Hackers Vs. Executives Is Back

Rick Holland

Our next installment of "Hackers vs. Executives" is just weeks away.  Join us at the Forrester Security Forum and sit in on one of the most popular sessions of the event each year. We have a great panel lined up for you.  In the Hackers corner, we have Chase Cunningham of Neustar and Brian Gorenc of HP Tippingpoint DVLabs.  In his hacking demo, Chase will use social engineering, packaged exploit delivery, and credential harvesting to show you how open source data can create avenues for hackers to attack users and ultimately compromise your network.  In his hacking demo, Brian will provide an in-depth look at what it takes to analyze a vulnerability and the steps required to weaponize it.  Centering on a vulnerability in a Microsoft application, the demo will show you how an attacker can quickly move from proof-of-concept to remote code execution.

In the Executive corner, we have Richard Bejtlich of Mandiant and Steve Martino of Cisco Systems. Richard and Steve will discuss what these types of attacks mean to Security & Risk professionals, including how your organization can prepare and respond to them.  John Kindervag and I will moderate the panel. There will be great discussion and you will have the opportunity to ask questions of all of our panelists. It will be a fantastic session; one you won't want to miss.  Please join us in Las Vegas on May 25th from 11:05 to 12:40. Take a look at the Security Forum website for more details. John and I hope to see you there.

NASDAQ OMX Acquires BWise… Where Is GRC Headed?

Chris McClean

Last week saw news that yet another top GRC software vendor has been acquired, following in the footsteps of Paisley, Archer, OpenPages, among others. BWise has always been an impressive vendor in the GRC space, so first off I think congratulations are in order for both parties.

That said, if you didn’t foresee NASDAQ getting into the GRC software space coming, don’t beat yourself up… after seeing the large technology vendors and content providers enter the space over the past 3 years, this wasn’t an obvious move. But looking a little deeper, NASDAQ’s move makes sense for a couple reasons:

-          NASDAQ’s target market cares about GRC. NASDAQ lists its target roles as marketing/corporate communications, board and corporate secretary, investor relations, and corporate finance. All of these roles have a vested interest in better controls, stronger risk management practices, and improved corporate governance.

-          BWise has always focused on the “G” of GRC. More than any other of the top GRC software vendors, BWise targeted governance professionals with capabilities such as entity management.

-          There are immediate integration possibilities. Among NASDAQ’s corporate solutions are products for board management, whistleblower reporting, and XBRL filing. BWise has a host of capabilities (issue management, process management, policy management, reporting, etc.) that could quickly add value to implementations of those products.

But, as always with a deal like this, both parties will have to show the market how they will address some key questions:

Read more

Categories:

ARM Arrives – Calxeda Shows Real Hardware Running Linux

Richard Fichera

I said last year that this would happen sometime in the first half of this year, but for some reason my colleagues and clients have kept asking me exactly when we would see a real ARM server running a real OS. How about now?

 To copy from Calxeda’s most recent blog post:

“This week, Calxeda is showing a live Calxeda cluster running Ubuntu 12.04 LTS on real EnergyCore hardware at the Ubuntu Developer and Cloud Summit events in Oakland, CA. … This is the real deal; quad-core, w/ 4MB cache, secure management engine, and Calxeda’s fabric all up and running.”

This is a significant milestone for many reasons. It proves that Calxeda can indeed deliver a working server based on its scalable fabric architecture, although having HP signing up as a partner meant that this was essentially a non-issue, but still, proof is good. It also establishes that at least one Linux distribution provider, in this case Ubuntu, is willing to provide a real supported distribution. My guess is that Red Hat and Centos will jump on the bus fairly soon as well.

Most importantly, we can get on with the important work of characterizing real benchmarks on real systems with real OS support. HP’s discovery centers will certainly play a part in this process as well, and I am willing to bet that by the end of the summer we will have some compelling data on whether the ARM server will deliver on its performance and energy efficiency promises. It’s not a slam dunk guaranteed win – Intel has been steadily ratcheting up its energy efficiency, and the latest generation of x86 server from HP, IBM, Dell, and others show promise of much better throughput per watt than their predecessors. Add to that the demonstration of a Xeon-based system by Sea Micro (ironically now owned by AMD) that delivered Xeon CPUs at a 10 W per CPU power overhead, an unheard of efficiency.

Read more

The Future Is Sweet For SugarCRM

Kate Leggett

SugarCRM was kind enough to invite me to its analyst day and conference — a three-day event packed with product, strategy, customer, and partner information. The firm’s focus was clearly on its momentum into the enterprise. Here are my thoughts:

  • The CRM market still has room to grow. Sugar used IDC’s numbers to project CRM market growth: $18.74 billion for 2012, $19.97 billion for 2013, and $21.37 billion for 2014. Even though CRM vendor solutions are mature, the CRM market has not stagnated.
  • The SugarCRM 6.5 product. Today, SugarCRM has 1 million users, has seen 11 million downloads, is used by 80,000 organizations, and has 350 partners on five continents supporting the product. Its newest release focuses on usability and performance enhancements. It offers simplified navigation, an enhanced UI design, a new search framework with integrated full-text search, new calendaring and scheduling capabilities, IBM platform support, and deeper integration with third-party apps. Although the product lacks advanced social features and robust analytics, it does provide solid, well-rounded CRM capabilities.
  • The open source focus. Open source is more than a movement. It provides results by allowing its 30,000-large developer ecosystem to evolve the product in line with customer demand. “Open” is also part of Sugar’s culture — for example, pricing is readily available on its website, and you can try the product for free.
Read more

The New Design-Driven Development Landscape

Michael Facemire

How did we get from single-channel desktop apps…

In the not-too-distant past web-centric software development had a standard workflow between designers and developers.  This was possible because there was a single delivery channel (the web browser) and well-established development constructs. Design patterns like Model-View-Controller had well known coding counterparts such as Java Server Pages, the JSP Standard Template Library or Struts.  But now, the introduction of mobile computing has significantly altered this design-development workflow.  The key disruptor is the need to target multiple mobile devices with a common set(s) of source code. Regardless of whether devs use a single HTML5/CSS3/JS implementation or native implementations on iOS and Android, there’s a greater burden on designer than in the web-centric past.  What’s worse, the success or failure of mobile apps is more dependent on the complete user experience than ever before.  This new reality requires a major shift within development organizations.

…to multi-channel mobile apps?

Read more

Categories:

IBM Rounds Out Its Linux Offerings With Power Linux

Richard Fichera

In the latest evolution of its Linux push, IBM has added to its non-x86 Linux server line with the introduction of new dedicated Power 7 rack and blade servers that only run Linux. “Hah!” you say. “Power already runs Linux, and quite well according to IBM.” This is indeed true, but when you look at the price/performance of Linux on standard Power, the picture is not quite as advantageous, with the higher cost of Power servers compared to x86 servers offsetting much if not all of the performance advantage.

Enter the new Flex System p24L (Linux) Compute Node blade for the new PureFlex system and the IBM PowerLinuxTM 7R2 rack server. Both are dedicated Linux-only systems with 2 Power 7 6/8 core, 4 threads/core processors, and are shipped with unlimited licenses for IBM’s PowerVM hypervisor. Most importantly, these systems, in exchange for the limitation that they will run only Linux, are priced competitively with similarly configured x86 systems from major competitors, and IBM is betting on the improvement in performance, shown by IBM-supplied benchmarks, to overcome any resistance to running Linux on a non-x86 system. Note that this is a different proposition than Linux running on an IFL in a zSeries, since the mainframe is usually not the entry for the customer — IBM typically sells to customers with existing mainframe, whereas with Power Linux they will also be attempting to sell to net new customers as well as established accounts.

