Equifax

Much is being written about the Equifax data hack. You can read about it here or here or here if you’ve not yet read much about it.

I saw a post on Twitter the other day that cracked me up.

Screen Shot 2017-09-11 at 10.34.40 AM.png

One report in the NY Times suggested that Equifax doesn’t even know who is impacted.

Here is the deal, Equifax’s business is to gather this information and sell it to 3rd parties. When you need a loan or want a new credit card, the company extending credit to you goes to this company, or ones like it, to check on your credit. They gather this information from lots of different places and you have no options to tell them to stop doing this. They are creating this database of information about you and you have no control on how they protect this most sensitive information.

We are the ones impacted by their lack of security. We are the ones further impacted by the huge delay in telling us. What was stolen is about us and it impacts us. Equifax might take a stock hit, but not much more.

 

This company needs to be put out of business. The class action law suit should put them out of business. There should even be clawbacks on executive compensation and stock options.  

A year of credit monitoring is not even meaningful punishment for this poor stewardship and lack of property security protection.

Company and organization leadership teams need to take the protection of confidential information seriously.  There need to be examples, like here, where the company is put out of business because of their lack of proper attention and focus. Probably the CIO will be fired, but really, the board and the senior leadership team should be fired.

 

Getting Better?

I usually don’t pay much attention to IT futurists who like to tell us how IT will look in a few years. I mostly think those articles are written by people who are looking to increase their following or subscribers and are not likely based on real insights. One group I followed years ago wrote about Future IT and while some of the points where great, I thought others were absurd.

But, as I think about IT and where it is going, I think corporate IT is getting smarter and has more options than it has had in the past.

  • We can host applications internally or in public clouds or in a blend.
  • We can use open source solutions for some parts of the stack.
  • We can virtualize services and avoid more and more hardware.
  • We can use SaS solutions in some cases.
  • We can outsource parts of our service in areas where we don’t want to operate.

And we have new IT visibility tools that can give us deeper insights into our own operations than ever before. ServiceNow, Apptio, and xMatters give us more options than ever before.

I’m not sure we are getting smarter and I’m not sure if we are getting more respect from our business partners, but I do think we have more options than ever before.

What do you think?

Audit and Security

I heard of a place where internal audit was told to do a comprehensive security of all aspects of an organization. All aspects.

How is that possible?

The IT organization is likely working at 110% with all their energy and effort to manage, monitor, invest and improve an organizations security so how can a short audit effectively grade how they are doing? Now I suppose that if the auditors were knowledgeable about security aspects and if there were huge gaps in what IT was doing then those would surface in the audit. But how could an audit detect deep matters in the enterprise in a short audit?

Further, how can an IT organization comprehensively know that all is in control? Further, how can a CIO assure a board that everything is under control?

They can’t.

They can only attest that they are doing all they know to do, they are vigilant and they are working to set the tone across the enterprise that all must work together to secure the organization.

They can only assure that they are doing all they know to do.

These are difficult times for CIOs.

Get the right information to the right people at the right time

A really great post over at e2open about what CIOs should be focused on at work. I’ve thought about it a lot since reading this yesterday. The only thing I might add is that CIOs should also be focused on keeping information out of the wrong people’s hands. Get information to the right people and keep it from the wrong people. Is it that simple?

What do you think?

A Few Reading Recommendations

Finally caught up on some reading material. Here are a few great online posts you might check out.

  1. A 10 Step Process for Protecting an Organization’s Data
  2. A really cool list of Gifts for User Experience Geeks for 2011
  3. A good list of books to read about complex problems called Five Must-Reads for Tackling Complex Problems which includes some of my favorites.
  4. A finally a great post of the dangers of collaboration entitled Eight Dangers of Collaboration. Great thoughts to actively think about as you are trying to improve collaboration in a team or workplace.

I’ve been behind on posting, but have a stack of ideas I want to write about soon. I leave you with a really great quote:

“One of the most important ways to manifest integrity is to be loyal to those who are not present.   In doing so, we build the trust of those who are present.  When you defend those who are absent, you retain the trust of those present.”

–Stephen Covey

A Few Great Posts to Read

Wanted to pass along a few great posts that I’ve collected from others in the past weeks.  Some of these I’m still thinking about and might post further on later.

  1. Mark McDonald is at Garter Group and he wrote a piece called  12 Things Every Business Needs To Know About IT on his blog.
  2. There is an article on Forbes CIO Central called The Coming Crisis of IT Management which has a lot of good points.  I might share this with my boss and use this piece and the prior one with my boss as a conversation starter.
  3. JD Meier wrote a great piece on Business Scenarios for the Cloud which outlines business reasons why cloud solutions make sense.
  4. And finally Bertrand Duperrin always writes great stuff about collaboration and social networking in the enterprise.  He wrote an interesting note called Making the Most of Key Resources in Collaboration about attention, connections and communication.  I’m still thinking about this one.

I recommend watching all their pages too.