Home About Blog Report & Survey Highlights Case Studies Q&A Interviews Services

Laura DiDio on…

Microsoft Azure Sphere chip for end-to-end IoT security from the Cloud to Network Edge

“MediaTek is a good partner [for Microsoft] to have for its Azure Sphere secure IoT chip,” said Laura DiDio, principal analyst with ITIC. “They will provide a Wi-Fi controller, the processor will run Microsoft’s Linux-based IoT OS and you’ve now got a highly secure, connected device at a decent price point.”

Channel Futures, April 17, 2018

Microsoft Reorganization:

“Microsoft has actually been moving away from Windows and more towards the cloud, analytics and AI for the past ten years,” explained Laura DiDio, an analyst at ITIC. “This did not happen overnight.” DiDio pointed out that Nadella has made major changes quickly during his tenure. “That’s the way you have to move,” to stay relevant, she said. “You’ve got to be agile to stay ahead of the game.”

The changes don’t mean that Microsoft is totally giving up on Windows, DiDio said. But they do mean that Nadella is focusing the company’s energies around stronger assets.

“They’re de-emphasizing Windows,” she said, in order to become a stronger “player in cloud and artificial intelligence, because that’s where the money is.”

CNN Money, March 29, 2018

Failure to deliver reliability and uptime:

“Time is money,” DiDio says. “Systems, networks and connectivity devices are subject to failure. If the downtime persists for any significant length of time, it can be expensive in terms of monetary losses. It can disrupt operations, decrease worker productivity and negatively impact the organization’s business partners, customers and suppliers.

“A security outage of any significant duration can also be a PR nightmare and damage the company’s reputation, causing lost business,” DiDio says. “Reliability and uptime go hand in hand with a comprehensive, detailed backup and disaster recovery plan that also includes an internal operational level agreement that designates a chain of command in the event of any type of service disruption.”

Every organization should have a disaster recovery plan that includes an itemized list of who to contact at vendor organizations, cloud and third-party service providers, DiDio says. “The CISO should also know what the company’s contracts stipulate as the response time from vendors, cloud, and third-party service providers to respond to and thwart security incidents and track down the hackers,” she says.

CSO Online, November 21, 2017

Cal State University and Hartnell College Launching Cohort Program:

“Since 2013, the two institutions have promoted this program as a way to attract minorities, women and students who are the first in their families to attend college to Computer Science and STEM subjects. The Cohort program nurtures these students by having them take their CS classes as a group.” DiDio says. It also helps them adjust more quickly to college life by providing them with group study and life skills classes to help them stick with CS as a major and graduate.

“So far, so good. A 75% majority of students enrolled in the CSUMB/Hartnell CS Cohort program graduate. This is well above the national average of about 30%,” DiDio notes.

ITIC Corp, November 17, 2017

Burger King Ad Creates Whopper of a Mess:

“In the Internet of Things environment, where you can have “an ecosystem or ecosystems of ecosystems interconnected, the attack vector universe is potentially limitless,” noted Laura DiDio, research director for IoT at 451 Research.

The risks are “everywhere, and what you can do is mitigate risk to an acceptable level,” she told the E-Commerce Times — but that requires vendors to make secure products.

E-Commerce Times, April 13, 2017

United Airlines Customer Service Snafus:

United’s behavior was “cavalier and callous,” said Laura DiDio, research director for IoT at 451 Research.

“The deck is stacked against passengers these days,” she told CRM Buyer.

However, this situation “is a PR nightmare for United Airlines,” DiDio added, “and it’s not going away.”

CRMBuyer, April 11, 2017

IBM AIX v7 and Windows Server 2008 R2 Highest Security Marks

Nine out of 10 — 90% — of the 470 respondents to ITIC’s 2010-2011 Global Server Hardware and Server OS Reliability survey rated the security of Microsoft’s Windows Server 2008 R2 and IBM’s AIX v7 as “Excellent” or “Very Good.” This was the highest security ratings out of 18 different Server Operating System distributions (See Exhibit below). Three-quarters or 75% of survey participants gave HP UX 11i v3 “Excellent” or “Very Good” security ratings; this was the third highest ranking of the 18 major server OS distributions polled. This was followed by Ubuntu Server 10 and Debian GNU/Linux 5, which tied for fourth. Seven out of 10 survey participants — 71% — of those polled ranked the two most popular open source distributions’ security as “Excellent” or “Very Good.” Red Hat Enterprise Linux v 5.5 and Novell SuSE Linux Enterprise 11, the two most widely deployed Linux distributions trailed Debian and Ubuntu but were nearly tied with each other in security rankings. Just over two-thirds — 67% — of Red Hat users rated its security as “Excellent or Very Good” while 66% of survey participants judging Novell SuSE Linux Enterprise 11 security to be “Excellent” or “Very Good.”

Some 58% of Apple Mac OS X 10.6 survey respondents rated its security as “Excellent” or “Very Good,” putting it at the bottom of the pack, beating only Oracle’s Solaris 10 which was rated “Excellent” or “Very Good” by 63% of respondents, which in the past two years has been notching modest gains among corporate users.

Also noteworthy was the fact that only a very small percentage of respondents gave thumbs down “Poor” or “Unsatisfactory” security grades to their server operating system vendors. In this category, Apple had the highest percentage of respondents – 7% — who gave its Mac OS X 10.6 both “Poor” and “Unsatisfactory” marks. This might appear puzzling to some since Apple’s users have long touted the security of the platform. Apple users have long boasted about the fact that there are far fewer viruses and malicious code written targeting Macs compared to Windows. However, now that Apple is once again re-emerging as a significant presence in corporate networks, the Mac OS X 10.6 will no longer enjoy the “security by obscurity” that it claimed as a standalone consumer OS. Macs, iPhones, iPads and tablets are becoming mainstream staples as business tools. Hence, the number of exploits, including such malware as worms, Trojans and bots that target the Mac is increasing commensurately. Apple will have to respond accordingly with tighter security.

Survey Methodology

ITIC and our survey partner GFI Software conducted an independent Web-based survey of 470 corporate IT mangers and C-level executives worldwide from November 2010 through February 2011. The survey’s objective was to poll corporate customers on the reliability of 14 of the most popular server hardware platforms and 18 of the top server OS distributions.

Survey participants came from 23 countries worldwide; approximately 83% hailed from North America. The survey consisted of multiple choice questions and one essay question. ITIC supplemented the Web survey two dozen first person customer interviews. In order to maintain objectivity, ITIC accepted no vendor sponsorship monies.

Solid Security is Essential to Network Reliability

Solid security is an essential element for every network environment. The server operating system upon which corporate middleware and software e.g., databases, word processing applications, spreadsheets and other mainstream line of business (LOB) applications run is the cornerstone of the entire network computing environment. As the saying goes, “the chain is only as strong as the weakest link.” Server and their operating systems literally run the business and incorporate a significant percent of organizations’ sensitive data and intellectual property (IP). If server OS security is flawed, buggy or easily hacked, the entire business and its operations are potentially at risk.

Each GFI/ITIC survey invariably serves up some unexpected responses. And in this survey the biggest came in the responses regarding server operating system security.

The biggest of these, of course, was Microsoft, which like the Bible’s Prodigal Son, has returned home to rejoicing and rave reviews. Over the past decade Microsoft has struggled to shed the stigma that Windows is a porous server OS, perennially plagued with security flaws and easily compromised. It is now nine years since Microsoft publicly launched its Trustworthy Computing Initiative which was designed to make all of the company’s software inherently more secure by default and by design. Based on the survey responses, Microsoft has succeeded – particularly with Windows Server 2008 R2.

Of particular note, Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 are the only three operating systems out of the 18 different server OSes in the GFI/ ITIC poll in which the majority of the respondents indicated that the security has improved over the past 3 years. This is an 18 percent improvement over Windows Server 2008 and a 30 percent jump in the number of survey participants who gave a similar rating to Windows Server 2003.

It is equally true in analyzing the responses that the Windows Server OS was the platform that most needed to strengthen and shore up its security. Based on the results of prior ITIC surveys as recently as 2008, user perception was that Windows Server security lagged behind nearly all of the other server OSs by a substantial margin.

Other Server Operating Systems Stay the Course

In all of the other 15 distributions, the majority of survey participants indicated that the security of the other server OS platforms “has remained the same.”

If Windows Server 2008 R2 is the Prodigal Son, then IBM’s AIX v 7.1 is the “Good Son” which has consistently delivered superlative security year after year, always garnering top ratings for overall reliability and security in each of the annual ITIC Reliability surveys. The 2010-2011 Global Server Hardware and Server OS Reliability poll was no exception. IBM tied for first place with nine out of 10 respondents – 90% — giving AIX v 7.1 an “Excellent” or “Very Good” rating. Many of the IBM security managers ITIC interviewed, cited the consistency and inherent ‘bullet proof” nature of the server OS source code and the fact that IBM is quick to discover, inform them and issue a fix when a security issue does arise.

Other distributions like HP’s UX, Red Hat Enterprise Linux , Novell SuSE Linux Enterprise and Apple’s Mac OS X 10.x also received high security marks and praise from customers.

The results of ITIC’s latest 2010-2011 Global Server Hardware and Server OS Reliability survey indicated that organizations of all sizes and across all vertical markets feel that it is critical that they monitor the server OS and associated server-based line of business (LOB) applications for vulnerabilities. A 51 percent majority of businesses feel that the security of the OS has an impact on the overall security and reliability of the network. Specifically, 60% of respondents indicated they place equal importance on monitoring the vulnerabilities of all network components followed by 56% that rated the OS as crucial and 42% say they feel the security of their databases and other main LOB applications are pivotal to the overall security of their network computing environments.

Among the other security highlights in the ITIC/GFI 2010-2011 Global Server Hardware and Server OS Reliability Survey:

  • In response to the question: “Estimate the impact or perceived impact that server OS security has on overall network reliability”
    • 10% of respondents said “No impact, they are separate and distinct”
    • 37% of participants said “minimal impact
    • 21% said “moderate impact
    • 17% said “significant impact
    • 12% said “extremely crucial, server OS and security are intertwined”

Based on ITIC’s first person customer interviews, we determined that the biggest customer complaint was not with the inherent security of a specific server OS platform, but rather in finding fixes and getting technical service and support when the organization was stymied. In many of these particular instances, the organizations were very large enterprises and a common complaint was that searching for a fix was akin to finding “proverbial needle in a haystack.” Since the underlying reliability and security of nearly all the server operating systems and server hardware has improved, the majority of the more moderate and severe Tier 2 and Tier 3 outages are mainly due to integration and interoperability issues e.g., incompatible applications or drivers.

Conclusions and Recommendations

Server OS security is fluid and not static. No server operating system, application or hardware component is immune to penetration. Customer perception can and does change the minute a security flaw is found or malware is unleashed that successfully penetrates or threatens to compromise the security of any platform.

None of the server operating system vendors can rest on their laurels. Microsoft has made impressive security gains making Windows Server inherently secure by default, design and deployment, now it must endeavor to maintain the consistency of its security. Windows Server also has the biggest bull’s eye on its back since it is one of the most widely deployed server operating systems. Other server OS distributions, most notably Apple’s OS X 10.6x, which has so far managed to avoid falling prey to very major or public security holes, must likewise maintain its vigilance as the OS increases its presence in corporate enterprises.

Corporations also bear at least 50% of the responsibility for securing their respective environments. Even the most bulletproof server OS can be compromised and undone by configuration errors and failure to install and turn on OS security features. Organizations are also advised to conduct quarterly threat assessments of their environments. Staying current on the latest patches and fixes is also a must, as are regular updates of anti-virus applications and other security packages. Corporations should also review and update their security policies and procedures annually.

These results are especially important considered in light of the ongoing economic crunch which has caused companies to cut their IT budgets and reduce staff. As they strive to accomplish more with fewer resources, IT departments must rely even more heavily on their vendors to deliver more reliable and secure servers and server OS platforms.

Time is literally money. Even a few minutes of downtime – especially when a hack or a suspected security leak occurs — can result in significant costs and cause internal business operations to grind to a halt. Downtime as a result of a security breach can also undermine company’s relationship with its customers, business suppliers and partners. Reliability or lack thereof can potentially damage a company’s reputation and result in lost business.

Share This Content:
1 Discussion
No Comments

Be the first to comment!

Post a Comment:

Laura DiDio on Facebook
Laura DiDio on LinkedIn
Laura DiDio on Skype
Laura DiDio on Twitter