Gayley said one of his biggest concerns on the security front is "wondering what the next thing is." He's also aware that the time administrators have to react to worms, viruses, and other attacks "is minutes now, not hours." Since virus-protection firms typically take much longer than that to craft responses, both CIOs said businesses need to build their own defenses to keep their operations safe.
At George Washington, Swartz said his department has set up a "controlled area" where their servers direct users whose clients are determined to be infected. At Amtrak, Gayley said, the protection against viruses and worms starts at server level--users there aren't allowed to log on unless their client has properly updated software. And, "all our servers are kept up to date, all the time," he added.
The panelists were split on the issue of open-source products. Swartz said George Washington has discussed the idea of eliminating Microsoft products from the data center to eliminate the need for multiple patches and updates. Using Linux on servers, he said, "seems like a safer environment to be in."
But Amtrak's Gayley said he shies away from open source, preferring Unix products from IBM. "I still don't believe it is mature enough," Gayley said of open source.
Gayley also said IT directors should always try to seek the best deals from their vendors, either by asking to renegotiate existing contracts or by turning to resellers for quotes on updates and maintenance. "Don't presume that when that bill comes in, you have to pay," he said. "You've got other options."
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
