--> Gill Blog: February 2005

Gill Blog

Saturday, February 26, 2005

The Value of Biometrics?

Our increasingly risk-conscious world has been the catalyst in boosting the profile of biometrics. What is biometrics? Loosely defined, these are the security-based technologies that are used to match biological features of a subject such as iris patterns and fingerprints against those that are stored in a database (click here to find out more). In fact one of the biggest users of this technology today is the Department of Homeland Security.

Clearly, risk awareness has been good for business in the past few years, but some think the gravy train may be nearinig its end. Vic Wheatman, a prominent prognositicator of security at the Gartner group recently spoke to a conference in San Francisco, where he predicted a substantial drop in security spending. This prediction is based purely on the numbers.
"It is a myth that the more you spend on security the more secure you are," said Wheatman. "2005 will be the year of reckoning for security spending. The lowest spending organisations, often the most efficient, can and will safely reduce spending to three or four per cent [of corporate IT budgets]."

The tone of Wheatman's discussion focussed on getting the maximum amount of bang for the buck, and in this regard enthusiastically supported cost effective solutions such as wireless authentication, enhanced firewalls, more intelligent networking technology, antivirus and anti-spam checking, and content filtering. How did biometrics fare in the mix? Not too well as it turns out - in fact, Weatman seemed to give it the big thumbs down:
He maintained that hackers could beat such systems relatively easily, and that some companies which had installed biometric identification were now giving up and shutting down such systems.

The issues of vulnerability and bugs seem to be recurring themes that limit the expansion of places where these technologies can be deployed. We'll be sure to keep our 'eyes and ears' on this area as it develops.

Sunday, February 20, 2005

A Bad Time to Turn a Blind Eye to BCP

An emerging theme that seems to grow by the day is organizational apathy toward risk management. Although we seem to be much more attentive to disruptive events that can affect operations - whether they are naturally-occurring or anthropogenic - curiously, managers are becoming more and more resistant to the idea of initiating business continuity programs. This phenomenon is descrtibed in an article that appears on Dan Stolts, president and senior systems engineer for Bay State Integrated Technology Inc. of Lakeville, Mass. explains it this way:
"The entire problem is that companies see business continuity and disaster recovery as something they should be thinking about. Then it gets pushed aside because of things that come up on a day-to-day basis and other projects that are in the works"

The article cites a recent survey by Deloitte and Touche which answers some of the reasons why this is occurring. Much of the problem has to do with infrastructure difficulties:
The study shows many companies haven't developed enterprise-wide business continuity programs or they lack the appropriate infrastructure to verify that one is properly maintained...two-thirds of respondents acknowledged this

One the primary reasons why risk mitigation becomes so important in my opinion doesn't necessarily have to do with the risks associated with terrorism, as much as it does with how our dependence on technology is exploding. In fact, I came across the following piece from the Business Standard in India that offers up the following startling statistic:
Ranganath Sadasiva, business manager, storage works division, HP India pointed out that more data will be created in the next three years than in the past 40,000 years

More data means more points of vulnerability, which in turn requires a much greater degree of attention that should be paid to business continuity planning.

Friday, February 11, 2005

New Organizational Structures in the Knowledge Economy

As we expand upon and fine tune the concept of workplace continuity, we see a noticeable shrinkage of the white space that separates a number of distinct operational silos. I am writing this note from a coffee shop after having an extended meeting with my friend Errol Saldanha. Errol is one of the world’s foremost authorities on branding, and we often meet to discuss how the underpinnings contemporary working culture are shifting, and thus impacting our own work.

We just spent over three hours discussing and debating the finer points of strategy – I am currently in the midst of a major renovation of my platform, and looked to Errol for some valuable input (come back and take a peek at our new site next week). One of the particularly interesting topics we mulled over was how a gradual shift to a knowledge-based economy would force enterprises of all sizes to reconsider their basic organizational structures.

In particular, we agreed that one of the fundamental hallmarks of the industrialized economy was the master-servant dynamic - in fact, this type of dynamic has often been at the root of most conflicts within the workplace. Its very structure is calibrated to a production-oriented model – i.e. so many inputs of labor yield a defined output of product – so we had to ask question its survivability as we wade further into an economy that becomes more knowledge-oriented. In fact, we predicted like so many things, this will join the ranks of the buggy whip and slide rule in no time. If it does, how does it bode for the future of the organization?

The key would be to create a collaborative network of specialists in key functional areas, who can be deployed at a moment’s notice to a client assignment. Technology is king within this structure, and this in turn affects the bricks and mortar strategy in the sense that the need for real estate changes as this network is spread across a wide geographic area.

As workplace continuity strategies are increasingly adopted by organizations, the one stop shop structure gradually loses its ability to compete against a virtual S.W.A.T. team of always ready professionals.

Tuesday, February 01, 2005

Terror Town, USA

Federal funding and a lease commitment enabled New Mexico Institute of Mining and Technology to purchase a "ghost town" in the middle of nowhere for first-responder and anti-terrorism training.
Top administrators from New Mexico Tech and Phelps Dodge Corporation signed off this past summer on a $5 million real estate transaction that made New Mexico Tech the only university known to literally own an entire town.

Negotiations between New Mexico Tech and Phelps Dodge to purchase the 640-acre township, along with its 259 homes, six apartment buildings, various community facilities, and surrounding 1,200 acres, had been ongoing for more than a year and a half. New Mexico Tech is now in the process of fully converting Playas into one of the nation’s premier locations for anti-terrorism and first responders training.

“New Mexico Tech is now able to look forward to initiating a whole range of research activities and training programs in and around Playas that will directly support homeland security efforts, not only at the state and national levels, but on a global basis as well,” said New Mexico Tech President Daniel H. López.

Initial plans call for the town to be used as a “real-world” training center for the research university’s training program in prevention and response to suicide bombings and other related programs.

Real estate developers will appreciate the deal in which the Department of Homeland Security has agreed to lease the new Playas Training Center for $20 million a year over the next five years to train first responders in "real world" environments.

Officials from New Mexico State University and New Mexico Tech have agreed to cooperate in developing training and research projects in Playas, NM. Tech bought it for first-responder and anti-terrorism training. New Mexico State will focus on training and research to protect the food supply against agroterrorism.

For more information, see: Playas Training Center Brochure pdf or Playas Training Center Overview pdf.