Turbotodd

Ruminations on IT, the digital media, and some golf thrown in for good measure.

Archive for the ‘security’ Category

Internet Insecurity

leave a comment »

You ever get one of those emails where there are two headlines that couldn’t have been more synchronous?

That’s what I got today in a Washington Post email newsletter:

“New malware is 20 times size of Stuxnet”

“Cybersecurity experts needed to meet growing demand”

Surely the Post newsletter editor at least chuckled when he put those two together.

I didn’t chuckle, however, when I started reading up on this new Internet security phenom.

Wired’s Threat Level blog led with this: “A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.”

Here was The New York Times lead on the story: The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Thursday.

And, the Post led with: Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software the disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.

The Post goes on to cite analysts who “suspect Israel and the United States, given the virus’s sophistication, among other things.”

Which is it, we need more cybersecurity experts in the U.S., or we’re the “nation-state” behind this latest cyber war virus?

Whatever the case, the BBC’s coverage included the following facts: Russian security firm Kaspersky Labs believed the malware had been operating since August 2010 and described Flame as “one of the most complex threats ever discovered.”

If you don’t remember Stuxnet, it was the alleged state-sponsored virus which wreaked havoc on Iran’s uranium centrifuges.  This new malware, according to the BBC story, “appears not to cause physical damage,” but instead collects “huge amounts of sensitive information.”

Wired also adds to the story, reporting Flame was “written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals.”

Wired went on to report that “Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.”

Recorded conversations?

Yes, indeedy.  According to Wired, one of the modules in Flame is “one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity.”

It also allegedly contains a module that turns “Bluetooth-enabled computers into a Bluetooth beacon,” scanning for other Bluetooth-enabled devices in order to “siphon names and phone numbers from their contacts folder.”

It can also store “frequent screenshots of activity on the machine,” screenshots that include everything from emeetings to instant messages, email….you get the picture.  Literally.

I don’t know about you, but I sense a whole new genre of cyber espionage novels looming on the horizon.

More details on Flame as they emerge…

New IBM Security Study: Finding A Strategic Voice In The C-Suite

with one comment

I’m back from IBM Impact 2012…but my brain is still processing all the information I took in through all the interviews Scott and I conducted for ImpactTV and for all the sessions I attended…and I won’t mention all the cocktails in the evenings where I learned SO much from my industry peers.

The first ever IBM security officers study reveals a clear evolution in information security organizations and their leaders with 25 percent of security chiefs surveyed shifting from a technology focus to strategic business leadership role.

I’ll be putting together a recap post of some of the major announcements, and I’ve still yet to transcribe my interview with Walter Isaacson, but first, I wanted to highlight an important new study from IBM on the security front.

For those of you who follow the Turbo blog, you know the issue of security (particularly cybersecurity) is one I take very seriously and that I follow closely, partially because of my longstanding interest in the topic, and partially because I recognize we live in an imperfect world using imperfect technology, created and used by imperfect humans.

But the promise and hope for security, fallible though it may sometimes be, is a worthy aspiration.  There are ideas, assets, and often even lives at risk, and the more we move up the stack into an intellectual capital driven global economy, the more there is at stake and the more that will be needed to protect.

So, that’s a long way of saying expect to be hearing even more from me on this important topic.

Chief Security Officers: “We’ve Got Our CEO’s Attention”

To that end, now for the new information security study results. The new IBM study reveals a clear evolution in information security organizations and their leaders, with 25 percent of security chiefs surveyed shifting from a tech focus to one of a more strategic business leadership role.

In this first study of senior security executives, the IBM Center For Applied Insights interviewed more than 130 security leaders globally and discovered three types of leaders based on breach preparedness and overall security maturity.

Representing about a quarter of those interviewed, the “Influencer” senior security executives typically influenced business strategies of their firms and were more confident and prepared than their peers—the “Protectors” and “Responders.”

Overall, all security leaders today are under intense pressure, charged with protecting some of their firm’s most valuable assets – money, customer data, intellectual property and brand.

Nearly two-thirds of Chief Information Security Executives (CISOs) surveyed say their senior executives are paying more attention to security today than they were two years ago, with a series of high-profile hacking and data breaches convincing them of the key role that security has to play in the modern enterprise.

Emerging Security Issues: Mobile And A More Holistic Approach

More than half of respondents cited mobile security as a primary technology concern over the next two years.  Nearly two-thirds of respondents expect information security spend to increase over the next two years and of those, 87 percent expect double-digit increases.