Read more

Playbook: Achieve Cloud Economics For Operations And Services

John R. Rymer

Cloud computing has reached an inflection point for enterprises — a comprehensive strategy for its use is now required. Until now, most companies had adopted cloud services in an ad hoc fashion, driven mostly by business leaders and developers looking to deliver new systems of engagement they felt could not be delivered by corporate IT — or in the time frame required. These ad hoc experiences prove that cloud solutions are now ready to be strategic resources in enterprise business technology portfolios. Only CIOs can help the business strike the right balance between the agility, efficiency, security, compliance, and integration that's required for a successful cloud strategy.

This research introduces our Playbook approach to our cloud research, describing how to execute an enterprise cloud strategy from vision to planning to implementation through to ongoing optimization. It is the Executive Overview to our Playbook on achieving cloud economics, setting the context for 12 reports by Forrester analysts that address each major phase of the transformation.

Cloud computing in its various forms is helping many CIOs drive greater business responsiveness. Enough so that most enterprises have adopted cloud computing in some form — usually a collection of software-as-a-service offerings. But cloud solutions now offer cost optimization, security, and quality of service for the full range of enterprise requirements, not just tactical needs. Thus, it is time to make cloud strategic, rather than a disconnected set of initiatives. How? CIOs need a playbook to create, implement, and optimize an end-to-end cloud strategy. This cloud strategy must achieve three goals:

Read more

CISOs Must Act As The Glue Between BC, DR, And Security

Stephanie Balaouras

During the past three years, you may have noticed that security and risk professionals have added a new term to their lexicon – business resiliency. Is this just an attempt by vendors to rebrand business continuity (BC) and IT disaster recovery (DR) in much the same way that vendors rebranded information security as cybersecurity to make it seem sexier and to sell more of their existing products? Some of it certainly is rebranding. However, like the shift in the threat landscape from lone hackers to well-funded crime syndicates and state sponsored agents that precipitated the use of the term cybersecurity, a real shift has also taken place in BC/DR.

If you look up the term “resiliency” in the dictionary, it’s defined as “an occurrence of rebounding or springing back”. Thus, business resiliency refers to the ability of a business to spring back from a disruption to its operations. Historically, BC/DR focused on the ability of the business to recover from a disruption. Recovery implies that there was in fact a disruption, that for some period of time, business operations were unavailable, there was downtime as the business strove to recover. Resiliency, on the other hand, implies that an event may have affected the business’ operations, perhaps the business operated in a diminished state for some period of time, but operations were never completely unavailable, the business was never down.

Read more

Active Directory Moving To The Cloud?

Andras Cser

We hear a lot about cloud IAM vendors offering metadirectories or user repositories in the cloud. We predict that in 1-2 years we'll see AD being moved from on-premises installations into cloud based services. This has a benefit of simpler provisioning, higher availability, muc, much easier support for federation both into SaaS applications and with business partners. Today the only technical difficulty is latency of access to AD in the cloud from on-premises applications, but we believe this will be resolved by some type of customer premises equipment (much like the reverse of Symplified's Identity Router today).  Moving AD into the cloud will also have a huge impact on reducing the cost of AD management and improving delegated administration by providing easy-to-use web interfaces.

Are You An Enterprise Architecture Success Story?

Alex Cullen

Some enterprise architecture programs become a key capability for the success of their business: ensuring aligned plans, shaping business transformations, or boosting the business value of IT. But other EA programs struggle, with nebulous missions, immature practices, and limited impact.

If the first statement describes your EA program, I’d like to invite you to submit your story for the InfoWorld/Forrester Enterprise Architecture Award.InfoWorld/Forrester Enterprise Architecture Award image

This will be the third year of the awards program. Past winners have ranged from global banks to government ministries, from American Express to USAA, and from Singapore to Switzerland. These organizations have become a rich source of best practices and a demonstration of what a high-performance EA program is capable of.

We have a theme for the 2012 awards: EA programs that are business-focused, strategic, and pragmatic — and demonstrate this through their practices and the value they deliver. There are many ways in which EA can show this: partnering with business transformation efforts, developing business-relevant road maps, orchestrating their business’s information assets, increasing business agility — the list is long. As with past years, submissions will be judged by your peers — heads of successful EA programs, including previous winners.

Read more