IBM Platform Resource Scheduler Automates, Accelerates Cloud Deployments

One of the most daunting and off-putting challenges for any enterprise IT department is how to efficiently plan and effectively manage cloud deployments or upgrades while still maintaining the reliability and availability of the existing infrastructure during the rollout.

IBM solves this issue with its newly released Platform Resource Scheduler which is part of the company’s Platform Computing portfolio and an offering within the IBM Software Defined Environment (SDE) vision for next generation cloud automation. The Platform Resource Scheduler is a prescriptive set of services designed to ensure that enterprise IT departments get a trouble-free transition to a private, public or private cloud environment by automating the most common placement and policy procedures of their virtual machines (VMs). It also helps guarantee quality of service while greatly reducing the most typical human errors that occur when IT administrators manually perform tasks like load balancing and memory balancing. The Platform Resource Scheduler is sold with IBM’s SmartCloud Orchestrator and PowerVC and is available as an add-on with IBM SmartCloud Open Stack Entry products. It also features full compatibility with Nova APIs and fits into all IBM OpenStack environments. It is built on open APIs, tools and technologies to maximize client value, skills availability and easy reuse across hybrid cloud environments. It supports heterogeneous (both IBM and non-IBM) infrastructures and runs on Linux, UNIX and Windows as well as IBM’s zOS operating systems. …

IBM Platform Resource Scheduler Automates, Accelerates Cloud Deployments Read More »

2013 Cyber Shopping Sales Surge 20%; Mobile Traffic Up 45% Over 2012

The 2013 five-day cyber holiday shopping sale from Black Friday through Cyber Monday drove the highest sales totals in U.S. history. This year’s sales surged over 20% and mobile traffic increased by 45% compared with 2012 revenues, according to data from IBM Digital Analytics Benchmark Hub, which tracked data from over 800 U.S retailers in real-time.

Apple, Amazon, Best Buy and Wal-Mart were the big winners. Apple especially has reason to be pleased: IBM’s Digital Analytics statistics indicated that Apple iOS devices rang up 450% more online commerce than rival Android devices and Apple customers outspent their Android counterparts by over $13 on individual sales as well.

Additionally, IBM’s cloud-based analytics findings indicated that U.S. shoppers made Cyber Monday the biggest single online shopping day in history with a nearly 21% increase in online sales. Mobile sales exceeded 17% of all online sales, representing an increase of 55% year-over-year, according to IBM Digital Analytics statistics. And the average online order was $128.77.

Retail analysts got a bit of a shock when this year’s Cyber Monday online sales outpaced Black Friday sales by a solid 31.5 %. However, the consumers who shopped on Black Friday spent an average five percent more on each order — $135.27 versus those who spent $128.77 on Cyber Monday purchases. …

2013 Cyber Shopping Sales Surge 20%; Mobile Traffic Up 45% Over 2012 Read More »

IBM Wins $150M EU Contract for 6,100 System x and Flex System Servers

IBM and Business Partner Bechtle AG just won a $150 million contract to supply the European Commission with 6,100 System x and Flex Systems for office and application servers and supporting services.
This is the largest contract ever awarded by the EC, which is the executive body of the European Union institutions and agencies in the EC’s 27 member states.

The contract is significant for both the size of the award and the fact that IBM and Bechtle AG beat out tough competitors including rivals Bull, Dell, Fujitsu and Hewlett-Packard for the multi-tier/year contract. That they did so is a testament to the EC’s confidence in the performance, reliability and scalability of IBM System x and Flex Systems server line and IBM and Bechtle AG’s ability to deliver top notch technical service and support.

The $150 million contract also underscores IBM’s continued commitment to and investment in the Intel Corp. based x86 platform. Rumors have been swirling for some time that IBM might sell off the System x server line. Given the EC contract win, coupled with several other recent big System x wins and potential System x server deals in the offing, a sale seems unlikely.

In addition, IBM is readying a new line of System x servers for release in early 2014 based on Intel’s forthcoming “Ivy Bridge” EX processor. Sources within IBM said that Big Blue will bolster the considerable performance and reliability features of the upcoming Intel EX processor with significant add-on capabilities that go beyond Intel’s own server specifications. …

IBM Wins $150M EU Contract for 6,100 System x and Flex System Servers Read More »

Rise in Security Threats Increases Risk, Pressures on IT and Business

An overwhelming 80% of companies say that “end user carelessness” constitutes the biggest security threat to their organizations, surpassing the ever-present peril posed by malware or organized hacker attacks .

Additionally, 65% of businesses do not calculate the cost or business impact of security-related downtime and over 30% of firms are unable to detect or defend against a security breach in a timely manner when one does occur.

Those are among the top findings of the ITIC/KnowBe4 “2013 – 2014 Security Deployment Trends Survey.” The joint independent Web-based survey polled 500 organizations during October/November 2013 on the leading security threats and challenges facing their firms and their top priorities over the next 12 to 18 months. In order to maintain objectivity, ITIC and KnowBe4 accepted NO vendor sponsorship and none of the respondents received any remuneration for participating.

The data indicates that IT departments are hard pressed to stay abreast of myriad security issues which represent just one portion of their overall job responsibilities. Some 44% of survey respondents said their IT departments and security professionals spend less than 20% of their time on daily operational security. Another 32% said they devote 20% to 40% of their time on security. Only 20% of participants dedicate a significant portion of their daily and weekly administrative activities to securing their systems and networks. …

Rise in Security Threats Increases Risk, Pressures on IT and Business Read More »

Does Infrastructure Really Matter When it Comes to IT Security?

Yes, infrastructure absolutely does matter and has a profound and immediate impact on enterprise security.

Server hardware (and the server operating systems and applications that run on them) form the bedrock upon which the performance, reliability and functionality of the entire infrastructure rests. Just as you wouldn’t want to build a house on quicksand, you don’t want your infrastructure to be shaky or suspect: it will undermine security, network operations, negatively impact revenue, raise the risk of litigation and potentially cause your firm to lose business.

And that’s just the tip of the iceberg. These days, many if not most corporate enterprises have extranets to facilitate commerce and communications amongst their customers, business partners and suppliers. Any weak link in infrastructure security has the potential to become a gaping hole, allowing a security breach to extend beyond the confines of the corporate network and extranet. Security breaches can infect and invade other networks with astounding rapidity.

Increasingly, aging and inadequate infrastructure adversely impacts enterprise security. …

Does Infrastructure Really Matter When it Comes to IT Security? Read More »

National Advertising Division Strikes Oracle Out Over Misleading IBM Ads; Refers Case to FTC

It’s Strike Three for Oracle in its ongoing argument with the Better Business Bureau’s National Advertising Division (NAD) and IBM over a series of 2012 ads in which Oracle claimed its servers were much less expensive and outperformed Big Blue’s machines.

NAD, the investigative unit of the advertising industry’s system of self-regulation, has now forwarded the complaints onto the Federal Trade Commission. The FTC is a government regulatory agency and it wields much more authority than the BBB or NAD.

At this point, Oracle would do well to give up gracefully. But given the history between these two long standing rivals, that is unlikely to happen.

The dispute revolves around three separate Oracle advertising campaigns in 2012, which ran in major publications including The Wall Street Journal. According to the NAD’s latest press release each of Oracle’s ads featured “an overbroad and unsupported comparison between one Oracle product and one IBM product.” Each campaign was reviewed by NAD following complaints lodged by IBM, which alleged Oracle’s claims were specious and hyperbolic. The NAD reviewed all of the complaints and agreed with IBM and recommended that Oracle discontinue making misleading claims in its advertisements. …

National Advertising Division Strikes Oracle Out Over Misleading IBM Ads; Refers Case to FTC Read More »

One Hour of Downtime Costs > $100K For 95% of Enterprises

Over 95% of large enterprises with more than 1000 employees say that on average, a single hour of downtime per year costs their company over $100,000, over 50% say the cost exceeds $300,000 and one in 10 indicate hourly downtime costs their firms $1 million or more annually.

Moreover, for a select three percent of organizations, whose businesses are based on high level data transactions, like banks and stock exchanges, online retail sales or even utility firms, losses may be calculated in millions of dollars per minute.

Those are the results of ITIC’s 2013-2014 Technology Trends and Deployment Survey, an independent Web-based survey which polled over 600 organizations in May/June 2013. All categories of businesses were represented in the survey respondent pool: 37% were small/midsized (SMB) firms with up to 200 users; 28% came from the small/midsized (SME) enterprise sector with 201 to 1,000 users and 35% were large enterprises with over 1,000 users. …

One Hour of Downtime Costs > $100K For 95% of Enterprises Read More »

Two-Thirds of Corporations Now Require 99.99% Database Uptime, Reliability

A 64% majority of organizations now require that their databases deliver a minimum of four, “nines” of uptime 99.99% or better for their most mission critical applications . That is the equivalent of 52 minutes of unplanned downtime per database/per annum or just over one minute of downtime per week as a result of an unplanned outage.

Those are the results of ITIC’s 2013 – 2014 Database Reliability and Deployment Trends Survey, an independent Web-based survey which polled 600 organizations worldwide during May/June 2013. The nearly two-thirds of respondents who indicated they need 99.99% or greater availability is a 10% increase over the 54% who said they required a minimum of four nines reliability in ITIC’s 2011-2012 Database Reliability survey.

This trend will almost certainly continue unabated owing in large part to an increase in mainstream user deployments of databases running Big Data Analytics, Business Intelligence (BI), Customer Relationship Management (CRM) and Enterprise Resource Planning (ERP) applications. These applications are data intensive and closely align with organizations’ main-line-of-business and recurring revenue stream. Hence, any downtime on a physical, virtual or cloud-based DB will likely cause immediate disruptions that will quickly impact the corporation’s bottom line. …

Two-Thirds of Corporations Now Require 99.99% Database Uptime, Reliability Read More »

Andrew Baker Q&A: Security

Andrew Baker has been an IT manager specializing in security for over 25 years. He has worked at a variety of firms ranging from large enterprises like Sanford Bernstein, Bear Stearns, Warner Music Group and the Princeton Review, to SMBs like Send Word Now. In the wake of the 9/11 World Trade Center bombings, Baker was tasked with getting the network up and running and defending its data from any potential hacks. As a lifelong security expert, Baker knows that there is no such thing as absolute foolproof security. But he’s also aware that even the strongest security mechanisms can be undermined by human error and lack of strong security policies and procedures and corporation’s failure to enforce common sense security practices. Baker is President and founder of BrainWave Consulting Company, LLC in Gassaway, West Virginia where he provides Virtual CIO services for small/medium businesses.   See BrainwaveCC.com

ITIC: What has been the greatest security threat to emerge in the last 10 years?

Andrew Baker: Since 2003 we’ve seen the modernization of the hacker community and organized crime has appeared on the scene. Organized crime views the Internet as a bonanza: it allows them to operate out of the limelight with fewer resources. We’ve also witnessed nation-states and state-sponsored cyber-terrorism. Countries are all spying on one another. But there are certain countries that represent a big security threat: China, Asia in general (North Korea), Romania, Russia, Bulgaria and former Soviet satellites and the Middle East. The difference between China and everyone is that China has swiftly morphed into state-sponsored cyber-security threats and the country is tightly regulated. Any country that can prevent Google from free-search can easily stop hackers from inside their borders – if it wanted to. In Romania and other countries there are towns like “Hackertown” that promote ‘Cybercrime as a Service.’ Here in the U.S. the bulk of the problem is people, specifically stupid human error among the bulk of the population. Additionally, the U.S. Government has yet, to my knowledge, catch a single cyber criminal either the Russian or Italian organized. These cyber security syndicates have modularized cybercrime; they outsource a lot of their criminal activities and they can operate from anywhere, which makes it more difficult (but not impossible to catch them.

ITIC: As both an IT professional and a consumer how much more dangerous and pervasive are the security threats now than they were even three to five years ago?

AB: It’s insane.It’s no longer college students or kids out make their reputation for fun and glory. You now have specific kits and organized crime and “hacktavists.” Security threats are everywhere and they’ve risen by orders of magnitude.

ITIC: Against this backdrop we now have the Bring Your Own Device (BYOD) and IT as a service, trends which make security even tougher for businesses. What do you do for your corporate clients?

AB: The first thing I dois review and test and their environment. I also construct a checklist and ask them if they are able to do the things they want to do and to ascertain whether or not any of those actions potentially compromise the organization’s security.

ITIC: What do you look for?

AB: I examine the entire network environment including application configurations, the manageability of systems and I examine how the corporation mitigates risk and manages host-based security. Many organizations haven’t done anything to regulate network access – they’re wide open and oftentimes have not changed/updated security parameters and permission.

ITIC: Upon examination what gaps do you typically identify?