Rather than just reactively responding to security incidents, the CISO’s role is shifting more towards intelligent and holistic risk management– from fire-fighting to anticipating and mitigating fires before they start.  Several characteristics emerged as notable features among the mature security practices of “Influencers” in a variety of organizations:

  • Security seen as a business (versus technology) imperative: One of the chief attributes of a leading organization is having the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. In fact, 60 percent of the advanced organizations named security as a regular boardroom topic, compared to only 22 percent of the least advanced organizations.  These leaders understand the need for more pervasive risk awareness – and are far more focused on enterprise-wide education, collaboration and communications.  Forward-thinking security organizations are more likely to establish a security steering committee to encourage systemic approaches to security issues that span legal, business operations, finance, and human resources. Sixty-eight percent of advanced organizations had a risk committee, versus only 26percent in the least advanced group.
  • Use of data-driven decision making and measurement: Leading organizations are twice as likely to use metrics to monitor progress, the assessment showed (59 percent v. 26 percent). Tracking user awareness, employee education, the ability to deal with future threats, and the integration of new technologies can help create a risk-aware culture. And automated monitoring of standardized metrics allows CISOs to dedicate more time to focusing on broader, more systemic risks.
  • Shared budgetary responsibility with the C-suite: The assessment showed that within most organizations, CIOs typically have control over the information security budget. However, among highly ranked organizations, investment authority lies with business leaders more often. In the most advanced organizations, CEOs were just as likely as CIOs to be steering information security budgets. Lower ranking organizations often lacked a dedicated budget line item altogether, indicating a more tactical, fragmented approach to security.  Seventy-one percent of advanced organizations had a dedicated security budget line item compared to 27 percent of the least mature group.

Recommendations to Evolve the Security Role in an Enterprise

To create a more confident and capable security organization, IBM recognizes that security leaders must construct an action plan based on their current capabilities and most pressing needs. The report offers prescriptive advice from its findings on how organizations can move forward based on their current maturity level.

For example, those “Responders” in the earliest stage of security maturity can move beyond their tactical focus by establishing a dedicated security leadership role (like a CISO); assembling a security and risk committee measuring progress; and automating routine security processes to devote more time and resources to security innovation.

About the Assessment

The IBM Center for Applied Insights study, “Finding a strategic voice: Insights from the 2012 IBM Chief Information Security Officer Assessment,” included organizations spanning a broad range of industries and seven countries.

During the first quarter of 2012, the Center conducted double-blind interviews with 138 senior business and IT executives responsible for information security in their enterprises. Nearly 20 percent of the respondents lead information security in enterprises with more than 10,000 employees; 55 percent are in enterprises with 1,000 to 9,999 employees.

Click here to access the full study.

Cyber Insecurity

leave a comment »

Some veddy interesting news on the cybersecurity front has reared its ugly head the last couple days.

First, VMware confirmed via CRN yesterday that proprietary source code from its ESX server hypervisor (server virtualization software) had been posted online, but in a blog post about the incident, the director of VMware’s Security Response Center said the posted code was created sometime in 2003 and 2004.

That raises questions as to relevance, according to CRN, with VMware explaining that “the fact that it has been made public does not necessarily put VMware customers at risk.”

Yet given the large number of providers that run vSphere, it could have “a broad and widespread impact.”

Here’s the blog post from VMware — for those potentially impacted, one to keep an eye on.

This just as the Obama Administration comes out against the current House cybersecurity bill entitled the “Cyber Intelligence Sharing and Protection Act,” or “CISPA,”  a law proposed last November by U.S. Rep. Michael Rogers (R-MI) and 111 co-sponsors that would allow the voluntary sharing of attack and threat information between the U.S. Government and security cleared technology and manufacturing companies to try and ensure the security of networks against patterns of attack.

CISPA was reported out of committee on December 1, 2011, but has yet to be debated or brought to a vote.

The Electronic Frontier Foundation has also come out against the bill, concerned that the bill’s broad warnings would leave little protection for individual consumers and not provide effective judicial oversight for the types of monitoring the bill would allow.

If, in the meantime, you’re looking for some industry thought leadership on the topic of security, IBM’s own Marc Van Zadelhoff, the director of strategy for IBM’s still relatively new Security Solutions Division, look no further than this podcast interview (MP3, 17:45 minutes, 10.2 MB) where Marc provides extensive insight into IBM’s approach to security intelligence and compliance. You can also read a transcript here. (36.4KB, PDF)

Having Impact

leave a comment »

It’s the end of a long Friday, and you’re sitting there thinking to yourself, “Hmm, what in the world am I going to be doing starting on Sunday, April 29th?!!”

I’m from headquarters and I’m here to help.

If you’re a business or technology leader trying to understand and keep up with the insane amount of change going on in our industry, my recommendation is you hop on a plane and head out to attend the IBM Impact 2012 Global Conference from April 29-May 4.

No, it’s NOT “The Hangover,” thank goodness — neither part one nor part deux — but what it IS is an opportunity to mix it up with your peers and to hear from some of our industry’s key thought leaders.

Let’s start with the keynotes: Author of the acclaimed Steve Jobs biography entitled Steve Jobs, as well as president and CEO of the Aspen Institute, Walter Isaacson, will be a featured speaker this year. Isaacson is a former correspondent and new media editor of Time magazine, who went on to serve as chairman and CEO of CNN from 2001-2003.

“Chic Geek” and 2011 audience favorite Katie Linendoll will also be making a return engagement to Impact. Katie is going to be leading the day 2 general session, as well as moderating a “Women’s Panel” later that Tuesday afternoon (May 1).

And if you’ve never heard from Jane McGonigal, creative director of Social Chocolate and a world-renowned designer of alternate reality games…well, prepare to have your mind blown. I’ve heard Jane at a couple of SXSW Interactives, and Jane’s view of the world is one you’ll want to look into.  She’s also the author of the New York Times bestseller, Reality is Broken.

And those are just the guest speakers.  You’ll also hear from a powerhouse cadre of IBM experts and executives, starting with senior veep Steve Mills. Also in attendance: Rod Smith, our VP emerging technologies…Marie Wieck, GM of the AIM organization…Bridget van Kralingen, senior veep of IBM Global Business Services…Jerry Cuomo, IBM Fellow and WebSphere veep…and a host of others.

But let’s not forget one of the most important aspects of Impact: The networking prowess of 9,000 tech and business leaders all under the same roof.  You can get started in the conversation well ahead of the event by following and contributing to the Impact Social Media Aggregator, and onsite, by visiting the “Impact Social Playground,” a new social hub that will provide enhanced social networking facilities for all attendees, Tweeps, bloggers, analysts, media, and Business Partners.

If you just want to follow along on Twitter, make sure you’re using the #IBMImpact hash tag.

developerWorks blogger and podcaster extraordinaire, Scott Laningham, will also be in attendance, along with yours truly, where we will be conducting live and recorded interviews throughout the event for “ImpactTV.”  So far, we have a committed lineup of the best and brightest…and then there’s Scott and I!

Here’s the link where it all starts for Impact 2012.

I, for one, can’t wait.  Last year was my first Impact, and I had more fun and talked to more cool people than a person has a right to.  And I learned more than I could keep in my head…but of course, that’s not saying much.

And iffen your boss is giving you a hard time about taking time out of your hectic schedule, we’ve even got that covered with our “5 Reasons to Attend Impact 2012.”

I hope to see you there, and if you can’t make it live and in person, be sure to keep an eye on ImpactTV from April 29 through May 4.

Oh yeah, did I forget to mention that the Goo Goo Dolls are playing???

Warning Against Your Insecurities: The 2011 IBM X-Force Trend And Risk “Poltergeist”

leave a comment »

WARNING: This is an exceptionally long post intended for security and privacy geeks everywhere, including sys admins, Internet security hawks, CIOs, and innocent but interested bystanders everywhere.  No web servers were hacked in the preparation of this report: at least, none by me!

Okay, troopers, it’s that time of year again.  You know, the time when IBM releases its report card for security incidents, the X-Force Trend and Risk Report.

Google has the search “Zeitgeist” every year, we have the security “poltergeist!”

This time around, we’re looking back at the wild and wacky 2011, a year which showed surprising improvements in several areas of Internet security. Improvements, you ask?  Surely you jest, Turbo.

This figure from the 2011 IBM X-Force Trend And Risk Report shows a steady decline in the instances of input control related vulnerabilities such as cross-site scripting (XSS) and SQL injection since X-Force began recording these statistics in 2007. In 2011, the statistics suggest that the likelihood of encountering XSS in a given test continues to decrease but shows signs of leveling out at approximately a 40 percent chance of occurring. Injection vulnerabilities and specifically SQL injection appears to have leveled out at around a 20 percent chance of occurring in a given test.

No, no, there IS some good news.  Like a reduction in application security vulnerabilities, exploit code and spam.

But, good news leads to less good news on this front, as many of you who follow security well know, because the bad guys are being forced to rethink their tactics by targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices.

The Top Line: Less Spam, More Adaptation

To get specific, the X-Force 2011 Trend and Risk Report demonstrated a 50 percent decline in spam email compared to 2010.

2011’s poltergeist saw a diligent patching of security vulnerabilities by software vendors, with only 36 percent of those vulnerabilities remaining unpatched in 2011 (compared to 43 percent in 2010).  The year also saw a higher quality of software application code, as seen in web-app vulnerabilities called “cross-site scripting” that were half as likely to exist in clients’ software as they were four years ago.

So, the net is, the bad guys are adapting their techniques to the changing tech environment. The report uncovered a rise in emerging attack trends including mobile exploits, automated password guessing, and a surge in phishing attacks.

It also witnessed an increase in automated shell command injection attacks against web servers, which may well be a response to successful efforts to close off other kinds of Web app vulnerabilities.

The Security Landscape Glass Half Full: Decrease In Unpatched Vulnerabilities, Exploit Code, And Spam

Getting even more specific, according to the report, there are several positive trends as companies adjusted their security policies in 2011:

  • Thirty percent decline in the availability of exploit code. When security vulnerabilities are disclosed, exploit code is sometimes released that attackers can download and use to break into computers. Approximately 30 percent fewer exploits were released in 2011 than were seen on average over the past four years. This improvement can be attributed to architectural and procedural changes made by software developers that help make it more difficult for attackers to successfully exploit vulnerabilities.
  • Decrease in unpatched security vulnerabilities. When security vulnerabilities are publicly disclosed, it is important that the responsible software vendor provide a patch or fix in a timely fashion. Some security vulnerabilities are never patched, but the percentage of unpatched vulnerabilities has been decreasing steadily over the past few years. In 2011 this number was down to 36 percent from 43 percent in 2010.
  • Fifty percent reduction in cross site scripting (XSS) vulnerabilities due to improvements in software quality. The IBM X-Force team is seeing significant improvement in the quality of software produced by organizations that use tools like IBM AppScan OnDemand service to analyze, find, and fix vulnerabilities in their code.  IBM found XSS vulnerabilities are half as likely to exist in customers’ software as they were four years ago. However, XSS vulnerabilities still appear in about 40 percent of the applications IBM scans. This is still high for something well understood and able to be addressed.
  • Decline in spam. IBM’s global spam email monitoring network has seen about half the volume of spam email in 2011 that was seen in 2010. Some of this decline can be attributed to the take-down of several large spam botnets, which likely hindered spammers’ ability to send emails. The IBM X-Force team witnessed spam evolve through several generations over the past seven years as spam filtering technology has improved and spammers have adapted their techniques in order to successfully reach readers.

The Security Landscape Glass Half Empty: Attackers Adapt Their Techniques in 2011

Even with these improvements, there has been a rise in new attack trends and an array of significant, widely reported external network and security breaches.

This figure from the 2011 IBM X-Force Trend And Risk Report shows an increase in mobile operating system exploits in 2011 due to an uptick in malicious activity targeting mobile devices. Because of the two-tiered relationship between phone end users, telecommunications companies, and mobile operating system vendors, disclosed mobile vulnerabilities can remain unpatched on phones for an extended period of time, providing a large window of opportunity to attackers.

As malicious attackers become increasingly savvy, the IBM X-Force documented increases in three key areas of attack activity:

  • Attacks targeting shell command injection vulnerabilities more than double. For years, SQL injection attacks against web applications have been a popular vector for attackers of all types. SQL injection vulnerabilities allow an attacker to manipulate the database behind a website. As progress has been made to close those vulnerabilities – the number of SQL injection vulnerabilities in publicly maintained web applications dropped by 46 percent in 2011– some attackers have now started to target shell command injection vulnerabilities instead. These vulnerabilities allow the attacker to execute commands directly on a web server. Shell command injection attacks rose by two to three times over the course of 2011. Web application developers should pay close attention to this increasingly popular attack vector.
  • Spike in automated password guessing – Poor passwords and password policies have played a role in a number of high-profile breaches during 2011. There is also a lot of automated attack activity on the Internet in which attacks scan the net for systems with weak login passwords. IBM observed a large spike in this sort of password guessing activity directed at secure shell servers (SSH) in the later half of 2011.
  • Increase in phishing attacks that impersonate social networking sites and mail parcel services – The volume of email attributed to phishing was relatively small over the course of 2010 and the first half of 2011, but phishing came back with a vengeance in the second half, reaching volumes that haven’t been seen since 2008. Many of these emails impersonate popular social networking sites and mail parcel services, and entice victims to click on links to web pages that may try to infect their PCs with malware. Some of this activity can also be attributed to advertising click fraud, where spammers use misleading emails to drive traffic to retail websites.

Emerging Technologies Create New Avenues for Attacks

New technologies such as mobile and cloud computing continue to create challenges for enterprise security.

  • Publicly released mobile exploits rise 19 percent in 2011. This year’s IBM X-Force report focused on a number of emerging trends and best practices to manage the growing trend of “Bring your Own Device,” or BYOD, in the enterprise. IBM X-Force reported a 19 percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. There are many mobile devices in consumers’ hands that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers. IT managers should be prepared to address this growing risk.
  • Attacks increasingly relate to social media – With the widespread adoption of social media platforms and social technologies, this area has become a target of attacker activity. IBM X-Force observed a surge in phishing emails impersonating social media sites. More sophisticated attackers have also taken notice. The amount of information people are offering in social networks about their personal and professional lives has begun to play a role in pre-attack intelligence gathering for the infiltration of public and private sector computing networks.
  • Cloud computing presents new challenges - Cloud computing is moving rapidly from emerging to mainstream technology, and rapid growth is anticipated through the end of 2013. In 2011, there were many high profile cloud breaches affecting well-known organizations and large populations of their customers. IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data. Cloud security requires foresight on the part of the customer as well as flexibility and skills on the part of the cloud provider. The IBM X-Force report notes that the most effective means for managing security in the cloud may be through Service Level Agreements (SLAs) because of the limited impact that an organization can realistically exercise over the cloud computing service. Therefore, careful consideration should be given to ownership, access management, governance and termination when crafting SLAs. The IBM X-Force report encourages cloud customers to take a lifecycle view of the cloud deployment and fully consider the impact to their overall information security posture.

The IBM X-Force 2011 Trend and Risk Report is based on intelligence gathered by one of the industry’s leading security research teams through its research of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011.

“In 2011, we’ve seen surprisingly good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. “In response, attackers continue to evolve their techniques to find new avenues into an organization. As long as attackers profit from cyber crime, organizations should remain diligent in prioritizing and addressing their vulnerabilities.”

You can learn more about IBM Security Solutions here.

A Hacker’s Nervous Breakdown

leave a comment »

How ironic that here I am at Pulse 2012, where we’re talking about Internet and other related security matters, and then this headline: EXCLUSIVE: Infamous international hacking group LulzSec brought down by own leader.

Wow.

Apparently, law enforcement agents on two continents arrested five members of the infamous hacking group, Anonymous, early this morning. Furthermore, they were apparently acting on information and evidence gathered by the organization’s leader, who apparently had been cooperating with the government for months.

Doh!

Anonymous and its various offshoots — LulzSec, AntiSec, etc. — Are believed to have caused billions of dollars of damage to the government, banks, and corporations around the world.

The New York field office of the Federal Bureau of investigation released a press statement which indicated that five computer hackers in the United States and abroad were charged today, and six pled guilty, for computer hacking and other crimes.

The six hackers identified themselves as aligned with the group anonymous, which is a loose confederation of computer hackers and others, and/or offshoot groups related to Anonymous.

The now unsealed indictment revealed the perps were charged with hacks including of Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service. Included in the indictment were that of Hector Xavier Monsegur, aka “Sabu” and “Leon” and “Xavier DeLeon,” who pled guilty last August 15th to a 12-count information charging him with computer hacking conspiracies and other crimes, and who apparently has been cooperating with the government to bring several of the others to justice.

According to the New York Times’ coverage of the story, Mr. Monsegur ran his schemes out of a public housing project on the Lower East Side of Manhattan.

So was he the head of the Anonymous snake? Now that the indictments are out, I suspect we’ll be finding out very, very soon.

Written by turbotodd

March 6, 2012 at 9:46 pm

IBM Pulse 2012: Day 1 Keynote Session: Business Without Limits

leave a comment »

This morning’s keynote session at Pulse 2012 keyed in on several key themes critical to managing the world’s infrastructure.  Opening musical act, Naturally Seven, lent their own seven cents, explaining through song and human-voice driven instruments that “I Built This Wall Around Me, I Built this Wall From The Ground, See.”

IBM Senior Vice President Robert Leblanc explains to the gathered IBM Pulse 2012 audience how visibility, control and automation are instrumental for companies looking to keep up with the changing IT and business landscape.

There’s a whole lot of building from the ground up that’s been going on with respect to some of the key areas the Tivoli portfolio focuses on.  And IBM Tivoli customer Wellpoint joined the stage to discuss some of those changes in the healthcare industry.

George Zaruba, VP for Tech Strategy there, explained that Wellpoint is one of the U.S.’ largest healthcare benefits companies, with some 37,700 associates. Major industry shifts are requiring Wellpoint to reinvent itself and in its relationship with the end customer, and to be able to deliver services in ways its customers are used to and comfortable with. “Our delivery model needs to be secure and stable and reach users across a myriad of devices and platforms,” he explained.

Which means infrastructure needs to be everywhere, and which will allow Wellpoint to manage the effectiveness of their customers’ experience.

That’s why infrastructure needs to be everywhere, to have full visibility into core services. Zaruba explained “We’ve achieved this over the past several years with ITIL management and best practices, and virtualization of storage and services.”

That also led Wellpoint to its partnership with IBM Watson, which Wellpoint is currently working on as the first industry deployment of that important technology to “find the best answers to some very tough medical questions.”

Next up, IBM VP Scott Hebner joined the stage and explained there are “8,000 of you from 79 different countries.”

That’s some Pulse!

Hebner explained IBM is “obsessed about learning from our clients, and this conference is a reflection of our obsession, which focuses on real-world experiences and bottom line results.”

Hebner explained the opportunities are vast and unprecedented, and yet “the opportunity highway has ditches on both sides of the road.” The implication being, try and stay out of the ditch!

Hebner shared some factoids: 80% of CEOs surveyed by IBM anticipate turbulent changes and bold moves, and 64% of CIOs work as senior business execs in their orgs to drive innovation.

And yet, still, there’s a 3X gap increase between the desired needs and the actual outcomes.

Red meat to this gathering of IT gurus, Hebner also explained jobs related to technology are forecasted to be the fastest growing segment through 2018, with cloud jobs increasing 60%, and mobility, 50%.

But, the planet on which we operate is rapidly changing thanks to the proliferation of lower-cost technologies.  People, systems, and objects can interact with one another in entirely new ways, and that creates new opportunities and expectations.

Infrastructure is now everywhere, he explained, across every industry. Where does my business infrastructure begin and end these days? How do I turn this new reality into an advantage.

Business without limits, is what Hebner explained this as. The smarter approach turns data into insights in real time, at the point of interaction — it must, as we can now instrument everything, from the devices in the home to the processes themselves, giving us millions of data points.

To help explain this opportunity, IBM senior VP Robert Leblanc joined the stage and suggested there’s no escaping all this change, and that technology was a key enabler, according the IBM CEO study stretching back to 2004.  Beyond “market forces,” technology is considered a requirement by CEOs to enable their businesses to adapt to all this change.=

“How do you drive the speed that the business needs to adapt to its markets?” Leblanc inquired.  The answer, simple to say, harder to do: Focus on fundamental business imperatives: 1) Build 2) Reinvent, 3) Uncover.

That is, create operating dexterity while creating new customer relationships and uncovering new profit streams.

Most clients want to reinvent around their customer relationships, Leblanc explained, and if you look back 25 years ago, those that lead the industries are different from the leaders today.  The CEO is making it clear: I need change, and IT has to change with it.

Analytics continues to be the driving requirement in the industry technology shift, followed by mobility and virtualization -- all key themes here at Pulse 2012.

Leblanc then shared some data as to what is driving an unprecedented shift in technology: Analytics, 83%. Followed by Mobility, 75%. And virtualization, 68%.

Insight. Everywhere. No matter where.

Implicit to all this, underlying concerns about security, and a focus on achieving all these desired business outcomes through “visibility,” “control,” and “automation.”

To have full visibility of the span of your infrastructure, you must have and assert control, and in order to be able to focus on new value added initiatives, you must automate the more mundane but critical capabilities.

Some examples, Leblanc explained: China Great Wall improved server utilization by 30%. BlueCrossBlueShield of North Carolina saved 5,000 hours of staff time by automating security processes. SunTrust improved productivity by automating 50% of manual processes.

Finally, it was Tivoli General Manager Danny Sabbah’s time to speak, and Danny explained how all of these changes and trends are re-orienting Tivoli customers’ outlooks and the things they specifically need to be focused on.

He explained that “our world is changing drastically whether we like it or not,” and that “simply put, we’re being forced to rethink the way we run our businesses.”

We find ourselves at the vortex of three dominant transformations taking place in IT: Mobility, Smarter phsyical infrastructures, and security.

Mobility, he explained, is nearly ubiquitous, and now accounts for 40% of the total number of devices accessing business applications.

We’re seeing embedded intelligence and resultant smarter physical infrastructures where previously passive devices are now equipped with sensors and RFID tags and other tracking capabilities. Companies are now building applications to exploit the data gathered from these smart devices to better understand and run their operations.

And thirdly, security threats have become an integral part of this much larger montage. The more embedded intelligence, the more mobility, the more ways we execute commerce, social collaboration, and so on.  So, security must become part of everything we do.

This intersection, then, has spawned an even greater degree of complexity across business infrastructures, and the environment we find ourselves in has become more interconnected, moresusceptible to threats and even more difficult to manage.

Utilizing the power of cloud computing, IBM is tackling these issues head on with its customers.  But if you want hype and marketing, Sabbah concluded, you’ll have to go somewhere else because “this conference is about solving real problems in the real world.”

Happy Safer Internet Day

leave a comment »

If you either don’t have children or you don’t spend an inordinate amount of time online, or if you just missed the headlines these past few days, you may not realize that today is “Safer Internet Day.”

In conjunction, IBM is releasing free Internet safety training tools for students and will have thousands of volunteers working to help raise awareness and educate students and businesses on Internet safety and digital responsibility.

The three free volunteer kits that can help better educate students, parents, and teachers on Internet safety include:

  • Control Your Online Identity  - A volunteer education kit, it is designed to help teenagers learn to protect personal data online and reputation online. Teenagers are typically savvy about how to use the Internet, but often unaware about what happens to personal data once it’s shared. This presentation and volunteer information helps students learn how to protect personal data and control how they present themselves online.
  • Internet Safety Coaching – Aimed at teachers or adults working with children, this is a general primer on Internet safety providing basic information about common Internet activities by young people including instant messaging and social networking.   This kit is designed to raise awareness of Internet safety and how to have a meaningful and open dialogue with children on this topic.
  • Cyberbullying — Aimed at parents or adults who work with children, this activity helps adults learn about how young people use the Internet today and how to recognize cyberbullying symptoms, how to prevent online bullying from happening and how to intervene if it does happen.

“IBMers are committed to helping educate people on ways to safely and securely use the Internet,” said Harriet Pearson, IBM Security Counsel and Chief Privacy Officer. “The resources we are donating will help teachers and parents raise awareness that most Internet-based threats to individual and computer security can significantly be reduced by actions that informed users take themselves.”

In conjunction with today’s announcement, IBM volunteers around the world are educating communities about Internet safety. Some select activities include:

  • In Finland, IBM’s lead volunteer on Cyberbullying will participate in a national summit at Helsinki City Hall in conjunction with Safer Internet Day. 60 IBM volunteers have already run Cyberbullying workshops for parents in 100 schools across Finland.
  • In Germany, IBM will expand its partnership with klicksafe, the national partner of the Insafe network, focusing on the Manage Your Identity Initiative, Already more than 500 IBM, retiree and partner volunteers have delivered over 100 interactive workshops on the topic to more around 3,000 students around the country.
  • In Italy, an IBM team will conduct events in local schools using both the IBM materials and afilm from Safer Internet Day to discuss Internet safety and cyberbullying.
  • In Romania, IBM volunteers are partnering with NGOs APDETIC and Junior Achievement Romania to deliver an Internet Safety session to students focusing on controlling your online identity and Facebook usage.
  • In the United Kingdom, IBM volunteers will use the volunteer kits to promote online safety awareness in schools.  IBMers will partner with non-profit YPNGlobal on their initiative called Cyber Champions.

Last year IBM employees donated more than three million hours of volunteer service. The company has donated 34 volunteer kits to help both IBMers as well as community members have meaningful activities and dialogues in the community about various issues.

Since its inception in 2004, Safer Internet Day interest has grown to reach all five continents and almost 80 countries, from Canada to South Korea and Russia to Kenya, including all 27 countries of the European Union.

The goal of the day is to help make the Internet a better place for our children and young people.

Written by turbotodd

February 7, 2012 at 2:57 pm

IBM Mobile Security: Protecting Your Data On The Go

leave a comment »

If you’ve been concerned about the security of your corporate data with respect to the ever-burgeoning number of mobile devices, IBM may have a solution to your problem.

Increasingly, businesses want to provide employees the option of using a personal device as a way to reduce cost and allow them to work wherever or whenever they need to, but doing so requires diligence in protecting corporate data.

In this era of “Bring Your Own Device” (BYOD), with employees using their own mobile devices for business and personal activity, organizations are now tasked with supporting the new social, virtual, and mobile employee and the applications they access. With mobile threats on the rise, complex IT environments, security risks, maintaining policies, and helping companies control cost are top of mind concerns for many CIOs and security and risk professionals.

Today, IBM unveiled a new service to help businesses secure the exploding number of mobile devices with access to corporate data, the IBM Hosted Mobile Device Security Management service.

