Why Workload Placement Is The Key To a Strong IT Foundation

How you design your IT house can be as important as how architects design physical homes...getty

Where you decide to run your applications is as important as what you run. What does your workload placement strategy look like? Home architects are very careful about their design choices. Many of their decisions, such as the best locations for load-bearing walls, support beams and other infrastructure, have long-term consequences.

Where do they put windows and skylights will deliver optimal sunlight? How do they situate bedrooms and bathrooms? What is the right density of wood, concrete and other materials required to construct safe walls, roofs and floors? Those are just the broad strokes; architects plan thousands of minor details as well, often well before raw materials are purchased.

Like their home-building counterparts, IT systems architects carefully design technology systems. Which is why workload placement has emerged as a critical strategy for governing what applications and other resources run where.

IT has grown more complex, thanks to a proliferation of environments comprised of public and private clouds, on-premises infrastructure and edge devices. IT leaders who placed assets in these locations have constructed a multicloud house without planning for the long-term impact on their organization.

For example, while it may have initially made sense to build a key business application in a certain IT environment, perhaps performance began to lag as usage grew. Maybe the goalposts for security and compliance shifted, forcing you to rethink your choice.

Whatever architectural concerns arise, where you decide to put what in your IT house can be as important as how architects design physical homes. CIOs are thinking about this a great deal, as 92% of 233 IT decision makers Dell surveyed said that they have a formal strategy for deciding where to place workloads. Half of those executed this strategy in the past year.

Related: More Clouds, No Problem: Simplifying Your Multi-Cloud World

The Great Overcorrection

The public cloud grew rapidly, as engineers learned how easily it enabled them to launch and test new applications. Soon IT teams notched quick wins, including flexibility as they lifted and shifted existing business applications to the cloud.

Then came the overcorrection. Emboldened by the prospect of saving money while fostering greater agility as they innovated, many CIOs declared a “cloud-first” strategy. Those who were initially more measured in their adoption of cloud technology saw their colleagues migrate their entire IT estate and followed suit.

As workloads got more complex it turned out that the public cloud-first stance was not always the best fit for the business. Hasty decisions had unanticipated ramifications, either in the form of escalating costs or failed migrations.

The reasons: Workloads are unique. Each application has its own set of business requirements and benefits. Just as the home architect must carefully weigh each design choice, CIOs must be intentional about where they put their software assets.

Variations on a multicloud

Let’s consider some examples where the right workload is tied to a business outcome. Cloud environments—public or private—make sense where you get huge bursts of data traffic. Cloud technologies enable you to quickly spin up compute resources and dial them down as requirements subside.

Retail ecommerce is a classic example. For brands selling clothing, footwear and other merchandise, holiday seasonality drives peaks and valleys to web and mobile sales. Large traffic spikes in October or November through Christmas subside, then stabilize.

Or think of a digital crossword puzzle published every weekend. With most people completing these on the weekend, traffic bursts Saturday and Sunday before slowing over the remaining 5 days.

For such use cases, a public cloud that provides massive scalability may yield the desired business outcome.

Conversely, so-called “steady state” use cases—in which applications’ compute needs fluctuate little if at all—often run better on-premises, either in traditional IT infrastructure or in a private cloud. Thousands of these applications run without much deviation across business lines.

Think traditional general ledger software in ERPs. Travel and expense utilities. Software that governs data backups. Applications, such as those that monitor anomalous network traffic, often run locally for security reasons.

Other applications with disparate patterns and needs are emerging. Applications requiring minimal latency—think Internet of Things software—are moving to the edge for faster processing and cost efficacy.

In Dell’s survey, 72% of IT decision makers said performance guided their decisions to place workload, followed by data protection and security at 63% and 58%, respectively. Venues include public clouds, data centers, colocation facilities and edge environments.

Workload types vary, but 39% of respondents said they had placed data protection workloads while 35% each said they had placed ERP and CRM systems.

Diverse workloads require fungible infrastructure

There are no absolutes in determining workload placement. Well, not in the way many IT leaders think. Every software asset will have different requirements, which will influence where you decide to place them.

Just as an architect decides how to situate walls, beams, rooms and other physical infrastructure, where an IT architect places assets matters. The wrong choices can have negative consequences.

These decisions aren’t easy nor should they be made lightly, as the ramifications of poor asset placement can impact your bottom line, make your business more vulnerable or prompt you to run afoul of compliance mandates.

All diverse workloads require a flexible infrastructure that enables enterprises to move their applications and other workloads to move seamlessly across clouds, on-premises and edge venues, based on their business requirements.

As-a-Service infrastructure, which includes on-premises equipment ordered on demand, can power these workloads to meet requirements for performance and availability, as well as your needs for simplicity, agility, and control. How will you lay the foundation for your IT assets?

Keep reading: Why the Hybrid Workplace Needs a Hybrid IT Model

Vice President, Product Management, Dell APEX

Chad Dunn has been with EMC and Dell Technologies for over 15 years.

Source: Why Workload Placement Is the Key to a Strong IT Foundation


Related contents:

On the cooling-aware workload placement problemP Cremonesi, A Sansottera, S Gualandi – Workshops at the Twenty-Fifth …, 2011 – aaai.org… -AWARE WORKLOAD PLACEMENT PROBLEM, that looks for a workload placement that … a cross-interference matrix that links the workload placement to the cold air temperature. …Save Cite Cited by 7 Related articles All 5 versions

Online placement of multi-component applications in edge computing environmentsS Wang, M Zafer, KK Leung – IEEE Access, 2017 explore.ieee.org… This problem, known as the application or workload placement problem, is notoriously hard,for tree application graph placement. We jointly consider node and link assignment, and …

Virtual machine placement with two-path traffic routing for reduced congestion in data center networksR Kanagavelu, BS Lee, NTD Le, LN Mingjie… – Computer …, 2014 – Elsevier The core network oversubscription and unbalanced workload placement could lead to long-…we consider efficient placement of VMs so as to minimize network link congestion and we …

On the placement of web server replicasL Qiu, VN Padmanabhan… – … IEEE INFOCOM 2001 …, 2001 – ieeexplore.ieee.org replica placement in detail. We develop several placement algorithms that use workloadinfor… To study the effect of overlooking some network links on the placement algorithms, we …

Enabling efficient placement of virtual infrastructures in the cloudI Giurgiu, C Castillo, A Tantawi, M Steinder – ACM/IFIP/USENIX …, 2012 – Springer… placement stage has on the performance of our approach. Second, we consider a more realistic workload … apply our placement technique on generic VNIs whose VMs and links require …

Practical service placement approach for microservices architectureM Selimi, L Cerdà-Alabern… – 2017 17th IEEE/ACM …, 2017 – ieeexplore.ieee.org… For bidirectional links, we count both links in opposite direction as a single link. In summary, methods for cloud workload placement. Regarding the service placement through migration, …

Virtualknotter: Online virtual machine shuffling for congestion resolving in virtualized datacenterS Zou, X Wen, K Chen, S Huang, Y Chen, Y Liu, Y Xia… – Computer …, 2014 – Elsevier… by core network oversubscription and unbalanced workload placement. In contrast to traditional… In fact, with further inspection into the link utilization, we find the links among those racks

Achieving predictable performance through better memory controller placement in many-core CMPsD Abts, ND Enright Jerger, J Kim, D Gibson… – ACM SIGARCH …, 2009 – dl.acm.org… Lastly, we have a detailed full system simulator that allows real workloads to be applied to …placement has 33% less link contention compared to the baseline row0_7 placement used by …

Optimizing the placement of internet taps in wireless neighborhood networksR Chandra, L Qiu, K Jain… – Proceedings of the 12th …, 2004 – ieeexplore.ieee.org… In this paper, we explore the placement problem under three wireless link … link characteristics.We also extend our algorithms to provide fault tolerance and handle significant workload …

Network Slicing and Workload Placement in MegacitiesP Soumplis, P Kokkinos, D Lagos… – 2020 22nd …, 2020 – ieeexplore.ieee.org… ’ workload is appropriately offloaded. In our work, we examine mechanisms for the joint resourceallocation and the applications’ workload placement in … connections (links) between two …

Analyzing network health and congestion in dragonfly-based supercomputersA Bhatele, N Jain, Y Livnat, V Pascucci… – 2016 IEEE …, 2016 – ieeexplore.ieee.org… job workloads. In this paper, we explore the effects of job placement, parallel workloads and
… As we can see, green links have higher maximum traffic than blue links for 2D Stencil, Many-…

