Research from AdaptiveMobile appears to show a worrying amount – although decreasing – of phishing attacks on US financial institutions, with anything from credit unions to major banks in the crosshairs.
Dublin: 25.04.2015 01.23AM
Richard Harpur, CIO of software provider Aspen Grove. Image by Finbar Hussey Media
This week Richard Harpur, CIO of software provider Aspen Grove, shares his thoughts on technology trends and strategy.
How big is your organisation - how many users across how many sites?
Our infrastructure group supports about 150 users, between Aspen Grove and our sister companies, including Donseed workplace management and DCS energy savings. From our solution platform we support several thousand users in a software as a service (SaaS) environment. Aspen users are located across our Tralee office and our US office.
How would you describe your own approach to IT?
Our approach varies depending on where we are applying it. We are very progressive in applying new technology to emerging markets or solving problems in new innovative ways, but on the main production-classified systems we tend to take a very pragmatic approach using trusted and proven techniques and solutions.
Do you see your role primarily as a technical or a business one?
The CIO role is interesting as it must reach across both the technical and business domains, not always in equal proportion. At times I can be very technical focused and that is the right thing for the business at that point in time. Other times there will be a greater business focus, looking at markets, opportunities and business strategies.
I think this is a challenge for mentoring new technical talent also within every organisation, to keep awareness of the business realities and what customers value. As Aspen Grove is a technology solution provider, it is essential to have sufficient business appreciation, to be aware of what customers value and are willing to pay for and how to commercialise new technology trends.
Right now, our solutions are helping to bring order to the challenge of managing vendors who are working on tasks for our clients across a property or asset portfolio, through a single suite. The CIO role must bring both business and technology skills to be most effective. Boards that think the CIO role is about the "IT manager" are missing a major part of the picture.
Is your 2012 IT budget increased, decreased, or the same as last year?
We heavily invested in 2010 and 2011 with a programme of infrastructure replacement and upgrades, allowing us to move almost exclusively to virtualisation, as well as upgrading our production monitoring and security, while taking out certain operational costs.
We are now seeing cost savings kick in, so we've been able to reduce our overall budget slightly while increasing services to the business. This is a win-win as that capital can be re-invested in other parts of the business.
What's your main IT project for this year?
A major element of our platform capability for vendor management was released earlier this year. Now our clients can manage thousands of vendors from a single application suite. If you have vendors doing repairs and maintenance, signage, inspections or even routine operational tasks, such as cleaning, you can now track each vendor's compliance with insurance and training requirements in a single place. This eases a major burden for companies with extensive property networks or assets to manage, bringing much-needed cost savings.
What IT initiative are you most proud of?
Achieving ISO27001 Information Security Certification and then BS25999 Business Continuity Management Certification immediately afterwards; that is a major achievement for any organisation, never mind one that is growing at a rate of tripling every three years.
Doing all this while continuing to support the business operations day-to-day is something to be proud of. At the recent official presentation of those certificates, Michael Brophy of Certification Europe compared it to winning an Olympic gold medal.
What technology trends are of most interest to you personally and to your own organisation?
Obviously mobile and cloud are very interesting for us right now. In years gone past we developed aspects of our solutions on Windows mobile platform but now the smartphone's capability opens up a far richer and more sophisticated offering. Our inspection solutions are utilising mobile technology and helping our clients save valuable time. Our clients expect us to bring business benefits from new technology, mobile and cloud allows us to do this.
Cloud computing: vendor hype or business revolution?
Cloud computing is a natural evolution as the enabling technologies improve. We are watching cloud very closely but not in any particular rush to transition. Internally, we have a private cloud infrastructure, and once availability and security requirements can be satisfied we will then assess where public cloud can complement our own infrastructure.
We have some proof-of-concept projects under way but it will be a little time yet before we are ready to move any parts of our enterprise solutions to the cloud. I think the industry and cloud vendors need to be very realistic and clear with regard to their offering and capability. It is better that everyone is clear of the shortcomings of cloud before moving, rather than finding out afterwards. Any assessment of cloud needs to focus on "when things go wrong" from the outset.
Bring your own device to work: a logistical nightmare or a trend to be embraced?
BYOD is here, so not addressing it is like putting your head in the sand.
Companies must consider the implications of it, get clear policies in place, consider security implications, and incorporate it like any new technology. It is interesting that some large companies, like EMC, have jumped to a default position of BYOD and eliminated corporate-owned devices, such as mobile phones.
BYOD brings other opportunities, like complementing virtualisation at the desktop level, so it should not be seen to be all bad, but requires proper management of risks and controls.
Have you any plans to add to your own skills this year and if so, in what area?
Last year, I successfully completed the CISM (Certified Information Security Manager) exam from ISACA. Later this year, I intend to look at the business side and at management development programmes.
How do you stay on top of developments in IT that could help your organisation, and how much time do you spend on this?
This is a constant challenge. Twitter helps me to constantly stay in touch with what I have registered an interest in; from there I can dig deeper if I wish. Normally, time is needed every day just to stay in touch with new developments. Speaking with vendors also helps, but you need to ensure you align things to your own strategic plan.