The Ponemon Institute recently surveyed 155 globally certified PCI DSS compliance auditors about how the largest retailers (Tier 1 merchants) are doing with respect to compliance with the credit card industry’s cardholder data security requirements.
Asked by Ponemon to rank the effectiveness of technologies used to protect cardholder data, auditors identified encryption of data at rest and in motion, firewalls and endpoint encryption as the best technologies. Least effective were ID & credentialing systems, intrusion protection and detection systems (IDS and IPS), and website sniffers and crawlers. Ponemon’s research didn’t explain why auditors felt this way about the various technologies. A systems administrator at a nonprofit recently told SearchNetworking.com that his organization is looking at segmenting its network with VLANs to help implement the controls it needs for compliance.
Also, the corporate network is the MOST vulnerable infrastructure element to a potential data breach, auditors said. Fifty-one percent of auditors identified corporate networks as a weak point. Corporate databases (43%) were the second most vulnerable. Only 10% considered unattended payment terminals as a vulnerability.
Ponemon also revealed that the average Tier 1 merchant spend about $225,000 on its compliance audit, but it didn’t identify how much these company’s spend on operations and technology. Auditors said that business units are the most likely (40%) part of a company to be responsible for auditing PCI compliance, but they unlikely to own responsibility for delivering that compliance (19%). IT security (30%) and the office of the CIO (10%) combine to own a plurality of compliance responsibility. This division of responsibility between compliance and auditing could create some tension between IT and business units.
As I was skimming through stories from the RSS feed of a competing publication, I came across these two sequential headlines:
“Want a job? Get a Computer Science Degree”
“Boeing prepares to cut to cut nearly 800 IT workers”
Talk about mixed messages. But that’s what this economy has been giving us for a couple years now, hasn’t it?
IBM gobbled up Intelliden this week. Intelliden bills itself as a provider of “intelligent network automation solutions.” Basically it provides automation around network-based compliance and network change and configuration management. It’s also been focusing on aligning these technologies with cloud computing, helping both enterprises and service providers automate the management of cloud networks.
IBM will likely jam Intelliden into its monstrous Tivoli IT management suite. I assume it will get folded into Tivoli’s vast armada of Change & Configuration products. Or maybe it will be absorbed into the horde of Network Management & Performance products. It’s hard to tell. Just delving into those product choices is overwhelming. Trying to figure out where Intelliden gets placed among them is a task that’s beyond me.
I’ve been covering the networking industry for about two years now, and I don’t think I’ve ever been approached by IBM PR regarding the network management capabilities of Tivoli. Come to think of it, most of the Big Four IT management companies don’t seem to have me on their radar. Only CA actively sends me news on network management technologies. On the other hand, when I wrote for SearchCIO.com I received pitches from Tivoli fairly regularly. Does that say something about IBM’s Tivoli strategy? Market and sell to CIOs, not network managers and network engineers.
Given the choice, would you buy your network management tools from one of the Big Four or from independent vendors like NetScout, SolarWinds, Fluke, etc. And what do you do when your favorite vendor gets gobbled up, whether it’s Intelliden by IBM or NetQoS by CA?
Late last month SolarWinds acquired Profiler, a storage and virtual server management software technology from fellow Texas vendor Tek-Tools for $42 million. The technology provides visibility across storage, servers and virtual server environments.
On his blog ManageEngine vice president of product marketing Girish Mathrubootham claims that SolarWinds has been on a buying spree in recent years, acquiring a handful of companies like Tek-Tools, Kiwi and ipSurveyor in order to add functionality to its flagship Orion product suite. Mathrubootham argues that this is the approach that the Big Four have taken, creating management platforms that are huge, complex and pricey. He says:
Acquiring disparate products and integrating them at a GUI level may provide short-term boosts to revenue, but it is exactly this kind of headache that customers hate when dealing with the Big 4. (And SolarWinds would know this better than anyone else 🙂 )
It’s true that SolarWinds has been acquiring point tools that expand the visibility afforded by its network management and application performance monitoring platform Orion. However, is SolarWinds really hoping to become a tool of choice to server admins and storage managers? SolarWinds says it is making these acquisitions in response to what it hears from customers. The roles in the data center are changing and the tools that support these roles have to evolve, too.
Sanjay Castelino, vice president of product marketing & product management at SolarWinds says it all comes down to virtualization. The migration of virtual machines to migrate from host to host requires network managers to look beyond their organizational silos.
One of the things we seeing within the IT organization is this need for visibility across the network, the compute infrastructure, virtual machines, storage and applications in the data center. We looked at the pieces that we have in that: We have the network piece and the application monitoring piece and some server and virtual machine monitoring. Storage was an important piece to add to that mix.There is an overwhelming demand from our customers to get visibility into network, storage and virtualized environments.
You’re starting to see that these folks are starting to work more closely together. You can’t say “I’m only going to be a networking guy and I don’t have to talk to my peers in servers and storage.” That’s going away. These people have to get shared visibility so that when they make changes on one they don’t bring down pieces of the puzzle in terms of delivering applications. The networking guys own the networking piece and the storage guys own the storage piece, but all of them are wanting visibility across their domains into the other domains because they aren’t siloed anymore.
Is SolarWinds truly morphing into one of the Big Four? Will we have to start calling them the Big Five? Given that Orion is still a product that can be downloaded online, the complexity that ManageEngine is warning about seems pretty far off.
So, you heard that Cisco is cracking down on the use of IOS emulators by requiring a license registration key to activate the software on every router in its IOS v.15 update.
Angry? Want to stick it to the man? Feel a riot coming on?
Take a deep breath, put down the bricks and baseball bats, and fire up your Internet browser of choice to join the underground movement.
We spotted a Save Dynamips group pop up yesterday on Facebook, started by French networking student Benoit Goncalves in support of Dynamips, a free Cisco IOS emulator that seems to be the target of these IOS licensing changes. As I write this, it only has 18 members but sure looks like they’re rolling out the welcome mat for new recruits.
(Photo of riot police outside 2008 Republican National Convention courtesy of/politely borrowed from this flickr account)
Computer Economics has published its new IT salary report, which claims the average IT worker will see just a 1.8% raise in 2010. That’s pretty rough. But in an age where many people are seeing their salaries stay flat for the second year in a row, perhaps 1.8% can be seen as a silver lining.
According to Computer Economics, the higher up in the IT chain of command you are, the smaller your percentage pay increase will be. CIOs and directors are getting just 1.3% more money this year on average. The lower you are in the organization, the better your percentage increase might me. Computer Economics says this is part of an effort to retain talent in the trenches.
What’s the best job to have if you’re looking for a decent raise this year? Developers. They’re going to get about 2.1% more money this year, which is the highest average pay increase in the industry.
Networking pros are sort of at the median. Network and systems support personnel are going to see a 1.9% increase this year. This includes network admins and telecom analysts. How does your salary measure up? Are you getting a raise this year?
For those of you who don’t have a full-fledged network configuration and change management (NCCM) system, Solarwinds released a free tool this week that could make your lives a little easier. It’s called Network Config Generator.
Here’s a video where a couple of guys from Solarwinds showing how the product works.
Basically, this tool works like a configuration wizard. You enter the parameters you want for the configuration of a class of switches, routers, etc. The tool takes this information and outputs a configuration template in Command Line Interface (CLI) code, which you can then cut and paste into the CLI consoles on any of your network devices.
It doesn’t scale that well. If you want to configure 100 switches, you have to cut and paste the CLI it into each one. But if you have some sort of network configuration management tool, you can probably drop these templates into that. Solarwinds, of course, is suggesting you use its Orion Network Configuration Management tool to apply these templates across your network.
Also, if you go to Solarwinds’ online community for customers, Thwack.com, you’ll find that Solarwinds customers are sharing their own configuration templates generated by Network Config Generator. You’re free to grab them and tweak them as you like with this free tool.
We’ve heard all of the reasons why enterprises will move toward a cloud computing model (for networking read: less network to manage for better performing apps and accessible storage, plus simpler architecture). But there is very little talk about why networking teams (and their systems counterparts for that matter) are not likely to coax CIOs to go into the cloud anytime soon.
“If you are the network architect for a big company, you’re not going to architect yourself out of a job,” says researcher and analyst Kevin Tolly. “Who’s going to say: ‘We can save the company money by going to a cloud and then you can fire me?’”
If you believe, as Tolly does, that cloud computing will deliver on its promises (though we see a lingering “if” considering all of the security and management issues that abound), it’s just as likely that network engineers will architect themselves into different jobs rather than no jobs.
Cloud computing proponents envision returning to a flat network that will cut out the aggregation/distribution layer, directly connecting access to the core. But that brings with it a host of problems that networking engineers will have to solve, including routing and management challenges.
But more importantly, network engineers will have to both build internal clouds and then inter-network enterprise and public clouds for a hybrid strategy.
Arista’s Douglas Gourlay has this to say about it: “Cloud computing architectures, whether public or private, or frankly ‘virtually private’ (private cloud extending into public infrastructure with enterprise control and trust established) will need a set of networking systems and architectures,” he wrote when he was still at Cisco. “As James Urquhart told me once, ‘you can move the servers to the cloud, you can move the storage to the cloud, but you still have to connect to the cloud.’”
One thing is clear, until networking engineers figure out where they will fall in this transition to the cloud, they are likely to push against the change. The problem is, that won’t work for long.
Cisco Systems got word earlier this week that the IP router it launched into space in November passed its first networking test — it works.
Using Cisco’s IOS platform…
The in-orbit test was conducted using SEAKR Engineering Inc.’s Application Independent Processor (AIP) which was used to host the router and software-defined radio functions necessary for on-board routing, enabling satellite routing capabilities to be reconfigured and updated dynamically from the ground.
The way I see it, all of this means one of three things:
- As TorrentBomb speculates, it’s Cisco’s next step toward global (or perhaps intergalactic) domination.
- Since the router is radiation-proof, we can confidently add Cisco routers to things that will survive the apocalypse (behind cockroaches and Twinkies).
- Even in space (following aforementioned apocalypse), you will still inevitably be stuck next to That Guy who doesn’t mute his iPhone email alerts.
According to Cisco, the move is just a small step in its Internet Routing in Space (IRIS) project.
They say the goal is to “route voice, data and video traffic between satellites over a single IP network in ways that are more efficient, flexible and cost effective than is possible over today’s fragmented satellite communications networks.”
Cisco’s move to restructure its Asian operations is a clear sign that the HP-3Com acquisition has lit a fire under the router king’s you know what. It’s also yet another vote of confidence in the Chinese technology market.
Cisco’s restructuring plan announced this week will involve the creation of a separate Greater China Theater that will include China P.R.C., Hong Kong and Taiwan, formerly all part of the Asia Pacific Theater. The remaining Asia Pacific countries will remain their own theater and Cisco’s Japan operations will continue to be its own theater.
Cisco must do whatever it takes in China to hold down core networking considering 3Com controls 32% of that market — a percentage that will jump once the HP-3Com acquisition is finalized. In fact, many speculated that the 3Com acquisition was solely a geographic move maneuvered by HP specifically to kick Cisco the one place it hurts.
On another note, Cisco and HP will hold partner summits on the same day in different cities — never mind the fact that the companies have tons of cross-certified partners. After all, the former friends were once known for their cross-selling incentives.
And so the Cisco-HP battle ratchets up.