Two acquisitions announced in the last week underline the battle to gain market share and technical superiority in the web security market and continue the debate about how content security is best delivered - at the edge of the network or in the cloud using the software-as-a-service (SaaS) model.
First, on 28 October, Cisco announced it was buying ScanSafe, a UK company that had established a strong position in SaaS-based web security, and today, M86 Security (formerly Marshal) announced it was buying the Israeli firm Finjan, a specialist in real-time web threat analysis.
These acquisitions are the latest in a continuum of such deals, marking the near end of consolidation of the web security sector that has taken place over the last few years, as there are few small specialists left. Most are now part of the broad portfolios of large security vendors, which is, in Quocirca’s view, no bad thing as it stabilises the market and provides new sales channels for the strongest products. The same sort of consolidation happened at an earlier stage in the email security market.
For example, the overall leader in web security, Websense, shook the market in 2007 when it bought one of its main rivals SurfControl. This strengthened its market share, but was also part of a broader strategy to widen its portfolio, as SurfControl had other assets including email security. Websense had already acquired Port Authority – a data loss prevention vendor and has since acquired Defensio to strengthen its spam filtering.
McAfee followed with the purchase of Secure Computing in late 2008. Its rivals Symantec and Trend Micro are also in the web security market – the former through its 2008 MessageLabs acquisition (this SaaS-based email security vendor was already developing web security technology) and the latter through a couple of technology acquisitions as long ago as 2005 and in-house development.
When considering which approach to take for web security, network-edge or SaaS, latency is often of primary concern - more so than with email security - as any security technology that slows down web access frustrates users and damages productivity. Network edge vendors claim a performance advantage, but there are two factors that further complicate issues.
First, web security policies that control the web use inside the firewall need to be extended to those working remotely – this is more easily achieved with a SaaS-based service. Second, web-based business processes often span multiple organisations making the network edge much vaguer than it used to be and content security policy often needs to be extended to external users.
It is interesting that Cisco bought ScanSafe, a pioneer in the delivery of SaaS-based web security. In the past Cisco has stuck to hardware appliances to be deployed at the network edge for security, for example IronPort, which it acquired in 2007 for email security. Perhaps Cisco is recognising that the only way to control disparate web users is with a SaaS-based system, giving customers confidence to use the web for communication and collaboration wherever they are, including the use of web based voice, video and web conferencing tools. Cisco’s only other foray into SaaS so far was its 2008 acquisition of web conferencing vendor WebEx.
M86 Security’s acquisition of Finjan tackles the latency issue. M86 Security was already in the web security market with its WebMarshal software aimed at small businesses and its 8e6 appliance for URL filtering that became part of its portfolio when it merged with 8e6 Technologies leading to the new name. The Finjan acquisition adds real-time web threat monitoring, ensuring all web traffic is inspected for malware with minimal degradation of performance. It also adds some SaaS capability as Finjan was already in the process of extending its gateway-based web security to the cloud.
There are still plenty of choices even though consolidation has meant web security is now mainly in the realm of broad-based one-stop-shop security suppliers. Vendors are increasingly offering both network edge and cloud-based offerings, in some cases a hybrid of both, allowing customers to achieve a balance between performance and reach. Some buyers still regard cloud-based offerings with suspicion, especially when it comes to security, but such offerings are performing better and better, so many are accepting that outsourcing security to experts makes sense.
The web is an essential tool for all businesses. Making its use is as safe as possible while ensuring users remain focused on the benefits it brings, knowledge acquisition and communication, while avoiding its many distractions, is the aim of all these products. With the right tools it is possible to ensure the web is a largely safe and productive environment. Happy surfing.
By Bob Tarzey, Quocirca
IT security supplier Trend Micro has admitted that some of its products are not 100 per cent effective. In fairness, it is making this claim about the whole IT security industry, including itself. Trend’s admission comes after it carried out 130 free “on-site security threat assessments” across a range of organisations with an average of 7,484 employees. The sample included a minority of Trend’s customers.
All the organisations assessed had active malware of some sort on their systems. Some 80 per cent had malware that originated from web-related activities. This included 72 per cetn with internet relay chat (IRC) bots – software agents that facilitate some sort of external communication to the web. IRC bots are often doing no particular harm and are not always in themselves malware, but the channels they keep open can be exploited by malware writers and they can generate unwanted network traffic. Information-stealing malware was found in 56 per cent of organisations and network worms in 42 per cent – both definitely bad.
Nearly all the organisations assessed had security software in place including firewalls, host-based malware detection and some sort of content filtering. So how is the malware getting through? The truth is that these security tools, taken together, do keep the majority of malware at bay, but the aim of the bad guys is to evolve their malware to keep ahead of security technology – and they often succeed. Why else would they keep going?
