This morning, US President Barack Obama unveiled the outlines of a change in direction for US cyber-security policy. The first announcement relates to the creation of a new military command that will centralize and expand on existing cyber-war-fighting capabilities. This is overdue, and should bring more coherence to efforts that were already spread out between several different military branches, notably the Army, Navy and Air Force), and the intelligence services. The NSA, for example, has long had a “red-team” offensive capability in addition to defensive corps. As I understand it, the new military cyber-command will reside in the Department of Defense. Less clear is whether the new organization will just be a military operation, or whether it will also take over parts of the intelligence services’ capabilities.
The second part of today's announcements, the Cyberspace Policy Review, seeks to reform the way the US Government secures itself, its agencies and critical infrastructure like the stock exchanges. As reported in a story in the New York Times, the reforms will create a new office residing in the White House that will report to both the National Economic Council and the National Security Council. The remainder of this blog post analyzes what the plan, which was unveiled at 11 today, recommends.
What is a Smart Grid? It's an interconnected network of electric stations, substations, and meters that communicate with one another and exchange information. The concept utilizes wireless sensor networks, software, and computing to enable utilities to see how much and where energy is being consumed, and if there are problems or blackouts in the network. More importantly, it lets customers manage their electricity consumption. But what does it mean to security and risk management? President Obama has called for the installation of 40 million smart meters and 3,000 miles of transmission lines. This means that technology vendors like Cisco Systems and IBM will be front line players in implementing networking intelligence for the electric system.
Despite the availability of multiple backup appliances supporting deduplication, Data Domain has continued to win customers at a steady pace. As of March 2009, the company had more than 2,900 customers and recruited hundreds of value added resellers. Its proven deduplication technology, integrated replication, and aggressive campaign to eliminate tape garnered it a tremendous amount of mind share and put it on most customers’ short lists. So it comes as no surprise that they were acquired by a major storage vendor.
That it was acquired by NetApp does come as a bit of surprise. NetApp does have its own successful VTL that supports deduplication. But then again, NetApp didn’t introduced deduplication in its VTL until the Fall of 2008 (the last of the major storage vendors to do so) and it typically sells its VTL into its own customer base. With Data Domain, NetApp now owns one of the toughest competitors in the backup appliance market and it gives the company a system that it (and the hundreds of NetApp channel partners around the globe) can sell into non-NetApp environments.
Trusted Network Connect (TNC), which is the working body of Trusted Computing Group (TCG) today announced extensions to the security architecture with new open source standards for remote access (IF-T), non-TNC enabled endpoints, and Security Assertion Markup Language (SAML) interface. TNC has collaborated with NAC vendors to standardize solutions that work with hybrid network components — NAC switches, appliances, and software agents. The TNC standards could integrate with any device that produces identity and policy information. In essence creating a repository of policy based on identity and behavior of the user which is completely transferable to any system via SAML interfaces. This work is specifically aimed at easing the deployment woes of many organizations that host diverse vendor solutions like Cisco, Microsoft, ProCurve Networking by HP, Juniper, Oracle, Symantec, McAfee, and so on….
Forrester’s IT Forum EMEA 2009 — to be held 3-5 June at the Maritim Hotel in Berlin — focuses this year on "redefining IT's value to the enterprise". As with our research, Forrester's focus is on providing credible and actionable advice, so all attendees will have the opportunity to meet individually with Forrester analysts to discuss the issues most important to you. In addition, we have terrific featured speakers to provide case studies and best practices: