Janco Associates, Inc.

Mobile device policy focus is both security and productivity

Webmaster — Sat, 12 May 2012 17:42:48 -0600

The business operating environment is rapidly and drastically changing. There is an increasing demand for mobile solutions to streamline productivity and get data closer to the end user. In services and sales functions, employees are required to travel heavily or are frequently away from a fixed office gain significant productivity and levels of efficiency with the use of mobile devices such as smartphones and tablets.

Data security concerns must be addressed and a mobile device policy clearly defined to minimize liability and loss.That is where the Mobile Device policy comes into play

Employment Picture for IT Professionals is Not Improving

Webmaster — Fri, 04 May 2012 09:43:53 -0600

A net gain of 6,600 seasonally adjusted IT jobs in April only 20,600 jobs added in the last 3 months more job seekers have stopped looking for jobs with the participation percentage being the lowest it has been since 1980 not a recipe for bright short term future

Janco has found that market for IT Professionals continues to struggle. IT reflects the malaise of the US economy and added only 6,600 jobs in April while the total job market increased by only 115,000 which is well below the number of new jobs needed to drive a strong recovery. In addition, the number of individuals leaving the job market continues to increase with a participation rate falling to 63.6% -- the lowest it has been since 1980. In California the overall unemployment number is 11% and Nevada tops state unemployment at 12%. Janco has found that national unemployment rates have a direct impact on the confidence and ability of CIOs to implement new initiatives and expand their staffs.

Salaries inch up while work increases

Webmaster — Sat, 28 Apr 2012 07:43:52 -0600

The bad news is that tech professionals are working hard for every penny they bring home -- so hard that in many cases the extra workload outweighs the small boost in pay.

For the second year in a row, salaries and total compensation for IT professionals have inched up. According to Janco's and Computerworld's Salary Survey 2012, average salaries increased modestly this year.

Hiring is also up, with 87 percent of hiring managers who responded to the survey saying that they expect IT staff head count to increase in the next 12 months or remain the same. Only 25 percent of the total respondents reported hiring freezes, compared with 39 percent last year. And other negative indicators, such as salary freezes, budget cuts and layoffs, are all in retreat.

IT, it seems, is finally on the road to recovery. Workers even seem to feel better about the economy: Only 19 percent listed it as a challenge in the latest survey, compared to 28 percent the prior year.

BYOD Policy meets CIO's compliance and security requirements

Webmaster — Wed, 25 Apr 2012 05:04:47 -0600

BYOD has taken off leaving many CIOs struggling to find the right technologies to cope with the radical changes to compliance and security models that BYOD entails. In the rush, many CIOs have not managed to update their policies to reflect BYOD issues, which may mean advising users of their new responsibilities and support limitations, as well as security and privacy measures.

The BYOD policy template does just that.

BYOD include consumer smartphones and tablets which are making their way into your organization. Going mobile makes employees happier and more productive, but its also risky. How can you say 'yes' to a BYOD choice and still safeguard your corporate data, shield your network from mobile threats, and maintain policy compliance?

Outsourcing to Strip More Job From IT and Finance

Webmaster — Mon, 09 Apr 2012 15:41:47 -0600

Corporations in the U.S. and Europe will move an additional 750,000 jobs in IT, finance and other business services to India and other low-cost countries by 2016, according to a new report.

The study notes that levels of additional offshoring in these areas will begin to decline by 2014, and in the next eight to 10 years, the flow of jobs offshore is likely to cease, as companies simply run out of business services jobs suitable for moving to low-cost countries.

By 2016, a total of 2.3 million jobs in finance, IT, procurement and human resources will have moved offshore. This represents about a third of all jobs in these areas. India is by far the most popular destination, with nearly 40 percent of the jobs that are sent offshore headed there.

The report also said that additional offshoring levels in business services, which are currently at around 150,000 new jobs each year, leveling off or declining after 2014. The research also found that of the 5.1 million business services jobs remaining onshore at U.S. and European companies in 2012, only about 1.8 million have the potential to be transferred offshore, with 750,000 of those moving by 2016. So by the end of the next eight to 10 years, the traditional model of lifting and shifting work out of Western economies into low-cost regions will cease to be a major factor behind business services job losses in the United States and Europe.

Password reset process - best practices

Webmaster — Wed, 04 Apr 2012 05:44:00 -0600

A survey showed that one-third of support centers reported that more than 30% of their tickets were related to password resets -- despite the fact that 69% of survey respondents allow customers to reset at least some of their passwords without help from the help desk.

That one firm that says one of his clients had 25% of its calls related to password resets -- even though the firm had a self-service option available.

The problem, as it is in many places, was getting users to actually help themselves. Help desks often don't do enough to educate users that self-help options are available or don't make them easy to use.

People always look for the path of least resistance. If a phone call to the help desk is the easiest, quickest way to resolve the problem, that's what they'll do.

To cut down on the volume of password-reset calls help desk managers should do better marketing on their password reset function.

Other help desk supervisors who have successfully cut down these kinds of calls say automated voice systems, which walk callers through the self-service option, can also be effective.

Safety Program Electronic Forms Added to DR/BC

Webmaster — Sun, 01 Apr 2012 17:11:54 -0600

Janco Associates has just released version 7.2 of its popular Disaster Recovery Business Continuity Template. Included with this update are eight electronic forms which are needed by any organization that is going through a recovery process who want to maximize the safety of those involved in the process. The CEO of Janco Victor Janulaitis said, "We have found that it is much easier and less costly to use electronic forms which can be emailed, filled out on a computer or tablet, and filed electronically than using traditional paper forms." In addition, "This also paves the way to a very green solution which utilizes technology to reduce the overhead of keeping DR/BC plans current." He added, "This is the fourth update of the template in the last year. We continue to update all of our products to meet both management requests and mandated requirements."

Safety Program Forms

Area Safety Inspection
Employee Job Hazard Analysis
First Report of Injury
Inspection Checklist - Alternative Locations
Inspection Checklist - Office Locations
New Employee Safety Checklist
Safety Program Contact List
Training Record

Using the Cloud in a Disaster Business Continuity Plan

Webmaster — Wed, 21 Mar 2012 12:08:26 -0600

Disaster recovery in the cloud is a current topic of discussion among many CIOs and CEOs. There are risks and issues that need to be clearly understood before a workable disaster recovery and business continuity plan can be successfully implemented.

Compliance with mandate requirements and security are paramount. Questions that need to be addressed are:

How securely is data transferred and stored in the cloud?
What are the processes used to authenticate users?
What controls are in place to prevent, detect, and correct security breaches?
Are complex passwords used and what type of secondary authorization is used for authentication?
How will these be impacted in various levels of severity of an event?
Does the cloud provider meet regulatory requirements?
How does the cloud provider guarantee the security of your data?

Then there is the issue of how you get to the cloud before the event to execute the necessary backup followed by how the cloud is accessed during the recovery process.

Is there sufficient quality bandwidth in place to complete the necessary backups?
How long will the restore take from the cloud to the recovery or business continuity facility?
How do you implement a tiered approach to restore critical data and applications with the cloud solution?

BYOD Policy Released by Janco

Webmaster — Fri, 09 Mar 2012 02:18:05 -0600

Bring Your Own Device Policy Released with Electronic Form

Includes an electronic form for employee agreement to the terms of access and use of enterprise data with a device that is owned by the user

With the advent of user owned device and the ever increasing mandated requirements for record retention and security CIO are challenged to manage in an ever more complex and changing environment.

Janco, in concert with a number of world class enterprises had created a policy address these issues and provides solutions for the following questions:

What are the legal implication - What is the impact of the Stored Communication Act - Record Retention and Destruction?
What happens to the data and audit trail when an employee leaves the company?
What about lost or stolen devices?
How is a device configured to receive and transmit corporate data?
What kind of passwords are acceptable to use?
What kind of encryption standards are acceptable?
What types of devices are allowed and what types are not?
What about jail broken, rooted or compromised devices?

Are CIOs going to increase hiring?

Webmaster — Fri, 09 Mar 2012 01:22:25 -0600

CIOs plan increased hiring in the second quarter, though not at the pace of the first quarter, according to the results of a new survey.

One national recruiting firm that conducts quarterly surveys of CIOs, said Wednesday that 8 percent of the 1,400 CIOs it interviewed by telephone this quarter plan to expand their IT departments in the second quarter, while 5 percent expect cutbacks.

Cloud computing and outsourcing risks

Webmaster — Thu, 01 Mar 2012 07:43:50 -0600

Cloud and outsourcing may reduce costs but by introducing new layers of complexity and security risks.
Cloud and outsourcing are not a magic bullet that provides a type of computing infrastructure that is guarded by service providers who secure the data and implement solution to address all compliance issues.

The reality is that cloud and outsourcing are full of choices. At one end is limited effort, in which the company retains responsibility for most computer security, including configuring server operating systems and the data center firewall - but not the physical security of the cloud data center itself. The IT department must secure all applications and databases, oversee security patch management, and be prepared for all forms of cyber-attacks and incident responses.

Cloud computing and outsourcing contracts must clearly state service level commitments and provider security obligations and responsibilities. Areas that need to be included in the contract include:

Phishing attacks - whereby an attacker sends an infected email to employees -bypass most forms of perimeter security. The best way to thwart such attacks is via user education and good incident-response escalation policies.
SQL injection attacks - whereby an attacker attempts to gain rights to a server by injecting code into an application running on that server - can be prevented by writing good application code and testing its security, which is not normally part of a cloud outsourcing contract.

The Practical Guided for Cloud Outsourcing Template includes -- Sample Cloud Outsourcing Contract along with a Service Level Agreement and other tools to facilitate the cloud outsourcing process. The template includes Janco's exclusive Business and IT Impact Questionnaire.

Job mobility is limitied for new entrants in the IT job market

Webmaster — Wed, 29 Feb 2012 17:50:59 -0600

Many baby boomers who were hoping to retire are in no position to do so. Retirement plans were decimated by the .dot com bubble bust and the current recession. At the same time the housing market slump has made it next to impossible for these individuals to get their equity out of their homes. In addition, today's workers are struggling to pay their day-to-day expenses, so it's no surprise even fewer are successfully putting away money for the future.

Recent research shows that most 401-k planning professionals say employees aren't planning ahead and adequately preparing themselves financially for their retirement. Many don't save enough; others started saving too late. In general US workers Americans have not been saving and investing enough for retirement. Rising healthcare costs and dropping 401(k) balances have taken their toll. That combined with record levels of personal debt, high unemployment and low levels of personal savings, continue to paint a highly concerning picture of retirement readiness.

This is a bad omen for upward mobility. If no jobs are being created and existing senior employees not retiring, then opportunities will be limited for the up and coming generation of new IT professionals.

Security threats are on the rise

Webmaster — Fri, 24 Feb 2012 18:44:25 -0600

Security incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and enterprise critical data. CIOs, Data center operators, network administrators, and other IT professionals need to comprehend the basics of security in order to safely deploy and manage data and networks today.

Securing a typical business network and IT infrastructure demands an end-to-end approach and a firm grasp of vulnerabilities and associated protective measures. While such knowledge cannot stop all attempts at network incursion or system attack, it can empower IT professionals to eliminate certain general problems, greatly reduce potential damages, and quickly detect breaches. With the ever-increasing number and complexity of attacks, vigilant approaches to security in both large and small enterprises are a must.

Backup makes disaster recovery business continuity daunting

Webmaster — Sun, 19 Feb 2012 13:33:29 -0600

BC-DR is daunting, it requires offsite duplicate data, infrastructure, storage, systems, networks, floor space, rack space, cables, power, cooling, etc. Far too many organizations take a look at the cost and decide they just cant afford it. Per the Information Week Business Continuity Disaster Recovery published survey of the Global 2000 (681 respondents), 37% said they had no current BC-DR plan of which 68% of those said it was because it is too expensive and too complicated. The better question is whether they can afford not to have it. It has been proven that 95% of those organizations that failed to recover their data and systems within two weeks of a disaster were out of business within two years. This is not a pretty picture. Regrettably, the consequences of poor BC-DR preparedness will only come to light when there is a disaster. Up until then, it is a hypothetical risk. Unless an IT organization has experienced a disaster, they are far more likely to tolerate the incredible risk.

IT Hiring Up

Webmaster — Wed, 15 Feb 2012 07:26:11 -0600

Janco continues to monitor the IT employment picture and sees a mixed view of the IT job market. Janco has found that short term hiring for IT staff and consultants is up, however long term CIOs do not feel that hiring will improve significantly for until early in 2013. The CEO of Janco, Mr. Victor Janulaitis said, "In interviews of 110 in late January and early February of US based CIOs we found that most have a number of short term needs that need to be filled for additional staffing of a 'temporary' nature. CIOs are striving to keep the overall FTE (full time equivalent) headcounts level and do not project an increase within the next several months."

One of the bright spots during the past few years has been government employment. That seems to be coming to an end with the proposed 2013 federal budget. The current administration proposed a decrease in federal IT spending in 2013, the budget calls for spending $78.8 billion, a 1.2 percent decrease from 2012.

Janco's findings are validated by the latest BLS data which shows there was a net increase of IT jobs in January. All sectors of the IT job market showed an improvement - computer system design and related services accounted for 34,200 jobs, telecommunications 10,200 jobs, data processing hosting 2,200 jobs and other information services 900 jobs.

Janco is an international consulting firm that follows issues that concerns CIOs and CFOs and publishes a series of IT and business infrastructure HandiGuides® and Templates including a Disaster Recovery/Business Continuity Template, Security Template and IT Salary Survey.

Records Management Best Practices

Webmaster — Sun, 12 Feb 2012 18:59:47 -0600

Best practices for a good records management program include the following:

Creation and ongoing upkeep of a complete data map with a full accounting of all repositories, media and systems owned and controlled by the company.
Retention of data subject to any legal or contractual obligations for the appropriate length of time in the appropriate manner.
Retention of data with legitimate business value. Failure to retain and maintain access to useful data incurs litigation risk. On the other hand, retaining data that is not subject to any legal or contractual retention requirements can also be a liability, from both a monetary and litigation risk perspective.
Authenticated access to data by people and systems. People or systems access to data needs to include proper authentication measures to ensure all data access is predictable, controlled and auditable.
Tested and validated litigation hold procedures to ensure that any potentially responsive information is not deleted, overwritten or otherwise modified when a litigation or investigation occurs or is anticipated.
Tested and validated procedures for the ongoing disposal of remaining data that is not subject to any of the preceding statements.

Disaster recovery is more than data restoration

Webmaster — Sun, 12 Feb 2012 15:15:26 -0600

Any comprehensive disaster recovery and data protection strategy involves many considerations and contingencies. There are many things that can go wrong with your data, and CIOs need to be able to respond to each:

Accidental or malicious deletion of critical data: CIO need to have a solution that can quickly and easily restore individual files and folders. Restoring an entire system when you only need a single file is a waste of resources and typically is disruptive to operations.
Data that is lost or corrupted over a period of time: Not all data loss incidents are noticed immediately, as is often the case with virus and hacker attacks, or rolling database corruptions. CIOs need to have the ability to recover data from any previous point in time, and have recovery points as granular as possible to limit data loss.
Crashed disk: Recovering a disk volume is different than recovering a single file, but it should be done just as quickly, and with automation to help keep operational disruptions to a minimum.
Server failure: The ability to restore operations when replacing a broken server may be complicated by the need to install different drivers on the new system if the hardware is not an exact match. CIOs need to have the capability to temporarily move the application workload to a standby server(with different hardware) or to a virtual server while the system is being repaired or replaced.

Disaster recovery and business continuity still a struggle for many CIOs

Webmaster — Thu, 02 Feb 2012 17:27:57 -0600

Organizations of all sizes are struggling with getting some of the basics of disaster recovery and business continuity right. They still need support in obtaining executive buy-in, managing resources and implementing easy to use and reliable technology. To some extent, there is still a lack of best practices being provided by vendors, and many SMBs rely heavily on their channel partners to be their best practices advisors to help them make the right choices.

What has made the world more complex is the fact that organizations are now presented with three different platforms for their disaster recovery strategies: physical, virtual and cloud. Each platform has its own unique challenges and benefits. Some organizations will opt to keep purely physical, others will add virtualization while many will embrace all three.

Ultimately the success of any company's backup and DR is based on the availability of its systems and data and the impact that downtime has in terms of lost revenue and lost customers, regardless of the environment data and systems are held in. Using multiple different solutions to manage data across physical, virtual and cloud environments makes this process unnecessarily complicated and risks wasting valuable time and resources.

For most small to medium size businesses, a service's success is underpinned by its ability to deliver ease of use, cost effectiveness and flexibility, and by its ability to implement measures quickly enough to affect a near immediate positive impact. Both cloud services and virtualization can do this, so the future is bright. Managed in the right way, from one central, easy to use solution, they can offer businesses the ultimate backup and disaster recovery protection, ensuring that business continuity becomes easier to manage.

For IT managers, Janco encourages them to compare their backup and DR practices against their counterparts.

Mobile devices are the bane of many CIOs concerns

Webmaster — Fri, 27 Jan 2012 10:22:21 -0600

As more companies embrace the broad usage of individually-owned mobile devices for access to corporate applications and data, CIO are asked for guidance on the establishment of an associated device usage policy.

Every organization needs to identify and develop mobile security policies to be deployed which will provide adequate protection. The level of protection has to be aligned with the level of risk that your organization is willing to accept. These policies should ensure that the many regulatory or compliance concerns that might be applicable are addressed.

Only by a partnership of information technology (IT), human resource (HR), finance, and legal teams - working closely with your executive team and business unit managers - can determine the exact corporate liable and/or individual liable policy that best fits your company, meets its financial goals and objectives, and takes into account security, legal, regulatory, tax, or other requirements and considerations that may uniquely apply to your company and its operations.

Will IT spending increase in 2012

Webmaster — Sat, 14 Jan 2012 11:34:28 -0600

IT spending is expected to increase in 2012. After years of budgets crimped by the economy, there is significant pent-up demand at companies around the globe to drop some extra cash for the products and services theyve been waiting for to drive business forward. But weve heard this song before. One research fiorm that was bullish on IT spending last year, said that it could rise somewhat significantly in 2012, yet in its latest report the research firm acknowledges that its estimates might have been too optimistic. Global spending on IT spending will still be up, the company says, but dont expect it to rise too quickly.

Janco has found that consultants and contractors are starting to be hired again.

The salary survey is updated twice a year; once in January and then again in July. You can get a free copy of the full survey if you provide 10 valid data points and use a corporate email address. Free email accounts like gmail or yahoo do not qualify as we have no way to verify the accuracy of the data provided.

The report is updated twice a year, once in January and second time in July. The unemployment data on this page is updated at least once a month and is based on the Bureau of Labor Statistics data.

New Facts of Life For the CIO and IT Management

Webmaster — Sun, 08 Jan 2012 16:43:14 -0600

The world has changed and the CIO and IT managers need to face the new realities. They include:

iPhone and Tablet are here to stay
CIO and IT department no longer are in control of how technology is used by you enterprise
There will always be some downtime
Systems will not be 100% compliant all of the time
The cloud will not be the solution for all problems and will case new ones
There will never be enough capital and staff to get what needs to be completed done
The network has already been compromised
Social networking use risks all of your company's secrets
Users will always need your support even for technology that you have not implemented
IT will continue to be viewed as a service organization

Compliance Best Practices

Webmaster — Wed, 04 Jan 2012 08:48:49 -0600

Security compliance best practices include:

Combine written content, usage, and retention policies with a Hosted Managed Email Archiving Service to ensure an organization's ability to preserve, locate, and produce legally valid email evidence. Unmanaged email and other record management solutiond can trigger financial, productivity, and legal issues for your organization when it a finds itself in a workplace lawsuit. The cost and time required to produce subpoenaed email, retain legal counsel, secure expert witnesses, mount a legal battle, and cover jury awards and settlements is ver costly. Best practices call for a proactive approach to email and business records management.
Utilize a proven archiving technology to ensure forensic compliance. For example, by encrypting and archiving a copy of every business record and internal and external email sent or received and across the organization, a Hosted Managed Email Archiving Service solution guarantees that your email is secure and tamperproof. Nothing in your archive can be deleted or altered. Everything in your archive is legally compliant.
Ensure that financial data and related documents are effectively protected from malware, viruses, and other malicious intruders - and are preserved in a legally compliant manner in order to maximize SOX, GLBA, SEC, FINRA, and PCI DSS compliance. This includes having solutions in place to manage messaging threats and compling with regulatory requirements including Email Anti-Virus, Email Archiving, Email Continuity, and Email Content Control.
Meet HIPAA requirements by using formal policies, employee training, and technology including email
Archiving, Anti-Virus, Continuity, and Content Control Services to ensure compliant use of email to transmit and store HIPAA-regulated patient information.
Safeguard personal or sensitive data whose transmission falls under state encryption laws or other privacy acts by deploying proven solutions that are designed to effectively identify personal information in any electronic transmission and, if necessary, block or encrypt the transmission.
Reduce business and security risks associated with electronic communication by implementing a formal electronic communication policy that combines a written policy with employee training.

Where not to hide your password and user ids

Webmaster — Fri, 23 Dec 2011 15:40:48 -0600

With dozens of logins and passwords spread out across an equal number of sites and apps, it's no wonder the average user tends to forget them. Even with a tried and true system for generating memorable but complex passwords, the formula could easily fall apart if you just can't remember it.

So rather than continually clicking the "Forget Your Password?" help link, folks are readily hiding login information around their computer station.

And given that there's little variety in those secret locations, "hiding" might be a stretch. The most common locations where folks hide their login info are:

Under the keyboard
Under the phone
Under the mouse pad
On the monitor
In the top drawer
Under the desk

CIO Mission Defined

Webmaster — Wed, 14 Dec 2011 14:52:18 -0600

The CIO's mission is to find innovative ways to leverage the technology in place - or will be in place - to help grow the business and execute better. That is a fundamental shift because it requires the CIO to be much more of a business partner. At the same time with tight corporate budgets, the CIO is expected by the enterprise to make the right calls around acceptable risk and smart investment while still reducing overall IT costs.

The CIO is expected not only to provide the internal strategic focus in terms of the needs that exist within the business to support the mission of the company, but in many cases the CIO is asked to step up and be part of revenue generation for the company. It is more about understanding the business and the strategic goals of the business - how technology can be applied in a cost-effective way that helps move the business forward.

IT Loses 10,000 Jobs

Webmaster — Wed, 07 Dec 2011 08:39:13 -0600

IT sector lost 3,900 jobs, including 2,900 telecom positions

The struggling U.S. economy had something to cheer about Friday as the U.S. Labor Department reported a drop in the unemployment rate, but the IT sector isn't benefitting.

Unemployment in November fell from 9 percent to 8.6 percent, the Labor Department's Bureau of Labor Statistics (BLS) announced, and nonfarm payroll employment rose by 120,000. That's the lowest unemployment rate in 2 1/2 years since March 2009, according to The Washington Post.

The government noted improvements in such industries as retail trade, leisure and hospitality, professional and business services, and health care.

The IT sector wasn't so fortunate: It lost 3,900 jobs, including 2,900 telecom positions, Janco Associates announced, citing BLS statistics. The IT sector lost 5,100 jobs in October, according to Janco Associates.

Cost of data based fraud increases

Webmaster — Thu, 10 Nov 2011 18:23:31 -0600

Fraud cost organizations 2.1 percent of earnings in the past 12 months, which is equivalent to a week of revenues over the course of a year in a recent survey that polled more than 1,200 senior executives worldwide.

The study found a decline in the frequency of fraud over last year. Of the executives polled, 75 percent suffered some kind of fraud-related loss in the last 12 months, which is down from 88 percent the year prior.

However, fraud remains predominantly an inside job and insider jobs increased this year. The 2011 figures show that 60 percent of frauds are committed by insiders, up from 55 percent last year.

Keep in mind these are only the cases in which the perpetrator is known. And that translates into more concern among executives. Overall, fraud concerns among executives around the globe rose approximately 15 percent led by information theft and corruption and bribery. Half of all companies surveyed said they are moderately to highly vulnerable to information theft, up from 38 percent in 2010. IT complexity is the leading cause of increasing fraud exposure, cited by 36 percent of respondents compared with 28 percent last year.

Compared to just 10 years ago, more and more the value of a company is not contained in tangible things, it's contained in the company's ideas, and those ideas tend to live on information systems in the form of digital data. "

Indeed, information-based industries reported the highest incidence of theft of information and electronic data; including financial services (29 percent), technology, media and telecoms (29 percent), health care, pharmaceuticals and biotechnology (26 percent), and professional services (23 percent).

Roughly one in four companies were hit by physical theft of cash, assets and inventory or information theft, both down from 2010. Management conflict of interest (21 percent), vendor, supplier or procurement fraud (20 percent), and internal financial fraud (19 percent) all saw notable increases. The incidence of corruption and bribery nearly doubled over the past year from 10 to 19 percent.

The policies that Janco has created are a must have that every enterprise needs. They can all be accessed by going to the Policy Master Page or the individual policies can accessed directly by clicking on the links below.

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically. A totally solution that uses technology at its best.

CIO IT Infrastructure Policy PDF (All of the policies below which come as individual MS Word files)
Backup and Backup Retention Policy
Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
Incident Communication Plan Policy (Updated to include social networks as a communication path)
Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
Mobile Device Access and Use Policy
Outsourcing Policy
Record Management, Retention, and Destruction Policy
Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
Service Level Agreement (SLA) Policy Template with Metrics
Social Networking Policy
Telecommuting Policy
Travel and Off-Site Meeting Policy

CIOs are losing the contol battle with SmartPhones

Webmaster — Wed, 09 Nov 2011 16:59:50 -0600

Smartphones are now finally on the CIO agenda and, in fact, one of the most difficult topics: there are a variety of different platforms; employees are bringing their own phones to work; applications can compromise security; and the monthly costs are unpredictable.

With an increasing number of individually acquired smartphones, IT departments need to be defining their strategy for dealing with these devices. A process needs to be defined that is cost effective and helps CIOs manage the challenges of security, cost and IT control while balancing the needs of employees.

IT is losing control of smartphones and yet retaining all the accountability.

Other Individual Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format (WORD 2003 and WORD 2007) for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, PCI-DSS, and ISO compliant.

CIO IT Infrastructure Policy PDF (All of the policies below which come as individual MS Word files)
Backup and Backup Retention Policy
Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
Incident Communication Plan Policy (Updated to include social networks as a communication path)
Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
Mobile Device Access and Use Policy
Outsourcing Policy
Record Management, Retention, and Destruction Policy
Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
Service Level Agreement (SLA) Policy Template with Metrics
Social Networking Policy
Telecommuting Policy
Travel and Off-Site Meeting Policy

Remote sites put data at risk - Security Management top priority

Webmaster — Wed, 09 Nov 2011 08:52:29 -0600

As more employees telecommute and companies expand operations into new markets, the percentage of total corporate data in remote locations is increasing. Many companies may not be adequately protecting these assets.

Work-at-home offices, remote sites, and branch offices are increasingly at the front lines of business they have the closest contact with customers and business partners and therefore can have a dramatic impact on the success of the business. Analysts estimate that there are more than four million remote offices in the United States alone. Many of these offices run autonomously from headquarters and are responsible for managing their own operations including protecting and retaining the electronic information that they generate. Ignoring the protection and recovery needs of this remotely stored data is simply not an option.

Risks to data that need to be managed include:

User Error
Virus Attacks
Disk/Server Failure
Localized Disaster Events
Regional Power and Network Outages

What is required is a set of robust procedures to manage these issues

Backup and Backup Retention Policy
Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
Incident Communication Plan Policy (Updated to include social networks as a communication path)
Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
Mobile Device Access and Use Policy
Outsourcing Policy
Record Management, Retention, and Destruction Policy
Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
Service Level Agreement (SLA) Policy Template with Metrics
Social Networking Policy
Telecommuting Policy
Travel and Off-Site Meeting Policy

IT job market soft

Webmaster — Tue, 08 Nov 2011 17:45:08 -0600

The recruiting environment for tech professionals is not as good as it was earlier in the year according to Janco Associates, Inc.

Taking a look into recruiting priorities, hiring managers' top requests are for a Java/J2EE or Java developer, .NET or .NET developer, business analysis, Sharepoint or Sharepoint developers and project managers.

New York topped the list of metro areas with the greatest number of IT jobs. The Washington DC/Baltimore metro area placed second with Silicon Valley, Chicago and Los Angeles rounding out the top five.

Infrsructure gets more complex

Webmaster — Sat, 05 Nov 2011 16:34:27 -0600

It is not new news that information technology is evolving faster than CIOs can keep up. Over the last few years, the Internet has matured, infrastructure has advanced and a tangle of new challenges has emerged. Mobile technology -- including smartphones and tablets -- has changed everything, and the cloud is about to change everything even more. It is an exciting period, but one that is fraught with risks.

The opportunity to tap into technology and use it to achieve a competitive advantage has never been greater. The new physics of IT offers a wormhole to a place -- and a performance level -- that couldn't have been imagined only a few years ago. However, laggards increasingly find themselves staring into a black hole of Industrial-Age thinking and a hopelessly outdated network infrastructure. They can easily become shackled by inflexible systems that limit their ability to innovate.

The situation isn't going to get any easier in the months and years ahead. Employees and customers increasingly dictate which technologies will be used and how they will be applied in the workplace. Social media streams and advanced analytics continue to transform the way data, information and knowledge are collected, stored and put to use. Meanwhile, unified communications, virtualization and cloud computing are upending legacy business and IT models. And, if all this isnt enough to cause severe motion sickness, security and governance, risk management and compliance challenges continue to increase.

Failure of business continuity plan results in customer lawsuits

Webmaster — Fri, 28 Oct 2011 08:47:38 -0600

RIM is facing muliple lawsuits internationally over the BlackBerry services outage that hit users across the globe.

In a lawsuit filed with the Quebec Superior Court, a petitioner is looking to institute a class action on behalf of BlackBerry users affected by the outage. Petitioner contends that, despite the fact that the Respondent is responsible for BlackBerry users' loss of email, BBM, and/or Internet service for approximately one (1) and a half (1/2) days, it has not compensated consumers on a prorated basis for such loss of use," and, "...while knowing full well that BlackBerry users pay a monthly fee to their wireless service providers for data services and that they were deprived thereof." The lawsuit demands compensation for economic damages. Additionally, it claims that RIM's offer of free apps does not properly compensate BlackBerry users who have paid for services that they were unable to use.
A man in California has filed a class-action lawsuit on behalf of all BlackBerry owners in the United States, arguing that the loss of BlackBerry service translated directly into lost revenue.

As RIM wrestled to contain the original outage, RIM co-CEOs insisted on a conference call with reporters that the company would work to regain customers' trust following the incident.

RIM began offering free BlackBerry apps to ease customer pain. The initial apps included games such as Sims 3 and N.O.V.A., along with Photo Editor Ultimate, iSpeech Translator Pro and Shazam Encore. The company promised more to come; in addition, enterprise customers were apparently eligible to receive a month of free technical support, and "current customers" a complimentary "one-month extension of their existing Technical Support contract."

The outages smacked RIM at a turbulent moment, with the company undergoing what its executives refer to as a transition period. In the face of declining revenues, RIM is betting big on an upcoming generation of QNX-based superphones that will apparently offer hardware and software parity with the company's higher-end competitors. Until those devices hit store shelves, RIM hopes that a new line of BlackBerry smartphones running BlackBerry 7 OS will help it retain market share, even as Google Android and Apple's iOS poise an increasing challenge to RIM's traditional user base.

Increased CIO responsibilities with cloud processing

Webmaster — Tue, 18 Oct 2011 07:53:12 -0600

CIOs need to review cloud provider contracts to understand the risk these contracts put their enterprise in. In a review of dozen contacts Janco Associates found that none of them satisfy all of the reasonable expectations of users. As is the case in most outsourcing relationships (which the public cloud most certainly is), the majority of contracts favor the provider and not the user, so be aware of what you sign up for in the public cloud, especially if it involves the provisioning or support of a critical business function. Janco strongly advises CIOs to fully vet the wording, structure, and jurisdiction in each contract. After all, once compnaies have outsourced their data or applications or infrastructure in a public cloud, the contract is all they have.

The CIO has a responsibility to be a leader when it comes to cloud computing in the organization, so they need to make sure they are aware of, and actively involved in, all key cloud discussions and decisions. If not, the CIO may be the one asked to pick up the pieces if the business goes off the rails due to factors about which they were not clear. These are critical decisions that can generate both great risks and great rewards.

Administrative accounts are a security risk

Webmaster — Sun, 16 Oct 2011 15:22:06 -0600

In all systems and networks privileged accounts are necessary from an administrative perspective. Administrators need easy access to certain areas, and sometimes the only way to conveniently gain that access is to have privileged accounts - that is simply how some operating systems work. While operating systems have become significantly more powerful in recent years, privileged access has not evolved as quickly, so a single, all-powerful level of access still exists in many enterprises. For instance, many network administrative tasks can't be carried out without root access, and many of those tasks are quite routine. While a small business may have only a single trusted person with privileged access, most midsize to large businesses have multiple privileged administrators.

The problem is that operating systems do not natively offer a way to discriminate more granular privileged access: it's an all-or-nothing proposition. Therefore, a surprisingly large number of people can often wield incredible power within the native OS - much of which is unnecessary for each individual to fulfill his or her role. Privileged accounts can be used to bypass standard controls and authorization levels. A person with a privileged account often has unlimited access and may be able to inflict significant damage to networks, servers, applications and data.

To make matters worse, not only can too many administrators inflict damage, they may be able to work outside the network's identity management system and hide their actions. Most organizations face serious challenges in analysis and discovery of security breaches, both in real time and after the fact. They have problems finding out what went wrong, who did what and when they did it. This opens up a level of risk that has no place in a secure IT environment.

Apple shoots itself in the foot

Webmaster — Thu, 13 Oct 2011 06:09:51 -0600

iOS5 iPhone upgrade fails for many as they try to upgrade to the new OS

Reports of problems with the iOS 5 upgrade flooded Apple's support forum today. It's unclear why users are not able to upgrade, but the snafu may be due to swamped servers on Apple's end.

Users said they encountered installation errors near the tail end of the installation process, after iTunes downloaded the update and backed up the device.

iPhone and iPad owners reported a variety of error messages, and many said they had tried to upgrade to iOS 5 multiple times, from different computers running iTunes and to numerous devices, all without success.

Suggestions abounded on Apple's support forum about how to sidestep the errors and complete the upgrade, ranging from switching off the Mac's or Windows PC's firewall to deleting the existing backup.

In some cases, users said such suggestions had worked for them, but just as many -- if not more -- reported that they had not. A few people claimed that their attempts to upgrade to iOS 5 had "bricked" their iPhones, making them unusable.

Flexible schedules and work hours have a mixed acceptance

Webmaster — Fri, 07 Oct 2011 05:19:17 -0600

Most companies offer some form of flexible schedules, which are touted as productivity boosters. However research shows that workers who take advantage of such arrangements see considerable career fallout, including negative performance reviews and limited career advancement.

Employees suffer a variety of job repercussions for participating in work-life programs, even when their leaders insist they support the business value. The good news is that most employers around the globe avow support for family-friendly workplaces. The bad news is they are simultaneously penalizing those who actively strive to integrate work with their lives.

Findings include:

Most employers feel that the ideal employee is available 24/7
Most employers feel the most productive employees are those with limited personal commitments
93% of employers do not have metrics in place to measure the ROI of flexible work schedules
80% of employers offer some form of flexible scheduling and telecommuting to all staffers
79% of organizations that offer flexible work hours require core work hours when all employees should be working
56% of all companies have included fexible work schedules in thier disaster and business continuity plans
54% of employees on flexible schedules do not like their work assignments
53% of all organizations offer flexible work hours to all employees
52% of all organizations have compressed the work week to less than 5 day for some employees
42% of employees on flexible schedules have gotten negative performance reviews
40% of employees on flexible schedules feel they have been denied a promotion because of their work schedules

Businesses are failing to meet mandated compliance requirements

Webmaster — Sat, 01 Oct 2011 10:53:17 -0600

Businesses are failing to maintain their compliance with the security standard.

The impact of new regulatory bodies and new regulations in North America and Europe will be the largest business driver of many business' strategy, operations, and technology.
High credit losses and sovereign debt crises continue to slow job growth and consumer lending.
Businesses need to invest in data, analytics, segmentation, and reporting to support both demand-generation strategies and risk management goals that will foster long-term, profitable growth.
Businesses need to improve customer retention and relationship-pricing strategies for existing consumers.
Businesses need more IT initiatives that support strategic cost takeout and revenue generation; these initiatives include online self-service, servicing, and collections; business process outsourcing, and platform-based lending.
Future technologies requiring increased research (and some development) include mobile device-based business applications, social media marketing, and peer-to-peer lending.

Security policies and procedures need to be constantly updated

Webmaster — Thu, 22 Sep 2011 23:35:56 -0600

No matter who is behind security attack, the reality is that conventional IT security defences - when deployed alongside well - planned and executed security strategies - may no longer be considered sufficient to stop a determined and targeted attack. This leads us into the interesting supposition that the majority organizations may be operating on a rationale that is a little out-of-date, and, as such, may not be adding value.

This does not account for the root causes of the problems caused by determined and targeted attacks. These causes center on everyday working practices and security configurations, which are not always included in the standard security mission in a typical IT systems environment. There may also be further issues in the areas of security skill sets and a hands-on understanding, appreciation and anticipation of the potential for insecurity that may arise from adhering solely to the standard security mission of a given organization.

It is for this reason that security policies and procedures must be constantly reviewed and updated.

Social Network Acceptable Use Policy

Webmaster — Fri, 16 Sep 2011 09:23:41 -0600

Social networking is the curretn new hot thing. With Facebook, Twitter, Bebo, YouTube, Google, Yahoo, Flickr, LinkedIn, WordPress, and more, there are over a billion socially active people today - a number that continues to grow at an astounding rate. And it is not just a teen or consumer fad anymore. The social Web has emerged as a valuable business tool for the modern enterprise touting rich applications with real-time interaction and user-generated content.

As quickly as social networking has stormed personal lives, it has infiltrated the workplace, too. Enterprises have discovered that the consumer phenomenon is also a valuable tool for business and theyre already using it to modernize business processes, corporate communications, and employee collaboration. Perhaps more important, it's proving instrumental to customer service, sales, and marketing programs and even partner communications.

Nearly every enterprise is using it in one way or another. But along with its enormous popularity come enterprise-size risks. So in the race to maximize its potential, enterprises must take due care to completely protect the business. Unfortunately, most are not yet prepared to do that, lacking the proper controls to effectively enforce acceptable use policy, prevent new forms of malware, and protect sensitive data.

Cloud security is a major issue

Webmaster — Tue, 13 Sep 2011 05:30:38 -0600

The cloud is new, and it's risky. But the very fact that it's new and risky should give CIOs the upper hand in cloud negotiations - and the ability to walk away if they feel their needs are not being met. There are a lot of sellers of cloud services out there and it is a a buyer's market.

A recent study reports that a significant majority of over 100 cloud-computing service providers surveyed believe it is their customers' responsibility to secure the cloud, not theirs. When a hacker accesses one server, he accesses them all. If a server was attacked in precloud days, you simply shut it down. Today, with workloads distributed across many servers, there's a domino effect.

Business continuity compliance requirement costly

Webmaster — Mon, 12 Sep 2011 05:56:04 -0600

CIOs and IT managers are challenged to maintain high quality service in a 24x7 environment in an economy that is troubled at best. In interviews with a number of top IT executives, Janco has identified five areas where costs are increasing beyond acceptable levels and proposed solutions to help manage those costs. The areas where cost is increasing are:

Mandated compliance requirement management - Numerous laws and regulatory mandates focus on corporate governance and accountability around sensitive. The cost of this continues to explode. These costs can be controlled by:

Implementing strong data governance policies
Using electronic tools to clean your data bases
Implementing an efficient records management policy
Centralizing security management

Continual storage expansion - Analysts estimate that the volume of business e-mail is growing by 25 - 30 percent each year, and currently, the world's information base will double in size every 11 hours. Steps to take to address these cost include:

Consolidating databases to make administration simpler and more cost effective
Compressing data to minimize the amount of storage space that is required.
Archiving data to lower cost media to free up high-value storage space and keep databases running smoothly.

Increased administrative cost due to system complexity - Janco has found that 75 percent of all companies have three or more enterprise database management system (DBMS) products in their environment. Metrics show that many DBAs devote up to 80 percent of their time to routine systems maintenance. Cost control can be achieved by:

Simplifying management processes and eliminate unnecessary administrative tasks by automating basic database administration functions.
Outsource routine activities to give in-house DBAs more time for new projects.

Quick fixes that result in Server Sprawl - Small cheap servers may limit IT spending in the short term, but often is not the best nor most cost effective long-term solution. To fight this CIOs should:

Virtualize
Consolidate severs were possible
Replace older power and cooling consuming servers with green servers

Reliability and scalability requirements increase overhead - Most enterprise information is contained within IT systems, it is absolutely critical that those systems be available whenever your employees or your customers need them. With 24x7 availability requirements, systems have to scale as workloads increase. Reliability improvements and scaling by adding staff and servers can result in the wrong infrastructure and raise costs. To address this CIOs should:

Use clustered configurations
Consolidate and virtualize
Centralize administrative functions
Implement strong security and business continuity policies