While working on a story about how updates to PCI compliance rules will phase out WEP for retailers who process credit cards, I came across one of the more interesting takes on PCI compliance, by Anton Chuvakin, whose written or contributed to a number of books on the subject and now works at compliance solutions company Qualys.
As Anton sees it, there are two camps in the compliance world:
1. “Please, please make PCI easier by letting us skip the requirements; or, better, just let us ‘SAY YES ON THE SAQ!’” camp.
2. “We know that our security program makes us PCI –compliant; please make it easier for us to prove it!” camp.
For the former, Anton recommends ScanlessPCI*, a simple, quick banner that shows your customers you are PCI compliant — while actually proving, and doing, nothing.
The latter camp, in which I hope (pray?) most of our readers fall, might be better served by investigating tools and techniques to help prove that their security passes muster, which is exactly the advice Petco’s vice president of network and store systems J. Smith gave me.
“All vendors are definitely not created equal,” he said. “And all you have to do is ask your vendor where they stand in terms of upcoming compliance.”
If you’re looking for some more insight into how you can make sure you’re headed down the right path, you’re in luck, because TechTarget has just launched a brand new IT Compliance Advisor Blog, and SearchCompliance.com is launching tomorrow for all your PCI — and other — compliance needs (a sneak preview is up today in case you can’t wait).
But the takeaway message? Even as everything else in the world seems to be getting cut back, the cost of PCI violation fines or, worse, an actual intrusion, is too great to risk. Trying to go the ScanlessPCI route is as deluded as thinking you’ll get money for nothing …
[kml_flashembed movie="http://www.youtube.com/v/aNaKWXqXkhw" width="425" height="350" wmode="transparent" /]
*NB: ScanlessPCI is, of course, a joke service, legitimate as the page may look. Don’t expect your compliance officer to be pleased if you try and pass it off!
Just because we’re surrounded by bad news doesn’t mean we can’t turn our lemons into lemonade. That’s at least what network management software solution company Advanced Systems Group (ASG) has done (not to be confused with the ASG band). They found a way to help enterprise IT/network administrator’s avoid datacenter move blunders in a way more compelling than a white paper — they sang about it in their YouTube video: The Data Center Move Blues.
Because we all know, when a data center moves, the network can’t go down. “Oh you know it can’t go down,” wails ASG founder and band front man John Murphy on what appears to be a Martin Backpacker Guitar.
[kml_flashembed movie="http://www.youtube.com/v/QkIRWTvk3nY" width="425" height="350" wmode="transparent" /]
When relocation, deduplication and virtualization complicate the network enough to make IT engineers sing the blues, it’s good to know what not to do during the data center move process.
ASG suggests avoiding these bad boys:
- Bad move #1: The so-called professional help
- Bad move #2: The every-man-for-himself move
- Bad move #3: The do-it-yourself move
More importantly, don’t forget to plan a great deal with your data center team and reach across to the right people. Before making a move, you can’t afford not to plan for every risk, and disaster preparedness will help you stay up while everything else is down.
Nortel Networks has filed for Chapter 11 bankruptcy protection. It seems last quarter’s $3.4 billion loss was the last straw. The company still has about $2.4 billion in cash on hand, which it will use to maintain operations while it restructures itself.
When news broke this morning that Nortel was filing for bankruptcy protection, an old and familiar image popped into my head: that of the starship Enterprise near the end of Star Trek III. Badly crippled in a battle with a Klingon vessel, the faithful old ship started her fatal descent toward the planet below. Captain Kirk and his crew safely beamed down to the planet and watched their beloved ship streak through the sky towards its demise.
But as fans know, the Enterprise was rebuilt and rechristened time and again for countless adventures in subsequent films and television shows. So, too, may Nortel.
Right now, the telecom industry has slowed its investment in new hardware. When will that trend reverse? No one knows. No doubt Nortel’s efforts to sell into enterprise networks are also suffering in this climate. And unified communications is still such an emerging market, the company obviously couldn’t hope to stay afloat with the quality products it’s been producing in that field.
