Gavin Kenny

Hardware, Software, Wetware

No Comments »
July 27th, 2010 Tags: ,
Posted in Information Management, IT Leadership, Working in IT

I am always impressed at the ingenuity of people who develop new security technology, whether it is a new protective monitoring solution that can process billions of events a minute or an audit solution which can scan an entire network in a few seconds. It is usually very clever and the result of a lot of work.

Granted there is always the hype and part of my job is to cut through the trash and try and find the nugget of gold at the core. However, what always makes me smile is the earnest belief of the vender that this product is the killer one we all need.

Sadly the truth is that there is no one piece of hardware or software which will deliver a complete security solution in a way which allows people to do their job without hindrance.

Here we come to the nub of the problem - it does not matter how carefully the system is developed or, dare I say it, how much money you spend, if the Wetware, the people, aren’t an integrated part of the total solution then you are wasting your time.

We are used to organisations saying “our people are our greatest asset”. While some companies actions may appear to demonstrate a different view, the simple fact is that it is people that do business with people. It is the people who have the sudden insight, and who are, in fact, the secret sauce to any businesses or government department’s success.

read more

G-Cloud maybe, One Government definitely

2 Comments »
July 15th, 2010 Tags: , ,
Posted in Government, IT Leadership, The Future!

With the coming together of the Conservatives and the Liberal Democrats, David Cameron and Nick Clegg did something that people thought impossible. Well that is child’s play compared to what needs to happen next if they are going to drive down the cost of Government.

The thing is that every major government department actually is a complete world in itself, with it’s own hierarchy; IT systems, support services, contracts and view of the world.

A bit like Europe each department has its leaders who meet regularly and agree to work together but the departments themselves actually don’t trust each other and certainly rarely work well together.

How many times have we read in the papers that some catastrophe or other could have been avoided if information had been shared? And usually the combined IT systems which were created to allow information sharing have failed due to “lack of stakeholder management”, that is, the departments they were for couldn’t agree on what the system had to do.

Security is often cited as a reason why information cannot be easily shared or why a department cannot use another’s database and so must produce an identical one of its own. Certainly the thought of empire building and control could not possibly be the reason but let’s get back to Information Security.

The main thing about Information Security is that you need to allow the right people access to the right information at the right time. What usually forces departments down the “build it yourself” route is that while different departments might hold similar or even identical information, how they value that information varies.

So we fail at the first hurdle because the very first step in developing an Information Security Strategy is to identify what information you wish to protect and how much do you value it, known as the “Impact Level” of the information.

read more

Apple’s App Store – The future of HMG security?

No Comments »
October 21st, 2009 Tags: , ,
Posted in Government, Information Management, IT Leadership

Let me start this by saying “People are lazy, unless they are doing something wrong, then they are inventive, resourceful and dogged!”, but more of that later.

The iPhone is possibly one of the most iconic mobile devices of the decade, but while it is an object of desire which has set the mobile phone market alight, it is not the phone on its own which has made it such a success.

Yes it is beautiful, ergonomic and performs with the kind of calm aplomb that we now expect from the wizards in California. The always-on internet access was no more than the next step and just as obvious. The radical, “blow me away”, killer feature is the App. Store. The reason why you want to be always connected is the ability to easily grab an application when you need it and pay for it then and there!

The economic benefits of supplying software in this way for a large enterprise or government are obvious.

Your people have easy, “Self Service” access to approved applications and the purchase and licensing can all be handled automatically. Your staff can become more productive. Yes, you can get that drawing package onto your computer when you suddenly realise you need it at 2am. The cost of supplying that service is reduced as you no longer need 24/7 support staff to perform this function, you no longer have the worry of unlicensed software or worse, something downloaded and unapproved, and best of all you reduce your upfront costs. You no longer have to roll everything out to everyone, just in case. You only pay for what you use, when your people need it, without the complications of per second billing associated with software as a service.

So it all sounds like a fantastic idea and indeed the US Government are busily rolling out their own App. Store for their departments, but what has this got to do with IT security?

Ironically it is the Apple approval process through which all software must pass before it is allowed onto the App. Store that comes under fire the most. This aspect of the Jobsian App. Store is simply an extension to the Apple philosophy, insisting that every piece of software on an Apple must run perfectly and play nice with every other piece of software.

read more