be affected by data loss. In addition, 37% believe that a company will only do what’s necessary for legal compliance. Around 43% of respondents believe that a lack of action to protect against data theft can be blamed on too much complexity, while 35% cannot afford the investment required.
Image courtesy of my_southborough under CC
www.technologydecisions.com.au
Privileged Management that works. Appropriate access equals better security. Privileged accounts hold the keys to access the essential systems needed to run your organization's operations. Ensuring that access is granted in a secure and controlled manner must be a fundamental component of any organization's security strategy. Dell’s Privileged Management solutions consider every piece of the puzzle, including policy-based access with approval workflows, granular delegation of rights, session recording and keystroke logging of activity, and governance over privileged access and accounts. When privileged management is done right your organization is more secure. Secure your network at software.dell.com/PrivilegedManagement
© 2015 Dell, Inc. ALL RIGHTS RESERVED. Dell, Dell Software, the Dell Software logo and products — as identified in this document — are registered trademarks of Dell, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. 26614_v1.3 FB
FROM THE FRONTLINE The mobility miracle Enterprises on the move Jonathan Nally
Mobility solutions are transforming the way enterprises deliver services, while also improving their bottom lines.
24
T
he rapid uptake of mobile de-
to log on. With Citrix we’ve been able to
process. In one instance “we had about
vices by consumers and work-
get that down to less than 10 seconds.”
1000 Windows XP VDI sessions, and we
ers is leading to a revolution
allocated one person to upgrade them all
in the way public and private
These are not trivial time savings. The
to Windows 7”, said Parrish. “It took him
sector organisations deliver services to
Citrix solution can save an hour or more
about a month. How long would it take
both their staff and customers. Here we
per day, per clinician.
you to do that with physical desktops?
present three examples of how mobility
And he did it all from his desk.”
solutions are delivering outstanding results
“Before I came into IT I was a nurse for
in three very different sectors, beginning
10 years, so I understand how health care
The marvel of mobility
with health care.
works,” said Parrish. “If you talk to any
The City of Charles Sturt is a metropolitan
clinician about technology, they say it
council located in the western suburbs of
Mater Health Services comprises several
has to be quick, it has to be simple and
Adelaide, serving about 110,000 residents.
hospitals, health centres, a world-class
it has to give you the right information
The council employs approximately 470
medical research institute, and pathology
at the right time so you can make the
FTE workers, with around 170 of them be-
and pharmacy businesses, all with one
right decisions.”
ing field workers equipped with about 130
aim — to provide exceptional care.
mobile devices. Field teams include road In the Cancer Care Centre, chemotherapy
workers, mowing, rapid response, clean-
The organisation has been implementing a
patients are housed in ‘pods’ while receiv-
ing, barbecue and beach teams. It has $1
conversion from traditional desktop PCs to
ing treatment. With the Citrix system,
billion-plus of assets under management.
virtual desktops, using Citrix technology,
clinicians “can go from pod to pod very
while at the same time upgrading from
quickly, open up the applications in one
To keep track of everything, the council
Windows XP to Windows 7.
pod, [then] go to the next pod, log on,
uses asset management and mobility en-
all the applications come with them and
terprise solutions from TechnologyOne,
“The value for us is around session port-
they can access all the information,” said
which has enabled it to transform cumber-
ability,” said Steven Parrish, CIO and
Parrish.
some paper-based processes into a slick, efficient electronic and mobile system.
executive director of information and infrastructure. “In health care, whenever
“We’re rolling out virtual desktops fur-
a doctor or a nurse tries to log on to a
ther in the organisation, as part of our
Previously, for instance, if a member of
computer, in a traditional Windows en-
upgrade [from XP] to Windows 7,” he
the public called to report a pothole, it
vironment it can take up to five minutes
adds. “We hope to have about 80% of our
would take four or five days for the report
for the computer to boot up, for Windows
desktops replaced by virtual desktops by
to make its way to the maintenance team.
to load and then for them to get into an
Christmas 2015.”
Now it’s as little as 15 minutes.
patient to patient in a very short period
And having gone the VDI route has given
“The field worker on their mobile device
of time, they can’t afford to be waiting five
Mater Health Services a dramatic boost
receives the exact location and potentially
minutes in each room for the computer
in manageability during the upgrade
photos if the member of the community © sudok1/Dollar Photo Club
application. When they’re going from
O U R PA N E L
Mark Gregory, CIO, The University of Adelaide
Jodie Rugless, Information Services Manager, City of Charles Sturt
Steven Parrish, CIO, Executive Director, Information & Infrastructure, Mater Health Services
25
system. We call it project ADAPT — any
“These are not trivial time savings. The Citrix solution can
device, any place, any time.
save an hour or more per day, per clinician.”
“It really leverages our resources, so rather than us running around updating software all the time, we can deliver our software
has attached any,” said Jodie Rugless, the
their tree pruning program, which used
this way,” added Gregory. “We’re actually
council’s information services manager.
to take seven years to cover the entire
spending less time to deliver to more people
And from there the field workers are
council area. By making better use of
in a way that they would prefer, so it’s an
linked into all of the asset data around the
asset data and carefully planning their
all-around win-win.”
pothole itself, such as the configuration of
pruning schedule, they’ve reduced it to
the asphalt, what the roadbase is and so on.
two and a half years.
