Enterprise IT Watch Blog


February 22, 2011  2:29 PM

The Cloud Security Boogeyman

Melanie Yarbrough Profile: MelanieYarbrough

There’s quite the reaction across the blogging community today to a particular article by ComputerWorldUK: Cloud computing is just outsourcing, says Information Security Forum. The article quotes Adrian Davis, principal research analyst at ISF, from his speech at (ISC)2 SecureLondon Conference, including this bit about the insecurity involved in trusting cloud security to providers:

“If you don’t know the classification or sensitivity of information, how do you judge what goes in the cloud and what doesn’t? How does the cloud service provider back up and destroy the information? Is there proof that everything they do happens?” Davis said.

While the issue at hand seems to be that most people disagree with the assumption that cloud services are another form of outsourcing – like David Lacey, who also attended (ISC)2, disagrees in his own IT Security blog – there is another aspect of assumptions and fear-mongering happening here. While I would agree with the caution that Davis is strongly suggesting the enterprise exercise, it seems more users would benefit from being educated on the ways to avoid his seven deadly sins rather than having a finger wagged at them. Mike Vizard blogged about one motivation for raising security concerns related to the cloud:

In face, most of what gets ascribed to security in the cloud are really data management and compliance issues, or simply deliberate attempts to create concern over security as part of an effort to protect jobs that might be threatened by cloud computing.

Is that a fair assessment? Is there simply a lack of understanding surrounding the technology that has spun off into a misunderstanding of security surrounding that technology? How do you respond when you hear negativity toward cloud security: Do you run away or desire to learn more about how to avoid common pitfalls?

Let us know in the comments section or send me an email at Melanie@ITKnowledgeExchange.com.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

February 22, 2011  9:19 AM

Did iPhones make the desktop virtualization call easier?

Michael Morisy Michael Morisy Profile: Michael Morisy

I had the opportunity to sit down with MokaFive CTO and founder John Whaley while I was at RSA, and we caught up on the adoption of desktop virtualization, where the hypervisor belongs, and more. He was even so kind as to allow me to shoot some  video, though the cafe where we were meeting makes the audio a little scratchy.

One thing John brought up was the mobile vs. desktop virtualization debate. His stance was that, far from detracting from desktop virtualization, mobile devices and tablets actually helped start the conversation in getting companies to seriously look into a broader desktop virtualization strategy.

“A lot of times people want to use their iPhone and hook it up with their corporate e-mail, or use an iPad at work,” he said.  “That starts the conversation about what are we going to do about people wanting to bring their devices in, and how are we going to manage them.”

Whaley also said that that desktop would still dominate for the foreseeable future, even in more tablet-friendly businesses. “It’s not ‘We’re going to give iPads only,’” he said “It’s, in every case, an iPad is in addition to a laptop. It’s good for consuming but it’s not as good for creating content.”

[kml_flashembed movie="http://www.youtube.com/v/ScUKZoDwJzw" width="425" height="350" wmode="transparent" /]

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.


February 21, 2011  2:09 PM

An autopsy of IBM brainchild, Watson

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

Sure, everyone loves a good robot story, but what are we really interested in when it comes to Watson, The Jeopardy Wild Card? David Ferrucci and his team’s brainchild has some impressive specs, in addition to its record-breaking performance:

  • 10 racks of 90 Power750 servers
  • 2,880 cores in Watson’s system
  • 15 terabytes of RAM
  • Equivalent of about 6,000 high-end home PCs

In addition to the enviable hardware setup, Watson’s software included the ability to understand language, making it possible for it to compete in the game show. Ferrucci’s team of two dozen wrote a mixture of algorithms in an attempt to emulate the human brain. To aid the supercomputer in recognizing letters of the alphabet, IBM input millions of images to allow Watson to determine recurring qualities in order to recognize the form of a letter it hadn’t yet seen.

Because Watson couldn’t be connected to the Internet during the game, Ferrucci’s team input information from The World Book Encyclopedia, Wikipedia.org, the Internet Movies Database, a large portion of the New York Times archives, and the Bible. The software is also capable of synthesizing data, or machine learning: With each question Watson gets correct, it is able to gather the commonalities amongst correct responses and improve its game.

No reason to panic, though. IBM’s Ferrucci assures the public that Watson is not the first step toward a realization of iRobot. If it is, however, we still have Asimov’s three laws to protect us:

1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey any orders given to it by human beings, except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


February 17, 2011  7:34 PM

What the pros are saying: The community’s favorite security blogs

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

We polled IT Knowledge Exchange members for what security blogs and Twitter feeds they’re reading, and here are some of the security-related picks:

Don’t have time to read these blogs? Why not listen to one! Check out this vimeo video based on Craig Balding’s blog post “Are You Trying to Pin the Tail on the Cloud Donkey?

Are we missing any of your favorite cloud security or just plain security blogs? We’d love to have them on our list, so leave them in the comments or send me an email at Melanie@ITKnowledgeExchange.com! For more tech blogs, check out the community’s member and editorial blogs.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


February 17, 2011  1:25 PM

5 takeaways from the Department of Defense’s Cyber Strategy 3.0

Michael Morisy Michael Morisy Profile: Michael Morisy

William J. Lynn, III, U.S. Deputy Secretary of Defense, helped kick off RSA 2011 with a keynote, as Security Bytes nicely covered. Listening to his talk, I was struck by how similar the fundamental issues the Department of Defense is grappling with are to the day-to-day problems the good folks in our IT community forums are tackling. In fact, the five pillars of Department of Defense’s Cyber Strategy 3.0 that Lynn laid out might make bullet points for your next pitch on why, yes, IT actually does matter to a company’s strategic success.
Continued »


February 16, 2011  3:01 PM

Meet Rivest, Shamir and Adleman: The men behind RSA

Michael Morisy Michael Morisy Profile: Michael Morisy

As Michael Mimoso reported earlier, cryptography and security pioneers Ron Rivest, Adi Shamir and Len Adleman were honored at the 2011 RSA conference with the Lifetime Achievement Award. While it might be a bit of an obvious choice – RSA is named after them and all – the tribute video beforehand was excellent as both a primer on the cryptography and history that underlies modern security practices. It’s not embeddable, but you can pop over to RSA’s conference page to watch the presentation, which runs about 10 minutes and is completely worth it.

It was a great, sentimental crypto-geek moment … until it was shattered by a weird pop montage touting the conference’s take on Alice, Bob and Eve with a weird mashup of Madonna and Journey (I think). When will people learn to leave well enough alone? In the meantime, go watch the video.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.


February 16, 2011  1:33 PM

Salesforce Head of Platform Research says to change your cloud tune

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

It’s a common belief these days: Everything is heading to the cloud. With words such as “migration” dictating much of the conversation surrounding cloud, it’s safe to infer that many people view the cloud as an approaching technology rather than one that’s already here.

Peter Coffee, head of platform research for Salesforce.com, disagrees with this feet-dragging mentality. “The cloud is certainly available to everyone,” said Coffee. First of all,  he said “migrate” is an inhibiting word when approaching the cloud. Coffee suggests looking for applications you wish you had but haven’t been able to create. Do you have a business process that’s organized primarily in spreadsheets and email? Consider building an application that can automate that process and deploy it in the cloud.

Continued »


February 15, 2011  4:37 PM

The sneaky vulnerability that beat Coca-Cola’s HDD encryption and leaked the secret recipe

Michael Morisy Michael Morisy Profile: Michael Morisy

Yesterday I wrote about how Lenovo, talking up its new Full-Drive Encryption (FDE) tools, bragged that the technology was used to secure Coca-Cola’s famously guarded secret recipe. Well, that security measure (if accurate) was recently trumped by a 125-year-old vulnerability and an unlikely Black Hat: Ira Glass and NPR’s This American Life, which stumbled upon a 1979 stock photo which, the program’s reporters believe, was actually a photo of the original handwritten recipe.

It’s not the first time the alleged recipe has been released (Wikipedia currently lists a host of candidates), but the release highlights a theme I heard again and again this morning from the wonkier side of RSA: Technology is an incredibly small part of any true security solution. Adi Shamir, the “S” in RSA, made a point of saying that even the bleeding edge in security, and particularly cryptography, can do very little to nothing to stop WikiLeaks-style attacks or even Stuxnet attacks.

The end result is this: Enterprises (and governments) must constantly evaluate the total security scenario and always consider their assets compromised, just like the the NSA does, while evaluating ways to minimize harm.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.


February 15, 2011  3:52 PM

RSA Conference takes to the sky

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

Whether you’re in San Francisco at RSA 2011 or you’re in the middle of nowhere scouring the Web for updates and insights, we’ve got the A-list of Twitter stars that are on the ground at RSA right now. Click, follow, and keep up. If you’re there, why not send them a message – the worst that can happen is you get even more swag!

@atwalls: Gartner analyst who specializes in infosec practices, enterprise governance, security program management, and more.

@rcheyne: This self-described “hacker of the old-school variety” is also CEO of Safelight Security, a security training company.

@Simply_Security: David Lingenfelter, Information Security Officer at Fiberlink Communications, is sending out highlights and reactions to the goings on in San Fran.

@merrittmaxim: Works in Identity & Access Management at CA Technologies. He’s giving frequent updates on his reactions to what’s happening at RSA.

@JDeLuccia: James DeLuccia works in risk management and IT security. Check out more in-depth coverage of the conference at his blog.

@jhaggett: This “lover of all things mobile” is at RSA. Whether he’s interacting with other members of the conference or observing a session, Jamie Haggett’s tweets are just as entertaining as they are informative.

@themeworks: Chief Technologist at Palm Tree Technology UK and Mastlabs USA, is tweeting out questions for his fellow RSA-goers and IT enthusiasts alike.

@Reflex_mike: UPDATE! How did we miss Mike Wronski? He’s VP of Product Management at Reflex Systems, and he’s been tweeting the heck out of RSA the past week.

@morisy & @ITKE: Editor Michael Morisy is on the scene in San Francisco. Check out his in-depth coverage at the Enterprise IT Watch blog.

And of course, for official updates on the conference, check out @RSAConference and hashtag #RSAC for more general, up-to-date information. Did we miss anyone? Send me an email at Melanie@ITKnowledgeExchange.com or leave it in the comments section.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


February 15, 2011  1:50 PM

Oracle Database Firewall: A Babel Fish for SQL Sleazeballs

Michael Morisy Michael Morisy Profile: Michael Morisy

Oracle Database Firewall made its public debut here at RSA yesterday, and for a cool $5,000 per processor the software parses incoming SQL statements, picks out risky ones and translates them into something a bit more mundane, adding a new layer of defense against SQL while minimizing the disruption to non-malicious users. It also means a minimal amount of reconfiguration on the part of the database admins: Just drop the firewall in, theoretically, and you’re (theoretically) protected, as one Oracle honcho explains:

“Evolving threats to databases require enterprises to look at new security solutions,” said Vipin Samar, vice president of Database Security, Oracle. “Oracle Database Firewall offers organizations a first line of defense that can stop internal and external attacks from reaching databases. Easy to deploy and manage, Oracle Database Firewall helps reduce the costs and complexity of securing data across the enterprise without requiring any changes to existing applications and databases.”

Read the full press release here.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: