IBM Raises The Stakes In Business and IT Continuity Services

Stephanie Balaouras

Stephanie Balaouras

IBM announced today that it was spending US$300 million to build out 13 data centers in 10 countries in 2008 - IBM refers to these sites as "Business Resilience service delivery centers". These centers will certainly help IBM deliver more of its traditional IT recovery services but they will also support the next generation of IT continuity services - repeatable, scalable, productize services such as online backup and virtual recovery.  These types of services don't require massive capital investment in an inventory of heterogeneous server and storage platforms, instead the service provider can focus its efforts on building a scalable pool of virtualized servers and shared storage built with industry standard components.

Read more

Microsoft and BearingPoint see space to play in the Enterprise GRC market

Chris McClean

Chris McClean

Earlier this week in a joint press release, Microsoft and BearingPoint announced the new BearingPoint Enterprise Governance, Risk, and Compliance product offering. Ok... it will be a while before the more veteran enterprise GRC vendors start really losing sleep over this deal. But BearingPoint continues to be a top risk consulting firm, and Microsoft’s reach through the business user community will be an attractive benefit for compliance and risk professionals trying to get hundreds or thousands of staff members to contribute to the GRC program. There’s potential here for sure.

Read more

Categories:

Traditional Disaster Recovery Services Are Dead

Stephanie Balaouras

Stephanie Balaouras

If you still subscribe to fixed site recovery services using shared IT infrastructure from the likes of HP, IBM BCRS, or SunGard, among others, you will quickly become a dinosaur in the next 1 to 2 years.

These types of shared infrastructure services involve lengthy restores from tape and a recovery time objective of 72 hours, at best. Plus, you'll be lucky if you recover at all because chances are, you've had trouble scheduling a test with your service provider and it's been a LONG time since the last one, if indeed you’ve ever tested.

72 hours recovery just doesn't cut it anymore. And frankly, understanding your provider's oversubscription ratio to shared infrastructure to determine the risk of multiple invocations, or attempting to negotiate exclusions zones and availability guarantees is a time suck. Most companies are either taking DR back in-house or, if they still rely on a DR service provider, they are using dedicated infrastructure.

Read more

Categories:

Upping The IPS Ante

John Kindervag

My colleague at Forrester, Chris Silva, recently commented upon the recent Air Defense acquisition by Motorola.  Looking at the deal through the security lens, I completely agree with Chris that this will help ease integration of wireless security into wireless infrastructure.  It's good to see one of the major wireless brands step up and take wireless security seriously.  Perhaps that other major wireless vendor will get the hint...

Upping The IPS Ante


Motorola announced this week its intentions to acquires Wireless IDS/IPS vendor AirDefense.
The acquisition may provide a bit of deja vu to readers who recall the
acquisition of Network Chemistry's wireless IDS/IPS assets by Aruba
Networks in 2007.

Read more

Categories:

Get Involved Now In Cloud Computing Discussions

A Culture of Compliance

Wireless as Fashion

John Kindervag

As a security guy, I’ve spent a lot of time thinking about the security ramifications of wireless connectivity.  Wireless has evolved from a single protocol, 802.11b, to a veritable alphabet soup loosely defined as "Mobility."  We now have 11a/b/g and maybe n, Bluetooth, RFID, CDMA, Wi-Max, and a bunch of other stuff that all provides wireless access, often without even a thought of security.  As people scramble to have the latest, coolest, most connected devices in the company, they are tossing security right out the window.

Read more

Power Outages Are A Major Risk That Most Companies Overlook

Stephanie Balaouras

Stephanie Balaouras

TechCrunchIT reported today that a Rackspace data center went down for several hours during the evening due to a power grid failure. Because Rackspace is a managed service provider (MSP), the downtime affected several businesses hosted in the data center.

When companies think of disaster recovery and downtime, they typically think of catastrophic events such as hurricanes, tornadoes, and earthquakes. What companies don't realize is that the most common cause of downtime is power failures. In a joint study by Forrester Research and The Disaster Recovery Journal of 250 disaster recovery decision-makers and influencers, 42% of respondents indicated that a power failure was the cause of their most significant disaster declaration or major business disruption.

Read more

Deduplication Hits The Mainstream

Stephanie Balaouras

Stephanie Bottom line for IT Infrastructure and Operations professionals? Your next purchase of a backup-to-disk appliance or backup software will have integrated deduplication functionality, given the slew of announcements from all the major storage players. It’s no longer just pioneering vendors Data Domain and Diligent beating the deduplication drum — it’s all the major storage vendors.

 

 

In addition, based on the direction of NetApp, you need to start thinking about how the rest of your storage environment would benefit from integrated deduplication functionality like your VMware environment (server and desktop) or end-user home directories.

 

 

NetApp plans to introduce integrated deduplication technology in its NearStore VTL some time this year. In the meantime, the company is promoting the availability of deduplication on its production FAS storage systems and touting the huge benefits of deduplication in VMware environments.

 

 

Read more

Cisco's Path In Entitlement Management

Andras Cser

Andras Cser

While waiting for the pan-out of the Cisco System's acquisition of Securent, I can't help but wonder how Cisco is going to develop the Securent technology in its future products. Will the Securent policy engine (PDP) be used 1) as a main point for policy management and enforcement for network equipment, OR 2) will they continue using the product along the 'Securent-intended' path: enforcing fine grained application level policies by integrating policy enforcement points into applications, OR  3) managing fine grained authorizations on the network layer (without the need to open up applications), similarly to BayShore Networks, Autonomic Networks, and Rohati Systems? Without a comprehensive identity and access management offering (IAM), Cisco will probably be fit best to do 1) and 3) described above. This seems most consistent with Cisco's background and culture.