Johna Till Johnson's blog

By Johna Till Johnson
On Mar 24, 2015

Managing Distributed Risk: A Strategy for Minimizing Risk from Third-party Engagement

Tuesday, March 24, 2015

If you’re like most IT professionals, you’ve noticed that your roster of third-party providers continues to grow. Whether you’re using software as a service (SaaS) applications (as virtually every organization does), offshore developers, cloud services like infrastructure as a service (IaaS) or platform as a service (PaaS), or document share solutions, you probably have a surprising amount of sensitive data in the hands of third parties. And that injects distributed risk.

By Johna Till Johnson
On Jan 07, 2015

IBM Plunges Into Pervasive Protection

Wednesday, November 5, 2014

In November, IBM took a significant leap  into the area of pervasive protection with a portfolio of new offerings focusing on enhancing cloud security.  The company announced eleven new products and service enhancements in the areas of access management, data protection, visibility and analytics, and security operations, essentially extending premise-base security to integrate with cloud services. The goal is to “pivot the portfolio towards cloud”, as the company put it.

By Johna Till Johnson
On Dec 12, 2014

Inception: Engineered for Destruction

Friday, December 12, 2014

Unless you’ve been living under a rock for the past decade, you’ve heard about advanced persistent threats (APT): threats that are engineered to unfold over time, slowly infiltrating a chosen target through a range of attack vectors and often utilizing code snippets that are harmless individually, but recombine to become toxic. And of course you’re aware of the promise of cloud, particularly the ability to make resources available more quickly and ubiquitously than ever before.

By Johna Till Johnson
On Sep 23, 2014

Where Moneyball Meets InfoSec

Tuesday, September 23, 2014

In my last post, I touched on the need for information security professionals to take a step back and reassess how they’re approaching the entire discipline of information security.

In this and upcoming posts, I’ll  talk about what that means, highlight key areas to focus on, and provide practical next steps for infosec professionals.

By Johna Till Johnson
On Sep 19, 2014

Cybersecurity: The Next Generation

Friday, September 19, 2014

Information security is different these days.

Until roughly this year, most folks—business and technology professionals alike—thought of information security as purely a technical discipline. And as with most technical disciplines, the thinking was that so long as the technical professionals do their jobs, things are good.

If your roofer is good, your roof won’t leak, right?

By Johna Till Johnson
On Aug 13, 2014

The Top Four Tasks of a 21st Century Technology Leader

Wednesday, August 13, 2014
What should technology leaders be doing in 2014, 2015, and beyond?

That was the top focus of the Nemertes Navigator360 Conference, held July 28-30 in St. Pete’s Beach, Florida.

Nemertes Research gathered with top technology leaders from global innovators including Interpublic Group, Chubb & Sons, Northrop Grumman, Ford Motor Company, Vanguard, Sprint to discuss our visions—and best practices—for technology leadership during the coming years of change.

By Johna Till Johnson
On Mar 25, 2014

Putting Wearables To Work in the Enterprise

Tuesday, March 25, 2014

As my colleague, Nemertes Research Analyst John Arkontaky, recently wrote, enterprises are beginning to tiptoe into the world of wearables. Although a vanishingly small percentage of IT organizations supported wearables in 2013, early indications are that this percentage has grown dramatically in 2014.

By Johna Till Johnson
On Feb 25, 2014

Security: Business Inhibitor or Business Enabler?

Tuesday, February 25, 2014

Can the right security posture actually enable business, rather than impeding it? Most folks would say no. Information security has long established itself as a barrier to productivity—how often have you heard employees complain they can’t do something “because of security”? In fact, among my clients we joke that security is the “Dr. No” of the organization

By Johna Till Johnson
On Feb 05, 2014

Turning Trust Into Value: Enabling Innovation

Wednesday, February 5, 2014

Last post, I wrote about the need for IT to become an “enterprise trusted advisor”—that is, to move up the trust spectrum with business, so that business leaders consult IT leaders as part of setting strategy. That said, becoming a trusted advisor isn’t a necessary goal in and of itself. Sure, it feels great to have the higher-ups consult your opinion on matters strategic—but does it really add value to the business, or to your role as an IT professional? Yes, and uniquely so. What do I mean by that?

By Johna Till Johnson
On Jan 22, 2014

Innovation, IT and the Enterprise Trusted Advisor

Wednesday, January 22, 2014

Ask any IT professional if he or she is considered a “trusted advisor”, and you’ll get an interesting reaction. Almost never is it a straightforward yes or no—more typically it’s a long pause, and then “weeeeeelllll……..”

Part of the challenge lies in defining what, exactly, comprises a trusted advisor. Nemertes classifies providers—including IT departments, whose “customers” are typically the lines of business—into three main groups:


Subscribe to RSS - Johna Till Johnson's blog