Turbotodd

Ruminations on IT, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘ibm

IBM Acquires UrbanCode For Rapid Delivery Of Mobile, Cloud, Big Data & Social Software

with one comment

IBM today announced it has acquired UrbanCode Inc.

Based in Cleveland, Ohio, UrbanCode automates the delivery of software, helping businesses quickly release and update mobile, social, big data, cloud applications.

Mobile, social, big data and cloud technologies are driving demand for new, faster and more frequent approaches to software delivery. Waiting days or even months to get an update to clients is no longer acceptable.

With UrbanCode’s technology, businesses can reduce the cycle time it takes to get updates or new applications into market, from months to minutes. This approach is designed to help reduce cost and risk, while helping address changing client needs by enabling a company to rapidly incorporate feedback into and improve the overall quality of their applications and services.

Software Development As Competitive Advantage

A recent study by the IBM Institute for Business Value uncovered that almost 70 percent of companies using software development for competitive advantage outperform their peers in profitability. As innovation in software becomes more and more critical to success, businesses need a collaborative, intuitive and continual approach to development, testing and delivery.

More than half of surveyed companies agree effective software development is crucial to competitive advantage. Yet, only a quarter of companies feel they have effective methods. UrbanCode’s capabilities will help solve this execution gap with the ability to accelerate software delivery.

IBM plans to continue to support UrbanCode clients and enhance their technologies while allowing these organizations to take advantage of the broader IBM portfolio.

UrbanCode’s software is a natural extension of IBM’s DevOps strategy, designed to simplify and speed the entire software development and delivery process for businesses.

The new capabilities also enhance IBM SmartCloud and IBM MobileFirst initiatives by making it easier and faster for clients to deliver software through those channels. For example, by combining UrbanCode software with the IBM MobileFirst Worklight technology, businesses can now author and deploy an application for any mobile device in hours, versus a previous multi-day timeline.

The UrbanCode solution also works with traditional applications including middleware, databases and business intelligence.

“Companies that master effective software development and delivery in rapidly changing environments such as cloud, mobile and social will have a significant competitive advantage,” said Kristof Kloeckner, general manager, IBM Rational Software. “With the acquisition of UrbanCode, IBM is uniquely positioned to help businesses from every industry accelerate delivery of their products and services to better meet client demands.”  

“Together UrbanCode and IBM technology will be unmatched in the industry, providing businesses a continuous process for developing, testing, and delivering new and updated software,” said Maciej Zawadzki, chief executive officer, UrbanCode. “By removing the bottlenecks that traditionally exist between development teams and production systems, businesses can drive rapid innovation.”

For more information visit the IBM Rational site.

IBM 1Q 2013 Earnings

leave a comment »

I was sitting here at JFK waitin’ on a plane and IBM’s 1Q 2013 earnings came across the wire, so here goes:

  • Diluted EPS: GAAP: $2.70, up 3 percent; Operating (non-GAAP): $3.00, up 8 percent
  • Net income: GAAP: $3.0 billion, down 1 percent; Operating (non-GAAP): $3.4 billion, up 3 percent
  • Gross profit margin: GAAP: 45.6 percent, up 0.6 points; Operating (non-GAAP): 46.7 percent, up 1.0 points
  • Revenue: $23.4 billion, down 5 percent, down 3 percent adjusting for currency
  • Free cash flow of $1.7 billion, down $0.2 billion
  • Software revenue flat, up 1 percent adjusting for currency; Pre-tax: income up 4 percent; margin up 1.2 points
  • Services revenue down 4 percent, down 1 percent adjusting for currency; Pre-tax: income up 10 percent; margin up 2.0 points
  • Services backlog of $141 billion, up 1 percent, up 5 percent adjusting for currency; Closed 22 deals of more than $100 million in the quarter
  • Systems and Technology revenue down 17 percent, down 16 percent adjusting for currency
  • Growth markets revenue down 1 percent, up 1 percent adjusting for currency
  • Business analytics revenue up 7 percent; Smarter Planet revenue up more than 25 percent; Cloud revenue up more than 70 percent
  • Reiterating full-year 2013 operating (non-GAAP) EPS expectation of at least $16.70.

IBM announced first-quarter 2013 diluted earnings of $2.70 per share, a year-to-year increase of 3 percent.  Operating (non-GAAP) diluted earnings were $3.00 per share, compared with operating diluted earnings of $2.78 per share in the first quarter of 2012, an increase of 8 percent.

First-quarter net income was $3.0 billion, down 1 percent year-to-year. Operating (non-GAAP) net income was $3.4 billion compared with $3.3 billion in the first quarter of 2012, an increase of 3 percent. Total revenues for the first quarter of 2013 of $23.4 billion were down 5 percent (down 3 percent, adjusting for currency) from the first quarter of 2012. 

“In the first quarter, we grew operating net income, earnings per share and expanded operating margins but we did not achieve all of our goals in the period. Despite a solid start and good client demand we did not close a number of software and mainframe transactions that have moved into the second quarter.  The services business performed as expected with strong profit growth and significant new business in the quarter,” said Ginni Rometty, IBM chairman, president and chief executive officer.

“Looking ahead, in addition to closing those transactions, we expect to benefit from investments we are making in our growth initiatives and from the actions we are taking to improve under-performing parts of the business.  We remain confident in this model of continuous transformation and in our ability to deliver our full-year 2013 operating earnings per share expectation of at least $16.70.” 

Pre-tax income decreased 6 percent to $3.6 billion.  Pre-tax margin decreased 0.1 points to 15.4 percent.  Operating (non-GAAP) pre-tax income decreased 1 percent to $4.1 billion and pre-tax margin was 17.4 percent, up 0.8 points.

IBM’s tax rate was 15.9 percent, down 4.1 points year over year; operating (non-GAAP) tax rate was 17.3 percent, down 3.2 points compared to the year-ago period. The lower tax rate is primarily due to benefits recorded to reflect changes in tax laws enacted during the quarter, including the reinstatement of the U.S. Research and Development Tax Credit.

Net income margin increased 0.5 points to 13.0 percent.  Total operating (non-GAAP) net income margin increased 1.2 points to 14.4 percent.

The weighted-average number of diluted common shares outstanding in the first-quarter 2013 was 1.12 billion compared with 1.17 billion shares in the same period of 2012.  As of March 31, 2013, there were 1.11 billion basic common shares outstanding.

Debt, including Global Financing, totaled $33.4 billion, compared with $33.3 billion at year-end 2012.  From a management segment view, Global Financing debt totaled $25.2 billion versus $24.5 billion at year-end 2012, resulting in a debt-to-equity ratio of 7.2 to 1.  Non-global financing debt totaled $8.2 billion, a decrease of $0.6 billion since year-end 2012, resulting in a debt-to-capitalization ratio of 34.3 percent from 36.1 percent.

IBM ended the first-quarter 2013 with $12.0 billion of cash on hand and generated free cash flow of $1.7 billion, excluding Global Financing receivables, down approximately $0.2 billion year over year.  The company returned $3.5 billion to shareholders through $0.9 billion in dividends and $2.6 billion of gross share repurchases.  The balance sheet remains strong, and the company is well positioned to support the business over the long term.

Written by turbotodd

April 18, 2013 at 3:37 pm

The Masters Leaderboard Is Live!

leave a comment »

This year's Masters iPad application not only nicely mimics the real deal in Augusta...it also has a sort feature where you can look at leaders according to several categories, including "active players," "past champions," "amateur players," and even "first time participants."

This year’s Masters iPad application not only nicely mimics the real deal in Augusta…it also has a sort feature where you can look at leaders according to several categories, including “active players,” “past champions,” “amateur players,” and even “first time participants.”

That’s it, today’s the day.

The first players have already teed off at the Masters in Augusta.

Yesterday, I discussed the virtual means by which you could experience playing at Augusta National.

Today I’m going to focus on the various means by which you can follow this year’s action on and off the course.

First, and most importantly, the leaderboard.

On the Masters web site, for which IBM is the longtime technology sponsor, you can go to the virtual equivalent of the traditional Masters leaderboard.

You can also find the leaderboard on this year’s revamped iPad app, which I’m quickly leaning on as my 19th hole for following all the action from Augusta.

This year it includes live video from a number of the holes, including Amen Corner, 15, 16, as well as two “featured groups,” a Masters “in-depth” feature channel, and for those warm-ups, the driving range, and over the weekend a live simulcast of CBS’ TV coverage.

You’ll be able to access live radio, news features, and pictures from the grounds (including new 360 panoramic images that I suspect will be suitable for framing!).

As for TV coverage itself, that doesn’t start in the U.S. until 3:00 PM EST ESPN. However, live video coverage begins on Amen Corner starting at 10:45 AM on the Website and via the mobile applications, so if you’re hankering to get out to the action, that’s going to be your fastest way in.

This year, IBM is leaning heavily on its SmartCloud technology to help drive quality and continuous operations, along with the flexibility and scalability required by the Masters.

As players peak on the course, we typically see a resultant workload increase in our technology systems.

This helped lead to have the need to provision a new Presentation Services “instance,” for example, in less than 3 minutes using Tivoli Provisioning Manager, as it helps us get new virtual machine instances up and running quickly.

We are also able to move one workload to another on our POWER systems powering the Masters using our Live LPAR mobility in four minutes without service interruption.

Can you say pressure putt???

So as the tournament begins, who will I be keeping a close eye on?

Tiger, for sure.  Phil. Brandt. Rory. Graeme. Garrigus. Schwartzel. Colsaerts. Poulter. Oosthuizen. Guan (the 14 year-old Chinese kid).

It’s just an incredibly talented field, as, of course, it always is.  Length and shot shaping are always helpful at Augusta, especially right to left, but as Zach Johnson proved several years ago, shorter hitters can score (and win) if they play the right angles.

As for me, I went back and played another virtual round at Augusta last night in my Tiger Woods PGA Tour 12 and shot 2 under.

There’s hope for me yet.  That means I would currently be tied with Jim Furyk for second place in my Walter Mitty golf fantasy.  But it’s only Thursday…

Written by turbotodd

April 11, 2013 at 9:47 am

Winning In Europe And Oklahoma

leave a comment »

IBM announced a couple of nice wins these past few days.

One, a partnership agreement between IBM and Itella, a leading provider of business services in Europe and Russia.

It’s a seven-year cloud computing agreement to help Itella streamline its business operations and improve its flexibility and time-to-market, and allowing them to focus on their core business and develop new services for their clients.

Itella provides postal, logistics and financial transaction process services in Northern and Central Europe, as well as Russia.

Specifically, IBM will build a private cloud to provide hosting as well as application management and development services to Itella. With the cloud, IBM will automate basic production of technology services as well as improve the quality and management of those services.

“Through this operating model renewal, we can adopt a flexible service delivery to increase automation and introduce best practices, utilizing IBM’s world-class competence,” said Jukka Rosenberg, Senior Vice President, Itella Mail Communications. “Through the partnership, we can make our operations more efficient and cut costs, without compromising our high-quality service.”

And nearly halfway around the globe and just north of here, the great state of Oklahoma is partnering with IBM to save $15 million over the next five years and to help improve services to state residents there.

As governments institute structural changes in the way agencies measure performance and deliver services, data analytics and new delivery models can help lead the way for transformations that realize a measurable return on investment and improved quality of life.

By analyzing business processes and consolidating IT projects, IBM will help the state gain significant savings in software licensing and technology maintenance costs— resulting in an expected IT budget recovery of 30 percent.

“At a time when we all have to learn to do more with less money, IBM has been instrumental in identifying and prioritizing IT consolidation projects for the state of Oklahoma, at the same time allowing us to invest in new services for our residents,” said Alex Pettit, chief information officer, state of Oklahoma.

“IBM brought not only its extensive public sector services experience to help create the initial business case for this project, but also worked with participating agencies to verify that the new technology environment would improve mainframe service and reduce costs.”

IBM helped the state to understand the challenges of providing IT services to various agencies with diverse requirements for data management and federal reporting.

The new IT infrastructure established a model for IT compliance with federal guidelines on program data and processes, using an IBM System z mainframe. IBM also helped the state meet project funding requirements—bridging the financial gap between the initiation of the project and the cost savings.

The agreement helps ensure that the delivery of technology services is more effective and more consistent. In addition, the new infrastructure gives each agency more control over the quality, performance, and support of their technology environment.

Ultimately, the consolidation of five mainframe platforms also yielded significant savings in costs and lower lease costs. The recommended options projected an 18-30 month payback period that would save 25–30 percent of the state’s combined annual IT budget.

IBM worked with the state on a detailed analysis of the IT infrastructure and opportunities to consolidate computing capacity, storage, network, backup and disaster recovery capabilities.

The plan included development of a target architecture, establishment of a high-level roadmap, and development of a services delivery schedule between the Office of Management and Enterprise Services (OMES), responsible for operating the consolidated environments, and each state agency.  

You can learn more about other of IBM’s smarter government initiatives here, and about IBM’s cloud computing offerings the likes of which it’s building for Itella here.

Big Moves In Big Data: IBM New Data Acceleration, Hadoop Capabilities

with one comment

IBM just announced new technologies designed to help companies and governments tackle Big Data by making it simpler, faster and more economical to analyze massive amounts of data. New data acceleration innovation results in as much as 25 times faster reporting and analytics.

Click to enlarge. IBM just announced new technologies designed to help companies and governments tackle Big Data by making it simpler, faster and more economical to analyze massive amounts of data. New data acceleration innovation results in as much as 25 times faster reporting and analytics.

IBM made a significant announcement earlier today concerning new technologies designed to help companies and governments tackle Big Data by making it simpler, faster and more economical to analyze massive amounts of data. The new data acceleration innovation results in as much as 25 times faster reporting and analytics.

Today’s announcement, which represents the work of hundreds of IBM developers and researchers in labs around the world, includes an industry-first innovation called “BLU Acceleration,” which combines a number of techniques to dramatically improve analytical performance and simplify administration.

Also announced was the new IBM PureData System for Hadoop, designed to make it easier and faster to deploy Hadoop in the enterprise. Hadoop is the game-changing open-source software used to organize and analyze vast amounts of structured and unstructured data, such as posts to social media sites, digital pictures and videos, online transaction records, and cell phone location data.

The new system can reduce from weeks to minutes the ramp-up time organizations need to adopt enterprise-class Hadoop technology with powerful, easy-to-use analytic tools and visualization for both business analysts and data scientists.

In addition, it provides enhanced Big Data tools for monitoring, development and integration with many more enterprise systems.

IBM Big Data Innovations: More Accessible, Enterprise-ready 

As organizations grapple with a flood of structured and unstructured data generated by computers, mobile devices, sensors and social networks, they’re under unprecedented pressure to analyze much more data at faster speeds and at lower costs to help deepen customer relationships, prevent threat and fraud, and identify new revenue opportunities.

BLU Acceleration enables users to have much faster access to key information, leading to better decision-making. The software extends the capabilities of traditional in-memory systems — which allows data to be loaded into Random Access Memory instead of hard disks for faster performance — by providing in-memory performance even when data sets exceed the size of the memory.

During testing, some queries in a typical analytics workload were more than 1000 times faster when using the combined innovations of BLU Acceleration.

Innovations in BLU Acceleration include “data skipping,” which allows the ability to skip over data that doesn’t need to be analyzed, such as duplicate information; the ability to analyze data in parallel across different processors; and greater ability to analyze data transparently to the application, without the need to develop a separate layer of data modeling.

Another industry-first advance in BLU Acceleration is called “actionable compression,” where data no longer has to be decompressed to be analyzed.

Not IBM’s First Big Data Rodeo

The new offerings expand what is already the industry’s deepest portfolio of Big Data technologies and solutions, spanning software, services, research and hardware. The IBM Big Data platform combines traditional data warehouse technologies with new Big Data techniques, such as Hadoop, stream computing, data exploration, analytics and enterprise integration, to create an integrated solution to address these critical needs.

