Archive for the ‘software development’ Category
In Search Of The Mobile Enterprise
The new mobile business model — with anytime, anywhere transactions and a blurring of lines between corporate and individual — can make your IT organization feel like it has lost control. For all the good that comes with mobilizing your workforce, there are challenges: maintaining security and compliance, managing multiple device platforms and addressing complex mobile requirements.
You can’t throw a rock these days without hitting a new smartphone or tablet device.
Last week, it was the iPhone 5 and the new Kindle Fire HD. Tomorrow, HTC’s expected to introduce some new mobile products.
And Apple still has yet to introduce the Apple “mini” iPad, currently expected in October.
The move to mobile computing raises some intriguing questions about the nature of work. What is it? Where does it take place?
As someone who’s worked their entire career at IBM, I can certainly attest to the idea that here, increasingly, work is not a place you go but what you do.
I’ve spent nearly nine full years working from my home, and several of those years, spent at least a week a month living (and working) in airplanes.
As the IBM “Services for the Mobile Enterprise” team recently observed, the new workplace is now undeniably a mobile enterprise.
CIOs On Mobile: 66% Plan To Increase Mobile Investments in 2012
Which makes it no big surprise that 66 percent of CIOs plan to increase investments in mobile services in the next year.
And of course, there’s the “BYOD” movement to contend with (“Bring Your Own Device”), with employees expecting whatever device they have to fit into their corporate environment.
This new mobile business model, with anytime, anywhere transactions and a blurring of lines between corporations and individuals, can send IT folks into a conniption fit.
Despite all the goodness — for employees, management, and most importantly, the bottom line — there are challenges that accompany this mobilization of the workforce.
Issues such as maintaining security and compliance. Managing multiple device platforms. Addressing complex mobile requirements.
IBM recently released this interactive infographic that has some interesting statistics I thought worthwhile sharing here.
To start, 35 percent of the world’s total workforce is expected to be mobile by 2013.
Here in the U.S., up to 72.2 percent of workers are already plugged in remotely.
This year, some 43 billion mobile applications are expected to be downloaded.
And yet on average, mobile workers spend only a total of 28 minutes a day on technology distractions…there’s too much work to do, otherwise!
The Mobile Upside: 240 Extra Hours Worked Per Worker Per Year
And here’s the upside bonus for you managers: Such mobile workers work an average of 240 extra hours per year.
But as the infographic observes, with those benefits come expectations.
This new mobile generation of workers demands flexibility. Today’s employees expect to use their own devices and applications at work to access information and social networks at will. They even value this flexibility more than a higher-paying salary (Can you say “Mobile enables work/life balance?”).
Cisco’s Connected World Technology Report in 2011 found that 66 percent of workers said they would take a job with less pay and more flexibility in device usage, access to social media, and mobility than a higher-paying job without such flexibility.
Mobile Presents New Challenges
So, as businesses work to embrace these new productive mobile work habits, they must also face the requisite challenges asscoated with the growing number of devices, networks, and applications. Enterprises need a solution that intertwines cross-platform compatibility, security, cost management, compliance, and the inevitable complexity.
By way of example, 21 percent of mobile workers say they have experienced a security issue related to their smartphone (lost, stolen, hacked, virus) in the last year alone.
Fifty-four percent of enterprises rate security and authentication as one of the two top concerns for their mobile environments.
Seventeen percent say they need to meet compliance/regulatory requirements in mobile environments.
And yet 45 percent of IT departments say they aren’t prepared policy- and technology-wise to handle this more borderless, mobile workforce.
Bridging Your Mobile Gap
To overcome those challenges, enterprises need an experienced partner with a strategy capable of spanning the distance between mobile advances and existing infrastructures.
Those early adopters are leaping ahead: They’re already experiencing 20 percent cost savings and productivity improvements.
And 75 percent of CIOs say mobility solutions are a top priority of theirs for 2012.
On the mobile front, IBM workers are walking their own mobile talk, connecting to 10 different networks located around the world, and with 100K+ of them connecting using their own handheld devices (using at least five supported device platforms).
IBM’s own app store, Whirlwind, offers over 500 applications and was recognized by CIO Magazine with the “CIO 100 Top Innovation Award.”
All of that experience IBM has had with its own mobile enablement has informed and shaped the company’s customer-facing mobile initiatives, both through product development and through the introduction of its mobile services offerings.
IBM can help your staff develop the right strategy and governance and deliver a wide range of mobile enterprise services to create a more productive, connected workplace.
You can read about some of those offerings here.
(Almost) Live From IBM Innovate 2012
I wasn’t able to make it down to Orlando for the IBM Innovate event, as I’m preparing to participate in an annual Watson family rite: My father’s annual member-guest golf tournament. We won the competition two years ago for the first time, and last year, not so much.
So, this year I’m out for …. well, not blood. Just a much lower golf score.
However, I wasn’t too busy to check in and watch some of the tidings from Innovate 2012 via the Livestream coverage, then chat about it with mi amigo Scott Laningham, who is holding down the broadcasting fort quite nicely.
If you’re a frequent viewer of our podcasts (or even if you’re not), you ought to get a kick out of my persona: A laptop sitting on the sofa with a picture of me. We tried to use Skype video to do the back and forth, but the Internet connection on the ground simply wasn’t big enough for my booming persona!
Thanks to Scott and Jesse and the crew on the ground in Orlando for helping me participate. It’s not easy being the virtual me, especially when I cannot decide which pair of shoes to wear!
IBM Expands Collaborative Software Development Solutions to Cloud, Mobile Technologies
At IBM Innovate in Orlando earlier today, the company announced a range of new software solutions that will help clients create software applications faster and with higher quality across multiple development environments including cloud, mobile, and complex systems.
The software world’s push toward continuously evolving systems necessitates consistency and collaboration across the entire software lifecycle and supply chain. Often software development teams are struggling to meet business expectations due to a lack of hard facts.
There is a need for shared data and a consistent context across organizational boundaries, exposed through clear and honest metrics.
To address these challenges, IBM is introducing a new version of its integrated software Collaborative Lifecycle Management (CLM) solution with extended design management capabilities.
CLM is built on IBM’s open development platform, Jazz, and brings together IBM Rational Requirements Composer, IBM Rational Team Concert, and IBM Rational Quality Manager in one easy-to-install and easy-to-use solution. The new CLM software ensures that software design is integrated with the rest of the software application development lifecycle.
Development teams are now able to seamlessly collaborate on the design and development of software with key stakeholders from across the business.
According to preliminary findings of an IBM Institute for Business Value Global Study on software delivery, more than three-fourths of the participating organizations said they are underprepared for major technology trends that will impact their competitiveness.
These trends include the proliferation of mobile devices, the ability to leverage cloud-based resources for flexibility and savings, and the growing percentage of smart products with embedded software. While 50 percent of organizations believe successful software delivery is crucial to their competitive advantage, only 25 percent currently leverage it.
“Today’s business dilemma is how to address both the need for rapid delivery and sufficient control in the software development process,” said Dr. Kristof Kloeckner, general manager, IBM Rational. “We must balance the need for speed and agility with better governance to manage cost and quality, achieve regulatory compliance, ensure security, and have some level of financial predictability.”
Top Bank in China Transforms Core Processes
China Merchants Bank (CMB), headquartered in Shenzhen, China, has over 800 branches, more than 50,000 employees and is cited as one of the world’s top 100 banks. China Merchants Bank environment spans IBM System z and IBM Power platforms.
With geographically dispersed developers responsible for modernizing core banking and credit card processing applications, collaboration became essential. CMB uses IBM Rational CLM software capabilities to create a multiplatform application lifecycle management (ALM) environment to help automate their development processes and breakdown skills silos for effective cross-teaming.
“IBM Rational Developer and ALM tools were brought into our credit card migration and core banking system project,” said Zhanwen Chen, manager of configuration management, China Merchants Bank. “Replacing older tools and coordinating the efforts of our 1,000+ developers improved our quality and performance.”
DevOps in the Cloud
In a typical organization, it may take weeks or months to deliver a development change, due to infrastructure and configuration, testing and manual deployment, and lack of collaboration between development and operations teams.
Continuous software delivery in the cloud allows customers to continuously and automatically deliver changes across the enterprise software delivery lifecycle, spanning development, application testing and operations. With a “DevOps” approach in the cloud, customers can reduce time to market and automate changes in development, test and production.
IBM is supporting cloud delivery, development and operations with new solutions, including:
- IBM Rational solution for Collaborative Lifecycle Management on IBM SmartCloud Enterprise provides an agile cloud computing infrastructure as a service (IaaS) well suited for development and test that is designed to provide rapid access to secure, enterprise-class virtual server environments.
- The IBM SmartCloud Application Services pilot provides a pay-as-you-go service that coordinates activities across business and system requirements, design, development, build, test and delivery.
- IBM SmartCloud for Government Development and Test Platform as a service delivers industry-leading Rational tools for government agencies in a highly scalable, elastic computing environment for agencies that want the cost savings of a shared cloud environment combined with Federal Information Security Management Act (FISMA) security.
- IBM SmartCloud Continuous Delivery managed beta via a hosted sandbox in the cloud, provides a hands-on-experience of DevOps capabilities enabling accelerated code-to-deploy through automation, standardization of repeatable processes and improved coordination and visibility among development, test and operations teams.
- IBM SmartCloud Application Performance Management software provides comprehensive monitoring and management capabilities that enable development and operations professionals to reduce costly troubleshooting. It also provides free resources to focus on developing new innovations and services for customers. With this tighter integration, application issues can be found and resolved faster, but also proactively prevented to avoid future service disruption.
Enterprise Mobile Development
IBM Rational CLM has also been extended to the IBM Mobile Foundation platform for centralized code sharing and distributed mobile application development.
Currently, fragmentation of mobile devices, tools, and platforms complicates delivery of mobile applications that typically have faster time-to-market and more frequent releases.
The IBM Enterprise Mobile Development solution helps teams apply an end-to-end lifecycle management process to design, develop, test and deploy mobile applications while enabling seamless integration with enterprise back-end systems and cloud services through mobile-optimized middleware. The Enterprise Mobile Development solution brings together several offerings that optimize the recent Worklight acquisition as well as IBM enterprise development environments, including:
- Rational Solution for Collaborative Lifecycle Management
- IBM Worklight Studio 5.0 and IBM Worklight Server 5.0
- Rational Application Developer v8.5
- Rational Developer for System z v8.5
- Rational Developer for Power Systems v8.5
- IBM Application Center 5.0
- Android SDK and Emulator
Green Hat Technology in New IBM Test Automation Solutions
Today’s applications and manufactured products put additional pressures on development teams to find innovative ways to attain agility and increase the rate that software updates are delivered for testing.
IBM has integrated the recently acquired Green Hat technology with IBM Rational CLM to help address the challenges of testing highly integrated and complex systems and simplify the creation of virtual test environments.
New IBM test automation solutions use virtualized test environments and can reduce costs associated with the setup, maintenance and tear down of infrastructure associated with traditional testing or cloud based implementations.
Over a Decade of IBM Software Development Leadership
For the eleventh consecutive year, IBM has been named the number one shareholder in the worldwide application development software market according to Gartner with 25 percent of the market.
Gartner reported that IBM continues to lead in key and growing segments includingDistributed Software Change & Configuration Management, Requirements Elicitation and Management, Design and Java Platform AD Tools, and realized 25 percent growth in the Security Testing (DAST & SAST) market.
Additionally, according to Evans Data Corporation’s Users’ Choice: 2012 Software Development Platforms, for the overall platform rankings, IBM’s Rational continues its reign as the most highly rated overall offering, an honor they have obtained 6 in the last 7 years in this Evans Data survey of 1,200 developers globally.
IBM & Syracuse: Building Critical Software Development Skills
If you’ve been watching any of the Livestream coverage emerging from the IBM Innovate event down in Orlando, you know that skills is a key issue facing software development shops everywhere. The need for new and changing skills, skills for new platforms and development languages, skills to help pull it all together.
Today, IBM made an announcement from Innovate that it is working to help address the skills issue in a new partnership with Syracuse University intended to help college students build computing skills to manage traditional and new systems in large global enterprises.
As business value creation increasingly shifts to software, the skills needed to tackle disruptive technologies like cloud and mobile computing, particularly for enterprise-class, large industrial systems, have become critical.
Lack of employee skills in software technologies is cited as the top barrier that prevents organizations from leveraging software for a competitive advantage, according to initial findings in IBM’s Institute for Business Value 2012 Global Study on Software Delivery.
And according to IBM’s 2012 Global CEO Study, including input from more than 1,700 Chief Executive Officers from 64 countries and 18 industries, a majority (71 percent) of global CEOs regard technology as the number one factor to impact an organization’s future over the next three years — considered to be an even bigger change agent than shifting economic and market conditions.
Syracuse GETs Skills
Syracuse University’s Global Enterprise Technology (GET) curriculum is an interdisciplinary program focused on preparing students for successful careers in large-scale, technology-driven global operating environments.
IBM and a consortium of partners provide technology platforms and multiple systems experience for the GET students. IBM’s Rational Developer for System z (RDz) and z Enterprise Systems help students build applications on multiple systems platforms including z/OS, AIX, Linux and Windows.
“Our students need to build relevant skills to address the sheer growth of computing and Big Data,” said David Dischiave, assistant professor and the director of the graduate Information Management Program in the School of Information Studies (iSchool) at Syracuse University. “These courses and the IBM technology platform help prepare students to build large global data centers, allow them to work across multiple systems, and ultimately gain employment in large global enterprises.”
Close to 500 students have participated in the Global Enterprise Technology minor since its inception. Syracuse University’s iSchool is the No. 1 school for information systems study, as ranked by U.S. News and World Report, and serves as a model for other iSchools that are emerging around the globe.
Back To The Mainframe Future
More than 120 new clients worldwide have chosen the IBM mainframe platform as a backbone of their IT infrastructure since the IBM zEnterprise system was introduced in July 2010.
The zEnterprise is a workload-optimized, multi-architecture system capable of hosting many workloads integrated together, and efficiently managed as a single entity.
Syracuse University is a participant in IBM’s Academic Initiative and was a top ranked competitor in IBM’s 2011 Master the Mainframe competition.
As today’s mainframes grow in popularity and require a new generation of mainframe experts, the contest is designed to equip students with basic skills to make them more competitive in the enterprise computing industry job market.
IBM’s Academic Initiative offers a wide range of technology education benefits to meet the goals of colleges and universities. Over 6,000 universities and 30,000 faculty members worldwide have joined IBM’s Academic Initiative over the past five years.
Warning Against Your Insecurities: The 2011 IBM X-Force Trend And Risk “Poltergeist”
WARNING: This is an exceptionally long post intended for security and privacy geeks everywhere, including sys admins, Internet security hawks, CIOs, and innocent but interested bystanders everywhere. No web servers were hacked in the preparation of this report: at least, none by me!
Okay, troopers, it’s that time of year again. You know, the time when IBM releases its report card for security incidents, the X-Force Trend and Risk Report.
Google has the search “Zeitgeist” every year, we have the security “poltergeist!”
This time around, we’re looking back at the wild and wacky 2011, a year which showed surprising improvements in several areas of Internet security. Improvements, you ask? Surely you jest, Turbo.
This figure from the 2011 IBM X-Force Trend And Risk Report shows a steady decline in the instances of input control related vulnerabilities such as cross-site scripting (XSS) and SQL injection since X-Force began recording these statistics in 2007. In 2011, the statistics suggest that the likelihood of encountering XSS in a given test continues to decrease but shows signs of leveling out at approximately a 40 percent chance of occurring. Injection vulnerabilities and specifically SQL injection appears to have leveled out at around a 20 percent chance of occurring in a given test.
No, no, there IS some good news. Like a reduction in application security vulnerabilities, exploit code and spam.
But, good news leads to less good news on this front, as many of you who follow security well know, because the bad guys are being forced to rethink their tactics by targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices.
The Top Line: Less Spam, More Adaptation
To get specific, the X-Force 2011 Trend and Risk Report demonstrated a 50 percent decline in spam email compared to 2010.
2011’s poltergeist saw a diligent patching of security vulnerabilities by software vendors, with only 36 percent of those vulnerabilities remaining unpatched in 2011 (compared to 43 percent in 2010). The year also saw a higher quality of software application code, as seen in web-app vulnerabilities called “cross-site scripting” that were half as likely to exist in clients’ software as they were four years ago.
So, the net is, the bad guys are adapting their techniques to the changing tech environment. The report uncovered a rise in emerging attack trends including mobile exploits, automated password guessing, and a surge in phishing attacks.
It also witnessed an increase in automated shell command injection attacks against web servers, which may well be a response to successful efforts to close off other kinds of Web app vulnerabilities.
The Security Landscape Glass Half Full: Decrease In Unpatched Vulnerabilities, Exploit Code, And Spam
Getting even more specific, according to the report, there are several positive trends as companies adjusted their security policies in 2011:
- Thirty percent decline in the availability of exploit code. When security vulnerabilities are disclosed, exploit code is sometimes released that attackers can download and use to break into computers. Approximately 30 percent fewer exploits were released in 2011 than were seen on average over the past four years. This improvement can be attributed to architectural and procedural changes made by software developers that help make it more difficult for attackers to successfully exploit vulnerabilities.
- Decrease in unpatched security vulnerabilities. When security vulnerabilities are publicly disclosed, it is important that the responsible software vendor provide a patch or fix in a timely fashion. Some security vulnerabilities are never patched, but the percentage of unpatched vulnerabilities has been decreasing steadily over the past few years. In 2011 this number was down to 36 percent from 43 percent in 2010.
- Fifty percent reduction in cross site scripting (XSS) vulnerabilities due to improvements in software quality. The IBM X-Force team is seeing significant improvement in the quality of software produced by organizations that use tools like IBM AppScan OnDemand service to analyze, find, and fix vulnerabilities in their code. IBM found XSS vulnerabilities are half as likely to exist in customers’ software as they were four years ago. However, XSS vulnerabilities still appear in about 40 percent of the applications IBM scans. This is still high for something well understood and able to be addressed.
- Decline in spam. IBM’s global spam email monitoring network has seen about half the volume of spam email in 2011 that was seen in 2010. Some of this decline can be attributed to the take-down of several large spam botnets, which likely hindered spammers’ ability to send emails. The IBM X-Force team witnessed spam evolve through several generations over the past seven years as spam filtering technology has improved and spammers have adapted their techniques in order to successfully reach readers.
The Security Landscape Glass Half Empty: Attackers Adapt Their Techniques in 2011
Even with these improvements, there has been a rise in new attack trends and an array of significant, widely reported external network and security breaches.
This figure from the 2011 IBM X-Force Trend And Risk Report shows an increase in mobile operating system exploits in 2011 due to an uptick in malicious activity targeting mobile devices. Because of the two-tiered relationship between phone end users, telecommunications companies, and mobile operating system vendors, disclosed mobile vulnerabilities can remain unpatched on phones for an extended period of time, providing a large window of opportunity to attackers.
As malicious attackers become increasingly savvy, the IBM X-Force documented increases in three key areas of attack activity:
- Attacks targeting shell command injection vulnerabilities more than double. For years, SQL injection attacks against web applications have been a popular vector for attackers of all types. SQL injection vulnerabilities allow an attacker to manipulate the database behind a website. As progress has been made to close those vulnerabilities – the number of SQL injection vulnerabilities in publicly maintained web applications dropped by 46 percent in 2011– some attackers have now started to target shell command injection vulnerabilities instead. These vulnerabilities allow the attacker to execute commands directly on a web server. Shell command injection attacks rose by two to three times over the course of 2011. Web application developers should pay close attention to this increasingly popular attack vector.
- Spike in automated password guessing – Poor passwords and password policies have played a role in a number of high-profile breaches during 2011. There is also a lot of automated attack activity on the Internet in which attacks scan the net for systems with weak login passwords. IBM observed a large spike in this sort of password guessing activity directed at secure shell servers (SSH) in the later half of 2011.
- Increase in phishing attacks that impersonate social networking sites and mail parcel services – The volume of email attributed to phishing was relatively small over the course of 2010 and the first half of 2011, but phishing came back with a vengeance in the second half, reaching volumes that haven’t been seen since 2008. Many of these emails impersonate popular social networking sites and mail parcel services, and entice victims to click on links to web pages that may try to infect their PCs with malware. Some of this activity can also be attributed to advertising click fraud, where spammers use misleading emails to drive traffic to retail websites.
Emerging Technologies Create New Avenues for Attacks
New technologies such as mobile and cloud computing continue to create challenges for enterprise security.
- Publicly released mobile exploits rise 19 percent in 2011. This year’s IBM X-Force report focused on a number of emerging trends and best practices to manage the growing trend of “Bring your Own Device,” or BYOD, in the enterprise. IBM X-Force reported a 19 percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. There are many mobile devices in consumers’ hands that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers. IT managers should be prepared to address this growing risk.
- Attacks increasingly relate to social media – With the widespread adoption of social media platforms and social technologies, this area has become a target of attacker activity. IBM X-Force observed a surge in phishing emails impersonating social media sites. More sophisticated attackers have also taken notice. The amount of information people are offering in social networks about their personal and professional lives has begun to play a role in pre-attack intelligence gathering for the infiltration of public and private sector computing networks.
- Cloud computing presents new challenges - Cloud computing is moving rapidly from emerging to mainstream technology, and rapid growth is anticipated through the end of 2013. In 2011, there were many high profile cloud breaches affecting well-known organizations and large populations of their customers. IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data. Cloud security requires foresight on the part of the customer as well as flexibility and skills on the part of the cloud provider. The IBM X-Force report notes that the most effective means for managing security in the cloud may be through Service Level Agreements (SLAs) because of the limited impact that an organization can realistically exercise over the cloud computing service. Therefore, careful consideration should be given to ownership, access management, governance and termination when crafting SLAs. The IBM X-Force report encourages cloud customers to take a lifecycle view of the cloud deployment and fully consider the impact to their overall information security posture.
The IBM X-Force 2011 Trend and Risk Report is based on intelligence gathered by one of the industry’s leading security research teams through its research of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011.
“In 2011, we’ve seen surprisingly good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. “In response, attackers continue to evolve their techniques to find new avenues into an organization. As long as attackers profit from cyber crime, organizations should remain diligent in prioritizing and addressing their vulnerabilities.”
You can learn more about IBM Security Solutions here.
turbotodd
