Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution

From any slide, graph or portion of graph

How does the CIO deliver?

With good vibrations…

Pini Cohen Sigal Russin

STKI “IT Knowledge Integrators”pini@stki.info

sitalr@stki.info1

Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution

From any slide, graph or portion of graph 2

Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution

From any slide, graph or portion of graph 3

Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution

From any slide, graph or portion of graph

STKI index website 2

4

Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution

From any slide, graph or portion of graph

STKI index website 3

5

New business scenario: big maneuvers vs. small gains

• Examples: Walmart, social time to respond, smaller telemarketing list

Or: Take full advantage

Why does IT need to adapt?

Source: 2006 http://cacm.acm.org/magazines/2006/10/5805-why-spoofing-is-serious-internet-fraud/abstract

2006 E-Banking Site

DX.com

Comparison engines

AlertsWeb Analytics

A-B testing

Recommendation engines

Social media integrationWish Lists

Likes

Much more

8

These new systems are called: “Systems of Engagement”

Source: http://www.agencyport.com/blog/?attachment_id=3713

9

IT is divided into two distinct “worlds”

Invest in new

systems

Reduce OperatingExpenses

Long development and deployment cycles

Touch peopleIn-moment decisionsPersonalized & in-contextSocial and analytics driven

short & rapid releases

10

Pini Cohen and Sigal Russin's work Copyright@2013

Do not remove source or attribution from any slide, graph or portion of

graph

Domains of change

• Focus on generating business value through agility and flexibility

Agile Development

BYOD \BYO everything

Public Cloud

Open Source

Big Data

Devops

Mobile First

Commodity HW (or specific build)

11

Source: http://highscalability.com/blog/2012/5/7/startups-are-creating-a-new-system-of-the-world-for-it.html STKI modifications

Lately “I was not happy” (corporate IT situation)

12

This year is “Good Vibrations Year”

•Continuous integration with Jenkins. Agile development projects.

•Open source code in governmental projects. Hadoop, NoSQL initial projects.

•Users deploy CRM and other strategic application in SaaS. Corporate sites at Azure. Email at 365 and Google.

•Develop web apps in php, python. Users consider Puppet, Chef, Openstack.

13

Not in all organization. Not in all areas. But still, organizations starting to embrace contemporary technologies and processes!

The current “kings” are threatened

• SDN – Openflow , NiciraCISCO

• Mobile market share

• Traction of startups and cloud providers Microsoft

• Lower margins in printers, servers, PCHP

• Open source alternatives – OpenstackVMWARE

• NoSQL\Hadoop

• Cloud \SaaSOracle

• Monitoring is provided by platforms (cloud, PaaS, etc.)Monitoring vendors (CA BMC HP IBM)

• Publick Cloud

• Software Defined Storage

• NoSQL\Hadoop

Storage vendors (EMC NETAPP, etc.)

• CentosRedhat

14

Major Application development trends

•Mobile first

•Responsive Web

•Client based web applications (with Rest API’s)

•Proliferation of web JS frameworks and in general development tools

•Development on cloud. PAAS frameworks (CloudFoundry, Openshift)

•Continuous integration\deployment – Devops –Dockers

•Microservices

15

Major security trends

16

IT is not only changing information security tools but also an internal vision of security inside your business.

For a start - Development Problems

•Buffer Overflow

Buffer which crosses the volume of information allocated to it in a timely manner. It allows attackers to travel outside the buffer and overwrite important information to continue running the program.

In many, utilizing this weakness allows running code injected by the attacker.

17

Development Problems

•DOS- Denial Of Service

Ping of death- Due to increased bandwidth browsing, this attack does not pose a risk.

Local Denial of Service:

"Stealing" all possible memory from the operating system, as well as prevention service by blocking the regular work with your computer.

18

Development Problems

Distributed Denial of Service:

Many different points make one or more requests for a particular service any network and is usually carried out through many computers controlled by a single operator.

•Code Injection

Cross Site Scripting

HTML/Javascript/ SQL injection

The user can enter any code to run it through the software, and do whatever the spirit through the code they injected.

•Race Condition- Resource Condition

Resource conflicts in software refers to the fact that the resource is used by more than one code divides the software (memory disposed).

19

Development vs. Security

20

סדר יום לדיון

נציגות אבטחת -בעזרת מעורבות אבטחת מידע" אידאלי"פיתוח מהו תהליך •מידע באגף הפיתוח

בנושא פיתוח מאובטח כולל מוצרים בענןמוצרים ·•

אבטחת המידע בתחילת פרויקט פיתוחתקציב ·•

לשפר תהליכים ארגוניים עוד בשלב הפיתוח מבחינת אבטחה כיצד ·•

והמלצות ארגונים בנושאטיפים ·•

21

Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution

From any slide, graph or portion of graph 22

Thank you!