Monthly Archives: November 2011

Who’s watching out for you? EMC RSA shutting down phishing.

By Clive Gold, CTO Marketing, EMC Australia and New Zealand

Just a quick note as there is an interesting podcast from EMC RSA, to mark the fact that they have now shut down half a million phishing attacks! That has to have a major impact on the ‘profitability’ of on-line crime! (Podcast here).

Highlights:

  • As of November 2011, the RSA Anti-Fraud Command Centre has officially shut down over 500,000 cyber-attacks around the world.
  • Phishing      volume dropped nearly 40 per cent in October.  This decline was mainly due to a drastic reduction in the number of phishing attacks targeting brands that were heavily attacked in September.
  • U.S.nationwide banks continue to be the most heavily targeted, accounting for 4 per cent of attacks in October.
  • This month’s highlight takes a look at how phishing has evolved in the past ecade and how attacks have become more sophisticated and targeted over      time.

Worth the time it takes and includes some advice for you as an individual.

Advertisements

Big Data is changing Insurance. Can you change your industry?

By Clive Gold, CTO Marketing, EMC Australia and New Zealand.

Are you a smart IT leader who can transform your industry? Here is an example of one…

I mentioned a couple of weeks ago that I’ve taken up cycling and talked about accidents during the ‘MS Gong’ ride. So I thought I would do the sensible thing and insure my new bike and myself while riding.

I found an interesting insurance company called “Real Insurance” they offer cycling insurance but they also offer consumption based car insurance! The idea is to pay for the km that you travel rather than some generic risk assessment value.  So the insured’s car monitors the km travelled and reports to the company that adjusts the monthly premium. Here they are able to reduce the premium and lower their risk as it’s obvious that the less you drive the lower the risk of an accident. Interesting start!

Next I hit the web and found that international organisations have taken the next step. They are using in-car telemetric data to ‘judge’ the drivers behaviour. For example; what time of day/night are they driving, how fast do they go, how quickly do they accelerate, break, etc. The insurance company now has data about the individual. This fine grain data allows them to move the risk assessment from a ‘generic’ driver behaviour, (probably classified by age and sex), with a large standard deviation, to an assessment of the individual’s actual behaviour.

The thing I realised is that this is a fantastic example of how ‘big data’ is put into operation. Firstly the business of insurance is all about risk! Profitability and competiveness of an insurance company is simply based on its ability to assess and manage risk! Then I’m imagining some smart CIO sat down and thought, “How can I use data to improve our assessment of risk?” and in a blinding moment of inspiration they saw that they could transform the industry by removing the ‘generic’ assumptions of drivers behaviours by metering and monitoring it!

Lastly, I believe that these companies provide a device that plugs into the car to monitor this. So I know my smartphone has the required sensors to do this job, so I’m wondering how long before an insurance company simply has an app you run on your phone that does the same thing?

My question to you, is what is the ‘essence’ of your organisation, and how can today’s ‘Big Data’ improve this?

Time to hire a 20 year old CIO!

By Clive Gold, CTO Marketing, EMC Australia and New Zealand

Last week, I attended another CIO lunch! (It is a tough job, but someone has to do this!). Yet again the conversation turned to the challenges and perils of the ‘consumer devices’ popping up all over the network. Then it struck me, the discussion is all wrong!

How many times have you heard or read about the issues in adopting the iPad into an organisation? (The security concerns and legal issues of wiping the device of both business and personal data.) As one participant yesterday said, “We have an SOE, and we will not deviate from this!”, that is when it struck me! People are trying to enforce an old control on a new paradigm.

We all understand why the ‘SOE’ became a popular way to control support costs and enable a ‘lockdown’, from a security point of view. Now the BYO issue has broken the model and as IOS/Android operating systems are not as mature, they don’t allow the same level of lockdown and policy setting as ‘legacy’ devices. This seems like a stumbling block and the approach is one of glass is half empty!

I would argue that this focus on the device is misdirected and what people really want is the new experience. If you delivered a self-service, rich-content, simple, ‘app’ oriented, always on, always connected user experience … there would be no demand for iPads! (Bold statement so please retort!)

Dropbox was mentioned and the room ‘sighed’, given the control and security issues with this type of service. However, EMC has a 10MB limit on the size of mails I can send, (I can’t put together a half decent presso today without blowing this!), so how do I sent that presentation to anyone? “Apply for an FTP server login!” was the IT helpdesk answer! Sure I said and clicked on box.com, problem solved for the price of an e-mail address!!

EMC is getting this, you can download EMC Folio from the app store to get a new-generation interface into information that is on our various web pages. Simple quick and rich content delivery. Internally I use an app called “EMC Wire” which gives me a single interface into about 6 different information sources, (internal and external), in one simple, quick and rich content way!

So the discussion is about application modernisation and the new user experience, not about the device itself. Now to fully understand this in context of the ‘social media’ revolution, I think you need new eyes, and so hire a 20 year old CIO.. to provide a completely new perspective!

Putting Sizzle into Storage is Fun!

By Clive Gold, CTO Marketing, EMC Australia and New Zealand

I’m pumped from what happened yesterday!  We had a ‘VNX Demo Day’; just got a whole bunch of people into the Sydney Solution Centre and showed them what VNX can do. We only did an overview, so it took three hours, but we just wanted to tease people and have them come back for more.  Anthony Pepin, Dean Jackson and one of EMC’s virtualisation guys, David Lloyd did an amazing job of setting up and hamming it up, to keep everyone interested and entertained. (Maybe we’ll turn our Canadian Dean into something like that other EMC Canadian @sakacc!; also note @romant at the back txt’ing me “This is bloody great!!”)

Why am I so pumped? Because we turned a number of people from the dark side! In particular a gentleman from the public service, who I knew was only there to demonstrate ‘impartiality’, as they are going to market to replace their mid-tier storage arrays. The session started, (if you have ever been in a session with me you know I try keep it interactive), and he is the first with the loaded question, “Does VNX do block-based-deduplication?”, the answer ‘No’.. a little smile on his face… but then we show file-system deduplication and compression and the effect on the whole array.. and introduce the 25% guarantee program.. and he goes quiet.

This goes on a few more times, loaded question.. quick demonstration of capability.. and he gets a little bit quieter!! Gotta love that after tea not only did no more questions arise, but he looked completely engaged and started taking furious notes and the body language compelely different!! Wow, to me that is a good day.. to take someone from a bigoted one-eyed view of the world to accepting and learning what is out there!

The best part.. not one PowerPoint and not one canned/recorded demo! These guys did everything live and in real time, want this, click here.. need that, click there.. boom.. performance graphs responding appropriately. Well done guys!

IT Security: Our Mindset is not apt for APT!!

By Clive Gold, CTO Marketing, EMC Australia and New Zealand

We all know that our perception is clouded by our biases, and we are biased by our past experience. I’m sure you have had those moments when ‘everything’ changes, those “aha” moments when something is said or you see something that changes your perception, which removed those filters!

In the security or the IT trust world, we need to have one of these moments. Today so many people have built up their filters and their mindset based on the past experience of ‘keeping the bad guys out!”  At EMC we extended this idea a number of years ago, not only did we want to “stop the bad guys from having a good day”, but to also put in the systems to help, “the good guys, from having a bad day!” In the past this provided not only a way to keep the bad guys out, but to protect the good guys from inadvertently letting stuff leak.

Today, the issue is this thinking, while important is not sufficient. You have to assume that the bad guys are in! The advanced persistent threat landscape is evolving and looks like its spreading from strategic targets to looking for commercial gain!

Dr Karl, in a podcast from the ABC recently spoke about the stuxnet attack of June 2010. Listening to Karl’s explanation, (here), you soon realise how much resource must have been put into creating this attack. For example he mentioned that stuxnet used three zero day vulnerabilities out of a total of about two dozen discovered in 2010! A big investment!

Well what happens after the big realisation that the baddies are in your environment. First, your mindset changes, secondly your approach to protection is questioned and thirdly you look at the problem with new eyes. The thing to realise is you are not alone; many are going down this path before and with you. EMC RSA held a summit recently to talk about what, where and how organisations are addressing this new world. Some indication of what was discussed is here, and what is interesting is the willingness of competing organisations to sit down and discuss what they are doing.

So join the discussion there is so much good info out there like RSA blog, here, as well as numerous hits on your favourite search engine!

Benchmarks? Is, “Mine bigger than yours!”, still valid?

By Clive Gold, CTO Marketing, EMC Australia and New Zealand

There has been a recent spate of ‘benchmark’ results released in the storage industry. (EMC is certainly there, (here), (here) and (here), so I’m not distancing us from this.) One of these caused a massive blog post by a competitor who picked up on an obvious PR-copy writer’s blunder, trashing the result.  Someone commented on the blog that the typo was obvious in the release as it expanded on the headline number, (which by the way was almost double this particular vendor’s best effort).  So after wiping the proverbial egg off his face, he said he had not read the whole release, (not even the very next sentence which made the mistake obvious, wow!)! So it was a lot of fun to watch happen, but it also started me thinking how relevant the pure ‘speed test’ was today and going forward?

My answer is yes, if done right there is significance to these tests, but to be useful they need to provide you with information that is useful within your context. For example..

  • Has the test been ‘ratified’ by the industry? – I remember years ago when I worked for a server manufacturer we continuously ran TPC-A and TPC-C test suites. (Transaction Processing Council). These tests were for OLTP and DW workloads and provided a ‘typical’ performance metric for each, designed and ratified by end-users.
  • Is the ‘result’ metric applicable to my decision? – The TPC test results were both maximum transactions as well as $/Transaction. With these numbers you could see if you could do your work and how much it would cost!

Today, in storage there are a number of tests that have stood the test of time! Like the SPEC benchmarks, (here), which strangely enough have become more popular with file-protocols being used in virtual environments. Compared to benchmarks that have been developed by storage vendors for the storage vendors to show how massive the number they can generate; I’m not convinced about the applicability of these to real world use-cases.

New technologies also pose a new challenges, for example the use of solid state storage devices. While being designed to overcome write-durability and write performance issues, they introduce new performance variables. For this reason SNIA’s Solid State Storage Initiative, (SSSI) has been working on tests that will measure and profile the performance of these solid state drives. (It’s worth reading, as it turns out the way these devices are constructed impacts their performance over time as well as how they perform under different loads.)

Now, being able to evaluate the alternatives with the same yard-stick is useful, (how many km/litre does this car consume?), but is it sufficient?  I think one issue is that this idea that performance is everything, is becoming out-dated as for most traditional applications/workloads, the current generation machines will provides the performance to satisfy the requirement.  Two big points I have to make..

1)  I’m not making excuses:  EMC’s technologies currently hold the high-water mark in just about every industry standard benchmark: App performance with Oracle and SAP; Throughput with VNX, High Performance Computing with VNX, SPEC results, Energy Efficiency, etc. (And ususally by a large margin!)

2) Not all storage arrays on sale today as current-generation; To me current technology leverages FLASH, (i.e. full capability both as read/write and as cache or a tier of disk), it embraces the latest CPU technologies, it provides ‘Choice and Control’, (i.e. Connectivity, Service Level Control, etc.) and lastly it is automated, (i.e. automated provisioning, tuning FAST, auto healing, etc.)

Having said that speed is a factor, the other pieces that make up the total cost of ownership are becoming more important.

  • The environmental cost as far as energy consumption and heat output;
  • The ‘labour’ cost as far as end to end management of the system;
  • The opportunity cost as far as flexibility to meet changing organisational needs.

For example the use of EMC VNX has ramped so quickly, it has in some way taken EMC by surprise. In areas of the world where IT owns the power bill, (not in Australia!), the fact that the VNX delivers performance and storage at about 1/3rd of the next manufactures’ machines has proven to be a big success.  In ‘virtualisation savvy’ ANZ market the deep integration into the two most used flavours, (over 70 points of integration with VMware), makes the solution simpler, more functional as well as more lowering total cost of ownership.

I would think as the basic technologies continue to provide more and more raw performance, it’s about how much intelligence, integration and innovation goes into the product that will be more important than the benchmark result.

Is there more Smoke than Cloud?

By Clive Gold, CTO Marketing, EMC Australia and New Zealand

I attend a number of customer meetings and industry conferences, and recently there is a growing sentiment that cloud is more smoke than reality. (Sydney-siders will relate to this, given the smoke in the air yesterday!) What do you think?

I’m sticking to my statement that as soon as a service becomes well defined and understood, if stops being classed as cloud!

Recently a partner of EMC, BlueFire (a Dimension Data company), tripped their infrastructure supporting their backup service. Now they are in the business of providing services and you would imagine that to make a profit they need to match their capacity with their revenue, so I conclude that their Backup as a Service has tripled!

We are seeing similar growth rates with other service partners like Macquarie Telecom and their company ninefold, Telstra, Optus, etc. Who all provide a range of services from fundamental infrastructure to infrastructure services like backup and archive.

So what is missing? I was invited to a lunch by CSC, a CIO lunch, (publication as well as attendee job titles), and as with any gathering of technology folks, the conversation tuned to the cloud. The conversation in the room was confusing, many of the companies  had  adopted ‘services’ for test and development, there was a fair use of SaaS, and a number of the infrastructure services I mentioned above. (In fact timing was great, as one of the attendees, ABB engineering, had just had a case study published in the Australian.) However the feeling was that the cloud was not ready!

Then someone explained that they needed to consolidate and modernise their applications. The penny dropped for me. The market has moved up a layer into the Platform as a Servcie, (PaaS), organisations are looking to develop/re-engineer/consolidate their applications in a ubiquitous, elastic, portable, etc, environment… (Have a look at Cloud Foundry, a vmware open source initiative addressing this issue, www.cloudfoundry.com).  The issue is it’s not as clear cut and mature as they want, and as always there is vendor hype clouding the issue, (sorry). For example Oracle is saying that Fusion will provide this, moving applications between them and Amazon… I’m just not sure two vendor’s makes up an industry! Others are supporting other open-source initiatives, and here lies the problem.. there are too many initiatives. However, it would seem to me that this is the next layer in the virtualised stack and the leader in that space, VMware, has to be the front runner to become the de-factor standard, especially since they are doing this in an open way.

But please look at what is out there and the benefits you can achieve today, rather than buying into the arguments about definitions and don’t become a purists analysing the semantics, many customers are on a journey and realising the cost, functional, operational and security benefits of the different sourcing options available today and this is the next step in the journey.