James Turner

James Turner

James Turner is an IBRS emeritus Advisor who specialised in cyber security and risk and facilitates the CIO Cyber and Risk Network on behalf of IBRS. James has over a decade of experience as an industry analyst and advisor; researching the cyber security industry in Australia. As an IBRS Advisor, James authored over 100 IBRS Advisory papers, led dozens of executive roundtables, and presented at numerous conferences. 

Read latest work...

Connect with James

Have a specific question James Turner?

Email

Conclusion: It’s easy to become complacent about emergency procedures. But the importance of emergency procedures which support health and safety in the workplace cannot be overlooked just because they are time consuming and boring. Just as preventative security technologies are only as effective as the diligence that goes into their configuration and ongoing support, emergency procedures are only as effective as the diligence with which they are maintained, communicated, and practiced. When something goes wrong, you need to know that your staff have been given every resource to handle themselves and the situation.


Read more


Conclusion: For customers, there are many advantages, both tactical and strategic, to participating in vendor reference programs. However, IT executives should give thought to scenarios which involve their organisation being held up by a vendor as either innovative, or an early adopter. While the attention may appeal to the ego, there are risks of being out on the bleeding edge, or in being a minority adopter. Being held up as either innovative, or an early adopter, could indicate that your organisation is straying from the rest of the industry. A key concern for IT executives should be that this exclusiveness could equally herald a future shortage of skilled resources.


Read more


Conclusion: The market for third party mobile device management platforms is immature and there are differences in capability between products, but these middleware platforms are producing positive outcomes. While this market will commoditise quickly, the real risk for IT departments is that they design their applications and mobility strategy in such a way as to (yet again) lock themselves into a specific device/OS combination. The device shouldn’t matter.


Read more


Conclusion: Cisco and RIM will fail to dominate the corporate tablet computer market and will lose out to consumer technology from Apple and Android. Cisco is currently dabbling in this area, and RIM is slowly losing relevance in the enterprise.

There is a clear shift towards consumers using their own smartphones and tablet computers, and CIOs should start planning for how they will enable secure remote access to corporate data from any device, with any operating system. Buying into the dream of corporate issued mobile devices, built for the enterprise market, is buying a white elephant: expensive to maintain, supposedly prestigious, but ultimately useless.


Read more


Conclusion: The iPhone entered organisations like a bunker-buster, and has blown open the doors for diversity of devices and form-factors. Ultimately, most organisations will have devices that will be a blend of: a) a small set of corporate issued devices, and b) a larger set of personally owned devices. Consequently, any management of devices, and the data on them, must be independent of their various form factors, operating system, and capabilities (as per the PED trilemma). As a direct consequence, expect a long term shift away from trying to manage the device, towards a more focused effort to secure the data and authenticate the user.  


Read more


Conclusion: The demand from non-IT business units for cloud computing is symptomatic of their desire for better IT services and should be supported, if not driven, by IT. However, an engagement with a cloud vendor must be treated with the same level of risk assessment and diligence as any other outsourcing engagement. Organisations must ensure that corporate governance is not bypassed in a rush for the cloud.


Read more


A fascinating advantage of the public cloud is the extremely high availability of the data (at least in theory!). From any device, from any Internet connection, I can surf to a site, provide my credentials, and access data. We are so used to webmail that we can be nonchalant
about this, but it is quite extraordinary. The trouble is, if the data is highly accessible to you when you are on any device on any Internet connection, then it is accessible to other people from any device on any Internet connection.


Read more


Conclusion: Data centres which are less energy efficient will ultimately be more expensive to host in; because customers will end up paying for a data centre's excessive power consumption. CIOs should insist on knowing the Power Usage Efficiency (PUE) score of their data centre service provider, as this score will have a direct impact on pricing. Some data centres are very shy about their PUE, so any PUE claim should be independently verified.


Read more


Conclusion: Data Loss Prevention (DLP) technologies have matured over the last 12 months. They are more capable, but there is still a wide range of capabilities between the various products, and an even wider gap between the brochure and reality. Before proceeding with a proof of concept, IT must understand the very specific requirements that the business is expecting to achieve through a DLP deployment, and how willing the business is to pay for these. Failure to understand these requirements, and failure to get business stakeholder commitment, will result in project failure.


Read more


Conclusion: The transmission of pornography in email is a serious issue for all organisations which aim to comply with their own HR policies on providing a workplace free of sexual harassment. However, the technology currently available to support these policies, through filtering and classifying images, is far from perfect. CIOs and HR professionals must clearly understand that pornography in the workplace is better managed as a cultural issue, not a technology issue.


Read more


Conclusion: The increasing cost of energy is not being widely considered in IT departments, but ignoring this trend is a mistake. Not only is the electricity getting more expensive, but data centres are using more of it. CIOs must take immediate action to improve energy efficiency in the data centre and reduce total energy consumption, or they could face a doubling of electricity costs within five years.


Read more


Conclusion: Security professionals are valuable not only for what they know, but also for how they think. However, this style of thinking can often result in them being alienated for “being too negative”. An alienated security professional is a waste of resources, so CIOs should adopt DeBono’s Six Thinking Hats, a thinking exercise based on role-play, to ensure that they get the most value out of their security people.


Read more


Conclusion: Most of the pressure on IT departments to deploy or support iPhones is from organisational VIPs, and so IT departments should not resist a deployment, but they should delay. With a new iPhone operating system and a new generation of hardware just around the corner (as well as the recently released iPad) IT departments should assess third party mobile device management platforms to assist them in supporting and securing an iPhone/iPad deployment.


Read more


Conclusion:Organisations that that plan to deploy or extend their WAN Optimisation Clients (WOCs) should strongly consider virtual WOCs. Virtual WOCs will carry less financial commitment, and an organisation deploying virtual WOCs will not be encumbered after 2-3 years with outdated appliances which cannot be repurposed. The importance of not over-committing to WOC appliances will become increasingly important: as WOC capabilities get baked into application-specific integrated circuits (ASICs); and as organisations move towards web applications, which will require their own accelerators.


Read more