Foggy: a platform for workload orchestration in a fog computing environmentD Santoro, D Zozin, D Pizzolli… – … on Cloud Computing …, 2017 – ieeexplore.ieee.org… Foggy orchestrates application workload, negotiates … negotiation, scheduling and workload
placement taking into account … world situation in which the link between the Edge Cloudlets …
N Jain, A Bhatele, S White, T Gamblin… – SC’16: Proceedings of …, 2016 – ieeexplore.ieee.org Multi-job simulations and placement: Realistic workloads in HPC include several … on the links increase as we approach the root; thus, link bandwidth should be higher for the …
Backhaul Bandwidth Consideration for Workload Placement in Hierarchical Edge Cloud ArchitectureK Yunoki, H Shinbo – 2019 IEEE Wireless Communications and …, 2019 – ieeexplore.ieee.org… Our approach can produce such a decision on workload placement. However, it is
fundamentally necessary to deploy backhaul links with adequate bandwidth to facilitate an edge …
Marketing Programs To Buy:
10 Bold Actions In Positive Life     https://jvz3.com/c/202927/383942/
3D Pal Toons     https://jvz6.com/c/202927/381689/
4brandcommercial        https://jvz1.com/c/202927/375487
7 Minutes Kit      https://jvz8.com/c/202927/374505/
9 figure Success        https://jvz8.com/c/202927/384653/
Ad Raven      https://jvz4.com/c/202927/382796/
Ada leadz     https://jvz8.com/c/202927/376381
ADA Web      https://jvz3.com/c/202927/383751/
AdRaven       https://jvz3.com/c/202927/382851/
Adsense Machine      https://jvz2.com/c/202927/290487
Adtivate Agency      https://jvz3.com/c/202927/383706/
AdvertSuite     https://jvz1.com/c/202927/335011/
AdzHero     https://jvz2.com/c/202927/366972/
AffiliateMatic     https://jvz3.com/c/202927/381148/
Agency Client Finder    https://jvz3.com/c/202927/384619/
Agencyscale      https://jvz1.com/c/202927/383113/
AgencyScale      https://jvz4.com/c/202927/383111/
AIWA Commercial     https://jvz2.com/c/202927/365061
ALL-in-One HD Stock    https://jvz4.com/c/202927/381560
Animaxime    https://jvz2.com/c/202927/383307/
Appimize      https://jvz8.com/c/202927/370227
Appoint B Agency     https://jvz1.com/c/202927/384630/
Appointomatic      https://jvz6.com/c/202927/374258
Appowls    https://jvz4.com/c/202927/381231/
Art Of Living    https://jvz4.com/c/202927/382425/
Audiencetoolkit     https://jvz6.com/c/202927/302715
Aweber Crash Course     https://jvz6.com/c/202927/383057/
Backlinkindexer    https://jvz6.com/c/202927/88118
BettingMaster      https://jvz2.com/c/202927/387079/
BevTraders    http://www.bevtraders.com/?ref=arminham
Big Audio Club     https://jvz6.com/c/202927/380087/
BigAudio Club    https://jvz2.com/c/202927/380877/
Boost Optimism   https://jvz2.com/c/202927/380692/
BrandElevate   https://jvz4.com/c/202927/381807/
BrandElevate   https://jvzoo.com/c/202927/381812
Bybit     https://www.bybit.com/en-US/invite?ref=ALEXP
CanvaKitz    https://jvz4.com/c/202927/379051/
ChatterPal    https://jvz8.com/c/202927/324615
Clientfinda   https://jvz8.com/c/202927/370806
Clipsreel   https://jvz3.com/c/202927/372682
Commission smasher   https://jvz3.com/c/202927/376879
Content Gorilla   https://jvz2.com/c/202927/330783
Content Tool Kit   https://jvz3.com/c/202927/329145/
CourseAlly eLearning   https://jvz4.com/c/202927/384759/
CourseReel   https://jvz2.com/c/202927/355249
Courserious   https://jvz8.com/c/202927/360397/
Coursova   https://jvz1.com/c/202927/376527
Creaitecontent  https://jvz1.com/c/202927/376986
Credit Repair   https://jvz8.com/c/202927/377815/
Cryptokit    https://jvz8.com/c/202927/383809/
CryptoRocket    https://jvz6.com/c/202927/378113/
CryptoUnderworld     https://jvz8.com/c/202927/374345/
Dealcheck     https://dealcheck.io?fp_ref=armin16
DesignaSuite      https://jvz2.com/c/202927/297271
DesignBeast    https://jvz6.com/c/202927/371547
DevelopSelfEmpowerment     https://jvz6.com/c/202927/383094/
DFYContentClub     https://jvz6.com/c/202927/381337/
DFYSuite   https://jvz3.com/c/202927/381194/
Diabetes Guide    https://jvz2.com/c/202927/358870/
Diddly Pay’s    https://jvz2.com/c/202927/315596
Diet fitness diabetes   https://jvz1.com/c/202927/286851
Domainname    https://jvz6.com/c/202927/377005
Dominate Email   https://jvz4.com/c/202927/386980/
Dropshiply   https://jvz3.com/c/202927/383483/
DUX Forex Signals   https://jvz3.com/c/202927/128215/
EBook Agency    https://jvz2.com/c/202927/384573/
Ejaculation Total   https://jvz2.com/c/202927/75989/
Email Monetizer    https://jvz2.com/c/202927/386337/
