Julia Davis to Keynote CIO Insurance Summit

CIO of Aflac to Lead as Keynote Presenter on “Bridging Gaps Through Trimodal IT”

julia-davis-aflacWe are pleased to announce Julia Davis, CIO, Aflac, as a keynote speaker for the CIO Insurance Summit from November 8 – November 10, 2016. The event will take place at the Hotel Palomar in Phoenix, AZ alongside CIO Insurance Summit and CISO BFSI Summit.

Julia Davis joined Aflac in July 2013 in her current position as senior vice president and chief information officer. In her position, Davis oversees the day-to-day operations and the strategic initiatives of Aflacs Information Technology Division.

Before joining Aflac, Davis most recently served as chief information officer at American Safety Insurance (ASI). Prior to her tenure at ASI, she served as chief information officer of the Equipment Finance Division for GE Capital Healthcare Financial Services and GE Capital Business Productivity Solutions. Additionally, she held IT leadership positions at GE Energy, Armstrong World Industries, Information Builders, Ogden Government Services and CRSS Services, Inc.

Her keynote presentation will cover “Bridging Gaps Through Trimodal IT”. Takeaways will include:

  • Blend bimodal and trimodal IT to find a model that fits your company’s culture and needs.
  • Tackle projects in segments and demonstrate incremental change and success with each successive step.
  • Adopt a big picture approach and allocate resources such as funding across a project’s entire lifecycle instead of on an annual basis.

To learn more about the event and register today visit:

CIO Summit US: http://www.cioinsurancesummit.com/

To view all of our upcoming events, visit CDM Media’s Summit Calendar.

The Media Wants to Know: The Impact of HITECH Act and HIPAA on Healthcare IT Outsourcing

CDM Media’s Senior Director of Content & C-Suite Communities, James Quin is regularly cited in various media stories across a variety of industries. But leading up to these article inclusions are many conversations and insightful commentaries which don’t always make the publication. In this weekly (or more!) new section, James shares his responses to a myriad of tech topics he discusses with journalists. 

A proposed regulation under the HITECH Act will provide healthcare consumers the right to learn of personal data disclosures. Senior IT leaders and business executives in healthcare organizations that use lobbyists now need to focus on regulators’ renewed attention to this long-dormant HIPAA issue. James Quin weighs-in on the storyhands

“The issues with breach notification are numerous, as we’ve seen in other industries. First is the assessment of what was breached and who was affected – regulators tend to err on the side of ‘if you can’t define exactly who/what was affected, you must assume everyone/everything.’ This makes breach notification significantly more complex and more expensive. As a result, the first hurdle to overcome is being in a position to actually understand what is happening with your data at all times. This brings us to the outsourcing-specific angle, that being responsibility in the event of data loss – who holds it between the client and the provider and what measures and controls can be put in place contractually to manage any potential breach.”

CDM Media's 2010 Event Schedule

Clear your calendars…announcing CDM Media’s 2010 event schedule:

 CIO Utilities Summit—April 18-21

CIO Healthcare Summit—May 9-12

CIO Government Summit—May 23-26

CIO Finance Summit—August 29-September 1

CIO Summit—September 19-22

CTO Telecom Summit—October 3-6

CIO Insurance Summit—October 17-20

CIO Education Summit—November 7-10

Information on becoming a summit delegate can be found on each event’s site. 

If you’re interested in sponsoring a CDM Media event, check out the CIO Summits site for more information. 

And a big thank you to all of the delegates and sponsors who made CDM Media’s 2009 events a huge success! We look forward to working with you in 2010.

Interview with @spf13, Steve Francia

 

Steve Francia, CIO at Portero.com

My time on Twitter (@CDMmedia) recently brought me to Steve Francia (@spf13), CIO at Portero.com, an online retail site that sells pre-owned, luxury goods. Steve’s blog, spf13.com, as well as his Twitter feed focus on technology and social media. His IT expertise includes development, technology turnaround, strategy, organizational planning, restructuring, cost reduction, funding, productivity, and the translation of business needs into technical implementation and delivery. My questions below focus on IT security. Enjoy! 

 

What is your security plan for Portero.com in 2010 and how has your strategy changed from the previous year?

My approach to security has consistently been to provide access to the smallest possible group. I joined Portero in late 2007 and stepped into a position where the prior policy had been one of convenience. We decided as a company that one of our primary concerns in 2008 would be security. We established critical policies and held many security focused training meetings. We found this combination provided us excellent compliance with the policies. In 2009 we built on the successful foundation laid by taking a more proactive approach to security.

Success in security is largely conditional on the users following the policies. Through training and effective policies we have brought security to the forefront of our employees thoughts. Having laid a solid foundation the prior two years enables us to really utilize 2010. One area we will be focusing on is furthering our disaster recovery plan and abilities. We will continue with the practice of holding user training and education sessions. We will continue to hold self audits.

There have been plenty of stories in the news lately of customer’s information being stolen, what strategies do you use to ensure that Portero’s customer information is safe?

Portero prides itself on trust and authenticity. Naturally, I’d love to say we have this insanely intelligent and complex system and strategy to protect customer or other sensitive data, but in all honesty, this is a romantic, but unrealistic notion. In each story I’m familiar with, each failed to adhere to even the most basic of best security practices. In reality, adhering to the best practices will take you farther than an overly complex system.

Largely, we make sure that all our bases are covered, strictly enforcing best practices including: using secure pass phrases instead of passwords, forbidding customer and other sensitive data from leaving secured servers, restricting all information and access on an absolute need to have basis with fine-grained ACL, all data transfer over secured encrypted tunnels, storing encrypted archives in a secured location, restricting physical access to all server rooms, and keeping all systems patched and up-to-date. Lastly, we hold training sessions to ensure that policies are understood and followed. I could provide a long list, but the point is to cover all your bases, especially the ones that are not enforceable through technology which are all too often forgotten.

You have a blog and are an active Twitter user, what precautions do you take in order to protect your personal information while using these social media sites?

In this, the information age, privacy is rapidly eroding. Generation Y is growing up in this public environment and seem unable to even recognize the loss. We live in an era where so much of our personal information is either public or in the hands of enterprises, to think one could be truly “off the grid” seems unrealistic. So the question becomes, how does one apply the right safeguards to protect their personal life and family?

I realized a few years ago that every professional is a celebrity in their own right in that each has a public brand to maintain. Name/Brand recognition is critically important, and obtainable through social media in a way the world hasn’t seen before.

Personally, I maintain two separate online presences. A professional one via my blog (http://spf13.com) and sites like LinkedIn and Twitter. I rarely tweet anything about my family or my personal life. On the personal side, I maintain a separate “invite only” family blog. Truly sensitive information is only posted on the blog, which is really only intended for close friends and family. 

In your opinion, what is the biggest security concern with regards to cloud computing?

I see two major concerns:

1.  Cloud?

What is a cloud? In the past couple years, it has become a heavily overused marketing term. Since each “cloud” is built on completely different technologies and concepts, speaking of security as it pertains to “cloud computing” is a dangerous proposition because of how vague the question is. Since each implementation possesses it’s own unique set of technologies and problems, it’s difficult to have a meaningful discussion on security.

2.  We don’t know what we don’t know yet

It’s obvious why there is all the hype surrounding “cloud computing.” CFOs love it because there is no upfront cost, no depreciation, and a pay for what you use model. But, cloud computing is relatively young and I’d be concerned about putting any mission critical or ultra sensitive information in the cloud. I think people typically think of a cloud as being engineered from the ground up, but in reality, each is composed of piecing together many different pieces, some very mature, some very immature. 

We typically understand the points of attack (or vulnerability) in a traditional hosting environment. The cloud with its multi-tenant nature presents all sort of new potential concerns. The vendor is now providing their (largely) home built separation layers between customer data and access.

I remember a few years ago people were saying that they didn’t need an SLA from Amazon because their infrastructure was so redundant and reliable and AWS hadn’t had any meaningful outages. Many built businesses on this mentality. Here we are years later and with more mature technology and a handful of major outages have occurred this year alone including ones on Amazon and Google. Use common sense. Just because we haven’t yet experienced a widespread security breach in the cloud doesn’t mean that we won’t.

No provider currently has a PCI compliant cloud. Does PCI compliance ensure something is safe, or that something that isn’t PCI compliant isn’t? No. But this does speak to the immaturity of cloud computing that not a single provider has a cloud secure enough to store credit card data.

I believe that the cloud is a fantastic resource and has great potential. I was an early adopter of the AWS cloud when I was at Takkle.com. We built a transcoding farm on EC2 to process a huge volume of user uploaded video. Without EC2 we would have had substantially higher hosting costs, which would have prevented us from incorporating this feature. However we never transmitted any data to EC2 that wasn’t already public, nor did we put any mission critical services on it. We used common sense, mitigated risk and benefited largely as a result.

What security trends and issues do you foresee for 2010?

As budgets have been trimmed industry-wide, my biggest concern is that enterprises shortchange security, gambling with their (or their customers) data. I don’t believe that anyone intentionally would weaken security, but as staff is thinned out, essential processes become forgotten. Proper training may be elusive. Seemingly small removals here or there could quickly add up to disaster.

As social media and mobile computing converge and continue to penetrate into more aspects of business, privacy will become increasingly challenging to enforce. The smart phones on the market are capable of recording or capturing data of any kind, via camera, audio recording or by acting as a network, Bluetooth, or USB drives. They also have the ability of transmitting and/or broadcasting any of this data instantly and bring their own unmonitored network. Today’s smart phone is the ultimate spy device, even James Bond would be jealous.

Social media is very powerful. Used correctly it can be a fantastic tool. Used incorrectly it can have catastrophic results. People don’t realize that once they hit that send button the tweet, post, message, email, etc. is instantly and irrevocably being broadcast to the entire world. Yes there may be a delete button, but once it’s public, it is broadcast, copied and cached and that can never been undone.

I think proper education and instruction is the answer here. Proper instruction enables an organization to embrace all the good that social media provides, but even a perfect execution would only minimize the risk. While some groups (e.g. NBA) may be able to control usage of social media, doing so will prove extremely challenging for most businesses.

Twitter List Collection—Targeted IT Topics

Twitter lists hit the social media site at the end of October and have quickly become very popular. If you aren’t familiar with the feature, here’s a quick definition provided by Mashable’s Josh Catone:

The just-launched Twitter Lists feature is a new way to organize the people you’re following on Twitter, or find new people. In actuality,  though, Twitter Lists are Twitter’s long awaited “groups” feature. They offer a way for you to bunch together other users on Twitter into groups so that you can get an overview of what they’re up to. (HOW TO: Use Twitter Lists)

I originally started this post by organizing more general CIO and technology lists, but there were far too many for it to be truly useful. I hope these more targeted lists will serve as a good resource. The lists are in no particular order and I did not try to pick the best-of-the-best. I’ll leave that for your judgment!

I am currently putting together a CIO Resource list. It is far from finished but feel free to check it out.

If you’d like your list to be included below, please leave a comment with a link to your list and the appropriate category.

Business Intelligence

Cloud Computing

Data Center

Enterprise Architecture

Information Security

IT Analysts

IT Failure

Network Performance

SaaS

Software Development

Telepresence

Virtualization