CAMBRIDGE, Mass. -- The news in June was scary enough -- 1.1 million people's fingerprints were stolen from the Office of Personnel Management in a massive cybersecurity breach. It got a lot worse this week when news broke that the number was more than five times higher, at 5.6 million.
CIOs with company data in the public cloud needn't panic over this or any other of the many heists in the news -- as long as they do what's always been required of their office: data governance and due diligence.
That's the advice from someone with years of experience in Beltway IT -- Pamela Wise-Martinez, chief cloud and enterprise data architect at Pension Benefit Guaranty Corp., a U.S. government agency that protects the pensions of millions of Americans.
"If they're not doing that on a regular basis and as part of their regular lifecycle management of IT, then they're in trouble," Wise-Martinez told me at the Hybrid Cloud Summit, which was held at the Hyatt Regency Cambridge here Thursday. An important part of a CIO's due diligence for cloud deployments, said Wise-Martinez, is making sure the business is involved. CIOs need to hear from the business exactly what benefits they hope to get from cloud and which data they are most fearful of being hacked.
Judith HurwitzPresident, Hurwitz & Associates
"When you understand their pain points, that really means you're using your active, listening ear to understand what their fears are and what's the reality of a data breach," she said.
Wise-Martinez, a speaker at the conference, was echoing a message heard throughout the event, which educated a small but responsive audience on the challenges of and best practices for deploying hybrid cloud environments: IT, the business is telling you want it wants, so listen up.
What it wants is the speed and flexibility to change with the business -- and at the same time to stay out of the headlines. Hybrid cloud, an interconnected mix of public cloud and on-premises IT resources, delivers on those demands, said Judith Hurwitz, president of consulting company Hurwitz & Associates and an author and co-author of many books, including Hybrid Cloud for Dummies.
"I believe that when we sit down at this meeting five years from now, we won't use the word hybrid. We won't use the word cloud. We will use computing," Hurwitz said, adding that CIOs don't want to be the one standing in the way of business agility. "They look at you as Mr. No -- or Mrs. No or Ms. No," she said.
De facto hybrid cloud environments
Vala Afshar, author and columnist for The Huffington Post, recounted his journey to being Mr. Yes at his former employer, networking company Enterasys. He found that 15% to 20% of customer service staffers at the company were maintaining their own customer relationship management system -- a mishmash of manual reports and Excel sheets. He knew there was a better way, and that's when he adopted a software-as-a-service application, Salesforce (full disclosure: he now works there).
"Agility was very important. So for us, moving to the cloud was to stay relevant."
And the on-premises part of hybrid? You already have that, Wise-Martinez said in her presentation on hybrid IT in government.
"You're already hybrid cloud," she said. "I don't know anybody that isn't hybrid cloud. Because we're already on-prem, and we already have legacy environments."
I asked Wise-Martinez about a second computing snafu this week: two Amazon Web Services outages in two days. If the cloud part of your hybrid mix is on the fritz, can those on-premises systems step in and show what they're made of? It's a solid fallback, she said, citing the example of electrical power going out during a storm.
"We make sure that we have water; we make sure we have all the provisions we need when the power goes out. And sometimes you have a backup battery," she said. "But the point is that hybrid can play a huge role in your continuity planning, so that should be part of your enterprise strategy."
CIO news roundup for week of Sept. 21
Here's what else grabbed headlines this week:
- China's president Xi Jinping vowed to fight cyberattacks during his seven-day visit to the U.S., but Washington officials downplayed the possibility to lasting cybersecurity between the two nations. "I think we're a long ways from getting there," said National Security Council director Dan Kritenbrink. "But that certainly is the goal." In Washington on Friday, Xi will meet with the president, Vice President Joe Biden and congressional leaders.
- The Safe Harbor pact between the U.S. and the European Union could be in jeopardy. A top-ranking adviser for the E.U.'s highest court said the data transfer agreement -- which allows Europeans' personal data to be hosted on U.S. servers -- should be scrapped because of concerns about U.S. spying. The opinion isn't binding, but it imperils two years of work on updating the pact. If it's heeded, companies would need to use slower-moving methods to transfer personal data.
- The self-proclaimed Islamic State threatened to carry out a cyberattack on the U.K. The threat came weeks after the U.K. launched a drone attack that killed two British Islamic State fighters in Syria. Michael Fallon, Britain's defense secretary, has said his government would launch another strike if it discovered the Islamic State, also known as ISIS, was planning to attack the U.K.
- Ford, GM -- and Apple? The technology company has speeded a "committed project" to build an electric car, setting a rollout date for 2019. Apple has hired driverless-car experts, but the first vehicle won't likely operate without human pilots.
- Have a heart; if not, print one. Philadelphia startup BioBots has put on the market a 3-D printer that uses "bio ink" to make human cells. The goal is to someday replicate human organs and potentially make transplant waiting lists a thing of the past. Price tag: $10,000.
Challenges, myths abound in hybrid cloud management
How to manage hybrid cloud environments
Ample reasons for keeping some data on-premises