The show must (always) go on!

One aspect of IT that most people, within or outside IT, think is rather boring, somewhat negative and not very inspiring is the ongoing delivery of what IT are bringing – IS/IT services. This is called continuity management and includes painting the devil on the wall, tell everyone how dangerous he is, what will happen if the “shit hits the fan” and much more. Well, not really, but often we get this rather stereotype version of what continuity management includes. It also includes knowing what risks there are, how to manage these and what to do if, may god forbid, something really bad will happen, a crisis of some kind.

For us working with quality and IT service management, well governance of IT in general, this is an absolute no brainer. Is there really any logical reason why not everyone should do this?

Last week I participated in the Brasilian event “Global Risk Meeting 2015”, #GRM2015, and about 300 people working with continuity, risk and also compliance and the legal and regulatory aspects of our life in and around IS/IT. It’s always very fulfilling hearing the experiences, know-how and basically just to talk and mingle to people that has the same mindset as yourself right?

Being the CIOs best friend I of course need to stay in the all aspects of the IS/IT game and these aspects, the “dark side” of IT is a real jungle. Getting the latest updates about what hackers can do, for example tap a whole Wi-Fi network and rob your data, passwords and the whole lot from all the devices connected to that network, this only using a USD 75 device anyone can buy. There are sites that sells the services of hackers and cyber espionage is bigger than ever. All in all the cyber threat is very real and I guess it’s of no surprise to anyone that we are little prepared and know almost nothing about this. Did you guys for example know that only 1% of the intrusion in company networks are detected by internal control (firewalls etc), about 85% of all intrusion are actually only discovered by external parties such as suppliers or customers, and the worst of all, the average time an intruding attacker of the network remains inside the network/system is 200 days (!?!), please read the security reports from Verizon (2014) and Cisco (mid-year 2015) for more horrifying reading.

Knowing all this, and being the pragmatical and business oriented guy I am I really want to tell you to start considering the security, at least the information security. The protection we all believe is sufficient with the operating system firewall and the freeware virus checker is not enough. And the biggest problem is not the machines, it’s the people using it. So, right now, start getting informed and create awareness in your organization you hear! There are no excuses and the risks are very real. Also, things are really a whole lot business oriented now, an organization can do a lot without finding themselves in the cold when the business starts pulling the plugs based on poor performance or disturbance to the ongoing business operations.

Another thing I knew little about but always was curious to get to know it the bitcoin. Did you for example now it’s actually a computer protocol, like for example the Internet protocols. There is nobody that owns the bitcoin, gaining anything. It’s just a secure way to transport a value between two parties that does not have to know each other, talk, have contracts etc. Until now, the bitcoin has not had any real success, well besides a real boost back in 2011-2012 when drug traffickers and their customers used this virtual, uncontrolled “currency” on the Silk Road website to trade with drugs. You could say that bitcoin got a bad start and are still somewhat struggling from a bad reputation based on this, but the FBI shut down the Silk Road in 2013 and now this crypto currency is beginning to reach the “clean” markets. This is of course scaring the banks and of course it will also inevitably lead to a lot of banks and economical system to collapse since they cannot any longer feast on our blood for historic reasons. I mean, who visits the bank office today? Everything is done online using Internet, the bank fees for doing this is totally ridiculous. However, that is another story. Just, remember the name bitcoin, in a near future we will see the bitcoin really entering the global marketplace, first on a small scale but very soon all banks, credit cards and the other leaches will have real problems.

Ok, I just want to get back to the actual theme of this blog post, the ongoing delivery of our dear IS/IT services. I want to tell you all a little, short (I promise) story.

The company X was started, had a rocky first 5 years but based on a lot of hard works, a bit of luck and well-played management strategies they reached great success. They expanded, first to other cities, than to other countries, started to do business online, reached far places around the globe. The sky was really the limit, things were going really good. Only, during 2 hours one Tuesday, the company crumbled and then died the horrible death of dying due to the fact that they thought they were immortals and that all these boring IT guys talking about disaster recovery, continuity and risk management were just boring and needed to be kept in a place where they didn’t disturb and anger the business. Therefore, the power failure, followed by smoke from the overheated servers, starting of the fire alarm followed by the poorly prepared and even worse trained staff using the water-based fire extinguishers and connecting the water sprinkler system in the server room effectively destroyed 90% of the infrastructure. Since all data, all transactions and pretty much all information that was stored on those servers did not have any backup and there were nothing even close to real recovery options, company X was out of business for more than two weeks trying to get back on their feet. However, in this time and age, where everything moves fast, they only recovered partially and only a few months after the incident they closed down.

A dark story? Sure. How are you managing your information? Do you have a plan? Think about it, the small investment to get your continuity management going is cheap when considering what could happen. So, please don’t let me be an “I told you so” guy but rather the “look, great that you listened” guy ok.

Do the right thing people!


Tweeting too…

Hi guys! Just wanted to share my twitter account @valorizeit

And now for something completely different, some words about the next post:

Knowing others is intelligence. Knowing yourself is true wisdom.

Lao Tzu

Lets make things practical shall we?

People in IT like abbreviations and use them all the time. There are always new technology, methodologies and concepts. There are “turn-key” solutions and Commercial Off The Shelf (COTS) software and we have clouds, virtual stuff and a lot of shiny things with bright buttons on it. There is a whole lot you can do with IT and software and we in IT like to present exactly everything you CAN do, all the information you can read, all the cool things you can do with you applications and how few Nano-seconds the new servers needs to do really complex things that was not even possible a few years ago. To sum things up, we in IT like to think of the IT area as a huge smorgasbord (huge picnic with finger food and more).

Ok, so let us for a second consider a restaurant. The guest arrives, little he knows what he is supposed to know about his food cravings. The waiter arrives at his table and presents him with all the food, the ingredients, all the tools used in the kitchen, the different ways of preparing all food and of course he explains all the cool stuff the chefs can make with all this. If this restaurant is really, really lucky, they just met one of the few customers that will actually like this and have a really fun night together. However, in 99% of the cases the customer will have a mental breakdown and end up ordering a toast.

What am I saying? Well, with this somewhat stereotype example I am trying to pinpoint the problem we always had, IT not succeeding to offer what is really needed and wanted, and on the other hand the business not being able to describe what the really need.

I have decided to blog about this, share my experiences from being a IT Service Management guy, a problem solver for CIOs, picking the good stuff from where I can find it, a lot of course based in the world of shiny frameworks such as ITIL, ISOs, CoBIT, Lean and much more. I pride myself in not being slave to any particular framework or tool but rather using what is needed to help organizations pick what best fits your needs and, more importantly, your specific set of conditions. Clients pay me big money for this, but here you will get it for free. Because I am a good guy that want to help, you, everyone, and I believe I have the skillset needed to make things really practical for you. So pay attention and stay tuned, later this week I will talk about the first thing you have to do, really get to know yourself. You need to perform a well-balanced baseline assessment.

Keep your eyes open!

Hello everyone! If you find yourself here, first of all I of course want to greet you, very welcome, other than that I am a bit surprised since I haven´t really started yet. But since you´re here, nice to meet you. I promise to fill this blog with smart things about using your IT, my experiences and much more, there are quite a few anecdotes of which I thing there are a lot to learn from. Because that´s exactly who I am, I never quit, I never stop learn, I am always curious and open for new smart ways of doing things. Over the last years I also started to get a bit lazy which is even better because now I do not only need things that are smart, they also have to really practical. Ok, so that all I wanted to say instead of having the default “hello world” post we all get when we are embarking on a new blog adventure.

Ok, I´ll let you know, in a short while there will be real stuff here ok!

// Nicke