Indeed, this is just the first of what promises to be several collapses in the networking industry. When Nortel emerges from bankruptcy, what kind of world will it find? And will it survive? Lots of companies disappear forever in an economy like this, even a company as old and revered as this Canadian giant.
CNN is reporting that President Elect Barack Obama is having a tough time parting with his BlackBerry, despite apparently strict White House IT policies against his using the device:
Those who follow Obama on a regular basis know the president-elect is constantly on the addictive e-mail device. But the Secret Service, as well as Obama lawyers, are concerned it could easily be hacked and are demanding the new president hand over the BlackBerry before he moves into the White House.
But in an interview with CNBC Wednesday, Obama made clear he’s not giving it up without a fight.
“They’re going to pry it out of my hands,” the president-elect said.
While the risks to national security that a hacked Obama BlackBerry could pose are substantially greater, every enterprise needs to be wary about the leeway they give their executives. Sure, the CEO wants to sync his iPhone with his corporate computer, but how valuable are the contacts that will automatically sync with it, and how do you remotely protect that data when the device goes missing?
Obama might not be happy about it, but it looks like he’ll lose his BlackBerry. With that example, maybe your gadget hound VP can stand to part with his iPod — at least on company time.
Seventy-five years ago millions of young men were out of work. The Great Depression was in full swing. The ruling powers, nervous that so many idle, impoverished young men might might destabilize society, created the Civilian Conservation Corps. This pseudo-military organization enlisted three million young men in forestry, flood control and construction projects that ultimately led to the creation of the country’s most prominent national and state parks. Many people today have no concept of how decimated the country’s forests and agricultural lands were back then. These men planted five billion trees, which in part were responsible for helping end the great Dust Bowl of the 1930s and revitalizing the country’s farmlands.
Today we face The Worst Economic Crisis Since The Great Depression. Is it time for another Corps? How about the Civilian Information Technology Corps?
The Information Technology & Innovation Foundation, a Washington, D.C., think tank, believes it’s a good idea. In a new 22-page position paper entitled The Digital Road to Recovery (PDF), the foundation says the federal government should invest $30 billion into the country’s “national information technology infrastructure.” By investing this money into upgrading the country’s broadband capabilities and the IT systems of the health care system and the national power grid, the country would create nearly one million new jobs while boosting productivity and innovation, according to the foundation. Not only will jobs be created to build this infrastructure, but the infrastructure itself will encourage the creation of new businesses and new jobs.
“Building out an IT-based network like broadband, health IT, or the smart power grid leads to new jobs generated upstream by investment in industries that create new and innovative applications and services to take advantage of the more robust IT network,” the paper reads.
Like the CCC and the WPA of the Depression, will there be a New IT Deal? Barack Obama is known to love his CrackBerry. No doubt he knows just how important such a targeted stimulus could be for the national economy. It should also resonate with those of you who raspberried my post about how a good network engineer is hard to find.
Every year at Cisco Live, the vendor’s giant annual customer conference, Cisco throws a big party for attendees. Last year the show was held in Orlando, and Cisco rented out a large portion of Universal Studios for the private party. Networking pros had the opportunity to try many of Universal’s rides for free, including Terminator 2: 3D Battle Across Time. The introductory video that plays before you enter the ride is an informecial for Cyberdine Systems, the fictional hi-tech company the developed Skynet, the evil defense network that exterminated the human race in the Terminator movies. Check out the video below.
[kml_flashembed movie="http://www.youtube.com/v/ajOQ4H5YzBk" width="425" height="350" wmode="transparent" /]
The 200 or so network administrators I watched this with got quite a few chuckles from the video and commented on the parallels between Cyberdine and Cisco. Both companies are huge. Both are branching out into telepresence and collaboration technologies. And both are trying to market themselves to consumers. Several guys wondered aloud about whether Cisco realized just how closely the Cyberdine story seemed to echo Cisco’s real-life ambitions.
Indeed, Cisco is moving rapidly to establish itself as more than just the most dominant networking vendor in the world. It has explicitly stated its plans to conquer all segments of the IT industry. And it is also looking to expand into the highly competitive world of consumer electronics.
Cisco’s telepresence technologies have been marketed heavily to consumers. Last night I watched the rebroadcast of “24 Redemption,” the TV movie that bridges the gap between the last season of 24 and this upcoming season. As in past episodes, Fox has inserted some extremely heavy-handed product placements from Cisco. In a screen capture below, you can see the U.S. president clicking a button on a Cisco phone to open and close a telepresence session with the prime minister of a fictional African country.
There are now rumors circulating that Cisco will launch blade servers in 2009, putting it in direct competition with Dell, IBM and HP in a completely new market full of IT decision-makers who have very likely never bought a Cisco product before.
And this month at the Consumer Electronics Show, Cisco will unveil a new line of consumer products, including a wireless digital stereo system and a set-top box for Internet video. Now Cisco will be competing with companies like Sony and Apple for consumers who have very likely never bought a Cisco product before.
Cisco CEO John Chambers once told a roomful of reporters that his company typically doesn’t enter a market unless executives believe they can build at least a $1 billion business within it. So clearly, Cisco is preparing to push quite a few resources into new markets that are quite distinct from the routers, switches and 802.11x access points that so many Cisco customers are familiar with.
This all begs a question: In these economic times, does Cisco have the go-to-market capability to succeed in these new markets while remaining strong in its traditional networking domain?
Hey, have you heard that the economy is in bad shape? It’s bad out there. Just ask the newest Nobel Laureate for economics, Paul Krugman:
Seriously, we are in very deep trouble. Getting out of this will require a lot of creativity, and maybe some luck too.
Well you should know that analysts and vendors are lining up to give networking pros advice on how to save money in 2009.
Today I received an invitation from Enterprise Management Associates for a January webinar entitled How to Reduce Network Management Expenses in 2009. EMA vice president Dennis Drogseth will examine how automation and an integrated life cycle approach to network management can reduce costs.
Network Instruments sent us a list of the “Top five ways you can be network hero in 2009.
- Harness the information you have. Network devices have tons of metrics that can provide cheap visibility into your infrastructure. For instance, if you aren’t doing this already, start collecting NetFlow data and aggregate it into some kind of analyzer to get real time stats on you applications.
- Test, test, test. It’s easier to identify and budget for changes to applications before you launch them rather than after. Understand how your apps will run on the systems provided and the network provided before you allow the application team to launch them.
- Prioritizing critical traffic. Instead of spending money to boost bandwidth, set quality of service thresholds for critical apps and allow bandwidth-hogging apps that aren’t as critical wait a little longer.
- Stop throwing bandwidth. Slow application performance isn’t always a network issue. Bring some donuts over to the systems guys and ask them to check on how their servers are performing. Maybe they aren’t configured properly for the applications they are running.
- Anticipate rather than react. Network managers are often in reaction mode, using analysis tools after the network has a problem. Too often they’re waiting for the problem to recur. If you run your tools continuously you can spot network issues before the user experiences them. You’ll spend less time trying to diagnose and fix them. And you’ll have more time to get everything else done.
Info-Tech Research Group has also published a list of Eight Ways to Slash Network and Telecom Costs by Half. I won’t publish them in full since Info-Tech would rather that you spend $195 to get the list from them, but here are a few brief examples of things you can do:
- Buy used networking gear. This market has grown quite a bit over the last few years. Your vendors might not be happy with you for doing this, but they don’t need to know. I plan to write about this next month on SearchNetworking.com.
- Renegotiate telecom and mobile service contracts. If you are in a position to do it, now is a good time to get a better deal from your providers. They’ll be wiling to lower their charges in order to keep your business in these dark times.
- Get rid of T1 lines on your WAN. There are lots of cheaper alternatives out there. See if you can find something that meets your requirements at a lower price.