EngagerMate  https://jvz8.com/c/202927/328172
EngageYard   https://jvz2.com/c/202927/383051/
Explaindio    https://jvz1.com/c/202927/123757/
Extreme Adz   https://jvz8.com/c/202927/379244/
Extreme Coupon  https://jvz1.com/c/202927/216101/
EZ Local Appointment  https://jvz2.com/c/202927/385180/
EZDeals  https://jvz8.com/c/202927/377689/
Ezy  https://jvz1.com/c/202927/381935/
Ezy MultiStores  https://jvzoo.com/c/202927/381935
Facebook Cash Machine   https://jvz4.com/c/202927/382333/
Facedrip  https://jvz1.com/c/202927/376325/
FaceSwap   https://jvz4.com/c/202927/381768/
Fade To Black   https://jvz2.com/c/202927/344541
Fanpage  https://jvz4.com/c/202927/144349
Fitness Nutrition   https://jvz4.com/c/202927/353334/
Followup Builder   https://jvz3.com/c/202927/386313/
Forex Atlatian   https://jvz8.com/c/202927/25069/
Forex Blizz   https://jvz8.com/c/202927/144577/
Forex Blue Stark  https://jvz3.com/c/202927/47481/
Forex expert   https://jvz1.com/c/202927/376877
Forex Hybrid Scalper    https://jvz6.com/c/202927/95037/
Forex Joustar   https://jvz6.com/c/202927/381617/
Forex Mastery   https://jvz2.com/c/202927/144621/
Forex Scouts   https://jvz6.com/c/202927/132677/
forrk  https://jvz1.com/c/202927/373449
FusionMT4    https://jvz2.com/c/202927/372523/
FX Goldminer  https://jvz1.com/c/202927/381439/
Galactic  https://jvz1.com/c/202927/188236/
Gaming job   https://jvz2.com/c/202927/184902  s
Genesis Mining   https://www.genesis-mining.com/a/2535466
Gluten free   https://jvz4.com/c/202927/296191
GMB Magic  https://jvz2.com/c/202927/377194
Graphic Alta  https://jvz2.com/c/202927/324492/
Heal Your Emptiness   https://jvz6.com/c/202927/384848/
High Converting Emails  https://jvz3.com/c/202927/386305/
HostLegends    https://jvz4.com/c/202927/384755/
Hostley Domain Creator   https://jvz1.com/c/202927/379223/
Human Synthesys Studio  https://jvz8.com/c/202927/367353/
ImageX   https://jvz6.com/c/202927/363237/
IMSyndicator  https://jvz1.com/c/202927/370769
Inboxr   https://jvz2.com/c/202927/312692
Insta Keyword    https://jvz6.com/c/202927/351606/
Instant Website   https://jvz2.com/c/202927/377557
InstantWebsiteBundle          https://jvz6.com/c/202927/377557
iTraffic X  https://jvz2.com/c/202927/320466
keysearch  https://jvz3.com/c/202927/194909
KlickCourse   https://jvz3.com/c/202927/385006/
Klippyo Kreators  https://jvz8.com/c/202927/327447
KoinCart   https://jvz2.com/c/202927/383555/
Leadvalet   https://jvz3.com/c/202927/385580/
LegalSuites   https://jvz2.com/c/202927/388896/
Levidio Royal Podcasting   https://jvz6.com/c/202927/384025/
Linkable DFY   https://jvz6.com/c/202927/385873/
Linkomatic  https://jvz2.com/c/202927/380937/
LiteTrading   https://www.litefinance.com/?uid=929237543
Live Your Truth  https://jvz6.com/c/202927/379020
Living An Intentional Life    https://jvzoo.com/c/202927/382455
Living an International Life    https://jvz8.com/c/202927/382455/
Local Leader   https://jvz4.com/c/202927/383751/
Local Sites   https://jvz4.com/c/202927/380543/
LocalAgencyBox  https://jvz2.com/c/202927/359468
LocalCentric   https://jvz2.com/c/202927/379339/
LocalioAI    https://jvz6.com/c/202927/378310/
MarketAll      https://jvz2.com/c/202927/386971/
Marketingblocks     https://jvz6.com/c/202927/374934
MarketPresso   https://jvz2.com/c/202927/369837
Massfluence  https://jvz4.com/c/202927/386885/
Mat1 Simple Funnel   https://jvz2.com/c/202927/380197/
Maxslides  https://jvz8.com/c/202927/376842
Mech Forex Robot   https://jvz6.com/c/202927/383447/
MediaCloudPro   https://jvz2.com/c/202927/343635
Megasuite   https://jvz3.com/c/202927/383953/
Mobi First   https://jvz2.com/c/202927/353694/
Motion Kingdom Studio  https://jvz4.com/c/202927/383177/
Movid Animation  https://jvz6.com/c/202927/380385/
MT4Code System   https://jvz2.com/c/202927/376925
My Passive Income   https://jvz1.com/c/202927/384099/
MyMailIt   https://jvz3.com/c/202927/292919
MyTrafficJacker   https://jvz2.com/c/202927/353558
Next Drive  https://jvz4.com/c/202927/371095/
NichBox  https://jvz2.com/c/202927/370705/
Organic Life Guide  https://jvz8.com/c/202927/366872/
Pcommerce   https://jvz6.com/c/202927/372265/
Phemex  https://phemex.com/register-vt1?referralCode=D8HUS2
Photokit  https://jvz4.com/c/202927/373207/
PicsAds   https://jvz2.com/c/202927/385468/
PigMoneyMethod   https://jvz2.com/c/202927/377665/
Pipstock    http://pipstockexchange.com/register?ref=204
Pitchdeck   https://jvz3.com/c/202927/347847/
Pixal  https://jvz2.com/c/202927/378775/
PixaStudio    https://jvz1.com/c/202927/373089/
Pixivid   https://jvz6.com/c/202927/385213/
PlanB Muscle Growth   https://jvz1.com/c/202927/36517/
PlayerNeos   https://jvz2.com/c/202927/376962
Podcast Advantage   https://jvz8.com/c/202927/379995/
Podcast Masterclass  https://jvz3.com/c/202927/379998/
PodKastr    https://jvz1.com/c/202927/369500/
PopLinks    https://jvz2.com/c/202927/368095/
Postradamus     https://jvz6.com/c/202927/108695
Power Reviews    https://jvz8.com/c/202927/384625/
Powrsuite   https://jvz1.com/c/202927/376361
PR Rage  https://jvz4.com/c/202927/343405
prime stocks   https://jvz8.com/c/202927/369164  prime stocks
Profile mate    https://jvz4.com/c/202927/358049
Promovidz   https://jvz8.com/c/202927/375692/
Push Button Traffic   https://jvz2.com/c/202927/301402
QR Verse   https://jvz3.com/c/202927/383865/
Quintex Capital     https://quintexcapital.com/?ref=arminham
Quit Smoking    https://jvz3.com/c/202927/359081/
QuizMatic   https://jvz6.com/c/202927/387116/
Reputor   https://jvz8.com/c/202927/380159/
ReVideo  https://jvzoo.com/c/202927/381761
ReviewReel   https://jvz6.com/c/202927/382663/
Rewriter   https://jvz4.com/c/202927/353373/
RSI SEO   https://jvz6.com/c/202927/384381/
Scriptdio   https://jvz4.com/c/202927/385387/
Seniors Income    https://jvz2.com/c/202927/383888/
Senuke  https://jvz6.com/c/202927/279944
ShopABot   https://jvz2.com/c/202927/291955
ShopFunnels   https://jvz3.com/c/202927/384069/
SocialAgency360   https://jvz1.com/c/202927/385357/
SociCake  https://jvz2.com/c/202927/321987
Socifeed   https://jvz6.com/c/202927/375706
SociJam  https://jvz2.com/c/202927/309649
Soronity  https://jvz6.com/c/202927/368736
SqribbleEbook   https://jvz6.com/c/202927/283867
Stackable Picture   https://jvz1.com/c/202927/385046/
Steven Alvey’s   https://jvz2.com/c/202927/351754
Stoodaio   https://jvz1.com/c/202927/372094
Storymate    https://jvz3.com/c/202927/320972
StreamPilot   https://jvz2.com/c/202927/385431/
Studioninja   https://jvz1.com/c/202927/374965
Sunday Freebie  https://jvz1.com/c/202927/267113/
Super backdrop   https://jvz8.com/c/202927/376524
Survai    https://jvz8.com/c/202927/380933/
Syndranker    https://jvz3.com/c/202927/378143/
Talkingfaces   https://jvz3.com/c/202927/375550
The Internet Marketing   https://jvz2.com/c/202927/289944
Tonai Voice Content   https://jvz8.com/c/202927/383119/
Toon Video Maker    https://jvz2.com/c/202927/357201
TrafficForU   https://jvz3.com/c/202927/381950/
Trendio  https://jvz3.com/c/202927/381003/
TubePal   https://jvz6.com/c/202927/379863/
Tubeserp   https://jvz3.com/c/202927/370472
TubeTargeter  https://jvz6.com/c/202927/377211
TuneMingo    https://jvz3.com/c/202927/386556/
TV Boss Fire  https://jvz6.com/c/202927/379480/
Ultrafunnels A.I   https://jvz2.com/c/202927/381129/
VIADZ Ad Template  https://jvz4.com/c/202927/379307/
Vidcentric   https://jvz4.com/c/202927/376095
Viddeyo    https://jvz6.com/c/202927/382326/
Videevolve   https://jvz4.com/c/202927/381011/
Video Campaignor      https://jvz4.com/c/202927/387058/
Video Games   https://jvz3.com/c/202927/184902/
VideoEnginePro     https://jvz2.com/c/202927/372916
VideoGameSuite    https://jvz3.com/c/202927/366537/
VideoRobot Enterprise   https://jvz8.com/c/202927/291061
VidKreate   https://jvz6.com/c/202927/386029/
VidMingo   https://jvz6.com/c/202927/378359/
VidRaffle   https://jvz2.com/c/202927/386840/
VidSnatcher    https://jvz3.com/c/202927/342585
VidVoicer    https://jvz1.com/c/202927/379983/
Vidzura   https://jvz4.com/c/202927/385754/
Viral dash   https://jvz6.com/c/202927/375959
Viral Quotes      https://jvz2.com/c/202927/386984/
VirtualReel   https://jvz8.com/c/202927/376849
Vocalic  https://jvz2.com/c/202927/383848/
VoiceBuddy    https://jvz1.com/c/202927/342854
VR Studio  https://jvz8.com/c/202927/388296/
WebCop  https://jvz4.com/c/202927/378683/
Webinarkit   https://jvz3.com/c/202927/383937/
Webprimo   https://jvz1.com/c/202927/379455/
WordPress Mastery   https://jvz1.com/c/202927/386249/
WowBackgraounds   https://jvz2.com/c/202927/381556/
WP GDPR    https://jvz8.com/c/202927/299907
WP Simulator    https://jvz3.com/c/202927/46987/
Writer Arc   https://jvz1.com/c/202927/386602/
writing job   https://jvz8.com/c/202927/213027
XBrain Forex   https://jvz3.com/c/202927/372305/
XFUNNELS   https://jvz2.com/c/202927/310335
Xinemax  https://jvz1.com/c/202927/381749/
YoDrive   https://jvz2.com/c/202927/384700/
YoSeller   https://jvz4.com/c/202927/387544/
Your 3DPal   https://jvz2.com/c/202927/381685/
YTSuite   https://jvzoo.com/c/202927/381179
Zappable   https://jvz3.com/c/202927/367328/

The 3 Biggest Mistakes the Board Can Make Around Cyber Security

The role of the Board in relation to cyber security is a topic we have visited several times since 2015, first in the wake of the TalkTalk data breach in the UK, then in 2019 following the WannaCry and NotPeyta outbreaks and data breaches at BA, Marriott and Equifax amongst others. This is also a topic we have been researching with techUK, and that collaboration resulted in the start of their Cyber People series and the production of the “CISO at the C-Suite” report at the end of 2020.

Overall, although the topic of cyber security is now definitely on the board’s agenda in most organisations, it is rarely a fixed item. More often than not, it makes appearances at the request of the Audit & Risk Committee or after a question from a non-executive director, or – worse – in response to a security incident or a near-miss.

All this hides a pattern of recurrent cultural and governance attitudes which could be hindering cyber security more than enabling it. There are 3 big mistakes the Board needs to avoid to promote cyber security and prevent breaches.

1- Downgrading it

“We have bigger fishes to fry…”

Of course, each organisation is different and the COVID crisis is affecting each differently – from those nearing collapse, to those which are booming. But pretending that the protection of the business from cyber threats is not a relevant board topic now borders on negligence and is certainly a matter of poor governance which non-executive directors have a duty to pick up.

Cyber attacks are in the news every week and have been the direct cause of millions in direct losses and hundreds of millions in lost revenues in many large organisations across almost all industry sectors.

Data privacy regulators have suffered setbacks in 2020: They have been forced to adjust down some of their fines (BA, Marriott), and we have also seen a first successful challenge in Austria leading to a multi-million fine being overturned (EUR 18M for Austrian Post). Nevertheless, fines are now reaching the millions or tens of millions regularly; still very far from the 4% of global turnover allowed under the GDPR, but the upwards trend is clear as DLA Piper highlighted in their 2021 GDPR survey, and those number should register on the radar of most boards.

Finally, the COVID crisis has made most businesses heavily dependent on digital services, the stability of which is built on sound cyber security practices, in-house and across the supply chain.

Cyber security has become as pillar of the “new normal” and even more than before, should be a regular board agenda, clearly visible in the portfolio of one member who should have part of their remuneration linked to it (should remuneration practices allow). As stated above, this is fast becoming a plain matter of good governance.

2- Seeing it as an IT problem

“IT is dealing with this…”

This is a dangerous stance at a number of levels.

First, cyber security has never been a purely technological matter. The protection of the business from cyber threats has always required concerted action at people, process and technology level across the organisation.

Reducing it to a tech matter downgrades the subject, and as a result the calibre of talent it attracts. In large organisations – which are intrinsically territorial and political – it has led for decades to an endemic failure to address cross-silo issues, for example around identity or vendor risk management – in spite of the millions spent on those matters with tech vendors and consultants.

So it should not be left to the CIO to deal with, unless their profile is sufficiently elevated within the organisation.

In the past, we have advocated alternative organisational models to address the challenges of the digital transformation and the necessary reinforcement of practices around data privacy in the wake of the GDPR. They remain current, and of course are not meant to replace “three-lines-of-defence” type of models.

But here again, caution should prevail. It is easy – in particular in large firms – to over-engineer the three lines of defence and to build monstrous and inefficient control models. The three lines of defence can only work on trust, and must bring visible value to each part of the control organisation to avoid creating a culture of suspicion and regulatory window-dressing.

3- Throwing money at it

“How much do we need to spend to get this fixed?”

The protection of the business from cyber threats is something you need to grow, not something you can buy – in spite of what countless tech vendors and consultants would like you to believe.

As a matter of fact, most of the breached organisations of the past few years (BA, Marriott, Equifax, Travelex etc… the list is long…) would have spent collectively tens or hundreds of millions on cyber security products over the last decades…

Where cyber security maturity is low and profound transformation is required, simply throwing money at the problem is rarely the answer.

Of course, investments will be required, but the real silver bullets are to be found in corporate culture and governance, and in the true embedding of business protection values in the corporate purpose: Something which needs to start at the top of the organisation through visible and credible board ownership of those issues, and cascade down through middle management, relayed by incentives and remuneration schemes.

This is more challenging than doing ad-hoc pen tests but it is the only way to lasting long-term success.

By: JC Gaillard

Source: The 3 Biggest Mistakes the Board Can Make Around Cyber Security – Business 2 Community



A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak, information leakage and also data spill. Incidents range from concerted attacks by black hats, or individuals who hack for some kind of personal gain, associated with organized crime, political activist or national governments to careless disposal of used computer equipment or data storage media and unhackable source.

Definition: “A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”Data breaches may involve financial information such as credit card & debit card details, bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. Most data breaches involve overexposed and vulnerable unstructured data – files, documents, and sensitive information.

Data breaches can be quite costly to organizations with direct costs (remediation, investigation, etc) and indirect costs (reputational damages, providing cyber security to victims of compromised data, etc.)

According to the nonprofit consumer organization Privacy Rights Clearinghouse, a total of 227,052,199 individual records containing sensitive personal information were involved in security breaches in the United States between January 2005 and May 2008, excluding incidents where sensitive data was apparently not actually exposed.

Many jurisdictions have passed data breach notification laws, which requires a company that has been subject to a data breach to inform customers and takes other steps to remediate possible injuries.

A data breach may include incidents such as theft or loss of digital media such as computer tapes, hard drives, or laptop computers containing such media upon which such information is stored unencrypted, posting such information on the world wide web or on a computer otherwise accessible from the Internet without proper information security precautions, transfer of such information to a system which is not completely open but is not appropriately or formally accredited for security at the approved level, such as unencrypted e-mail, or transfer of such information to the information systems of a possibly hostile agency, such as a competing corporation or a foreign nation, where it may be exposed to more intensive decryption techniques.

ISO/IEC 27040 defines a data breach as: compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed.

See also

The 5 Biggest IT Mistakes Companies Make And How To Avoid Them

Young woman working at home

A new study released by research firm Gartner shows that employees are nearly two times more likely to pretend to be working when their employers use tracking systems to monitor their output. Gartner surveyed more than 2,400 professionals in January 2021.

Across the world, IT professionals are in charge of an increasing number of servers and data coming in from disparate sources, and they’re using way too many monitoring tools to make sense of it all. The Reducing Complexity in IT Infrastructure Monitoring: A Study of Global Organizations report by the Ponemon Institute sheds light on the challenges of troubleshooting and monitoring cloud and on-premises environments.

  • 24% said the handling of scale and complexity of IT infrastructure has improved
  • 29% said the ability to easily deploy and maintain server monitoring technologies has improved

The survey also found that while a significant percentage of IT practitioners are in charge of monitoring over 50 servers, only 33% felt that they could ensure performance and system availability with their current toolset. So how can IT effectively manage increasingly complex, hybrid environments, and what are the major missteps IT organizations can correct to build a more efficient approach to infrastructure monitoring and troubleshooting?

Here are some of the biggest IT mistakes companies of all sizes make — and how to avoid them.

Problem #1: Too Many Tools

Seventy percent of IT professionals in the survey said that using data to determine root cause slows them down — ingesting and normalizing data of differing formats and types is tedious and unmanageable, and it’s difficult to make real-time decisions. This is often because companies use too many monitoring tools for single layers of their IT stack, such as networks or applications, which creates silos and inefficiencies. When data lives inside one tool but can’t access or communicate with data confined to other tools, IT practitioners lose context on what’s happening in their environment because they’re seeing only a part of the picture.

The Solution: The solution to too many tools and disparate data is a single, scalable monitoring tool that provides end-to-end operational visibility into hybrid environments.

Problem #2: IT and Business Friction

As digital business infrastructure increases in complexity, IT teams feel more pressure than ever to reduce business-impacting incidents. When IT systems fail, the ramifications go beyond the immediate financial loss of downtime — a business could lose customers and jeopardize its reputation, a harsh reality that keeps IT teams up day and night. According to Ponemon’s research, 61 percent of IT professionals say that lack of system availability and poor performance creates friction between IT and lines of business.

The Solution

In addition to a solution that allows IT to find the root cause to identify service interruptions, IT and business need to work together to design business and technical requirements in tandem.

Problem #3: No Way to Easily Identify Root Cause

Across the globe, IT professionals spend their days identifying and fixing server environment problems. Indeed, the Ponemon survey found that the top two challenges of troubleshooting, monitoring and cloud migration are:

  • Lack of insights to quickly pinpoint issues and identify the root cause
  • Complexity and diversity of IT systems and technology

When IT can’t find and fix issues quickly, it has a direct effect on the business.

The Solution: For IT to quickly fix problems, they need a monitoring tool that can surface an issue’s root cause with an alert about where and why something is wrong. Issue resolution time can be cut in half with a monitoring solution that correlates metrics and logs, and provides visualizations of alerts, trends and logs in one place. Making sure your monitoring tool can enable those types of actions and resolution planning is critical for success.

Problem #4: The Wrong Skills to Manage Application Complexity

When Ponemon asked IT professionals about the biggest risks to their ability to troubleshoot, monitor and migrate to the cloud:

  • 55%  said the increasing complexity of applications running on infrastructure
  • 44%  said a lack of skills and expertise to deal with application complexity

As infrastructure grows and evolves, it becomes increasingly difficult for IT teams to successfully manage, monitor and troubleshoot systems. Couple that with an IT skills gap that makes it difficult for organizations to attract and retain qualified talent, and it becomes clear why IT teams feel nonstop pressure.

The Solution: To effectively troubleshoot, monitor and migrate to the cloud, you need a solid plan that takes future growth into account is necessary for smooth IT operations. Business and IT need to work together to create an IT environment roadmap, followed by a talent strategy that aligns to that plan. Be sure to:

  • Identify skills gaps and adjust hiring
  • Identify and train qualified employees for advancement
  • Include succession planning for inevitable changes

Problem #5: Lack of Visibility Throughout Cloud Migration

Sixty-eight percent of IT practitioners said that ensuring application performance and availability throughout cloud migration caused the most stress. Over half said both cost and the inability to monitor and troubleshoot applications were their biggest pain points.

As infrastructure increases in complexity, the core responsibilities of IT to monitor and measure remain the same. So how can IT achieve infrastructure visibility and workload insights when performance data spans diverse environments?

The Solution: It’s critical to monitor performance across hybrid architectures with a monitoring solution that collects and correlates data from every location. Full visibility is needed throughout the migration process, so choose an end-to-end monitoring tool that allows you to establish a pre-migration baseline, mid-migration insights and post-migration success.

Before cloud migration, measure the baseline user experience and performance, and define acceptable post-migration levels. To accurately validate a migration’s success, use the same monitoring tool throughout the migration process. A unified tool can analyze centralized data and provide better insights from dashboards and reports.

For more of the biggest IT mistakes and solutions and examples of companies that have solved the problem check out: 8 Biggest Mistakes IT Practitioners Make and How to Avoid Them.

Splunk Inc. turns data into doing with the Data-to-Everything Platform. Splunk technology is designed to investigate, monitor, analyze and act on data at any scale.

Source: The 5 Biggest IT Mistakes Companies Make And How To Avoid Them


More Contents:

It: Chapter Two: Release Date, Cast, Plot, Theories, Rumors

Stephen King’s It crawled back onto the scene in 2017, when the first of two movie remakes came out. The second film, based like the first on King’s 1,100-page 1986 bestseller, isn’t a sequel — it’s a continuation of the plot, taking place 27 years after the first film. For It Chapter 2, members of the Losers Club from the first film have been recast with adult actors, though the young actors will also appear in flashback.

Early reviews

Here’s a look at some of the reviews that have already been released for the film, including CNET’s own.

The sequel trap

“While It Chapter 2 brings their story to a conclusive and largely satisfying end, it disappointingly walks right into the same trap as many sequels. Bloated with story ideas, characters and, most noticeably, running time — not to mention excessive CGI — Chapter 2 is at times harder to hang onto than an escaping balloon.”    — Jennifer Bisset, CNET

Kudos for the cast

The casting of the grown up versions of each character is very impressively done, with James McAvoy and Jay Ryan seeming to be the standouts — but that might be because their characters bear the most striking resemblance to their younger counterparts. Meanwhile, Bill Hader pours an impressive amount of heart into the film, despite being forced to try to add the comic relief endlessly, a task which lands most of the time.”    — Brandon Davis, ComicBook.com

First film was better

“The decision [to split the book into two movies] paid off beautifully for Chapter 1, transforming the cerebral novel into a Goonies-flavored coming-of-age adventure with a cast of magnetic, scrappy, lovable kids who faced off against a monster and learned all sorts of lessons about life, love, and friendship along the way. In Chapter 2, however, the cracks in the concept begin to show, and ultimately, the final chapter fails to maintain the spark of the first, succumbing to a dangerous cocktail of muddled timelines, poorly placed novel call-backs, and scattered focus.”    — Meg Downey, GameSpot.com

Nearly three hours is too long

“So what’s the problem? For starters, It: Chapter Two is an ass-numbing two hours and 50 minutes. That’s a good half-hour longer than Chapter One, proving the adage that less is definitely more. The dragging pace diminishes the film’s ability to hold us in its grip. There are endless flashbacks to the characters as kids, as if director Andy Muschietti and screenwriter Gary Dauberman didn’t trust the audience to have seen the first film and decided to squeeze the highlights into this one just in case.”    — Peter Travers, Rolling Stone

Trailers and teasers

A featurette released in early September includes some of the stars briefly talking about their roles.

Source: It: Chapter Two: Release date, cast, plot, theories, rumors – CNET


Your Enterprise Network Is Haunted — Here’s How To Banish The Darkspace

For many companies, the network is like a creepy haunted house—there’s darkspace around every corner and they know bad stuff is hiding there, but they can’t see it until it’s too late. The first step to solving this problem is to understand what we mean by “darkspace” and why every organization with a digital presence should be thinking about these issues. We’ll start there, and then look at a new category of product emerging to help IT and SecOps shed light into the darkspace so they can fight the monsters hiding there……..

Source: https://www.forbes.com/sites/extrahop/2019/02/19/your-enterprise-network-is-haunted–heres-how-to-banish-the-darkspace/#61a50ac632a2

%d bloggers like this: