The changing world of the Chief Information Officer
For the company Chief Information Officer, the task of keeping information secure, and fully functional, can be daunting. In an age where so much information is transmitted via the Internet and stored on servers in a remote data center, those tasked with overseeing the safe storage and transmittal of data wonder if they have enough security and backup and what they could additionally do to keep things running smoothly.
Ask any CIO whose company e-mail has been hacked, who heard about the recent LinkedIn situation, or has suffered ‘down time’ because of server problems how valuable it is to have a functional operating information system. The challenge is staying ahead of the latest changes and challenges, and balancing this against the investment of time and dollars needed to implement the right system.
Two areas of concern to most companies are: (1) the potential that sensitive information will be compromised by a breach; and (2) The headaches of lost data or a server going down.
Most CIOs are intimately familiar with firewalls, passwords, encryption, and standard measures to protect information from outside threats. Yet, the challenge of dealing with lost time and data due to equipment failure or an act of nature can be a bit more challenging. One solution gaining in popularity is the ‘virtualization’ of data for storage and replication.
In layman’s terms, this is the ability to “mirror” data quickly. The virtualization software that accomplishes this can execute the task in several ways: locally (think of a “box within a box” at the same data center), or remotely, at a distant geographical location. If a company’s data center is physically located in Boston and there is a massive power outage and the local backup system fails for some reason, the company or companies that depend on this data center may be out of luck until power is restored. However, should the company have a replication of data plan in place with a remote location, perhaps in Michigan or Texas, it’s not much more complicated than the flip of a switch to get the companies up and running with little if any interruption. It’s further advisable to host the DNS (domain name service) in a separate location from the application or mail servers. This is an inexpensive way to further guard against 'down time'. Companies seeking this virtualization can go through a host or Internet Service Provider, or deal directly. Two websites which provide detailed information about the process are http://webservices.thesba.com or www.liquidweb.com. The brand name may vary, but this is basically a virtual redundant system as close to absolute protection as a business can find.
Separately, it’s advisable to implement a redundant Internet access option at the office – inexpensive but well worth the investment if a primary server goes down. Many smaller businesses have one source for Internet access, which they channel through a wireless router. A second, backup Internet source (Cable, DSL, Fios) can be a time-saver in an emergency.
While most companies already take the precaution of having e-mail and Internet on separate servers, an additional strategy to consider is the use of a “web pulse” monitoring system. This monitoring service evaluates the performance of web sites, servers, web applications and e-business transactions in ‘real time’, providing problem and error detection information so that it can be dealt with immediately. This is achieved through redundant monitoring locations throughout the world, which constantly measure the accessibility of websites and applications. One provider of this service is www.websitepulse.com for anyone seeking additional information.
Overseeing a secure information system is like playing a game of chess. It requires vigilance to anticipate what ‘the opponent’ – whether that’s a hacker or an act of nature – is capable of, and being ready to provide a checkmate.