CIOs On Security, Preventing Mydoom Redux

Amtrak's Bob Gayley and George Washington University's David Swartz on how they battened down against MyDoom.

January 29, 2004

3 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Negotiating skills may not be on the top line of most IT professionals' resumes, but according to two leading CIOs, having that kind of savvy can go a long way toward improving your company's computing performance. Learning to negotiate well, with both internal customers and external suppliers was just one of the lessons imparted during a how-to panel discussion Tuesday at the Comnet show in Washington. Amtrak CIO Bob Gayley and David Swartz, CIO for information systems and services at The George Washington University, also told attendees that understanding overall business needs and establishing a clear way to measure IT performance are additional keys to a successful IS strategy.

According to Gayley, building a winning IT organization starts with "understanding your business peers, and what they are trying to accomplish. You've got to get involved with them, to understand the demands" of the overall business.

Once the demands are clear, Swartz said, it's important to establish metrics that measure the hows and whys of IT performance, so that internal customers understand why IT can't always do everything they ask.

"One of our biggest challenges is meeting expectations," Swartz said. That's why inside the university, his department creates service-level agreements with its different constituent groups. Such internal contracts, he said, "help people understand that it takes money to deliver IT."

Tuesday's news of the MyDoom virus spread was old hat to the two CIOs, who said that dealing with external issues is a prime concern for all businesses.Gayley said one of his biggest concerns on the security front is "wondering what the next thing is." He's also aware that the time administrators have to react to worms, viruses, and other attacks "is minutes now, not hours." Since virus-protection firms typically take much longer than that to craft responses, both CIOs said businesses need to build their own defenses to keep their operations safe.

At George Washington, Swartz said his department has set up a "controlled area" where their servers direct users whose clients are determined to be infected. At Amtrak, Gayley said, the protection against viruses and worms starts at server level--users there aren't allowed to log on unless their client has properly updated software. And, "all our servers are kept up to date, all the time," he added.

The panelists were split on the issue of open-source products. Swartz said George Washington has discussed the idea of eliminating Microsoft products from the data center to eliminate the need for multiple patches and updates. Using Linux on servers, he said, "seems like a safer environment to be in."

But Amtrak's Gayley said he shies away from open source, preferring Unix products from IBM. "I still don't believe it is mature enough," Gayley said of open source.

Gayley also said IT directors should always try to seek the best deals from their vendors, either by asking to renegotiate existing contracts or by turning to resellers for quotes on updates and maintenance. "Don't presume that when that bill comes in, you have to pay," he said. "You've got other options."

Read more about:

2004
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights