Enterprise IT Watch Blog


January 19, 2011  12:19 PM

With Starbucks new mobile payments, can Venti-sized security holes be far behind?

Michael Morisy Michael Morisy Profile: Michael Morisy

QR codes are finally coming to America with a caffeinated jolt, thanks to Starbucks’ new mobile payment system that lets you scan and pay for your drinks with an iPhone or BlackBerry pre-loaded with Starbucks Rewards account information.

And with Starbucks incredibly brand loyalty stats, the program has a huge opportunity for success. As the Seattle Times reports:

One in five Starbucks transactions is now made with the store cards, and mobile payments “will extend the way our customers experience and use their Starbucks Card,” Brady Brewer, vice president of card and brand loyalty, said in a release. “With mobile payment, the Starbucks Card platform further elevates the customer experience by delivering convenience, rewarding loyalty and continuing to build an emotional connection with our customers.”

But as Starbucks paves the way into a brave new world (for the US, at least) of QR payments, I get the sinking feeling that we’re bound to run into a “teachable moment” security lapse very soon. Continued »

January 17, 2011  3:25 PM

Snowstorm Survival: A member guide

Michael Morisy Michael Morisy Profile: Michael Morisy

We received a great response to our call to the community for advice on ensuring that a blizzard doesn’t become a perfect storm for your IT department. New member KFaganJr used the question as an opportunity to document everything his department did to prepare, preparing a fantastic guide for others facing a similar problem:

Most of the tasks were a verification that existing systems were fully functional before the storm hit. These included ensuring all off-site backups we run successfully, a live copy of any important documentation was hosted off-site and up to date, temperature sensors and reporting tools were functional and also tweaked to allow more time for action due to the extra travel time needed.

Being a small department we were able to just discuss things such as who can be where and do what if a major problem hits, but in a larger organization I would have documented it.

It’s important to walk through the process of redirecting traffic if a location goes down. We have four main sites that usually funnel all traffic through the main office, if one goes down then that traffic has to be sent elsewhere to keep everything functional. Things to note… how much time do you have to complete the job if need be, is the alternate connection you rely on functioning properly, is touch services needed to make the switch?

Also, for anyone working with end users, any employees with passwords about to expire were sent additional emails to prevent additional work, reminders of phone system features were sent out that would help users work from home seamlessly. emails to remind users that if they have VPN issues speak to IT before the storm hits if possible. Additional laptops were available to lend out for critical personnel.

The most important task in my mind is making sure everything is running smoothly before the storm though, you don’t want to worry about preparing for disaster and neglect the critical server that has been crashing, have an issue with that server when touch services aren’t available and making all other planning to avoid disaster in vein because of an unrelated issue.

Spadasoe suggested that while virtualization could help offload some effects of traffic spikes if the number of remote users faced a sudden jump, “Our fabric is our fabric so we are limited in what resources we can add.” Planning ahead and mapping out worst-case scenarios were the best tips for staying ahead of outages.

MrDenny shared that view, adding that using multiple sites and duplicated data was a worthwhile investment:

Having user data replicated between sites so that when they VPN into another site because the network link at their office is down the users can still access their data, etc. The setup and recurring costs for a little extra bandwidth is minimal compared to the loss of work from one bad 2+ day snow/ice storm.

One commenting wag suggested simply going with the flow, “cutting Internet access to the office? Then blame it on the provider.” While we can’t officially endorse that approach, we can understand the temptation. Any more tips? Leave them in the comments below or, better yet, add them to the community forum!

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.


January 13, 2011  8:30 AM

VDI-in-a-box: Fast food virtual desktops

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

In an interview over at SearchVirtualDesktop.com, virtualization expert Mike Nelson highlighted some of the top stumbling blocks for new deployments of VDI. Among these stumbling blocks: Not understanding or being in tune with your users (i.e. not fully understanding what your users do); lack of application functionality in virtualized environments; and the inability to allocate resources and investment in planning.  Brian Madden agrees.

Just like with any new technology or infrastructure, there are bound to be stumbling blocks and desktop virtualization isn’t something users want to jump head-first into. Enter VDI-in-a-box. Continued »


January 12, 2011  1:46 PM

Are you prepared for #snowday?

Michael Morisy Michael Morisy Profile: Michael Morisy

In Boston today, one of the “trending topics” on Twitter is, quite appropriately, #snowday. Another trend should be setting off bright red warning klaxons in IT departments, though: VPN.

And if you actually look at what people are saying, it gets worse.

**Warning: Disturbing images ahead for the security conscious.**

So what’s an IT department to do? Well, for one thing, prepare early and often!

  • Negotiate license agreements so you can have occasional “spikes” in remote software, like VPNs or web clients.
  • Send out e-mail reminders to staff that, on days where you’re likely to have a large jump in remote workers, resources will be strained and outline strategies that workers can use to minimize their impact.
  • Have a recovery strategy in place, with a timeline of how long it will take to bring critical and non-critical systems back online after a local or regional power outage.

Any other dangers – or preventative measures – you’d recommend to your peers? Sound off in the forum! The best answers will even get 50 bonus points towards our current iPad contest.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.


January 10, 2011  10:36 AM

Desktop Virtualization Voices on Your Desktop

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

Get your daily,  140-character dose of desktop virtualization with these evangelists, practitioners, and experts alike, compiled below as well as in our Virtualization Pros Twitter list. Don’t see your favorite name on the list? Add it in the comments or send me an email at Melanie@ITKnowledgeExchange.com! Not a Twitter person? No problem! Check out our list of top desktop virtualization blogs or SearchVirtualDesktop.com for meatier doses of the information you need.
Continued »


January 5, 2011  12:52 PM

When it comes to virtualization, beware the fine print

Michael Morisy Michael Morisy Profile: Michael Morisy

Windows 7 Virtualization Fine PrintWhen it comes to virtualization, be sure to read the fine print: Licenses can be surprisingly restrictive, even from vendors who are otherwise on the vanguard of virtualization. Take featured desktop virtualization blogger Brian Madden’s explanation of Microsoft’s licensing rules:

VECD stands for “Virtual Enterprise Centralized Desktop.” It’s the license that Microsoft requires to use its desktop virtualization. VECD must be purchased in addition to the base Windows operating system license. So if you want to virtualize Windows, you have to buy this VECD license as a second license. If you don’t like it — too bad. Don’t use Windows then. (Ah, the joys of a monopoly.)

And it gets worse, because VECD is a subscription, not a perpetual, license and signing up for VECD generally requires Microsoft’s annual Software Assurance program. As if things weren’t confounding enough, the VECD used to stand for “Vista,” and is documented as such in much of Microsoft’s documentation.

Continued »


January 5, 2011  9:04 AM

Top Desktop Virtualization Blogs

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

We’re covering all facets of the desktop virtualization world at IT Knowledge Exchange, and what better way to keep up on the latest in virtualization technology than to read what practicing pros and analysts are blogging about? One of the best resources for desktop virtualization blogs is TechTarget’s very own BrianMadden.com. The site has been around a long time, offering in-depth and up-to-date analysis from original bloggers: Continued »


January 3, 2011  12:17 PM

Why iPads might be desktop virtualization’s greatest threat

Michael Morisy Michael Morisy Profile: Michael Morisy

Now that the holidays have come and passed, all manner of tablets and other mobile gadget gifts will be flooding homes and, inevitably, offices around the world. But there’s another possible byproduct of the trend – aside from Angry Birds – everywhere: The mobile revolution might stall or kill outright nascent desktop virtualization efforts.

It would be a surprising twist. Server virtualization has revolutionized IT’s “hidden” operations, cutting costs and speeding up deployments, and desktop virtualization was predicted to bring similar advantages to the most visible interaction between IT and their users.  Gartner had predicted the hosted virtual desktop market to equal 40% of the worldwide professional PC market by 2013, from less than 1% in 2009.

That’s a highly optimistic outlook, but one that some tech pundits are saying is off the mark. As Kevin Fogarty writes for ITWorld, mobile is quickly becoming more important than desktop when it comes to virtualization:
Continued »


December 29, 2010  4:34 PM

Network security is not fiction, but these stories are

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

Who says that tech books have to be boring and technical and, heck, non-fiction? Definitely not the people behind Stealing the Network from Syngress.

Meant to inspire security and technology pros alike to wonder and muse on the what ifs of security vulnerabilities, Stealing the Network exercises the imagination in hopes of sparking real life solutions. With contributions from security consultants, technical directors, security engineers and specialists with impressive lists of accomplishments, Stealing the Network is a truly creative bunch of “stories that are fictional, with technology that is real.”

Whether you’re into ethical hacking or IT security, you’ll find the stories not only entertaining and thought-provoking, but also valuable in their recommendations and specificity regarding what programs and systems the fictional hackers are using. Though the stories are fictional, they are set in the real world and are described with great accuracy. Screenshots, graphs and titled sections make for easy reading and navigation. The authors of these ten stories come from the IT security world, and thus their characters and scenarios are familiar and relatable, like the narrator from Ryan Russell and Timothy Mullen’s “The Worm Turns”:

Rarely do people like me want to chitchat about what we do in general terms. We live in a world of minute detail, machine-language code, operating system calls, and compiler quirks. Most of the time, we would rather keep to ourselves and do independent study, unless we’re having trouble with something specific or want someone to double-check our work.

In his foreword to the book, Jeff Moss, founder of Black Hat and DEFCON, defends the purpose of the book: “You could argue it provides a roadmap for criminal hackers, but I say it does something else: It provides a glimpse into the creative minds of some of today’s best hackers, and even the best hackers will tell you that the game is a mental one.”

Want a chance to win this unique book? Share your own hacking scenario – fictional or otherwise – and what can be learned from it. Leave your story in the comments section or email me at Melanie@ITKnowledgeExchange.com.

Check out our list of top network security books for more ideas on some great reading. Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


December 27, 2010  2:50 PM

Niche networking companies: A good bet in 2010 and beyond

Michael Morisy Michael Morisy Profile: Michael Morisy

Think Cisco, HP and other blue chip mainstays were the winners in 2010′s IT industry? Think again. The Motley Fool’s Eric Bleeker took a look at the top 10 networking and electronic stocks in 2010, and the winners were smart, savvy and small. Small enough that if you don’t live and breathe networking and IT, you probably haven’t heard of them.

The year’s winner was Acme Packet, which does session border control for enterprise and telecom, saw a 400.3% return in 2010, a boost that accompanied the migration to all-IP networks. More familiar companies like Riverbed Technology and Radware also had boom years, as far as the stock prices were concerned.

What drove the high valuations? In 2010, the network mattered more than ever, and HP and Cisco’s feuding left ample opportunities for smaller players to get a chance to sell their message (or partner with a bigger player) as IT managers began sorting out the new landscape.

But 2011 could see this chaotic market calm down, as Bleeker writes:

In the past, major IT firms had largely left the networking space to its 800-pound gorilla, Cisco, to control. However, after Cisco’s decision to create a server system that competed directly with many of its partners, companies like Hewlett-Packard and Dell have increasingly cast an eye to their own networking solutions. Much the same as storage, we’re seeing some smaller companies creating very advanced technology to fill niches not covered by industry giants like Cisco and Juniper. Will the mega-cap tech companies stalking networking go on a buyout spree that’s similar to what was seen in storage last year? I wouldn’t rule out a laundry list of buyouts across networking in 2011.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: