Home About Blog Report & Survey Highlights Case Studies Q&A Interviews Services

Laura DiDio on…

Microsoft Azure Sphere chip for end-to-end IoT security from the Cloud to Network Edge

“MediaTek is a good partner [for Microsoft] to have for its Azure Sphere secure IoT chip,” said Laura DiDio, principal analyst with ITIC. “They will provide a Wi-Fi controller, the processor will run Microsoft’s Linux-based IoT OS and you’ve now got a highly secure, connected device at a decent price point.”

Channel Futures, April 17, 2018

Microsoft Reorganization:

“Microsoft has actually been moving away from Windows and more towards the cloud, analytics and AI for the past ten years,” explained Laura DiDio, an analyst at ITIC. “This did not happen overnight.” DiDio pointed out that Nadella has made major changes quickly during his tenure. “That’s the way you have to move,” to stay relevant, she said. “You’ve got to be agile to stay ahead of the game.”

The changes don’t mean that Microsoft is totally giving up on Windows, DiDio said. But they do mean that Nadella is focusing the company’s energies around stronger assets.

“They’re de-emphasizing Windows,” she said, in order to become a stronger “player in cloud and artificial intelligence, because that’s where the money is.”

CNN Money, March 29, 2018

Failure to deliver reliability and uptime:

“Time is money,” DiDio says. “Systems, networks and connectivity devices are subject to failure. If the downtime persists for any significant length of time, it can be expensive in terms of monetary losses. It can disrupt operations, decrease worker productivity and negatively impact the organization’s business partners, customers and suppliers.

“A security outage of any significant duration can also be a PR nightmare and damage the company’s reputation, causing lost business,” DiDio says. “Reliability and uptime go hand in hand with a comprehensive, detailed backup and disaster recovery plan that also includes an internal operational level agreement that designates a chain of command in the event of any type of service disruption.”

Every organization should have a disaster recovery plan that includes an itemized list of who to contact at vendor organizations, cloud and third-party service providers, DiDio says. “The CISO should also know what the company’s contracts stipulate as the response time from vendors, cloud, and third-party service providers to respond to and thwart security incidents and track down the hackers,” she says.

CSO Online, November 21, 2017

Cal State University and Hartnell College Launching Cohort Program:

“Since 2013, the two institutions have promoted this program as a way to attract minorities, women and students who are the first in their families to attend college to Computer Science and STEM subjects. The Cohort program nurtures these students by having them take their CS classes as a group.” DiDio says. It also helps them adjust more quickly to college life by providing them with group study and life skills classes to help them stick with CS as a major and graduate.

“So far, so good. A 75% majority of students enrolled in the CSUMB/Hartnell CS Cohort program graduate. This is well above the national average of about 30%,” DiDio notes.

ITIC Corp, November 17, 2017

Burger King Ad Creates Whopper of a Mess:

“In the Internet of Things environment, where you can have “an ecosystem or ecosystems of ecosystems interconnected, the attack vector universe is potentially limitless,” noted Laura DiDio, research director for IoT at 451 Research.

The risks are “everywhere, and what you can do is mitigate risk to an acceptable level,” she told the E-Commerce Times — but that requires vendors to make secure products.

E-Commerce Times, April 13, 2017

United Airlines Customer Service Snafus:

United’s behavior was “cavalier and callous,” said Laura DiDio, research director for IoT at 451 Research.

“The deck is stacked against passengers these days,” she told CRM Buyer.

However, this situation “is a PR nightmare for United Airlines,” DiDio added, “and it’s not going away.”

CRMBuyer, April 11, 2017

Steve Sommer has seen just about everything in his 30+ years as an IT executive. As a Chief Information Officer (CIO) and Chief Technology Officer (CTO) since the late 1980s he’s witnessed the industry’s transition from the “dumb” terminal/server paradigm and slow, kludge dial-up to today’s “always on” networks. He’s also participated in and grappled with all of the positive and negative aspects of transformational and disruptive technology trends. Sommer has experienced firsthand how the “consumerization of IT” and the rapidly increasing numbers of remote users accessing the network via smart phones and tablets impacts IT, security and how companies do business in the 21st Century. Sommer is currently CIO at Stromberg & Forbes, LLC, a financial services company with offices in New York and Florida. Prior to that he spent 25 years at Hughes, Hubbard and Reed a law firm headquartered in New York City. He worked his way up at HH&R to become CIO and CTO, holding down both jobs simultaneously. ITIC interviewed Sommer on a wide range of topics including: the Pros and Cons of new technologies like virtualization and cloud computing. He also talked about the impact and implications of end users utilizing consumer devices for ubiquitous connectivity. Sommer also dispensed practical, tactical advice on how organizations can construct a strategy for efficient and secure mobility and remote access. As an eyewitness to the September 11, 2001 attack on the World Trade Center, Sommer talks about the terrorist attack has changed the way companies view disaster recovery (DR) and backup plans in a post 9/11 world.

Laura DiDio, ITIC: Virtualization and cloud computing are two of the most pivotal technologies to emerge in the last five to seven years. Do all users from SMBs to enterprises need them and why?

Steve Sommer: There’s no escaping virtualization; that’s the way the industry is going and SMBs should follow; they have just as much need for virtualization as large enterprises. The density of the data, the content, the critical nature of applications and business continuity all make virtualization imperative. It saves money, provides consolidation and it’s easier to maintain a streamlined environment. Virtualization allows for better testing and faster, more efficient disaster recovery (DR). Virtualization preceded the cloud. But cloud computing is different. There are many dangers inherent to the cloud. Any SMB contemplating a move to a public, private or hybrid cloud must realize that cloud computing isn’t free or cheap. This is especially true for SMBs with more limited resources and smaller budgets. But a well planned cloud implementation will deliver better economies of scale and alleviate the burden on IT. From my perspective, Google, and Apple are not the best solutions for an SMB cloud. The issue is that end users in SMB organizations utilize Google’s and Apple’s iCloud as consumers but they’re not necessarily worried about their company’s security, costs and integration issues. The users are just concerned with accessing their data whether they’re at home or in a public facility like a restaurant, kiosk or a plane. Typically, end users are ignorant of the business’ support costs and security ramifications. They don’t grapple with the problem of how the organization will support the cloud. That said, eventually almost all SMBs, like large corporations, will need a cloud; they won’t be able to compete effectively otherwise.

ITIC: For SMBs that lack the money and the IT resources of larger enterprises, does it make more sense to go with a public, private or hybrid cloud?

SS: If you lack the funds to hire an external cloud services provider, then you’ll need a private cloud using something like Microsoft’s SharePoint. However, even a private cloud managed internally, is an expense because you have to tweak and expand the infrastructure to accept the users accessing the private cloud. That’s a lot of work. You have to publish your information outside the firewall and build a secure environment to allow people to access crucial information. Your infrastructure has to change and evolve [to accommodate the cloud]. For example, you’ll need to upgrade the WAN. SMBs, like enterprises can support private clouds capably on their own. However, they will need in-house expertise and it will still cost money. SMBs need to build a cloud in steps; a hybrid cloud is a good choice for an organization starting out and getting its feet wet. Even a large retailer like L.L. Bean has partnerships with outside vendors. A public cloud is optimal but the gating and inhibiting factor is the expense.

ITIC: What are some of the most crucial issues that organizations should consider when implementing a cloud environment?

SS: If you’re going with a public cloud, there’s a lot to consider. The first is training your people and put the proper controls in place. Next, you have to decide on approved applications and which if any applications to blacklist. Most SMBs today are ready to transition to the cloud. The most important factor is selecting the right vendor. You have to perform due diligence. You must assess key elements of your planned cloud implementation such as: security, storage capability, the reputation and strength of the vendor in the marketplace. What cloud providers are your SMB peers using? The telecom vendors like Verizon have the best opportunity to partner with data vendors. I think we’ll see partnerships between companies like IBM and Verizon. Test first and decide the order of the applications and content you want to put on the cloud. External providers can provide the best portals for data access. You have to address issues of security, data retention, data loss, tracking, response time. And the business must balance its needs with those of the consumer public, end users and customers. Each vertical industry is different and subject to specific compliance regulations. Legal and healthcare are very strict about confidentiality. But ironically, legal and healthcare users carry around the mobile devices and they frequently get lost or stolen. So you have to assess the risks. How do you support the various amounts of data accessibility with legacy applications? That’s another big concern.

ITIC: Another major trend is remote access and mobility. Do you have an specific “Dos and Don’ts” for fellow CIOs, CTOs, IT managers and users with respect to constructing a workable technology and business strategy to address the growing ranks of remote workers?

SS: The biggest risk for device access is data loss. Security is another huge issue.

  • Do construct an end user usage policy. And provide them with training to understand the technology and business implications.
  • Do find the application that fits for the majority of your devices. Finding a common avenue of access is very crucial.
  • Do take responsibility to own the device or not. Who owns what? That is a cost issue.
  • Do make sure you have top notch security in place. Choose the right security vendor – are they all inclusive and do they have the knowledge base to support your organization?
  • Do communicate the remote access policies and get buy-in from the management and all appropriate departments. You can’t have discord/disconnect among management, end users and IT.
  • Don’t give your end users five different ways to access information. It’s confusing and will be a resource drain in terms of support.
  • Don’t give in to user pressure to do things a certain way. The easiest way is always the best method of accessibility. Stand your ground. Don’t go ahead and promise without the proper infrastructure support.
  • Don’t do it alone. Don’t think you can supply security, data storage, remote access etc. You need an external partner and be upfront with management to tell them exactly what needs to get done.

ITIC: Apple’s iPad was introduced in April 2010 and it’s sparked a real revolution. Lots of people are saying “the PC is dead.” Do the iPad and other tablet devices have enough functionality to supplant PCs and notebooks as the next generation desktop?

SS: I don’t think the PC is dead. Laptops are definitely diminishing because of the iPad and other tablets. For the desktop intensive worker the PC still has a place in performing compute intensive and transformational activities. There will still be billions of PCs although laptops will diminish. Five years from now there won’t be as many PCs but the PCs will still do the heavy lifting unless/until iPads have more storage, more computational power. There will be less and less need for PCs but they will still exist.

ITIC: Remote access, mobility and the use of myriad devices to connect to the network from tablets to smart phones have made security even more challenging. What poses the greatest security threat to the corporate network in 2012 and beyond?

SS: From a technical perspective, social media sites and social applications are killer; they are the biggest threat out there.Facebook, Google and others can get at your information and violate privacy. However, human error constitutes a greater threat than malware. People are just not careful. A high percentage of the population works from home or travels. They think nothing of accessing entertainment and social media sites that grab our information. The portability of information is another huge concern. We’re carrying around sensitive data – both professional and personal — and losing it in planes, trains, taxis etc.

ITIC: What’s the most memorable, defining experience you’ve had in your IT career?

SS: Without a doubt the most horrible and yet redeeming/rewarding experience was living through the 9/11 attack on the World Trade Center. The Hughes, Hubbard and Reed law offices were only three blocks away from the Twin Towers. I was just emerging from the subway when I saw the first plane hit. It was horrific and chaotic. People were naturally terrified; no one knew what was coming next. The communications systems were overloaded and unavailable. In the immediate aftermath of the attack, my first priority was to safely evacuate the staff out of lower Manhattan. I stayed behind and shut the systems down. I had to properly secure the data since we lost power and communications. We weren’t allowed back in our offices for a week and a half. We relied on our branch offices and phones to get headquarters people re-connected. We had lost all our Verizon and AT&T telecommunications. Microsoft had people at our branch offices on September 13th. They just showed up and helped us restore systems using DSL. We used Windows NT as a router and constructed our own routing protocol. Bill Gates himself ordered people to come down and help out. We were lucky; we didn’t lose any data because we had a backup plan in place. Post- 9/11 we knew we had to improve our disaster recovery capabilities. I got approval to do a DR co-location 30 miles away. That may not always be the most appropriate thing. But the 9/11 tragedy convinced businesses that they must have a DR and restore functionality for their most business critical applications. We got our new plan up and running in less than a year with Verizon. The 9/11 terrorist attack forever changed DR and backup. The tragedy also contributed to the increase in remote access and mobility. The biggest lesson of the 9/11 terrorist attack was that we must be ready for anything, respond quickly and adapt.

Share This Content:
Laura DiDio on Facebook
Laura DiDio on LinkedIn
Laura DiDio on Skype
Laura DiDio on Twitter