Every year Gartner’s Magic Quadrant for wireless LAN infrastructure has some winners and some losers. One or two vendors will emerge from the crowded quadrant of niche players to become a market leader, a visionary or a challenger. And one or two other vendors will slip back into the crowd of niche players. This year, one of the vendors who came out on the losing end is accusing Gartner of having, at the very least, an appearance of a conflict of interest.
Brian Johnson, director of public relations for Trapeze Networks, called me last week and implied that Meru Networks is receiving favorable coverage from Gartner over Trapeze. Gartner placed Meru in the visionary quadrant for the second year in a row, while Trapeze slipped from visionary status to niche player.
Johnson revealed to me that Tim Zimmerman, one of the Gartner analysts who wrote this year’s Magic Quadrant, is a former employee of Meru Networks. I checked around and indeed Zimmerman was director of industry marketing for Meru Networks from Octbor 2007 to January 2008. Johnson also pointed out that Gartner’s former research director for wireless LAN technology, Rachna Ahlawat, is currently the vice president of strategic marketing for Meru.
Johnson explained that Trapeze has had a good year and is a superior company to Meru. He said it “stretches the imagination” that Meru could be ranked higher than his comapny.
“We have a higher market share than Meru,” Johnson said. “We have more OEM relationships. And we are a public company with a large bankroll behind us while Meru is a private company that is rapidly burning through its cash… In terms of ability to execute, I think that Trapeze has a higher ability to execute than Meru can.”
Johnson also told me that Trapeze brought eight products to market this year and three of them won awards (I looked through a list of press releases on Trapeze’s website and didn’t see that many product releases, but perhaps I missed a few). He also pointed out that Trapeze won the largest wireless LAN deployment in the world this year when it closed a deal with the University of Minnesota.
Johnson was reacting to a story about the Magic Quadrant which I wrote last week. When I talked to Mike King, Zimmerman’s coauthor, for that story, he told me that Trapeze’s downgrade was reflective of its relative silence on the market since it was acquired by Belden over the summer. He suggested that things have slowed down at Trapeze while Belden goes through the process of absorbing it. And he predicted that Trapeze could lose some key OEM partners when its deals with those expire in a few months. All this can be fairly typical for mergers and acquisitions. Motorola experienced a similar decline on the Magic Quadrant when it bought Symbol Technologies, but it has since rebounded and is now identified as a market leader by Gartner.
Now any industry veteran will tell you that analysts take jobs with vendors all the time and research firms like Gartner commonly hire analysts from the vendors they cover. Ahlawat left Gartner for Meru in June of 2007 so it’s been well over a year since she’s had any relationship with the firm. However, Zimmerman left Meru less than a year ago, so it was worth my talking to Gartner about this issue.
First I talked to Andrew Spender, Gartner’s vice president of corporate communications. He said Gartner employs a variety of measures to ensure that its analysts are independent and objective.
“First we have our principals of ethical conduct and our code of conduct which all our analysts sign up to as soon as they join the company,” he said. “They have very intensive training in what that code of conduct means and how they need to adhere to it. It’s very specific in terms of accountability.”
Spender also said that no piece of Gartner research is ever the work of one single analyst.
“When you buy a piece of research or become a Gartner client, you obtain the research from Gartner, not from an individual analyst. Each piece of research is peer reviewed. Our community of 650 analysts have a formal obligation to do peer reviews of other analysts’ research to ensure that any kinds of inconsistencies, any errors of data collection or any errors of conclusions are challenged and corrected before the research sees the light of day.”
I also spoke to Larry Perlstein, Gartner’s ombudsman (Gartner is the only analyst firm I know of that employees ombudsmen), about this matter. He has already conducted an investigation of Trapeze’s complaint.
“Basically I didn’t find anything that made me concerned that there was any real fact in Trapeze’s issues. The analyst that they expressed a special worry about, who was formerly at Meru, was there for only a very short period of time, about three months. It wasn’t clear that anything in that involvement was going to dramatically influence this particular piece of research. Most of our analysts come from vendors. As part of our hiring process we try to ensure that people have the capacity and potential to be balanced and objective.”
On the same day that I spoke to Johnson at Trapeze about this issue, I happened to chat with David Callisch, vice president of marketing at Ruckus Networks. Ruckus is another niche player in this year’s Quadrant, ranked a little lower than Trapeze.
“Tim Zimmerman and Mike King are both very stand up guys,” Callisch said. “I thought we had a pretty mediocre spot on the Quadrant, but to be quite objective, who are we to say? Vendors always think they deserve a better spot… But Tim and Mike did a lot of due diligence. I think they did a good job even if we got a lousy spot.”
He said that Gartner placed Meru high probably because the firm likes the innovative single channel approach Meru takes with its access points, which solves voice roaming very well. He said he has doubts about whether this approach can scale as well as more mainstream wireless LAN technologies, but he doesn’t fault Gartner for giving Meru high marks for their technology.
Callisch went on to call out Trapeze for its acquisition by Belden. He said Trapeze has a very good product line, but it had marketed its technology poorly, driving down the value of the company.
“They ended up being sold to Belden for pennies on the dollar and that hurt the valuation of other [wireless LAN] companies” he said.
Where once there were two, now there are three.
Gartner has published its 2008 Magic Quadrant for the wireless LAN infrastructure market. The most noteworthy change from 2007’s Quadrant is the rise of Motorola. Last year Gartner identified Cisco and Aruba as the two leaders in a crowded market. This year, Motorola has joined them as a third market leader.
HP ProcCurve (which purchased Colubris this year) and the newly merged Enterasys/Siemens Enterprise Communications both advanced from niche player status to visionaries. Trapeze Networks appears to have taken a step backwards since it was acquired by Belden, slipping from visionary to niche player.
Meru Networks remains in the visionary quadrant, although it is on the cusp of climbing into market leader status.
To see more in-depth analysis of this research, check SearchNetworking.com on Tuesday, Dec. 9.
The notoriously frugal Cisco is tightening their belts a little tighter, more or less shutting their offices over the holidays and freezing hiring for a bit. They hope to save $2 billion, which isn’t small change even for the world’s largest networking equipment provider.
They also are looking to cut travel expenses, and since Cisco insiders tell us everyone at the company flies coach to begin with, we guess that means more TelePresence. Layoffs, however, are not planned, at least for now, according to Dow Jones Newswires:
Cisco Systems Inc. (CSCO) doesn’t have any layoffs planned at this point, according to Chairman and Chief Executive John Chambers. …
Chambers, speaking to analysts at a conference hosted by Credit Suisse, said that if the company was to have layoffs, it would be a one-time event, rather than a string of events.
Sounds like he’s hedging his bets, just in case, but it might be tough to cut the fat from Cisco’s already lean (for a company of their size) operation.
Aruba isn’t so optimistic. The company announced they will be cutting jobs to reduce operating costs by 10%, though the exact number getting laid off is unknown.
This is despite Aruba’s record revenues last quarter, which, according to Farpoint Group’s Craig Matthias, came at a price:
“If you look at Aruba’s margins, they have eroded some, and obviously discounting is a heavy element in winning deals,” Mathias said. “So I’m expecting that their margins probably won’t improve much with their sales. But this is an industry that will continue to grow, and it will accelerate into the future.”
It also calls into question what wireless vendors keep whispering to me: Their equipment — and business prospects — are counter-cyclical. The theory goes that wireless is a great way to cut costs: No more having to futz around to rewire desk connections, less physical wiring to lay down, etc. etc. But with such a crowded field of vendors, even the winners might have a tough time staying or getting profitable.
- IT economic outlook: Not so good
- Aruba to Customers: Get 200% more WLAN bandwidth, free!: Aruba in more charitable times … a month ago.
- Overheard: How to keep your IT job during a recession