14 November 2009

Infinistructure: Who Knew What When...

Who knew what when? This is the question of the last year as we now embark on the path towards recovery. The Operational Risks that brought down our economic institutions are growing and the convergence has brought us even bigger systemic organizations "Too Big To Fail."

While many will be side tracked by the need to deal with the toxic assets still on the books or in sinking portfolios the "Zero's and One's" don't lie. The information, digital evidence and just pure data audit trails will remain for many to be caught, charged, indicted and then sent before a jury to decide their fate.

Managing risks in the enterprise today takes on many flavors and within several departmental or enterprise domains of expertise. Whether it be the legal department, the IT department, Internal Audit, Security department or even the Operational Risk Management Committee the "Zero's and One's" don't lie. Think about how much time the people behind corporate malfeasance spend on trying to cover their tracks, clean up the digital "Blood Trail" of their crimes and wrong doing all the while knowing that someday, a smart investigator or forensic examiner will connect the dots. Game over. Amir Efrati at WSJ writes:

Federal prosecutors in Manhattan brought criminal charges Friday against two men for allegedly being the technological brains behind Bernard Madoff's multibillion-dollar Ponzi scheme, and suggested charges against others could follow.

The case against two former computer programmers, Jerome O'Hara and George Perez, may help fill in key blanks in the timeline of how Mr. Madoff, who pleaded guilty to fraud earlier this year, masterminded a scheme that has cost thousands of investors more than $20 billion. The complaint hints at other unnamed "co-conspirators" at the Madoff firm who are now being targeted by prosecutors.


Regardless if you are two paid-off programmers who have been enforcing the "Business Rules" in their software by the boss or an internal threat actor does not matter. Whether they are copying, stealing, altering or damaging the digital information within the organization does not matter; these Operational Risks remain constant. The resources and the money devoted to continuous due diligence, monitoring and preemptive strategy to deter, detect and defend the digital assets of the enterprise need to grow dramatically to stay ahead of the curve.

The best way to figure out what to do and how to do it will require outside assistance. Moving your digital assets to be professionally managed makes sense for economic and other financially prudent reasons. Yet this migration away from large numbers of people managing and maintaining your information technology infrastructure internally and on your payroll is just the standard "outsourcing" strategy right? It has it's own set of 3rd party supply chain set of risks. After your next incident who will be asking: Who knew what when?

Many private sector and government enterprises who are augmenting their COOP and the economic strategy of "Cloud Computing" have realized the smart course of implementing and migrating to managed services and infrastructure suppliers such as Terremark:

Terremark Worldwide (NASDAQ:TMRK) is a leading global provider of IT infrastructure services delivered on the industry's most robust and advanced operations platform. Leveraging purpose-built datacenters in the United States, Europe and Latin America and access to massive and diverse network connectivity from more than 160 global carriers, Terremark delivers government, enterprise and Web 2.0 customers a comprehensive suite of managed solutions including managed hosting, colocation, network and security services.

Terremark's acclaimed Infinistructure utility computing architecture has redefined industry standards for scalable and flexible computing infrastructure and its digitalOps service delivery platform combines end-to-end systems management workflow with a comprehensive customer portal.

How can the utilization of an "Infinistructure" with the knowledge and application of a legal compliance ecosystem in your enterprise mitigate the risks associated with bad actors, unprepared personnel and the digital loss of key evidence? Stay tuned for more on this later. In the mean time remember this. All of the newest technology, faster computers and networks enabled with encryption and secured physical locations will not be enough to save your institution from Operational Risks. It is just one more piece of the total risk management mosaic that will still require the smartest people and the most robust policy and processes imaginable.

Who knew what when? This will continue to be the biggest question of the next decade.