It has “very rapidly become the heartbeat
“That’s where I go, ‘That’s bloody unreal!’”
of containerising data. “So if you’ve got a
of our organisation”, said Rugless.
said Rugless.
device and you use the Citrix environment
The council has continued to expand
Learning on the go
actually stay on your device. As soon as
and adapt the system, such as turning
Still in Adelaide, and the University of Ad-
you close the app it’s no longer available,”
paper-based operations manuals into
elaide has rolled out Citrix’s XenApp system
said Gregory.
electronic versions held on mobile devices.
to remotely connect its tens of thousands
“It sounds like such a minor thing, but
of students to myriad centrally managed
And the system is efficient, too. “We built for
we’ve got about 150 different pieces of
software applications running on virtual
initially up to 400 concurrent users, and we
plant in the field, so previously there was
machines in the university’s data centre.
thought we would have to build for more
There are a lot of advantages to managing software centrally, such as the security benefit
to work with important data, it doesn’t
a folder kept in every single one of them
and more concurrent users. But what we
that had about 600 pieces of paper in it,”
“You’re running your applications at the
found was that most people use this tool very
said Rugless. “And every time one of those
back end in a virtual server environment,
sparingly — they go in, they do something
got updated, someone had responsibility
and it is effectively screen-scraping — you’re
and they leave. Unlike when you’re sitting
for printing out the new one, carting it
sending the output of a screen to the client
at a desktop, most mobile users are in and
out to the truck, placing it in the folder
and you’re taking the input from the client
out of an application,” said Gregory. “And
and getting rid of the old one.
back,” said Mark Gregory, the university’s
as a result, we found that our concurrency
CIO. “But all the action’s really occurring
didn’t need to be that high, and we could
in the data centre.
still be serving 15,000 students with only
“The big turnaround for us has predominantly been around redirecting people to
400 or 500 concurrent.
the points of the business that make a
“There’s been a great deal of work to make
difference, as opposed to spending time
things translate smoothly, so if you happen
“The university is very pleased and it’s very
shuffling pieces of paper,” said Rugless.
to be on a tablet, your finger touches now
convenient for students,” he added. “I worked
“And our field workers who used to
work as you would expect if the software
with this technology back in the 1990s, from
spend a lot of time in the office getting
were running locally. The connection to the
the same company, Citrix, and wasn’t terribly
their pieces of paper are now out doing
server in the background is very seamless.”
impressed, [but] its really come a long way.
And it doesn’t matter which kind of oper-
“What I would say to IT professionals is,
ating system the user has. “To give you a
if you haven’t looked at it lately, it’s really
“I think what excites me most about it
sense of scale, right now we’ve got 13,500
worth a look again,” said Gregory. “I was
is that [the field workers have] taken
Windows users, 7000 Android users, 17,000
a little bit sceptical when someone on my
charge of it — they own the system, it’s
iOS users, 5000 Mac users and 2000 other
team said they wanted to try delivering this
100% theirs,” said Rugless. She cites the
[devices],” said Gregory. “Any of those peo-
way, but now that I’ve seen the results, I’m
example of the council’s arborists using
ple can use any one of 140 different pieces
definitely more impressed with where the
the asset and mobility system to fine-tune
of software that we’ve got available on the
technology’s at.”
these services on a daily basis. It’s made a huge difference.
26
IoT powers the health care of the future work
A
ustralia is facing significant challenges when it comes
care for the organisation’s aged clients is the use of ubiquitous
to looking after its ageing population. The proportion
wireless networking throughout its facilities.
of citizens aged 65 years and over is set to increase from 13% in 2010 to 23% by 2050.
“Wireless is at the heart of everything we are doing,” he said. “Without it, we wouldn’t be able to implement what we
At the same time, the proportion of working-age people
are currently doing and we would be hampered in looking at
is expected to fall by 7% to 60% in the same timeframe. This
future technologies such as wearables, mobile computing, big
means more people will need care, while fewer people will be
data and even robotics.
taking up a career in nursing and aged care.
“This is the Internet of Things in real life. We could not
The impact is already being felt by providers such as
do all the things we have planned without wireless or without
BaptistCare, which has around 17,000 residents and clients served
a technology partner who is willing to learn and walk with us
by its various aged care facilities, nursing homes, retirement
to understand the future challenges for aged care. And that’s
villages, community housing, community services and home
where Logicalis has really stepped up to the plate,” Lymbers said.
services operations.
As part of a holistic system developed by Logicalis that
The not-for-profit organisation recognised that it would be
encompasses many operations within a facility, one critical
unable to meet the challenges of caring for an ageing population
operation stands out: a combination of networking technology
with the resources available, so has put in place a plan to leverage
and unified communications integrated with a core wireless
new and emerging technologies.
network, which enables BaptistCare’s nurse call system to locate
This strategy embraces everything — from robotics, to
the nearest nurse/carer to a resident when a call button is pressed.
wearables, to the innovative application of wireless technologies
Each staff member wears a Wi-Fi-enabled communications
that can fully leverage the Internet of Things.
device around their neck, enabling the system to identify the
According to BaptistCare Chief Information Officer George
nearest caregiver and providing a rapid response to the patient.
Lymbers, the foundation for a technological capability in providing
Once the call is accepted by the carer, an instant voice channel is established with the resident. The next step will be to IP-enable the environment so that it may eventually include medical device monitoring of residents in each facility. The data collected will enable realtime reporting, along with automated updates to clinical care notes. In future, the data will also provide predicative analytics about the medical state of residents and provide alerts prior to a medical event occurring. “This data collected also helps with monitoring respiration, blood pressure and heart rate; in fact, virtually any measurable biometric can be used as a data analytics source,” said Lymbers. “All the data goes into the cloud, generating a pattern for each individual. If something changes, staff are immediately alerted via the wearable device. “By adopting a future-orientated healthcare strategy, we are better able to meet our clients’ needs faster, much more efficiently and with better resources, while continuing to deliver high-quality
28
personal care to each and every BaptistCare client,” said Lymbers.
26 – 29 October 2015 Gold Coast, Australia gartner.com/au/symposium
THE WORLD’S MOST IMPORTANT GATHERING OF CIOs AND SENIOR IT EXECUTIVES Rise to the Challenge A digital wave is sweeping through every industry and there is no safe haven to ride out the disruption. This defining moment gives every CIO and senior IT executive a chance to rise up and transform the mission-critical priorities into bold business outcomes. Gartner Symposium/ITxpo 2015, 26 – 29 October, on the Gold Coast, Australia, will show you how to harness this wave of technology change, from personal development to process reinvention, Gartner is here to help you Rise to the Challenge.
Register now using code MPPSE1 for a $500 discount on standard delegate rate. © 2015 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. ITxpo is a trademark of Gartner, Inc. or its affiliates. For more information, email info@gartner.com or visit gartner.com.
Gartner Symposium/ITxpo 2015 at a Glance: • Four days • 1,500 attendees with 500 CIOs • More than 200 analyst-led sessions • Exclusive CIO Experience • Tracks aligned to your mission-critical priorities • More than 50 Gartner analysts on-site • 70 solution providers
products RACKMOUNTED NETWORK SWITCH
RACK SERVER
Oring has launched the layer 3 high bandwidth rackmounted
Dell has added the PowerEdge C6320 rack server to its
switch RGPS-R9244GP+-P for use in network backbones
13th-generation Dell PowerEdge server portfolio.
and high data flow applications.
The product is designed to offer four independent server
Distributed in Australia via Ethernet Australia, the 9000 series
nodes in a 2U chassis. Compared to the previous generation,
rackmounted switch features layer 3 functionality, high data
it provides up to two times the performance improvement
flow and POE (Power over Ethernet), fulfilling the stringent
on the LinPack spec, including up to 28% better power
requirements for a core network switch.
efficiency. This allows users to optimise application perfor-
The switch offers four full 1/10G SFP Ports and 24G RJ45
mance and productivity whilst conserving energy use and
ports, each offering full 30 W POE. With its 128 Gbps
saving traditional data centre space.
bandwidth and layer 3 features, the switch suits applications
The device features the latest generation of Intel Xeon
such as automation plant control, industrial ITS core archi-
E5-2600 v3 processors and provides up to 18 cores per
tecture, IP camera network distribution, network backbone
socket (144 cores per 2U chassis), up to 512 GB of DDR4
and layer 3 network aggregation.
memory and up to 72 TB of flexible local storage.
Ethernet Australia
It also comes integrated with iDRAC8 with Lifecycle Control-
www.ethernetaustralia.com.au
ler, which allows users to automate routine management tasks and reduce the time and number of steps to deploy, monitor and update their servers throughout their life cycle. Its flexible, modular platform with automated management makes it suitable for appliances such as the Dell Engineered Solutions for VMware EVO:RAIL, Dell XC Series of Web-scale Converged Appliances and other HPC offerings. Dell Software Pty Ltd
RUGGED TABLET
www.dell.com
The Panasonic family of Toughbook enterprise-grade tablets has just expanded with the launch of the Toughpad FZ-B2, said to be the first fully rugged, 7″, high-performance, Intel-based Android tablet built for enterprise. With durability, power and a range of configurability options, the Toughpad FZ-B2 is a suitable tool for field service, inspections, reporting or as an upgrade from clipboards and pen-and-paper processes. Running the Android 4.4 operating system and powered by a quad-core Intel Celeron processor, the product offers enterprise-grade features including a quick-charging, user-replaceable, full-shift battery. With a fully rugged and sealed design, the thin and lightweight unit is built for long-lasting durability — even when regularly used in harsh environments. The device conforms to MIL-STD-810G and features a 1.5-m drop and all-weather IP65 dust- and water-resistant design. Software encryption ensures enterprise-grade security. The product comes with a standard 7 h (or optional 14 h) long-life battery, with a hot-swap battery available. It includes a three-year warranty and business-class support. Panasonic Australia Pty Limited
30
www.panasonic.com.au
Give us your specifications. We’ll give you a unique, prefabricated data centre solution. Businesses come in all shapes and sizes. So should data centres. Schneider Electric prefabricated solutions are completely customisable and reduce the risks associated with traditional design-builds, such as cost overruns and missed deadlines. How? Modules are pre-engineered and factory tested, deploying at your site with integrated hardware and software. Thanks to fewer planning and design decisions, your data centre is ready faster than ever. What’s more, we’ll handle all the logistics, delivering in 16 weeks or less from P.O. to shipping.
Types of Prefabricated ModularData Centers White Paper 165 Revision 0 by Wendy Torell
Executive Summary Data center systems or subsystems that are preassembled in a factory are often described with terms like prefabricated, containerized, modular, skid-based, pod-based, mobile, portable, self-contained, all-inone, and more. There are, however, important distinctions between the various types of factory-built building blocks on the market. This paper proposes standard terminology for categorizing the types of prefabricated modular data centers, defines and compares their key attributes, and provides a framework for choosing the best approach(es) based on business requirements.
See if a prefabricated solution is right for your application. Learn more in our FREE White Paper and enter to win a GoPro Hero 4. Visit www.apc.com/promo and enter keycode 54273K
©2015 Schneider Electric. All Rights Reserved. Trademarks are owned by Schneider Electric Industries SAS or its affiliated companies. www.schneider-electric.com.au • 998-1252129_GMA-AU • SEAU139810
> Complete library of reference designs for semi- to fully-prefabricated data centres. > Power, cooling and IT modules — pre-wired and factory tested. > Life cycle services, from assessment to planning, designing and building.
T E C H N I C A L LY
SPEAKING
Going prefab Data centres on the move An d re w Ki r ke r, G e n e ra l Ma n a g e r Datacentres, Schneider Electric
32
As converged infrastructure gains momentum in Australia, so too will prefab data centres.
C
onverged infrastructure (CI)
When CI is applied to the data centre, the
is reshaping the Australian
vendor provides preconfigured bundles of
IT market, with speed and
hardware and software in a single frame-
efficiency being the keys, as CI
work. Fundamentally, it is a collocation of
has brought the ability to provision, test and
computer, storage and network resources
deploy IT much faster than ever before. The
that is managed as a single IT asset, often
trend is being adopted at an ever-increasing
in one or a small handful of cabinets.
pace and is pushing the industry further
This system is then dropped into a data
down the path of standardisation, modular-
centre. Whether it is a simple reference
ity and prefabricated (prefab) construction.
design or pre-constructed by one of several
One example of this is the growing uptake
turnkey vendors, these converged stacks
of prefabricated data centres.
are typically characterised by a high degree
installation stages all play vital roles in
Site preparation
the process.
Whether the project is a retrofit data centre
Planning and design considerations
or a new ‘greenfield’ location, some degree of work is generally needed to ready the site. For prefab data centres there are some
Besides shorter process times, there are
unique considerations needed for obtain-
two planning considerations that are
ing permits and foundation for modules.
unique to prefabricated data centres: how the equipment is classified financially and
The permitting process for data centres
the degree of component-level design
assembled from prefabricated modules
engineering involved.
generally resembles that of conventional
“Two planning considerations are unique to prefab data centres: how the equipment is classified financially and the
© es0lex/Dollar Photo Club
degree of component-level design engineering involved.” Prefabricated modules that are assembled
builds, but one point of difference is that
in a factory and packaged either as an as-
the construction drawings can be simpler,
sembly on a skid or as an assembly within
as all the detailed information is available
an enclosure possess the attribute of being
from the manufacturer. Another factor is
considered a ‘product’ rather than a basket
that prefabricated data centres have been
of parts or subsystems. This provides a
pre-tested and pre-approved. As the ‘in-
company with certain financial options
spection function’ has been performed by
that are generally not afforded to stick-
recognised agencies and the cost of those
built date centres. For example, they may
approvals is incorporated into the purchase
be booked and depreciated separate to the
price, local inspectors are not tasked or
building, they may be leased (or sold and
responsible for module inspection.
leased back) independent of the rest of the assets on the site, and may be moved (or
Many modules are designed to be weather-
relocated) from one regional data centre to
tight enclosures, making them well suited
another with prior depreciation recognised
for outdoor installation as standalone
and remaining value intact.
structures. Whether indoor or outdoor, common types of structure foundations
Engineering a data centre built from
used are continuous concrete slabs,
of virtualisation and automated software
prefabricated modules also involves more
multiple concrete slabs, piers or a com-
management.
system-level design work when compared
bination of these. The style and type of
to engineering one built from products and
foundation selected has much to do with
While the benefits of prefabricated data
parts. Prefabrication carries an implicit
the physical properties of the site, such as
centres are well understood, many of the
expectation that the components within
soil conditions, surface water drainage, the
practical considerations are not, especially
the modules are well matched and thor-
presence of frost, as well as seismic and
when compared to regular ‘stick-built’ data
oughly integrated. Communications and
wind loading requirements for a particular
centres. In order to ensure companies are
controls are ready to function when the
geographic location.
embracing the technology correctly, a
module is delivered, with minimal on-site
thorough knowledge of prefab implemen-
work. Prefab data centre design can be half
Procurement considerations
tation is important, because the planning,
of traditional models, typically reducing
Since prefab data centres are designed with
design, site preparation, procurement and
from 24 weeks to 16 weeks.
mobility in mind, traditional transport
33
and packaging considerations are always taken into account. As transportation of data centre modules to a site is generally by truck, standards imposed on truck and cargo weights and dimensions are taken into account well in advance. Despite variations between Australian states, modules are usually designed to suit all conditions. Since data centre modules are often at the upper end of the size and weight limits, manufacturers often use the services of transportation and logistics companies that specialise in the delivery of large,
Site considerations
collisions. Beyond this, modules should
singular payloads.
Well-designed prefabricated modules
be free from obstruction and located in
facilitate a simpler, quicker installation
an area that allows proper water drain-
Another point of difference between
process. To ensure reliable, efficient opera-
age. In some cases, they can be stacked
prefab and traditional data centres is the
tions, a key factor that should be considered
to save space.
packaging. Traditional projects use signifi-
during the installation process is where to
cant volumes of palettes, cardboard and
position and secure the module.
Implementation and deployment of prefabricated data centre modules is substantially
plastic. On the other hand, prefabricated modules have the majority of the physical
For ideal operations, modules should be
different to that of a traditional data centre
infrastructure (power, cooling, rack) sub-
placed so their shortest side faces the
build. As converged infrastructure continues
systems installed and secured within the
sun, minimising heat gain. They should
to gain momentum in Australia, so too
modules prior to delivery, which reduces,
be placed away from trees, lamps, wires
will prefab technology. As these trends
by an order of magnitude, the amount
or other objects that could pose a hazard
become more common, it is important for
of packaging necessary to transport the
during a natural event. The site layout
companies to understand all considerations
modules safely.
should discourage potential vehicular
to implement them effectively.
BEST OF THE WEB www.technologydecisions.com.au Businesses still pirating software Dylan Bushell-Embling
34
Australian businesses appear to be continuing their use of pirated software unabated, with commercial software industry group BSA revealing it has settled seven cases this year alone. The seven cases combined yielded settlements totalling $147,000, Computerworld Australia reported. The unnamed defendants hail from the architectural, engineering and manufacturing industries. By way of comparison, the BSA settled 12 cases in Australia last year totalling damages of $825,000. “Last year saw a total of 12 businesses in breach of copyright
law, and we are not seeing any indication of settlements slowing in 2015,� Roland Chan, BSA senior director for compliance programs Asia-Pacific, said. He noted that a recent study conducted for the BSA by IDC demonstrated that businesses using unlicensed software are also exposing themselves to greater risk of data loss from malware attacks. To mitigate the threat, the BSA recommends businesses implement software compliance policies that involve logging all software deployed in the business.
is not bliss B O D Y Ignorance for IT security TA L K ITCRA has been active in providing information and resources on the application of the Privacy Act in business.”
C
learswift recently published
which needs to be destroyed; which kinds
a survey which found that
of threats exist and how to prevent them;
88% of businesses have ex-
and what the company’s security protocols
perienced an IT or security
are and how to implement them.
incident in the preceding 12 months. These are straightforward, fundamental isThis may seem shocking to some, par-
sues that can be easily cleared up. The true
ticularly in light of increased regulation
problem arises when the company itself is
by the Australian Privacy Commissioner
not sure about how to treat confidential
and a greater global awareness of the
information. The key question is, “Does your
dangers of ‘hacktivists’ (think Edward
company have a positive privacy culture?”
Snowden), but for those who work at
The issues that need to be considered are:
the heart of IT management, this comes
• Handling, holding, assessing, correcting
as no surprise at all.
and destroying information all requires clear policies and procedures.
This is not to say that privacy and data
• Direct marketing, cross border and cloud
retention changes have made no difference
data also require policies and protections.
whatsoever in the enhancement of business
• Investigations are onerous and civil pen-
security protocols. It is undeniable that
alties apply in Australia: $220,000 for
most companies have strengthened (or
individuals and $1.1m for businesses.
at least thought about) their protections against external threats such as viruses,
Privacy Awareness Week, an initiative of the
malicious users and malware.
Asia Pacific Privacy Authorities forum — to which federal and state regulators in Australia
But alarmingly, 73% of the incidents were
and New Zealand are all signatories — pro-
attributed to employees, ex-employees,
vided an ideal opportunity for everyone to
contractors and partners — insiders. This
consider privacy. The Week emphasised the
is a sharp increase from the previous year,
need for organisations to embed privacy
where only 58% of IT or security incidents
practices into business-as-usual processes,
were found to be caused by workers.
and for individuals to think about how to protect privacy in their everyday lives. It is
Julie Mills, CEO, Information Technology Contract & Recruitment Association
What this reveals is that companies are
worth noting that 1 in 10 Australians have
neglecting to treat the biggest security
reported misuse of personal information —
threat to their business processes: ig-
unfortunately technology is the enabler, so
norance. Most of these workers are not
there is a heightened responsibility for all
acting maliciously, or intending to cause
of us to be diligent.
any problems. Rather, they are people who
36
ITCRA
aren’t entirely clear about: which kind of
The figures I’ve quoted indicate communica-
confidential information can be kept and
tion to business still has a long way to go.
IT Conference Calendar Converged South East Asia 2015 16–17 September 2015 (Singapore) Regional data centre event for the AsiaPacific, held during Singapore Datacentre Week. dcdconverged.com/conferences/se-asia CMO+CIO Summit Sydney 2015 16 September 2015 (Sydney) Identifying and mobilising the opportunities enabled by digital technologies to win and retain customers. forr.com/cmocio15au Digital Identity 2015 22–23 September 2015 (Royce Hotel, Melbourne) Get the tools to develop strategies that effectively verify the digital identity of customers, improve compliance and customer experience, and safeguard consumer and organisational privacy. digital-identity.com.au
Australian Internet Governance Forum (auIGF) 2015 6–7 October 2015 (Park Hyatt, Melbourne) For community groups, industry leaders, government representatives, academics, students and the media — to discuss how the internet is shaping Australian society. igf.org.au VForum 2015 21–22 October 2015 For IT professionals or business owners who want to gain insights into major opportunities for industry and commerce, as well as learn about new developments for competitive advantage. info.vmware.com/content/APAC_ANZ_ vForum Gartner Symposium/ITxpo 2015 26–29 October 2015 (Gold Coast Convention & Exhibition Centre) Delivering the strategies, insights and tools
you’ll need to lead the next generation of IT and achieve business outcomes. gartner.com/technology/symposium/goldcoast/ Reimagination Thought Leaders Summit 17 November 2015 (The Star, Sydney) Forum that converges experts and digital disrupters from business, government, education and research sectors. reimagination.acs.org.au Comms Connect Melbourne 2015 1–3 December 2015 (Melbourne Convention and Exhibition Centre) National conference and exhibition delivering vital information for missionand business-critical communications users and industry. comms-connect.com.au
37
BEST OF THE WEB www.technologydecisions.com.au
Image courtesy of Got Credit under CC
A safer online Australia Dylan Bushell-Embling
38
Cisco has advised the government to create a national cybersecurity strategy that is aimed at making Australia the safest online place to do business, and that encourages partnerships and information sharing between the public and private sectors. The company gave the recommendations in its response to the Australian Government Cyber Security Review, announced by Tony Abbott in November. Cisco was selected to give input into the 2015 review. The company’s prepared response states that there is an urgent need to make cybersecurity one of Australia’s top national priorities. The top cyber challenge for Australia is the increasing frequency of beaches, crimes and disruptive attacks that are causing harm to the economy and society, the response states. Globally, national losses from cybersecurity breaches are estimated to be as high as 1% of GDP. For Australia, this translates to an impact of up to $17 billion per year. Australia, like countries worldwide, is also grappling with a shortage of cybersecurity professionals. In Australia, most organisations do not have the people or systems needed to continually monitor networks for cyberthreats and infiltrations. In this context Cisco has called on the government to develop a national cybersecurity strategy that recognises the link between national security and economic prosperity. The strategy should involve a mutually invested partnership between government, public and private entities, Cisco said. A strategy should encourage both public and private organisations to invest in improving Australia’s cybersecurity capabilities, and seek to ensure that Australian citizens are as well versed in cybersecurity issues as they are in maths or English. To meet the goal of ensuring Australia is the safest place to do business online, Cisco recommends targets including having the world’s cleanest (least infected by malware) cyber infrastructure, the strongest penalties for cybercrimes, as well as measures to foster accountability on board members and CEOs. The national cybersecurity strategy should have a 10-year outlook and a 20-year view for skill building, but should also be reviewed every one or two years, the company said. It must take a bipartisan approach that allows a coherent strategy to be implemented beyond election cycles. Cisco has suggested formalising the roles for all stakeholders within the new Australian Cyber Security Centre (ACSC), which includes the AFP, CERT Australia and intelligence agencies ASIO, the ASD and
the DIO. Work also needs to be done to ensure that the centre has a greater influence on the Australian states, the response says. The ACSC recently published its first unclassified security threat report, indicating that the threat to Australia’s critical systems is growing. Cisco also recommends Australia set up a network of interlinked cybersecurity centres of excellence, focusing on economically vital market sectors including resources, agriculture, health and financial services, as well as SMEs, start-ups and incubators. To ensure greater information sharing between the public and private sectors, Cisco is encouraging a regulatory framework that offers protection from or is compliant with privacy, data protection and corporate supporting requirements. Efforts should also include support for machine-speed information sharing systems. Cisco is also calling for appropriate incentives for investing in security research and development, including the formation of incubators for security start-ups. Finally, to address the skills shortage and help improve education and training, Cisco suggests initiatives including a program that maps skills and is accountable for hiring, education and training. The initiatives must take the view that cybersecurity should be as fundamental to education as maths or English, and should extend beyond traditional IT-related higher education courses into nontraditional streams including law and business. “Australia has acknowledged the link between national security and economic prosperity by establishing cybersecurity as a top national priority, which requires the necessary attention and support to ensure the nation is ready for the next wave of digital enablement,” Cisco Chief Security and Trust Officer John Stewart said. “By placing cybersecurity at the forefront of the nation’s agenda, the right policies are able to be developed and implemented to effectively address the challenges and future advances in technology.”
