Programmers Quotes

IT Security trends seem to be turning away from the usual tactical, technical focus on IT operations to so called “risk management”. So, bring on the consultants! With the evolution of information risk management shaping its way up to IT security works at many large organisations, Jonathon Penn, a security analyst at Forrester Research Inc, has singled out five trends in IT security that are bound to be on your chief IT security officer’s list for this year.

The first on that list will be GRC: IT governance, IT risk management and IT compliance (GRC) are to merge into a single discipline, with greater attention paid to metrics, staffing and optimal organisational structure.

IT security operations will be the next. As IT security technology becomes commoditized and embedded in IT infrastructure, security organisations are to split into two separate groups: strategy teams that will focus on business risk management issues, and operational teams that will oversee the technical aspects.

The third on his list is sure to be Application Security. Of course, Applications are a prime target for attackers especially as they deal with sensitive data. The ‘fix it when it happens’ attitude is giving way to more security programs that span the whole lifecycle of the application from the germ of an idea, right through to the operation.

To many business partners, Datacentric security is the mammoth and can determine who gets to see and protect classified data. Of course, this requires very close communication between business leaders.
Lastly, but certainly not least he may have Digital investigations, e-discovery or forensics on his list. I’m with you when you think it’s a daunting and sometimes scary area to deal with, especially e-discovery, where organisation are constantly scratching heads trying to find the best practices.

Some folks look at mainframes as though they were dinosaurs. They may favour the newer open-source and distributed computing techniques and may opt for server virtualization to lower costs of doing IT business. But these folks overlook the fact that, open-source technologies are relatively new and are under development, when compared to solid mainframe technologies that have stayed developed for decades (and still being actively enhanced and supported by IBM).

In distributed computing, you still rely on hardware parts from unstable sources. Lets say your PCI bus firmware vendor has decided to save a few dollars by opting for cheap equipment made in Taiwan or China. These are small problems with the potential to erupt big when your lifeline of business depends on IT to get things done.

With open-source and distributed computing, you quickly grow your server farm to hundreds of servers that support hundreds of failover strategies and you have to invest in the support mechanisms for all these. When you use z/OS mainframe you only need solid reliable doable support for a few servers. You can use LPAR (logical partitioning) in mainframes to create hosted OS environments that are insulated from one another.

From a performance stand-point, mainframes handle increasing workloads very well. Even better than the distributed computing crowd. Mainframe performance is measured in MIPS (million instructions per second). MIPS around 12 are common with mainframes. That is far better than the open-source hosted crowd that uses server virtualization with VMWare.

In short, you cannot go wrong with your MIPS when you put money on big iron.