IBM PureData System for Hadoop is the next step forward in IBM’s overall strategy to deliver a family of systems with built-in expertise that leverages its decades of experience reducing the cost and complexity associated with information technology.

This new system integrates IBM InfoSphere BigInsights, which allows companies of all sizes to cost-effectively manage and analyze data and add administrative, workflow, provisioning and security features, along with best-in-class analytical capabilities from IBM Research.

Today’s announcement also includes the following new versions of IBMs Big Data solutions:

  • A new version of InfoSphere BigInsights, IBM’s enterprise-ready Hadoop offering, which makes it simpler to develop applications using existing SQL skills, compliance security and high availability features vital for enterprise applications. BigInsights offers three entry points: free download, enterprise software and now an expert integrated system, IBM PureData System for Hadoop.
  • A new version of InfoSphere Streams, unique “stream computing” software that enables massive amounts of data in motion to be analyzed in real-time, with performance improvements, and simplified application development and deployment.
  •  A new version of Informix including TimeSeries Acceleration for operational reporting and analytics on smart meter and sensor data.

Pricing and Availability 

All offerings are available in Q2, except the PureData System for Hadoop, which will start shipping to customers in the second half 2013. Credit-qualified clients can take advantage of simple, flexible lease and loan packages with no up-front payments for the software and systems that deliver a new generation of data analytics.

IBM Global Financing offers attractive leasing programs with 90-day payment deferrals for the PureData System for Hadoop, as well as zero percent loans for the broader portfolio of IBM big data solutions.

Talk To The Mannequin Middleman

with 3 comments

Middlemen have gotten a pretty bad wrap since the Internet came along.

First, it was the travel agents, who were one of the first to be “disintermediated” by sites like Expedia, Orbitz, etc. Why hire a person to do what a computer and network could do?

Although it turns out it wasn’t quite that easy, as we later discovered, and nearly 20 years later there are still travel agents, but they’ve evolved and often moved up the value stack in terms of their offerings. (As an example, whenever I book a scuba diving trip, I typically now use an exclusive provider of scuba vacation travel, and they’ve served me quite well…although, sigh, it’s been far too long since I went diving!)

At IBM, we’re only supposed to employ our American Express travel agents when we’re traveling overseas.  I, personally, don’t mind using our Online Travel Reservation system for planning my travel, but that Web-based system has never been the same as talking to a really good Amex travel agent, and it certainly has never made me laugh.

So this story in The New York Times caught my eye, which explains how e-commerce companies are “bypassing” the middlemen in a variety of e-commerce verticals.

From eyeglasses to office supplies to bedding to nail polish to shaving supplies, there are host of “smarter commerce” e-commerce ventures popping up that are “controlling the supply chain,” providing products and services to end consumers at lower costs than many big retailers while pocketing the disintermediated profits.

But before you leap headlong into a Web server (which, let’s be frank, could hurt!), let’s not forget that physical presence still matters.

CNBC reports that “what’s old is new again” for some e-commerce retailers, outlining that a “growing number of online retail companies are setting up physical stores” in response to trends like “showrooming,” whereby consumers do in-store flybys only to later make a purchase online.

IBM vice president and global retail leader Jill Puleri was quoted in the story with this observation: “If there’s one thing showrooming teaches us, it’s that consumers still want to see what they are buying in person.”

It goes on to cite data from IBM suggesting that “50 percent of online sales were generated after consumers first browesed offline.”

So what’s next? One could easily envision pop-up stores emerging in highly-trafficked areas around the world: airports, train stations, even shopping malls, where consumers could “touch and feel” the merchandise and then get incented to go and make an actual purchase online.

Now if they could just figure out a way to make those in-store mannequins just a little less creepy.

Batten Down The Hatches! IBM’s X-Force 2012 Trend And Risk Report

leave a comment »

It’s been a busy year for IT security incidents. Yesterday, John Markoff and Nicole Perlroth with The New York Times told us about yet another incident, this time a cyberattack involving antispam group Spamhaus and an anonymous group unhappy with their efforts.

Based on disclosed incident details such as the vulnerability used and attack type, IBM X-Force was able to determine that the majority of the security incidents disclosedin 2012 were carried out by the top left quadrant above, with attackers going after a broad target base while using off-the-shelf tools and techniques. This can be attributed to the wide public availability of toolkits, and to the large number of vulnerable web applications that exist on the Internet.

Click to enlarge. Based on disclosed incident details such as the vulnerability used and attack type, IBM X-Force was able to determine that the majority of the security incidents disclosed in 2012 were carried out by the top left quadrant above, with attackers going after a broad target base while using off-the-shelf tools and techniques. This can be attributed to the wide public availability of toolkits, and to the large number of vulnerable web applications that exist on the Internet.

But the list goes on and on. From the discovery of sophisticated toolkits with ominous names like Flame to cross-platform zero-day vulnerabilities, both consumers and corporations have been inundated with advisories and alerts regarding emerging threats. The frequency of data breaches and incidents—which had already hit a new high in 2011—continued their upward trajectory.

At the mid-year of 2012, IBM’s X-Force team predicted that the explosive nature of attacks and security breaches seen in the first half would continue. Indeed this was the case. While talk of sophisticated attacks and widespread distributed denial-of-service (DDoS) attempts made the year’s headlines, a large percentage of breaches relied on tried and true techniques such as SQL injection.

What continues to be clear is that attackers, regardless of operational sophistication, will pursue a path-of-least-resistance approach to reach their objectives. Integration of mobile devices into the enterprise continues to be a challenge. In the previous report, X-Force looked at some of the pitfalls and perils of implementing BYOD programs without strict formulations of policy and governance to support the use of these devices.

That said, recent developments have indicated that while these dangers still exist, and X-Force believes mobile devices should be more secure than traditional user computing devices by 2014. While this prediction may seem far fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.

In its latest report, X-Force explores how security executives are advocating the separation of personas or roles on employee-owned devices. It also addresses some secure software mobile application development initiatives that are taking place today. The distribution and installation of malware on end-user systems has been greatly enabled by the use of Web browser exploit kits built specifically for this purpose.

The intense proliferation of social networking across the Internet poses new challenges to companies that need to control the sharing of confidential information. Any employee that has access to the Internet is going to be exposed to social networking sites and because they are so frequently accessed,they have become a favorite target of scam and phishing.

Click to enlarge. The intense proliferation of social networking across the Internet poses new challenges to companies that need to control the sharing of confidential information. Any employee that has access to the Internet is going to be exposed to social networking sites and because they are so frequently accessed,
they have become a favorite target of scam and phishing.

Exploit kits first began to appear in 2006 and are provided or sold by their authors to attackers that want to install malware on a large number of systems.  They continue to be popular because they provide attackers a turnkey solution for installing malware on end-user systems.

Java vulnerabilities have become a key target for exploit kits as attackers take advantage of three key elements: reliable exploitation, unsandboxed code execution, and cross-platform availability across multiple operating systems. Java exploits have become key targets in 2012 and IBM X-Force predicts this attack activity to continue into 2013.

As X-Force also reported in the mid-year, spam volume remained nearly flat in 2012, with India claiming the top country of origin for spam distribution, but the nature of spam is changing. Broadly targeted phishing scams, as well as more personalized spear-phishing efforts continue to fool end users with crafty social-engineering email messages that look like legitimate businesses. Also, fake banking alerts and package delivery service emails have been effective as attackers refine their messages to look like the authentic messages that customers might normally receive.

Whether the target is individuals or the enterprise, once again, X-Force reminds organizations that many breaches were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice.

Web applications are still topping the chart of most disclosed vulnerabilities, rising 14% in 2012 over the 2011 end of year numbers. As reported earlier in the mid-year report, cross-site scripting (XSS) dominated the web vulnerability disclosures at 53% of all publicly released vulnerabilities. Although SQL injection attack methods remain as a top attack technique, the actual disclosures of new SQL injection vulnerabilities remain lower than the 2010 peak X-Force recorded.

Social media has dramatically changed our lives with new ways to connect, personally and professionally. From this constant availability of information about individuals, attackers can readily access data to use in their activities.

Now, more than ever, individual employees who share personal details in their social profiles can be targeted for attacks.

The values for the evaluated threat and residualthreat can be determined by comparing thelikelihood or frequency of a threat occurring (high,medium, low) against the damage impact that couldhappen if the threat occurred (catastrophic, high,medium, low). The goal is to implement mitigationprocesses that either reduce the frequency of thethreat occurring or reduce the impact if the threatdoes occur. A requirement for this to be successful is to have aspecific, designated monitoring mechanism to monitorthe implementation of the treatment processes andfor the appearance of the threats. This monitoringmechanism should be monitored and alerts should beresponded to. It does no good to have network-basedanti-virus consoles gathering information about virusalerts across the network, if nobody is assigned tomonitor the console and respond to those alerts.Monitoring and responding is part of the mitigationprocess. (An example threat assessment and riskmitigation process chart is provided below, thoughthe IR team may identify a greater list.)

Click to enlarge. The values for the evaluated threat and residual threat can be determined by comparing the likelihood or frequency of a threat occurring (high, medium, low) against the damage impact that could happen if the threat occurred (catastrophic, high, medium, low). The goal is to implement mitigation processes that either reduce the frequency of the threat occurring or reduce the impact if the threat does occur. A requirement for this to be successful is to have a specific, designated monitoring mechanism to monitor the implementation of the treatment processes and for the appearance of the threats.

2012 X-Force Trend And Risk Report Highlight

Malware and the malicious web

  • In 2012, near daily leaks of private information about victims were announced like game scoreboards through tweets and other social media. Personal details, such as email addresses, passwords (both encrypted and clear text), and even national ID numbers were put on public display.
  • Based on data for 2012, it is not surprising that the bulk of the security incidents disclosed were carried out with the majority of attackers going after a broad target base while using off-the-shelf tools and techniques. X-Force attributes this to the wide public availability of toolkits and to the large number of vulnerable web applications that exist on the Internet.
  • The year began and ended with a series of politically motivated, high-profile DDoS attacks against the banking industry. An interesting twist to the banking DDoS attacks was the implementation of botnets on compromised web servers residing in high bandwidth data centers. This technique assisted in much higher connected uptime as well as having more bandwidth than home PC’s to carry out the attacks. In the sampling of security incidents from 2012, the United States had the most breaches, at 46%. The United Kingdom was second at 8% of total incidents, with Australia and India tied for third at 3%.
  • IBM Managed Security Services (MSS) security incident trends are markers that represent the state of security across the globe. The relative volume of the various alerts can help to describe how attacks are established and launched. They also frequently provide hints about how methods have evolved. Based on this, the main focus in 2012 may have been the subversion of systems, with larger coordinated attacks being executed across fairly broad swaths of the Internet.
  • IBM MSS has noted a dramatic and sustained rise in SQL injection-based traffic due, in large part, to a consistent effort from the Asia Pacific region. The alerts came from all industry sectors, with a bias toward banking and finance targets.
  • Web browser exploit kits (also known as exploit packs) are built for one particular purpose: to install malware on end-user systems. In 2012 X-Force observed an upsurge in web browser exploit kit development and activity—the primary target of which are Java vulnerabilities—and X-Force supplies some strategies and tips to help protect against future attacks (see end of post to download full report).
  • Java continues to be a key target for attackers. It has the advantage of being both cross-browser and cross-platform—a rare combination that affords attackers a lot of value for their investment. Web content trends, spam, and phishing Web content trends Top used websites are readily deployed as IPv6- ready, although attackers do not yet seem to be targeting IPv6 on a large scale.
  • One third of all web access is done on websites which allow users to submit content such as web applications and social media.
  • Nearly 50% of the relevant websites now link to a social network platform, and this intense proliferation poses new challenges to companies that need to control the sharing of confidential information.

Spam and phishing

  • Spam volume remained nearly flat in 2012.
  • India remains the top country for distributing spam, sending out more than 20% of all spam in the autumn of 2012. Following India was the United States where more than 8% of all spam was generated in the second half of the year. Rounding out the top five spam sending countries of origin were Vietnam, Peru, and Spain.
  • At the end of 2012, IBM reports that traditional spam is on the retreat, while scam and spam containing malicious attachments is on the rise. In addition, attackers are demonstrating more resiliency to botnet take downs which results in an uninterrupted flow of spam volume.

Operational Security Practices

Vulnerabilities and exploitation

  • In 2012, there were over 8,168 publicly disclosed vulnerabilities. While not the record amount X-Force expected to see after reviewing its mid-year data, it still represents an increase of over 14% over 2011.
  • Web application vulnerabilities surged 14% from 2,921 vulnerabilities in 2011 to 3,551 vulnerabilities in 2012.
  • Cross-site scripting vulnerabilities accounted for over half of the total web application vulnerabilities disclosed in 2012. Cross-site scripting dominated the web vulnerability disclosures. Fifty-three percent of all publicly released web application vulnerabilities were cross-site scripting related. This is the highest rate X-Force has ever seen. This dramatic increase occurred while SQL injection vulnerabilities enjoyed a higher rate than 2011 but were still down significantly since 2010.
  • There were 3,436 public exploits in 2012. This is 42% of the total number of vulnerabilities, up 4% from 2011 levels.
  • Web browser vulnerabilities declined slightly for 2012, but not at as high a rate as document format issues. While the overall number of web browser vulnerabilities dropped by a nominal 6% from 2011, the number of high- and critical severity web browser vulnerabilities saw an increase of 59% for the year.
  • Few innovations have impacted the way the world communicates quite as much as social media. However, with the mass interconnection and constant availability of individuals, new vulnerabilities and a fundamental shift in intelligence-gathering capabilities has provided attackers and security professionals alike with information useful for enhancing their activities.
  • Rather than seeing a particular enterprise as an individual entity, attackers can view enterprises as a collection of personalities. This gives attackers the opportunity to target specific people rather than enterprise infrastructures or applications. Furthermore, targeted people may also be targeted as individuals and not just as employees. In other words, the personal activities and lives of employees can be leveraged to target an enterprise.

Emerging Trends In Security

Mobile

  • Prediction: Mobile computing devices should be more secure than traditional user computing devices by 2014. This is a bold prediction that IBM recently made as part of its look ahead in technology trends. While this prediction may seem far-fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.
  • Separation of personas or roles: While a small percentage of enterprises have dealt with BYOD by using virtualized desktop solutions to separate and control enterprise applications and data from the rest of the personally owned device, a greater number of enterprises have wanted or required some form of separation or dual persona on mobile devices. This difference in use or adoption could be the result of greater numbers of devices driving greater risk in the percentage of personally owned mobile devices versus personally owned PCs in a BYOD program.
  • In many cases, enterprises have made significant investments into implementing Secure Software Development Life Cycle (SSDLC) processes. Today’s mobile application development benefits from this. Tools exist to support secure development as part of the process instead of being conducted in qualification or production. As a result, it should be more common for enterprises to have more securely developed mobile applications than their existing legacy applications. Closure of vulnerabilities in some traditional computing applications may only conclude as existing versions are sunset and replaced with newer, more securely developed replacements.
  • Over 2012, it is safe to conclude that more enterprises are supporting BYOD or the use of personally owned devices than previously. In the last two years, IBM Security has spoken to hundreds of global 2000 customers and out of those interviewed, only three said they had no plans to implement any kind of BYOD program.

To learn more on how your organization can work to address these types of vulnerabilities, download the full IBM X-Force 2012 Trend And Risk Report here.

Building A Bigger, Better Cloud In Ohio

leave a comment »

The cloud, she is getting bigger, particularly in the great State of Ohio.

For Ohio has selected IBM for a $267-million 10 year modernization of the State of Ohio Computing Center (SOCC) through the development of a private cloud computing environment and the use of other hardware, software and services from IBM.

The SOCC includes four floors and more than 350,000 square feet of space, and houses infrastructure for several state agencies that support more than 1,400 applications executing on over 2,700 servers.

By working with IBM, the State will be able to focus on meeting application demands that underpin the services it provides to the citizens of Ohio.

The program will also lay the groundwork for future opportunities including the State’s drive toward private, secure cloud computing.

Highlights of the work with IBM include:

  • Remediating power and cooling capabilities in the State’s facility in Columbus
  • Migrating agency related infrastructure and application workloads within the facility
  • Implementing operating model improvements to deploy ITIL-based service management
  • Ongoing services in a co-managed arrangement with State staff

“We are working with IBM to significantly reduce the complexity of our infrastructure, improve data center operations and increase service delivery for state agencies and the constituents they serve,” Stu Davis, State of Ohio’s Chief Information Officer said. “This is a foundational component of Ohio’s IT Optimization efforts that will result in savings and culminate in the consolidation of the state’s IT assets into a primary state data center. This provides agencies with services they require and ensures we are spending taxpayers’ dollars once.”

The State’s cloud computing environment will be designed to provide a secure, high-performance and dependable foundation for computing, while costing the State less than its current infrastructure.

The goal of the State’s IT consolidation is to substantially reduce IT infrastructure services spend, and reallocate those funds to applications and services that support the citizens and businesses of Ohio.

You can learn more about IBM Smarter Government solutions here.

Written by turbotodd

March 21, 2013 at 12:30 pm

Six Keys To Effective Reputational And IT Risk Management

with one comment

In September of last year, I blogged about the IBM 2012 Global Reputational Risk and IT Study, which I explained was an “investigation of how organizations around the world are managing their reputations in today’s digital era, where IT is an integral part of their operations and where IT failures can result in reputational damage.”

I also wrote “corporate reputations are especially difficult to manage in an era when anyone with a smartphone and Internet connection can file their complaint with a single touch.”

That continues to be the case, but what’s new is that IBM has recently issued another report on further implications of this study and its findings, and more importantly, what organizations can do to get on offense when it comes to better managing their corporate reputation.

The Connection Between Reputational Risk And IT

When the corporate world first began paying attention to the concept of reputational risk in 2005, organizations’ focus tended to be on business issues like compliance and financial misdoings.

Today, the focus has shifted to include the reputational impact of IT risks. Virtually every company is now reliant on technology for its critical business processes and interactions. While it may take 10 minutes or 10 hours to recover from an IT failure, the reputational impact can be felt for months or even years.

IBM - Factors Affected By IT Risk

Reputational damage caused by IT failures such as data breaches, systems failures and data loss now has a price tag. According to analyses performed by the Ponemon Institute, the economic value of a company’s reputation declines an average of 21 percent as a result of an IT breach of customer data — or the equivalent of an average of US $332 million.

The question now is not whether IT risks affect your corporate reputation, but what you can do to effectively prevent and mitigate these risks.

IBM -- True Price Of Reputational Harm

Six Keys To Effective Reputational And IT Risk Management

An analysis of responses to the IBM study revealed distinct correlations between the initiatives that organizations are undertaking to protect their reputations from the ramifications of IT failures and the overall effectiveness of their reputational and IT risk management efforts.

Based on this analysis, and the pattern it revealed among organizations that are most confident in their ability to prevent and mitigate IT-related reputational risk, there are six key initiatives that IBM recommends as part of every company’s efforts:

  1. Put someone in charge. Ultimate responsibility for reputational risk, including IT-related items, should rest with one person.
  2. Make the compliance and reputation connection. Measuring reputational and IT risk management strategies against compliance requirements is essential.
  3. Reevaluate the impact of social media. In addition to recognizing its potential for negative reputational impact, social media should be leveraged for its positive attributes.
  4. Keep an eye on your supply chain. Organizations must require and verify adherence of third-party suppliers to corporate standards.
  5. Avoid complacency. Organizations should continually evaluate reputational and IT risk management against strategy to find and eliminate potential gaps.
  6. Fund remediation; invest in prevention. For optimal reputational risk mitigation, companies need to fund critical IT systems as part of their core business

IBM -- Importance Of Reputational Risk

How IBM Can Help

When planned and implemented effectively, your organization’s reputational and IT risk strategy can become a vital competitive advantage. When you protect against and mitigate reputational risks successfully, you can enhance brand value in the eyes of customers, partners and analysts. Further, your organization can better attract new customers, retain existing customers and generate greater revenue.

IBM can help you protect your reputation with a robust portfolio of IT security, business continuity and resiliency, and technical support solutions. You can start with an IT security risk assessment, or penetration testing performed by IBM experts.

For business continuity and resiliency, you can begin with a Continuous Operations Risk Evaluation (CORE) Workshop and move on to cloud-based resiliency services. Our technical support solutions range from basic software support to custom technical support.

What makes IBM solutions work is global reach with a local touch. This includes:

  • Over 160 business resiliency centers in 70 countries; more than 50 years of experience
  • More than 9,000 disaster recovery clients, with IBM providing 100 percent recovery for clients who have declared a disaster
  • A global network of 33 security operations, research and solution development centers; 133 monitored countries
  • 15,000 researchers, developers and subject matter experts working security initiatives worldwide.

To learn more about the IBM Global Reputational Risk and IT Study go here.

IBM Opens Lab To Bring R&D To The CEO

leave a comment »

One of the things we heard about extensively during our time on the ground at SXSW Interactive 2013 in Austin over the past week was the importance of the customer experience.

Whether that be in applications in mobile devices, in customer service via the social media, the physical experience of a brand’s product or service…the customer experience rules!

And this anecdotal data is supported by IBM’s own research, including last year’s Global CEO Study, which queried 1,700 CEOs from 64 countries and 18 industries and found that CEOs are changing the nature of work by adding a powerful dose of openness, transparency, and employee empowerment to the command-and-control ethos that has characterized the modern corporation for more than a century.

The study revealed that the advantages of this fast-moving trend are clear: Companies that outperform their peers are 30 percent more likely to identify openness — often characterized by a greater use of social media as a key enabler of collaboration and innovation — as a key influence on their organization.

Those “outperformers” are also embracing new models of working that tap into the collective intelligence of an organization and its networks to devise new ideas and solutions for increased profitability and growth.

In order to forge those closer connections with customers, partners, and a new generation of employees in the future, CEOs plan to shift their focus from using e-mail and the phone as primary communication vehicles to using social networks as a new path for direct engagement. And while social media is the least utilized of all customer interaction methods today, it stands to become the number two organizational engagement method within the next five years, a close second to face-to-face interactions.

Big Data, Big Opportunity

Given the data explosion being witnessed by many organizations, CEOs also recognized the need for more sophisticated business analytics to mine the data being tracked online, on mobile phones and social media sites. The traditional approach to understanding customers better has been to consolidate and analyze transactions and activities from across the entire organization. However, to remain relevant, CEOs must piece together a more holistic view of the customer based on how he or she engages the rest of the world, not just their organization.

The ability to drive value from data is strongly correlated with performance. Outperforming organizations are twice as good as underperformers at accessing and drawing insights from data. Outperformers are also 84 percent better at translating those insights into real action.

From Theory to Action

To this end, IBM today announced the creation of the IBM Customer Experience Lab, dedicated to helping business leaders transform the way customers experience their products, services and brands through the use of mobile, social, cloud and advanced analytics technologies.

IBM Research scientists and business consultants will co-create with clients to deliver systems that learn and personalize the experiences of each individual customer, identify patterns, preferences and create context from Big Data, and drive scale economics.

The IBM Customer Experience Lab will provide CEOs, CMOs, CFOs, heads of sales and other C-suite executives direct access to a virtual team of 100 researchers, supported by the deep industry and domain expertise of thousands of IBM business consultants addressing the opportunities of the digital front office.

In the new age of Big Data and analytics, organizations are reassessing how to move from addressing mass audiences to personalized relationships. The same technologies allow enterprises to engage in new ways with their employees, allow government agencies to build new relationships with citizens, or enable new models of interaction among students and educational institutions.

IBM Research is developing technology assets and capabilities that can help deliver front office capabilities as a service from a cloud, design novel products to match customer preferences, and leverage math and psychological theories of personality to improve marketing effectiveness.
Client Engagements

The Lab focuses on innovation breakthroughs in three primary areas:

  • Customer insight. Applying advanced capabilities such as machine learning and visual analytics to predict differences in individual customer behavior across multiple channels.
  • Customer engagement. Using deep customer engagement to drive insight and continuously deliver value by personalizing engagement, versus transactional experiences.
  • Employee engagement. Embedding semantic, collaborative, and multimedia technologies to foster employee engagement and insight – in person and online.

Among the clients engaged with IBM on advancing their innovation process are Nationwide Building Society, the world’s largest building society serving 15 million members in the United Kingdom, and Banorte, one of the largest banks in Mexico with more than 20 million customers.

“Mobile and social technologies, and the ability to access information anytime, anywhere, is driving significant change in the way consumers bank and in the services they expect,” said Martin Boyle, Divisional Director of Transformation, Nationwide Building Society. “Our ability to innovate and anticipate, and not just respond, is what sets us apart from the competition and helps us to provide our customers with new and better ways to do business with us. By partnering with IBM, we can tap into its vast research and innovation expertise and facilities, which has already proved invaluable in our transformation program and will continue to be an important part in how we continue to innovate our service for customers.”

New Tools and Capabilities

The Lab provides IBM clients with an innovation process, assets and platform to give line of business leaders the exclusive ability to work side-by-side with IBM researchers and business consultants to analyze business challenges and jointly create solutions that integrate next-generation mobile, social, analytics and cloud technologies.

Co-creation with clients includes an innovation model called Innovation Discovery Workshops, which generate ideas, roadmaps, prototypes and solutions that draw on research assets, business consulting and IBM Software solutions in areas such as Smarter Commerce, Big Data, analytics, and Mobile First products.

The IBM Customer Experience Lab will be headquartered at the Thomas J. Watson Research Center in Yorktown Heights, N.Y., supported by researchers at IBM’s 12 global labs including Africa, Brazil, California, China, India, Israel, Japan, Switzerland, and Texas.

The Lab brings together skills across disciplines including service science, industries research, mathematics and business optimization, social, mobile, Smarter Commerce, data mining, cloud computing, security and privacy, cognitive computing and systems management. IBM invests more than $6 billion annually on research and development and employs about 3,000 researchers worldwide. IBM Global Business Services deploys business consulting, applications and delivery expertise globally, including market-leading business analytics, Smarter Commerce, mobility and applications management practices.

Visit here for more information about the IBM Customer Experience Lab, and follow IBM’s innovation breakthroughs on Twitter at @IBMResearch.

Follow

Get every new post delivered to your Inbox.

Join 2,350 other followers

%d bloggers like this: