Industry news

Every organisation faces one challenge to their IT security position–the user. It doesn’t matter how much security training and advice a person is given-if they want, and can, do something then they will. Unfortunately, a user with admin rights–wittingly or unwittingly–is akin to a loose cannon. You just don’t know when or where they’re going to strike, and the results can be devastating. And once a problem occurs it all too often turns into a downward spiral that can bring down your reputation and your business.

This article outlines 10 logical reasons why every organisation should develop a policy of least privilege.

Reason 1: Minimise Risk

In a business environment you really need security decisions to be made by IT, governed by business requirements, when it comes to the desktop. Many users don’t understand the implications of configuration changes, such as files within the Windows folder and protected parts of the registry. If these are altered – either accidentally or maliciously, it can make the system unstable and increases the risk of data leakage.

Simply, if IT doesn’t know what applications and changes users have made or installed, then they can’t be sure that sensitive data isn’t being redirected into the hands of an unknown third party.

Reason 2: Improve End-User Experience

Security is often seen as preventing users from doing something, but that doesn’t have to be the case. Instead, by adopting a well planned and implemented least privilege policy, you can actually improve the user experience.

Following the example of devices like the iPad and Android Smartphones, which operate in a curated environment, organisations can catalogue a portfolio of programs and applications that are needed, and can be supported. Doing so will help track changes to the system and keep the core system configuration secure.

When users make system-level changes, they can weaken the endpoint or introduce application clashes which can have serious consequences. It also makes it harder to support the enterprise as, if a problem does crop up, IT often get a nasty surprise.

Reason 3 : Move to a Managed Environment

By locking down machines, so that users can only change their desktop configuration and not the core system, you can save time and money – by reducing support costs, lost productivity from network downtime, and the expense of data breach management.

However, to make sure that this facilitates and not hinders the enterprise, thought needs to be given to how the environment will be managed moving forwards. Software distribution, and patch management, at the simplest level could be through Group Policy Software Installation or perhaps System Centre Configuration Manager.

Reason 4: Reduce Support Costs

It’s a fact that secure and managed systems are cheaper to support. This turns security from an initial expense into an enabler.

The public sector is suffering from a lack of effective monitoring and accountability. The government are at risk of exacerbating the problem with the failure to adopt open reporting on public sector IT projects.

Whitehall had originally planned to release a series of ‘gateway’ reports, detailing the progress of major public sector IT projects. This would co-inside with the creation of a supplier blacklist which would be implemented to encourage companies to meet high standards.

The gate way reviews act as independent reports on large scale projects, that require approval from the Treasury. Francis Maude, the compliance Cabinet Office minister, had originally planned to publish the reports, which are currently kept secret, in order to promote responsibility and control.

The recent revelation of the governments backtracking on regular IT project reports represents a dangerous precedent and risks the return of unregulated spending on ineffective projects such as ID cards and the UK border force.

Maude went back on his promise, reportedly after senior civil servants complained, fearing that such accountability could damage their reputation if they became linked with failed IT projects.

The government have made significant savings from increasing IT efficiency and carrying out cost cutting. In backtracking on public accountability, reportedly in favour of protecting civil servants linked to failed projects, the government are risking the health of public sector IT operations.

Both suppliers and users must be made to be held accountable for the success of projects. It could be argued that the damage done to civil service members from public exposure to failed projects is justified. In failing to abide by this key practice of contract management, Whitehall are harming the prospects of government IT projects

Paul Tooth, General Manager of HR and Payroll at Sage UK advises how people are the beating heart of business

The economic downturn over the past few years has presented new challenges to businesses, having a lasting impact on the way organisations structure and manage their internal operations. Yet whilst the challenging environment has naturally impacted revenues, margins and cash flow, the positive news is that it has also turned the spotlight onto the importance of managing talent and fostering employee engagement. Now more than ever organisations are increasingly placing people, rather than simply products or processes, at the heart of their operations.

With products and services coming to market faster than ever before, both technology and economies of scale have been widely exploited by firms as areas of differentiation. Yet in a commoditised and competitive market, relying solely on product USPs and feature sets is a short-sighted source of competitive advantage. Businesses are placing increased importance the role that human talent plays in facilitating long-term business success. After all, people are the lifeblood of any organisation. A company comprised of talented individuals who are highly motivated to give their best, inevitably leads to tangible benefits for both the employer and the individual. Firms are now acknowledging the benefit of having a healthy, engaged workforce to thrive in today’s competitive business landscape.

People Potential

Nurturing talent and maximising staff welfare has fast become a ‘hot topic’ for all organisations, with many looking to improve internal collaboration, better manage their processes and boost morale amongst their workforce. Yet it’s a fallacy that talent management is simply about focusing on the ‘best’ people within an organisation. This approach appears to suggest there are people in the organisation that should not be considered talented. A more holistic view sees talent management as a process that encompasses every stage of an individual’s relationship with their employer, with the aim of helping every employee achieve their full potential. It’s about getting to know your employees and their need and wants in order to get the best from them. Ultimately, talented employees are attracted to organisations that demonstrate they care about an individual’s development and can match their career goals, so it’s those businesses that provide clear progression and talent management that are seen as god places to work and most likely to prosper.

Success in attracting and retaining the ‘Millenial’ generation for example will come from innovative development and reward packages that are tailored to general trends in attitudes and values. With many ‘Generation Y’ employees driven by a desire to create a lifestyle and career path that suits them - rather than trying to fit their life around the organisation for which they work - employers need to be in the position to offer more than just a job. Organisational ethics, corporate social responsibility and providing clear progression opportunities are all of interest to employees, particularly when it comes to attracting Generation Y employees who bring with them a whole new set of expectations and demands.

Managing Leadership Talent

An effective talent management strategy should always aim to identify and nurture those individuals with unique potential within an organisation. Talent management and succession planning should go hand in hand as a proper strategy: it’s not only about looking at people for key roles, but also about spotting talent wherever it may exist.

Managing human talent is about setting employees on a journey that is designed to give them a range of experiences across the business and includes having a mentor or coach to guide them on that journey. As an example of this in practice, Sage has created its own leadership journey comprising of three levels. The first, referred to as Aspire, is about giving people the tools to do the job they are currently in. This is followed by Enable, a week long course that focuses on developing the leadership skills of the individual, and finally Inspire, which is the final preparation for taking on the responsibility of leadership. This strategy is designed to create a pipeline of internal talent that both assures people they are on a well-structured career-path and reduces the costs and risks associated with recruiting externally for strategic roles.

Looking forward

At Sage we’ve been encouraged to see businesses placing new emphasis on forging happier workers that, in turn, will translate to more efficient working practices company-wide. Scalable software that can manage an entire employee lifecycle, from candidate to leaver, supports this by helping to remove the administrative burden on HR but also enables more proactive decision making through better access to accurate and real time information. This can all provide intelligence that feeds into the overall talent management strategy of a business and will deliver long term benefit.

It is time for organisations to take action and focus their efforts toward re-evaluating HR and talent management processes and making the necessary investments to become more streamlined, improve employee engagement and cultivate talent. Making these changes today will not only improve competitiveness and provide the operational clarity required to maximise corporate performance, but will also help to retain talented employees and prepare the organisation to exploit future economic growth.

Bloomberg have reported that IBM has informally approached RIM regarding the purchase of its enterprise business division, citing two individuals familiar with the proposal.

If the report is accurate, it would see IBM acquire the division that currently operates RIM’s corporate email and messaging servers.

RIM has refused to confirm or deny reports of IBM’s approach, saying “RIM does not comment on rumour and speculation”, IBM also refused to comment on the report.

VanceInfo Technologies and HiSoft Technology International have merged, creating China’s largest outsourcing company based on revenue.

The move saw the share prices of both companies fall as the markets reacted to the merger. VanceInfo saw its share listing fall by as much as 13 percent while hiSoft dropped 7 percent.

Despite the early fall in share prices, the combined company is expected to report revenue this year of $670 million.

BMT Defence Services and IPL, who already provide IT services to the Ministry of Defence, have been selected to provide information management systems.

The management contract is designed to "address known technical update requirements, resolve legacy issues and improve usability for all users across the operation”, according to the MoD.

The two companies will partner together to deliver the services, which is expected to drive down development cost and reduce reliance on long term support.

New IT and BPO outsourcing contracts dropped from 516 to 411 in the second quarter of 2012, according to research firm Everest.

The reduction in new contracts by 20 percent has been blamed on the economic crisis in Europe and uncertainty surrounding its future impact. The run-up to the US presidential elections has also seen US based companies look to distance themselves from the practice, with outsourcing linked negatively to off-shoring.

Practice director for global sourcing at Everest Group, Salil Dani, said: "The market is growing, but the pace of growth is slowing down".

G4S who failed to deliverer on its Olympic security outsourcing contract, have donated £2.5 million to the armed forces, who were drafted in to cover the gap in security.

The donation by the global security firm will be divided between the armed services, welfare organisations and sports groups.

A G4S spokesman commented that: "We wanted to recognise the huge contribution made by the military after it became clear that there would be shortfall in workforce delivery.”

Microsoft and the New York Police Department have joined together to develop a crime and counter-terrorism prevention system.

The system Domain Awareness System (DAS) will include smart cameras and license plate readers and will be able to relay information to the NYPD surrounding suspicious vehicles and packages. DAS will also include real time access to video feeds, records, and call logs.

New York city mayor Michael Bloomberg, said “we are finding new ways to leverage already existing cameras, crime data, and other tools to support the work of our investigators, making it easier for them to determine if a crime is part of an ongoing pattern, and will allow the NYPD to better deploy its officers".

The system has raised concern from privacy groups regarding the wide-sweeping nature of data collection by police and the involvement of a private corporation.

CSC CEO Mike Lawrie, has said that the company is making progress with the NHS, saying: “We made good progress with NHS. We're continuing to work with NHS”.

While Mr Lawrie was positive about on-going negotiations with CSC regarding the failed Lorenzo project, he failed to announce if an agreement had been reached regarding the National Programme for IT (NPfIT).

CSC have currently delivered management software to three trusts in the UK, contract negotiations regarding the programme are set to be resolved this month, with a deadline set for the end of August.