AB: I do penetration testing but for the most part I don’t need to do that. In fact, the companies that need to do penetration testing to show where the flaws are – just don’t get it or they’re reasonably secure and I’m running an automated tool to uncover something obscure. For most SMBs, the gaps in their security are very evident; they are issues like firewall configuration or misconfiguration. Every rule in the firewall should apply to something that’s happening. I typically see a mismatch between the rules and the systems that the rules pertain to. What you want to see is more systems than rules. When you see more rules than systems, you will almost always find that you have openings in the firewalls for devices that no longer exist or no longer performs the specific function for which it was originally provisioned. For example, a firewall that is configured to secure or filter inbound Web access can be a security hazard, if the servers it applies to have been outsourced to GoDaddy. In this scenario, if the organization never changed the firewall rules and if the organization built a new server to control inbound Intranet traffic and gave it the same IP address as the old Internet Web server, the firewall rules from the outside will still work. But that means the company has unwittingly created a doorway into the network.

ITIC: What other common configuration errors do you encounter?

AB: Rules that are too broad and allow too much access; default passwords not being changed; people still putting in intentional back doors into the system (which is leftover from the 1980s) which they forget to secure. For example, many corporations allow the use of intentional backdoors so an administrator can manage the system from home, but when he or she leaves the company, the rest of the organization has forgotten about it, so it remains a possible source of exploitation. Organizations and their IT departments and security IT managers must monitor all the entry points into the system. This includes obvious things like user logins and of course, the still popular “shared passwords.”

ITIC: In terms of securing the environment where organizations are most likely to skimp on security and what types of security issues do some businesses ignore altogether?

AB: The areas of greatest weaknesses usually involve mobility and data leaks. Many companies pay attention to inbound traffic but they mistakenly ignore outbound data traffic. For example a small or midsized organizations that has 500 or fewer employees and that are not in a heavily regulated vertical market environment like healthcare, financial or pharmaceutical, you’ll find that 90% of the security rules are about connecting into the environment and only 10% are about connecting out. This goes beyond regulating social media or URL usage – with Web filtering – that’s more focused on productivity than it is for security. Most firewalls are intended to secure inbound traffic – most of the newer devices do support bi-directional security. The average lifespan of a firewall is about five or six years; the key is ensuring that the tool services the corporation’s security needs. A 10 or 20MB connection with multi-year support is available for a list price of less than $2,000. So it’s affordable for even an SMB with 10 employees. There is really no excuse for any company not to install a state-of-the-art firewall with network level anti-virus, intrusion prevention and different types of application analysis and multiyear support for subscription and signatures.

ITIC: Firewalls are the first level of defense. What are other must-have security tools?

AB: Adequate monitoring is crucial.The first rule of security is that you won’t catch everything; there’s no such thing as 100% foolproof security unless it’s the device is disconnected and physically locked up. Monitoring encompasses many tools (e.g. audit trails) that enable the company to consolidate network data traffic in at least near-real-time so the organization can perform forensics. Corporations also need to send firewall, application and switching log data and consolidate them to a single location where you can monitor them. Since you can’t stop everything, you need to be able to monitor all network traffic in hindsight, so you can determine if a breach has occurred, where it occurred and duration so you can determine what happened. Intrusion detection is typically included in new firewalls. Audit trails are directly linked to monitoring. Policy falls into two categories: policy as a matter of legal definition and procedures to facilitate the goal. Companies should also distinguish between their Business policy and their Technology policy. The Business policy sets the rules and guidelines governing who has what levels of access. The technology policy should enforce the business policy.So if the firewall is replaced with another brand all you have to do is figure out how to configure it, but the basic business premise doesn’t change. You have to identify risks to mitigate them to an acceptable level. You will never totally eliminate risk.

ITIC: What risks should organizations look for and eliminate?

AB: First, the security teams need to identify all technology and business-based risks. Next, they should suggest anything that can be used to mitigate these risks and pay equal attention to everyday human actions which can elevate physical security risks. For example, if everyone has a key card to get into the office but they ignore who comes in behind them, then you’ve just created a big security risk by human action, which has nothing to do with technology. Similarly, if a company has 50 people in the office but only 20 keycard swipes, it could institute a policy that requires a key card swipe and not allow visitors to roam unescorted throughout the premises. Finally, IT security professionally should proactively communicate with management, provide them with updates and bring security risks to their [management’s] attention. Set up a meeting with the goal being to have management sign off on some of the proposals and agree to accept or mitigate risks.

ITIC: That’s a bold suggestion. As we all know politics plays an important role in security. What’s your advice to internal Security IT pros, who are being told to provide administrative access to end users – particularly those that are connected to the corporate revenue stream like a doctor or a lawyer – even though it represents a big security risk?

AB: There are different approaches to saying “No.” Again, security professionals must be proactive about identifying the risks and getting management to recognize and sign off on them. Cite statistics and studies to bolster your argument; make an objective argument. Don’t make it personal. The objective of the corporate IT security professional is to gain better control or have the other parties accept the risk. There are three (3) outcomes. The first is they stay within the system because they don’t have a pressing need – the “convenience” argument for a knowledge worker to have Administrative access isn’t strong enough, or alternatively, the IT department will accommodate pressing needs by providing elevated access. The second path is that you can’t convince them and you tell senior management that we’ll do it, but you need to sign off on the elevated risk so if a breach occurs, they accept the responsibility for acquiescing to elevated access rights. If that’s the case, the security IT administrators need to state specifically that the physics of the system don’t allow them to grant elevated access rights and still maintain security. I recognized that depending on the relationship between C-level executive managers and the IT department, that it may be difficult to get senior management to put it in writing. The way to get the paper trail you desire is after the meeting, you send out an Email recapping the meeting events and stating “…As per our discussion, we have made an exception even though it’s a greater security risk….” The third scenario is to work with the individual(s) who want the elevated access and to work out some compromises. It could be that the IT department will monitor them to a greater degree and expect them to keep IT informed of their activities. It becomes a reciprocal relationship; even though it raises risks you still get another set of eyes. It takes a great degree of cooperation and you still have to be vigilant. The people who cooperate are rarely the source of trouble.

ITIC: BYOD and mobility are the new business paradigms. Smart phones and tablets are high security risks both in terms of device theft and potential security breaches. What are the best security defense methods?

AB: There are a variety of tools to manage mobile devices. But it still comes back to having strong corporate security policies, that the company enforces. Security IT professionals should assume that their worst security nightmares it will happen and find the tools and policies they need to secure it. There are mobile-only products – MDM (mobile device management) like. Mobile Iron and ManageEngine has a tool called Desktop Manager, to name just two. Consumer users can opt to store their contacts in the cloud Apple, Google, Microsoft and others all provide ways to do this. Google and Apple’s cloud solutions support storage of pictures and videos – and you can backup your data locally. There are also tools that enable you to wipe the device in case it’s lost or stolen e.g. AndroidLost which is free.

ITIC: What emerging security threats are on the horizon?

AB: It’s not so much new threats as it is sophistication of existing threats. Corporations can expect that hackers will employ technologies like cryptography to their advantage when attempting an intrusion. We see that hackers are now digitally signing their malware so it appears legitimate and authentic. We can also expect more meaningful and pernicious attacks against mobile devices. We’re going to see further proliferation of Root Kits and we’re also witnessing cross-platform attacks that can affect any connected platform, so the malware goes from Android to Windows to Apple or whatever. No connected platform or device is immune.

ITIC: For years Apple benefitted from security by obscurity is that going away?

AB: Thanks to its burgeoning popularity, Appleis absolutely much more of a target. In the last six months alone we’ve seen a lot of malware that is Mac-specific – it hasn’t done anything specific yet but the fact that it’s available and it’s targeting an environment where many users don’t expect it and have a false sense of security – is troubling.

ITIC: What’s the bottom line with security?

AB: At the end of the day, security in principle is straightforward. It’s the charts you see from companies that do business process re-engineering. You identify, assess and take the appropriate remedial action – or not. The problem with security is that it is not static. The hackers don’t stand still. Security is continually evolving process. Even if you never changed your technology, the security still evolves. Every new feature and function and product has unintended uses and consequences. Security is a 65% to 35% — between process and people it’s 65% and 35% is the technology. Security should be baked into the entire environment. You always pay the price when you do it in hindsight and bolt it on. Certain environments are more security-sensitive. In a financial organization, whatever the platform, people will be secure.

Andrew Baker Q&A: Security Read More »

nCrypted Cloud secures, stores BYOD, Cloud-based Information

Cloud computing and Bring Your Own Device (BYOD) are inarguably two of the hottest trends in high tech today. These enabling technologies increase productivity but they also present corporations and consumers with significant security, privacy and manageability challenges.

A new software service from nCrypted Cloud, a Boston-based startup, secures and encrypts cloud-based data in a straightforward, easy-to-use and affordable manner.

nCrypted Cloud encrypts data from recognized cloud services like Dropbox, Google Drive and Microsoft’s SkyDrive. nCrypted Cloud comes in three versions: a basic Consumer version which is free; a Consumer Pro version and an Enterprise edition aimed at corporate users. …

nCrypted Cloud secures, stores BYOD, Cloud-based Information Read More »

Scroll to Top