IT WEEK • 13 SEPTEMBER 2004
CONTENTS
40 NEWS Big jump in the
number of IT vacancies
40 COMMENT Organisations may have
to enlist the help of freelance
security specialists to help them
cope with monthly patching
peaks, writes Mark Street
37 NEWS The number of IT vacancies
has risen dramatically since 2003,
and almost a fifth of firms plan to
recruit more IT managers this
autumn, according to E-Skills UK
MANAGEMENTWEEK
WHERE TECHNOLOGY BECOMES BUSINESS REALITY
Editor: Madeline Bennett
Recycling raises data risks
orthcoming IT recycling laws could
lead to security breaches, because
many firms are likely to leave sensitive data on machines that will subsequently be reused by other parties, recent
research has found.
The risk emerged from a study into
awareness of the Waste Electrical and Electronic Equipment (WEEE) directive by
recycling specialist Remploy E-cycle.
Remploy found that over three-quarters of firms had sold, given away or
thrown away a PC or laptop during the last
year. However, under a quarter of those
had taken adequate steps to render the data
unrecoverable, according to Remploy.
The firm said overwriting data at least
seven times before reformatting, or physical destruction of drives should be the
minimum standard for cleaning equipment before disposal. Instead, most firms
opted to overwrite hard drives only once or
twice, or simply reformat drives in an
attempt to erase data.
Even when the issue of data destruction
F
was highlighted to the 350
ment, would allow much of
DATA LEFT EXPOSED
respondents, almost a quarthe data to be recovered.
Do you destroy data before
ter still said they were unsure disposing of hardware?
In a separate survey,
how they would make IT
almost half of senior manequipment safe while meetagers said data security was
ing their recycling obligatheir top priority. Accordtions under the EU directive.
ing to the research by eNo
Yes
45%
55%
Under WEEE legislamarketing firm Emedia, 61
tion, the UK government
percent of firms expect to
will set recycling quotas for
deal with more IT security
electronic goods such as
problems next year, and less
Source: Remploy E-cycle
computers and printers to
than a quarter believe there
cut the amount of equipwill be any improvement.
ment dumped in landfills. Firms will be
However, despite concerns about
required to take more responsible steps
growing security risks, 70 percent of firms
when disposing of equipment.
expect to spend less than £10,000 on proThe results of the survey are a cause
tecting IT systems this year.
for concern, said experts. “It is laudable
David Clark, Emedia’s managing directhat companies are already making reduntor, said as firms continue to struggle
dant equipment available for reuse,” said
against the threat of viruses and other atNoel Harasyn, Remploy E-cycle’s general
tacks, they should try to make more effecmanager.“But in the overwhelming majortive use of the tools available to protect
ity of cases, they are not rendering the data
themselves. “Smart policies and practices
on hard drives unrecoverable.”
should ensure that opted-in requested
Harasyn added that the reformatting
communication gets through,” he added.
or minimal overwriting, carried out by
“[While] the unsolicited and potentially
most firms before handing over equipinfected communication does not.”
Suite streamlines IT tasks
Paula Musich
omputer Associates has added a new
workflow engine to its Unicenter Service Management Suite. The release could
improve the delivery of IT services across
organisations by enabling automated
ordering and measuring, along with a
streamlined charging process.
The workflow engine, which will enable
IT staff to integrate management functions,
will be added to five of CA’s Service Management Suite components. The data generated will be available
with the suite’s IT services cataloguing, fulfilment, metering, assurance and accounting modules.
The engine will
C
Lamm: easy
integration
itweek.co.uk
automate the processes of ordering, delivering and measuring IT services, as well as
offering a streamlined way to charge for
the services based on usage, said the firm.
“When you select something from the
service catalogue, the selection kicks off
the processes that deliver that service,” said
Jacob Lamm, CA’s senior vice-president of
Unicenter Operations Management.
The suite is designed to better align
technical operations management with
business. To this end, the new workflow
engine is designed to create links between
service delivery and Unicenter infrastructure management systems.
“You can connect the metering application to the actual network and system
management and actual applications that
are running,” said Lamm. “[This allows]
quicker and better measurement of
whether you are making the SLA [servicelevel agreement] commitment.”
The workflow engine is common across
Paula Musich
BETTER SERVICE DELIVERY
CA has updated its Unicenter Ser• vice
Management Suite, adding a
•
new workflow engine.
The engine will automate the processes of ordering, delivering and
measuring IT services, as well as
offering a streamlined way to charge
for services based on usage, CA said.
a range of CA products, and it is intended to
make it easier to integrate the firm’s offerings. It can also be used with CA’s eTrust
security tools.
While the engine may enhance IT
departments’ ability to integrate management functions, some experts wondered
whether the system would offer sufficient
flexibility. “How adaptable is it? Processes
can change over time,” said Rick Ptak, of
industry analyst Ptak, Noel & Associates.
Version 2.2 of Unicenter Service Catalog, Unicenter Service Fulfillment, Unicenter Service Assure, Unicenter Meter and
Unicenter Accounting are available now.
www.tinyurl.com/5a4xh www.eweek.com
© eWeek USA 2004
Madeline Bennett
Tool tracks
back-office
processes
BMC Software last week released a
batch processing system for monitoring and grouping IT tasks based on
their impact on business services.The
system could reduce application
downtime, according to the firm.
Batch Impact Manager discovers
the interdependencies among different batch jobs and identifies the
impact of those jobs on business
services, BMC said. It can also reveal
whether business services are running within specified parameters. If
there is a failure, the product can
predict whether the impact on the
business will be high or low.
The product works with BMC’s
Control-M cross-platform job scheduler. Control-M allows users to manage 20,000 batch jobs running across
multiple platforms from a single focal
point. Batch Impact Manager lets staff
monitor up to 50 business services
supported by those 20,000 jobs.
Although batch processing may
seem like old technology, most webbased transactions run at least 10
batch processes in the background,
according to analyst firm Gartner. It
predicts that throughout next year,
more than 50 percent of enterprise
inter-application interfaces will use
batch data exchange.
Claims services specialist Cambridge Integrated Services Group is
using Batch Impact Manager to
improve batch jobs.
“We have a different workload
every day, depending on the number
of claims and bills processed,” said
Laurie Kenley, the firm’s production
control coordinator.“If something
runs long, we need to know before we
miss our deadline.”
Batch Impact Manager costs from
$4,500 (£2,500) and is available now.
www.bmc.com www.eweek.com
39
© eWeek USA 2004
40 COMMENT Companies must ensure their security
processes can cope with monthly patching peaks
MANAGEMENTWEEK
IT WEEK • 13 SEPTEMBER 2004
Pros and cons of monthly patches
Are the software giants issuing bundled patches once a month to make life easier for their
customers, or is it a cynical strategy to provide false reassurance, wonders Mark Street
f you were one of those people
who opposed Microsoft’s decision to issue monthly patches, you
may now have even more grounds
for grievance.
Oracle has taken a leaf out of
Microsoft’s somewhat blotted
copy book, and it too is now
issuing bundled patches once a
month. Such moves are fuelling
the debate on whether the bigbang approach to fixing flaws is
better than a drip feed of patches.
Some firms are worried that
the monthly extravaganza puts
their already overburdened
administrators under far too
much pressure. The first Oracle
bundle contained fixes for more
than 60 vulnerabilities, some discovered as long ago as January.
Critics say that the monthly
surge in work means that security
personnel will have one extremely
busy period and up to 30 days of
relative quiet. Given that every
patch may need to be tested
I
before deployment, the burden
may be far too great.
Another complaint concerns the
fact that attacks do not take place
on a monthly cycle. While the vendors may say that they will issue
patches immediately if a serious
vulnerability should surface, it is
the vendors – not users – who
decide what constitutes serious.
The practice of having a regular,
monthly date to issue fixes to combat the constant barrage of attacks
is designed to give the impression
that the vendors are bringing order
to chaos. This monthly cure-all is
sending out the message that flaws
in mission-critical software are
acceptable and can be dealt with in
a logical, clinical manner.
Issuing patches at short notice
might suggest crisis, and could
attract the attention of the world’s
media. It might also give the
impression that some vendors are
supplying very vulnerable products. It was interesting that Oracle’s
latest patch dealt with flaws that
had been identified a long time
ago. Microsoft has been guilty of
similar delays in providing fixes.
As the major software suppliers
face growing pressure from the
stock market to deliver results, it is
clear that they will do whatever
they can to bolster confidence in
their products. But it is important
that they do not put the god of
spin above substance.
IT directors want to know about
vulnerabilities as soon as they are
discovered, especially as new corporate governance rules mean they
may have a duty to regularly assess
and report operational risks. The
fact is that IT now accounts for the
bulk of that risk for many firms.
The debate over responsible disclosure will continue to rage. However, there can be no excuse for
software vendors delaying fixes to
fit in with monthly cycles if the aim
is simply to give the impression
that they are in control.
Prospects improve for IT jobs
Madeline Bennett and James Sherwood
he number of IT vacancies has risen
dramatically since 2003, and almost a
fifth of firms plan to recruit additional IT
managers by the end of this year, according
to a new E-Skills UK bulletin.
There were over 82,000 IT vacancies
advertised during the first quarter of 2004,
according to the latest review by the technology skills body. This was 22 percent more
than the 67,000 jobs in the previous quarter.
Increased activity in IT departments
means there are now an extra 4,000 people
working in technology roles at UK firms.
T
Another 11,000 staff have been employed at
IT and telecoms firms since the end of 2003.
The upturn looks set to continue as 18 percent of firms plan to recruit additional IT
management staff by the end of the year.
And 11 percent of firms expect to boost the
number of staff in their IT departments.
Meanwhile, a separate study from Socitm suggests that public sector IT chiefs
must develop softer management skills to
succeed in their roles.
In a new report, Delivering local e-government, the public sector IT association
argues that local authorities wanting to
develop e-government systems should sep-
arate the roles of champion for e-government systems and head of information and
communications technology (ICT).
Socitm suggests that the e-champion
should promote the transformation of
services online, and in many cases set strategic direction; while the head of ICT
should develop the technical infrastructure
and deliver operational services.
Although most people in these roles
have come up through the IT ranks, according to the report the skills they need for
success have little to do with technology.
For both roles softer skills such as those
for relationship building, organisational
For better or for worse, the
monthly patch is fast becoming the
standard in security. IT directors
will have to ensure that their
administrators are given the
resources they need to deal with a
monthly peak in activity followed
by a lull – and this could mean
drafting in freelance security
experts for the days of issue.
But in the meantime, IT directors should continue to push for
better quality software, and make
their protests extremely vocal if they
feel that they are being supplied
with fixes too long after vulnerabilities are brought to light. Why
should the customers pay for the
mistakes of their suppliers? ITW
[email protected]
IT VACANCIES INCREASE
Number of IT posts advertised
Q1 04
82,000
67,000
Q4 03
Source: E-Skills UK
awareness, customer service and leadership, are more important than technical
competence, Socitm argued.
“The move to a more strategic role
requires a shift from management to leadership and a need for much softer skills,”
said Tony Riding, author of the report.
“The task of promoting and delivering egovernment requires skills and behaviours
more closely associated with chief executives than the traditional ICT role.”
www.tinyurl.com/5gjfd
www.socitm.gov.uk
One Vision of Quality Data
Single View of Citizens, Properties & Locations
The outstanding issue facing Government today is the quality of the data available to achieve the objectives of a single
view of people and properties. Orchard Information Systems allows Government to create and maintain unique quality
data records via the arcIndex quality data index.
For more information on arcIndex or any other products from the arcSuite range of IT solutions log on to www.orchard-systems.co.uk
or phone 0191 203 2500 Orchard Information Systems Limited, Newcastle Technopole, Kings Manor, Newcastle upon Tyne NE1 6PA
connected solutions since 1979
40
itweek.co.uk