In the world of effective software inventory management there are audits. Those audits are done comparing the software to physical installations or against budget. There are audits performed when a HFE (Human Factors Engineer) analyzes your usability or those done to ensure that you have sufficient disaster recovery elements in place.

This happens every day against dozens of software applications and I have to ask the question — where do you record this data? Does everyone have individual approaches and simply has a spreadsheet containing the data? Is it recorded anywhere?I have to wonder where the value is in gathering data that has no reuse or exposure to the owners of the software solutions.

So I’ve been bouncing around an enhancement to allow certain groups to register (and report) on audits. Internally some people hate it and some love it.

What do you do?
Do you have yet another application for capturing software audits?
Do you do them at all?

Let me know.

For the past year I have been working with several client technologies that revolve around the area of Client Virtualization. As I looked into these technologies and benchmarked them, I began to realize several key things.

• These technologies are finally mature enough to start using mainstream. True they may not all fit your current IT model, security rules or management framework, but that is another discussion. The pure fact is with hardware virtualization now enabled in chipsets, we can expect virtualized environments that perform faster than yesterday’s systems and almost as fast as the host OS. Moving forward, technologies will be released that will support side by side OS or multiple instance virtual machines. Imagine a world where IT can manage something as simple as a virtual environment and get out of the platform support and enterprise OS business. There are tools there today that allow this to happen and we have done some work in this area and released a white paper recently with our results, it is called Client Computing with a VUE and can be found at (http://communities.intel.com/docs/DOC-1638). The key is to make sure you start planning around these technologies now, versus scrambling to support them later.

• Some of these technologies are flexible enough, they can be used to enable our users in ways we never could before - Imagine going home at night and not having to carry a laptop. Simply carrying a USB stick that has your IT build on it and being able to plug it into your home system to check email, review documents etc. Imagine users having a choice in the platforms they use. No longer is getting a system in IT like picking the first Model T, do you want black or black? We could enable our users today to be able to simply go to any computer access a website, log in and authenticate, and a few moments later, they can have corporate apps streamed to the system they are on and access their data from cloud storage.

• IT can sometimes be more than a cost center - After reviewing some of these technologies, I realized we as IT could use some of these to provide more than standard services to the corporate environments we support. Imagine a corporate environment with thousands of desktops that users use day to day but don’t fully utilize. Using some of these technologies, we can take processor and memory slices off these machines and add them to a grid computing environment. Allowing our corporation several thousand more process cycles without having to expand their server or data center space.

Again, not all of these can drop right into your environment today. Some things may need to change on the technology or your IT side. But the key is this area is changing fast. Let’s stop thinking about how we have always done it and instead ask how we should do this tomorrow.

As I sit back and think of some of the newer technologies we have looked at recently, I find myself wondering if IT is in the never ending cycle of re-inventing the wheel. What I mean by this is sometimes it seems as if we continue to try and re-engineer everything to make it fit our environment or how we think it should work. When viewing newer technologies, usage models and trying to pass data off to other groups the phrases I think I hear the most are, “That will never work in our environment,” or “If we can get them to change this, this and this, we may be able to use it here” or my favorite, “This will never be secure enough for us to use it as it exists”. While these may be valid assessments against the way we do things today, the big question is: should we be pushing ourselves to look for new ways of doing things? Five years ago, employees preferred to use their machines and software loads supplied by IT because they were more powerful or feature rich than anything they had at home. But in today’s society, people have higher end machines at home than IT supplies them. They also use newer technologies that are usually off limits or not supported by IT. Think of some of the tools we use today, such as this blog or even instant messaging. These technologies exist in our corporate environment because we saw people using them at home and brought them into our corporate environment. It wasn’t something that IT created and people took home to use. So with so many of these newer technologies out there, should we keep pushing to make them adapt to our IT world, or should we start pushing IT to start adapting to new models. We take umbrella approaches to everything today. Total security of the platform, instead of trying to reduce the footprint we have to manage. We look for solutions that will cover the majority of the users, versus what may be right for smaller enclaves. We place several management clients on the platform to perform numerous tasks instead of using native components or reducing some of the redundant requirements we have. Moving forward, the next generation of workers will expect businesses to offer familiar technology and won’t accept tradition as an excuse. IT shops need to provide workers with “cool” ways to work. If they don’t, they risk becoming obsolete.

Can an organizations greatest security asset also be its most serious threat? Yes it can.

The Greatest Asset
I manage information security for Intel’s mergers and acquisitions. Recently, I was evaluating an acquired company and delivering information security training to our newest employees on their collective hire date. As I was presenting the fundamentals of how to keep the company, their work, and our industry safe from cyber threats, an important security maxim was exemplified.In interacting with the audience, I understood how they were accustomed to conduct business, the scope of information they handle on a daily basis, and their views on the value of security. I began to emphasize how the employee base was the greatest asset to information security and the combined force of a well informed, properly trained, and security savvy workforce dwarfs the efforts of the dedicated security staff. My recruitment speech sunk in and their faces glowed with pride. I saw a bit of excitement from the audience, that of empowerment and newfound responsibility. I was setting them up. Although absolutely true, a few slides later in my presentation I unveiled the stark reality.

The Greatest Threat
I asked to my newly recruited security champions what the greatest threat to the company was. Amid different answers, I revealed that THEY were the greatest threat. Not just them, but the entire workforce. The glow in their faces dimmed a bit. How can this be? How can our employees be both the greatest asset and the worst enemy in the cyber warfare trenches? They were shocked. They were dumbfounded. They were intrigued. I gave a dramatic pause. It is not often people are captivated by the boring and bothersome topic of information security. I savored the moment.The real battlefield is in hearts and minds of employees. These new employees, more than any, represent the greatest challenge. They are accustomed to their previous ways, inundated with new-hire information, and are not familiar with the security expectations of their new corporate parent. Security policy is a distant concern on their first day. Every subsequent day, the separated cluster of workers will not benefit from the social reinforcement of good security practices as they are distanced from the collective body of experienced employees who exhibit secure behaviors.

We discussed how apathy, laziness, and circumventing policy for a quick gain, can cause significant weaknesses in security. Every employee has a responsibility to be secure and reinforce those fundamentals with their peers. A single employee through malice or carelessness can cause more damage than a legion of hackers. They must decide, through their actions, if they are the security marshals or the villains of the story. The battle is with the mindset of the employees. The finest security policy is worthless in the hands of an apathetic workforce.

In the end, the discussion was a success. It was not just training; it was an interactive dialogue talking to what is important and how every employee, now including them, work as a team to be Intel’s greatest security asset.

So, who do you market to?

If you are at the Intel Developer Forum in San Francisco this week you might want to visit the System-on-a-Chip Community for a very cool demonstration of streaming media over WiMax. Our Intel IT Team put this demonstration together working with the Intel product developers and their ecosystem partners.

This demonstration shows a connection between a corporate office and a remote branch office via WiMax. The branch office uses an all-in-one appliance (a secure mesh router) containing a WiMax radio. The corporate office has a WiMax base station and streams multimedia content over the network connection back to the branch office.

The secure mesh router in the demonstration is built using an Intel(R) EP80579 Integrated Processor formerly known as Tolapai. EP80579 is the first integrated processor that is a system-on-a-chip (SOC). This is important because it hails a new generation of smart, flexible, light and simple devices for the embedded internet. As an IT Researcher I’m no product expert so check out the full official SOC Press Kit for more details.

Here are some pictures from IDF:

Stop in and say ‘hi’ to Bruce!