SERIES
5
Conferences and exhibitions for critical communications users and industry
Melbourne – The Main Event 1–3 December 2015 Melbourne hosts the national conference and exhibition – the main event in the Comms Connect calendar. If you attend only one Comms Connect event each year, Melbourne offers the greatest breadth and depth of technology, access to expertise and networking opportunities. • • • •
exhibition covering 3000+m2 1200+ attendees 90+ exhibitors 75+ expert speakers and panel members
• ARCIA annual gala dinner – 600+ attendees The 2015 conference program will be published in August.
New in 2015 – the Capital City Conference Series Working even closer with ARCIA in 2015, Comms Connect brings you the Capital City Conference Series. One-day, streamlined conferences for the time poor and those unable to attend the two- and three-day events. Purely educational, with no exhibition, these new initiatives run in conjunction with ARCIA’s Industry Networking Dinners. Next Instalment: Adelaide – 23 September, National Wine Centre Melbourne Sponsors Platinum
Gold
Silver
In association with
Media Partner
Digital Partner
Delegate Bag Sponsor
Supporting associations & media organisations
www.comms-connect.com.au
Cutting your losses with a unified work communications solution
C
unningham Lindsey is one of the largest loss adjusting
“I wanted to be assured that the supplier selected could deliver
and claims management companies in the world. The
a true partnership arrangement. We chose Enablis as they genuinely
business demands high-quality communications and
took the time to understand the needs of our business. You could
the ability to quickly get teams up and running in
see their solution was customised for us and alleviated numerous
parts of the country which have often suffered significant damage.
challenges. Their recommendations were sensible and looked right
Regardless of size, scope and location, response teams must manage
for us,” said Kable.
loss adjustment and claim management quickly and efficiently.
Enablis was able to remove the headaches of a disjointed
The company was faced with numerous challenges including:
communications estate and introduce its comUnity platform.
very lean IT; ageing national PABX and phone systems; myriad
Cunningham Lindsey was able to streamline efficiencies with an
suppliers for numerous support touch points; multiple contracts
optimised data infrastructure while significantly reducing operational
and vendors; and a network that wouldn’t meet the demands of
costs, and improving bandwidth capabilities. “The ability to deliver
the company’s growing customer base.
greater bandwidth has laid the foundation for significant system improvements nationwide,” said Kable. Enablis paired its data service with comUnity Voice, providing Cunningham Lindsey with a standard user interface for voice and collaboration tools across the organisation. In addition to highdefinition voice, comUnity Voice has built-in disaster recovery, which was an important consideration for Cunningham Lindsey. “We chose this system as we needed something robust and reliable, but still had flexibility to handle future growth. By replacing our legacy phone systems with IP telephone handsets and video phones, we were able to have a unified communications system, which has already increased staff productivity and engagement,” said Kable. “Enablis were able to demonstrate how they could add more value to our business,” added Kable. “They showed how we could achieve further cost reductions and improve productivity using collaboration tools, with state-of-the-art videoconferencing capabilities. They also showed how they could securely deliver Wi-Fi.
40
“The difficulty of managing numerous systems, contracts and
All of the services are closely monitored through Enablis’s
vendors, and over 40 PABXs across the country, meant our IT team
comUnity View platform, enabling Cunningham Lindsey the ability
was often distracted firefighting issues as opposed to focusing on the
to view, control and manage the communication estate from one
activities aimed at meeting client requirements. We had numerous
convenient portal.
single points of failure and if one element was overlooked, the
“Enablis lent us a Wi-Fi unit to trial during the Queensland
results could be disastrous,” said Brian Kable, national IT manager.
floods. The impact of the floods brought logistical issues, but with
Cunningham Lindsey sought a single supplier who could
this device, these were minimised, if not completely removed,” said
provide an end-to-end managed service that would deliver key
Kable. “Our response team was able to connect to the network
benefits including reducing the number of failure points across the
and start processing almost immediately. Helping us achieve a
business, provision of a national phone system and an improved
significant competitive advantage and level of service proved that
WAN that offered greater data capacity and quality, creating cost
Enablis understood our business so we rolled comUnity Wi-Fi out
reductions.
to all offices. The difference has been amazing.”
OFF THE
CUFF
T
Identity management in the age of the customer
he ‘age of the customer’ is really
thousand users — typically just employ-
the age of the internet, where
ees and partners. Companies looking to
customers have learned that they
support innovative services for customers
no longer need to settle. Instead,
can leverage identity relationship manage-
they can now go online to seek — and
ment (IRM) platforms instead. These can
likely find — exactly what they are look-
instantly support multiple devices, react
ing for, exactly when they want it. This
to context and scale up to accommodate
unprecedented competitive pressure is
millions of users at a time — without
driving the pace of business innovation
any performance degradation or service
faster than ever before.
disruption.
Car companies are adding telemetric fea-
Today’s IRM can link devices and new
tures, and retailers and service providers
mobile and social apps to a single security
are dreaming up new perks and services to
platform that enables identity synchro-
shore up loyalty. Banks too are scrambling
nisation and single sign-on (SSO). But
over each other to offer the latest mobile
today’s SSO isn’t a simple yes/no. Multiple
app, and are looking more broadly at how
factors should determine whether or not
technology can maximise client value and
a user gets access and, if so, how much
streamline operations.
and to what.
But one huge hurdle in this headlong race
Contextual intelligence and awareness add
to innovate is how to connect customer
value to digital services. For example, with
and citizen identities to these offerings.
the Toyota in-car portal, the system ‘knows’
It is a paradox of openness and restric-
which car and which driver is accessing
tion. On the one hand, organisations
the Toyota platform and where they are.
need to provide easy, seamless access
This enables the system to recommend
across platforms and services such as
petrol stations, find a parking spot and
the cloud, mobile devices, customer
offer real-time traffic information and
portals, social platforms and the web.
automatic re-routing.
On the other hand, they must protect customer security and ensure that cus-
The winners and losers in today’s digital
tomers get exactly — and only — what
world will be determined by how they
they pay for. Businesses must reassess
approach the issue of identity as they
their approach to identity management in
develop new offerings. Those that utilise
order to prosper in this new, fast-paced
the right identity platform can quickly
environment.
respond to the needs of their business, reinventing themselves to roll out new
42
Traditional identity and access manage-
services to any device or thing more
ment (IAM) tools enable or deny access
quickly than their competitors — and to
based on a few criteria, and only for a few
seize a distinct advantage in the market.
Sumal Karunanayake has worked in enterprise software since the 1990s. Prior to ForgeRock he spent five years at CA Technologies, where he led the market entry for Nimsoft and grew the business significantly prior to integrating Nimsoft into CA’s mainstream business. He was also a founding member of NetSuite internationally and ran EMEA Sales for NetSuite through its IPO.
>> $60.00*
SUBSCRIBE
a year
(non-IT professionals) to Technology Decisions and you will pay * within Australia. Please apply for International rates.
QUALIFY
>>> FREE
for Technology Decisions and we will deliver you 6 information-packed editions FREE.
all year
The magazine is available FREE to IT and business professionals. Go to the website now and complete the simple registration form. w w w. t e c h n o l o g y d e c i s i o n s . c o m . a u / s u b s c r i b e You can choose to receive the print magazine and/or the eMag. To ensure you are updated with key information between issues, sign up for the twice weekly eNewsletter too!
A.B.N. 22 152 305 336 www.westwick-farrow.com.au
Head Office: Cnr Fox Valley Road & Kiogle Street (Locked Bag 1289), Wahroonga 2076 Australia Ph +61 2 9487 2700 Fax +61 2 9489 1265
Editor Jonathan Nally jonathan@technologydecisions.com.au
Circulation Manager Sue Lavery circulation@westwick-farrow.com.au
Chief Editor Janette Woodhouse jwoodhouse@westwick-farrow.com.au
Copy Control Mitchie Mullins copy@westwick-farrow.com.au
Publisher Geoff Hird ghird@westwick-farrow.com.au
Advertising Sales Liz Wilson Ph 0403 528 558 lwilson@westwick-farrow.com.au
Associate Publisher Glenn Silburn gsilburn@westwick-farrow.com.au
Mike Woodcock Ph 0411 969 248 mwoodcock@westwick-farrow.com.au
Art Director/Production Manager Julie Wright jwright@westwick-farrow.com.au Art/Production Tanya Barac, Colleen Sam Print Post Approved PP 100009359 ISSN 2201 - 148X
Salim Charania Ph 0421 116 421 scharania@westwick-farrow.com.au Glenn Silburn Ph 0422 931 499 gsilburn@westwick-farrow.com.au Asia Lachlan Rainey Ph +61 (0) 402 157 167 lrainey@westwick-farrow.com.au
If you have any queries regarding our privacy policy please email privacy@westwick-farrow.com.au
March 2015 Total CAB Audited Circulation 5,042 All material published in this magazine is published in good faith and every care is taken to accurately relay information provided to us. Readers are advised by the publishers to ensure that all necessary safety devices and precautions are installed and safe working procedures adopted before the use of any equipment found or purchased through the information we provide. Further, all performance criteria was provided by the representative company concerned and any dispute should be referred to them. Information indicating that products are made in Australia or New Zealand is supplied by the source company. Westwick-Farrow Pty Ltd does not quantify the amount of local content or the accuracy of the statement made by the source.
Printed and bound by SOS Print+Media Group
w w w . t e c h n o l o g y d e c i s i o n s . c o m . a u