Enterprise IT Watch Blog


July 2, 2010  1:42 PM

What’s this “SkyDrive” you speak of?

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

Have you seen Microsoft’s cloud storage offering called Windows Live SkyDrive? It’s funny, SkyDrive has apparently been around for nearly three years but I’m just now hearing about it. I don’t know if that’s Microsoft’s lack of marketing or seemingly minimal push into the cloud or just my inability to keep up with their offerings. Regardless, SkyDrive has some interesting features you may want to check out:

  • File backup and storage (up to 25GB)
  • Live file sharing and collaboration (with close tie-in with Office Live apps)
  • File synchronization with your local system (coming soon)

One big drawback with SkyDrive is that file upload size is limited to 50 MB, which seems a bit odd. SkyDrive may not be “enterprise” ready and you may prefer some of the features of other online backup providers, but I could certainly see SkyDrive being a good fit in many instances. If you’re open to explore it, the best way is to set up a Windows Live account and take it for a spin to see how it works.

Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.

June 30, 2010  9:39 PM

Gartner session reminder of just how vulnerable mobile storage can be

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

I served on a mobile security panel at Gartner this week with Larry Ponemon and my esteemed colleague Stan Gatewood. The insight they brought to the table from both a research and a real-world perspective was phenomenal. I think our discussion served as a strong reminder to all of us that businesses are no where close to where we need to be when it comes to protecting our mobile storage.

For instance, Dr. Ponemon did some research – backed by Intel – that found:

  • There’s a $20,000 cost reduction between lost laptops with encryption versus without
  • The average cost of a lost laptop is over $49,000

Also, the people in the audience were asked to raise their hands if their business has ever experienced a lost or stolen laptop. All but maybe three or four of the hundred or so people in the room raise their hand!

I go back to what I wrote about nearly three years ago in my blog post What’s it going to take to encrypt laptop drives?! Seriously, what is it going to take? Nothing’s really changing.

Another neat takeaway is Intel’s (relatively) new Anti-Theft technology that’s worth checking out. It works in conjunction with drive encryption from WinMagic and PGP as well as asset management/tracking from Absolute and effectively disables the system when a loss or theft has been detected.

We can have optional mobile storage security options until the end of time but I’ve always believed that unless and until computer hardware manufacturers integrate controls that facilitate mobile storage security, such as Intel’s Anti-Theft, at the factory we’re going to continue having mobile storage exposures.

Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.


June 30, 2010  11:29 AM

Finding those needles in your storage haystack

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

Information is at rest most of the time. Therein lies the problem. Give malicious attackers, rogue insiders or just a few bored employees any decent amount of time on your network and they’ll likely uncover sensitive information they shouldn’t be able to access. So what’s a network or storage admin to do? Unstructured information (PDFs, spreadsheets, word processing documents, etc.) is scattered all about the network in practically every nook and cranny. How you can possibly find out where everything is so you can ensure it’s safe from prying eyes?

The simple formula is to find out what you’ve got, determine how it’s at risk, classify it and do whatever it takes to keep it in order only accessible to those with a business need to know. It’s that first step though – finding what you have – that’s so difficult. I’d venture to guess even the sharpest network/storage admins don’t have a real sense of what’s actually stored in their environment. Not from lack of expertise or effort but rather because it’s just so darn difficult to find where everyone and every application has stored these files.

Here are some ideas on what you can do to figure out what’s where:

  1. Simply ask information owners what they’ve got. It won’t be completely reliable but it’s a start.
  2. Use search tools you’ve already got such as Windows Explorer or find in UNIX/Linux. Painful  but possible.
  3. Use more advanced search tools such as Google Desktop or FileLocator Pro.
  4. Use enterprise search tools such as Identity Finder or even some of the more advanced e-discovery/ILM tools such as those offered by StoredIQ or EMC/Kazeon.

However you go about it, just do something. There’s undoubtedly unstructured information at risk in your storage environment and getting started finding out where it’s at today will serve your greatly down the road when things are even more complex.

Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.


June 30, 2010  10:28 AM

Cisco Cius: An iPad for the working stiff?

Michael Morisy Michael Morisy Profile: Michael Morisy


It’s been a little off our radar, but Cisco Live‘s been live and kicking this week with some hot news coming through (Yasir Irfan blogged about how you can attend Cisco Live virtually and has promised to post more updates on his blog). One surprising announcement that caught my attention, however, was Cisco’s new tablet, the Cisco Cius.

The Android-powered device takes a cue from other recent Cisco plays, focusing on video and collaboration, and aimed squarely at the business and educational markets (business tablets have had fans in education and medicine for years). The pitch, straight from Cisco’s Kara Wilson, is that it will offer better HD video talk, desktop virtualization, and on/off-campus connectivity than any other current mobile alternative (see below the jump for full specs).

