Gartner integrates Burton; blogs index updated 11 Nov 2011Posted by Tony Law in Insight services, ITasITis, Tech Watch, Technorati.
add a comment
Over the last few months, Gartner have finally and fully integrated the Burton Group services and analysts acquired in January 2010.
The IT1 service is now referred to as Gartner IT1, although the Burton name is still attached to Gartner’s lead web page for the service. But the separate Burton Group website, which was maintained independently for a while, has now joined the AMR site in being consigned to oblivion.
Gartner’s online page outlines how they differentiate IT1 from the mainstream Gartner technical service. They pitch IT1 as adding the technical depth to the mainstream (“detailed technical insight to help your technical architects and engineers deliver outstanding results”). This was indeed the rationale for acquiring Burton: the need to provide service-oriented IT professionals with deep technical support for their architectural and implementation decisions, and an admission that Gartner, as they were, did not have the full resources needed to deliver this insight – though I’m not sure they would have admitted it before the acquisition!
At the same time, the Burton legacy blogs have also joined AMR in the Delete basket. This means InformationSpan has been able to simplify our Blogs Index for Gartner by removing references to Burton information. It’s been updated, with a few new names and other changes.
We’ve also introduced new indicators to identify blogs which are active and those which are, in various stages, dormant. Currently, of 123 Gartner analyst blogs which are accessible online, only 53 have content published within the last three months. For a further 18, the most recent post is between 3 and 6 months old; for 10, between 6 and 9; for 9, between 9 and 12; and 33 are at least a year out of date and sometimes significantly more. Also of these 123 blogs, 24 are still on the system but don’t appear in Gartner’s own list of analysts who are blogging. Some of these relate to analysts who have left Gartner: but not all; correspondingly, not all blogs are removed when an analysts leaves. It’s a touch confusing, but our index shows clearly what’s what and who’s who.
On the positive side: all the titled blogs, including Mastering the Hype Cycle (which had been dormant) have recent content. The Symposium blog is particularly worth visiting at the moment, while the Autumn cycle of Symposium events continues.
Links for PCI DSS 8 Nov 2011Posted by Tony Law in Impact of IT, IT is business, ITasITis, Managing IT, Tech Watch, Technorati.
Tags: PCI DSS
add a comment
I’m facilitating a workshop next week on PCI DSS and as usual here are some of the links I’ve identified, including some recent enforcement casework.
For the uninitiated: PCI is the Payment Card Industry and DSS is its Data Security Standard. PCI is an international body, and the standards are effectively set by the “acquirers” – that’s PCI-speak for those bodies such as card issuers and banks who “acquire” the transactions and transfer money.
National information security requirements are very much to the fore too. In the UK the Information Commissioner’s Office (ICO) recently took enforcement action against Lush, the cosmetics firm, and their press release uses that case to emphasise that organisations must implement PCI DSS, or some equivalent standard, in order to be meet the basic requirements for compliance. This issue was resolved by an undertaking from Lush, but ICO information outlines all the enforcement options and potential penalties.
Compliance to standards doesn’t replace the need to understand potential vulnerabilities, not least when using embedded page elements that can be hijacked!
PCI – Payment Card Industry
PCI DSS – PCI Data Security Standards
CSRF: Cross-Site Request Forgery
IDS : intrusion detection system
IPS: Intrusion Prevention System
ISA: Internal Security Assessor
QSA: Qualified Security Assessor
ISO: Independent Sales Organisation (in this context!)
• PCI SSC Data Security Standards Overview, from PCI Security Standards Council
• ICO warns retailers to implement PCI-DSS or face “enforcement action”, Security Vibes, 12 Aug 2011
• Online security must be a priority for retailers, says ICO, ICO Press Release, 9 Aug 2011
• Taking action: data protection and privacy and electronic communications, ICO information (including a list of recent prosecutions)
• PCI DSS: An Acquirers guide for PCI Compliance Best Practices, from the PCI Compliance Guide (an independent PCI source)
• Cross-Site Request Forgery (CSRF), information from the Open Web Application Security Project (OWASP)
Green IT Expo: presentations published 8 Nov 2011Posted by Tony Law in IT marketplace, ITasITis, Managing IT, Tech Watch, Technorati.
add a comment
Keynote presentations from the Green IT Expo (see previous postings) have now been posted. Simon Mingay’s presentation from Gartner is not available (now there’s a surprise) and be warned that the link behind the rubric “Presentation Unavailable” goes to the following presentation from Verdantix.
• Green IT Expo presentations
• A Gartner perspective on Green IT, ITasITis, 1 Nov 2011
• Green IT; encountering Connection Research, ITasITis, 1 Nov 2011
• Green 3: Andy Lawrence of 451, ITasITis, 1 Nov 2011
Tags: investment, McKinsey, strategy
add a comment
McKinsey Quarterly poses this question in the latest issue with some case study information. The fundamental issue is an old one: the IT budget being spent on maintenance, with smart investment being what gets squeezed out. But the illustrations suggest ways to move forward. It’s not the old “Align IT with the business” mantra, which still starts from the assumption that IT somehow is outside and separate from “the business” and that the disconnect is IT’s problem.
This article admittedly starts by profiling a dysfunctional CIO who doesn’t understand the issue. But it looks at the issue from the whole business perspective – that is, the CEO’s. It shows how investment can be viewed, even when it’s core infrastructure that’s at issue; it talks about benchmarking capabilities against non-competitive industries, not just competitors; and highlights some of the perceived wisdom which can, sometimes, be plain wrong and a distraction from the real challenges.
How strategic is our technology agenda? McKinsey Quarterly, Oct 2011