It seems like just yesterday we were celebrating Windows 7’s birthday, and now we’re being told to start etching a more sobering date in stone:
April 8, 2014: The Day Windows XP Dies
Service Packs 1 and 1a were retired back in 2006. Service Pack 2 rode off into the sunset last month, on July 13. And Service Pack 3 will be retired along with all editions of Windows XP on Patch Tuesday, April 8, 2014.
It’s true that this date has been pushed back twice, but this might be the actual end of the line, as both Eds point out, that at this juncture, Microsoft will almost certainly be handling at least 4 generations of Windows. The SKU count (i.e., the available flavors of Windows) enters dangerous territory:
- XP has Home, Professional, Starter, Media Center and Tablet Edition, as well as the 64-bit editions.
- Vista has Starter, Home Basic, Home Premium, Vista Business, Vista Enterprise and Vista Ultimate.
- Windows 7 has Starter, Home Basic, Home Premium, Professional, Enterprise, Ultimate, and Thin.
I’ve harped on this a lot in the past, but in a bid to maximize profits, Microsoft has littered the market with far too many Windows product versions, or what the company calls SKUs (for “stock keeping unit,” retailing term). And while we can try to dumb down the conversation by explaining how, in any given market, customers only have two or three or four choices, or whatever, the fact remains: One version is not just enough, it’s optimal from the customer point of view. Just ask Apple: It offers just one version of Mac OS X. It’s called Mac OS X. Not Mac OS X Media Center Edition or Mac OS X Arbitrarily Limited Edition. Just Mac OS.
Start-ups are raising venture capital everywhere we look. Here are some of the most promising of the start-ups providing storage as a service that are well on their way to being a force to reckon with.
The San Fransisco-based storage-as-a-service provider has raised $7 million in its second round of venture funding, totaling $13 million to date. The company announced plans to open a New York office to expand its sales and services to the East Coast as well as improving its “distributed object-based storage platform, adding full multi-tenancy for Service Providers who want to offer Virtual Private Clouds, and new tiering algorithm for the Private clouds environments.”
Its major accomplishment so far is doubling its funding in May 2010 after successfully delivering an email platform to Telenet’s over 2 million users.
The Silicon Valley-based file storage and sync provider has raised $10 million in its second series of funding, totaling $16 million to date. Often compared to Dropbox, Egnyte’s service utilizes a hybrid cloud solution that is geared toward SMBs. The client links a network-attached storage device to its office computers, constituting the local cloud where all files are synced and backed up. The local cloud is then linked to Egnyte’s servers for a remote access-enabled web backup. Clients are given security permission layers and have control over file sharing administration.
Egnyte experienced a quadrupling of its customer base in 2010, and boasts over 500,000 user licenses and 5 billion files synced. Its claim to beating Box.net in large data upload speed is backed by its average of 3,000 file uploads and downloads per minute. Egnyte’s plans for its most recent funding is to expand to international markets while increasing domestic sales, marketing and engineering. Look out for their logo in the enterprise application section of the next version of the iPad’s app store.
Despite Egnyte’s claims to speeding by Box.net’s capabilities, this Palo Alto-based online file storage and collaboration software provider takes the cake with its $48 million in its fourth round of funding. Rather than Dropbox, Box.net gets compared to a certain social networking site because of its young founders, which may serve as its greatest asset. As Box’s Chief Executive Aaron Levie told the Wall Street Journal, big vendors such as “Microsoft are just not innovating fast enough,” which in turn “create[s] huge…opportunities for guys like Box.” The company plans to double its 140-person staff within the next year, expand to international markets and step up their game in mobile applications. Good thing, too, since it’s servicing 5 million users at 60,000 companies, 73 % of which are in the Fortune 500, including Cisco and Panasonic.
Where is your company looking for its cloud storage and backup solutions? Are startups meeting the needs of small, medium, and big enterprises alike, or is there something left to be desired at the moment? Share your thoughts and experiences in the comments section or send me an email at Melanie@ITKnowledgeExchange.com.
Now that we’ve wrapped up cloud security, it’s time to look at what we can do with that secured cloud and there’s one roaring hot area we haven’t touched on much: Cloud storage, aka storage as a service. Consumer cloud storage has been taking off, and as we’ve seen in the mobile device and Software-as-a-Service (SaaS) worlds, where the consumers go, business is sure to follow.
Already, we’re seeing one company that might be gearing up to be a contender: Box.net, which recently received funding totaling about $80 million, is being compared to an early Facebook in terms of potential. A better comparison, however, might be SaaS, and now Platform-as-a-Service, juggernaut Salesforce.com.
In 5 years, that company took an admittedly all-star pedigree (Box.net’s founders are 20-something young guns, hence the Facebook comparisons) to IPO for $100 million, with a current market capitalization of $17 billion. Now that’s cool, and this business-centric territory seems to be where Box is aiming, unlike consumer services Mozbe and Dropbox. As the Seattle Times reports:
Box’s focus on the enterprise market makes it seem more mundane than some of the other investments that Andreessen Horowitz has made in more widely used Internet services — a group that, besides Facebook, includes Twitter, Zynga, Skype and Groupon. It also means there probably won’t be any Oscar-nominated movies made about Box, as Zuckerberg got with “The Social Network,” and Levie seems unlikely to be named Time magazine’s person of the year, as Zuckerberg was last year.
But that doesn’t mean Box can’t deliver a huge windfall for its investors, said John O’Farrell, a general partner at Andreessen Horowitz. “Enterprise software is a less sexy space, but that has created a huge opportunity for investors like us,” O’Farrell said.
There are, of course, a number of other options, ranging from simple off-site backup plans that run nightly to a bevy of managed services to help both simplify storage while still offering a high degree of control. One thing is certain, however: When it comes to storage, the future is cloudy.
There’s always more to learn, especially in IT, but we’ve done our best to clear up some of the confusion and anxiety around security in the cloud. Take a walk down memory lane with us as we recap the month’s highlights and guides from around the community.
- ITKnowledgeExchange community members cast their votes for favorite security blogs, and they’re worth a look.
- You didn’t have to attend this year’s RSA Conference to be able to appreciate the wisdom packed into some of these security professionals’ Twitter accounts.
- Whether you’re curious about cloud security or just plain lost, check out our Cloud Security Recommended Reading List for a jumping off point. Feel free to add your own picks and reviews!
Editorial Director Michael Morisy flew to hazy San Fransisco for RSA 2011. Check out some of his highlights:
- Oracle Database Firewall: A Babel Fish for SQL Sleazeballs
- At RSA 2011, Hacktivism is (again) a corporate threat
- The sneaky vulnerability that beat Coca-Cola’s HDD encryption and leaked the secret recipe
- Meet Rivest, Shamir and Adleman: The men behind RSA
- 5 takeaways from the Department of Defense’s Cyber Strategy 3.0
- Did iPhones make the desktop virtualization call easier?
Michael wasn’t the only one from our neck of the woods at the conference, so check out some other great blog posts from the West Coast festivities:
- RSA 2011: Does compliance inhibit security innovation?
- RSA 2011: Dan Kaminsky on the ROI of DNSSEC for enterprises
- Defense secretary outlines Pentagon cyber strategy
Open IT Forum
We’re never in want of a good discussion around ITKnowledgeExchange. Get to know your community by checking out members’ thoughts on some cloud security issues:
- Security Worst-Cases: Spadasoe, Fork92, Mpez0, CharlieBrowne, and Batye spill the beans on their firsthand experiences with security gone awry.
- What cloud concern do you need addressed?: Yeomanie, Sixball, and Ad2 share their reservations regarding cloud solutions.
- What are your cloud security concerns for 2011?: Batye, MicroAcres, and Rechil expressed concern about understanding normal processes such as backups and security in relation to the new technology.
Just because cloud security month has come to an end doesn’t mean that we’re not still dedicated to providing you with the know-how and necessary tools to navigate cloud computing. Keep posting those questions and discussions to forums and tagging them Cloud Security.
Think you can secure your virtual machines with the security you have in place? Today’s guest post comes from David Strom, and he warns you to think again.
The protective technologies that are plentiful and commonplace in the physical world become few and far between when it comes to the cloud. And while few attacks have been observed in the wild that specifically target VMs, this doesn’t mean you shouldn’t protect them.
So why can’t you just use a regular firewall and intrusion prevention appliance to protect your cloud? Several reasons. First, traditional firewalls aren’t designed to inspect and filter the vast amount of traffic originating from a hypervisor running ten virtualized servers. Second, VMs are so easily portable that tracking down a particular instance isn’t always something that a traditional IDS can do. Third, because VMs can start, stop, and move from hypervisor to hypervisor at the click of a button, protective features have to be able to handle and recognize these movements and activities with ease. Finally, few hypervisors have the access controls that even the most basic file server has: Once someone can gain access to the hypervisor, they can start, stop, and modify all of the VMs that are housed there.
There are a growing number of vendors and products in this space. Over the past year, the pace of mergers and acquisitions has picked up as the major virtualization and security vendors try to augment their offerings and integrate products.
- VMware purchased Blue Lane Technologies and incorporated their software into its vShield product line.
- Juniper Networks purchased Altor Networks Virtual Firewall and is in the process of integrating it into its line of firewalls and management software.
- Third Brigade is now part of Trend Micro’s Deep Security line.
There are other vendors, as well, in this space:
- Beyond Trust Power Broker Servers for Virtualization
- CA’s Virtual Privilege Manager
- Catbird vSecurity
- Fortinet FortiWeb VM
- Hytrust Appliance
- Reflex Systems Virtualization Management Center
Sadly, no single product can cover the typical security features found in most corporate data centers: Firewalls, IDS, anti-virus/anti-spam, and access controls. Some products have different modules for each of these functions (like Reflex and Trend) while some specialize in particular areas (such as Hytrust for access controls and compliance). All of these products cover VMware servers, but none of them protect Microsoft’s HyperV installations. A few (such as Catbird and BeyondTrust) will also protect Xen hypervisors.
Finally, if you get involved in testing these products, be prepared to spend some time understanding how they insert themselves into your cloud-based infrastructure. Hytrust, for example, looks like a load balancing appliance in that it segregates your virtual network segments. Others, such as Reflex or Catbird, require agents to be installed directly on the ESX host itself.
David Strom has many interests: as a former IT manager, a publication editor, a Web site creator, a podcaster and video producer, and a professional speaker. He writes several blogs including strominator.com, webinformant.tv, and mediablather.com. He lives in St. Louis and can be found on twitter @dstrom.
Last week, I spoke to Salesforce.com’s head of platform research, Peter Coffee, about how the attitude toward cloud computing needs to change. But is this “shake off your fears” method exclusive only to big business? Ralph Plunkett, MIS Operations Manager at Electronics Research, Inc., a broadcast services and products provider, thinks so. Beyond that, he doesn’t think SMBs are being included in the talk about cloud adoption, nor are their issues being covered or addressed.
“Smaller shops don’t have the budget that bigger shops do,” Plunkett said. “One thing I’ve run into is that we don’t have redundant Internet connections. We can’t put all of our applications running on that. If you rely on technology at all, that’s kind of foolish.”
Our conversation was momentarily interrupted when Plunkett had to address a cooling problem in his server rooms. He’s a busy guy, but he does his best to anticipate hiccups down the road. “It’s just good planning,” he pointed out. His is not a resistance to new technologies, or even to sending his data out into the cloud. His hesitation is simply a resources and availability concern. With three outages in the three years he’s been with the company and only a bonded T line, Plunkett estimates they’d need at least 3 – 4 times their current bandwidth.
He does use some software-as-a-service offerings. “It makes sense for some things to be hosted out,” he said, such as ERI’s website, which shifted to the cloud about a month ago. Plunkett also named AppRiver, an SaaS spam filter, which has helped to cut down on the inflow of potentially dangerous emails, as recognized by his employees. But in a company that only recently invested in a big enough generator to protect against winter-induced outages, cloud security and availability are a major concern.
So what concerns are you harboring about the cloud that are direct results of the size of your business? How do you balance those concerns with the push to go to the cloud? Share your stories in the comments section or send me an email at Melanie@ITKnowledgeExchange.com.
There’s quite the reaction across the blogging community today to a particular article by ComputerWorldUK: Cloud computing is just outsourcing, says Information Security Forum. The article quotes Adrian Davis, principal research analyst at ISF, from his speech at (ISC)2 SecureLondon Conference, including this bit about the insecurity involved in trusting cloud security to providers:
“If you don’t know the classification or sensitivity of information, how do you judge what goes in the cloud and what doesn’t? How does the cloud service provider back up and destroy the information? Is there proof that everything they do happens?” Davis said.
While the issue at hand seems to be that most people disagree with the assumption that cloud services are another form of outsourcing – like David Lacey, who also attended (ISC)2, disagrees in his own IT Security blog – there is another aspect of assumptions and fear-mongering happening here. While I would agree with the caution that Davis is strongly suggesting the enterprise exercise, it seems more users would benefit from being educated on the ways to avoid his seven deadly sins rather than having a finger wagged at them. Mike Vizard blogged about one motivation for raising security concerns related to the cloud:
In face, most of what gets ascribed to security in the cloud are really data management and compliance issues, or simply deliberate attempts to create concern over security as part of an effort to protect jobs that might be threatened by cloud computing.
Is that a fair assessment? Is there simply a lack of understanding surrounding the technology that has spun off into a misunderstanding of security surrounding that technology? How do you respond when you hear negativity toward cloud security: Do you run away or desire to learn more about how to avoid common pitfalls?
Let us know in the comments section or send me an email at Melanie@ITKnowledgeExchange.com.
I had the opportunity to sit down with MokaFive CTO and founder John Whaley while I was at RSA, and we caught up on the adoption of desktop virtualization, where the hypervisor belongs, and more. He was even so kind as to allow me to shoot some video, though the cafe where we were meeting makes the audio a little scratchy.
One thing John brought up was the mobile vs. desktop virtualization debate. His stance was that, far from detracting from desktop virtualization, mobile devices and tablets actually helped start the conversation in getting companies to seriously look into a broader desktop virtualization strategy.
“A lot of times people want to use their iPhone and hook it up with their corporate e-mail, or use an iPad at work,” he said. “That starts the conversation about what are we going to do about people wanting to bring their devices in, and how are we going to manage them.”
Whaley also said that that desktop would still dominate for the foreseeable future, even in more tablet-friendly businesses. “It’s not ‘We’re going to give iPads only,'” he said “It’s, in every case, an iPad is in addition to a laptop. It’s good for consuming but it’s not as good for creating content.”
[kml_flashembed movie="http://www.youtube.com/v/ScUKZoDwJzw" width="425" height="350" wmode="transparent" /]
Sure, everyone loves a good robot story, but what are we really interested in when it comes to Watson, The Jeopardy Wild Card? David Ferrucci and his team’s brainchild has some impressive specs, in addition to its record-breaking performance:
- 10 racks of 90 Power750 servers
- 2,880 cores in Watson’s system
- 15 terabytes of RAM
- Equivalent of about 6,000 high-end home PCs
In addition to the enviable hardware setup, Watson’s software included the ability to understand language, making it possible for it to compete in the game show. Ferrucci’s team of two dozen wrote a mixture of algorithms in an attempt to emulate the human brain. To aid the supercomputer in recognizing letters of the alphabet, IBM input millions of images to allow Watson to determine recurring qualities in order to recognize the form of a letter it hadn’t yet seen.
Because Watson couldn’t be connected to the Internet during the game, Ferrucci’s team input information from The World Book Encyclopedia, Wikipedia.org, the Internet Movies Database, a large portion of the New York Times archives, and the Bible. The software is also capable of synthesizing data, or machine learning: With each question Watson gets correct, it is able to gather the commonalities amongst correct responses and improve its game.
No reason to panic, though. IBM’s Ferrucci assures the public that Watson is not the first step toward a realization of iRobot. If it is, however, we still have Asimov’s three laws to protect us:
1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey any orders given to it by human beings, except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
- Saturno wishes he had more time to read and learn everyday, but he makes do with the time he has. When he’s looking for something security-related, he checks out Security Blanket, which covers “automated, consistent Linux & Solaris lock down.” When it comes to cloud security, Chris Hoff’s Rational Survivability, Bruce Shneier’s security blog, and Craig Balding’s CloudSecurity.org make the cut.
- RamseyB enjoys Tony Bradley’s IT Knowledge Exchange hosted blog The Security Detail and Wired.com’s privacy, crime and security online blog, Threat Level.
- Mortimer1 recommends Trend Micro’s Cloud Security blog and seconds Saturno’s vote for CloudSecurity.org.
- Spadasoe enjoys checking out the Microsoft Security Response Center.
Don’t have time to read these blogs? Why not listen to one! Check out this vimeo video based on Craig Balding’s blog post “Are You Trying to Pin the Tail on the Cloud Donkey?”
Are we missing any of your favorite cloud security or just plain security blogs? We’d love to have them on our list, so leave them in the comments or send me an email at Melanie@ITKnowledgeExchange.com! For more tech blogs, check out the community’s member and editorial blogs.