While it will naturally draw comparisons to Apple’s iPad, Cisco made clear that it’s not interested in being an iPad killer as long as it can capture the enterprise market. As Matt Hamblen reported for Computer World:

When asked about comparisons of Cius to the iPad, Chambers was clear. “Cius is all about collaboration and telepresence,” he said. “It’s a business tablet. I use the iPad and love it. I love anything that loves networks. We do a lot with Apple and they are a great customer and good partner. I think of Cius as a business tablet, so [Cius and iPad] are complementary products with different target markets.”

Try telling that to the scores of business professionals that have already adopted, gleefully, the business side of the Apple iPad: At every conference and briefing I’ve been to since the tablet’s launch, it’s been a strange dance to watch, to see how smooth and nonchalant each vendor can be as they power up their PowerPoints on that thin, aluminum frame that was at once both magical and revolutionary. One presenter literally got so giddy he began giggling during his pitch.

With Cisco and even HP entering the tablet game, maybe enterprise tablets will get less magical while getting more work done. See below for full specs:

Continued »


June 29, 2010  8:20 AM

Microsoft storms Google off the beaches of Normandy

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

About a month ago, Google began its migration away from Windows, offering in its stead the Mac OS X for Apple users and Linux for PC users. Now it seems Microsoft gets to bite its thumb right back, as France’s Skema Business School trades in Google Apps for Microsoft’s Live@edu service. The self-described “pioneer in the use of online collaboration tools,” Skema—a combination of the French business schools CERAM and ESC Lille—entered into a three-year partnership with Microsoft.

How do the services compare on paper?

Google Apps for Education

Microsoft’s Live@edu

7.2GB Gmail service with Gchat IM in email browser

10GB hosted email service

Google Calendar: Event and calendar sharing

Outlook Calendar sharing and event coordination

Google Talk (IM, VOIP, & file transfer)

Windows Live Messenger: Allows image and document sharing as well as sending SMS messages from the interface.

Google Sites: Shared websites that include videos, images, gadget and documents.

Windows Live Spaces: Share info via documents, blogs and discussion groups.

Google Documents: +Multiuser document editing, -Only create Google documents, simple exporting/importing may lose data/formatting.

Windows Live Skydrive: 25GB web-based, password protected and shareable storage space.

Google Video: Video sharing with capability for comments, tags and rating. 10GB per domain.

Office Live Workspace: Collaboration document editing

Across-the-board compatibility.

Recent access through Moodle open source application and mobile syncing with Windows Live Mobile.

Since neither service seems to offer anything significantly superior to its competitor, perhaps it comes down to familiarity. Microsoft invites schools to “build on what they already have,” banking on its trusted name in academia software to sway institutions to transition into the cloud with them. Live@edu offers compatibility with Microsoft’s desktop applications, an important note since not everything has moved to cloud just yet.

This is a major overhaul for the ESC Lille half of Skema; the former had been using Google Apps Education Edition since 2008, but what does it mean for Microsoft in this ongoing cloud war?

First of all, any positive press for Microsoft—whether it involves beating out Google or not—is huge these days. It seems the morale’s been down around Microsoft headquarters; so much so that PR king Frank Shaw sent out a pep talk email to the company, available at All Things Digital, and posted a self-serving look at “Microsoft by the numbers” at the company blog. What spurred this influx of confidence boosters? From Shaw’s fingertips:

It has been a rough couple of weeks for us from a coverage standpoint. It seems like every time I turn on the computer, or talk to a reporter, or pick up a publication at home, or do a scan of my RSS feeds or Twitter client that I see more stories and opinions about the challenges we have, and how great some of our competitors are doing. iPad this, Droid that, sheesh.

Predictably enough, they’ve gotten even more bad press about their moping; repostings of the email and blog post are accompanied by tongue-in-cheek references to Shaw’s kitschy reference to the Rocky theme song and running up hills. The Guardian’s Technology Blog reexamined Shaw’s “fist-pumping set of figures,” putting in the analysis he so conveniently left out.

Aside from the morale benefit of adding a notch to their “We’re Better Than Google” belt, this small-scale victory for Live@edu adds to the other recent victory Shaw references in his company-wide email: “[W]e just announced 700k deployment of live@edu, probably the largest cloud deployment in the world.” He’s referring to the June deal between Microsoft and the Kentucky Department of Education, a move that the Commonwealth of Kentucky projects will save them up to $6.3 million dollars over a four year period. The speedy migration of the first 500,000 users took a mere weekend, sweetening the deal for the Kentucky school system. Kentucky’s commissioner of education, Terry Holliday, articulated the best part of the deal, “[W]e can close the technology gap between rich and poor districts and level the playing field for students regardless of where they live.”

