Cyber Security Institute

Saturday, August 21, 2010

Virtualization Beyond Consolidation

A funny thing has happened on the path to virtualization Nirvana: We’ve stopped, or at least greatly slowed, our progress toward highly virtualized data centers.  Gartner says that just 16% of data center loads are virtualized, and our own survey shows ambitions for virtualization are actually backtracking.  “We don’t know what the savings are. We just know they’re there,” is a common response.  At the same time, our InformationWeek Analytics survey found that 35% of respondents say they expect to virtualize less than 25% of their data centers by 2011.


Intel, McAfee Merger Plugs Network Security Hole

The acquisition of McAfee by Intel makes a very important statement when you view it in the context of the future of network security.  It’s one of the big AV companies that have been around since the birth of malware, and it competes well against market leader Symantec.  For people who think computer security is really just about this topic, the acquisition of McAfee by Intel doesn’t make a lot of sense.  If that’s all Intel wanted, it could simply license it.  But what most analysts are missing is that there’s a huge, and rapidly growing, universe of network-connected devices that are quite simply unprotected: a wide range of products from network-connected printers to Internet-aware security systems in buildings.


Friday, August 20, 2010

Cloud Offerings Grappling With QoS — Report

The cloud is making it easier for companies of any size to add on services without adding on to their infrastructure.  In its latest report, “Cloud-Computing Quality of Service in Perspective,” Research and Markets notes that cloud providers should expect and be prepared to counteract the fear, uncertainty and doubt that on-premise supporters are generating regarding cloud computing.  QOS and security are two things that worry the industry.


WAN Log File Data Collection Heads for Standardization

The upcoming LogLogic 5 release from log vendor LogLogic is aiming to expand that visibility with a universal collection framework for disparate log data coming across a WAN.  Specifically, LogLogic is working to create a new standard protocol for log data transmission that could change the way enterprise collect and analyze that data.


Wednesday, August 18, 2010

Astadia Launches ROI Calculator for Cloud Computing

Astadia, a pure-play Cloud computing integrator and top partner, today announced the launch of the I.T. Cloud Transformation (ITX) ROI Calculator which is a free online service.  A 2010 report on I.T. spending priorities by Kaufman Bros. shows a strong trend of I.T. infrastructure consolidating or rationalizing software applications, servers, data centers and back-office functions to cheaper web-based software applications.  Manylack time or resources to build the business case to move specific technologies to the chosen platform.  The ITX ROI Calculator gives a fast estimate of which pieces of an I.T. infrastructure and application portfolio will cost less and perform better when moved to the Cloud, specifically to the platform.


Cloud computing ISO Standards in the pipeline

This was the opening remark from Standards New Zealand chief executive Debbie Chin at the recent workshop ‘Corporate governance of information technology’ that was held in Wellington recently.  Interest in cloud computing is growing rapidly in the International Standards Organisation (ISO) community.  Cloud computing delivers economies of scale and can be used to develop, deploy, and maintain business critical systems quickly and flexibly.  It is through Standards New Zealand that this country contributes to the development of international Standards, such as the new cloud computing Standard, by participating in ISO committees and running mirror committees locally.  Key issues in cloud computing are sovereignty, privacy and portability, and in understanding these requirements this country could be considered a favourable place to host services for an international audience.


Wednesday, August 11, 2010

Small And Midsize Businesses Look For Ways To Cut Compliance Costs

According to The 451 Group, an IT security analyst firm, there are nine different security technologies required for PCI compliance alone: antivirus, firewalls, intrusion detection systems, encryption for data at rest, file integrity, log management, multifactor authentication, a Web application firewall (or a security development lifecycle), and a vulnerability management solution.  Then there are the services: a qualified security assessor, an approved scanning vendor, and in the case of a breach, the qualified incident response assessor.  For small and medium businesses, the costs can be overwhelming, says Joshua Corman, research director for The 451 Group’s security practice.


Stats: The Age of the Internet of Things Has Dawned

The nation’s two largest carriers added more connected devices last quarter than postpaid subscriptions, according to data released this morning by Chetan Sharma, a wireless analyst.  Other than making you wonder what six-year-olds are toting cell phones, the data indicates that the Internet of things has clearly dawned, and with it, a new arena of competition.  In his quarterly update, Sharma noted that wireless penetration in the U.S. reached 95 percent and surpassed 100 percent if one takes out children younger than five. While there are only 20 million connected devices out of 311.3 million subscriptions, the devices are where the growth is.


CouchDB Says Hello To Google Android

CouchDB, the open source database that is part of the NoSQL movement, is now available on Google’s Android.  Palm, a division of Hewlett Packard, has already announced that the next version of its webOS will include services for syncing local data with CouchDB.  According to executives, applications—- web or native—- can use CouchDB’s peer-to-peer sync capabilities to build more engaging experiences.

Tuesday, August 10, 2010

First SMS Trojan for Android is in the wild

The first text message-based Trojan to infect smartphones running Google’s Android operating system has been detected in the wild.  Trojan-SMS.AndroidOS.FakePlayer-A poses as a harmless media player application and has already infected a number of mobile devices, Russian security firm Kaspersky Lab warns.  In a statement, Google said it existing permission controls guard against this type of type, which only exist for applications published outside the Android Marketplace.  Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time.


Tallying the Cost of Cyber Crime

The scheming of cyber criminals now has a price tag: a median cost of $3.8 million (U.S.) per organization, according to researchers at the Poneman Institute, which took an in-depth look at both the cost and the frequency of cyber crime at the behest of security software specialist ArcSight Inc.  The First Annual Cost of Cyber Crime Study, published earlier this month, comes with an important caveat: the Poneman/ArcSight study was extremely limited in scope and is based on just 45 U.S. organizations.  On the other hand, researchers met with and interviewed participants instead of simply surveying them.


Windows Azure Gains Single Sign-On Support

Microsoft has announced that the August preview release of a component of its Windows Azure AppFabric cloud computing platform adds support for federated identity and single sign-on.  The announcement was made in a blog post by Justin Smith, a Microsoft (NASDAQ: MSFT) program manager on the Windows Azure AppFabric Access Control Service (ACS) team, on Wednesday.  The ACS update should be good news for developers and service providers working on applications meant to run on Windows Azure and Windows Server as it also enables access control as a service for federating identities.


It’s time to be proactive on cybersecurity

In light of recent cyberespionage, the breakup of cybercrime rings, and the threats that sophisticated malware such as Stuxnet present to critical infrastructures, McAfee Labs researchers and industry experts call for a more proactive strategy for fighting cybercrime.  “Cybercriminals prosper because they have very little reason to fear the consequences,” said Jeff Green, senior vice president of McAfee Labs.  A new McAfee report, titled “Security Takes the Offensive,” is based on strategies compiled by international experts and issues a “call to arms” to the security industry.


Cloud might let users bypass IT—for a while

Undoubtedly the greatest bit of hype around the predicted rise of cloud computing is that the role of the CIO and the IT department is going to be diminished as end users bypass internal IT and go directly out to the cloud for what they need.  That is until the cloud provider goes out of business one day, and you find out your people can’t get access to all those great documents and ideas and data they had stored in the now-shuttered provider’s servers.  Or until the group of go-getters discover that the Web app stopped working for their co-conspirators in the St. Louis office because of some conflict with that location’s new server settings.  It’s for reasons like these that agency IT departments will still need to be fully engaged with the process of making sure end users have the IT resources they need to do their jobs.  What will change as cloud computing gets more popular is where those resources are coming from, and that will mean a change for IT department’s role, not the reduction or elimination of it.


Assess Security of Cloud Computing Apps

New research finds that while cloud computing services are being widely adopted, more than 50 percent of IT professionals surveyed say their organization isn’t aware of all the cloud services employees are using—and few were evaluated for security before use.  The rapid-fire adoption of cloud computing might offer real advantages for small and mid-size businesses, but it also carries significant risks.  Too often, organizations simply aren’t keeping up with the cloud services their employees are using, according to recent research by the Ponemon Institute, an independent think tank focused on privacy and data security, and CA, Inc., an IT solutions provider.  More than half of the IT personnel surveyed in the May study said their organization isn’t aware of all the cloud services employees have deployed, and less than half said that cloud services are evaluated for security before use.  “I think it shows a potential security meltdown in using cloud computing,” said Larry Ponemon, chairman and founder of the Ponemon Institute.


Monday, August 09, 2010

Cost reductions just ‘scratching the surface’ of the cloud’s benefits

Businesses are only just starting to realize the benefits of cloud computing, and rapid growth cannot occur until vendors address particular obstacles, according to a recent report from the World Economic Forum, the Irish Times relays.  The cloud has been lauded for helping businesses reduce their costs and improve overall business productivity, but the report found these benefits are merely the “scratching the surface of cloud’s potential.”  The obstacles discussed in the report are security and long-term commitments with vendors, the news provider relays.

Seeking Clarity in the Cloud’s Security Haze

Corporate execs and IT managers may soon get clearer answers to fuzzy questions regarding how secure or insecure cloud computing really is.  In an effort to solve that lingering mystery, the non-profit Open Security Foundation (OSF) late last month launched its website.  The new website is aimed at empowering organizations by providing cloud security Planning for the next peak season?


Marketers Still Looking for More Data, Lower Costs for IPad Ads

As early data on iPad apps trickle in, one thing is clear: It’s going to require mountains of metrics for advertisers to pony up for the new platform’s ads—and their high prices.  But early data from Conde Nast will bolster the argument the iPad is worth a premium, as it’s delivering on reader attention better than other media channels.  The publisher reports users are spending more than two hours on average with its Vanity Fair and GQ apps—that’s double the average hour spent with print magazines.  Time spent with iPad apps also beat digital channels: Two hours with an iPad app trumps an average of 15 minutes on websites and 75 minutes on mobile apps per month.


Sunday, August 08, 2010

Whatever the Numbers, Cloud Growth is Skyrocketing

A UBS research report sparked a lot of discussion this week with its estimate that Amazon Web Services’ total revenue will top $500 million this year and $1.1 billion by 2014.  Even if the numerical estimates aren’t entirely quantifiable, stated growth from other cloud providers suggests UBS’s estimated growth curve for AWS is probably accurate.  This week, for example, RightScale announced a 1,000 percent customer spending increase from June 2009 through June 2010.  Aside from consistent cloud-based revenue growth, its cloud customer count almost doubled between the first quarters of 2009 and 2010—- from 43,030 to 80,080.


Saturday, August 07, 2010 Posting Failures of the Most Popular Cloud Providers

It’s difficult to know how often a cloud computing service fails.  In this regard, services that provide updates about outages can be invaluable. monitors service updates from companies such as Amazon, Google and Rackpace.  On Thursday, for instance, it reported a Google service update for Postini, the enterprise email security service.


CRM Cloud Computing Set for Significant Growth

This week, we learned that the talk of cloud computing is dominating the news pages, especially as more companies are jumping on board.  According to a Server Watch report, research firm IDC (News - Alert) shows the continued uptake of CRM cloud computing in the enterprise as the key driver for server hardware spending.  Earlier in the week, they discussed how social CRM and mobile applications are a hot area for a number of businesses seeking to advance their positioning in the market.  According to BatchBlue President Pamela O’Hara, this solution is now about gathering thousands of followers, but instead focuses on the one-to-one contact.  A variety of CRM applications are moving to mobile app format and are available at online venues such as Apple’s (News - Alert) App Store and the Google Apps Marketplace.


Friday, August 06, 2010

BIS: We Have Failed to Learn From the Nordic Crisis

[I see many parallels and lessons that can be applied to IT Crisis Response]
The Bank of International Settlements (BIS) recently released an excellent paper comparing the current crisis to the Nordic crisis.  This is a particularly interesting case study because the Nordic credit crisis was relatively clean for a credit crisis.  Perhaps most interesting is the fact that their crisis was unfolding at the same time as the Japanese crisis.  I believe the thoughts from the BIS are particularly interesting as I was a proponent of the harsher Swedish Model - a bit more of an Austrian economics approach to the crisis as opposed to the Japanese model of trying to ensure capitalism without losers.  Our analysis indicates that current policies have followed those (Nordic) principles in some respects, but have fallen short in other, arguably more important, ones.


Wednesday, August 04, 2010

Apple iPhone, iPad in Enterprise Needs Security Policies: Forrester

Apple’s iPhone and iPad have seen increased adoption by the enterprise, but IT pros integrating the devices could need to institute additional security policies, according to a new Forrester report.  Apple has enjoyed increased enterprise adoption of the iPhone and iPad—-but a new Forrester Research report makes it clear that, if companies are to accept the devices into their fold, certain security policies need to be implemented first.  The Aug. 2 report authored by Forrester analyst Andrew Jaquith suggests that, while Apple has instituted more stringent security for its devices, enterprises need to be proactive about instituting policies of their own for the iPad and iPhone.  “These seven Apple mobile device policies satisfy the basic security needs of most enterprises,” Jaquith wrote.