Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for March 2013

Batten Down The Hatches! IBM’s X-Force 2012 Trend And Risk Report

leave a comment »

It’s been a busy year for IT security incidents. Yesterday, John Markoff and Nicole Perlroth with The New York Times told us about yet another incident, this time a cyberattack involving antispam group Spamhaus and an anonymous group unhappy with their efforts.

Based on disclosed incident details such as the vulnerability used and attack type, IBM X-Force was able to determine that the majority of the security incidents disclosedin 2012 were carried out by the top left quadrant above, with attackers going after a broad target base while using off-the-shelf tools and techniques. This can be attributed to the wide public availability of toolkits, and to the large number of vulnerable web applications that exist on the Internet.

Click to enlarge. Based on disclosed incident details such as the vulnerability used and attack type, IBM X-Force was able to determine that the majority of the security incidents disclosed in 2012 were carried out by the top left quadrant above, with attackers going after a broad target base while using off-the-shelf tools and techniques. This can be attributed to the wide public availability of toolkits, and to the large number of vulnerable web applications that exist on the Internet.

But the list goes on and on. From the discovery of sophisticated toolkits with ominous names like Flame to cross-platform zero-day vulnerabilities, both consumers and corporations have been inundated with advisories and alerts regarding emerging threats. The frequency of data breaches and incidents—which had already hit a new high in 2011—continued their upward trajectory.

At the mid-year of 2012, IBM’s X-Force team predicted that the explosive nature of attacks and security breaches seen in the first half would continue. Indeed this was the case. While talk of sophisticated attacks and widespread distributed denial-of-service (DDoS) attempts made the year’s headlines, a large percentage of breaches relied on tried and true techniques such as SQL injection.

What continues to be clear is that attackers, regardless of operational sophistication, will pursue a path-of-least-resistance approach to reach their objectives. Integration of mobile devices into the enterprise continues to be a challenge. In the previous report, X-Force looked at some of the pitfalls and perils of implementing BYOD programs without strict formulations of policy and governance to support the use of these devices.

That said, recent developments have indicated that while these dangers still exist, and X-Force believes mobile devices should be more secure than traditional user computing devices by 2014. While this prediction may seem far fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.

In its latest report, X-Force explores how security executives are advocating the separation of personas or roles on employee-owned devices. It also addresses some secure software mobile application development initiatives that are taking place today. The distribution and installation of malware on end-user systems has been greatly enabled by the use of Web browser exploit kits built specifically for this purpose.

The intense proliferation of social networking across the Internet poses new challenges to companies that need to control the sharing of confidential information. Any employee that has access to the Internet is going to be exposed to social networking sites and because they are so frequently accessed,they have become a favorite target of scam and phishing.

Click to enlarge. The intense proliferation of social networking across the Internet poses new challenges to companies that need to control the sharing of confidential information. Any employee that has access to the Internet is going to be exposed to social networking sites and because they are so frequently accessed,
they have become a favorite target of scam and phishing.

Exploit kits first began to appear in 2006 and are provided or sold by their authors to attackers that want to install malware on a large number of systems.  They continue to be popular because they provide attackers a turnkey solution for installing malware on end-user systems.

Java vulnerabilities have become a key target for exploit kits as attackers take advantage of three key elements: reliable exploitation, unsandboxed code execution, and cross-platform availability across multiple operating systems. Java exploits have become key targets in 2012 and IBM X-Force predicts this attack activity to continue into 2013.

As X-Force also reported in the mid-year, spam volume remained nearly flat in 2012, with India claiming the top country of origin for spam distribution, but the nature of spam is changing. Broadly targeted phishing scams, as well as more personalized spear-phishing efforts continue to fool end users with crafty social-engineering email messages that look like legitimate businesses. Also, fake banking alerts and package delivery service emails have been effective as attackers refine their messages to look like the authentic messages that customers might normally receive.

Whether the target is individuals or the enterprise, once again, X-Force reminds organizations that many breaches were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice.

Web applications are still topping the chart of most disclosed vulnerabilities, rising 14% in 2012 over the 2011 end of year numbers. As reported earlier in the mid-year report, cross-site scripting (XSS) dominated the web vulnerability disclosures at 53% of all publicly released vulnerabilities. Although SQL injection attack methods remain as a top attack technique, the actual disclosures of new SQL injection vulnerabilities remain lower than the 2010 peak X-Force recorded.

Social media has dramatically changed our lives with new ways to connect, personally and professionally. From this constant availability of information about individuals, attackers can readily access data to use in their activities.

Now, more than ever, individual employees who share personal details in their social profiles can be targeted for attacks.

The values for the evaluated threat and residualthreat can be determined by comparing thelikelihood or frequency of a threat occurring (high,medium, low) against the damage impact that couldhappen if the threat occurred (catastrophic, high,medium, low). The goal is to implement mitigationprocesses that either reduce the frequency of thethreat occurring or reduce the impact if the threatdoes occur. A requirement for this to be successful is to have aspecific, designated monitoring mechanism to monitorthe implementation of the treatment processes andfor the appearance of the threats. This monitoringmechanism should be monitored and alerts should beresponded to. It does no good to have network-basedanti-virus consoles gathering information about virusalerts across the network, if nobody is assigned tomonitor the console and respond to those alerts.Monitoring and responding is part of the mitigationprocess. (An example threat assessment and riskmitigation process chart is provided below, thoughthe IR team may identify a greater list.)

Click to enlarge. The values for the evaluated threat and residual threat can be determined by comparing the likelihood or frequency of a threat occurring (high, medium, low) against the damage impact that could happen if the threat occurred (catastrophic, high, medium, low). The goal is to implement mitigation processes that either reduce the frequency of the threat occurring or reduce the impact if the threat does occur. A requirement for this to be successful is to have a specific, designated monitoring mechanism to monitor the implementation of the treatment processes and for the appearance of the threats.

2012 X-Force Trend And Risk Report Highlight

Malware and the malicious web

  • In 2012, near daily leaks of private information about victims were announced like game scoreboards through tweets and other social media. Personal details, such as email addresses, passwords (both encrypted and clear text), and even national ID numbers were put on public display.
  • Based on data for 2012, it is not surprising that the bulk of the security incidents disclosed were carried out with the majority of attackers going after a broad target base while using off-the-shelf tools and techniques. X-Force attributes this to the wide public availability of toolkits and to the large number of vulnerable web applications that exist on the Internet.
  • The year began and ended with a series of politically motivated, high-profile DDoS attacks against the banking industry. An interesting twist to the banking DDoS attacks was the implementation of botnets on compromised web servers residing in high bandwidth data centers. This technique assisted in much higher connected uptime as well as having more bandwidth than home PC’s to carry out the attacks. In the sampling of security incidents from 2012, the United States had the most breaches, at 46%. The United Kingdom was second at 8% of total incidents, with Australia and India tied for third at 3%.
  • IBM Managed Security Services (MSS) security incident trends are markers that represent the state of security across the globe. The relative volume of the various alerts can help to describe how attacks are established and launched. They also frequently provide hints about how methods have evolved. Based on this, the main focus in 2012 may have been the subversion of systems, with larger coordinated attacks being executed across fairly broad swaths of the Internet.
  • IBM MSS has noted a dramatic and sustained rise in SQL injection-based traffic due, in large part, to a consistent effort from the Asia Pacific region. The alerts came from all industry sectors, with a bias toward banking and finance targets.
  • Web browser exploit kits (also known as exploit packs) are built for one particular purpose: to install malware on end-user systems. In 2012 X-Force observed an upsurge in web browser exploit kit development and activity—the primary target of which are Java vulnerabilities—and X-Force supplies some strategies and tips to help protect against future attacks (see end of post to download full report).
  • Java continues to be a key target for attackers. It has the advantage of being both cross-browser and cross-platform—a rare combination that affords attackers a lot of value for their investment. Web content trends, spam, and phishing Web content trends Top used websites are readily deployed as IPv6- ready, although attackers do not yet seem to be targeting IPv6 on a large scale.
  • One third of all web access is done on websites which allow users to submit content such as web applications and social media.
  • Nearly 50% of the relevant websites now link to a social network platform, and this intense proliferation poses new challenges to companies that need to control the sharing of confidential information.

Spam and phishing

  • Spam volume remained nearly flat in 2012.
  • India remains the top country for distributing spam, sending out more than 20% of all spam in the autumn of 2012. Following India was the United States where more than 8% of all spam was generated in the second half of the year. Rounding out the top five spam sending countries of origin were Vietnam, Peru, and Spain.
  • At the end of 2012, IBM reports that traditional spam is on the retreat, while scam and spam containing malicious attachments is on the rise. In addition, attackers are demonstrating more resiliency to botnet take downs which results in an uninterrupted flow of spam volume.

Operational Security Practices

Vulnerabilities and exploitation

  • In 2012, there were over 8,168 publicly disclosed vulnerabilities. While not the record amount X-Force expected to see after reviewing its mid-year data, it still represents an increase of over 14% over 2011.
  • Web application vulnerabilities surged 14% from 2,921 vulnerabilities in 2011 to 3,551 vulnerabilities in 2012.
  • Cross-site scripting vulnerabilities accounted for over half of the total web application vulnerabilities disclosed in 2012. Cross-site scripting dominated the web vulnerability disclosures. Fifty-three percent of all publicly released web application vulnerabilities were cross-site scripting related. This is the highest rate X-Force has ever seen. This dramatic increase occurred while SQL injection vulnerabilities enjoyed a higher rate than 2011 but were still down significantly since 2010.
  • There were 3,436 public exploits in 2012. This is 42% of the total number of vulnerabilities, up 4% from 2011 levels.
  • Web browser vulnerabilities declined slightly for 2012, but not at as high a rate as document format issues. While the overall number of web browser vulnerabilities dropped by a nominal 6% from 2011, the number of high- and critical severity web browser vulnerabilities saw an increase of 59% for the year.
  • Few innovations have impacted the way the world communicates quite as much as social media. However, with the mass interconnection and constant availability of individuals, new vulnerabilities and a fundamental shift in intelligence-gathering capabilities has provided attackers and security professionals alike with information useful for enhancing their activities.
  • Rather than seeing a particular enterprise as an individual entity, attackers can view enterprises as a collection of personalities. This gives attackers the opportunity to target specific people rather than enterprise infrastructures or applications. Furthermore, targeted people may also be targeted as individuals and not just as employees. In other words, the personal activities and lives of employees can be leveraged to target an enterprise.

Emerging Trends In Security

Mobile

  • Prediction: Mobile computing devices should be more secure than traditional user computing devices by 2014. This is a bold prediction that IBM recently made as part of its look ahead in technology trends. While this prediction may seem far-fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.
  • Separation of personas or roles: While a small percentage of enterprises have dealt with BYOD by using virtualized desktop solutions to separate and control enterprise applications and data from the rest of the personally owned device, a greater number of enterprises have wanted or required some form of separation or dual persona on mobile devices. This difference in use or adoption could be the result of greater numbers of devices driving greater risk in the percentage of personally owned mobile devices versus personally owned PCs in a BYOD program.
  • In many cases, enterprises have made significant investments into implementing Secure Software Development Life Cycle (SSDLC) processes. Today’s mobile application development benefits from this. Tools exist to support secure development as part of the process instead of being conducted in qualification or production. As a result, it should be more common for enterprises to have more securely developed mobile applications than their existing legacy applications. Closure of vulnerabilities in some traditional computing applications may only conclude as existing versions are sunset and replaced with newer, more securely developed replacements.
  • Over 2012, it is safe to conclude that more enterprises are supporting BYOD or the use of personally owned devices than previously. In the last two years, IBM Security has spoken to hundreds of global 2000 customers and out of those interviewed, only three said they had no plans to implement any kind of BYOD program.

To learn more on how your organization can work to address these types of vulnerabilities, download the full IBM X-Force 2012 Trend And Risk Report here.

Tiger’s New Old Game

leave a comment »

The last time Tiger Woods was the number one ranked golfer in the world was October 2010.  That’s a grand total of 29 months ago.

That all changed this week at Arnold Palmer’s Bay Hill Invitational, which Tiger Woods won running away at -13. That’s Woods’ eighth time to win the same PGA tournament. 

Justin Rose gave Woods his best, but faltered on Saturday before attempting a comeback on Monday’s round (after torrential storms in and around Orlando postponed play on Sunday), and Ricky Fowler tried to match Woods’ performance in the final grouping, but Woods’ irons were too much for Fowler and all the “chasers.”

And then there was Woods’ putting, which was nothing short of masterful.  For the week, he made 19 of 28 putts between 7 and 20 feet.  It was like the Tiger of old — the golf ball seemed to just follow a line from Woods’ putter to the middle of the hole, over and over and over again.

You could hear professional golfers around the globe simply deflate with each stroke of Tiger’s Nike Method putter.

So, Tiger has now won 77 PGA Tour wins, only 5 away from legend Sam Snead’s 82. 

And then there’s The Masters coming up in Augusta in mid-April, the golfing equivalent of the Super Bowl.

You think a few odds makers in Vegas now have Tiger to win this year’s Masters?

Not that I would ever gamble on such a thing, but money does talk, and in this case, online casino Bovada already has Tiger at 11/4 odds to take this year’s green jacket.

But since this is a data driven, technology-oriented blog, let’s look at a few more numbers.

Bleacherreport’s Ryan Rudnansky observes that in 2010, Tiger ranked 109th in putting (strokes gained). 45th in 2011. 36th last year. And this year?

You got it? Numero uno.

At Doral, he recorded just 100 putts for the 72 holes, the lowest putting mark in his career.

Oh, yes, and he’s won three times this year in four stroke-play tournaments (we’ll disregard his nasty bit of business at the Accenture Match Play, where Charles Howell III ousted him in the first match).

Is Tiger’s taking the Master’s in two weeks a done deal? 

Of course not.

Would I pick him over all the other players in the field?

What do you think?

Written by turbotodd

March 26, 2013 at 6:20 pm

A Mobile Summary

leave a comment »

I’m going to have to start naming this “Mobile Monday.”

Because on Mondays, it seems like there’s always something of import to occur within the mobile space.

I guess one could say that for every other day of the week, and maybe it just seems more notable to me on Mondays.

In today’s case, it was Yahoo’s announced acquisition of Summly, a mobile app that has a unique algorithm which helps summarize news stories and which was started by a 15 year-old programmer, Nick D’Alosio.  The Summly took Apple’s “Best Apps of 2012” award for Intuitive Touch capability.

So of course the first thing that will happen post acquisition is that the app will be REMOVED from the App Store starting today.

Does that seem counterintuitive or is it just me?

Kid writes app, app receives a gazillion downloads, Yahoo buys app, makes kid rich, Yahoo removes app from App Store.

Only in the tech industry.

The idea, of course, being that someday soon the capabilities of Summly will find themselves embedded in other Yahoo apps.  Yeah, and I’ve got some great swamp land in south Florida that I’d like to show you.

Turbo recently shelled out a little over a hundred bucks for the daskeyboard Professional Model S. This keyboard features Mac-specific functions such as media controls, brightness controls, command and alt/option keys, eject and clear keys. The Professional Model S for Mac is “plug and play” with your Mac computer and updated to also include media controls.

Turbo recently shelled out a little over a hundred bucks for the daskeyboard Professional Model S. This keyboard features Mac-specific functions such as media controls, brightness controls, command and alt/option keys, eject and clear keys. The Professional Model S for Mac is “plug and play” with Mac computers and updated to also include media controls.

On the topic of mobile, nobody’s ever really created a good mobile Bluetooth keyboard that’s portable and, preferably, folds up…and I’ve tried just about all of them…Kickstarter, anyone?

But I am VERY happy with my new daskeyboard keyboard, which I’m going to tell you all about now.

When I’m working at home, it’s like hearing a machine gun emanating from my office (They don’t call me Turbo for nothin’, and it mostly had to do with my typing speed…How else would you expect me to be able to generate all these blog posts!?)

I saw daskeyboards for the first time last year at SXSW, but I was able to contain my credit card.  This year, I decided to jump in headfirst.

With a discount, I was able to get the daskeyboard Pro Model S for about $100, and though that might seem like a lot for a keyboard, when you spend as much time every day in front of a computer as I do, it seemed like a pretty good investment at the time — and that turned out to be the case.

Remember those original IBM AT and XT (and later, PS/2) computers where you could use those clickety-clack Model M keyboards? Well, daskeyboard has reinvented that PC keyboarding past, and you can now go clickety-clack at 90 words per minute with the lightest, softest, but clickiest touch you can imagine.

Only this time, you can do it on both Macs and PCs, and you can do it all in black.

Written by turbotodd

March 25, 2013 at 12:02 pm

Building A Bigger, Better Cloud In Ohio

leave a comment »

The cloud, she is getting bigger, particularly in the great State of Ohio.

For Ohio has selected IBM for a $267-million 10 year modernization of the State of Ohio Computing Center (SOCC) through the development of a private cloud computing environment and the use of other hardware, software and services from IBM.

The SOCC includes four floors and more than 350,000 square feet of space, and houses infrastructure for several state agencies that support more than 1,400 applications executing on over 2,700 servers.

By working with IBM, the State will be able to focus on meeting application demands that underpin the services it provides to the citizens of Ohio.

The program will also lay the groundwork for future opportunities including the State’s drive toward private, secure cloud computing.

Highlights of the work with IBM include:

  • Remediating power and cooling capabilities in the State’s facility in Columbus
  • Migrating agency related infrastructure and application workloads within the facility
  • Implementing operating model improvements to deploy ITIL-based service management
  • Ongoing services in a co-managed arrangement with State staff

“We are working with IBM to significantly reduce the complexity of our infrastructure, improve data center operations and increase service delivery for state agencies and the constituents they serve,” Stu Davis, State of Ohio’s Chief Information Officer said. “This is a foundational component of Ohio’s IT Optimization efforts that will result in savings and culminate in the consolidation of the state’s IT assets into a primary state data center. This provides agencies with services they require and ensures we are spending taxpayers’ dollars once.”

The State’s cloud computing environment will be designed to provide a secure, high-performance and dependable foundation for computing, while costing the State less than its current infrastructure.

The goal of the State’s IT consolidation is to substantially reduce IT infrastructure services spend, and reallocate those funds to applications and services that support the citizens and businesses of Ohio.

You can learn more about IBM Smarter Government solutions here.

Written by turbotodd

March 21, 2013 at 12:30 pm

IBM Helps ING DIRECT Canada Connect with Mobile, Social Customers

leave a comment »

ING DIRECT Canada's mobile application, developed with IBM, delivers customers with a dashboard view based on their most frequent banking activities.

ING DIRECT Canada’s mobile application, developed with IBM, delivers customers with a dashboard view based on their most frequent banking activities.

IBM is making a fast start with its new “Mobile First” initiative, which is intended to help companies around the world bring all their resources together to strengthen customer engagement, whenever and wherever the customer wants, and on the customer’s favorite device, which is increasingly a mobile one.

IBM client ING DIRECT Canada is applying a “smarter commerce” approach to consumer banking with IBM’s help in meeting the growing expectations of its 1.8 million customers.

IBM announced today that it is working with the online bank to deliver innovative financial services that improve ING DIRECT’s customer experience including simplified account access across mobile devices and social media channels, voice recognition, and advanced security.

ING DIRECT Canada’s mobile application, developed with IBM, delivers customers with a dashboard view based on their most frequent banking activities.

Based on IBM software and services, these innovations support ING DIRECT’s Orange Snapshot initiative, designed to provide its clients greater control to manage their accounts within their increasingly mobile and social lifestyle.

Orange Snapshot gives mobile consumers a complete and simplified view of all their accounts, as well as bill payment and email money transfers, in two easy clicks.

This allows consumers to sign on once from their mobile device, saving time and aggravation from multiple log-ins.

Working with IBM, the bank’s latest mobile innovation allows clients to easily and securely access their ING DIRECT account information from within Facebook’s social networking site.

Clients who opt-in to this app are able to view their account balances, history and pending transactions as well as receive account notifications — real time messages automatically pushed to them within Facebook.

With security and privacy always top of mind, ING DIRECT plans to expand this application further to include transactions such as transfers, bill payments and email money transfers.

Furthermore, ING DIRECT allows clients to share their experiences through Facebook and Twitter to make saving money more intriguing.

In a recent survey, ING DIRECT learned that 52 percent of consumers were able to forego non-essential purchases when they could better visualize the impact of their spending habits.

IBM’s Smarter Commerce initiative is designed to help businesses better connect with the rising tide of digital consumers who prefer to buy through online, mobile and social channels.

It is estimated that there are more smartphones on the planet than humans. According to IDC, by 2016, more than 10 billion smartphones will be in use around the globe. In Canada, more than half of smartphone users bank from their devices — and that number grows higher when looking at users between the ages 18-34.

ING DIRECT continues to work with IBM in seeking new ways to connect to mobile applications in order to advance sales, manage secure transactions, and provide new insights about clients.

The bank has begun experimenting with new voice recognition capabilities on their mobile apps that will allow clients to conduct simple banking transactions by speaking rather than typing or the application can read account information to the customer.

ING DIRECT is also exploring the use of biometrics within their mobile apps for purposes such as client login to improve the client experience while maintaining the highest standards of security. Internal pilots are already yielding positive outcomes.

Recently, Forrester Research, Inc. recognized IBM as a leader in enterprise mobility services, according to the February 2013 report The Forrester Wave TM: Enterprise Mobility Services, Q1 2013.

Based on an analysis of 13 global leaders’ enterprise mobility capabilities and how they stack up, the report indicates that IBM “brings clients a world-class design agency combined with breadth and depth of enterprise mobility consulting both in terms of technology capabilities and global presence.”

You can go here to learn more about IBM’s “Mobile First” initiative.

Six Keys To Effective Reputational And IT Risk Management

leave a comment »

In September of last year, I blogged about the IBM 2012 Global Reputational Risk and IT Study, which I explained was an “investigation of how organizations around the world are managing their reputations in today’s digital era, where IT is an integral part of their operations and where IT failures can result in reputational damage.”

I also wrote “corporate reputations are especially difficult to manage in an era when anyone with a smartphone and Internet connection can file their complaint with a single touch.”

That continues to be the case, but what’s new is that IBM has recently issued another report on further implications of this study and its findings, and more importantly, what organizations can do to get on offense when it comes to better managing their corporate reputation.

The Connection Between Reputational Risk And IT

When the corporate world first began paying attention to the concept of reputational risk in 2005, organizations’ focus tended to be on business issues like compliance and financial misdoings.

Today, the focus has shifted to include the reputational impact of IT risks. Virtually every company is now reliant on technology for its critical business processes and interactions. While it may take 10 minutes or 10 hours to recover from an IT failure, the reputational impact can be felt for months or even years.

IBM - Factors Affected By IT Risk

Reputational damage caused by IT failures such as data breaches, systems failures and data loss now has a price tag. According to analyses performed by the Ponemon Institute, the economic value of a company’s reputation declines an average of 21 percent as a result of an IT breach of customer data — or the equivalent of an average of US $332 million.

The question now is not whether IT risks affect your corporate reputation, but what you can do to effectively prevent and mitigate these risks.

IBM -- True Price Of Reputational Harm

Six Keys To Effective Reputational And IT Risk Management

An analysis of responses to the IBM study revealed distinct correlations between the initiatives that organizations are undertaking to protect their reputations from the ramifications of IT failures and the overall effectiveness of their reputational and IT risk management efforts.

Based on this analysis, and the pattern it revealed among organizations that are most confident in their ability to prevent and mitigate IT-related reputational risk, there are six key initiatives that IBM recommends as part of every company’s efforts:

  1. Put someone in charge. Ultimate responsibility for reputational risk, including IT-related items, should rest with one person.
  2. Make the compliance and reputation connection. Measuring reputational and IT risk management strategies against compliance requirements is essential.
  3. Reevaluate the impact of social media. In addition to recognizing its potential for negative reputational impact, social media should be leveraged for its positive attributes.
  4. Keep an eye on your supply chain. Organizations must require and verify adherence of third-party suppliers to corporate standards.
  5. Avoid complacency. Organizations should continually evaluate reputational and IT risk management against strategy to find and eliminate potential gaps.
  6. Fund remediation; invest in prevention. For optimal reputational risk mitigation, companies need to fund critical IT systems as part of their core business

IBM -- Importance Of Reputational Risk

How IBM Can Help

When planned and implemented effectively, your organization’s reputational and IT risk strategy can become a vital competitive advantage. When you protect against and mitigate reputational risks successfully, you can enhance brand value in the eyes of customers, partners and analysts. Further, your organization can better attract new customers, retain existing customers and generate greater revenue.

IBM can help you protect your reputation with a robust portfolio of IT security, business continuity and resiliency, and technical support solutions. You can start with an IT security risk assessment, or penetration testing performed by IBM experts.

For business continuity and resiliency, you can begin with a Continuous Operations Risk Evaluation (CORE) Workshop and move on to cloud-based resiliency services. Our technical support solutions range from basic software support to custom technical support.

What makes IBM solutions work is global reach with a local touch. This includes:

  • Over 160 business resiliency centers in 70 countries; more than 50 years of experience
  • More than 9,000 disaster recovery clients, with IBM providing 100 percent recovery for clients who have declared a disaster
  • A global network of 33 security operations, research and solution development centers; 133 monitored countries
  • 15,000 researchers, developers and subject matter experts working security initiatives worldwide.

To learn more about the IBM Global Reputational Risk and IT Study go here.

Brackets And Blades

leave a comment »

I haven’t done my brackets yet because I only started paying attention to NCAA men’s basketball oh, say, about five minutes ago.

I was too busy watching Kevin Streelman win his first PGA Tour event ever down in Tampa Bay.

My favorite Bubba golfer, Boo Weekley, had trounced into the clubhouse with a record 63 (that is, in a final round at Copperhead), and had to sit around and wait a couple of hours to see if Streelman could “streel” his resolve and hang on to the lead (when Boo could have gone fishing the rest of the afternoon…Gotta love those Southern boys!).

Well, hold on Streelman did, shooting a total of ten under and striking a brilliant and bold 5-iron draw shot on the par 3 13th some 200 yards, planting it just past the pin and nailing the birdie that took him to 9 under.

It was a long road for Streelman to take his first PGA win: some 400,000+ miles on American highways long.

Streelman went through three cars driving around the country “dead broke” as he chased his golf dream — yesterday, it all paid off, and couldn’t have happened to a nicer, more deserving guy. Here’s to many more, Kevin.

As for my own golf game, I’ve decided to keep my Ben Hogan 1988 “redline” blades in the bag…well, mostly.

Yesterday, down in Wimberley, I shot an atrocious 50 on the front nine, which I’ll blame mostly on some exceptionally bad chipping (not to mention undulating sloped greens).

However, on the back nine, my iron play came alive and it struck me why so many Tour players continue to play with bladed irons.

Assuming you can find the center of the club with the ball, and actually strike the thing, the ball flight is nothing short of gorgeous with blades, and I’m finding the additional height is very helpful in cruising over certain tall objects, namely trees, in search of the green stuff.

Don’t let anyone tell you amateurs don’t have the chops to play with blades!  It just takes a lot of work and perseverance, but it can also be very well worth the effort.

I hit several greens in regulation on the back nine by hosting some smooth, high-arc shots with a slight draw, planting them nicely a couple of times in birdie territory, but otherwise still getting close or on the greens.

Now, I’ve just got to go teach myself how to chip again.

So here’s now what’s in my bag: TaylorMade Rocketballz driver (adjusted at 9.5 degrees), a TaylorMade RBZ 3-wood, an old TaylorMade 5-wood, a Nike hybrid (I forget the loft, but I hit it around 200-220 yards), 5-6-7-8-9 Ben Hogan “Redline” blades, 3-4 Mizuno MP-25 irons and PW, Mizuno 56-degree wedge, a Vokey 60 degree wedge, and an Odyssey White Hot “Rossie” putter.

My handicap index is now a flat 12, but I am bound and determined to get into single digits over the next couple of years.

Back to the NCAA brackets: Despite Austin’s hosting the second round South play, there aren’t any Texas teams in the mix, so I’m going this year with my other all time favorite, Duke.

If you want to use some high tech for your own bracket picks, WPTV.com out of West Palm Beach has a list of several smartphone and tablet apps you can use to make your picks.

Written by turbotodd

March 18, 2013 at 2:05 pm

Spaceships, Aliens, And Androids: The Scott & Todd SXSW 2013 Podcast Debrief

with one comment

Scott Laningham and I first met around six years ago at SXSW Interactive.  Scott was already well known for his developerWorks podcast series and blog, and he was walking around the conference talking to people, so we decided to sit down and do a podcast discussing all the cool things we’d seen and learned about during the conference.

It was the beginning of a wonderful and still ongoing collaboration, and since that time, Scott and I have shared the stage at numerous IBM conferences, interviewing industry luminaries, IBM executives and business partners, and other thought leaders.

But we always come back to SXSW Interactive. And so it was with 2013.

Scott and I sat down on Friday via Skype and chatted for nearly 30 minutes about all the interesting things we heard and learned about at this year’s event, the first time it reached over 30,000 attendees.

Some would say SouthBy has jumped the shark. I’m not so sure. I joked early on in the event last week that perhaps it had jumped a few dolphins.

Has it gotten a lot more crowded?  Absolutely.

Has it stretched the outer limits of Austin’s hotel and transportation capacity?  Without question.

Do you have to wait in long lines stretching halfway around the Austin Convention Center just to see a keynote?  Yes yes yes.

And to my mind, it’s still worth every minute.

P.S. Scott has also established a new blog, which you can find right here on WordPress.

Written by turbotodd

March 18, 2013 at 9:35 am

Samsung Theatre, RSS-Less Google

with one comment

Anybody watch that Samsung Galaxy S4 launch last night on the Webcast from Radio City Music Hall in New York City?

Well, the latest episode of Smash it certainly was not.  I think the entire show could probably have used a dramaturg, but hey, what do I know? The last show I saw at Radio City Music Hall was Iron Maiden sometime around 1985.

But, if Samsung doesn’t exactly have a handle on the number of the thespian beast, they certainly do seem to have learned how to make smartphones.

Once I got past all the drama last night, I was ready to shell out a few hundred bucks to move back into the smartphone camp (I’m currently carrying an LG feature phone from Verizon, because unlike most people, I actually still use my cell phone to TALK to OTHER HUMAN BEINGS.)  I currently depend on an iPod Touch 5th gen for most of my tablet computing (news consumption, email, calendaring, shooter games, travel, etc.)

But at some point, I’m going to create my own harmonic computing convergence and try to come back to one device.

Of course, the price point for an unlocked Galaxy S4 will likely require a second mortage, and that’s if you can even find one.

So I’m also keeping an eye on the downmarket players like BLU Products, a little known player from whom I recently ordered an unlocked feature phone for $35 that I now use as my bat phone.

BLU is introducing a whole slate of new smartphones in April, entitled “Live View,” “Life One,” and “Life Play,” all of which will allegedly be sold unlocked on Amazon and range between $229 and $299.

The Life View model will include a 5.7-inch display (bigger than the Galaxy 5 at 5 inches), a 12-megapixel rear/5-megapixel front camera, 1GB RAM, 16GB of expandable storage, and also a 2,600Ah battery for those lonnngg plane rides to Bangalore.

I imagine that phone will be “good enough,” and you can learn more here on Engadget.

What’s apparently not good enough for Google is having an RSS reader. It was just announced that Google Reader was going to be taken out back to the Google woodshed and shot, as of July 1 of this year, a resultant casualty of Google’s annual “Spring Cleaning.”

To whit I ask, couldn’t they have found something less useful to “clean?”

Not to pile on, but this is a really dumb move for Google, if not for the bad PR value alone (and there’s been plenty of that). Google Reader was a beloved product, if only by the niche social digerati — you know, all those massive influencers with a big social media megaphone.

For my money, it’s a jaded move — Google’s not making any money off Reader, and RSS feeds are notoriously difficult to measure, so why not bury it in the Mountain View backyard? On the other hand, it would be nice for them to keep a useful tool that helps we bloggers keep our blogging sanity, and Reader does/did? just that.

C’est la Google vie…I’ve turned to Feedly online and on the iPod, and Reeder on the Mac, to assuage my soon-to-be Google Readerless existence.  So far, I’m digging the newspaper-ish like layout.  I just hope I can learn how to add and subtract feeds as easily as I was able to on the Google Reader cloud.

As for my post-SXSW-partum depression, the sun’s shining in Austin and I plan to get out and play some golf this weekend.  But I’ll just say this: For me, Best SouthBy ever.  I saw a lot of great speakers and sessions, talked to a lot of cool and interesting people, consumed some of my native city’s great food and drink, and enjoyed myself all the way around.

And for those of you who made it to the IBM party at Haven Saturday night, well how about that?  Definitely NOT your father’s IBM.

The bar she has been raised.

%d bloggers like this: