Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘2013’ Category

Gladly Pay You Tuesday…

leave a comment »

We’re finally getting some rain in central Texas.  We’ll see how long it lasts!

And on the topic of rainmaking, this just in from our friends at Nucleus Research.

Nucleus conducted an analysis of 21 of IBM Smarter Commerce case studies and their ROI, and discovered that for every dollar spent, companies realized an average of U.S. $12.05 in returns.

According to the research, this payback occurred in an average of 9 months (with a high of 23 months, and a low of two).

The cases Nucleus analyzed included U.S. and European companies and government agencies which had deployed IBM Smarter Commerce technologies.

All the case studies were developed independently by Nucleus, following their standard ROI methodology, and IBM was privy to the results only after the research was completed.

In their analysis, Nucleus also observed some summary conclusions, finding that Smarter Commerce projects delivered both top-line and bottom-line benefits, with roughly 60 percent of returns coming from indirect benefits such as productivity, and the rest from direct savings such as reduced operational costs or hires avoided.

Specific key benefits included the following:

  • Increased productivity. In many cases companies were able to accomplish more work with fewer staff or avoid additional hires as they grew by automating previously manual processes and increasing employee productivity.
  • Reduced costs. Smarter Commerce customers experienced cost reductions in areas such as customer call handling costs, technology costs, and other costs associated with supply chain transactions.
  • Improved inventory management. Greater visibility into customer demand and inventory levels enabled Smarter Commerce customers to gain better control over their inventory, reducing inventory carrying costs and increasing inventory turns.
  • Improved decision making. Greater agility and rapid insight into data for decision making enabled companies using Smarter Commerce to more quickly make decisions and act on them with confidence.
  • Reduced customer churn and increased customer satisfaction. Companies using IBM Business Analytics were able to more rapidly understand customer satisfaction and retain more profitable customers by proactively addressing customers’ propensity to churn. For example, one telecommunications customer was able to reduce customer churn by 8 percent in the first year and 18 percent in the second year by further refining its churn analysis.

Customers Leverage Prepackaged Functionality

Nucleus indicated that the $12.05 average return from Smarter Commerce was at the high end of the range of returns Nucleus had seen from other assessments of deployments such as analytics and CRM, and many IBM Smarter Commerce clients indicated they had achieved high returns by taking advantage of the investments IBM has made in providing integrated solutions, more intuitive user interfaces, and prepackaged industry functionality.

By way of example:

  • Integrated solutions and prepackaged industry functionality accelerate time to deployment and time to value while reducing overall project risk.
  • Usability improvements drive more rapid adoption and make it easier for companies to drive adoption of technologies such as business analytics to casual and business users beyond the data expert specialists that have historically been the primary users of analytics.

Industry-specific functionality and expertise were particularly important in the success of customers adopting Smarter Commerce technologies in the government sector, such as social services agencies and police departments, where IT often has limited resources.

You can go here to download the full report.

Talk To The Mannequin Middleman

with one comment

Middlemen have gotten a pretty bad wrap since the Internet came along.

First, it was the travel agents, who were one of the first to be “disintermediated” by sites like Expedia, Orbitz, etc. Why hire a person to do what a computer and network could do?

Although it turns out it wasn’t quite that easy, as we later discovered, and nearly 20 years later there are still travel agents, but they’ve evolved and often moved up the value stack in terms of their offerings. (As an example, whenever I book a scuba diving trip, I typically now use an exclusive provider of scuba vacation travel, and they’ve served me quite well…although, sigh, it’s been far too long since I went diving!)

At IBM, we’re only supposed to employ our American Express travel agents when we’re traveling overseas.  I, personally, don’t mind using our Online Travel Reservation system for planning my travel, but that Web-based system has never been the same as talking to a really good Amex travel agent, and it certainly has never made me laugh.

So this story in The New York Times caught my eye, which explains how e-commerce companies are “bypassing” the middlemen in a variety of e-commerce verticals.

From eyeglasses to office supplies to bedding to nail polish to shaving supplies, there are host of “smarter commerce” e-commerce ventures popping up that are “controlling the supply chain,” providing products and services to end consumers at lower costs than many big retailers while pocketing the disintermediated profits.

But before you leap headlong into a Web server (which, let’s be frank, could hurt!), let’s not forget that physical presence still matters.

CNBC reports that “what’s old is new again” for some e-commerce retailers, outlining that a “growing number of online retail companies are setting up physical stores” in response to trends like “showrooming,” whereby consumers do in-store flybys only to later make a purchase online.

IBM vice president and global retail leader Jill Puleri was quoted in the story with this observation: “If there’s one thing showrooming teaches us, it’s that consumers still want to see what they are buying in person.”

It goes on to cite data from IBM suggesting that “50 percent of online sales were generated after consumers first browesed offline.”

So what’s next? One could easily envision pop-up stores emerging in highly-trafficked areas around the world: airports, train stations, even shopping malls, where consumers could “touch and feel” the merchandise and then get incented to go and make an actual purchase online.

Now if they could just figure out a way to make those in-store mannequins just a little less creepy.

Speak Slowly In Your Regular Voice

leave a comment »

Happy Monday.

I just returned from a nice long weekend with my buddies out in West Texas, where we held our annual “South Austin Gun Camp.”

Don’t worry, nobody was hurt…well, save for that Easter Bunny pinata which made too compelling a target for our collective target practice to resist.

Speaking of targets, they were mostly old beer cans and paper zombies, but a good time was had by all and the weather mostly cooperated for our three day camp out.

I include in this post a pic of one of the shooting activities I semi excel at, which is skeet shooting (called “Olympic Skeet” in the Olympic games, the U.S. team for which I will not be selected for anytime soon).

Turbo takes out his pent up frustrations on some harmless clay pigeons in the wilds of West Texas, while also basking in his short-lived technological  disconnectedness.

Turbo takes out his pent up frustrations on some harmless clay pigeons in the wilds of West Texas, while also basking in his short-lived technological disconnectedness.

Today, however, it’s been email catchup and back to work.

Out in West Texas, I had limited access to any technology. My LG Cosmos II scantly picked up a Verizon signal, so every once in a while I would get a data dump so I could scan my personal email.

The lack of data connectivity made it a little difficult to keep up with the Sweet 16 results and the PGA event in Houston, but I was able to play catch up on those once back at Turboville late Sunday afternoon.

In the “While You Were Out” category, I noticed this story about Nuance Communications’ efforts to release “Voice Ads,” a “new mobile advertising format that lets people have a two-way conversation with brands.”

For the record, I’m a big Nuance (and voice dictation/speech recognition, more generally) fan, but the idea of my talking to a brand made me laugh out loud.

What happens when the brand can talk back to me?

“Hello, Budweiser. I’ll have one of you.”

“Could I see your ID, please?”

“Excuse me?”

“You asked for one of me. I’m Budweiser, an adult alcoholic beverage, and you must be 21 or older to speak with me, much less consume me. Could I see your ID, please?”

“Sorry, I left it at home.”

“I’m sorry, too.  You must be 21 or older to talk to this Budweiser.”

Upstart Business Journal has all the details, ‘splainin’ that Nuance has already signed up marketing partners like Digitas, OMD, and Leo Burnett to reach the approximate 100,000 app publishers out there in the world today.

And no question, mobile marketing is a huge market — I’m just not sure how many people are ready to talk to their brands.

If they are, it’s surely to help them get something useful done. I can easily envision this mobile app from JetBlue sometime soon:

Why am I so late, JetBlue Voice?”

“Your plane was delayed.”

“Why was my plane delayed, JetBlue Voice? I need to get to New York. I have a meeting!”

“Could you please enter your confirmation number?”

“It’s in another part of my smartphone, and I can’t find it because I’m talking to you. Don’t you have voice recognition or something?”

“Perhaps you could call back another time when you have your confirmation number. Thank you for calling JetBlue’s advertising.”

No no, NOTHING could go wrong with mobile voice advertising!

Batten Down The Hatches! IBM’s X-Force 2012 Trend And Risk Report

leave a comment »

It’s been a busy year for IT security incidents. Yesterday, John Markoff and Nicole Perlroth with The New York Times told us about yet another incident, this time a cyberattack involving antispam group Spamhaus and an anonymous group unhappy with their efforts.

Based on disclosed incident details such as the vulnerability used and attack type, IBM X-Force was able to determine that the majority of the security incidents disclosedin 2012 were carried out by the top left quadrant above, with attackers going after a broad target base while using off-the-shelf tools and techniques. This can be attributed to the wide public availability of toolkits, and to the large number of vulnerable web applications that exist on the Internet.

Click to enlarge. Based on disclosed incident details such as the vulnerability used and attack type, IBM X-Force was able to determine that the majority of the security incidents disclosed in 2012 were carried out by the top left quadrant above, with attackers going after a broad target base while using off-the-shelf tools and techniques. This can be attributed to the wide public availability of toolkits, and to the large number of vulnerable web applications that exist on the Internet.

But the list goes on and on. From the discovery of sophisticated toolkits with ominous names like Flame to cross-platform zero-day vulnerabilities, both consumers and corporations have been inundated with advisories and alerts regarding emerging threats. The frequency of data breaches and incidents—which had already hit a new high in 2011—continued their upward trajectory.

At the mid-year of 2012, IBM’s X-Force team predicted that the explosive nature of attacks and security breaches seen in the first half would continue. Indeed this was the case. While talk of sophisticated attacks and widespread distributed denial-of-service (DDoS) attempts made the year’s headlines, a large percentage of breaches relied on tried and true techniques such as SQL injection.

What continues to be clear is that attackers, regardless of operational sophistication, will pursue a path-of-least-resistance approach to reach their objectives. Integration of mobile devices into the enterprise continues to be a challenge. In the previous report, X-Force looked at some of the pitfalls and perils of implementing BYOD programs without strict formulations of policy and governance to support the use of these devices.

That said, recent developments have indicated that while these dangers still exist, and X-Force believes mobile devices should be more secure than traditional user computing devices by 2014. While this prediction may seem far fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.

In its latest report, X-Force explores how security executives are advocating the separation of personas or roles on employee-owned devices. It also addresses some secure software mobile application development initiatives that are taking place today. The distribution and installation of malware on end-user systems has been greatly enabled by the use of Web browser exploit kits built specifically for this purpose.

The intense proliferation of social networking across the Internet poses new challenges to companies that need to control the sharing of confidential information. Any employee that has access to the Internet is going to be exposed to social networking sites and because they are so frequently accessed,they have become a favorite target of scam and phishing.

Click to enlarge. The intense proliferation of social networking across the Internet poses new challenges to companies that need to control the sharing of confidential information. Any employee that has access to the Internet is going to be exposed to social networking sites and because they are so frequently accessed,
they have become a favorite target of scam and phishing.

Exploit kits first began to appear in 2006 and are provided or sold by their authors to attackers that want to install malware on a large number of systems.  They continue to be popular because they provide attackers a turnkey solution for installing malware on end-user systems.

Java vulnerabilities have become a key target for exploit kits as attackers take advantage of three key elements: reliable exploitation, unsandboxed code execution, and cross-platform availability across multiple operating systems. Java exploits have become key targets in 2012 and IBM X-Force predicts this attack activity to continue into 2013.

As X-Force also reported in the mid-year, spam volume remained nearly flat in 2012, with India claiming the top country of origin for spam distribution, but the nature of spam is changing. Broadly targeted phishing scams, as well as more personalized spear-phishing efforts continue to fool end users with crafty social-engineering email messages that look like legitimate businesses. Also, fake banking alerts and package delivery service emails have been effective as attackers refine their messages to look like the authentic messages that customers might normally receive.

Whether the target is individuals or the enterprise, once again, X-Force reminds organizations that many breaches were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice.

Web applications are still topping the chart of most disclosed vulnerabilities, rising 14% in 2012 over the 2011 end of year numbers. As reported earlier in the mid-year report, cross-site scripting (XSS) dominated the web vulnerability disclosures at 53% of all publicly released vulnerabilities. Although SQL injection attack methods remain as a top attack technique, the actual disclosures of new SQL injection vulnerabilities remain lower than the 2010 peak X-Force recorded.

Social media has dramatically changed our lives with new ways to connect, personally and professionally. From this constant availability of information about individuals, attackers can readily access data to use in their activities.

Now, more than ever, individual employees who share personal details in their social profiles can be targeted for attacks.

The values for the evaluated threat and residualthreat can be determined by comparing thelikelihood or frequency of a threat occurring (high,medium, low) against the damage impact that couldhappen if the threat occurred (catastrophic, high,medium, low). The goal is to implement mitigationprocesses that either reduce the frequency of thethreat occurring or reduce the impact if the threatdoes occur. A requirement for this to be successful is to have aspecific, designated monitoring mechanism to monitorthe implementation of the treatment processes andfor the appearance of the threats. This monitoringmechanism should be monitored and alerts should beresponded to. It does no good to have network-basedanti-virus consoles gathering information about virusalerts across the network, if nobody is assigned tomonitor the console and respond to those alerts.Monitoring and responding is part of the mitigationprocess. (An example threat assessment and riskmitigation process chart is provided below, thoughthe IR team may identify a greater list.)

Click to enlarge. The values for the evaluated threat and residual threat can be determined by comparing the likelihood or frequency of a threat occurring (high, medium, low) against the damage impact that could happen if the threat occurred (catastrophic, high, medium, low). The goal is to implement mitigation processes that either reduce the frequency of the threat occurring or reduce the impact if the threat does occur. A requirement for this to be successful is to have a specific, designated monitoring mechanism to monitor the implementation of the treatment processes and for the appearance of the threats.

2012 X-Force Trend And Risk Report Highlight

Malware and the malicious web

  • In 2012, near daily leaks of private information about victims were announced like game scoreboards through tweets and other social media. Personal details, such as email addresses, passwords (both encrypted and clear text), and even national ID numbers were put on public display.
  • Based on data for 2012, it is not surprising that the bulk of the security incidents disclosed were carried out with the majority of attackers going after a broad target base while using off-the-shelf tools and techniques. X-Force attributes this to the wide public availability of toolkits and to the large number of vulnerable web applications that exist on the Internet.
  • The year began and ended with a series of politically motivated, high-profile DDoS attacks against the banking industry. An interesting twist to the banking DDoS attacks was the implementation of botnets on compromised web servers residing in high bandwidth data centers. This technique assisted in much higher connected uptime as well as having more bandwidth than home PC’s to carry out the attacks. In the sampling of security incidents from 2012, the United States had the most breaches, at 46%. The United Kingdom was second at 8% of total incidents, with Australia and India tied for third at 3%.
  • IBM Managed Security Services (MSS) security incident trends are markers that represent the state of security across the globe. The relative volume of the various alerts can help to describe how attacks are established and launched. They also frequently provide hints about how methods have evolved. Based on this, the main focus in 2012 may have been the subversion of systems, with larger coordinated attacks being executed across fairly broad swaths of the Internet.
  • IBM MSS has noted a dramatic and sustained rise in SQL injection-based traffic due, in large part, to a consistent effort from the Asia Pacific region. The alerts came from all industry sectors, with a bias toward banking and finance targets.
  • Web browser exploit kits (also known as exploit packs) are built for one particular purpose: to install malware on end-user systems. In 2012 X-Force observed an upsurge in web browser exploit kit development and activity—the primary target of which are Java vulnerabilities—and X-Force supplies some strategies and tips to help protect against future attacks (see end of post to download full report).
  • Java continues to be a key target for attackers. It has the advantage of being both cross-browser and cross-platform—a rare combination that affords attackers a lot of value for their investment. Web content trends, spam, and phishing Web content trends Top used websites are readily deployed as IPv6- ready, although attackers do not yet seem to be targeting IPv6 on a large scale.
  • One third of all web access is done on websites which allow users to submit content such as web applications and social media.
  • Nearly 50% of the relevant websites now link to a social network platform, and this intense proliferation poses new challenges to companies that need to control the sharing of confidential information.

Spam and phishing

  • Spam volume remained nearly flat in 2012.
  • India remains the top country for distributing spam, sending out more than 20% of all spam in the autumn of 2012. Following India was the United States where more than 8% of all spam was generated in the second half of the year. Rounding out the top five spam sending countries of origin were Vietnam, Peru, and Spain.
  • At the end of 2012, IBM reports that traditional spam is on the retreat, while scam and spam containing malicious attachments is on the rise. In addition, attackers are demonstrating more resiliency to botnet take downs which results in an uninterrupted flow of spam volume.

Operational Security Practices

Vulnerabilities and exploitation

  • In 2012, there were over 8,168 publicly disclosed vulnerabilities. While not the record amount X-Force expected to see after reviewing its mid-year data, it still represents an increase of over 14% over 2011.
  • Web application vulnerabilities surged 14% from 2,921 vulnerabilities in 2011 to 3,551 vulnerabilities in 2012.
  • Cross-site scripting vulnerabilities accounted for over half of the total web application vulnerabilities disclosed in 2012. Cross-site scripting dominated the web vulnerability disclosures. Fifty-three percent of all publicly released web application vulnerabilities were cross-site scripting related. This is the highest rate X-Force has ever seen. This dramatic increase occurred while SQL injection vulnerabilities enjoyed a higher rate than 2011 but were still down significantly since 2010.
  • There were 3,436 public exploits in 2012. This is 42% of the total number of vulnerabilities, up 4% from 2011 levels.
  • Web browser vulnerabilities declined slightly for 2012, but not at as high a rate as document format issues. While the overall number of web browser vulnerabilities dropped by a nominal 6% from 2011, the number of high- and critical severity web browser vulnerabilities saw an increase of 59% for the year.
  • Few innovations have impacted the way the world communicates quite as much as social media. However, with the mass interconnection and constant availability of individuals, new vulnerabilities and a fundamental shift in intelligence-gathering capabilities has provided attackers and security professionals alike with information useful for enhancing their activities.
  • Rather than seeing a particular enterprise as an individual entity, attackers can view enterprises as a collection of personalities. This gives attackers the opportunity to target specific people rather than enterprise infrastructures or applications. Furthermore, targeted people may also be targeted as individuals and not just as employees. In other words, the personal activities and lives of employees can be leveraged to target an enterprise.

Emerging Trends In Security

Mobile

  • Prediction: Mobile computing devices should be more secure than traditional user computing devices by 2014. This is a bold prediction that IBM recently made as part of its look ahead in technology trends. While this prediction may seem far-fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.
  • Separation of personas or roles: While a small percentage of enterprises have dealt with BYOD by using virtualized desktop solutions to separate and control enterprise applications and data from the rest of the personally owned device, a greater number of enterprises have wanted or required some form of separation or dual persona on mobile devices. This difference in use or adoption could be the result of greater numbers of devices driving greater risk in the percentage of personally owned mobile devices versus personally owned PCs in a BYOD program.
  • In many cases, enterprises have made significant investments into implementing Secure Software Development Life Cycle (SSDLC) processes. Today’s mobile application development benefits from this. Tools exist to support secure development as part of the process instead of being conducted in qualification or production. As a result, it should be more common for enterprises to have more securely developed mobile applications than their existing legacy applications. Closure of vulnerabilities in some traditional computing applications may only conclude as existing versions are sunset and replaced with newer, more securely developed replacements.
  • Over 2012, it is safe to conclude that more enterprises are supporting BYOD or the use of personally owned devices than previously. In the last two years, IBM Security has spoken to hundreds of global 2000 customers and out of those interviewed, only three said they had no plans to implement any kind of BYOD program.

To learn more on how your organization can work to address these types of vulnerabilities, download the full IBM X-Force 2012 Trend And Risk Report here.

A Mobile Summary

leave a comment »

I’m going to have to start naming this “Mobile Monday.”

Because on Mondays, it seems like there’s always something of import to occur within the mobile space.

I guess one could say that for every other day of the week, and maybe it just seems more notable to me on Mondays.

In today’s case, it was Yahoo’s announced acquisition of Summly, a mobile app that has a unique algorithm which helps summarize news stories and which was started by a 15 year-old programmer, Nick D’Alosio.  The Summly took Apple’s “Best Apps of 2012” award for Intuitive Touch capability.

So of course the first thing that will happen post acquisition is that the app will be REMOVED from the App Store starting today.

Does that seem counterintuitive or is it just me?

Kid writes app, app receives a gazillion downloads, Yahoo buys app, makes kid rich, Yahoo removes app from App Store.

Only in the tech industry.

The idea, of course, being that someday soon the capabilities of Summly will find themselves embedded in other Yahoo apps.  Yeah, and I’ve got some great swamp land in south Florida that I’d like to show you.

Turbo recently shelled out a little over a hundred bucks for the daskeyboard Professional Model S. This keyboard features Mac-specific functions such as media controls, brightness controls, command and alt/option keys, eject and clear keys. The Professional Model S for Mac is “plug and play” with your Mac computer and updated to also include media controls.

Turbo recently shelled out a little over a hundred bucks for the daskeyboard Professional Model S. This keyboard features Mac-specific functions such as media controls, brightness controls, command and alt/option keys, eject and clear keys. The Professional Model S for Mac is “plug and play” with Mac computers and updated to also include media controls.

On the topic of mobile, nobody’s ever really created a good mobile Bluetooth keyboard that’s portable and, preferably, folds up…and I’ve tried just about all of them…Kickstarter, anyone?

But I am VERY happy with my new daskeyboard keyboard, which I’m going to tell you all about now.

When I’m working at home, it’s like hearing a machine gun emanating from my office (They don’t call me Turbo for nothin’, and it mostly had to do with my typing speed…How else would you expect me to be able to generate all these blog posts!?)

I saw daskeyboards for the first time last year at SXSW, but I was able to contain my credit card.  This year, I decided to jump in headfirst.

With a discount, I was able to get the daskeyboard Pro Model S for about $100, and though that might seem like a lot for a keyboard, when you spend as much time every day in front of a computer as I do, it seemed like a pretty good investment at the time — and that turned out to be the case.

Remember those original IBM AT and XT (and later, PS/2) computers where you could use those clickety-clack Model M keyboards? Well, daskeyboard has reinvented that PC keyboarding past, and you can now go clickety-clack at 90 words per minute with the lightest, softest, but clickiest touch you can imagine.

Only this time, you can do it on both Macs and PCs, and you can do it all in black.

Written by turbotodd

March 25, 2013 at 12:02 pm

Building A Bigger, Better Cloud In Ohio

leave a comment »

The cloud, she is getting bigger, particularly in the great State of Ohio.

For Ohio has selected IBM for a $267-million 10 year modernization of the State of Ohio Computing Center (SOCC) through the development of a private cloud computing environment and the use of other hardware, software and services from IBM.

The SOCC includes four floors and more than 350,000 square feet of space, and houses infrastructure for several state agencies that support more than 1,400 applications executing on over 2,700 servers.

By working with IBM, the State will be able to focus on meeting application demands that underpin the services it provides to the citizens of Ohio.

The program will also lay the groundwork for future opportunities including the State’s drive toward private, secure cloud computing.

Highlights of the work with IBM include:

  • Remediating power and cooling capabilities in the State’s facility in Columbus
  • Migrating agency related infrastructure and application workloads within the facility
  • Implementing operating model improvements to deploy ITIL-based service management
  • Ongoing services in a co-managed arrangement with State staff

“We are working with IBM to significantly reduce the complexity of our infrastructure, improve data center operations and increase service delivery for state agencies and the constituents they serve,” Stu Davis, State of Ohio’s Chief Information Officer said. “This is a foundational component of Ohio’s IT Optimization efforts that will result in savings and culminate in the consolidation of the state’s IT assets into a primary state data center. This provides agencies with services they require and ensures we are spending taxpayers’ dollars once.”

The State’s cloud computing environment will be designed to provide a secure, high-performance and dependable foundation for computing, while costing the State less than its current infrastructure.

The goal of the State’s IT consolidation is to substantially reduce IT infrastructure services spend, and reallocate those funds to applications and services that support the citizens and businesses of Ohio.

You can learn more about IBM Smarter Government solutions here.

Written by turbotodd

March 21, 2013 at 12:30 pm

%d bloggers like this: