All about IT Governance

IT Forensics is typically requested by legal department to investigate and record the digital traces of a corporate property - typically Desktop or a laptop.

Top 2 concerns of IT forensics is to record the supporting evidences untampered and present strong evidence in a court of law.  What do we mean by this? Read on.

There are two portions of IT forensics - Data collection and data analysis. Data collection, as said above has to be tamper-proof and should be detailed including screenshots with  dates and system names that connects to a subject under verification if necessary.

Data analysis has to be very supportive of the argument and cannot include ‘trends’ or ‘industry best-practices’ - it should clearly indicate the information from the data gathered and should be able to reperform the data analysis for the most part.

If data gathering and data analysis is produced accurately and timely, the data can be produced in a court of law without hesitation.

Yes. These are heavily loaded wordings here. For continuous operational needs, you would computing and storage. However, by virualizing these environments, your operations or engineering would benefit from being more scalable, experience higher availability with less hurdles from hardware aging as you can add or deplete storage or processing power without necessarily experiencing an outage.

Specifically, Computing Virtualization (CoV)  enables you to continue to offer the computing needs while the ‘underneath’  hardware is selectively modified without experiencing outage.  The CoV can be compared to a mobile home. You can always drive to a mobile park and use the services of the park. If the service offered is limited, you can drive away to another mobile park.

The StoV (Storage virtualization) is about virtualizing the storage to unleash the dependence on ‘absolute’ locators or paths.  In other words, your mobile home (as a storage of your stuff) can be made mobile and can be moved to another area for a larger space. One of the key advantages of StoV, as seen in some of the products including those from NetApp is, Cloning. To give you an example, a SAP IT house can quickly clone their environments into 3 environments - Development, Staging and Production. They can now have the business owners test and confirm the changes are ok.

Bottomline, you would need both StoV and CoV. Go Virtualization!

Clearly anything that is not core to your business can be outsourced - it is upto you to define what is core service to your business and what is not.

As an example, One company believes the helpdesk is core to their business while another company does not believe the helpdesk is core to their culture and they go ahead and outsource it to IBM completely.

Mark Egan, ex-CIO of Symantec once said, “Help desk department is the internal facing ambassadors - they are core to the success of the employees productivity - I would not outsource it”.

Would you outsource your finance department? Probably not. That is one of your core process. How about Datacenter monitoring? Probably yes - that is not one of your core process/service and you might as well outsource.

 We did not talk about the risk - overall risk is ‘ownership’ - internal staff tend to own the process/service and try to resolve it with process maturity while an outsourced vendor cannot offer the ‘ownership’ but can offer accountability.

Bottomline, there is no right answer for this - you measure the risk while review your core services and then take the decision.

Short answer: Yes. 

Rather thoughtful answer: Yes and No.

Computing virtualization (as against storage virtualization from NetApp etc.) helps reducing outage and reduces your hurdles of hardware aging for scaling and growth.

 However, Virutualization has upfront investment including the multi-processing environment (Fijitsu, Sun or IBM blades) and eventually maintenance.

The TCO depends on

a. Mission critical appplications

b. High availability of these.

Do you need an application or a set of applications that is available 24×7x365? If yes, CoV (Computing virtualization) is worth exploring. If not, you are probably better off waiting for a couple of years for CoV to get better in scalability and coherence with mainstream business applications including ERP, CRM etc.