James Turner

James Turner

James Turner is an IBRS emeritus Advisor who specialised in cyber security and risk and facilitates the CIO Cyber and Risk Network on behalf of IBRS. James has over a decade of experience as an industry analyst and advisor; researching the cyber security industry in Australia. As an IBRS Advisor, James authored over 100 IBRS Advisory papers, led dozens of executive roundtables, and presented at numerous conferences. 

Read latest work...

Connect with James

Have a specific question James Turner?

Email

Conclusion: IT managers starting to investigate either WAN optimisation or web application acceleration technologies need to be clear on several factors before making a purchase. The first and most important factor is the technical architecture their organisation currently has. The correct choice of technology will depend on: where the data is, where the users are, what applications the users need, how mobile they are, and whether the organisation is moving towards web applications.


Read more


Conclusion: A less frequently considered aspect of protecting an organisation’s information assets is the preparation required for the immediate aftermath of a successful attack. This is the crossover point between incident response and crisis management. The prudent organisation with valuable information assets has already planned what steps will be taken in the event of a successful attack. Most of these decisions must be made by senior executives from business units other than IT, and they must be made well in advance of the attack occurring. IT will merely be executing their instructions because decisions concerning the information assets are not IT’s to make.


Read more


Conclusion: The recent attack on Google’s infrastructure (and resulting announcement by Google of the attack) has a number of important lessons for organisations which are also attacked by well-resourced hackers. These lessons are important and may not be immediately palatable to many, who would prefer to hush up an attack.


Read more


Conclusion: The introduction of a Data Loss Prevention technology into an organisation will have a significant impact on organisational culture. An important aspect of the cultural impact is that a DLP product, if deployed in active blocking mode, could prevent senior people from doing their job as they (legitimately) share sensitive information with trusted partners such as accounting and legal firms. People in senior positions must be trusted to act as they deem best for the organisation, but this trust must be verified.


Read more


Conclusion: Some organisations are deploying DLP, but the ones reporting successful deployments are the organisations that are able to invest more resources in both deployment and long-term support. Given the considerable overhead on staff, and the challenges of dealing with the deluge of alerts, organisations considering a DLP investment should first deploy endpoint encryption.


Read more


Conclusion: IT security managers in larger organisations in Australia and New Zealand are approaching cloud computing very cautiously. The leading concern is the geophysical location of data and the risk this introduces to organisations – primarily from the possibility of a data loss resulting in reputational damage. This means that organisations will have carry less risk if they retain data in a jurisdictional cloud.


Read more


Conclusion: While some organisations with distributed sites are benefiting from WAN optimisation, there are variables which will have a direct impact on the viability of a deployment. These variables can be sorted into three categories: cost, environment and desired outcomes. The most important is the last – desired outcomes. Many WAN optimisers have been deployed to remove branch office servers, only for IT departments to discover that application latency was causing more of a headache for users.


Read more


Related Articles:

"WAN Optimisation - Latency will tear us apart" IBRS, 2009-06-29 00:00:00

For the last few years IT has been slowly catching up with the messages of environmentalists such as David Suzuki, David Attenborough, and Tim Flannery (tree-huggers, all of them!). IT has come to the rude awakening that “oh wow, servers run on electricity! And you’re telling me that electricity is made with fossil fuels? And that means that my awesome clustered Exchange server is helping kill the Ozone layer, the whales, and future generations of Icelanders? Shocking! (Pun intended)”


Read more


Conclusion: The largest cost for a data centre migration is typically the cost of new hardware deployed to mitigate the risk of hardware failure during the migration. Organisations should look seriously at using a physical to virtual (P2V) process as the basis of their migration strategy to lower hardware costs, lower power consumption, and avoid the risk of hardware failure during the migration. There is also the compelling benefit that the worst case scenario, for any failure mid-project, is a rollback to the status quo.


Read more


Conclusion:Increasing server power density means that the cost of power will become a critical driving force in the data centre market. Data centre operators are now talking about adding costs for power consumption to older metrics based on the number of racks or square metres. These new pricing formulas will favour organisations running virtualised environments. Consequently, many hosted organisations will perform physical to virtual migrations over the next 12 months to reduce both their power consumption and physical space costs.


Read more


Conclusion:The various techniques of WAN optimisation technology will eventually become a standard component of networks, but this does not negate the need for better application design. Currently, WAN optimisation technology provides the potential of a network band-aid until applications are consistently designed for truly mobile users.


Read more


Related Articles:

"WAN optimisation, Part 2 - Your mileage may vary" IBRS, 2009-09-28 00:00:00

Conclusion: Given that the deadline for Payment Card Industry Data Security Standard (PCI DSS) compliance has passed, and that most cardholder data in Australia/New Zealand is extracted via SQL injection attacks, local organisations should ensure that their website security gets priority attention. This is a classic instance of where a moderate degree of effort will result in an important reduction in an organisation’s risk profile.


Read more


Conclusion: Microsoft’s Forefront Client Security will need to achieve a “better than” market perception before security professionals will consider it to be a reasonable and acceptable enterprise response; and this relates to both its anti-malware effectiveness, as well as its ability to be managed and automated in a heterogeneous environment. Obviously, security is a sensitive subject for Microsoft, so its efforts in achieving a “better than” market perception will be considerable, but it will also take the healing passage of time.


Read more


Conclusion: Now, there is renewed pressure on new IT projects to prove their value. For IT security projects, managers may feel that they need to make excessively complicated calculations in order to prove a return on investment (ROI) and thereby justify the project, but this is an unnecessary complication. Rubbery figures will melt under close scrutiny – potentially sinking the project.

A security business case needs to communicate the fact that organisations must also spend money to stop losing money. Security projects are undertaken for loss prevention. Like all projects with soft benefits, an IT security project should be shown to be in alignment with, and supporting of, organisational values: specifically risk appetite. More mature organisations will have less of an appetite, particularly in challenging times.


Read more