CIO Council Romania aderă la asociația paneuropeană EuroCIO

Începând din anul 2018 CIO Council Romania s-a alăturat asociației pan-europene EuroCIO, reprezentând Corpul Național (National Bodies) al executivilor CIO din țara noastră la nivel european.


European CIO Association (EUROCIO) este o asociație independentă, non-profit, înregistrată în Bruxelles, și este singura asociație pan-europeană care reprezintă executivii CIO (Chief Information Officer) și directorii IT la nivel european. Ea are în componență peste 1.000 de membri din 16 țări europene. Comunitatea este formată atât din membri individuali, cât și din 13 asociații naționale care reprezintă peste 700.000 de specialiști din domeniul IT, cu bugete de peste 150 miliarde de euro anual.

EuroCIO militează pentru o platformă unică pentru executivii CIO și senior IT Professionals, în care aceştia pot schimba informații, împărtăși experiențe și studii de caz, pot stabili contacte și pot face networking la nivel european. Totodată, EuroCIO sprijină comunitatea de profesioniști IT în raport cu vendorii IT și autoritățile europene precum Comisia Europeană sau Parlamentul European, acordând sprijin în numeroase proiecte sau inițiative legislative europene din acest domeniu.

„Integrarea CIO Council Romania în marea asociație pan-europeană EuroCIO constituie o recunoaștere a valorii comunității IT din România și implicit a executivilor CIO din România. Aderarea la EuroCIO ne va permite să interacționăm în mod direct cu comunitatea CIO europeană, să schimbăm informații, să participăm și să influențăm proiectele și inițiativele legislative din domeniul tehnologiei informației ale Comisiei Europene”,  Yugo Neumorni, președinte CIO Council Romania.

Yugo Neumorni, CIO Hidroelectrica, reprezintă asociația CIO Council Romania în cadrul EuroCIO, fiind membru în Boardul asociației. Totodată, ocupă și funcţia de Cybersecurity Council Chairman. Reprezentanții EuroCIO vor fi prezenți la București pe 16 mai, în cadrul evenimentului CIO Council National Conference, ediția a VI-a, organizată de către CIO Council și Revista CARIERE.

CIO Council Romania a fost constituită în 2005 și este o asociație independentă, non-profit, care are în componența sa profesioniști IT din cele mai înalte poziții din ierarhia IT, numărând 85 de actuali și foști CIO.


IDC Security Roadshow 2017; in Bucharest a Real Show!


Keeping the same direct dialogue style from announcing article “IDC Roadshow 2017 is coming in Bucharest”, I want to ask yesterday participants if all I promised was happen. Did you think my participation invitation arguments have not been confirmed by the event? Anyone is free to complain posting personal opinions on the comments area… What I want, and I consider it more important, is to show those who could not come, what they had to lose…

So, it was 2017 edition of IDC Roadshow, and Bucharest was the 10th location in CEE region. I don’t know what’s happening in other cities, but I can confirm in Bucharest it was a real show! And here are my key arguments:

First, through the new approach to IT security issues, a field where never-ending novelty is no longer new… We are in a multi-platform era and any CISO should think to data security challenges from duality perspective.  How to improve security posture and resource efficiency at the same time. Data protection is at the same time a management and an IT challenge, covering a lot of vulnerabilities points from access controls and privileged user management, to data encryption and prevention, to policy and compliance deploying, and development of an effective data security culture for the whole company.

Second, the Conference Agenda, which balanced and alternated in a natural way keynotes speeches and new security concepts (Mark Child – CEE Security Practice Lead IDC, Liviu Stoica – president Agency for Romanian Digital Agenda, Gabriel Nicolaescu – Novatech, Puiu Leontescu – Palo Alto Networks, Marian Gheorghe – Telekom)  with discussion panels (CISO perspective: CEC Bank, Omniasig VIG, Dacia Renault and Client and the Vendor: Urgent Targus, Novatech, Palo Alto Networks) , live demo  and two dedicated breakout sessions focusing on of hottest  subject of the moment: The WannaCry Impact for security industry and the new EU regulation 2016/ 679 concerning the personal data privacy (GDPR).

Third, the professional quality of the speakers and discussion panels participants. Personal, for me, it was a very nice surprise to hear and to meet top-level professionals, with long-time and rich expertise in their activity areas like Gabriel Nicolaescu – BDM Novatech, Puiu Leontescu – System Engineer Palo Alto Networks, Cristina Metea – Legal Adviser Microsoft Romania, Catalina Dodu – Country Manager Atos Romania, Adrien Viaod – Field Application Engineer Kingston, Emil Gagala – Network and Security Architect VMware, and Alex Balan – Chief Security Researcher Bitdefender.

Fourth, and somewhat related to the previous one, was the active presence with presentations and especially comments on the personal experience of a very representative CISO & CIO pool, from all essential industries for protecting information, like banking (Razvan Grigorescu – Information Security Manager/ CISO CEC Bank, Cristian Goiceanu – CSO & Executive Director, BCR, and Andrei Vilcan – Head of Information Security, Banca Transilvania),  insurance (Adrian Baciu – CISO Omniasig VIG), manufacturing (Daniel Dinu – CISO Dacia Renault), utilities (Eusebiu Rotaru – IT Infrastructure Manager Electrica Distributie), telecom (Marian Gheorghe – Business Segment ICT and Sales Key Accounts Director Telekom) and logistic services (Marian Pletea – CIO Urgent Cargus), until to the governmental representatives (Liviu Stoica – President. Agency for the Romanian Digital Agenda).

Fifth, the professional involvement of IDC staff, which well managed a very difficult event. I know from my own experience the necessary efforts to better organize such international event. It was a nice surprise for me to note the professional infusion brought by the new team of  IDC Romania, active represented during all-conference by Alina Georgescu – Country Manager and Razvan Savu – Senior Consultant & Senior Research Analyst. Besides the effervescence of the young team, a great value contribution to the event success was conferred by the presence of Mark Child, a regional information security expert with a rich experience in IDC’s research projects since 2004.

So, is not time and space to write here more details about the Roadshow presentations. This will be included in next articles. What I consider important to point here are three moments with large impact for all audience.

The hacking live demo sustained by Senior Information Security Consultants Gabriel Avramescu from Bucharest and Radu Stăneascu from Bruxelles show us how simple is for a hacker to penetrate our computers and to destroy/ steal critical data, by a simple access on a malicious site. It was a very simple technical live demo showing how easy is for any medium experienced hacker to penetrate our systems In the absence of elementary protection measures and cyber security culture.

Another interesting moment was the discussions panel moderated by Razvan Savu from IDC, dedicated to a real case: the business transformation process faced by Urgent Cargus, a former Romanian company acquired by Deutsche Post DHL in 2008.  Operational problems and the challenges caused by the lack of integration of the platforms and systems was the main discussion subjects, and in the same time, the challenging issues opened by Marian Pletea – CIO Urgent Cargus to Gabriel Nicolaescu from Novatech, and Puiu Leontescu from Palo Alto Networks. Both specialists offered their general strategy for the concrete case solving, commented and amended by the Urgent Cargus CIO.

Finally, a few words about a special panel session dedicated to GDPR, moderated by Andreea Lisievici – Data Privacy Lawyer and having as guests Cristina Metea from Microsoft, Catalina Dodu from Atos, and  Cristian Goiceanu – CSO & Executive Director at BCR. As I know it was one of the first UE regulation debate sustained by private company representants, included in a security conference. After a short introduction in the new GDPR regulation made by Andreea Lisievich, participants discussed the vital importance for any company to become compliant with this regulation. Special attention has been given to the new provisions of the regulation that will enter into force on May 25, 2018, and what attitude must be adopted by any company operating with personal data to comply with the new provisions. Other important issue discussed:

  • Errors of interpretation that may arise from the current Romanian translation of the Regulation
  • What are personal data involved
  • Who and How is processing personal data
  • Which are the situations a DPO role is necessary?
  • Which competencies should a DPO have?
  • How important are the data incidents announcements
  • When is necessary to announce the citizens about a possible personal data incident?
  • How should citizens react when they receive a possible incident notification?
  • Which are specific problems for a Cloud services provider?
GDPR is a big challenge for any personal data operating companies. There are a lot of unclear issues related to “What we have to do” action plan. Follow the actions proposed by the GDPR Ready initiative to get answers to the issues raised by personal data processing compliance in real time.


Concluding, IDC Security Roadshow, 2017 edition was something new. A new event concept for a very sensitive subject: information security. A well balanced and interesting Agenda. A very high professional level of participants. professional high level. A very representative presence of big companies CISO. A very important contribution to IDC organising team during all the event.

The Digital transformation hurricane is involving a lot of new technologies, opening the Pandora’s Box for a lot of new threats to cyber security. In order to prevent and to limit any vulnerability, important is to know this threat, to manage the associated risks, to develop a company culture for data protection, and to implement a business continuity strategy.  

Digitisation is here and is coming with unprecedented challenges for CIOs

More than 200 experts, IT managers and technology leaders gathered this year to the National Conference of IT Managers from Romania to discuss a new vision of the business world in the Digital Age, whose main pillars are Cloud services, new technologies, productivity, mobility, and data analysis.  

Organised by CIO Council Romania and Cariere magazine on 30 March, at Radisson Blu Hotel Bucharest, the CIO Council National Conference 2017 was moderated by Yugo Neumorni – President CIO Council Romania and IT Director Hidroelectrica, Carmen Adamescu – Partner, Head of IT Advisory Services at EY Romania and Gianrodolfo Tonielli – Managing Director at Accenture Technology Services in CEE. Great topics contributed to the fifth edition of the conference success, driving the main conference sessions and discussion panels like “Digital Transformation: from technical to business strategies and mindsets Capabilities”, “Cybersecurity. Open SI vs. Secure IT. The Dark Side of the Cloud” or  “Innovation is the sole future of business “.

A digital economy is based first of all on a smart society, focused on people, where business and social revolutions are more than relevant. The everyday impact of technology on people’s lives is not only related to the level of experience. Is related to everyone change. “Digitisation is not a phenomenon of which we speak in the future tense. It is here and comes with unprecedented challenges for CIOs in companies. We are in the digital age, in the era of robots and artificial intelligence, and in the cognitive era,” said Yugo Neumorni, President CIO Council Romania in the Conference opening speech. „Companies, businesses and the whole society turn in a manner difficult to predict in a few years ago. CIOs must be the right hand of executives and should be included on the boards of companies as their role is decisive, both for remodelling business and for prevention and protection against cyber-attacks.”

Every IT professional is interested today in megatrends that dominate business climate. “We must think how to prepare and how to help our customers, looking not only at our industry but also what others do”, said Emin Alper Karacar, Partner at Advisory Services EY Central & Southeast Europe in the first keynote speech from the Conference. Looking to the main IT trends, Marius Antonie – Technology Consulting Manager to Accenture, said “Technology must adapt to our needs, not vice versa. There must be a partnership between us and technology, we must make technology to work for us “. The statement was supported by a robot live demonstration with a machine ready to understand and to execute human commands and to assign a task to other intelligent devices. You can watch the robot demo below.

Looking to the human position in this relationship with intelligent technologies, we have to recognise that disruptive technology put great pressure on people’s position from the current job market. “Surprise, people are the most important. We recognise that technology shapes the world, but the key is still represented by people, what matters most is the man “, highlights Corina Gonteanu Strategic Marketing Director of ManpowerGroup Europe. Cristian Paţachia-Sultanoiu, Development & Innovation Manager at Orange Romania presented the company’s vision on new innovations, with a comprehensive review of the Alba Iulia smart city project, the first big smart city project in Romania, based on public Wi-Fi hotspots with secure Internet access in public areas, public transport smart solution, media and communication platforms and reporting municipality system based on LoRa WAN infrastructure with communicating devices connected to the Internet and public lighting management solutions.

In the security and safety for the digital environment panel Catalina Dodu, Country Manager at Atos IT Solutions and Services Romania pointed out some essential things. “When it comes to cybersecurity, there are two types to organisational: those who have been attacked and those that don’t know they have been attacked. Hacking is no longer the work of a bored teenager; it has become an economy supported by companies and in some cases, state actors,” warned Catalina Dodu.

Foto Credit: CIO Council

The third session of the conference entitled “Innovation Is the Sole Future of Business” was opened by Bogdan Tudor, Vice President CIO Council Romania, CEO of Startech Team, who explained the concept of “Digital Transformation Company for Exponential Growth”. “It’s the best time to work in IT because you are connected to huge opportunities opened by the changes brought by technology. We must take advantage of a world in constant change. Every revolution is a great opportunity … for those who are prepared to take advantage of it,” said Bogdan Tudor.

Dragoş Dincă, IT Director at the Romanian Post tried to offer an answer to sensitive questions: “Will Robots destroy jobs?” “Is Romania ready for such a revolution?” Dragos Dincă believes that will create jobs, but that “we must build a trusted environment, both at the country level and organisational level. In addition, it can provide alternative jobs for those who might lose jobs as a result of automation, using retraining programs.”

Finally, Cristian Cucu, CIO at Romanian Government CIO Office said that the overall situation is delicate and we must look to the CIO from a perspective of Business Intelligence. “CIO’s need to be on the board of management to solve problems and to point out some other things really is a gap, but we must take advantage of the huge accelerator technology.”

Elita managerilor IT din România se reunește pentru a discuta urgențele transformărilor din era digitală

A devenit o tradiție ca în fiecare an asociația CIO Council România să organizeze o conferință națională, în care pe lângă membrii asociației, directori IT din importante companii participă reprezentanți ai comunităților internaționale de business, analiști de piață și reprezentanți media.

Într-o perioadă în care cuvântul de ordine a devenit ”transformă-te ca să reziști în business”, rolul unui director informatic în cadrul oricărei organizații suferă ample mutații. Un manager IT devine dintr-un simplu specialist, coordonator al unui departament tehnic, un adevărat consultant de business și evangelist al tehnologiilor digitale pentru celelalte linii de business.

În acest context, este normal ca anul acesta Conferința națională a managerilor de IT din România să se focalizeze pe  noua misiune a managerilor IT de a facilita transformarea digitală într-un mod cât mai eficient și mai benefic pentru companie. Ediția a V-a a conferinței anuale organizată de CIO Council România și revista Cariere are ca generic: „Digital Era. The urge of business transformation” – A început aventura transformării digitale!” și va avea loc pe 30 martie 2017 la Hotel Radisson Blu din Bucureşti, sala Atlas. Evenimentul va reuni peste 250 de profesionişti şi manageri IT, CIOs şi COOs, oferindu-le acestora o excelentă ocazie de a discuta despre top 3 preocupări majore ale specialiştilor IT: Alinierea (în top în ultimii patru ani), Securitatea (în creştere în ultimii doi ani) şi lipsa de competențe tehnice în Analytics, dezvoltare de software, securitatea informatică și domeniul Cloud.

CIO Council este Asociaţia Directorilor de Tehnologia Informaţiilor şi Comunicaţii din România şi reuneşte peste 80 de membri ce deţin sau au deţinut funcţia de Chief Information Officer/Director IT în mari corporaţii româneşti sau multinaţionale din domenii diverse de activitate.

Ediţia de anul acesta a Conferinței își propune să lanseze dezbaterea despre lumea digitală şi impactul acesteia asupra mediului de business, provocând, alături de cei mai influenţi jucători din piaţă, răspunsuri la marile teme ale momentului:

  • Transformarea digitală: de la capacități tehnice, la strategiile de afaceri și mentalităţi;
  • Viitorul digital al afacerilor: R&D şi design cu ajutorul realităţii augmentate, manufacturare cu ajutorul roboţilor, lanţuri de aprovizionare prin depozitare automatizată, camioane şi drone fără şoferi, vânzări prin e-commerce, self-service şi licitaţii online, marketing prin CRM şi publicitate targetată, având la bază Big Data Analytics, servicii prin e-banking,  comunicaţii mobile, divertisment şi educaţie online;
  • Digital Banking. Suntem pe cale să asistăm la dispariţia băncilor tradiţionale?
  • Noul rol al unui CIO în contextul transformării digitale;
  • Inovaţia și valoarea adăugată pe care aplicațiile digitale inteligente o pot aduce într-un context comercial și social;
  • Forţa de muncă digitală. Suntem pregătiţi să integrăm nou-veniţii în departamentele noastre IT?

Conferinţa va fi moderată de către Yugo Neumorni, Preşedinte CIO Council România şi Director IT&C, Hidroelectrica,  Gianrodolfo Tonielli, Managing Director for Accenture Technology Services in CEE şi Carmen Adamescu, Partner, Head of IT Advisory Services, EY România.


Yugo Neumorni, Presedite CIO Council Romania, Image source:CIO Council


Economia globală intră într-o nouă eră, Era Digitală, care atrage după sine provocări nemaiîntâlnite pentru companii. Tehnologia creşte în ritm exponenţial şi ne redefineşte lumea cu o viteză incredibilă. Ea ne modifică totodată mediul de afaceri schimbând total felul în care trăim, muncim şi comunicăm. Acum este momentul pentru CIOs şi Directorii IT să preia iniţiativa şi să ofere mediului de afaceri instrumentele de care au nevoie pentru Transformarea Digitală a companiilor,” declară Yugo Neumorni, Președinte CIO Council România. ”Este momentul ca CIO sa iasă din sala serverelor, să ocupe un loc în Board-ul companiior şi să îşi asume adevăratul rol de Chief of Information, care gestionează datele companiei, rolul de evanghelist şi contributor cu rol strategic, vital pentru tehnologizarea şi digitalizarea companiilor. Este timpul nostru”.


La ediția din acest an vor mai participa cu prezentări: Cătălina Dodu, Country Manager, Atos IT Solutions and Services România, Cristian Paţachia, Development & Innovation Manager, Orange România, Gianrodolfo Tonielli, Managing Director for Accenture Technology Services in CEE, Marius Antonie, Technology Consulting Manager, Accenture, Emin Alper Karacar, Partner, Advisory Services  EY Central & Southeast Europe IT Advisory Leader, Radivoje Trandafir, Regional Director CEE, Interoute, Dan Gavojdea, Security Regional Sales, Cisco Systems, Codruţ Săvulescu, Chief Solution & Marketing Officer, Huawei România, Bogdan Tudor, Vicepreşedinte, CIO Council România, George Lazăr, Board member, CIO Council România, Eugen Schwab-Cheşaru, Vicepreşedinte – Central & Eastern Europe Operations, Pierre Audoin Consultants – A CXP Group Company, Nikos Sampanis, Country Manager, SE Europe, Forrester şi alţii.

Pentru înregistrare și amănunte despre Agenda conferinței și speakeri accesați pagina oficială a Conferinței: 




10 adevăruri crude în 2017, prezise de IDC pentru directorii IT

Într-un webcast de la începutul lunii noiembrie susținut de analiștii Joe Pucciarelli, Serge Findling, și Mike Jennett, IDC anunța cele zece predicții tehnologice de care trebuie să țină cont orice CIO în 2017.

În buna tradiție a analizelor IDC, predicțiile CIO Agenda acoperă cele mai importante tendințe ale momentului ce guvernează transformarea digitală a întregii economii globale, dar oferă o proiecție și pentru următorii 3 ani.

1: Valorificarea datelor – Până în 2019, 40% dintre proiectele IT vor avea ca scop crearea de noi servicii digitale bazate pe valorificarea mai eficientă a datelor – în era cunoașterii informația reprezintă combustibilul economiei digitale. Orientarea către servicii este un trend mai vechi, dar noile servicii vor fi bazate pe tehnologii ce valorifică toate valentele informației, de la analiza valorii la orice moment, la puterea predictive a datelor.

2: Pentru orice ecosistem – Până în 2018, 65% dintre organizațiile IT vor oferi servicii specifice fiecărui ecosistem, personalizate în funcție de cerințele de business ale clienților – rolul echipei de IT ca furnizor de servicii customizate este în continua creștere și reprezintă în sine transformarea prin care rolul IT-ului migrează din zona strict tehnică în cea de business.

3: Lipsa de viziune – Până în 2017, 40% dintre directorii IT nu vor putea aspira la un rol decizional la nivel de organizație din cauza lipsei de viziune, de credibilitate și de abilitatea de a influența – pare un procentaj destul de mare, dar să ținem cont de faptul ce estimarea este pe termen scurt. În 2-3 ani procentajul are toate șansele să scadă. În plus, mulți dintre directorii IT de astăzi nici nu își doresc o funcție executivă…

4: Adopția inovațiilor – Până în 2019, 75% dintre CIO vor recunoaște limitările tradiționalelor sisteme IT și vor adopta tendințele inovative –până acum 2-3 ani majoritatea managerilor IT erau reticenți în fața noilor tehnologii. Acum migrarea în Cloud nu mai este de loc un experiment riscant, ci o necesitate de business, iar impactul BiG Data & Analytics, IoT, Mobile sau Social este din ce în ce mai evident. Revoluția digitală acționează rapid, cu efecte radicale. Sunt șanse reale ca procentul să fie mult mai mare până în 2019.

5: Transformarea digitală – Până în 2018, 40% dintre directorii IT vor propune inițiative de transformare digitală bazate pe coerența dintre liniile de business, echipele IT și resursele organizaționale – Esența economiei digitale este valorificarea cunoașterii bazată pe colaborarea tuturor entităților dintr-un ecosistem.



Image Source: Enterprise Mobility Forum

“În noua economie digitală, un CIO trebuie să învețe cum să formeze și să conducă o organizație IT care să se adapteze simultan cele trei imperative reunite în principiul Leading in 3D: Innovate, Integrate, and Incorporate.

Joe Pucciarelli, Group Vice President & IT Executive Advisor, IDC IT Executive Programs




6: Bimodalul pe cale de dispariție – Până în 2019, 80% dintre organizațiile IT bimodale vor fi afectațe de efectul cumulativ al complexității tehnologice, costurilor și pierderii credibilității – Este un adevăr crud, dar este clar că bimodal nu este același lucru cu hibrid…

7: Pasul de la fizic la digital – Până în 2018, 45% dintre directorii informatici vor face pasul preocupărilor primare de la fizic la digital – Dacă ne uităm la rapiditatea cu care evoluează piața, s-ar putea să avem aici o subestimare. În următorii 2 ani mulți CIO vor trebui să se adapteze la sistemele digitale din nevoia de viteză, predictibilitate și scalabilitate.

8: Apelați la platformizare – Până în 2018, 45% dintre CIO se vor canaliza pe ”platformizare” folosind DevOps – Am putea să ne gândim la un procentaj mai mare de 50%, ținând cont de nevoia acută de reducere a costurilor, implementare mai rapidă și creșterea agilității organizațiilor.

9: Să învățăm de la startup-uri – Până în 2019, 70% dintre organizațiile IT vor migra către o cultură apropiată de cea a startup-urilor – Asta înseamnă o atitudine bazată pe nevoi stringente, cu practice manageriale de ultimă oră și resurse oferite de comunitățile open source.

10: Adaptarea strategiilor de risc – Până la sfârșitul anului 2017, 80% dintre CIO vor adopta strategii de risc bazate pe reacții adaptive la amenințările de securitate, nevoia de conformitate și posibilele căderi de business.

Mesajul analiștilor IDC este clar: directorii informatici trebuie să găsească cea mai bună metodă pentru a reinventa rolul organizației IT. Altfel nu vor putea face față transformărilor. Iar riscul cel mai mare este posibilitatea de a fi înlocuiți de furnizori specializați în oferirea de servicii dedicate.

Articolul ”10 adevăruri crude pentru 2017, prezise de IDC pentru directorii IT” a fost publicat în revista IT Trends, nr.1, Noiembrie 2016

IDC IT Security Roadshow: Reaching The New Frontiers in Data Protection

 IDC2 Cover

2nd article: Facing to invasion of more and more sophisticated data security threats business leaders push IT to deploy new technologies and services.

Continuing presentation of the IDC IT Security Roadshow organised in April 14th in Bucharest, will try to review the most important security issues discussed during keynote presentations and panel sessions.

Expose the Unknown – most important driver of data prevention for Check Point

One of the hottest subjects in the industry now is zero-day attacks prevention. According to Check Point a “zero-day” exploit is any vulnerability that’s exploited immediately after its discovery. We speak here about rapid attacks that take place before the security community or the vendor knows about the vulnerability, or has been able to repair it. Such kind of exploits are a Holy Grail for hackers because they take advantage of the vendor’s lack of awareness and the lack of a patch, enabling the hacker to wreak maximum havoc. Zero-day exploits are often discovered by hackers who find a vulnerability in a specific product or protocol. Once discovered, zero-day exploits are disseminated rapidly, typically via Internet Relay Chat channels or underground Web sites. From practice, detailed information about zero-day exploits are available only after the exploit is identified.

IDC2 Check Point

Source: IDC

“Increasing your enterprise security often means increasing your complexity and management challenges in kind. Check Point delivers a multi-layered line of defence to help you maximize your security while minimizing challenges and closing gaps”, said Cezar Varlan – Security Engineer, Check Point Software Technologies

Trying to cover multiple-layers potential vulnerabilities, many organizations are investing in a disparate mix of new security technologies from a variety of vendors. All these tools provide punctual advantage but each must be managed individually, including reporting, provisioning, configuration and testing tasks.

Check Point offers a comprehensive solution, with a full range of interoperable threat prevention blades, common policy management and monitoring, and maximum protection from emerging threats. Attackers have become more creative, reaching corporate resources with modern and complex malware attacks. Check Point SandBlast Zero-Day Protection combines innovative technologies to proactively protect against even the most dangerous targeted attacks and unknown malware, while ensuring quick delivery of safe content.

Staying ahead of the threat with Fortinet

IDC2 Fortinet

Source: IDC

Today’s threats are increasingly sophisticated and often bypass traditional malware security by masking their maliciousness. As these attacks become more advanced, organizations must similarly improve their security posture. Why do these breaches continue? “Extreme focus on compliance, reacting only to known threats, and existing of to many point solution are between main reasons”, said Adrian Danciu – Regional Director, South Eastern Europe, Fortinet. “More that, the lack of a defined perimeter offers a borderless attack surface.”

Fortinet solutions are based on a deep segmentation for protection against outside and inside threats, proactive Mitigation, Advanced Threat Visibility, and Flexible Deployment Fortinet Advanced Threat Protection relies on multiple types of security technologies, products, and research applied from the network edge through to endpoint devices. To deliver the most effective protection, they are integrated to work together automatically, continuously handing off data from one to the next to identify, evaluate and respond to attacks.

Fortinet Advanced Threat Protection Framework delivers end-to end protection across the attack chain, based on three elements which work hand-in-hand:

  • Prevent – Act on known threats and information
  • Detect – Identify previously unknown threats
  • Mitigate – Respond to potential incidents

Fortinet was recognised as major player in fastest growing market segment – network security and WLAN market (IDC, 2015), largest network security appliance vendor (units) and quickly growing (IDC – Worldwide Security Products), and second largest provider for Data Center Firewall (Infonetics research).

Applying probabilistic mathematics and machine learning to cyber threat discovery

Very interesting point of view opened by Darktrace and Safetech, based on major role machine learning could have in probabilistic identification of cyber threats.

Image result for machine learning darktrace

Source: Darktrace

Machine learning can be thought of as the third and most recent machine revolution. The first was the replacement of muscle by machine in the industrial revolution. The second involved computers taking over repetitive tasks that had originally been done by people. Machine learning represents computers being able to undertake complex thoughtful tasks.

Darktrace’s technology is powered by advanced machine learning, allowing it to learn what is normal for a company’s network environment, so that it can then determine if any behaviour is abnormal. This allows it to detect cyber-attacks of a nature that may not have been observed before, the unknown unknowns. The ability to self-learn and adapt to a changing environment in real-time allows organizations to reconcile the need for an interconnected workforce, customer base and supply chain, whilst ensuring that they protect against serious, existential threats to their businesses in the most effective and pragmatic way possible.

Legacy approaches to cyber security embody the second revolution: people describe what an attack looks for, and then ask the computer to look for a match to that description. Darktrace turns this paradigm on its head, embodying the third machine revolution: the computer analyses the data and finds areas that merit human interrogation. It is this capability that allows Darktrace to abandon the legacy approach of rules and signatures, and analyse even fast-moving, sophisticated and unknown threats in real time.

“Our vision is to apply human intelligence to cyber defence through revolutionary technology. Deep expertise in cyber defence operations and ground-breaking, self-learning technology allows organizations to keep up with the speed and sophistication of today’s attackers, “said Mateusz Flak – Cyber Security Regional Manager, Darktrace. “The age of surrounding your information with higher and higher walls is over. Legacy approaches permanently leave you a step behind. Darktrace moves at the same speed as the threat, automatically learning from an organization’s ongoing activity in real time to detect threat behaviours as they emerge.”

New approach for modern threat prevention coming from Palo Alto Networks

IDC2 Palo Alto 2

Source: IDC

Most important is everybody should understand the prevention is no negotiable. The Palo Alto Networks’ strategy for modern threat prevention is based on five simple processes every organization should implement, each of them having a well-established actions:

  • Everything must go in the funnel
  • Reduce the attack surface
  • Block known threats
  • Test and adapt to unknowns
  • Investigate and respond
  • Investigate indicators

One of most frequent cyberattacks are ransomware messages. Attackers have traditionally profited by stealing identities or credit card numbers, and then selling them on underground markets. According to the Verizon Data Breach Investigations Report, the

price for stolen records has fallen, so cyber attackers are on the hunt for new ways to make a profit. Due to technology advances in attack distribution, anonymous payments, and the ability to reliably encrypt and decrypt data, ransomware effect is decreasing.

According Palo Alto Networks, the three key steps to protect against ransomware are based on:

  • Preparation – Having a solid backup and recovery strategy in place is the key to recovery if the worst were to happen.
  • Prevention – Segment your network, control access, stop known malware, and quickly detect and prevent unknown malware as it arises.
  • Response – Understand the latest ransomware families and campaigns. Have a plan in place for engaging law enforcement agencies.

To better deserve the threat and attacks research Palo Alto Networks opened Unit42, with clear mission to analyse the data available to Palo Alto Networks to identify adversaries, their motivations and resources to better understand the threats our customers face.

Other valuable principle developed by Palo Alto is based on comprehensive concept of Threat Intelligence. What is Threat Intelligence? “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard, “ explained Peter Lechman – Regional Sales Manager – Eastern Europe, Palo Alto Networks, during his keynote in IDC Roadshow from Bucharest.

A new approach to security from Symantec

Knowing how cyber-criminals are threatening security is the first step to securing information—and any company’s goals. From data breaches to digital extortion, the 2016 Symantec Internet Security Threat Report leverages an unparalleled amount of data and is the resource you need to quickly uncover digital threats.

Here are the main key finding pf the last edition of ISTR, presented by Christos Trizoglou – Regional Manager of MiTech Systems, Symantec in his keynote from Bucharest:

  • A large business attacked once in 2015 was likely to be attacked 3 more times

    IDC Sala 3

    Source: IDC

  • 50% of all targeted attacks were against small businesses
  • 55% increase in the number of spear-phishing campaigns attacks in 2015
  • 3out of 4legitimate websites found to have unpatched vulnerabilities
  • 125% increase in the number of zero-day vulnerabilities discovered
  • 100 Million Technical Support scams blocked
  • 35% increase in crypto-ransomware as it spread beyond end-users to holding businesses hostage
  • A record 9 mega breaches occurred in 2015
  • 430 Million new pieces of unique malware discovered

Symantec is ready to deliver a unified security intelligence platform that leverages the combined visibility and intelligence of all of his offerings (augmented by 3rd-party data) to block, detect, and remediate attacks, protect information, and reduce risk. Best Practices provided by Symantec are based on following advices:

  • Don’t get caught unprepared – Use advanced threat intelligence solutions to find indicators of compromise and respond faster to incidents;
  • Employ a strong security posture – Implement multi-layered endpoint security, network security, encryption, strong authentication &reputation-based technologies. Partner with a managed security service provider to extend your IT team;
  • Prepare for the worst – Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises;
  • Provide ongoing education and training – Establish guidelines & company policies and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investigation teams—and run practice drills—to ensure you have the skills necessary to effectively combat cyber threats.

 Internet Identifiers – Your Most Undervalued and Under Risk Assets?

IDC2 Internet Security ICANN

Source: ICANN

Very interesting subject proposed by ICANN which considers Internet Identifiers for both vulnerability place and security asset. ICANN (Internet Corporation for Assigned Names and Numbers) is a not-for-profit public-benefit corporation with participants from all over the world dedicated to keeping the Internet secure, stable and interoperable. ICANN mission is to preserve the security, stability and resiliency of the Domain Name System and domain name registration services, to promote user confidence and trust in these systems.

Obviously identifiers are common targets for loss, misuse or abuse. Domain Name are subject of various attacks, having as consequence loss of Web services, public defacement, eMail or eCommerce functions disruptions. IP addresses damages conduct to network disruption and data exfiltration. Autonomous System Numbers breaks can generate disruption of global communications systems and largescale loss of commercial hosting.


Source: IDC

From Risk Mitigation perspective Internet Identifiers could be considered as assets. The best practice is based on quick adoption of standard risk management practices: regular evaluation of organization’s identifier assets, correct appreciation of the threat landscape and the vulnerabilities status, managing risks by priorities, and correctly positioning of mitigation techniques against protection costs. Periodic analysis is a strong defense.

Resource and relationship management could play critical roles in Risk Mitigation. “Organizations should know their allies, keeping points of contact for mitigation providers, upstream ISPs, hosting providers, registries, registrars, vendors and security service technical support,” said Andrea Beccalli – Stakeholder Engagement Manager – Europe, at ICANN

A new data protection regulation is born… during IDC conference in Bucharest

A happy coincidence was the final approval of the new EU General Data Protection Regulation has successfully passed through the European Parliament in the same day with IDC conference from Bucharest. Essential regulation and the critical importance for European Commission efforts toward a future Digital Single Market were presented by Bogdan Manolea – Legal Advisor,

European Union (EU) member states will now had two years to pass the new regulations – which were proposed by former EU justice commissioner Viviane Reding four years ago – into law. The data protection reform package includes both the GDPR and the Data Protection Directive for Police and Criminal Justice Authorities. It replaces current rules based on directives laid down in 1995 and 2008.

IDC Security 1

Source: cloud☁mania

Concluding, IDC IT Security Roadshow is a professional marathon inviting industry specialists and business managers to think, to learn and to act against digital security threats. This year IT security conference series investigates the threats to key systems, data, and networks, and the main actions that organizations need to take to secure them. IDC is advising security professionals not only to look at investing in security solutions, but also at people and processes, employees and business partners, helping individuals and organizations to develop a strategic thinking.



How IDC Sustain CIOs in Digital Transformation Process

Photo Source: pixabay

Ten years ago any second slide from any IT corporate presentation started with inevitable title: “Networking Industry Challenges”… Five years ago the same introductory slide started with: “Internet resources challenges”. Now, every 8 from 10 corporate presentations from all industries are using as introductory buzz: “Digital transformation challenges”…

It’s interesting the digital transformation tsunami looks to disrupt in the same way all companies, from any industry, but IT providers are affected first of all. From the managerial perspective, the responsibilities for “What are next?” be involving at the same time CEOs, CFOs, CDOs, but first of all CIOs…

How is disrupted the CIO role in organization level

The disruption power of digital waves is leading CIOs to fundamentally change the traditional technologies issues. Until yesterday the main CIOs attribution was more related to IT operations management, packaged software deployment, security prevention and risk minimization, having as main goals the general systems stability and cost reduction.

Today CIOs are forced to embrace a more expansive view of their roles, involving direct participation in company’s revenues increasing, customer experience improving and digital strategy shaping.

Who should conduct digital transformation process?

digital 3

Photo Source: pixabay

Analyst community is still divided discussing the main role in the digital economy. While majority opinion shows that CEOs should have the main contribution in digital vision and strategy establishment, it is clear that the major role in the transformation process coordination should be played by CIOs.

Looking to the business implication at organization level, it’s hard to see the limits. The goals for different departments should be aligned internally like general strategy, operational issues and process evaluation also. At the same time, the leader who establishes the vision and strategy needs strong technology knowledge and a clear understanding of transformation processes as well.

Anyway the biggest issues in CIO’s leadership will be focusing on digital business needs function of the organization’s capabilities and resources availability.  According IDC FutureScape: Worldside CIO Agenda 2016 Predictions”, 66% of CEOs plan to focus on digital transformation strategies for 2016 having in CIOs the major players in leading every department through this shift. The same report shows not many CIOs are confident in their managerial skills, only 25% being confident in how they will drive new digital streams.

Organizations have to solve now this dilemma: CEOs need CIOs in conducting role of business transformation process but CIO’s majority looks to be not ready for this demanding role. Without CIO’s technology skills a company will have not the power to adopt the key drivers of digital transformations: innovation, integration and incorporation.

While digital transformation is crucial on business success IDC predicts that by 2018, 70% of digital transformation initiatives could ultimately fail because of „ insufficient collaboration, integration, and sourcing or project management. In order to have successful digital transformation in a company, the same study shows „leaders need to encourage cross-functional collaboration around digital initiative”. IT teams will also need to use the “maturity it has achieved in agile project management, integrated service management and enterprise security to support the transformation engine,” according IDC.

6 ways CIOs should conduct digital transformation in the enterprises

digital 2

Photo Source: pixabay

Synthesizing the main conclusions of specialists researches, we can discuss about six essential powers CIOs needs to win in today’s digital transformation war:

  • Digital strategy – CIO must be able to articulate a coherent digital strategy, aligned with business objectives and to make that well understood at organization level;
  • Technology innovative leader: will continue to be the main charge of any CIO able to build and deploy the basic high-tech requirements;
  • Transformation leader – CIO will play a key role in digital business vision, helping to align digital initiatives with business goals;
  • Leadership abilities – any CIO should have a leading position in the strategy setting and execution;
  • Operational and financial knowledge – CIO should understand and assimilate the better cost of digital processes, being able to estimate ROI metrics;
  • Establishing and deploying process standards – is also critical to IT to deliver into digital business potential.

Are CIOs prepared for transformation leadership role?

Big majority of researches are showing a negative answer. What we have gone to do in such a short time? The better solution is to assist CIOs with digital transformation consultancy support. Are CIOs opens up this assistance? They don’t have too many to choose if they want to be digital transformation drivers for their organizations.

Could we teach CIOs in digital technologies? The answer should be definitively yes: CIOs has the technical skill to understand the innovation and to promote the value of change.

Could be CIOs good managers? This is function of their entrepreneurial skills and the opening on business metrics. Statistics shows more than 40% CIOs are ready to become CEOs in the next few years. This is part of business transformation process. In IT and other technical industries the limits of CEO’s and CIO’s competences are not so pregnant.

In other industries we can assume a lot of CIOs having managerial and economic skills, but average CEO’s technical level is under the understanding limits. This is the reason for the lack of reaction to digital changes in large categories of managers.

IT Executive Program for the CEE CIO proposed by IDC

IDC recently announced the extension of his IT Executive Program in the Central and Eastern Europe (CEE) Region. What is IDC’s IT Executive Program? This is an IDC initiative already tested for the US market featuring a comprehensive mix of fact-based research and advisory services for IT managers from all industries. The main goals of the program are to help organizations of the region to maximize the effectiveness of their IT investments, advising them how to identify new opportunities, how to mitigate the risks, and how to perform in business transformation process.

IDC’s initiative is starting from the clear necessity to better sustain CIOs and business leaders especially from the industries that were not considered technology dependent until recently. “IDC’s IT Executive Program is tailored to support the CIO to understand what digital transformation means for his or her industry. The program is designed to empower the CIO to be a driver of innovation in the organization, to help the CIO define his/her new role as technology becomes more integral to the business, and to concurrently support the real need to “keep the lights on” by maintaining and optimizing the existing infrastructure, service levels, and unavoidable legacy systems.” says Tom Schwieters, VP of Sales for IDC CEE and MEA.

Which are IDC’s main strengths offered as tools for specific expertise in key industries?  First of all is the analyst task force. More than 120 regional analysts and another 1,000 worldwide collaborated last year helping CIOs in CEE to receive the best answer to many specific questions like:

  • How will big data impact the pharmaceuticals manufacturing market?
  • How can oil and gas enterprises adapt to digital office trends?
  • What technologies and vendors should a large utilities firm consider when implementing its private Cloud service?
  • How should a national emergency authority organize its IT team?


After that, IDC has a lot of experience sourcing from best practices and a deeply knowledge of specifics in each market. IDC developed also some analytical processes like IDC Maturity framework which enables the measurement of organization’s development in various tech areas and management flows, providing a valuable guidance to lead the company to the desired level of development. Other example is IDC “Concierge” Service delivered as annual subscription model to IDC’s research database, including direct inquiry access to IDC’s research analysts around the globe, or to different projects to meet CIOs specific needs.  Each CIO has to solve a specific set of challenges, and IDC’s flexible delivery model is designed to adapt to these needs.

“The IT Executive Program is our fastest growing line of business and our number one investment priority over the medium term. We are very excited to broaden and deepen our advisory to CIOs around the region as they embark on the digital transformation journey,” explains Jan Siroky, VP and head of CEE Region at IDC.

Schloss Schonebrunn

Photo Source:

IDC CIO Summit Vienna

Part of IDC’s support for CIOs are the specific events with different focus organised periodically around the CEE and MA regions. The next IDC event in Central East Europe is CIO Summit Vienna 20-22 of April,  organised in the imperial ambiance offered by Schönbrunn Palace.

The Summit will bring together top CIOs, thought-leading IDC analysts, and innovative vendors from 30 countries offering them good moments for networking, learning, and experience exchange. Having as key message: “Rise of the Disruptive CIO”, the main topics proposed by IDC’s analysts for this Summit addressing a lot of hot subject for this digital revolution period, like: real world experiences with the today and tomorrow key technologies (Cloud, Big Data, IoT), IT security for IoT, digital transformation in the Public Sector, banking OmniChannel, and others.


What? Why Attend? When? Where? Who? How To?

Don’t miss your most interesting cloud events of the Summer of 2015

Even the time is too short for Registration or from various reasons you have not possibility to participate, you may access official pages of the events and to see keynote topics or workshop activities. Some organizers are offering online participation or recording facilities.

JUNE 2015

Hynes BostonWhat? Red Hat Summit 2015, Boston MA

Why Attend?  Red Hat Summit is meant for anyone looking to exponentially increase their understanding of the leading open source solutions that power 90% of Fortune 500 companies. From business and technical sessions to hands-on labs to 1:1 conversations, there’s something for each level of interest and need.

Where? Hynes Convention Center, 900 Boylston Street, 02115 Boston, MA

When? June 23-26, 2015

Who is organizing? Red Hat

How to?  Register HERE!


cloudworldforum-1 LondonWhat? Cloud World Forum

Why Attend? Gain need to know knowledge in key investment areas throughout our 16+ content theatres  shaped by 100 research calls with C-Level IT decision makers and technology pioneers. Now part of the research house Ovum, our content is validated by their experts who have over 10,000 market data points.

Where? Olympia Grand, London, UK

When? June 24 – 25, 2015

Who is organizing? INFORMA Telecoms & Media

How To? Register HERE!


Berlin CityCubeWhat? AWS Summit Berlin 2015

Why Attend? The AWS Summits events, held around the world, are not only designed to educate new customers about the AWS platform and offer existing customers deep technical content to be more successful with AWS; they are also a platform for knowledge exchange, expert chats and networking space between visitors at every stage of cloud utilization.

Where? CityCube Berlin, Messedamm 26, 14055, Germany

When? 30 June 2015

Who is organizing? Amazon Web Services Germany

How to?  Register HERE!



millennium-broadway-hotel-times-square-new-york What? IEEE Cloud 2015, New York, NY

Why Attend?  The IEEE International Conference on Cloud Computing (CLOUD) has been a prime international forum for both researchers and industry practitioners to exchange the latest fundamental advances in the state of the art and practice of cloud computing, identify emerging research topics, and define the future of cloud computing. All topics regarding cloud computing align with the theme of CLOUD.

Where?  Millennium Broadway Hotel, 145 West 44th Street, New York, NY 10036

When? June 27- July 2, 2015

Who is organizing? IEEE

How to? Register HERE!


JULY 2015


Hilton Kensington LondonWhat? Exploring OpenStack in the Enterprise, London, UK

Why Attend? OpenStack, may once have been seen as the geeks’ playground but now there’s plenty of sober corporate interest these days. It is now recognized as the main game in town for non-proprietary cloud development and there are many reasons why it carries so much clout.  The primary one is that it is setting the pace when it comes to open technology within a fast growing cloud world.

Where? Hilton London Kensington, London, UK.

When?  July 2nd, 2015

Who is organizing? UNICOM

How to?  Register HERE!



marina bay singaporeWhat? CSA APAC Summit 2015, part of RSA Conference APJ, Singapore

Why Attend? Cloud computing is now a mission critical part of the enterprise. A global list of industry experts will share their experiences and discuss the key security challenges of tomorrow with a focus on relevance to Asian markets. Get the big picture view of the future of IT and our mandate to revolutionize security.

Where? Marina Bay Sands, Singapore

When?  July 21, 2015

Who is organizing? Cloud Security Alliance

How to?  Register HERE!




Las VegasWhat? Black Hat USA 2015, Las Vegas, NV

Why Attend? Black Hat – built by and for the global InfoSec community – returns to Las Vegas for its 18th year. This six days event begin with four days of intense Trainings for security practitioners of all levels (August 1-4), followed by the two day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Awards, and more (August 5-6)

Where? Mandalay Bay, Las Vegas NV

When? August 1 – 6, 2015

Who is organizing? Black Hat

How to?  Register HERE!



Hyat San DiegoWhat? Gartner Catalyst Conference 2015 San Diego, CA

Why Attend? This event provides practical solutions, actionable advice and principled objectivity in ways you won’t find at anywhere else. Technically focused and committed to pragmatic, how-to content, Gartner Catalyst Conference is designed to leave you with a blueprint for project planning and execution. 

Where? Manchester Grand Hyatt San Diego, One Market Place, San Diego, CA, 92101

When?  August 10 – 13, 2015

Who is organizing? Gartner Events

How to?  Register HERE!


Sheraton SeattleWhat? LINUXCON North America, Seattle WA

Why Attend?  LinuxCon + CloudOpen + ContainerCon North America: There’s simply no other event in North America where developers, sys admins, architects and all levels of technical talent gather together under one roof for education, collaboration and problem solving to further the Linux platform…

Where?  Sheraton Seattle, Seattle, WA

When? August 17 – 19, 2015

Who is organizing? LINUX Foundation

How to? Register HERE!



TaipeiWhat? CSA Taiwan Congress 2015

Why Attend? In the era of cloud computing, information security issues have become global in nature and are no longer confined to geographical boundaries. The CSA Taiwan Congress 2015 will be held in conjunction with the The Honeynet Project Taiwan Conference 2015. The event will aim to keep attendees up-to-date with the global trends of information security research, covering topics like large-scale network attacks that have garnered much media attention in
recent years.

Where? Taipei, Taiwan

When? August 18 – 20, 2015

Who is organizing? Cloud Security Alliance

How to?  Registration Not Announced Yet



moscone SFWhat? VMworld 2015, San Francisco, CA

Why Attend?  VMworld 2015 US brings together thought leaders, subject matter experts, and IT professionals to immerse themselves in the latest in virtualization and cloud technology. Realize value in our leading products, interactive sessions and networking opportunities with our partner ecosystem, all under one roof. IT is in the midst of a dramatic shift to the mobile-cloud era, one in which IT services can be consumed on-demand across the enterprise and in hybrid and public clouds.

Where?  Moscone Center, San Francisco, CA

When? August 30 – September 3, 2015

Who is organizing? VMware

How to? Register HERE!




În multe cazuri companiile preferă o rezolvare tipic românească…

Continând seria de studii cu impact major pentru surprinderea realităților pieței IT din România, CIO Council România a realizat în anul 2014 o amplă analiză a popularității de care se bucură în țara noastră conceptul ”Buy Your Own Device” (BYOD).  

Studiul ”BYOD 2014” și-a propus realizarea unei radiografii a gradului de adoptare a unor politici coerente de mobilitate în companiile mari și foarte mari din România, în condițiile în care conceptul de mobilitate enterprise și modelul BYOD se bucură de o popularitate tot mai mare. La acest studiu au participat 112 companii mari și foarte mari, dintre care 50% au o cifră de afaceri de peste 100 milioane Euro, iar 66% au peste 500 de angajați.

Avantajele aplicării celor două concepte sunt evidente. În cazul mobilităţii este vorba, în principal, de adaptarea la un fenomen tot mai extins, anume acela al transformărilor care au loc la nivelul capitalului uman dintr-o companie, unde angajații se deplasează tot mai mult către locurile unde au loc efectiv procesele esenţiale de business. Modelul BYOD se referă în primul rând la reducerea costurilor operaţionale ale companiilor şi creşterea productivității angajaţilor, prin acceptarea utilizării de dispozitive mobile personale, cu care angajaţii sunt mult mai familiarizaţi și deci mai eficienți. Iată câteva dintre cele mai interesante concluzii ale studiului, însoțite de comentariile CIO Council.

Capture BYOD 1Despre politicile de mobilitate – Conform rezultatelor studiului CIO Council mobilitatea se face „de la caz la caz”.  60% dintre companii consideră că mobilitatea trebuie abordată indvidualizat. Chiar și în cazul în care există anumite politici, acestea nu sunt considerate potrivite, în multe cazuri existând o acceptare tacită. Neexistența sau nerespectarea unor politici coerente măresc nivelul de expunere a companiilor la riscuri majore de securitate.

  • 50% dintre companii consideră că implementarea mobilitatii este justificata economic
  • 60% dintre companii abordează mobilitatea ad-hoc, fară o strategie, un plan sau politici clare
  • În 20% dintre companii nu se respectă politicile în vigoare, existând o acceptare tacită a dispozitivelor personale

Capture BYOD 2Despre existența unei politici BYOD – cu toate acestea, studiul relevă că 38% dintre companiile chestionate au o politică de BYOD, 27% au în vedere o implementare în următorul an, iar 36% nu au niciun plan. Dintre cei ce declară că au o politica BYOD, doar 12% considera că BYOD este abordarea potrivită pentru mobilitate. Peste 25% dintre companii consideră că politica BYOD existentă nu este potrivită pentru ele și cred într-o abordare individualizată.


Capture BYOD 3Cine crează și aplică o politică BYOD – Majoritatea respondenților consideră că la crearea unei politici BYOD ar trebui implicate patru departamente dintr-o companie: IT, Security/Audit, HR și Legal. Tot marea majoritate sunt de părerere că procesul de creare (și aplicare) a politicii BYOD trebuie coordonat de departamentul IT. Fiind vorba de un subiect foarte delicat și care are implicații semnificative asupra motivației și productivității angajatilor, precum și implicații juridice legate de datele personale al angajatului, era de așteptat ca un numar mai mare de repondenți sa fi considerat că politica trebuie creată sub conducerea departamentului de Resurse Umane sau a celui Legal.

Capture BYOD 4Argumente Pro în adoptarea unei politici BYOD – destul de interesant că la această întrebare cele mai frecvente 3 motive se referă la costuri, motivația angajatului și productivitate, în timp ce mobilitatea și flexibilitatea apar doar pe pozițiile următoare. Menționarea Costului ca principal motiv pentru utilizarea BYOD poate fi interpretată ca un semnal al lipsei unei analize riguroase a proiectului. În general, economiile realizate la achizitia echipamentelor sunt depașite de investițiile realizate pentru asigurarea securității și managementului unui parc mult mai divers de echipamente.

Argumente Contra la adoptarea unei politici BYOD –Analizând motiveler care pledează pentru ne-realizarea unei politici BYOD, marea majoritate a respondenților au indicat Securitatea ca principal argument. Un răspuns destul de controversat ținând cont de faptul că în ultima perioadă soluțiile de management al echipamentelor mobile s-au dezvoltat semnificativ, iar în lipsa unei politici BYOD, oamenii tot ar continua sa folosească dispozitivele personale… Majoritatea respondenților nu cred că soluțiile de management existente pot asigura securitatea într-un proiect BYOD. Asigurarea suportului pentru un parc divers de echipamente, creșterea complexității mediului IT și costurile legate de un astfel de proiect sunt următoarele argumente identificate de respondenții studiuli CIO Council.

Capture BYOD 5Echipamente mobile agreate sau interzise – între regulamente și toleranță tacită…

Laptopuri – Deși 61% dintre companii nu permit utilizarea laptotpului personal în inters de serviciu, 18% nu acceptă conectarea la sistemele de companie, 16% permit conectarea doar în zona de protecție cu firewall, iar 5% nu vad nimic rău în asta…

Tablete – Aici lucrurile sunt mai relaxate, doar 38% dintre companiile respondente interzicând utilizarea tabletelor personale în scop de afaceri, în timp ce 27% permit folosirea dar în afara rețelelor corporate, 18% permit numai în zona securizată a rețelei, iar 18% nu au o politică de respingere.

Telefoane inteligente – O partiție foarte puțin diferită față de precedenta, cu 27% dintre companii care interzic utilizarea telefoanelor personale, 38% care permit acest lucru dar fără acces la aplicațiile și datele companiei, 14% permit utilizarea doar în zonele de rețea securizată, iar 21% nu au nici-o restricție privind folosirea de smartphone…

Concluziile echipei CIO Council care a participat la realizarea acestui sudiu sunt destul de obiective. Cercetările cantitative şi calitative bazate pe interviurile cu directori IT din companii mari și foarte mari, arată că mobilitatea şi BYOD reprezintă concepte cunoscute şi de multe ori deja aplicate, cu particularizări legate de specificul de activitate al fiecărei organizații. În ciuda acestei popularități, rezultatele studiului ”BYOD 2014” arată că respectivele concepte sunt încă la început de drum în România, rata de adopţie fiind  destul de puțin semnificativă, iar politicile şi procedurile aferente acestei adopţii nu sunt clar definite pe o scară largă. Interesant dar deloc surprinzător este faptul că în multe cazuri companiile preferă o rezolvare tipic românească a unor probleme care ţin de evitarea riscurilor asociate adoptării acestor concepte.

”Este utilizat BYOD în România?” – Material publicat sub coordonarea CIO Council Romania în Catalogul Cloud Computing Romania, ediția a 3-a, Mobile Cloud Computing, editat de Agora Group și cloud☁mania, Martie 2015.

Grafice: CIO Council Romania



Smart Phone sau Tablet? De ce nu Phablet?

Vorbind despre mobilitatea de nivel enterprise, se știe prea bine că numărul de vânzări pentru telefoanele inteligente și tableturi este în continuă creștere. Potrivit IDC, peste 86% dintre managerii IT își doresc în această perioadă să doteze cât mai mulți angajați cu terminale portabile, în timp ce 77% vor să promoveze cu precădere distribuția de tablete.

Ceea ce este interesant la conceptul BYOD (Bring Your Own Device) devenit destul de popular în ultimii ani, este o migrare ușoară a preferințelor către noul model CYOD (Choose Your Own Device). Ce înseamnă asta pentru dezvoltarea mobilității în mediile enterprise?
Technology in the handsUn model de infrastructură mobilă de tip CYOD se bazează pe simpla alegere a celui mai potrivit echipament dintr-o listă deja aprobată de structurile tehnice ale companiei, iar aceasta va plăti pentru achiziție. In felul acesta, deși riscurile legate de utilizarea unor echipamente incompatibile cu standardele tehnice ale organizației vor fi din start diminuate, pericolele nu sunt eliminate în totalitate. Amenințările cu malware rămân aceleași, chiar dacă acum descărcarea aplicațiilor poate fi blocată din sistem. Cea mai bună metodă este educarea adecvată a utilizatorilor pentru a folosi echipamentele companiei doar în scopurile de business.

În fond, care e diferența între un laptop conectat la rețea și un echipament mobil care accesează un hot-spot wireless de companie? Căci tot mai multe companii folosesc rețele WiFi interne pentru propriile phableturi (telefoane cu ecran ai mare și funcții da tablet) sau laptopuri hibrid de corporație, puse la îndemâna angajaților (laptopuri cu ecran de tip touch screen sau cu ecran detașabil, ce se transformă în tablet). Pentru utilizatori este o comoditate, dar pentru echipele de IT poate fi o corvoadă suplimentară, datorită noilor provocări legate de pericolele de pierdere a datelor sau alte amenințări de securitate.

Din această perspectivă, deosebirile între BYOD și CYOD devin neesențiale, diferența fiind făcută de existența politicilor de securitate și de modul în care acestea sunt respectate. Valențele de ubicuitate ale Cloudului, reflectate aici de abilitatea de a partaja sau a stoca cu aceeași ușurință datele, atât la nivel personal, cât și la nivel de organizație, sunt mai importante decât modul în care se alege un echipament – în funcție de criteriile personale sau cele de corporație. De multe ori un sistem BYOD bine ținut sub control poate fi mai performant decât unul CYOD, unde nu există politici coerente de securitate sau acestea nu se respectă… Comparația dintre BYOD și CYOD trebuie să includă ce politici de securitate și partajare a datelor se recomandă utilizatorilor mobili și cum pot fi acestea aplicate pentru diminuarea amenințărilor interne și externe.

Articol publicat in Catalogul Cloud Computing Romania, editia a 3-a, Mobile Cloud Computing

Image Source:



”Shadow IT” este deja un termen destul de popular în comunitatea specialiștilor din departamentele IT și se referă în mod generic la totalitatea echipamentelor hardware și a aplicațiilor software care sunt folosite într-o organizație, dar care nu sunt administrate de echipa tehnică. Termenul are o conotație negativă deoarece definește un potențial de pericole care ”pândesc din umbră” și care nu se știe când și de unde vor apărea.

shadow ITOdată cu procesul de consumerizare a tehnologiei de calcul și cu popularitatea tot mai amplă a platformelor Cloud Computing și a sistemelor BYOD, a crescut în mod corespunzător și potențialul de risc asociat rețelelor, echipamentelor și aplicațiilor mobile utilizate de angajații unei companii și care nu sunt supuse rigorilor și politicilor de securitate elaborate și gestionate de departamentele IT.

Pe lângă riscurile interne inerente într-o organizație, dar care pot fi ținute sub control printr-o riguroasă politică de securitate, riscurile asociate Shadow IT prin introducerea în sistem a echipamentelor mobile personale și accesarea de aplicații mobile sau SaaS neautorizate ridică cele mai mari bătăi de cap directorilor IT, care și așa resimt o diminuare a prerogativelor tehnice prin migrarea treptată spre modele Cloud.

Pe lângă riscurile legate de imposibilitatea aplicării unor politici unice de securitate și confidențialitate, cele mai mari impedimente care pot apărea ”din umbra” sunt legate de afectarea traficului de rețea sau generarea unor posibile conflicte de protocol la accesarea aplicațiilor. Haideți să ne gândim doar câți dintre angajați apelează la aplicații publice precum DropBox pentru stocarea sau partajarea datelor organizației…, dar și câte departamente IT oferă soluții corporate pentru rezolvarea acestor necesități.

Cum poate o organizație să adopte un plan rapid de diminuare a riscurilor asociate unui control parțial al infrastructurii mobile folosite de angajați? Forrester clasifică utilizatorii mobili în profesioniști mobili și practicanți mobili, fiecare dintre aceștia având propriile cerințe de mobilitate.

Profesioniștii mobili – sunt de regulă persoanele cu rol executiv, manageri, directori de dezvoltare, de vânzări, de marketing sau IT care deși își depășesc de multe ori orele de program de la birou, mai își iau de lucru și acasă sau în timpul unor deplasări. Ei accesează frecvent de pe telefon sau tablet situații financiare, baze de date, aplicații CRM pentru a rămâne productivi și eficienți și a colabora cu celelalte entități ale organizației și când nu sunt la sediu.

Practicanții mobili – sunt toți ceilalți angajați, care din diferite motive de business sau personale accesează datele companiei prin intermediul unor aplicații mobile, de cele mai multe ori neautorizate sau de propriile echipamente.

O procedură simplă și eficientă de estompare a acestor riscuri este bazată pe următorii pași:

  • Identificarea aplicațiilor mobile folosite de cele două categorii de utilizatori – se recomandă o prioritizare a acestor aplicații în funcție de criteriile obiective ale departamentelor IT și concentrarea pe acele aplicații care oferă o returnare maximă a investiției într-un timp destul de scurt.
  • Elaborarea unei strategii proprii în funcție de prioritățile stabilite inițial – esențială este identificarea sursei de procurare/ instalare a acestor aplicații, cele mai multe dintre acestea fiind proprietatea unor terțe părți care sunt partenere cu producătorii de mobile.

Continutul acestui articol este publicat si in Catalogul Cloud Computing – ed. a III-a, Mobile Cloud Computing

Photo Source: cloud☁mania

CLOUD EVENTS OF THE WORLD – 2015, 1st Half, March Edition

What? When? Where? Who? How To? Don’t miss your most interesting event of 1st Half of the year… March update.

Here is a selection of 16 Events from 11 Cities, and 10 Countries, from 3 Continents

It is my selection, so could be subjective… If you think there are other significant events which could be included in this selection, just send me coordinates. I will try to update the Events Agenda at least one time per month.

MARCH 2015

LjubljanaWhat: CSA CEE Summit 2015

Where: Grand Hotel Union Business Ljubljana, Slovenia

When: March 11, 2015

Who is organizing: Cloud Security Alliance



What: CLOUD Expo EuropeLondon 1

Where: ExCeL London, UK

When: March 11-12, 2015

Who is organizing: CloserStill Media



BucharestWhat: OS110: OpenStack Bootcamp I with Certification Exam

Where: Bulevardul Dacia nr. 99, Sector 2, Bucharest Romania

When: March 24-27, 2015

Who is organizing: Mirantis


APRIL 2015

Bucuresti 2What: IDC IT Security Roadshow 2015

Where: OJW Marriott Grand Hotel, Bucharest, Romania

When: April 2, 2015

Who is organizing: IDC CEMA



JahorWhat: Data Cloud South–East Asia

Where: Traders Hotel, Puteri Harbour, Jahor, Malaysia

When: April 8 – 9, 2015

Who is organizing: Broad Group




What: RSA ConferenceSF Moscone

Where: Moscone Center, San Francisco, California

When: April 20-24, 2015

Who is organizing: RSA Conference




ViennaWhat: IDC CIO Summit 2015

Where: Park Royal Palace Hotel Vienna, Austria

When: April 23-24, 2015

Who is organizing: IDC CEMA




What: INTEROP LAS VEGASLas Vegas Mandalay

Where: Mandalay Bay Convention Center, Las Vegas, Nevada

When: April 27 – May 01, 2015

Who is organizing: INTEROP




London 3What: TELCO CLOUD Forum 2015

Where: Radisson Blue Portman, London, UK

When: April 28 – 29, 2015

Who is organizing: INFORMA Telecoms & Media




MAY 2015

What: European Identity & Cloud Conference 2015Munich

Where: Dolce BallhousForum, Munich, Germany

When: May 5 – 8, 2015

Who is organizing: ID Conferences





SF Golden Gate

What: INTERNET of THINGS World 2015

Where: Moscone Center, San Francisco, California

When: May 12 -13, 2015

Who is organizing: INFORMA Telecoms & Media




What: OpenStack SummitVancouver

Where: Vancouver Convention Center, Vancouver, Canada

When: May 18 -22, 2015

Who is organizing: OpenStack



JUNE 2015


MonacoWhat: DATA Cloud 2015 Global Congress & Exhibition

Where: The Grimaldi Forum, Monaco

When: June 3 – 4, 2015

Who is organizing: Broad Group





Where: Makuhari Messe, Chiba, Japan

When: June 10-12, 2015

Who is organizing: INTEROP





Where: ExCeL London, UK

When: June 16-18, 2015

Who is organizing: INTEROP




What: Cloud World ForumLondon 2

Where: Olympia Grand, London, UK

When: June 24 – 25, 2015

Who is organizing: INFORMA Telecoms & Media





Website Security for Dummies, Symantec.

Here is cloud☁mania’s February selection in Book of the Month category. Edited by Symantec “Website Security for Dummies” is reference books for all interested in better knowledge of Website Security issues.

Conceived in easy to understand “For Dummies” style, the Book is an elementary and essentially guide for how to keep under control online threats, being addressed to persons generally responsible for a business website, but without IT specializations, like Marketing Managers or SMB/ start-up companies CEO.

Name of the Book: “Website Security for Dummies” Symantec Website Security Solution Special Edition

Publisher: John Wiley & Sons, 2015

Website Security for DummiesShort description: Website Security for Dummies structure is covering a wide range of specific topics, from business dimension of online security, to how to make a case to your boss, all about SSL certificates, and best practices elements in maintaining a secure and trusted Website

Between most answered questions related to Website Security are:

  • How does SSL work?
  • What makes EV SSL worth it?
  • Why use the Always on SSL approach?
  • What are the most common threats?

 More info and How to download 

Image source: Security World





Last December CIO published “10 Cloud Computing Predictions for 2014”, a very interesting estimation about cloud computing market and technologies development in 2014, with a special focus on application development made by Mr Bernard Golden, senior director Cloud Computing Enterprise Solutions group at Dell. 2014 predictions

Considering the high acceleration development of cloud computing could become a rule, not an exception, 2014 will be in the author vision “an interesting and disruptive year for vendors, service providers and IT organizations”.

Cloud evolution is ready to become history. Beginning as a controversial and unproven concept five years ago, cloud computing has all the chances to become a “default IT platform in the near future” and today’s arguments against cloud are limited.

Interesting is author view about the real security concerning sources: “The alarm raised about cloud security was just air cover for IT personnel who didn’t want to change their established practices. Furthermore, the concern about security would disappear not because cloud providers suddenly “proved” they were secure enough but because recalcitrant IT personnel read the writing on the wall and realized they had to embrace cloud computing or face the prospect of a far larger change — unemployment”. And many peoples are thinking the same…

The main cloud computing trends in 2014 are viewed from double perspective: one from end-users side, and second from vendor/cloud provider. In respect for the author opinions, I will show in this post only the predictions titles, recommending to you to read the original article in

Here are top 5 (end-users) + 5 (vendors/ providers) predictions according Mr. Bernard Golden vision:

  1. More Businesses Will Become Software Companies
  2. Application Developers Will Become More Important
  3. Application Workload Placement Decisions Will Continue to Shift to End Users
  4. Private Cloud Will Have Its Moment of Truth
  5. Cloud Brokerage Will Come Into Focus
  6. AWS Will Continues Its Torrid Pace of Innovation
  7. Google, Microsoft Will Get Serious About the Cloud
  8. The Importance of Ecosystem Will Become Clear
  9. VMware Will Realizes vCHS Is Critical to Its Future
  10. A Pricing Bloodbath Is Coming to the Public Cloud

Concluding, Mr Golden is considering: “what has happened in the industry to this point has been the prologue for the main cloud computing story. Next year represents the beginning of the main story. In 2014, we’ll see cloud computing become the dominant platform for IT from now on.”

How clear these predictions are? What are the chances to become reality? We will be able to analyse this in December 2014 only…

Photo Source: Interworks Cloud    
%d bloggers like this: