The Internet of Things: Can It Be Kept Secure From Cyber-Risks?

by WGroup

Your Business and the IoT

Can the Internet of Things Be Kept Secure From Cyber-Risks?

More data has been generated in the past two years than the entirety of mankind’s history combined, and most of that data resides in the Internet. With so many devices, things and data connected to the Internet, it should not come as a huge surprise that cyber-risks are on the rise.

The rise in cybercrime led noted Internet security pioneer Eugene Kaspersky to dub the Internet of Things (IoT) the “Internet of threats.” While the threat of cyber-risks is very real, there are reasons to believe that Kaspersky’s pessimism is overstated. There are several reasons to remain confident in IoT security, including innovations in IoT app security.

The Importance of IoT Apps

In the vast world of IoT products connected to the Internet, there is a common theme among many of them. IoT products often use apps to help facilitate ease of use and convenience.

When these apps are not secure, the cyber-risk threat rises dramatically. Fortunately, there are easy steps that can be taken to ensure that IoT apps are protected.

Given that applications are a fundamental component of the IoT process, IoT security and protection strategies should start with securing the application itself.

Applications can be secured and bolstered to defend against hacks and cyberattacks by application hardening and runtime protection. These techniques can be effectively implemented without affecting source code since guards can be automatically inserted into the binary code instead.

Subsequently, these guards can be protected in such a way that both the application itself and the guards are both protected. In turn, this ensures there is not a single-point-of-failure that hackers can easily exploit.

Device Makers Can Bake in Security

While app security is crucial and is often the best way to start securing the IoT, baking security into connected devices is also a helpful strategy. Experts suggest that such strategies prioritize safety in the design stage of connected devices, which in turn ensures that device manufacturers share some of the security responsibility.

Developers who think about solving security during the creation stage will help thwart security threats by considering how to create their devices in a way that repels cyber-risks.

Everyone Must Work Together

To successfully win the war for IoT security, consumers, businesses and developers must all do their share. Consumers must educate themselves on the value of creating strong passwords, and they must also regularly change these passwords.

And, while developers must implement security best practices as mentioned, businesses can create dedicated IoT security teams of specialists who ensure that security is a dedicated component of the business roadmap.

Finally, businesses should be honest with customers with regards to privacy policies. When all parties recognize and understand the security risks that face the IoT, everyone can work together to ensure that the IoT is secure. While hackers want to ruin — or exploit nefariously — the incredible innovation that is the IoT, it will not happen so long as everyone fully commits to the necessity of IoT security.

If you’d like to learn more in-depth insights on the Internet of Things, request a copy of WGroup’s ebook, Your Business And the Internet of Things by clicking here.

Posted in Default | Comments Off on The Internet of Things: Can It Be Kept Secure From Cyber-Risks?

Multi-Vendor IT Governance – Begin With the End In Mind

by Steve Coper

Begin with the End in Mind:

Organizing and Conducting Effective Multi-Vendor IT Governance Meetings

Managing multiple vendors requires a clear strategy focused on driving business goals, regular open communications, and strong leadership. Conducting effective governance meetings is a critical component of ensuring those pieces are in place. But in order for them to be productive, it is critical that business and IT leaders set the agenda and begin with the end in mind.

Conducting and planning effective vendor meetings can be challenging. Without a clear agenda, it is easy to get off-topic and focused on the wrong priorities. To prevent problems and have more productive multi-vendor meetings, it is important to understand your overall objectives, determine your specific needs, develop plans accordingly, and stay focused on achieving the end state.

What is effective IT vendor governance?

Among other things, IT governance allows companies to build better relationships with vendors, continuously improve service and innovate. Understanding what good governance looks like within your environment must be considered. There is no one-size-fits-all solution. Before planning a program of regular meetings, it is important to have a clear idea of where you are headed and what makes a governance strategy effective. Effective multi-vendor IT governance incorporates the right mix of skilled personnel, relationship building disciplines, and management tools and techniques from both you and the vendor.

Key tenets of IT governance include:

  • Mutual respect
  • Quantitative and qualitative measurements
  • Candid information sharing
  • Continuous improvement and innovation
  • Ongoing opportunities for business value and growth

Key meeting topics

Setting the agenda for a multi-vendor governance meeting is critical to ensuring it is productive. IT vendor governance should cover six key areas: contracts, relationships, performance, projects, continuous improvement and innovation, and financials. Meetings should be structured around addressing several of these key topics.

Contract Management – Managing contractual commitments to agreements and service delivery models, dispute resolution, and maintaining contract legal documents are critical components of managing vendors. Key meetings include escalating issues and disputes (via predefined processes) and reviewing contractual deliverables and event triggers (e.g. adjusting SLAs, resource levels or pricing renegotiations).

Relationship Management – This area focuses on customer satisfaction, overseeing relationships to ensure alignment, and working with the vendor to manage risk. Key meetings and deliverables are overall program communications planning and execution, customer satisfaction survey reviews, and vendor risk assessments.

Performance Management – This area involves measuring and monitoring delivery performance in relation to SLAs, reviewing deliverables and trends, and monitoring aggregate incident, problem, root cause, and change management performance data for all relevant vendors. Key meeting topics include monthly performance measurement reports (with a rolling twelve-month performance period) and quarterly multi-vendor aggregated performance reports (e.g. Priority 1 incidents, Root Cause Analyses (RCAs), and change management success).

Project Management – In order to keep projects running smoothly, companies need to implement systems to measure and monitor project control and execution performance, review schedules, issues, risks and mitigating actions and compare budget to actuals, and estimates to completions. Key meetings include monthly measurement reports, quarterly multi-vendor reports, and aggregated performance reports.

Continuous Improvement and Innovation – Companies must constantly work with vendors to improve solutions, capture new markets, and reduce costs. Governance programs should be in place to establish multi-vendor processes for vendors to submit ideas, business cases, proposals, and hold briefings to discuss partnership and other innovation topics. Key meetings should include monthly reviews of individual submissions and client decisions on each and quarterly collaborations between clients and vendors to share strategic and tactical business and IT intelligence and information on emerging trends.

Financial Management – The financial management component of governance validates and manages costs, monitors the economics of contracts, and ensures that value propositions and expected benefits are realized. Key meetings are monthly invoice reviews, quarterly financial or budget scorecards, and value proposition management. Organizing productive, tactical, and strategic multi-vendor governance meetings can allow companies to take better advantage of IT vendor relationships. WGroup has the experience in working with cross-industry clients to determine your specific needs and assist in developing a customized multi-vendor IT governance program.

By establishing an ongoing program for all parties to regularly discuss goals, resolve problems, and set agendas, you can drive more aggressively towards successful relationships and achieving mutual objectives.


Effective Multi-Vendor Governance

For a more detailed discussion of multi-vendor IT governance, see the full white paper, Effective Multi-Vendor IT Governance, at http://www2.thinkwgroup.com/Effective-Multi-Vendor-IT-Governance

Posted in Default | Comments Off on Multi-Vendor IT Governance – Begin With the End In Mind

XaaS — Everything-As-A-Service Moves into the Mainstream

by Domenic Colasante

XaaS — Everything-As-A-Service Moves into the Mainstream

Everything as a Service (XaaS) is no longer a phenomenon, nor is it a passing fad. It is a strategy that should have already been adopted by CIOs and IT leaders. In fact, if you’re not already “on the train,” then you’ve probably missed it.

For an enterprise, XaaS offers the chance to improve the way that IT serves you, your enterprise, and your customers. It is an enabler of the transformation of IT into an integral component of every part of the business. It offers the opportunity to deliver countless services over cloud, rather than focusing on local or on-site. To date, cloud has moved beyond its early stages of representing solely a means for off-site data back-up. Now, cloud has the ability to rapidly evolve and virtually support communications, content, commerce, applications, and almost anything that is thrown its way. In short, XaaS offers enterprises the opportunity to vastly enhance their use of software and hardware, as they optimize their entire approach to IT.

Over the past year, XaaS has shown a continued ability to provide enhanced agility, increased levels of innovation, faster response time, adaptive capabilities to changing markets, contained costs, and the reduced need for capital. Over the rest of 2016 it is expected that XaaS services will continue to expand, as CIOs and IT leaders who hadn’t already embraced XaaS play catch-up in an attempt to leverage the benefits of this innovative IT strategy.

Make sure to see our related blog posts on cloud and XaaS. Click Finding the Right Cloud Strategy For Your Company and How Cloud Computing Is Poised to Shift the Security Status Quo to learn more.

For an in-depth white paper on cloud, click here for The Top 5 Imperatives to Address in Your Cloud Computing Strategy

Posted in Default | Comments Off on XaaS — Everything-As-A-Service Moves into the Mainstream

Clinical Service Desks – 5 Things You Need to Know

by David Malicoat

Considering implementing a clinical service desk?

Here are 5 things you need to know

Clinical service desks can bridge the gap between traditional IT help desks and more specialized customer service solutions designed for the medical sector. By having a skilled practitioner at the desk, solutions can help organizations deliver better, more effective care to patients while significantly improving productivity. But clinical service desk solutions are relatively new and jumping on the bandwagon without fully understanding what you need can lead to problems down the line.

1. The space has not fully matured

One of the most important things to know about clinical service desks is that they are a relatively new development and some solutions may not have reached the level of maturity your company requires. Unfortunately, healthcare providers looking for an implementation that follows industry best practices may struggle when they find that the rules of this space have not yet been completely written. This makes it difficult to contract with smaller providers that may not have yet proven their ability and may be unable to provide a convincing argument that their solution is strong and reliable.

In many cases, the relative immaturity of the space manifests itself through highly customizable, a la carte offerings. There is not yet a well-defined preset grouping of services and features that most companies offer. Although this provide great flexibility for customers that know exactly what they want, it can be confusing for customers that don’t. Organizations should strive to understand what’s available, and choose providers they can trust before moving forward with an implementation.

2. It’s important to decide who will be using the solution

Prior to contracting with a vendor or implementing a solution, it is critical that the organization understand how, and by whom, the clinical service desk will be used. In some instances, the solution is only used by physicians, in others physicians and nurses, and in still others by all clinicians. Different users have different needs, and deciding the scope and functionality required by the organization ahead of time will help set clear goals and allow you to work with vendors to find a solution that works for you.

3. Some solutions are purpose built around EMRs, some aren’t

Leaders of the clinical service desk space like Epic and Cerner have purpose built solutions designed to work effectively with EMRs and meet the unique needs of healthcare professionals. Other vendors may or may not have the level of maturity of these providers, and could potentially cause problems. Customers must carefully vet vendors and choose one that can deliver the functionality and expertise necessary to productively aid the practice.

4. Deciding how users get in touch is key

Ultimately, the way users interface with the service desk is critical to its day to day use. There are two primary options when it comes to communication, single and multiple phone lines. In the single phone line option, users call in and are routed to the necessary person via a phone tree. This provides simplicity by having only one number to remember and call, but navigating a phone menu can slow users down when they need information quickly. The other option is having two or more numbers. This may get users the information they need more quickly, but increases the complexity of the system.

5. Features vary from vendor to vendor

The services and features included in a clinical service desk solution can vary greatly. In some cases, solutions are only focused on EMRs. These tools are primarily designed to help healthcare providers solve EMR related problems and find patient info more quickly. Other solutions take a more comprehensive approach and offer one call fixes for any IT or EMR related issue. In some cases, this can take the place of a more generalized IT help desk solution and streamline the organization. However, these concierge solutions may not be able to offer the same specialization as more specific options.

Clinical service desks can provide significant boosts to productivity and quality of care in the medical sector, but they can also be challenging to navigate. Being a young space means there aren’t as many established best practices or predefined solutions. Ultimately, healthcare providers must carefully plan their clinical service desk strategy, define goals, and choose an option that meets their unique needs.

_______________________________________________________________________________________

WGroup assists clients in the medical and healthcare sector with advisory services related to information technology, sourcing, service methods and service delivery. Visit our home page at www.thinkwgroup.com to learn more.

Posted in Default | Comments Off on Clinical Service Desks – 5 Things You Need to Know

When Is the Right Time for Contract Renewals?

by Domenic Colasante

When Is the Right Time for Contract Renewals?

Finding your company’s ideal renewal window

Contract renewals have a way of sneaking up on companies, catching them unprepared and without enough time to catch up. The pace of technology change is rapid. IT leaders need to use this as a chance for transformation. There is never as much time to properly prepare as you think, and taking the time to build and execute a well thought out renewal strategy is critical to achieving business objectives.

In this post we’ll discuss some strategies for planning contract renegotiations and rebid cycles and why it’s so important to have enough time for them.

Companies underestimate the time they’ll need

At WGroup, we’ve found the ideal window for starting to address contract renewal is 18 months. This leaves enough headroom for the work that needs to be done to successfully negotiate and implement new contracts while accounting for potential delays along the way. If you’re like most IT leaders, that’s much more time than you give yourself to prepare and execute a deal. But what goes into these 18 months, and why is it so important to have that much space to work in?

Strategy/Analysis Work (3 months) – One of the most important steps in contract renewals is forming a plan of attack to effectively address transformational technologies, changes to the service delivery model, and new business objectives. It is critical to have a clear understanding of what works and what doesn’t in the current agreement, what requires change, and what will drive business goals. Aligning the solution and SLA with business needs means carefully evaluating current performance and identifying areas that need improvement.

RFP Lifecycle (5-8 months) – This is probably the most variable period for contract renewals. Companies must allot a significant amount of time to see new solutions for vendors bid preparation and submission, bid evaluation, and negotiations. It is important to go slowly, and carefully evaluate every option. Make sure to evaluate how the new agreement and new solution will enable business agility, flexibility and speed.

Transition (6 months) – If your company decides to change vendors, or if the current vendor’s solution is dramatically altered, the IT organization needs to allot time to implement any changes. This may include periods for physical hardware and infrastructure changes, applications and tools replacements, training, and other preparations that the vendor must make. Allotting enough time for this period ensures that the process isn’t rushed and that an underdeveloped solution isn’t implemented.

Contingency Time – Never expect the best case scenario. Allocating extra time for course correction is vital. You may see something exciting that you had not thought of or considered that you want to take advantage of. The more time you have you not only get more leverage to get best deal but you also have more room to make sure you get right solution.

Above all, it is important to remember that this process cannot involve only the IT organization. Business leaders needs to be engaged in this cycle. IT must first ask the business what the desired outcomes are and how can these outcomes be reached. Adapting the contract renewal process to address business goals while allotting enough time to effectively meet those goals is at the heart of an effective contract renewal strategy. Don’t get caught without enough time and without a plan. Prepare for contract renewals early and use the extra time to make sure vendors meet your business’s real needs.

Posted in Default | Comments Off on When Is the Right Time for Contract Renewals?