Thursday, December 17, 2009

Enterprise Architecture Key to Avoiding Cloud Computing Cloud Sprawl – AFCEA Federal Cloud Computing Environment Forum

Attendance at today's Armed Forces Communications and Electronics Association (AFCEA) Bethesda Chapter Breakfast Series entitled "Federal Cloud Computing Environments – Modernizing IT Systems" was very heavy, as viewed from the Blackstone Technology Group sponsored table. The panel discussion and DC Federal IT community networking conversation revolved around the push to promote and adopt cloud computing as part of the Obama administration’s effort to modernize the government’s information technology systems, and to help reduce the $75 billion annual budget for Federal IT in the process.

The event panelists held an informative and rigorous discussion about how cloud computing is enabling IT professionals (government and industry) to rethink the packaging, delivery and operation of government services, and is changing the landscape of government IT infrastructure management and streamlining system, network and storage management. Panelists included Casey Coleman (Moderator - Chief Information Officer, General Services Administration), Chris Kemp (CIO, NASA Ames Research Center), Alfred Rivera (Director - Computing Services Directorate, Defense Information Systems Agency or DISA), Keith Trippie (Executive Director - Enterprise System Development Office (ESDO), Office of the CIO, Department of Homeland Security), and Peter Tseronis (Associate CIO, Department of Energy).

Quite a bit of conversation centered on the precept that Enterprise Architecture is absolutely critical for Cloud Computing success. EA helps translate OMB’s IT Investment guidance and Component mission business models into an operational language that more effectively guides IT retooling to support cloud computing concepts such as self-provisioning, software-as-a-service (SaaS), and shared SOA services. Whether a Cloud Computing program and infrastructure is implemented to provision infrastructure for laboratory scientists (e.g. NASA’s Nebula Program), or for enabling rapid self-provisioning of elastic, scalable, and virtual services to front-line Warfighters (e.g. DISA’s Rapid Access Computing Environment, or “RACE” Program); the business and socialization challenges are similar.

According to the panelists, many Federal programs aren’t yet able to operationalize their Enterprise Architecture, by executing coordinated, efficient IT procurements informed by an enterprise-wide, standards-based, comprehensive and easily understood business case. “This is Enterprise Architecture’s time”…and EA is key to avoiding cloud proliferation, sprawl or otherwise redundant IT governance and investments (and finding ways to leverage existing, underutilized infrastructure investments as GFE in new cloud-computing acquisition strategies).

While most discussion centered on the “brutal standardization” required for cloud-based IT Infrastructure Management and Services, additional conversation developed concerning more customer-centric and application-oriented objectives, i.e. "Software as a Service" or SaaS. In particular, the DHS ESDO is embarking on a major initiative to fulfill DHS objectives for delivering customer-centric applications and information services on demand, governed by the Department's rapidly evolving Services-Oriented Architecture (SOA) Enterprise Architecture and Homeland Security Information-Sharing initiatives (Federal EA SOA ESB governance initiatives that Blackstone Technology Group is helping to drive across the Department.)

Conversation also addressed issues relating to Security Certification & Accreditation (C&A) challenges – particularly the rapidly-growing tension between “consumerism of IT” (i.e. user expectations that government services offer commercial features and public data) and information or application sensitivity. Currently mandated security processes and controls aren’t necessarily compatible with the “elastic” properties of cloud implementation, i.e. the on-demand utilization or release of IT resources through dynamic infrastructure configuration. Also, perceived risks far more often stand in the way of cloud-computing security policies, vs. actual risks – this therefore requires much more effort on the part of “translators” bridging the gap between business and technology, i.e. the Enterprise Architects.

Tuesday, December 15, 2009

DC and Northern Virginia Internet Marketing and New Media Workshop Announced by KME

Important DC and Northern Virginia Regional Business and Marketing Networking Announcement:
by KME Internet Marketing

Learn Integrated Online Marketing/Advertising, Branding, Web Design, SEO, Social Media, Analytics and Internet Video - in Northern Virginia, DC metro area.

As 2009 draws to a close, it’s become very apparent that 2010 will continue to be an extremely challenging year for businesses seeking new customers, and new ways to market and advertise their brand and services. As well, the ability of Northern Virginia and DC-area professionals to effectively learn and leverage new Online Marketing and Internet New Media/Web 2.0 skills is hampered by the current lack of expert yet cost-effective, local and hands-on Internet Marketing/SEO training. Add to this the dizzying proliferation of Social Media publishing and analytic tools, the rapid change in the search engine technologies and video media industries, and the quickly-growing competition for eyeballs and click-throughs from the web – it’s about time for some local solutions.

Local Internet Marketing and Media Workshops

KME Internet Marketing (KME) in the DC metro area is holding the first of an upcoming series of professional Internet Marketing and Media Workshops on January 29th, 2010 – from 9AM to 2PM, at Trivision Studios in Chantilly, VA.

KME Internet Marketing is the region’s industry leader in providing cost-effective yet engineering-grade solutions for online marketing, social media optimization and analytics-driven Internet marketing management. Trivision Studios is a full service global creative design, branding and media production group, operating a 12,000 square foot, state-of-the-art studio facility complete with staging, lights, cameras, two-story loading dock, meeting space, media room, and omnimedia edit suites.

Melanie AlnwickOur special guest Workshop lead is Melanie Alnwick, an instantly-recognizable local DC TV anchor, reporter and journalist. Melanie will be providing significant insider-knowledge and guidance regarding attracting broadcast media attention to your business and story, preparing for interviews, producing and submitting highly-effective video for broadcast or online business purposes.

What You Get

This packed 5 hour hands-on Internet Marketing and Media workshop will deliver a package of information and guidance you can immediately use, including:

  • Online Branding and Creative Design
  • Search Engine Optimization (SEO) and Website Reporting (Google Analytics)
  • Digital Asset Management, Optimization and Distribution (RSS) – for Advertising and Marketing
  • Pay-per-Click (PPC) Search Engine Marketing (SEM) – Local and Regional
  • Social Media Optimization and Reputation Management – Twitter, Facebook, LinkedIn, YouTube
  • Online Web Video Production and Optimization
  • Harnessing and attracting Broadcast Media Exposure

There simply doesn’t exist a more comprehensive, experts-led, cost effective or personally-tailored workshop event in this area for business owners, marketing and communications managers, journalists, new SEO/SEM professionals or other technology and new media practitioners. Don’t bother with online, out of state webinars or academies, online or offline degrees costing thousands of dollars from questionable sources, community-center seminars by industry amateurs, or other less-than-professional sources for a rapid, intense and ultimately valuable infusion of truly local Internet Marketing and New Media knowledge.

  • Where should I post my advertisements online?
  • What are the short and long term priorities for better search result rankings, for my website?
  • What are the keys to successful PPC investments?
  • Is my marketing budget being spent wisely, integrated and balanced across relevant channels?
  • How can I make sure my brand supports my marketing goals?
  • How do I use reports and analytics to support my marketing objectives?
  • How much time should I spend on Social Media, and why? Can or should I do this myself?
  • Can my web designer deliver SEO services?
  • What should I do to get free, effective exposure for my business in the press or news?
  • What should be in my marketing videos?

We’ll explore these questions and collaborate in the workshop sessions to arrive at the best answers for you and your business in the Northern Virginia, DC or Suburban Maryland region. You’ll get some immediate answers, some strategies to follow and resources to help.

Who Will Benefit the Most?

  • Local and regional business owners whose websites haven't demonstrated success in drawing highly targeted traffic for more sales
  • Affiliate marketers who want to increase conversion rates by getting their product pages to come up higher in search results
  • Webmasters, graphic designers or photo/video experts who want to offer their employer or clients more comprehensive services – not just website building, creative design or basic media products
  • Bloggers, writers and journalists who need their content distributed and ranked high in search engine results
  • Anyone who wants to make a career change – to work in-house as an SEO/SEM specialist or begin SEO consulting by learning the latest SEO techniques
  • Marketers, Advertisers, Communications and PR professionals in a highly competitive industry who are under pressure to increase their brand’s visibility to reach the correct audience, while keeping costs under control

Take charge of your business marketing and advertising budget, get involved in the Web 2.0/Social Media evolution, promote and protect your brand on the Internet!

For more information about the KME Internet Marketing and Media workshop, including upcoming dates, times, location and registration, visit KME Internet Marketing – SEO Training and Education.

Thursday, December 10, 2009

Data.gov CONOPS released - Public Input and Public Social Media-driven Information Sharing Welcome!

Data.gov is a fairly recent Federal initiative with respect to data and information sharing and transparency; i.e. encouraging and facilitating the exposure (by all Government agencies) of verifiable, raw government data/geodata and data tools/visualization techniques to the public. Data can be accessed and downloaded in many formats, for any purpose - including datasets in XML, CSV, Text, KML, KMZ, or ESRI Shapefile formats.

Recently the Data.gov CONOPS was released by the Federal CIO Council, together with OMB, along with a very interesting method and means to encourage public dialogue and input. To help stakeholders "join the dialogue", per se, the "http://www.datagov.ideascale.com" site was developed - essentially a blog with social media hooks (i.e. facebook, twitter, RSS).

I went ahead and submitted an idea recently (to be moderated); as follows - be sure to review and submit your own, and/or comment on mine!

"The Data.gov CONOPS provides a great deal of information regarding the governance and advisory support made available by “POCs” and “Data Stewards” and other roles engaged in populating and supporting data on the site. The CONOPS also describes how Personally-Identifiable Information (PII) is protected, both for submitters and those engaged in the governance process. As well, some existing community forums are referenced as other places to find answers, along with various other “communities” that evolve around dataset contexts.

What would be very useful, however, (and that doesn’t seem yet to be addressed) would be a means whereby direct dialogue could be established between the public and actual SMEs or communities of SMEs, associated with particular datasets. Obviously, protection of privacy and security concerns are to be considered, as are policies including those protecting the government and its citizens against undue influence during procurement processes. However, a method whereby authorized, verifiable government SMEs voluntarily participate, in a moderated, monitored and metered basis, in public dialogue…either scheduled, or on request.

For example, a search on a subject yields several dataset options; yet it would be very worthwhile to have a quick, efficient and timely chat with someone intimately familiar with the information to assist in further research or utilization of the data. Likewise, instead of searching by subject or organization taxonomies, a search by expertise may yield a contact (or perhaps an anonymized background/description of expertise) and appropriate contact method for online, publically-exposed dialogue (one-time, or ongoing). In fact, a search for “expert”, “expertise”, “email” or “contacts” on the current data.gov yields no results at this time.

Many government employees (and perhaps authorized contractors) may in fact be happy to share wisdom and experience in a protected, equitable and productive manner – and perhaps some government roles would include this kind and style of participation as a basis of performance measurement (and as a basis of highlighting the great work of individuals)."

Sunday, December 6, 2009

Strong Identity Management and Two Factor Web Authentication in Healthcare

Here's a very good article concerning the various types of strong identity management, multifactor and two-factor authentication solutions that are necessary for healthcare system and process identity enforcement - recently written by John D. Halamka MD, a self-described Healthcare CIO.

Strong Identity Management

In this article, Dr. Halamka states that he's had a wide range of experience with many of these token-based and tokenless two-factor authentication methods, including security tokens, smart cards, biometrics, certificates, soft tokens, and cell phone-based approaches.

His summarized findings include:


Security Tokens
- many challenges and prohibitive expenses.
Smart cards - a good consideration, though requires installation of many readers.
Biometrics - great results, but still requires major technology upgrade for existing PC/LAN infrastructure (this is especially challenging in government and healthcare institutions with extremely diverse and aged personal computer and networking systems)
Certificates - "managing certificates for 20,000 users is painful".
Soft tokens - similar challenges for support, maintaining new software across all desktops.

The article focuses in on seemingly the most effective and efficient solution currently available:

Cell phone based approaches - popular, easy to support, and very low cost. Companies such as Anakam Inc. offer tools and technology to implement strong identify management in cell phones via text messaging, voice delivery of a PIN, or voice biometric verification. Per the Anakam website, their products achieve full compliance with NIST Level 3, are scalable to millions of users, cost less than hard tokens or smart codes, are installable in the enterprise without added client hardware/software, and are easy to use (all you have to do is answer a phone call or read a text message).

Probably the clearest two factor authentication choice to make is between token-based identity management solutions and tokenless authentication. Here's some reasons why token-based 2 factor authentication isn't necessarily as effective as tokenless user authentication (such as that provided by Anakam).

User authentication tokens and other similar devices do not effectively protect against emerging threats, such as man-in-the-middle attacks - since they don't utilize "out-of-band" authentication (i.e. a separate channel for the second factor of authentication). User adoption is a very large obstacle to token-based authentication; an extra device to carry that's vulnerable to many forms of damage and theft simply isn't acceptable. Additionally, significant overhead is required by IT department to provision, manage as an asset, and control the token devices, along with training users in proper use and protection.