TPO Magazine 2013 - The Video Migraine

7/28/2019 TPO Magazine 2013 - The Video Migraine

1/5Summer 2013 1

ROBOTIC

TELEPRESENCTALE OF THE TAPE

TELEPRESENCE

YOUR GUIDE TO VISUAL COLLABORATION

UMMER 2013THE INTER-COMPANY VIDEO ISSUE

PLUS:VISUAL COLLABORATION FOR AGILE SOFTWARE DEVELOPMENT AND SCRUM WEBRTC REALITY CHE

DELOITTE:Open for Business atthe Speed ofLight

DeloittesJerome Oglesby (left

Aaron Roe (right) are connectin

the firm to 185 companies a mo

generating revenue, saving clie

money, and making Deloittesexpertise available globally.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-


2/562 www.TelepresenceOptions.com

The Video

MigraineSECURITY, GOVERNANCE, AND BUSINESSCONTINUITYONE STEP AT A TIME

BY DOUG HOWARD

Migraines are caused by many triggers, and or some people (in reality,many) video has been a clear root cause. I youre on the hook or a high-prole video conerence or streaming event, your nervous system is

preconditioned or a heightened sense o awareness and stress the day o the event.Your nervous system is likely to go through our stages o change on the route to amigraine: prodrome, aura, attack and postdrome. Heres how it plays out:

PRODROME Te early symptom is the stress that pulsates through your body asyou mentally review all the things you and your team did to prepare or anything youcould have missed or that might go wrong. So many things outside o your control. Somany points o ailure. Will the network holdup? Did the rewall get changed? Didanything change since you did the test an hour ago?


3/5Summer 2012 63

Even i everything goes perectly, your body assumes the worstand orces your nervous system into believing the worst will

occur just as it has so many times beore. Te net result theVIDEO MIGRAINE.

Introducing or expanding video across an enterprise providessignicant business value but not without risk. Video withinan enterprise, like any application, introduces new considerationsthat have wide-reaching impacts on the business and I alike.Te positive benets to a business that use video are boundless,but video can also be very dangerous i not properly plannedand managed. Video, unlike most applications, introduces bothrequirements and impacts associated with latency and bandwidthto an extreme degree, as well as security and Business Continuityand Disaster Recovery (BCDR) demands. Also, because video is

part o your Unied Communications and Collaboration (UCC)suite, it oen alls under one or more compliance and regulatoryrequirements. In all cases it alls under U.S. state and internationalprivacy and Personal Identiable Inormation (PII) laws. Videois also a broad term that encompasses Video eleconerencingConerencing (VC), Streaming Video, and Video on Demand(VOD). Endless business applications all under video as well,including desktop, room and telepresence or VC, webcasting,executive and nancial/product broadcast, IPV, processmonitoring and surveillance or live and hybrid streaming, on-demand training, enterprise Youube, compliance archiving, andpublishing all under VOD.

Video should be considered a key element to support youroverall corporate BCDR plan, providing a rich communications

conduit during critical times. Tis doesnt count all theother supporting categories such as lecture capture, editing,content management/storage, and video intelligence. Onelast complication is video delivery, which includes variablessuch as requency o use, inside/outside the rewall routingand transversal, transmuxing/transcoding, automatic networkcondition detection and adjusting, and integration with otherbusiness applications that may reside on premise or In theCloud (IC).

As with all things revolving around I, its oen over-whelming to know where and when to start. We recommendstarting beore the next purchase or add-on order. Aer all,

i your network, the Internet, conerence rooms and studios,audio systems, viewer platorms and standards were static andyou never introduced new and add-on devices and applications,youd never get a video migraine!

VENDOR AUDIT AND MANAGEMENT WITHIN THE IT

SECURITY DISCIPLINE

Many companies are required by law or their own business needto perorm vendor oversight, ensuring the vendor has adequateinormation security and data protection incorporated into itproducts and services. In truth, every organization must secureits environments in the ace o changing technologies, people and

POSTDROMEOK, breathe, letsgure out what happened and make sure

it doesnt happen ever again assumingI still have a job. How will I recover romthis? Man I have a headache. Where arethe aspirin and how soon can I get a drinkor three? I think Ive aged 50 years.

AURATe inability to ocus comesquickly as things dont work as expected.

Te call dropped how hard is it to justreconnect? Why am I the only one thatknows how to do this? Te remote userscant join the stream and continue to hitthe connection over, and over, and over,and over again, exacerbating the problem.Is the room spinning? Why is this takingso long? Why is everyone looking at me?

ATTACK Te pain is in ull efect now.How could this have happened? How

could we have missed that? Everythingwas working beore. Tey say its not thenetwork. How long will the pain last.Youre the last stop or the blame train.Your head is pounding and you cantthink straight. What will happen now?


4/564 www.TelepresenceOptions.com

processes. Beore adding an I vendors product or service to yourorganizations operational prole, you must rst set your ownstandards or I security, governance and business continuity. Youmay choose rom a ew primary routes or such a policy:

1) Adopt the international series o standards, presently theISO 27000 series

2) Adopt the ree written policies used by your countrysgovernment, such as the US NIS standards

3) Adopt a uniquely created standard. ISO/IEC 27001ormally species a management system to bring inormationsecurity under explicit management control. A ormalspecication means that it mandates specic requirements soorganizations can be ormally audited and certied compliant.While ISO has expenses or purchasing the standards, itsglobally recognized and provides a well-developed base outlineor an organization to build unique standards around.

Te ISO 2700 series are primarily designed around securingand enterprise, but with a little creativity they can be usedor auditing and evaluating your vendors. Te ISO standardcontains 12 main sections that can be mapped specically to the

evaluation o any vendor. Tey include:1. Risk AssessmentWhat is the general risk o

doing business with the vendor (i.e. nancialviability, technical solution, deployment options andrequirements, etc.)

2. Security policyWhat is the vendors written securitypolicy

3. Organization of information securityGovernance oinormation security

4. Asset managementInventory, classication andprioritization o inormation assets and services

5. Human resources securitySecurity aspects or

employees joining, moving within and leaving anorganization6. Physical and environmental securityProtection o

the physical users computers and devices and thedatacenter acilities

7. Communications and operations managementManagement o technical security controls in systemsand networks

8. Access controlRestriction o access rights tonetworks, systems, applications, unctions and data

9. Information systems acquisition, development and

maintenanceBuilding security into applications10. Information security incident management

Anticipating and responding appropriately toinormation security breaches

11. Business continuity managementProtecting,maintaining and recovering business-critical processesand systems

12. ComplianceEnsuring conormance with inormationsecurity policies, standards, laws and regulations

Now the real complication is making sure that all yourstandards meet the ollowing criteria:

1) actually make you more secure2) can be supported by your organization and properly

managed to the standards you document3) ulll your governance requirements so you can provide

proper reporting on all the regulatory and compliancestandards your organization is subject to

4) continue to be applicable even when the inevitableadversity strikes and your inrastructure, people, and processescontinue to operate at a minimal level to sustain the businessneeds.

In order to properly evaluate a vendor, we recommend a simplethree-staged process in auditing and managing the vendorrelationship ongoing. Ultimately, you can use this snapshot todemonstrate regulatory compliance, contractual complianceand adherence to best practices or inormation securitypractices:

1. Collect informationIssue a detailed questionnaire toyour vendors. Tis should be a contractual commitmentin your Master Service Agreement, and the repliesshould be contractually binding.

2. VerifyConduct telephone and on-site visits to veriythe responses to the questionnaire and to identiy othergap areas not mentioned by the vendors.

3. Analyze and ReportDra and deliver a nal reportthat identies areas o strengths and weaknesses asmeasured against your organizations dened standards.We suggest allowing your vendor to review and providecomments to the report.

4. Determine AcceptanceYou must now judge i theintroduction o the vendor into your operations lets youto maintain your acceptable risk level or the business.

5. ManagerAssuming youre comortable with thevendor, your report provides a point-in-time analysiso the vendor and a risk prole. It should also ulll theollowing:


5/5Summer 2013 65

a. Provide a list o remediation items and agreed-uponvendor actions and timerame to correct the mostcritical open-risk items.b. Have a dened schedule or auditing and

reevaluating the vendor (typically every 12-18 monthsor when a major change occurs.)

Tese were just a small sample o key points you must

take into consideration when evaluating a vendor and thevendors introduction into your environment does notincrease your risk prole. Tis is the magic o properlycreating, testing, and updating a security, governance, andbusiness continuity Program. A well-dened vendor audit andmanagement program supports your business and ensuresthat the inormation security controls are operating efectivelyto protect customer and employee personal inormation andcompany trade secrets while creating a measurable assessmento how your outsourcing vendors protect your data.

CONCLUSION

So, as you digest all the things that could go wrong, take a

pause. Te aha moment will hit you and youll know why somany VC calls and streamed events ail to deliver positiveresults most o the time.

Each o these topics could justiy a ull-length book. Rather,weve committed to writing several to the point articlesover the next year. In the next article, Removing the VideoGremlins: Knowing Whats Wrong Beore the Big Event, welldiscuss best practices to ensure your video inrastructure isready or use. We plan on outlining a clear case thatwhenproperly planned and tested regularlyvideo can be providedconsistently, at a high quality without a migraine. TPO

ABOUT THE AUTHORDoug Howard consults with the Human

Productivity Lab specializing in helping

organizations to ensure video solutions,

and other business applications, meet the

customers business value expectation and

are deployed in a manner that properly ft

into their governance, security, and BCDR

programs. Howard is the ounder and CEOo Savanture, where he draws upon his

experience in governance, security and BCDR

rom his prior roles including vice president

o Security and Business Continuity at AT&T,

COO o BT Counterpane, the security division

o BT, chie strategy ofcer o SilverCloud

(previously Perimeter e-Security), and his

video and UCC expertise rom his role as

president o USA.NET and prior position as

CEO o VBrick Systems.

Howard resides just outside o

Washington, DC and can be reached at

[email protected] .
http://www.humanproductivitylab.com/en/Doug-Howardhttp://www.humanproductivitylab.com/http://www.humanproductivitylab.com/mailto:[email protected]:[email protected]://www.humanproductivitylab.com/http://www.humanproductivitylab.com/http://www.humanproductivitylab.com/en/Doug-Howard

Documents

TPO Magazine 2013 - The Video Migraine