If you look at it from Shaw’s PR-rich viewpoint, Microsoft’s ahead of the game, offering real solutions and features to those who otherwise wouldn’t be able to afford it. And no matter your opinion of Microsoft or Google, education is definitely coming out on top in this particular war.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


June 24, 2010  2:18 PM

No Time, No Budget, and No People? No Problem! (Part 2)

Michael Morisy Guest Author Profile: Guest Author

We’ve got the second installment of Keith Morrow’s three part series, No Time, No Budget, and No People? No Problem! Straight from former CIO of Blockbuster and 7-eleven and current president of K. Morrow Associates, learn how acting like a start-up and maximizing the assets you already have can save you money and precious time when deploying applications in the cloud. Check back soon for part three!

Since the arrival of online commerce 15 years ago, there have been few technology trends that have the potential to revolutionize the retail industry like the ones we see in mobile computing, social networking, and cloud computing. Today’s piece looks into the ways that retailers can shed a more conservative, traditional mindset and embrace new ways for deploying new apps, delving into practical insights for creating innovative, API-enabled applications. More specifically, how leveraging the move to the cloud can serve as the smartest decision in blowing out one’s API strategy.

Think Modular and Act Entrepreneurial, on the Cloud

Many retailers are very conservative when it comes to technology adoption, and they to closely control where new apps are deployed. Due to our limited budget, we didn’t have a choice but to embrace a new way for deploying the new apps.

Had we done it the old way, we would have acquired and configured the database, application, and web servers ourselves. We would have had to negotiate a long-term hosting agreement worth millions of dollars, and the agreement would have to go through a lengthy legal and executive approval process. Instead we acted like a startup and launched our API service and the API-enabled applications on the cloud, outside of the confines of our firewall, with the help of a technology partner. We bought capacity only to the level that we needed and as the services gained customer adoption, we added more. With this strategy, we were able to avoid high, upfront fixed costs and turned them into variable expenses.

Don’t Build Everything from Scratch

Some retail technologists see any initiative as an opportunity to re-engineer and rebuild. We didn’t have that luxury. We also realized that we already had valuable digital assets and enabling applications available, in-house or externally through our partners. The constantly updated movie library was already there. Our store locator engine was built. We had a transaction engine and a payment gateway. What we needed to do was create a common API service layer that would enable new applications to access those services consistently, for many more customers (millions), and in a way that we could monitor analytically for future improvements.

We looked outside of our organization and found a SaaS vendor whose technology enabled us to create this API service layer quickly, get them up and running on the cloud, and use analytical reporting tools to monitor traffic and the conversion data. We also used the same Graphical User Interface designs across different consumer devices, making only minor tweaks for usability. The key is to leverage existing solutions to accelerate time to market before your customers leave you. Without technology from this vendor, it would have taken us five to ten times as long to deliver what we wanted to.

In my third and final part of this series, I’ll discuss the strategic benefits that can result from extending the reach of APIs to developers and partners.


June 23, 2010  1:34 PM

OUTBREAK: Man infected with computer virus

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

Every silver lining has to have a cloud attached to it, and a headline from Xinhaunet’s Sci & Tech section provides just that. The silver lining? Technology implanted in a human to improve quality of life. The cloud? As with most exciting and cutting edge technology, lack of proper security. Thus Dr. Mark Gasson, a British scientist, has lay claim to becoming the first man to be infected with a computer virus.

Before you grab your yellow outbreak suit and throw your computers out a window, full disclosure: He infected himself. Dr. Gasson set out to demonstrate the danger of further development of medical devices such as pacemakers and cochlear implants without equal development of security.

“With the benefits of this type of technology come risks, ” Dr. Gasson told Xinhaunet. “We may improve ourselves in some way but much like improvements with other technologies, mobile phones for example, they become vulnerable to risks, such as security problems and computer viruses.”

The chip implanted in the doctor’s wrist allowed him access to secure buildings and his mobile phone. Once he contaminated the chip, the planted virus was able to pass onto external control systems. This discovery and the ease with which his experiment was executed was cause for concern for Professor Rafael Capurro of Germany’s the Steinbesi-Transfer-Institute of Information Ethics. He weighed the pros and cons of implant surveillance, telling the BBC: “Surveillance can be part of medical care, but if someone wants to do harm to you, it could be a problem.”

Both Dr. Gasson and Professor Capurro shared their findings and concerns at Australia’s International Symposium for Technology and Society this month.

With security always an underlying concern in all areas of technology, what is your take on the quest for security as developed as the technology it protects? Is Dr. Gasson’s experiment just another case of preaching to the choir, or do you think it will take a threat to human well-being—rather than just their data—to finally shape up the standards for security?

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


June 23, 2010  11:42 AM

StoreOnce Upon a Time: HP’s Dedupe Announcement

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

HP’s TechForum 2010 in Las Vegas kicked off Monday and runs through Thursday, June 24. This year’s hot topic theme? Converged infrastructure.

Yesterday’s big announcement was StoreOnce, HP’s new deduplication software. The software, which is now available for HP’s new D2D4312 disk backup appliance, promises to minimize every component of deduplication: hardware requirements, storage capacity, memory and disk I/O requirements.

HP StoreOnce’s Deduplication Bells and Whistles

Like the old adage, “Less is more,” HP StoreOnce hopes to strip down the process of deduplication for more efficient data protection and storage. What exactly can you get your hopes up about the new software?

  • Deployable at multiple points of converged infrastructure.
  • Deduplicate fewer times and gain more control over data growth.
  • Use the same software across backup clients, virtual and inline appliances and scale-out storage systems.

From the HP StoreOnce news release [PDF]:

“HP StoreOnce provides a significantly more efficient method for managing and protecting data while maximizing utilization of storage capacity than competing data deduplication offerings.”

In a recent InformationWeek survey, only 24% of respondents reported using data deduplication technology, while 32% reported evaluating the option and 10% gave a definite no to deduplication. Which group do you belong to? Do HP’s announcements have any effect on your current practices or evaluation of deduplication?

If you are planning to adopt deduplication with HP, prepare for a 20% improvement in inline deduplication performance, allowing you to spend about 95% less on storage capacity. The software is available in all HP StorageWorks D2D backup systems, with offerings suitable from SMB to midsize data centers. The D2D4312, for midsize data centers, boasts scalable capacity up to 48 terabytes and “enables clients to consolidate backup of multiple servers in a single process.” When compared to tape backup and offsite archiving, HP’s D2D4312 can save you up to $2 million dollars for multisite deployment. Not only that, but no matter your storage interface, HP ensures simple deployment into your existing backup process.

What’s your take on data deduplication? Is HP StoreOnce the revolution it promises to be?

Check out more announcements from HP.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


June 22, 2010  3:16 PM

Salesforce Chatter: The history behind the latest enterprise social app

Michael Morisy Michael Morisy Profile: Michael Morisy

Salesforce may be one of the darlings of the cloud computing world, but they have a lot of baggage to get over if their latest venture, Chatter, is to succeed. The new communication platform, which rolled out of beta and into general availability today, mixes a bit of Facebook, a dash of Twitter and a trusted enterprise platform in the hopes of boosting enterprise collaboration and helping Salesforce gain enterprise traction beyond its wildly-devoted sales and customer service customers.

The service has already been in beta with dozens of customers trying it out, and the early returns are good: A reported 22% uptick in productivity and over 55 ChatterExchange apps available for out-of-the-box integration.

We were actually leaked some demo screenshots straight from the Chatter team itself as it brainstormed with similar software groups, and the stream is reproduced, unaltered, below:

Michael Morisy is the community editor for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.


June 21, 2010  11:37 AM

Yellow Flag! World Cup frenzy brings spam and slowdown to an office near you

Michael Morisy Michael Morisy Profile: Michael Morisy

Team USA isn’t the only one being robbed at the World Cup: The global game is bringing spam, viruses and phishing attacks to offices around the globe, with network congestion serving as icing on the cake, particularly during game time.

Major events have long been fodder for such attacks and troubles, but Internet hot-spot watchers have been surprised by the magnitude of the World Cup’s impact on office life. According to a statement from Cisco’s Spencer Parker, a product manager:

” … employees are actively taking an interest in the World Cup during working hours.  Employees could be watching live streaming of these football matches on their PCs, checking the score during the matches, or even listening to the games.  As a result we have seen this significant uplift in Web traffic at the precise times that the matches are taking place.”

And how significant is that uptick? Cisco ScanSafe customers have seen web usage jump 27%  globally during World Cup games. If SalesForce becomes SalesStop this Wednesday at 10:00 am ET, now you know why.

But productivity and network traffic aren’t the only victims: Cisco also estimated 3 billion World Cup spam messages went out on June 11th, and some of them held nastier payloads than others. Websense’s Security Labs Blog deconstructed a typical nastygram spam, promising the latest World Cup scandal:

Tragically, rather than the tantalizing scandal – compromising shots of the ever popular WAGs, perhaps? – the attachment only includes URL trickery leading to a compromised webpage and a viral payload.

Game on, but make sure your staff knows the risks.

Michael Morisy is the community editor for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: