Archive for January, 2012

Who calls the tune in IT?

January 8th, 2012

Businesses IT users now have a powerful voice in defining enterprise IT strategies and over half of CIOs believe themselves to be transformers and visionaries, according to research. A survey of 200 enterprise CIOs, carried out by CIO Connect, revealed 67% of CIOs believe IT users are now one of the most powerful drivers of change in enterprises.

The tech-savvy demographic known as Millennials, born in the eighties, are now a significant proportion of the workforce. These individuals have grown up with technology and represent an opportunity for enterprises to make best use of the latest technologies. However, they are also extremely demanding and if business wants to attract the best employees, it needs to offer the technology they want.

In its ‘Future of Work’ initiative, IT services firm Cognizant said the Millennial mindset will change how people communicate in work and with customers, and businesses will have to cater for this.

Enabling employees to buy their own computers for work is one such example of user-driven change, with traditional Windows-based desktops increasingly being replaced by mobile devices. Social media is another element of millennial behaviour, with workers in group communication, in real time, using social media platforms such as Facebook and Twitter.

CIOs need to provide an environment conducive to the use of these technologies, but must ensure their use doesn’t compromise the business. Ensuring the compatibility and security of these new technologies is for example essential.

Businesses expect CIOs to play a key role in changing a business through IT, according to the research. It found 57% of CIOs believe they are regarded as taking a lead in transformation at an organisation level. The same number of CIOs said they play an instrumental role in developing organisational vision.

The combination of a new generation of tech savvy workers and IT transforming business practices means the role of CIO is critical.

The research also revealed one of the main drivers of IT strategy is gaining the ability to do less with more, with 98% of respondents saying this, while 92% of respondents believe how technology enables the use of information is a key factor in business success.

Eight out of ten apps fail security test

January 1st, 2012

Eight out of 10 applications fail to meet acceptable levels of security, according to the latest State of Software Security Report by application security testing firm Veracode. The report is based on the analysis of 9,910 applications submitted to Veracode’s cloud-based application security testing platform in the past 18 months.

Web applications were among the weakest, with a high concentration of cross-site-scripting (68%) and SQL injection (32%) vulnerabilities. The Web Hacking Incident Database shows that SQL injection exploits are responsible for 20% of reported incidents.

Veracode conducted a comparative analysis of government applications against other industries such as finance, and found that government applications are less resilient to common attacks.Veracode analysed US federal, state and local government applications, which operate critical systems and process critical data such as personally identifiable information (PII) and national security data, and found that they lag behind other industries in key areas. 

Veracode also found that mobile developers tend to make similar mistakes to enterprise developers, specifically with the use of hard-coded cryptographic keys. More than 40% of the Android applications analysed had at least one instance of this flaw, which makes it easier for attackers to initiate a broad assault as all installed instances of the application use the same key.