New research reveals that the majority of staff are risking company security

Posted on March 8, 2011 by cnorton

Some new and interesting research by BlockMaster has revealed that employees of SMEs and corporates are risking the security of company data by using flash drives/USB sticks and then losing them in weird and wonderful places.

If I am honest, I know we are all prone to sticking something onto a data stick and taking it home to work on late at night but this simple action can have huge implications for data security which can potentially cost cost an employer a lot of money.

The biggest risk of using USB sticks, which aren’t properly protected, is from unsolicited viruses and malware which can compromise a company’s network security.

Anders Kjellander, CSO, BlockMaster comments:

“This is alarming as many viruses on USB sticks can run as soon as they are plugged into a PC, without user activation and causing widespread damage to a corporate network,”

“Indeed, the Stuxnet worm, the first ‘industrial’ virus, was well-known for spreading via unsecure USB sticks. Furthermore, even if unprotected USB sticks are not infected with viruses or worms, they can contain sensitive corporate data, leaking important information to external organisations causing harm for the party that lost the device.”

The research also revealed that one in five admitted to losing a data stick with some commercially sensitive information on it. The UK Government are regularly criticised for the management of data and laptops but it seems UK businesses are being just as frivolous and need to take more care.

Kjellander adds:

“Around 83% of office workers use USB sticks today, making them almost as common as the mobile phone. However, although we often have work email on our mobile phones, it’s quite rare to store a significant quantity of sensitive business data on them. Unsecure USB drives pose a unique security threat, as they are usually small, easy to lose and have a high capacity for storing documents, videos or corporate presentations.”

It’s clear that both the security and management of corporate data are now critical to all businesses from both the private and the public sectors. As data management and data governance specialists Evaxyx advises our clients on how to maximise its use of data.

Possibly Related Posts:


Posted in Data Governance, Data Management, Data Security | Tagged , , | Leave a comment

Could data warehousing become an even more significant IT component?

Posted on March 3, 2011 by cnorton

Think warehouses and what does your mind conjure up? Probably images of functional looking buildings on retail parks filled with corner shop owners stocking up or wagons being loaded with high street goods for the coming week’s trade. However, this is far from what we mean.

By definition, the word ‘warehouse’ means, “a place in which goods or merchandise are stored”, which allows the term to be applied to all manner of scenarios. And, in our case we mean ‘data management’ and literally refers to how and where businesses electronically store the information they use to run their enterprises.

According to business analysts, Gartner, 2011 is going to see the most significant changes in how these platforms are used since they were first conceived. What is perceived as the biggest data management system in IT will evolve to become more elaborate than before, with new data warehouse technology introducing greater scope for flexibility with the addition of new information types and change detection.

The predictions are based on trends observed during 2010, from which the analysts state that, “cost control and performance optimisation became critical evaluation criteria and, consequently, the market has begun to accept higher first cost in exchange for lower administrative and management costs over the life of the data warehouse” – or in simple terms, businesses are speculating to accumulate.

So, what does this mean exactly? Well, data warehouse platforms will evolve from an information store to a broader analytics infrastructure, which will support operational analytics, corporate performance management and other new applications. This may cost more to set up initially, but the long term benefits mean that performance can be better managed, improving productivity and profits – crucial for all businesses during the current economic state.

Gartner goes on to say that data warehouse DBMS vendors will need to adapt their services and by 2013, combine their offerings to become more like an information management platform, shifting from storage and access to delivery and comprehension.

If this is the case, I wonder whether cash ‘n’ carry warehouses will be offering retailers advice on customer service rather than storing bulk packs of coffee or kitchen roll?

Possibly Related Posts:


Posted in Data Governance, Data Management, Data Models, Data Security, Data Strategy | Tagged , , , | Leave a comment

Government opens the door to open source software

Posted on February 28, 2011 by cnorton

Until very recently government spending on software was synonymous with Microsoft. It may cost the taxpayer but the US corporation has long been a safe mass market standard. In spite of regular calls to consider low cost Linux, OpenOffice and other open source options, the Microsoft hegemony in Whitehall has remained largely undisturbed. Unsurprising perhaps. The public sector has never been known for risk taking.

But all of a sudden things have changed. In the current age of austerity, it seems the government is prepared to at least consider open source software.

Last month, the Cabinet Office quietly published a procurement policy note. Entitled Use of Open Standards when specifying ICT requirements, the note set out the following: that when buying ICT, government departments should “deploy open standards whenever possible”. Moreover they should attempt to maximize return on the taxpayers’ investment by choosing technology that can potentially be re-used and which avoids technical lock-ins.

What exactly are ‘open standards’ in the government’s view? Open standards are thoroughly documented and they can be “shared under different development approaches and on a number of platforms”. Crucially, they should feature “intellectual property made irrevocably available on a royalty free basis”.

However effective, Microsoft software clearly does not qualify as “open” by any of these definitions.

The publication of this note was followed just last week by a meeting between key government IT suppliers and Bill McCluggage, the coalition’s deputy chief information officer, during which he emphasized its determination to make much greater use of open source technology. In order to facilitate this commitment, key suppliers will need to include an evaluation of open source options in all future proposals, and eventually begin routinely including open source technology in future projects.

Of course, there are downsides to open source. As it is not developed by highly paid armies of professional coders, it often lacks the polish of commercial software. Support too is less straightforward – some open source software vendors do provide support services, but this cannot be assumed. But such quibbles now seem to matter far less than they once did. As the Government continues to slash public spending, the significantly lower costs of open source now make a compelling case.

For more on the Evaxyx range of technology solutions, please visit our website.

Possibly Related Posts:


Posted in Data Management, Data Strategy, Information Architecture | Tagged , , , , | Leave a comment

Where have we lost information in data?

Posted on February 21, 2011 by Samuel Wright

Perception is king; there is no magic on earth quite like it, transforming terrorists to freedom fighters, protection to oppression or zeitgeist to zeitghost. It’s why we have marketing – “Diamonds are forever” may possibly be the most successful advertising campaign in history defining engagement ring as synonymous with diamond ring. Understanding how to control or exploit perceptions when introducing a new idea is as vital as the idea itself.

Despite a recognition that the Information Age is upon us, the understanding that data is a core part of business operations slips by like a sullen teenager, unkempt and resistant to outreach. Part of this, is the impermeable association of data with caves of machinery and errant body odour. When asked by friends “What do you do?”, answers such as “I’m a fireman” or “I sell carpets” are treated with acceptance and understanding whereas nothing matches the ability of producing blank looks than announcing you consult on data issues.

Interchanging the term “data” with “information” has long been lined with pedantry over definition, but to engage a wider audience into the importance of ensuring your data is correct – there is no better term.

Evaxyx has started the long road to inclusion, building on the mantra of sacrificing rigour for clarity (for a given value of rigour) through progressing the use of information as the alternative term to data. The difference is evident immediately; asking someone “What is data?” will usually bring forth mutterings of databases and spreadsheets whereas “What is information?” opens an epistemological debate. To risk sounding like a social science stereotype – using “information” empowers people. They become bold enough to clamber over that wall between ‘IT’ and ‘Business’, or rather fail to notice there ever was one. What was an exclusive club becomes a core tenet.

To complement this rebrand an approach is needed to demonstrate how ubiquitous data, information, really is. If you require engagement in forming a new business model, reducing errors in processed information or even just raising awareness of the importance of information in the business – demonstrating to participants that they understand the approach before they realise what it is, is an effective trick. Information Modelling is a natural human behaviour; we make sense of the world by assigning ‘things’ to categories of varying levels. What’s that in the garden? A tulip, a flower, a red flower, a plant? Perhaps it’s a tulipa gesneriana, a الخزامى, a τουλίπα, or even a pollen source for bees. Information modelling is exactly this, understanding what things are, how this can differ depending on who you ask, the way they fit into the wider world.

That piece of data that sits on a computer screen now becomes a piece of information which is real and relevant – telling you, or someone else, a vital something about that person/place/thing. All it takes is a change in term, a little context and some handholding for it to reach the right people – and data is welcomed to society.

Possibly Related Posts:


Posted in Data Management, Data Models, Data Strategy | Tagged , | Leave a comment

The latest vacancy list at Evaxyx includes job opportunities for graduates

Posted on February 18, 2011 by Jamie Taylor

We’re currently looking for several experienced consultants with strong J2EE skill sets, due to expansion. These customer-facing roles are responsible for the design, implementation and integration of a highly complex and customisable data management solution, requiring excellent technical skills, innovative thinking and strong problem-solving abilities.

Candidates should have deep J2EE skills, to include as much as possible of the following:

· J2EE

· WebSphere, Weblogic or JBoss

· SOA – JAX-WS – JAX-RPC

· Spring

· Hibernate

· Java Persistence API

· JDBC

· JAXB

· XML, XSL

· Core Java

· Servlets

· EJB, JMS, SLSB, MDB etc

· Web services

· Oracle, DB2, SQL Server

· SQL, PL/SQL, T-SQL


Graduate J2EE Developers/Consultants

Evaxyx is looking to recruit a number of talented graduates to train and work from their city centre office and client sites across the UK and Europe.

After induction, the roles will firstly involve full product training on a cutting-edge enterprise-level customer data management solution, then will transition towards carrying out mentored development work on customer sites, with a career path into full consultancy on offer.

The work is varied and challenging, involving analysis, design, development and integration of solutions in J2EE and database environments, working in small, focused teams on customer sites.

Applicants are expected to have a 2nd  or 1st class degree, excellent problem solving skills and an acute attention to detail.

The role will involve continual client interaction; candidates must be able to communicate clearly and effectively, both verbally and in writing through emails, technical and non-technical reports. Candidates should also be confident at presenting ideas, problems and solutions to a broad range of audiences with varying levels of expertise.

Technical requirements

Ideally, candidates will have some skills in as many as possible of the following areas:

- J2EE

- Spring

- Hibernate

- JDBC

- Core Java

- Servlets

- EJB

- JMS

- XML

- WebSphere, Weblogic or JBoss

- Oracle RDBMS

- SQL Server

- SQL, PL/SQL, T-SQL



Ab Initio Consultants

We are once again growing our Ab Initio team, and need skilled technical resources to work in a customer-facing capacity. The roles are responsible for hands-on development work.

Candidates should be able to demonstrate skills in the following:

-Ab Initio Co>operating System (2.15)

-Ab Initio GDE (1.15)

-RDBMS eg Oracle, DB2, SQL Server

-SQL, Korn shell scripting

-UNIX, Windows

Software Trainer

Responsible for delivering compelling and successful technical training courses to both Evaxyx Consultants and external customers, we’re looking for an experienced Technical Trainer, with enterprise software experience. The role will involve travel to customer sites and would suit an ambitious, commercially savvy individual, who has the potential to build a team around them.

In addition to a successful track record of delivering technical courses, technical skills in any of the following areas would be useful:

-RDBMS: Oracle, SQL Server, DB2

-ETL tools

-Business Intelligence

-J2EE, including Java programming

-Web app servers, eg Websphere, Weblogic, JBoss

To find out more about any of these roles, please contact Jamie Taylor by email or on 0113 300 2001

Possibly Related Posts:


Posted in Evaxyx News, Job Vacancies | Tagged , | 1 Comment

EU plans could make IT procurement easier

Posted on February 15, 2011 by cnorton

By their very nature, public sector organisations are required to process and manage large quantities of data. They don’t always do a great job and some public sector bodies would certainly benefit from the services of a data processing specialist.

Volume IT requirements mean that public sector bodies also constitute a valuable client base for many IT suppliers – but until now rigid European Commission (EC) procurement rules have largely restricted access to this market to larger firms.

According to a recent article, just one third of public procurement contracts go to SMEs – and it’s a massive market, accounting for no less than 17 per cent of the EU’s entire GDP.

But these restrictions could be set for significant change now that the EC announced a review of procurement rules. If all goes according to plan, those complex procurement regulations will be both modernised and simplified.

Commissioner Michel Barnier told Computer Weekly: “Access of smaller companies to procurement markets, reducing red tape, or promoting European cross-border procurement will be under the spotlight during the consultation.”

Here at Evaxyx we would applaud modernisation in any organisation. Access to a contract or market should be solely down to a company’s merit and ability, not size or resources.

But there is another factor in the equation: different governments’ definition of EC regulations. These can and do vary by both regime and country. So how will the coalition or its successor interpret any revisions?

We will have to wait and see.

Possibly Related Posts:


Posted in Data Management, Data Security, IT Budgeting | Tagged , , , | Leave a comment

Consumerisation could be threatening business security

Posted on February 14, 2011 by cnorton

Not so long ago, corporate IT security was a relatively (and we use that term loosely) uncomplicated affair: you installed a decent firewall and a robust antivirus programme onto your company network, you encouraged a sensible password policy, and you made sure nobody left the premises with a sensitive data on a laptop hard drive.

In the 21st Century, things are more complicated. Not only do corporate IT administrators have to contend with the increasing sophistication of malicious software, but staff are increasingly bringing their own sophisticated computer technology with them into the workplace. Modern smartphones are nothing less than portable computers, with a power, thanks to the relentless pace of technology, equivalent to the desktop and laptop computers available just a few years ago.

Once on the premises, in many instances connecting a smartphone to a company’s wi-fi network is straightforward – and before you know it, you have a uncontrolled node on the company network. Even the technologically more humble iPod is a security risk. Attach one to an office PC via a simple USB cable and a disgruntled employee can quietly walk off with gigabytes of sensitive data.

No wonder then, that IT ‘consumerisation’ was recently cited by network security specialists Lancope as one of the top two security concerns for business in 2011.

The other? Social networking sites. Anyone who has ever wandered around an office and seen two or even three people lounging on Facebook will be unsurprised by this. Viruses and malware of various kinds are sometimes distributed by social networking sites.

Adam Powers, Chief Technology Officer for the firm, told Computer Weekly magazine: “Most big enterprises are being pushed by employees to use their own devices and social networking sites, and have to deal with the security risks.”

He added: “Perimeter-based defences such as firewalls and intrusion prevention aren’t enough anymore as these are easily bypassed. Corporations must think about how they will deal with smartphones and other consumer-oriented mobile devices.”

He goes on to recommend the collection of data flow information from corporate networks in order to increase visibility and improve IT security.

Modern communications technology moves has always moved at a rapid rate and we doubt it will ever cease to pose new data and security challenges.

For more information on our own technology solutions, please visit our website..

Possibly Related Posts:


Posted in Data Security | Tagged | Leave a comment

A big future for Master Data Management (MDM) predicts Gartner

Posted on February 9, 2011 by cnorton

Whatever your industry, the beginning of any year is a time for looking forward. We recently discussed Information Week’s interesting speculations on the future of business intelligence [and a similar set of predictions about master data management was recently released by information analysts Gartner Inc.

These predictions, intended to help organisations plan for the future, include the following:

  • Annual worldwide sales of MDM software will continue the double digit growth of recent years, reaching a value of nearly $3 billion by 2014. A demand-fuelled annual growth rate of 18 per cent means end user clients could face problems resourcing their MDM programmes. Careful planning is essential.

  • An increasing percentage of MDM software services will be delivered via the cloud – Gartner predicts 10 per cent by 2015. Like other office software, MDM software has traditionally been implemented on site – partly due to security concerns, and partly because cloud-based ‘software as a service’ solutions have not been available. But in tandem with the increasing sophistication and availability of other cloud-based technology, software-as-a-service MDM implementations are now increasingly viable.

  • At first glance, Gartner’s third prediction seems to contradict the first. It is, simply, that as late as 2015, two thirds (66 per cent) of firms with an MDM programme will still be struggling to justify it and state its business benefits. The issue Gartner is addressing here is implementation – failing to properly plan a particular MDM implementation and not establishing adequate business metrics to assess its effectiveness. Gartner calls on MDM clients to take a “holistic, business-driven approach to MDM”. Without this, it claims, there is a real risk of the programmes failing.

The full report is available here on the Gartner website.

The firm’s predictions follow a relatively healthy year for master data management (MDM) software. By the end of 2010, worldwide sales had increased by 14 per cent in a single year, to $1.5 billion, despite the lingering gloom of the economic downturn. Gartner cites the key benefits of MDM – improved risk management, adaptability, cost efficiencies, etc – as sales drivers for such software.

Speaking at the publication of Gartner’s analysis, research vice president John Radcliffe neatly summed up the business benefits of MDM:

“Today, most organizations juggle multiple sets of business and data applications across corporate, regional and local systems. At the same time, customers are demanding faster and more complex responses from organizations, leading to an inconsistency that hinders the organization’s ability to measure and move within the market. With MDM, Chief Information Officers can create a unified view of existing data, leading to greater enterprise agility, simplified integration and, ultimately, improved profitability.”

For more information on our range of MDM solutions, visit us here.

Possibly Related Posts:


Posted in Data Management | Tagged , | 1 Comment

Swimming Lessons – four top tips to avoid data problems

Posted on February 2, 2011 by Mel Hodge

Once again, I’m seeing first-hand the importance of using data architecture principles to guide your efforts as you create and implement a data strategy rather than jumping into the deep end with no clear idea of how you’re going to get out again! Watching someone else flailing about, drowning not waving, does not constitute a swimming lesson! Some real hard work needs to go into the strategy; business drivers need consideration and the plan needs to be closely aligned to the corporate swimming - courtsesy of Lee Courseyobjectives, and benefits need to be SMART.  

Being able to state clearly what you want to achieve, why and when is crucial in attracting and retaining support throughout the initiation phase of any data-led initiative and on into ‘business-as-usual’. There is no easy answer but the costs involved in creating these solid foundations are dwarfed by the staggering sums squandered in repeating the mistakes of the past, ‘let’s buy a [DQ] tool’, ‘we need data stewards to fix the problems’, ‘IT will sort it out’, ‘let’s spend years developing our own modelling language’, ‘we don’t need executive support’, ‘we don’t need to justify our business case’….

When starting out on the journey towards that lofty goal of better information operations, avoid at all costs the route that encompasses allowing another good project to fail because the data it uses is poor. Even if you hope to use its failure to give your business case some ‘legs’. I really do think that it is better, early on, to spend some time and effort working out your mission; create a business case, sort out your objectives and how you plan to achieve them, find a sponsor to commission and champion the work, develop your principles and present them to the widest possible audience , put some practice in place that will help you stand strong in the face of the project manager that is intent on delivering their project, to time, to budget, to the detriment of anyone that comes after!

But, most importantly of all, demonstrate to your business audience, the potential benefits that can be achieved by taking a wider, more strategic viewpoint. Make sure that you are able to indicate the costs of continuing as-is and contrast that with what savings could be achieved by taking a different path. Find a compelling justification, one that is business-focussed and personal and which does not permit the all-too-frequent response of ‘hmm, that’s just IT…wanting to implement some new way of slowing our projects down’, avoid accusations of navel-gazing or ivory towers.

Allowing data architecture to become an IT-owned or driven initiative is the kiss of death. Even worse, is to shove it off into a backwater and then allow people to continue to believe that governance is about ‘small-minded nit-pickers slowing the process down’. I’m constantly surprised by the way in which business users are able to dismiss, very easily, the efforts to sort out their organisation’s data. They incur very little resistance from either ‘the management’ (who usually agree) or IT professionals who lack the communication skills to make themselves heard ‘Oh, that’s our Architect, I’d never put him/her in front of the business’.

As my fellow Evaxyx bloggers have suggested, data is the neutral ‘glue’ that holds an organisation together, systems come and go and data is all that remains. The advent of cloud computing as a viable option for business has further emphasised the importance of data, and the issues around reliably moving content into and out of the cloud. The same old problems, just bigger and more removed…but if we can’t sort them out now – when? It’s not just better information at stake; your organisation’s reputation and viability is threatened by the risk of non-compliance or of continuing poor business decisions.

  • Start out in the shallow end – design a principles-based approach that can grow as you gain experience of what works in your organisation; just because others are triumphantly beaching at Calais, you don’t want to drown in Dover harbour!

  • Use water-wings – attend conferences and talk to other organisations and architects that have been or are on similar journeys, data issues are horizontal and there’s much to be gained by thinking outside of your vertical ‘lane’

  • Develop your stroke – use best practice and other’s experience to guide you but, more importantly, listen to your colleagues, encourage feedback and find what works in your organisation

  • Pace yourself – this is not a one-off project, it’s about establishing data architecture as business as usual.

Image used is courtesy of Lee Coursey.

Possibly Related Posts:


Posted in Data Governance, Data Management, Data Strategy | Tagged , | Leave a comment

Data security and shielding your data

Posted on February 1, 2011 by cnorton

We believe that future historians will look back on the late 20th and early 21st Centuries as the beginning of an ‘Information Age’, and judge it to have been just as important to progress of humanity as the Industrial Revolution.

If this is truly the Information Age, then data is king. As data management specialists, we are perhaps more aware than many others of the central importance of business data in the 21st Century. A decade or so ago, the average company’s primary assets were almost always physical ones: now many have business models centred entirely around intangible but vital data. Even the Internet, on which some much of the infrastructure of modern life has come to hang, is of course just one giant data network.

All that valuable business data requires protection as robust as a Securicor van. But the IT security industry, for all its expertise, has for years now found itself engaged in an constant arms race with cybercriminals and hackers intent on data theft. The latest threat faced by data security professionals was highlighted earlier this month by software vendor Symantec: the increasing sophistication of ‘off the shelf’ cybercrime toolkits.

Such kits make allow users intent on mischief and crime to plan and carry out widespread attacks on networked computers. Such criminals no longer require access to programmers with the expertise required to create malicious software: they can simply acquire a toolkit.

Extraordinarily, notes ComputerWeekly.com, such kits are often now sold “on a subscription basis with regular updates and support services”! No sentence could better illustrate the increasing sophistication of ‘malware’ (malicious software).

Data security professionals must act now and prepare themselves for an inevitable surge in the adoption of such toolkits. A range of measures can provide a good level of protection – some relatively simple (blocking javascript, for example), and some more complex (educating employees in secure internet use). This is one arms race which data security specialists cannot afford to lose.

Possibly Related Posts:


Posted in Data Governance, Data Management, Data Security | Tagged , , | 1 Comment