The situation is exacerbated by two other factors. First, the increasing mobility of the workforce; often user devices are used on networks beyond the control of a given organisation’s IT security staff and become infected while connected to such networks. Although end-point security can help with this, many organisations do not use it comprehensively.
Second, malware is increasingly delivered via the web, rather than email. Most organisations have email filtering in place, but many have not addressed the more varied web traffic which encompasses a wide range of communications tools. There are now many tools and services available to control web traffic, but a threshold always needs to be set between controlling user activity and allowing the freedom to use the web productively – in other words 100 per cent mitigation of the web threat is just not possible other than by stopping its use altogether.
So why does Trend, which sells products and services to do most of the above, want to highlight some of its imperfections? Well – there is of course some self interest – Trend has developed a new offering that it wants customers, and those of its competitor, to buy, to protect them from this background threat.
Trend has launched what it calls “Trend Micro Threat Management Services”. There are three components:
1. Threat Discovery Services – this goes beyond a free initial assessment to provide continual monitoring for new threats and regular reporting.
2. Threat Remediation Services – cleans up existing problems and put in place tools to make sure they do not happen again. This goes beyond standard host-based malware protection as it can seek out and prevent activity than spans multiple devices, for example a user requesting an image file from a web site, but being sent an executable file (includes Threat Discovery).
3. Threat Lifecycle Management Services – ongoing advice and planning for better network management with regard to security (includes Threat Discovery and Remediation).
All well and good, but will customers buy it on top of all their existing security investments?
The services are aimed at enterprises (750 users and above). A free assessment can be applied for at www.trendmicro.co.uk/thinkagain. Beyond this, the Discovery Service starts at $15,000, while the full Lifecycle Management Service has an entry level price of $50,000. Time will tell if organisations are prepared to fork out for yet another layer of security or just accept the background threat. As is often the case, they will probably live with the latter, until a breach occurs that is so costly, it makes the Trend price for stopping it seem cheap.
By Bob Tarzey, director, Quocirca
IBM’s new focus is on the “smarter planet” – using technology to make the planet a better place. While Quocirca has no problems with this at a high level, it does have some issues around the small print.
For a start, this “smarter planet” seems to be built around a number of “smart cities”. IBM has presented figures showing that half the world’s population lived in cities in 2007 – the first time more people had lived in cities than not. By 2020, predictions are that 70 per cent of the world’s population will be huddled in these cities. IBM’s view is that this is inevitable, and as such, technology can be used to ameliorate any urban issues and make life as good for citizens as possible.
OK – problem number one. In 2007, there was a 50/50 split of inhabitants, with half of the world’s population living away from cities, carrying out crucial activities such as agriculture to feed the 3.3 billion citizens (as well as the non-agricultural “others”). In 2020, there will only be a possible pool of 3.3 billion people outside the cities to provide agricultural support for around seven billion people in cities - more than the total population of the planet now. And how many of these 3.3 billion will want to work in agriculture – or will they want to go for the promises of the entrepreneurial lifestyle espoused by politicians, by Western incomers and by role models in their own countries?
In today’s major cities in emerging countries, population growth is not being matched by infrastructure growth – and although technology can help by speeding up progress in some of these areas, it is unlikely to meet needs adequately, and shanty towns and ghettos will continue to stress the infrastructures of these cities. Second, if you live in the surrounding country, and hear about how your nearest conurbation has suddenly become “smart”, what do you want to do? Stay in the “dumb” countryside, or move to the bright lights and gold pavements of the city?
Creating smart cities without a more holistic view of how this needs smart villages, smart communities and smart communications linking all of these together leads to the acceleration of large issues for large cities – the external perception is that the city is the place to be, more people arrive, the infrastructure can’t deal with it, the surrounding area becomes denuded, there is less food available from the surrounding areas to meet the needs of the citizens, less available water, less total capability. Poverty, followed by disease and even unrest can easily follow.
Technology, rather than solving the problem, has become a major cause of the problem through making the city an attraction to too many people, without enabling the major changes in the same timescales in the surrounding environment. Even if there is an associated agricultural revolution running alongside the smart city revolution, the speed of expansion of these cities and the manner in which they then decrease available agricultural land through building will make the search for new agricultural land a geopolitical, as well as a sustainability and green, issue.
Take some of these high-growth cities, with growth rates of between 20-50 per cent per annum in citizens, whether legal migrants or less legal/illegal people. Look at Mumbai – a city of 12 million official inhabitants, probably closer to 18 million in reality. Imagine this growing by 20 per cent per annum – an increase of more than three million people per year. Even if these people only need three square metres each to live in, there is a need for an extra nine million square metres of living space – space that cannot be farmed or used for any useful output. Each person will also require a bare minimum of five litres of drinking/cooking water per day, so there is a need for 15 million extra litres of potable water. If these people want to use electricity for lighting and cooling (either a small air conditioning unit or refrigerator), then even if minimised to the need for each person averaging out at 100W total drain, or 2.4kWh per day, there is a need for 7.2GWh extra power provision.
Is this leading to a “smart city”? Or is this really more of being traduced by technology into massive folly that just makes the problem worse? Quocirca has written before on how a more all-embracing approach is needed – keep people away from the cities: if they want to be better farmers within their own existing communities, then help them to do this. If they need help to form co-operatives to maximise the capabilities of food, service and requirement exchanges across communities, then use technology to better facilitate this.
Jeff Jonas, an IBM distinguished engineer, and the most insane, sane man Quocirca has ever come across, states that due to our incapability to effectively deal with the explosion of data we are now facing, a data-driven world is actually becoming less smart. He proposes that new approaches need to be taken, using “sense-making” techniques to deal with data before it is stored. Other IBM technology is also looking at this – InfoSphere Streams is a great approach to filtering and managing mass data during creation.
But, a city full of sensors, actuators and other technologies will not become a smart city just because of the amount of data it churns out, nor even with the way the data is dealt with. It will only be a smart city if it helps in creating smart communities, smart countries, smart geographies and so to a smart planet.
The biggest “but”, though, has to be the major block to a smart planet – you, me and the other 6.6 billion people on this planet. Population growth is out of control, and those who have any chance of dealing with it are far too interested in looking at how much tax can be taken from the future population and how many goods can be created by them for export to bother about small facts such as the human race moving beyond the tipping point and starting the route to oblivion (which, of course, we may already have done). Technology can help here – but this is an area where the likes of IBM have to play second fiddle. From Quocirca’s point of view, the best the likes of IBM, Microsoft, Cisco and other vendors can do is to attempt to move towards a more sustainable future – keeping communities together, moving more people towards self- or communal-sufficiency, providing infrastructure and technology that supports people where they already are.
To the governments, political activists, commercial concerns and religious ideologues, now is the time to see the writing on the wall and mandate change. Short termism, vested interests and age-old superstitions will not save the human race – only wholesale change of mindset and approach to the issues will – helped by technology (of course).
By Clive Longbottom, service director, business process analysis, Quocirca
The current financial crisis has produced a new round of record-breaking bankruptcies that overshadow those of the last crash caused by the dot com bust at the start of this decade. Measured by assets, Lehman Brothers and Washington Mutual (both September 2008) now take first and second place pushing Enron (December 2001) and WorldCom (July 2002), both record breakers in their day, down the league, but they still manage third and fifth positions respectively (GM, June 2009, intervenes at number four).
Enron still exists but only as the Enron Creditors Recovery Corporation, all its assets having been sold; the remaining assets of WorldCom (after a period trading under the old name of MCI) were eventually acquired by Verizon in 2005. But a third company many will remember from those heady days is still trading under the name it was known by when it went bankrupt – Global Crossing (GC).
When GC filed for Chapter 11 bankruptcy protection in January 2002 with assets of more than $30bn, it was then the fifth largest bankruptcy of all time - even today it still manages 14th place. How has GC survived, what is it doing today and is it likely to survive in its current reincarnation?
GC emerged from Chapter 11 in December 2003 with a plan of reorganisation in place that provided for majority ownership by Singapore Technologies Telemedia (ST Telemedia). The remaining shares are publicly traded.
The plan worked; GC’s revenue for 2008 was more than $2.5bn, on which it generated an operating income of $273m - compare this with 2001 when revenue was around $3bn but it ended up reporting a loss of $10bn that led to the Chapter 11 filing. Today IP networking accounts for 80 per cent of Global Crossing’s revenue, via a combination of its enterprise, indirect and wholesale data channels. The remainder of its revenue comes from other lines of business that have been built up through acquisitions.
This includes, GC UK a locally focused operation that has grown out of a number of acquisitions over the years including Racal (1999) and Fibernet (2006). The Fibernet business is key to GC’s ongoing growth - as well as strengthening GC’s UK infrastructure it also has a healthy user services business.
GC UK now offers network, security and professional services across all industry sectors but with a particular strength in the government and transport markets. For GC UK the provision of communications infrastructure is now a secondary rather than a primary focus. How else do you compete with BT and AT&T at the enterprise level? More recently GC has added in datacentre hosting services. The knowledge to do this is derived from the second subsidiary, GC Impsat.
GC acquired Impsat, a Latin American service provider, in 2007. An important part of Impsat’s portfolio was dat centre services and GC is now extending these offerings to other areas. In the UK GC started offering managed hosting services out of a London-based facility in 2008 and it now has around 35 customers. Like many such providers GC does not own its own datacentres but uses a co-location provider. In London this is Global Switch, with which it has also partnered recently to provision a facility in Amsterdam. Longer term it plans to extend managed hosting services to Germany, Spain and France and another UK facility outside of London.
The market for managed hosting is standing up well in the current downturn as many organisations look to reduce the cost of inefficient and out of date in-house datacentre facilities and the interest in on-demand (or cloud-based if you prefer) services grows. That GC has diversified into this market as well as the boarder services offered by GC UK gives it a base for ongoing expansion in the UK and beyond. Provided this is carried out in a measured fashion and the focus on profit is maintained GC can expect a healthy future and for the fiasco of 2002 to become a more and more distant bad memory.
Global Crossing is covered in Quocirca’s free report Managed Hosting in Europe.
By Bob Tarzey, director, Quocirca
Strong, two-factor authentication in itself is nothing new. It has long been used for providing a higher level of assurance that a person accessing computer resources is who they say they are than would be provided by a username and password alone. This is because it is based on the use of an additional factor of authentication—generally something the user has in their possession, such as a security token, or something that is unique to them, such as a biometric identifier.
The most commonly used form factor is a hardware token, the majority of which generate a one-time password at the touch of a button—making it useless for anyone to try to crack that password as it is good for just one event. However, the costs of distributing and managing hardware tokens for all users and the hidden costs of administration, such as users calling the helpdesk every time a token is broken or lost, have made such deployments costly and cumbersome.
That is changing as strong authentication technologies are evolving to include a wider range of token types. Software tokens, incorporated into smartphones, smartcards or USB devices, help to reduce the costs of procuring and distributing authentication tokens and can offer additional security benefits over and above authentication. For example, smartcards can be fitted with radio frequency identification chips so that they can also function as physical access authentication mechanisms when integrated with door access control systems. And USB sticks can be equipped with encryption technologies that lock down all data at a device level so that the computer is blocked immediately for use when the USB stick is removed.
One further new development is that of software tokens for mobile phones that are pushed to users when they are needed via SMS. For many people, mobile phones are central to their personal life and are highly valued. They are also being used for an increasing range of applications, including mobile banking and payments. By providing on-demand tokens via SMS they can now be extended to be a form of identification, avoiding the need to carry an extra piece of equipment such as a token or smart card. By using these types of tokens, users can authenticate to the network any time required and from anywhere, with no requirements for installing software on the devices or management of tokens.
For any strong, two-factor authentication deployment to be successful, it requires an efficient system to automate the processes involved in deploying and managing implementations. This is done through a central management console that automates tasks such as provisioning users with accounts and credentials and that integrates with other technology controls in use in the organisation to ensure that secure access can be provided to all computing resources used. Through centralised management, much of the complexity and hidden administration costs are removed. And, by tying authentication controls into security policies set and through reporting on all events that occur, organisations can more effectively determine that security controls are working as required.
As with types of tokens, such management systems are also evolving. Whereas management systems have to this point been provided as server-based systems managed on an organisation’s premises, new cloud-based authentication management services are coming onto the market, provided on a utility subscription model. Rather than the traditional upfront purchasing of software and necessary hardware to run it on, organisations using a cloud-based service just pay for the amount that they use in a particular month, and can scale their requirement up or down as necessary. This means that strong authentication services can now be procured at lower cost, making their use affordable for even the smallest or most distributed of organisations.
The evolution does not stop there. As cloud-computing authentication services continue to develop, they will evolve into open authentication platforms, accepting authentication mechanisms from multiple vendors. This will allow an organisation to sign up to the services and then provide two-factor authentication tokens to employees, customers and suppliers that are not limited just to the specific services that they offer, but that could be used for accessing services offered by other organisations that are business partners. When combined with industry standards such as the security markup assertion language specification developed by the OASIS Security Services Technical Committee, the promise of identities being seamlessly federated among multiple service providers will be possible. The commercial attractiveness of this is that a company can offer a wide portfolio of services under a single brand, where the services are actually delivered using a white label arrangement by third parties.
The themes outlined in this article are discussed in greater detail in a new report from Quocirca, commissioned by CRYPTOCard, that is freely available for download here: The evolution of strong authentication.
By Fran Howarth, principal analyst, security and information governance, Quocirca
At VMworld in California this week, the topic de jour was, unsurprisingly, cloud computing. VMware wants to be the underpinning to internal and external clouds, using the capabilities of its growing management suite to service the needs of such a dynamic platform.
VMware does have a pretty impressive set of capabilities in this market, with its hypervisor, its ability to manage the provisioning and movement of images around a virtualised environment and so on. And, on the whole, the vendor does seem to understand a lot of the issues that cloud brings to the fore.
But, Quocirca was left with a few worries.
For example, VMware’s chief executive, Paul Maritz has a concern himself. Putting an application in the cloud is one thing, but what if the cloud platform provider runs into trouble and you need to pull it out again? To Maritz, the analogy is like a line from the Eagles’ song, Hotel California: “You can check in any time you like, but you can never leave”.
But is this how the cloud will work? Is it really going to be a platform-as-a-service (PaaS) model, where users will still own the application and provision it to a virtualised hardware platform owned by someone else? Indeed, a number of chief executives from service providers stood up on stage and put forward this model repeatedly. When you look at the names involved – the likes of Savvis and Verizon, it is not surprising. These service providers come from the managed hosting environment – they have already built their models on providing environments on which people run their own software. But is the market ready to change? Quocirca believes so, and we see it as far more likely that the cloud will be essentially a functional platform model, where the user subscribes to the use of a set of functions, rather than to a set of hardware capabilities.
In this case, the application is not owned by the user at all – the cloud provider owns it. All the user is doing is subscribing to a set of functional services. This is the way that the Salesforce.com approach works, along with the likes of Concur, Netsuite and others. The software becomes (relatively) immaterial – the way that it “does” things becomes far more key.
If it is a functional platform, then we also run in to issues as to how the “function” is provided. Are we still looking at an “application” per se, or are we now looking at a collection of services from which an aggregate application or process-focused stream of functions are provided, either from a single provider, or drawn from across a whole set of providers? It is far more likely that the cloud will go in this direction, with the likes of Google with Docs, Apps and Wave, Microsoft Azure with its Live services and other functional models “wrapping” functions up in a manner where users can call them at will to facilitate solutions to immediate problems. Sure, this will need some form of underpinning in the means of a process engine, and here players such as Cordys are taking steps to ensure they are first in line. Cordys has managed to place its Process Factory capability into the Google environment, enabling process flows to be visualised and managed, and for functions to be called and aggregated as required from within the Google cloud environment.
For VMware, this presents a bit of an issue. If the user has no control over the “application” itself, the market ceases to be one of “help me as a user to do virtualisation” to one of “help me as a service provider meet the needs of my users”. True, cloud providers will need to provision and move functions around their own cloud to meet the needs of dynamic workload, but costs here become more of an issue, as the end result is not seen as being pure value-add in itself. And, if the application is actually an aggregation of smaller functional services, VMware has a different problem – which is perhaps why it has just acquired SpringSource.
SpringSource itself bought another company, Hyperic, which provides functionality for managing Java-based applications (SpringSource provides tools for writing applications in the Java environment). If Hyperic can be rolled in to the VMware management environment, then VMware gets closer to being able to manage a service-based environment. A combined vSphere, vCenter and Hyperic will provide a solid capability for service providers to manage applications in their virtual environment.
VMware’s current ace in the hole is that the management of the virtual environment by the incumbent systems management vendors such as IBM Tivoli, CA, BMC and HP still leaves much to be desired. The majority use VMware’s own capabilities to manage a VMware virtual platform through APIs. Therefore, VMware has currently got a solid market in being either the main management provider for virtualised environments, or at least the main gateway to it. But, this will change as Microsoft becomes more of a play in the market and 100 per cent VMware platforms become more hybridised with Hyper-V in certain areas. Indeed, a further issue is that VMware can’t, as yet, manage Microsoft hypervisors or images.
The lack of capability to manage the physical environment, even at a basic level, is the biggest threat to VMware. Essentially, it is left to the incumbents. But these incumbents know their futures depend on managing the virtual environment, whether it be VMware, Microsoft, Citrix, Parallels or whoever. Rest assured that each physical management vendor is working hard on replication VMware’s capabilities, and as they do, the need for VMware’s management tools becomes less obvious.
As Maritz himself stated, VMware needs to move up and down the stack. The purchase of SpringSource moves VMware into the application arena. But the moving down in to the physical world was glossed over – as far as VMware is concerned, it is IBM’s, CA’s, BMC’s or HP’s domain. A partnership (or acquisition) of a company such as LANDesk or Numara could provide a quick solution to this issue.
Maritz knows that the hypervisor is fast becoming a commodity – he stated that VMware has to chase the cost curve down. The main focus is on how to make the VMware virtual world so much better an experience than anyone else’s. This is admirable in itself, but as the physical management players improve their virtual capabilities, VMware runs the risk of being squeezed between the rock and the hard place.
Without taking on the physical world, could the sainted Maritz be facing a different Eagles song – Heartache Tonight ?
By Clive Longbottom,service director, Quocirca
The “largest, deepest, longest recession” in history looks like it was overblown – Germany and France are already out of recession, and it is likely that the UK will follow soon - at least at a technical level. Therefore, it should follow that we’re going to see an upturn in IT spend – just in time to pay for cloud computing initiatives, Windows 7 installations and to re-animate projects put on hold in 2008/9 as the money ran out.
But hang on – fiscal drag will still have a big part to play here, in the form of the cyclical nature of funding for IT.
The main financial calendars are either January to December or April to March. Therefore, the main discussions on budgets will take place between September and December ready for a January budget, or between January and March for an April one.
So we’re just about entering the main period of budget discussions. Will they be looking at the financial outlook and saying: “OK - it’s all over; take a chunk of money and throw it at non-essential IT work”? Doubtful. First, there will need to be proof that what we are seeing is a real recovery. Many experts do not think that what we are seeing is a typical “V” or “U” shaped recovery, where we hit the bottom and then recover cleanly. In fact, looking at how the stock indices are climbing too rapidly, we’re likely to see another mini-collapse, leading to a “W” shaped recovery, where we have to go down again before we can climb out in a sustainable manner.
Even when the recovery is shown to be sustainable, IT will not be the major focus for the majority of companies. Cutbacks have been on capital expenditure on production items, on skills and resources, on inventory, on sales and marketing. These are far more the lifeblood of the business than the perceived amount of value of the benefits of any implementation of new technology. The main focus will be on rebuilding cash flow, on investing in the immediate needs of marketing and sales, on renewing equipment that is constraining the business’ capabilities.
Does this mean that 2010 will be a complete wilderness for IT expenditure? Not really – but it does mean that IT vendors will still need to bring innovative offers to the fore, with flexibility in means of payment and maintenance as sweeteners to the deal. It is still likely that we will continue to see attrition among IT vendors and channel organisations, with user organisations being far more in the driving seat of negotiations than they have for the last decade or so.
However, organisations cannot afford to try and stand still completely with no technological investment. Point investment in areas that back up and facilitate the major needs of the business will still be needed - such as support for marketing campaigns, investment in technology that can reduce the cost of carrying out standard business processes, or investment in technologies that enable organisations to do more with their existing IT assets.
Virtualisation is still likely to be a hotspot, as will expenditure on systems management that can bridge the physical/logical divide. Process automation should still do reasonably well, and newer, cheaper business intelligence is still seen as a strong performer. Outsourcing is a real winner, as organisations look at the cost of maintaining older internal infrastructures, while also looking at the cost of keeping up with the pace of change of technology in areas such as virtualisation, cloud and software as a service. More and more organisations are realising that IT is not a core competency for them, and that they should therefore look towards placing responsibility for the technology to those whose business relies on it – such as outsourcers. The main focus here has to be not to do it for pure cost reasons: do it for the reason that the outsourcer can do the function better than you can, do it because the outsourcer can be more flexible for the future than is possible in house. In the mid-to-long term, money will be saved – but more to the point, sales and margin will be improved, so generating more profit to the business.
It is unlikely that 2010 will see the re-emergence of the big IT project. Point solutions are going to continue to be the order of the day, with only the brave, rich or stupid implementing massive platform changes just for the sake of it.
Next year’s budget discussions should be far more interesting in IT terms. The build up of business pressures will mean that old infrastructures will be nearing breaking point, and the pressure will move to IT investment to remove constraints on the business. Companies will find themselves heavily constrained by monolithic applications that are stopping them from competing effectively against the rest of the market. In 2011 and 2012 – providing that no further financial calamities occur – we should see big projects coming back. The question is, who will be around to service these? Will we still be looking to the enterprise application vendors such as Oracle and SAP, to cloud computing service providers such as Google and Amazon, to super-hybrid managed service providers sitting in massive co-location datacentres hosting and aggregating multiple solutions from others, or will there be new incomers showing the way?
Well, that’s a different matter - watch this spot for a view on that.
By Clive Longbottom, service director, Quocirca
Governments and vendors alike seem to be rushing to build new cities, or retro-fit old ones to be new “digital cities”, with the latest and greatest super-fast connectivity, communication and collaboration capabilities and so on all shoe-horned into a few square miles of a country’s real estate. Already, we have seen the retro-fitting of cities such as Bristol in the UK, Helsinki in Finland, Antwerp in Belgium as well as Chennai and Pune in India and Shanghai in China to be as “digital” as possible.
Alongside these are plans for new, “eco-sustainable” digital cities, such as Dongtan in China and King Abdullah Economic City in Saudi Arabia – although the actual “sustainability” of the ideas in these plans leaves a lot to be desired.
Surely all of this is to be praised, as cities become centres for technological advancement and a place for improvement in the educational and economic opportunities available to a country’s inhabitants? The problem is that the long term impact on each country is not really being looked at – nor is history being considered as to previous shifts in power and the impact such initiatives had on countries.
Take the UK for example. As the birthplace and heartland for the industrial revolution, the UK has a lot to offer as a historical lesson to the rest of the world. Cities such as Bristol, Manchester, Sheffield, Liverpool and Glasgow grew phenomenally during the industrial revolution, pulling in people from surrounding villages to become employees for the new, vibrant companies in these cities. However, such growth overwhelmed the capabilities of basic services to keep up, and sanitation, housing and quality of life suffered. Not only this, but the new employees had come from other places – a migration which left those places under-supported.
As the majority came from rural environments, it was farming that was hardest hit, and the move of agricultural workers from being overall positive producers of food and other commodities to being industrial net consumers created food shortages and famine which took a great deal of time and eventually the automation of farming to overcome.
But all of this was some time back – so why should we be worried now? Sure, Finland, the UK and Belgium aren’t going to suddenly see an influx of agricultural workers leaving their villages to arrive in the cities – all of this did happen so long ago that the retro-fit of technology is probably a good thing. The legacy of the industrial revolution followed by the financial services revolution of the 20th century still leaves a chasm between the North and the South of the UK, which may begin to be bridged by technology. But for emerging countries, where the backbone of the economy is still agriculture, the same old problems are happening again and again.
Chennai’s and Pune’s populations have doubled in less than 10 years, as outsiders pour into the cities in search of jobs. Shanty towns house a large number of such migrant workers, and families are broken apart as men go to the cities to search for work, leaving women and children in the villages. If families do move in to one of the cities as a unit, then it is often the case that the women and children will either end up as beggars, or working for next to nothing in sweat-shop conditions: surely not what is being aimed at through the introduction of new technology?
Some vendors talk about these digital cities being more of a “hub” than an entity on their own, but many of these hubs are only connected to other major cities, so creating a series of large cities struggling to maintain water, electricity and sanitation services to the city populations. However, others such as Sri Lanka are taking an alternative approach, trying to maintain the overall structure and environment for the country as a whole while providing improvements as the population needs it. For example, Sri Lanka has a high bandwidth wired and wireless network across the island, as well as redundant high capacity international links, and its network of “Nenasalas” – a growing number of local IT centres (over 600 as of July 2009) where locals can learn and use technology – means that there is less need for the population to move from where they are to any large conurbation: they can stay in their villages and use the technology to improve their lot.
And again, this aim of improving the individual’s “lot” is key. The West’s determination to turn every child into a graduate, every graduate into an entrepreneur, every entrepreneur into a boss just isn’t sustainable – even in the west. Inspirational as this goal might be, for emerging countries, it could be disastrous to go down this route. To move rapidly from agriculture to a technical economy needs more than just centres of technology – the whole supporting infrastructure, the whole approach to how the new technocrats will be supported, even at just a food level – has to be addressed first. Far better to address the existing aspirations of the individual, and maximise these to the overall good of the country. If an individual is a farmer, then why not aim to make them a better farmer? If they are a net producer, then why not help them to become more efficient net producers, not tempt them to become net consumers?
Here, micro-investment organisations such as Kiva and Oikocredit provide seed money for such individuals to take steps towards their dreams – not someone else’s. Technology can be a major enabler: for example, simple email or SMS can enable such individuals to talk to others in the locality that they may not have known about before, exchanging not only ideas but, for example, cereal crops for meat, root crops for fish and so on, or to get together as a co-operative to be able to offer greater volumes or greater choice of produce to commercial outlets. Why not identify export capabilities for them to gain higher margins for excess production not needed within the country itself? Call it entrepreneurial if you want – but at least it’s keeping the focus on where it is needed, a sustainable, community-based system.
One thing is for sure: today’s mega cities, such as Mumbai, Mexico City, Manilla and others cannot cope with a continuing influx of migrants from the rural communities. Even those cities where a degree of investment has been made in infrastructure, such as Pune, Chennai and Shanghai, are struggling. For a countries population to exchange grinding financial poverty, but a food-positive existence for grinding financial poverty combined with complete food poverty is not a viable or sustainable future.
Digital cities, if not planned correctly so as to be an enabler of the village community could bring whole countries to their knees. Digital technologies, applied across a whole country with the needs of the individual and the country in mind, can create a sustainable and viable future.
By Clive Longbottom, service director
The telephone was invented in 1876; phone tapping in the 1890s. Today, phone tapping is widespread. A report issued by the Interception of Communications Commissioner of the UK found that 253,557 applications were made in the last nine months of 2006 by 653 state bodies that are authorised to intercept phone calls, including local councils tapping the phones of persons suspected of illegal acts such as fly-tipping, benefit fraud and rogue trading.
However, the use of phone tapping is no longer the preserve of governments or the military and cheap, easy-to-use equipment is now available to anyone who wants to use it. This can be seen in the growing number of headlines related to phone tapping escapades.
In the most recent scandals, the phones of civilians have been compromised—ranging from journalists by the secret service in the Netherlands, to journalists themselves tapping the phones of 2,000 to 3,000 politicians and celebrities in the UK. In Italy, phone tapping is particularly rife and has led to many having details of their personal conversations splashed across the headlines. It was through the use of phone taps that top football clubs such as Juventus were implicated in a massive game-fixing scandal that had severe consequences for many of the major Italian teams. As a result of that scandal, an Italian communications security technology vendor Caspertech reported sales of its products increased by 100%, with 60% of sales made to individuals, whereas they were previously exclusively to government and military agencies. Another example is the fall of the Peruvian cabinet in January 2009 after politicians were implicated in the rigging of multimillion dollar oil contracts through tapping the phones of lawyers and businessmen.
Reliance today on phones, and in particular on smart mobile phones and VoIP, is high and growing fast. Such phones are now commonly used for a variety of applications, including mobile commerce and banking, making them ever more important for conducting our daily lives. With significant money now changing hands, awareness of security issues is growing fast. These issues include the dangers of malware such as viruses, or of programs that can capture data being input via the phone’s keypad. Many of these security issues are similar to those affecting any compute devices connected to IP-enabled networks.
But there is one security issue that is unique to the telecommunications sector—that of eavesdropping on conversations. During the Second World War, the US and UK governments developed campaigns under slogans such as “Loose lips might sink ships” and “Careless talk costs lives” to encourage citizens to be careful about what they say and to whom.
In today’s world, that second slogan could perhaps be better worded as “Careless talk costs profits”. A recent article by Quocirca outlines the perils of discussing business deals in a crowded railway carriage (Keeping on the right track--even railway carriage walls have ears). But the problem with phones is that eavesdropping can easily be done electronically. Any search of the internet will bring up hundreds of products that can be cheaply and easily used to intercept phone calls.
Any organisation that encourages the use of mobile and portable devices for remote working should put in place policies regarding how such equipment should be used and the safeguards that should be taken to protect them. Such policies should address both the social aspects of communications, such as not using mobile phones to discuss business deals in crowded places, and the security technologies that should be in place to secure communications. Of these, encryption is a key tool that should be considered for all portable devices—and mobile phones are no exception.
Encryption technologies available for mobile devices include those that encrypt the data in files and folders on smart phones. Such products will enable an organisation to shield itself from data loss should the smart phone be lost or stolen. Vendors offering such capabilities include TrustDigital, Credant, McAfee, SafeNet and Sophos.
However, newer encryption products are starting to make headway in the market that actually encrypt the traffic in transit, such as the phone conversation between two devices equipped with the same encryption software to protect the callers from eavesdropping. Some of these products are offered as specialised devices, such as those from Caspertech, although there are also new solutions coming onto the market that install software on standard mobile or landline phones, such as the encryption products available from recent start-up Cellcrypt.
The use of standard mobile phones and smart phones will make this an attractive option for companies wishing to retrofit their existing phones with encryption capabilities for ensuring that sensitive conversations regarding such things as intellectual property, or merger and acquisition arrangements, cannot be eavesdropped. As organisations today grapple with keeping their sensitive digital information safe from loss or theft, the same standards of security should be applied to one of the commonest form of business communication—voice.
By Fran Howarth, principal analyst
Can social networking actually be useful? There are plenty of claims made about Twitter’s usefulness for getting concise messages to a broad audience or using LinkedIn to track down old colleagues who may be able make an introduction to a new prospect. But what about direct benefits – such as finding quick solutions to problems or getting better deals on products?
It seems that the lesson from systems management vendor Spiceworks is - yes it can. Spiceworks has a business model that sounds very bubble 2.0. It provides a set of systems management tools for free and makes its cash by other means. But can Spiceworks actually return a profit where Facebook, Twitter and many others have not? Spiceworks is a private company with VC backing and does not disclose its profitability, but having gone through two rounds of capital raising, it says it has no need for a third.
Spiceworks helps small businesses manage their IT systems - its target market is organisations with 20-500 employees. Some 700,000 users have installed the product and registered as users - as opposed to having just downloaded it - so there seems to be something in it. A browse though some of the customer reviews at the Spiceworks Community supports this.
Spiceworks is a hybrid deployment. Much of the functionality for actual systems management, which, to be clear, is carried out by the users themselves, comes from software installed on-premise. Spiceworks claims users can get the product up and running in 20 minutes or so. The online component is about providing the community support. It is with the latter bit that “IT gets social”, as Spiceworks likes to put it. The Spiceworks Community allows users to help each other solve problems, see what products others are relying on for their IT needs and share reviews and best practices.
Spiceworks makes its money in three ways:
Spiceworks is not unique; there are many other systems management tools including some that are fully online such as NTRadmin, which have the same potential, but as this is a paid-for service so there is less pressure to use the community itself to make money.
We have all got used to advertising and other intrusions from online service providers in return for free online services. Spiceworks is making it work for IT management, what next? Perhaps we will see accounting get social? Watch this space.
Bob Tarzey is a director at analyst Quocirca