Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Council Teleconference: Application Rationalization — Hidden Costs and Smart Decisions
November 17 at 11:00 am US/Eastern (GMT-5)
Join Honorio Padrón, of The Hackett Group, who will share the drivers for companies to tackle application rationalization and the results of research that define the hidden cost of complexity. Additionally, we will discuss key decision milestones—to start or not, holding the course steady and fulfilling expectations.
Virtual Desktop Cost-Benefit Analysis — Michael Jacobs, Catlin Group
The analysis contained in this presentation measures the cost of everything from the machines and licenses to the infrastructure for virtual vs. traditional desktop environments.
Honor your best senior team members - Apply for the CIO Ones to Watch Award
Get well-earned public recognition for your top up-and-coming team members, your IT organization and your enterprise. Award winners will be announced, publicized and feted in May 2010, great timing to help attract new IT recruits to your company.
Learn more about the CIO Executive Council »July 29, 2008 — CIO —
Welcome to Part 2 of our 5-part series on IT cost cutting. Each installment looks at money-saving IT projects that you can replicate, from Gap, Lafarge, Title Resource Group, the U.S. Department of Defense and Washington Mutual.
In Part 1, Lafarge North America learns how to negotiate from a position of strength with vendors AT&T and Hewlett-Packard, saving "seven figures" in the process.
E-mail CIO.com writer Kim S. Nash and tell her about your money-saving project. Be sure to say how much the effort cost, what the financial returns were and how soon you saw them. Bonus points for projects implemented in three months or less, with substantial returns within a year. Your project may be featured in a story on CIO.com or in CIO magazine.
Compliance. You can't avoid it and you can't keep failing it. The best you can do is make it cheaper and easier and good enough to pass audits.
Anyone trying to comply with PCI and Sarbanes-Oxley regulations knows that passing an audit hangs on demonstrating that you control employee access to sensitive customer and financial data.
So it was at Gap Inc. Direct, which oversees the e-commerce efforts of Gap, Banana Republic, Old Navy and shoe outlet Piperlime. But controlling access wasn't simple in a mixed environment of mainly Unix servers, including Linux, and various Microsoft Windows operating systems.
Gap Inc. Direct uses Microsoft's Active Directory administrative tools. Among other features, Active Directory lets system administrators grant and control end-user permissions more easily than many Unix tools, says Jeff Arcuri, a senior manager of IT at Gap Inc. Direct.
Active Directory by itself doesn't support Linux or Unix so Gap's system administrators ended up having to assign employee permissions individually, to access different databases and applications, depending on the work they needed to do.
When it came time for PCI and Sox audits, auditors or system administrators had to collect the server logs manually to show who accessed what files when, for hundreds of servers. They could automate bits of the process with custom scripts but still, start to finish, the ordeal required up to 10 people working at least part-time on every audit, he says.
To automate more of the process and free up systems administrators for more valuable work, as well as make user access permissions in this mixed operating environment simpler, Arcuri deployed an identity management tool from Likewise Software. The software installation took about three months early this year and involved two to five system administrators at various points, Arcuri says. Installing identity management systems can help a company enforce policies for who can see what data.