Cyber Security Institute
Saturday, August 21, 2010
Virtualization Beyond Consolidation
A funny thing has happened on the path to virtualization Nirvana: We’ve stopped, or at least greatly slowed, our progress toward highly virtualized data centers. Gartner says that just 16% of data center loads are virtualized, and our own survey shows ambitions for virtualization are actually backtracking. “We don’t know what the savings are. We just know they’re there,” is a common response. At the same time, our InformationWeek Analytics survey found that 35% of respondents say they expect to virtualize less than 25% of their data centers by 2011.
Intel, McAfee Merger Plugs Network Security Hole
The acquisition of McAfee by Intel makes a very important statement when you view it in the context of the future of network security. It’s one of the big AV companies that have been around since the birth of malware, and it competes well against market leader Symantec. For people who think computer security is really just about this topic, the acquisition of McAfee by Intel doesn’t make a lot of sense. If that’s all Intel wanted, it could simply license it. But what most analysts are missing is that there’s a huge, and rapidly growing, universe of network-connected devices that are quite simply unprotected: a wide range of products from network-connected printers to Internet-aware security systems in buildings.
Friday, August 20, 2010
Cloud Offerings Grappling With QoS — Report
The cloud is making it easier for companies of any size to add on services without adding on to their infrastructure. In its latest report, “Cloud-Computing Quality of Service in Perspective,” Research and Markets notes that cloud providers should expect and be prepared to counteract the fear, uncertainty and doubt that on-premise supporters are generating regarding cloud computing. QOS and security are two things that worry the industry.
WAN Log File Data Collection Heads for Standardization
The upcoming LogLogic 5 release from log vendor LogLogic is aiming to expand that visibility with a universal collection framework for disparate log data coming across a WAN. Specifically, LogLogic is working to create a new standard protocol for log data transmission that could change the way enterprise collect and analyze that data.
Wednesday, August 18, 2010
Astadia Launches ROI Calculator for Cloud Computing
Astadia, a pure-play Cloud computing integrator and top Salesforce.com partner, today announced the launch of the I.T. Cloud Transformation (ITX) ROI Calculator which is a free online service. A 2010 report on I.T. spending priorities by Kaufman Bros. shows a strong trend of I.T. infrastructure consolidating or rationalizing software applications, servers, data centers and back-office functions to cheaper web-based software applications. Manylack time or resources to build the business case to move specific technologies to the chosen platform. The ITX ROI Calculator gives a fast estimate of which pieces of an I.T. infrastructure and application portfolio will cost less and perform better when moved to the Cloud, specifically to the Force.com platform.
Cloud computing ISO Standards in the pipeline
This was the opening remark from Standards New Zealand chief executive Debbie Chin at the recent workshop ‘Corporate governance of information technology’ that was held in Wellington recently. Interest in cloud computing is growing rapidly in the International Standards Organisation (ISO) community. Cloud computing delivers economies of scale and can be used to develop, deploy, and maintain business critical systems quickly and flexibly. It is through Standards New Zealand that this country contributes to the development of international Standards, such as the new cloud computing Standard, by participating in ISO committees and running mirror committees locally. Key issues in cloud computing are sovereignty, privacy and portability, and in understanding these requirements this country could be considered a favourable place to host services for an international audience.
Wednesday, August 11, 2010
Small And Midsize Businesses Look For Ways To Cut Compliance Costs
According to The 451 Group, an IT security analyst firm, there are nine different security technologies required for PCI compliance alone: antivirus, firewalls, intrusion detection systems, encryption for data at rest, file integrity, log management, multifactor authentication, a Web application firewall (or a security development lifecycle), and a vulnerability management solution. Then there are the services: a qualified security assessor, an approved scanning vendor, and in the case of a breach, the qualified incident response assessor. For small and medium businesses, the costs can be overwhelming, says Joshua Corman, research director for The 451 Group’s security practice.
Tuesday, August 10, 2010
Stats: The Age of the Internet of Things Has Dawned
The nation’s two largest carriers added more connected devices last quarter than postpaid subscriptions, according to data released this morning by Chetan Sharma, a wireless analyst. Other than making you wonder what six-year-olds are toting cell phones, the data indicates that the Internet of things has clearly dawned, and with it, a new arena of competition. In his quarterly update, Sharma noted that wireless penetration in the U.S. reached 95 percent and surpassed 100 percent if one takes out children younger than five. While there are only 20 million connected devices out of 311.3 million subscriptions, the devices are where the growth is.
CouchDB Says Hello To Google Android
CouchDB, the open source database that is part of the NoSQL movement, is now available on Google’s Android. Palm, a division of Hewlett Packard, has already announced that the next version of its webOS will include services for syncing local data with CouchDB. According to Couch.io executives, applications—- web or native—- can use CouchDB’s peer-to-peer sync capabilities to build more engaging experiences. http://gigaom.com/2010/08/10/couchdb-says-hello-to-google-android/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+OmMalik+%28GigaOM%29
First SMS Trojan for Android is in the wild
The first text message-based Trojan to infect smartphones running Google’s Android operating system has been detected in the wild. Trojan-SMS.AndroidOS.FakePlayer-A poses as a harmless media player application and has already infected a number of mobile devices, Russian security firm Kaspersky Lab warns. In a statement, Google said it existing permission controls guard against this type of type, which only exist for applications published outside the Android Marketplace. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time.
Tallying the Cost of Cyber Crime
The scheming of cyber criminals now has a price tag: a median cost of $3.8 million (U.S.) per organization, according to researchers at the Poneman Institute, which took an in-depth look at both the cost and the frequency of cyber crime at the behest of security software specialist ArcSight Inc. The First Annual Cost of Cyber Crime Study, published earlier this month, comes with an important caveat: the Poneman/ArcSight study was extremely limited in scope and is based on just 45 U.S. organizations. On the other hand, researchers met with and interviewed participants instead of simply surveying them.
Windows Azure Gains Single Sign-On Support
Microsoft has announced that the August preview release of a component of its Windows Azure AppFabric cloud computing platform adds support for federated identity and single sign-on. The announcement was made in a blog post by Justin Smith, a Microsoft (NASDAQ: MSFT) program manager on the Windows Azure AppFabric Access Control Service (ACS) team, on Wednesday. The ACS update should be good news for developers and service providers working on applications meant to run on Windows Azure and Windows Server as it also enables access control as a service for federating identities.
It’s time to be proactive on cybersecurity
In light of recent cyberespionage, the breakup of cybercrime rings, and the threats that sophisticated malware such as Stuxnet present to critical infrastructures, McAfee Labs researchers and industry experts call for a more proactive strategy for fighting cybercrime. “Cybercriminals prosper because they have very little reason to fear the consequences,” said Jeff Green, senior vice president of McAfee Labs. A new McAfee report, titled “Security Takes the Offensive,” is based on strategies compiled by international experts and issues a “call to arms” to the security industry.
Cloud might let users bypass IT—for a while
Undoubtedly the greatest bit of hype around the predicted rise of cloud computing is that the role of the CIO and the IT department is going to be diminished as end users bypass internal IT and go directly out to the cloud for what they need. That is until the cloud provider goes out of business one day, and you find out your people can’t get access to all those great documents and ideas and data they had stored in the now-shuttered provider’s servers. Or until the group of go-getters discover that the Web app stopped working for their co-conspirators in the St. Louis office because of some conflict with that location’s new server settings. It’s for reasons like these that agency IT departments will still need to be fully engaged with the process of making sure end users have the IT resources they need to do their jobs. What will change as cloud computing gets more popular is where those resources are coming from, and that will mean a change for IT department’s role, not the reduction or elimination of it.
Assess Security of Cloud Computing Apps
New research finds that while cloud computing services are being widely adopted, more than 50 percent of IT professionals surveyed say their organization isn’t aware of all the cloud services employees are using—and few were evaluated for security before use. The rapid-fire adoption of cloud computing might offer real advantages for small and mid-size businesses, but it also carries significant risks. Too often, organizations simply aren’t keeping up with the cloud services their employees are using, according to recent research by the Ponemon Institute, an independent think tank focused on privacy and data security, and CA, Inc., an IT solutions provider. More than half of the IT personnel surveyed in the May study said their organization isn’t aware of all the cloud services employees have deployed, and less than half said that cloud services are evaluated for security before use. “I think it shows a potential security meltdown in using cloud computing,” said Larry Ponemon, chairman and founder of the Ponemon Institute.
Monday, August 09, 2010
Cost reductions just scratching the surface of the clouds benefits
Businesses are only just starting to realize the benefits of cloud computing, and rapid growth cannot occur until vendors address particular obstacles, according to a recent report from the World Economic Forum, the Irish Times relays. The cloud has been lauded for helping businesses reduce their costs and improve overall business productivity, but the report found these benefits are merely the “scratching the surface of cloud’s potential.” The obstacles discussed in the report are security and long-term commitments with vendors, the news provider relays.
Seeking Clarity in the Cloud’s Security Haze
Corporate execs and IT managers may soon get clearer answers to fuzzy questions regarding how secure or insecure cloud computing really is. In an effort to solve that lingering mystery, the non-profit Open Security Foundation (OSF) late last month launched its cloutage.org website. The new website is aimed at empowering organizations by providing cloud security Planning for the next peak season?
Marketers Still Looking for More Data, Lower Costs for IPad Ads
As early data on iPad apps trickle in, one thing is clear: It’s going to require mountains of metrics for advertisers to pony up for the new platform’s ads—and their high prices. But early data from Conde Nast will bolster the argument the iPad is worth a premium, as it’s delivering on reader attention better than other media channels. The publisher reports users are spending more than two hours on average with its Vanity Fair and GQ apps—that’s double the average hour spent with print magazines. Time spent with iPad apps also beat digital channels: Two hours with an iPad app trumps an average of 15 minutes on websites and 75 minutes on mobile apps per month.
Sunday, August 08, 2010
Whatever the Numbers, Cloud Growth is Skyrocketing
A UBS research report sparked a lot of discussion this week with its estimate that Amazon Web Services’ total revenue will top $500 million this year and $1.1 billion by 2014. Even if the numerical estimates aren’t entirely quantifiable, stated growth from other cloud providers suggests UBS’s estimated growth curve for AWS is probably accurate. This week, for example, RightScale announced a 1,000 percent customer spending increase from June 2009 through June 2010. Aside from consistent cloud-based revenue growth, its cloud customer count almost doubled between the first quarters of 2009 and 2010—- from 43,030 to 80,080.
Saturday, August 07, 2010
CloudFail.net: Posting Failures of the Most Popular Cloud Providers
It’s difficult to know how often a cloud computing service fails. In this regard, services that provide updates about outages can be invaluable. CloudFail.net monitors service updates from companies such as Amazon, Google and Rackpace. On Thursday, for instance, it reported a Google service update for Postini, the enterprise email security service.
CRM Cloud Computing Set for Significant Growth
This week, we learned that the talk of cloud computing is dominating the news pages, especially as more companies are jumping on board. According to a Server Watch report, research firm IDC (News - Alert) shows the continued uptake of CRM cloud computing in the enterprise as the key driver for server hardware spending. Earlier in the week, they discussed how social CRM and mobile applications are a hot area for a number of businesses seeking to advance their positioning in the market. According to BatchBlue President Pamela O’Hara, this solution is now about gathering thousands of followers, but instead focuses on the one-to-one contact. A variety of CRM applications are moving to mobile app format and are available at online venues such as Apple’s (News - Alert) App Store and the Google Apps Marketplace.
Friday, August 06, 2010
BIS: We Have Failed to Learn From the Nordic Crisis
[I see many parallels and lessons that can be applied to IT Crisis Response]
The Bank of International Settlements (BIS) recently released an excellent paper comparing the current crisis to the Nordic crisis. This is a particularly interesting case study because the Nordic credit crisis was relatively clean for a credit crisis. Perhaps most interesting is the fact that their crisis was unfolding at the same time as the Japanese crisis. I believe the thoughts from the BIS are particularly interesting as I was a proponent of the harsher Swedish Model - a bit more of an Austrian economics approach to the crisis as opposed to the Japanese model of trying to ensure capitalism without losers. Our analysis indicates that current policies have followed those (Nordic) principles in some respects, but have fallen short in other, arguably more important, ones.
Wednesday, August 04, 2010
Apple iPhone, iPad in Enterprise Needs Security Policies: Forrester
Apple’s iPhone and iPad have seen increased adoption by the enterprise, but IT pros integrating the devices could need to institute additional security policies, according to a new Forrester report. Apple has enjoyed increased enterprise adoption of the iPhone and iPad—-but a new Forrester Research report makes it clear that, if companies are to accept the devices into their fold, certain security policies need to be implemented first. The Aug. 2 report authored by Forrester analyst Andrew Jaquith suggests that, while Apple has instituted more stringent security for its devices, enterprises need to be proactive about instituting policies of their own for the iPad and iPhone. “These seven Apple mobile device policies satisfy the basic security needs of most enterprises,” Jaquith wrote.
Sunday, July 25, 2010
FTC Slaps Twitter Down Hard For Lax Security, Privacy Violations
Social networking service Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information, the FTC said yesterday. The FTC’s complaint against Twitter charges that serious lapses in the company’s data security allowed hackers to obtain unauthorized administrative control of Twitter, including access to nonpublic user information, tweets that consumers had designated private, and the ability to send out phony tweets from any account—including those belonging to then-President-elect Barack Obama and Fox News.
Thursday, June 10, 2010
Survey Finds Enterprise Mobility Management Lowers Cost, Improves Security and Supports More Devices
Best-in-Class Companies Leveraging Mobility Management to Control Mobile Chaos and Reduce TCO up to 78%. Zenprise, Inc., a leading provider of enterprise mobile management and device management software, announced findings from a research report conducted by Aberdeen Group, a Harte-Hanks Company (NYSE:HHS - News), titled “Enterprise Mobility Management: Optimizing the Full Mobile Lifecycle.” More than 200 companies worldwide were surveyed for the report, which found top performing organizations (“Best-in-Class”) are deploying Enterprise Mobility Management (EMM) solutions to lower total cost of ownership (TCO), enforce compliance to company policy and governance issues and secure the mobile edge of the network.
Ireland considers detailed data loss disclosure guidelines
The proposed code of practice has been published by the Office of the Data Protection Commissioner on its Web site and is open for public comment through June 18. The code of practice would require organizations to report a breach within two working days with some exceptions if strong security measures are implemented. All breaches that result in the loss of personal data affecting more than 100 people would have to be reported unless the personal data was encrypted to a “high standard” with a strong password and that password had not been compromised.
Monday, June 07, 2010
Review: Cloud automation tools
One of the promises of the public cloud is the opportunity to quickly dial up server resources in order to do a job that calls for heavy-duty batch processing. But first you need a way to manage the life cycle of that job. Fortunately, there are tools that can automate setting up and tearing down jobs in the public cloud.
IBM Announces New Offerings to Help Organizations Drive Innovation While Managing Cost and Risk
At the INNOVATE 2010 conference, IBM announced new software and services that help customers design and deliver the advanced products leading the convergence of mechanical, electronic, and digital technologies. The convergence of physical assets and IT applications requires a new “systems of systems” approach for integrating products and services. Software-driven innovation across product lines is often challenging if not supported by effective planning, development and collaboration. Best-in-class product and service companies are those that build a strong competency in systems engineering and software development. Organizations of the future—along with their partners and customers—must build the competencies to design, deliver and manage products in smarter ways.
Friday, June 04, 2010
Cloud Market Share: 2 Percent, But Growing
Despite all the buzz and hype it has generated, cloud computing represents just 2 percent of the revenue in the IT infrastructure market, according to Tier 1 Research. But not for long, as cloud computing is the fastest-growing business model in the sector, and will grow to more than $1 billion a year in revenue by next year. “Slowly but surely, that 2 percent will become a bigger piece of the pie,” said Antonio Piraino, the Research Director of Tier 1, in his keynote message at Wednesday’s Datacenter Transformation Summit in Reston, Va. Internet infrastructure is currently a $35 billion market, according to Tier 1, with Infrastructure as a Service (IaaS) cloud computing revenue expected to reach $735 million for 2010. But that cloud market share is expected to grow to $1.25 billion nest year, $2 billion in 2012 and $3 billion in 2013.
Keeping Cloud Costs Grounded
The cost of cloud computing has generated little debate because the savings appear so self evident. IBM’s CTO for Cloud Computing, Kristof Kloeckner, estimates that it reduces IT labor costs by up to 50%, improves capital utilization by 75% and reduces provisioning from weeks to minutes. The City of Los Angeles anticipates savings of more than $5 million with its move to Google Apps. Because of such apparent savings, few companies have taken the time to question the cost implications of working in the cloud. The problem with this is that cloud computing takes on many forms, and, if not planned for properly, will not deliver the expected ROI.