This solution extends a company’s existing mobility portfolio to include a security application for smartphones and tablets, along with managed services including policy management and user compliance monitoring.

It helps organizations protect against data loss and other risks caused by device theft, unauthorized access, malware, spyware, and inappropriate applications.

The solution is designed to help mitigate security risks associated with the increasing number of employee-owned and corporate-liable mobile devices accessing sensitive business data. Delivered as a hosted, managed service, clients can put these controls into action without the need to deploy and manage systems or to make a major investment of in-house personnel and technology.

With this new service, IBM provides security controls and ongoing monitoring for each device as a managed service, allowing IT departments to support a broad range of personal devices. Unlike other services focused on device management or unmanaged technology, IBM is focused on the protection of the device, regardless of the business applications used by employees today or in the future.

Capabilities in the new mobile device security management service include:

  • Configuring employee devices to comply with security policies and actively monitoring to help ensure compliance over time
  • Securing data in the event that a device is lost or stolen
  • Helping to find a lost or stolen device – wherever it is
  • Protecting against spyware and viruses
  • Detecting and removing malicious and unapproved applications
  • Monitoring and tracking user activity
  • Enabling more secure connectivity

The company is working with Juniper Networks on this mobile security service for the underlying protection and device management technology for leading platforms such as Apple iOS, Google Android, BlackBerry, Symbian and Microsoft Windows Mobile through the Juniper Networks Junos Pulse Mobile Security Suite.

IBM operates the world’s broadest security research and development organization, comprising nine security operations centers, nine IBM Research centers, 11 software security development labs and an Institute for Advanced Security, with chapters in the United States, Europe and Asia Pacific. It employs thousands of security experts globally such as security operations analysts, consultants, sales and tech specialists, and strategic outsourcing delivery professionals.

IBM monitors 13 billion security events per day in more than 130 countries and holds 3,000 security patents. It has been in the security business for nearly 50 years dating back to the security innovation in its mainframe systems.

You can learn more about this new solution here.

Written by turbotodd

November 11, 2011 at 9:22 pm

IBM To Acquire Security Intelligence Provider Q1 Labs

leave a comment »

IBM has announced a definitive agreement to acquire privately held Q1 Labs, a Waltham, Massachusetts-based provider of security intelligence software.

The move aims to accelerate IBM’s efforts to help clients more intelligently secure their enterprises by applying analytics to correlate information from key security domains and creating security dashboards for their organizations.

Financial terms were not disclosed.

Following the close of the acquisition, Q1 Labs will join the newly-formed IBM Security Systems division, representing the world’s most comprehensive security portfolio.  After the close, IBM intends the new division to be led by Brendan Hannigan, CEO of Q1 Labs.

The new division will target a $94 billion opportunity in security software and services, which has a nearly 12 percent compound annual growth rate, according to IBM estimates.

Q1 Labs will join the more than 10 strategic security acquisitions IBM has made in the last decade and the more than 25 analytics-related purchases, including the recently announced acquisition of security analytics software firm, i2.

Organizations face a landscape with high-impact corporate breaches, growing mobile security concerns and advanced security threats, as highlighted in last week’s IBM X-Force Mid-Year Trend and Risk Report.

Firms must be equipped to identify threats, detect insider fraud, predict business risk and address regulatory mandates. Three quarters of firms feel cyberattacks are hard to detect and their effectiveness would increase with end-to-end solutions, according to a recent industry report.

Q1 Labs’ advanced analytics and correlation capabilities can automatically detect and flag actions across an enterprise that deviate from prescribed policies and typical behavior to help prevent breaches, such as an employee accessing unauthorized information.

“Since perimeter defense alone is no longer capable of thwarting all threats, IBM is in a unique position to shift security thinking to an integrated, predictive approach,” said Brendan Hannigan, CEO of Q1 Labs. “Q1 Labs’ security analytics will add greater intelligence to IBM’s security portfolio and continue to distinguish IBM from competitors.”

IBM operates the world’s broadest security research and development organization, comprising nine security operations centers, nine IBM Research centers, 11 software security development labs and three Institutes for Advanced Security.

It employs thousands of security experts globally such as security operations analysts, consultants, sales and tech specialists, and strategic outsourcing delivery professionals.  IBM monitors 12 billion security events per day in more than 130 countries and holds 3,000 security patents. IBM has been in the security business for nearly 50 years dating back to the security innovation in its mainframe systems.

You can learn more about IBM’s security offerings here.

Written by turbotodd

October 4, 2011 at 12:47 pm

Follow

Get every new post delivered to your Inbox.

Join 2,352 other followers

%d bloggers like this: