Question

Your task is that as a CIO (Chief information officer) you design an ICT Strategy to position the education institute to meet the goals and business strategy provided by the Dean while maintaining security over next 5 years that focus on the following critical IT matter:

1.Infrastructure (especially IAAS)

2. DM (Data Management)

3. MDM (Mobile Device Management)

4. Governance/CoBit

5. CRM (Customer Relationship Management)

6. Risk/Security/Privacy

Answer 1

Q.1 Infrastructure as a service (IaaS):-

Infrastructure as a service (IaaS) is a type of cloud computing model that allocates virtualized computing resources to the user through the internet. IaaS is one of the main components of cloud computing along with software as a service (SaaS) and platform as a service (PaaS). IaaS is completely provisioned and managed over the internet.

The IaaS technology helps the users to avoid the cost and complexity of purchasing and managing their own physical servers. Every resource of IaaS is offered as an individual service component and the users only have to use the particular one they need. The cloud service provider manages the IaaS infrastructure while the users can concentrate on installing, configuring and managing their software.

As the cloud buyers rent a space in the virtual data centre of the IaaS provider, they get the access to the virtual data centre through the internet. IaaS provides the raw materials and basic infrastructure for IT and ensures affordability as the users only have to pay or the resources they use. The cloud service providers enable the users to rent the virtual servers and storage while forming networks in order to tie them all together. While renting from a cloud IaaS provider, users are essentially renting hardware along with the provisioning software that automates it.

Here resources are available on demand thereby saving implementation cost and time of execution. This service include the following-

• Computing resources as a service
• Storage as a service
• Network as a service
• Disaster recovery as a service
• Backup as a service
• Virtual Desktop solutions
• High availability services
• Infrastructure for application development and testing.

Q. 2. DM (Data Management)

Data management (DM) consists of the practices, architectural techniques, and tools for achieving consistent access to and delivery of data across the spectrum of data subject areas and data structure types in the enterprise, to meet the data consumption requirements of all applications and business processes.

Data management is the function of planning, controlling, and delivering data effectively in an organization. Data management includes the following functions: practicing the disciplines in the development, execution, and supervision of plans, programs, policies and practices that protect, control, deliver and enhance the quality and value of data and information in the organization.

Benefits Of Data Management

Minimized Errors:

Effective data management helps in minimizing potential errors and reducing the damages caused by bad data. The greater occurrence of processes like copy-paste, drag and drop, and linking of documents, the greater the likelihood of data errors. Therefore, an effective data management strategy and data quality initiative must be implemented to better control the health of a business’ most valuable asset.

Efficiency Improvements:

If your data is properly managed, updated, and enhanced, its accessibility and your organizational efficiency will increase exponentially. However, If the data is inaccurate, mismanaged or error-prone, it can waste tremendous time and resources.

Protection From Data Related Problems and Risks:

Security of data is very important and proper data management helps in ensuring that vital data is never lost and is protected inside the organization. Data security is an essential part of data management. It protects employees and companies from various data losses, thefts, and breaches.

Data Quality Improvement:

Better data management helps in improving data quality and access. Therefore, better search results are obtained in a company with better and faster access to the organization’s data, which can aid in decision making.

Q. 3. MDM (Mobile Device Management)

Mobile device management (MDM), is the process of managing everything about a mobile device. MDM includes storing essential information about mobile devices, deciding which apps can be present on the devices, locating devices, and securing devices if lost or stolen. Many businesses use a third-party mobile device management software such as Mobile Device Manager  to manage mobile devices. Mobile Device Management has expanded its horizons to evolve into Enterprise Mobility Management (EMM).

Mobile devices now have more capabilities than ever before, which has ultimately led to many enterprises adopting a mobile-only or mobile-first workforce. In these types of environments, both personal and corporate-owned mobile devices are the primary devices used for accessing or interacting with corporate data.

Mobile Device Management requires two components in a data centre:

· A server component, wherein IT administrators configure and send out policies through a management console.

· A client component, which receives and implements the commands on end-user mobile devices.

Mobile device management has evolved over time. Scalability was initially an issue, but central remote management has eliminated antiquated steps like SIM card and client-initiated updates. Modern MDM software can automatically detect new devices connected to the corporate network and apply over-the-air commands/settings for streamlined policy implementation.

Advantages of using MDM solutions

· Time-saving automations

· Improved efficiency

· Increased productivity

· Achieve compliance

· Enhanced security

· Remote management

MDM can be mainly utilized following industries.

· Healthcare

With most healthcare organizations moving towards electronic health records (EHRs), mobile device use is more popular than ever in the healthcare sector. But ensuring the personal health information (PHI) stored on mobile devices is secure and complying with regulatory standards like HIPAA can be a challenge. An MDM solution can help you meet compliance standards while also ensuring that PHI remains secure from unauthorized access.

· Transportation

Now that many enterprises are embracing mobility, one market that can benefit greatly from the advantages of MDM is the transportation industry. MDM lets businesses track shipments and vehicle locations as well as maintain a history of locations traversed. It also lets you lock down corporate devices to specific apps and/or settings to prevent device misuse and ensure maximum productivity.

· Education

The transition to the digital age has affected no industry more than the education sector. With more and more schools adopting tablet-based teaching methods, it's essential to manage these devices to ensure they're only used for learning. Granular restrictions let you disable basic device functionalities such as the camera, as well as restrict access to certain websites.

· Retail

Thanks to features like digital signage, mPOS, and self-service checkouts, mobile devices have found their niche in the retail sector. Some enterprises in the retail industry use mobile devices built for a specific need, while others use a combination of in-house apps and certain policies on more standard devices like phones and tablets. Both specialized devices such as rugged devices and standard mobile devices such as smartphones can be managed using an MDM solution.

· Service

With most organizations in the service industry leaning towards a mobile-only or mobile-first workforce, mobile devices—especially employee-owned devices—are being used more than ever. An MDM solution helps you seamlessly manage personal devices (BYOD management) and in-house apps while also ensuring those devices adhere to your enterprise's security standards.

Q. 4. Governance/CoBit

COBIT (Control Objectives for Information and Related Technology) is an IT governance control framework that helps organisations meet today’s business challenges in the areas of regulatory compliance, risk management and the alignment of IT strategy with organisational goals.

COBIT has become one of the most important frameworks for information technology governance (ITG), which provides organizations with a useful guidelines tool to initially evaluate their own ITG systems. COBIT initiates ITG framework and supporting toolset that allows IT managers to join mismatch between control requirements, technical issues and business risks.

Information Technology (IT) has evolved far beyond being a mere tool for businesses to make use of; these days, it forms the very foundations of most, if not all, successful corporations, regardless of their industry, age or size. Failing to fully optimize IT capabilities can leave a business static in an ever-changing and dynamic landscape, making it highly vulnerable to competitors.

Indeed, the ‘governance’ of IT will usually branch out into virtually every aspect of an organization, including the provision of customer services, the processes which generate end products and even change management.

COBIT is a leading framework for the governance and management of enterprise IT. Created by the non-profit ISACA, COBIT was built by experts to suit the requirements of both business executives and IT professionals. It combines enterprise governance and management techniques, providing principles, practices, models and analytical tools to help users consistently increase the value of, and trust in, their IT systems.

Part of COBIT’s success comes from the fact that it has been consistently updated to meet the ever-changing needs of IT governance. For example, the latest version, COBIT 5, is better able to integrate with other popular frameworks, standards and resources, including VAL IT, Risk IT and ITIL.

The Various Cobit Components:

• Framework

IT helps in organizing the objectives of IT governance and bringing in the best practices in IT processes and domains while linking business requirements.

• Process Descriptions

It is a reference model and also acts as a common language for every individual in the organization. The process descriptions include planning, building, running, and monitoring of all IT processes.

• Control Objectives

This provides a complete list of requirements that have been considered by the management for effective IT business control.

• Maturity Models

Accesses the maturity and the capability of every process while addressing the gaps.

• Management Guidelines

Helps in better-assigning responsibilities, measuring performances, agreeing on common objectives, and illustrating better interrelationships with every other process.

Benefits of using COBIT

The COBIT framework can help organisations of all sizes to:

• Improve and maintain high quality information to support business decisions.
• Use IT effectively to achieve business goals.
• Use technology to promote operational excellence.
• Ensure IT risk is managed effectively.
• Ensure ROI on the expenditure of IT services and technology.
• Achieve compliance with laws, regulations and contractual agreements.

COBIT Principles and Processes:

COBIT 5 clearly differentiates between the governance and management of IT, and works around five principles:

• COBIT Principle 1: Meeting Stakeholder Needs
• COBIT Principle 2: Covering the Enterprise End-to-End
• COBIT Principle 3: Applying a Single Integrated Framework
• COBIT Principle 4: Enabling a Holistic Approach
• COBIT Principle 5: Separating Governance from Management

There are seven 'enablers' and a Process Reference Model (PRM) which identifies five sets of processes:

• COBIT Process 1: Evaluate, Direct and Monitor
• COBIT Process 2: Align, Plan and Organise
• COBIT Process 3: Build, Acquire and Implement
• COBIT Process 4: Deliver, Service and Support
• COBIT Process 5: Monitor, Evaluate and Assess

Q. 5. CRM (Customer Relationship Management)

The meaning of Customer Relationship Management (CRM has changed a lot over the years. CRM is a term that was initially defined and designed to improve customer service. Today, though, it relates to an entire business strategy. CRM software acts as a single repository to bring your sales, marketing, and customer support activities together, and streamline your process, policy, and people in one platform.

The art of managing the organization’s relationship with the customers and prospective clients refer to customer relationship management. Customer relationship management includes various strategies and techniques to maintain healthy relationship with the organization’s existing as well as potential customers. Organizations must ensure customers are satisfied with their products and services for higher customer retention. Remember one satisfied customer brings ten new customers with him where as one dissatisfied customer takes away ten customers along with him.

In simpler words, customer relationship management refers to the study of needs and expectations of the customers and providing them the right solution.

· Benefits of CRM for Business

• Improves Informational Organization - CRM identifies, documents and records all the interaction that customers have with the organization. This helps businesses to understand their customers better and provide instant solutions.
• Ensures Enhanced Communication - CRM is cloud-based and never disappoints customers as it makes information accessible from any device. All the customer needs is an internet connection.
• CRM enhances Your Customer Service - With CRM customer support becomes a cake walk. This is because, when the customer reaches out to the company, the executive would be all equipped to retrieve information on the activities like the recent purchases made, priorities and any other assistance that customer requires.
• Automates our day to day tasks - A CRM is developed to automate performance of multiple tasks of the employees. This would help employees to focus more in converting leads and addressing customer issues while the CRM is at their disposal to take care of the details.
• Greater efficiency for multiple teams - The stored information entitles the users of different teams to access emails, phone calls, and calendar details from a secure and easily accessible console. The best part of CRM is that users can same data by multiple teams at the same time by tagging the required team to access the information. This new find, simplifies the work for the teams and gives the possibility to seamlessly work together to enhance the bottom line.
• Delivers accurate analytical data and reports - CRM systems archive data in one place that prompts enhanced data analysis. The tool is developed to easily integrate with plugins and other tools that can generate the possibility to generate automatic reports to maximize your time. This helps the users to make effective decisions to reap the rewards in customer trust and get good revenue in the long run.

10 steps that will help you to implement the CRM

• Identify the Need to have a CRM system
• Define the goal properly
• Gather required documents
• Find out the weak points
• Put good business practice before CRM
• Draft a configuration plan
• Plan a smooth data transfer
• Let everyone share the same vision
• Test It before it is put to use
• Let the CRM be live

CRM helps to gain more insight about customers and can give a boost to the sales and profit of the company. In order to reap the benefits it is very important to implement it in a hustle-free manner with the correct strategies; otherwise it could prove to be a bad debt for the company. Moreover, it needs to evolve with the time with new features and also match with the changing technology and goal of an organization.

Q. 6. Risk/Security/Privacy

Risk management - Identifies the alignment of critical business processes with supporting technology systems. IT risk management serves to focus IT governance, security and privacy investments in the areas contributing most to mission success. IT risk management must be a part of enterprise risk management (ERM), a discipline that addresses the full spectrum of an organization’s risk, including challenges and opportunities, and integrates them into an enterprise wide, strategically aligned portfolio view. ERM contributes to improved decision making and supports the achievement of an organization’s mission, goals and objectives.

Information security - Encompasses efforts to protect data and information systems from inappropriate access, manipulation, modification and destruction, ensuring the confidentiality, integrity and availability of the systems and data. This is normally managed by the enterprise’s chief information security officer (CISO). The US National Institute for Standards and Technology’s (NIST’s) Framework for Improving Critical Infrastructure Cybersecurity focuses on using business drivers to guide security activities while considering cybersecurity risk factors as part of the organization’s risk management processes and includes technology, processes, policies and people.

Privacy - Within a secure enterprise, privacy controls allow only properly designated personnel to access information governed under privacy laws, and encompass efforts to protect an individual’s ability to determine how their personal information is collected, used, stored and disclosed. Information security and IT governance directly impact the success of a privacy program.