How do you keep hackers from finding your Achilles’ heel?
1. Diversify platforms. Enterprises need to put their core business functions on multiple platforms and keep data synchronized among them. So, for example, if the Windows platform is compromised, the organization can fire up the Linux implementation and operate with minimal interruption.
2. Check your backups. Organizations should verify their code before they back it up or restore it, says Pironti. The easiest way is to create a hash from compiled code before it’s put into production, then do the same thing before each backup. If the hashes aren’t identical, the code has been tampered with -- and the organization will discover it within hours, not months.
3. Audit processes. Most organizations need to do a better job of logging system activities and correlating them into events. By establishing a range of what “normal” transactions look like, organizations can more easily detect and respond to anomalous behavior.
4. Plan for small disasters. Most enterprises have their own worst-case-scenario guidebook on how to handle huge disasters but don’t have a clue what to do if just part of their system -- such as a Web site -- breaks down. They need a plan for every part of the puzzle, says Pironti.
5. Think business, not IT. Organizations should approach security and continuity with the idea of doing whatever it takes to keep the business going -- even if that means reverting to pen and paper, says Pironti. “If institutions looked at things from the perspective of business processes and not technology, they would develop much better vulnerability management plans,” he says.
Scenario 4: Software of the damned
Back in the late ‘90s, a large, Midwest maker of consumer products thought a new ERP system would be just the ticket. All the top executives signed off on it, and the IT department got busy. Many months and $40 million later, the project was finally done -- and users wouldn’t go near it.
“When they finally flicked the switch, they had a near-total rebellion from their users,” says Phil Bloodworth, U.S. leader of the IT Effectiveness practice at PricewaterhouseCoopers (PwC). Nobody had bothered to talk to the people who were supposed to use the thing. Some modules were retrofitted for use in other departments, but the bulk of the system was abandoned.
How do you keep your expensive project from becoming a lifeless zombie?
1. Talk to users. The bigger the project, the more important communication becomes, says Joel Koppelman, CEO for Primavera Systems, a maker of project management software. “The project itself may be done perfectly, but if the people are not prepared for the change, it will fail.”
2. “Socialize” the project. Have users help spec out the project and evaluate candidates, advises Bloodworth. “Get everyone to buy in by asking them what their needs are, what the current system does well and what it does poorly, and what’s required for the job.”
3. Avoid “Scope Creep.” Keep the feature list in check by putting a price tag on every change request. “A user or manager’s request for a ‘critical’ change may become less critical when it is determined the associated change would burn $1.7 million,” Gray says.
4. Keep training. “You need ongoing training, both before and after you convert to the new system,” Bloodworth says. “Tell users, ‘That [old] report is now this new report; your new screen will look like this.’ “