Category: Trends

Implementations of Session Initiation Protocol (SIP), an alternative VoIP protocol, can leave VoIP networks open to unauthorized transport of data.

The VoIPSA tools are intended to help businesses test and secure their networks, but these and other online tools can be used to probe for weaknesses as well.

Part of the reason may be that the largest VoIP vendors use proprietary protocols, such as Cisco’s Skinny, Nortel’s Unistim and Avaya’s variant of H.323, Orans says. SIP, which is gaining popularity, is a mixed bag, Orans says, because it is readily available to those who might want to exploit it. These options include firewalls and intrusion-prevention systems that support SIP (compare products).

Another reason for the lack of broad exploits is that there isnt enough ROI for attackers’ development time.

Hybrid PBX systems — which handle both VoIP and TDM voice — account for 64% of all PBX lines sold, according to a December 2007 Infonetics report.

http://www.networkworld.com/news/2007/121707-crystal-ball-voip-vulnerabilities.html

Lost laptops, emails sent to the wrong address, sensitive documents left on photocopiers, employees walking out of the building with confidential papers or storage media — these are not new sources of leaks, but they remain the most common, the study finds. “Most of these are accidental, not malicious,” Seth says.

Some employees repeat sensitive information on social networking sites such as MySpace or Facebook, while others may be overheard in a restaurant or on an airplane. An employee might be shoulder-surfed at a coffee shop or on a train, or lose an unencrypted storage device in a public place, the study observes.

The study also found some methods of leakage that may not be anticipated, such as “print screen” capabilities or photographing of screens on mobile devices. “I know it’s a tired phrase, but we’re talking about human behavior here, and the only way to correct the problem is to correct the behavior.”

http://www.darkreading.com/document.asp?doc_id=140412&f_src=darkreading_section_296

Intelligence agencies already routinely test other states’ networks looking for weaknesses and their techniques are growing more sophisticated every year, it said. Governments must urgently shore up their defenses against industrial espionage and attacks on infrastructure. It said China has been blamed for attacks in the United States, India, and Germany. “The Chinese were first to use cyberattacks for political and military goals,” James Mulvenon, director of the Center for Intelligence and Research in Washington, was quoted as saying in the report.

The report was compiled with input from academics and officials from Britain’s Serious Organized Crime Agency, the U.S. Federal Bureau of Investigation, and NATO.

http://www.news.com/World-faces-cyber-cold-war-threat%2C-report-says/2100-7349_3-6220619.html?tag=ne.fd.mnbc

The survey, carried out by analysts TNS on behalf of CompTIA, also discovered that for every dollar spent on security about 42 cents goes on technology product purchases, 17 cents for security-related processes, 15 cents for training, 12 cents for assessments, nine cents for certification, and the balance on other costs.

http://www.channelregister.co.uk/2007/10/11/comptia_security_survey/

A strategic technology is something that may have an impact on a business. And impact could mean driving an investment or posing a threat, said David Cearley, a Gartner analyst. If your competitors adopt one of these technologies “does that put you at a competitive disadvantage?”

1. Green IT. This is a path that more and more companies are taking as a socially responsible strategy. A green approach is multifaceted and can affect data center operations in a number of ways, such as moving workloads based on energy efficiency and using the most power-inefficient servers only at times of peak usage, said Carl Claunch, an analyst. But data centers also face the threat of regulatory action to curb power usage. “Some event somewhere, a popular movie, some shift in election politics, and suddenly you are forced to change dramatically and it comes with little warning,” he said.

2. Unified communications. This is a path that more and more companies are taking as a socially responsible strategy. The move to unified communications systems is happening as the world shifts from analog to digital over IP networks. Companies may make security videos part of this convergence, which may give businesses, for instance, new ways to analyze a retail outlet’s traffic patterns.

3. Business process management. A key trend is the evolution of the business process management suite, Cearley said. This may include, model-driven development, content and document management, collaboration capabilities, system connectivity, business intelligence activity monitoring and management, rules and systems management.

4. Metadata management. This is becoming important as companies integrate data — for instance, customer and product data and warehouse data.

5. Virtualization. Virtualization technology is critical, but not just for consolidation; it also offers a way to mirror production systems for disaster recovery.

6. Mashups

7. The Web platform. This is the model for services in the future.

8. Computing fabric. A server design that is still a work in progress, computing fabric involves treating memory, processors and I/O cards as a pooled resource instead of a fixed arrangement. Blade servers allow you to do some of this pooling with I/O, Claunch said.

9. Real World Web. Thanks to the Real World Web, users can have ready access to all kinds of information, including travel information or the location of a jar of pickles in a grocery store.

10. Social software. Social software includes podcasts, blogs and wikis — anything that fosters the development of social networks.
One IT manager at the session, Ted Stoddard, director of operations at Federal Signal Corp. in Oak Brook Ill., a company that makes security and safety products, said he suspects that many people, as he has, have already assembled their strategic plans for next year.

While some of the items on Gartner’s list, such as virtualization, are part of his plan, he hasn’t considered others, such as social networking technologies like blogs. Those are probably worth looking at, Stoddard said, “but there are more important things to work on now.”

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9041738&source=NLT_AM&nlid=1

During tech digestion, acquisition is all about price and ease of use, with budgets primarily driven by return on investment calculations.

There’s a large focus on infrastructure rationalization and process automation—pretty much what’s characterized technology acquisition for the past seven years or so.

Next year will signal a point of transition, as we’ll see a whole new level of investment for the next four or five years. Purchases will be driven more by functionality and less by ROI calculations. “There will be a shift from making processes more efficient to helping companies optimize business results by adding analytics and vertical industry knowledge,” said Bartels.

According to Forrester research, software spending will show the greatest increase over 2007, rising by 10 percent, fueled by the drive for greater productivity as well as the spread of virtualization software in the data center.

Communications equipment purchasing will show the greatest percentage increase (9 percent more than the 2007 budget), heavily influenced by carrier infrastructure investment. Communications equipment purchasing by enterprises will be more modest, growing at 6 percent more than 2007 budgets.

The budgets for computer equipment will show a slightly lower growth, at 4 percent, than it did in 2007, while budgets for IT services and outsourcing will jump by 8 percent.

Discussions with industry analysts and IT professionals indicate that terms such as “security” and “disaster recovery” still have a place on IT’s agenda, but moving up fast are terms including “green IT,” “data analytics” and “knowledge transfer.”

This latter term is particularly important: The increasing mobility of workers means that organizations suffer when individuals take their knowledge and intelligence with them.

Web 2.0 technologies, such as wikis, blogs, and enterprise tagging and bookmarking systems, are being looked at as one approach for capturing that intelligence. “Learning in major organizations is just repeated constantly,” said Keely Flint, enterprise information architecture program manager, at Bupa Health, based in the United Kingdom. “We developed a library of use cases so that people might come to a central repository to trigger ideas for new projects or gain guidance for existing projects.” The vice president of IT at Fuji Film, in Valhalla, N.Y., said he’s automated pretty much everything that can be automated. Next year he’ll start using Microsoft’s SharePoint platform for collecting latent information in the organization. “We have intranets and our internal Web sites, but everybody has their drawers stuffed with information, so the idea is to promote the use of SharePoint as a common platform,” Pelligrino said.

Pelligrino added that some of these technologies don’t have obvious ROI.

GE Real Estate’s IT budget is expected to increase by 3 percent to 5 percent next year, according to CIO Hank Zupnick, and a major business priority for the company, a business unit of GE Commercial Finance, is electronic content management for providing easy access to business documents such as tenant leases and third-party vendor contracts.

These tools include a case management system for the county’s mental health facility and an expanded point-of-sale system at the county’s amusement park, Rye Playland, said Westchester County CIO Norm Jacknis.

Data center reorganization and consolidation continue to be major projects for many companies, driving investments in virtualization, storage, blade servers and more effective management tools.

As part of that effort, GE Real Estate is deploying WAFS (wide-area file services) in 30 North American regional offices in place of traditional file and print servers, with “significant success,” Zupnick said.

During 2006 and 2007, Fuji Film rolled out most of its SAP implementation and put into place much of the necessary infrastructure for the platform.

A safer answer may be the “verticalization” of broad-based applications: the process of applying industry knowledge to mined data, allowing companies to gain deeper insight into their businesses.

http://www.eweek.com/print_article2/0,1217,a=216693,00.asp