By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 9th February 2010 Copyright Interarbor Solutions © 2010

The latest BriefingsDirect Analyst Insights Edition, Volume 50, focuses on the fallout from the Google’s threat to pull out of China, due to a series of sophisticated hacks and attacks on Google, as well as a dozen more IT companies. Due to the attacks late last year, Google on Jan. 12 vowed to stop censoring Internet content for China’s web users and possibly to leave the country altogether.

This ongoing tiff between Google and the Internet control authorities in China’s Communist Party-dominated government have uncorked a Pandora’s Box of security, free speech and corporate espionage issues. There are human rights issues and free speech issues, questions on China’s actual role, trade and fairness issues, and the point about Google’s policy of initially enabling Internet censorship and now apparently backtracking.

But there are also larger issues around security and Internet governance in general. Those are the issues we’ll be focusing on today. So, even as the U.S. State Department and others in the U.S. federal government seek answers on China’s purported role or complicity in the attacks, the repercussions on cloud computing and enterprise security are profound and may be long-term.

We’re going to look at some of the answers to what this donnybrook means for how enterprises should best protect their intellectual property from such sophisticated hackers as government, military or, quasi-government corporate entities and whether cloud services providers like Google are better than your average enterprise, or especially medium-sized business, at thwarting such risks.

We'll look at how users of cloud computing should trust or not trust providers of such mission-critical cloud services as email, calendar, word processing, document storage, databases, and applications hosting. And we’ll look at how enterprise architecture, governance, security best practices, standards, and skills need to adapt still to meet these new requirements from insidious world-class threats.

So, join me now in welcoming our panel for today’s discussion: Jim Kobielus, senior analyst at Forrester Research; Jason Bloomberg, managing partner at ZapThink; Jim Hietala, Vice President for Security at The Open Group; Elinor Mills, senior writer at CNET, and Michael Dortch, Director of Research at Focus. The discussion is moderated by BriefingsDirect's Dana Gardner, principal analyst at Interarbor Solutions. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Mills: We now have a huge first public example of a company coming out and saying, not only that they've been attacked—companies don’t want to admit that ever and it’s all under the radar—but also they’re pointing the fingers. Even though they're not specifically saying, "We think it’s the Chinese state," but they think enough of it that they're willing to threaten to pull out of the country.

It’s huge and it’s going to have every company reevaluating what their response is going to be—not just how they’re going to do business in other countries, but what is their response going to be to a major attack.

Bloomberg: It’s not as big of a wakeup call as it should be. You can ask yourself, "Is this an attack by some small cadre of renegade hackers or is this attack by the government of the People’s Republic of China? That’s an open question at this point.

Who is the victim? Is it Google, a corporation, or the United States? Is it the western world that is the victim here? Is this a harbinger of the way that international wars are going to be fought down the road?

We’ve all been worried about cyber warfare coming, but we maybe don’t recognize it when we see it as a new battlefield. It's the same as terrorism. It’s not necessarily clear who the participants are.

When you place the enterprise into this context, well, it’s not necessarily just that you have a business within the context of a government subject to particular laws of particular government, you have the supernational, where large corporations have to play in multiple jurisdictions. That’s already a governance challenge for these large enterprises.

We already have this awareness that every single system on our network has to look out for itself and, even then, has levels of vulnerability.

Now, we have the introduction of cyber warfare, where we have concerted professional attacks from unknown parties attacking unknown targets and where it’s not clear who the players are. Anybody, whether it’s a private company, a public company, or a government organization is potentially involved.

That basically raises the bar for security throughout the entire organization. We’ve seen this already, where perimeter-based security has fallen by the wayside as being insufficient. We already have this awareness that every single system on our network has to look out for itself and, even then, has levels of vulnerability. This just takes it to the national level.

Kobielus: I don’t see anything radically or fundamentally new going on here. This is just a big, powerful, and growing world power, China, and a big and growing world power on a tech front Google, colliding. ... There has always been corporate espionage and there’s always been vandalism perpetrated by companies against each other through subterfuge, and also by companies or fronts operating as the agent of unseen foreign power. ... This is international real-politic as usual, but in a different technological realm.

Hietala: In terms of the visibility it’s gotten and the kinds of companies that were attacked, it’s a little bit game-changing. From the information security community perspective, these sorts of attacks have been going on for quite a while, aimed at defense contractors, and are now aimed at commercial enterprises and providers of cloud services.

I don’t think that the attacks per se are game-changing. There’s not a lot new here. It’s an attack against a browser that was couple of revs old and had vulnerability. The way in which the company was attacked isn’t necessarily game-changing, but the political ramifications around it and the other things we’ve just been talking about are what make it a little game-changing.

Dortch: This puts Google in the very interesting position of having to decide. Is it a politically neutral corporation or is it a protector of the data that its clients around the world, not just here, and not just from governments but corporations? Is it a protector and an advocate of protection for the data that those clients have been trusted to it? Or, is it going to use the fact that it is a broker of all that data to sort of throw its muscle around and take on governments like China’s in debates like this.

The implications here are bigger than even what we’ve been discussing so far, because they get at the very nature of what a corporation is in this brave new network world of ours.

Gardner: This boils down to almost two giant systems or schools of thought that are now colliding at a new point. They've collided at different points in the past on physical sovereignty, military sovereignty, and economic sovereignty. The competition is between what we might call free enterprise based systems and state sponsorship through centralized control systems.

Free enterprise won, when it came to the cold war, but it's hard to say what's going to happen in the economic environment where China is a different beast. It's state sponsored and it's also taking advantage of free enterprise, but it's very choosy about what it allows for either one of those systems to do or to dominate.

When you look at Google, Google made itself into a figurehead of representing what a free enterprise approach could do. It's not state sponsored or nationalistic. It's corporate sponsored. So, it would be interesting to see who has the better technology, who has the better financial resources, and ultimately who has the organizational wherewithal to manifest their goals online that wins out in the marketplace.

If an organized effort is better at doing this than a corporate one, well then they might dominate. But so far, we've seen a very complex system that the marketplace—with choice, and shedding light and transparency on activities—ultimately allows for free enterprise predominance. They can do it better, faster, cheaper and that it will ultimately win.

I think, we're really on the cusp here of a new level of competition, but not between countries or even alliances, but really between systems. The free enterprise system versus the state-sponsored or the centralized or the controlled system. It should be very interesting.

Bloomberg: ... If anything, cloud environments reduce the level of security.

They don’t increase it for the very reason that we don’t have a way of making them sovereign in their own right. They’re always not only subject to the laws of the local jurisdiction, but they’re subject to any number of different attacks that could be coming from any different location, where now the customers aren’t aware of this sort of vulnerability.

So, “Trust, but verify,” is a good point, but how can you verify, if you’re relying on a third party to protect your data for you? It becomes much more difficult to do the verification. I'd say that organizations are going to be backing away from cloud, once they realize just how risky cloud environments are.

Mills: Microsoft’s general counsel Brad Smith recently gave a keynote at the Brookings Institute Forum, and he talked about modernizing and updating the laws to adapt specifically to the cloud. That included privacy rights under the Electronic Communications Privacy Act being more clearly defined, updating the Computer Fraud and Abuse Act, and setting up a framework so that differences in the regulations and practices in various countries can be worked out and reconciled.

Hietala: I don’t think there is a silver-bullet cloud provider out there that has superior security to have that position. All enterprises still are going to have to be at the top of their game, in terms of protecting their assets, and that extends to small or medium businesses.

At some point, you could see a cloud provider stake out that part of the market to say, "We’re going to put in a superior set of controls and manage security to a higher degree than a typical small-to-medium business could," but I don’t see that out there today.

Dortch: Many small businesses outsource payroll processing, customer relationship management (CRM), and a whole bunch of things. A lot of that stuff is outsourced to cloud service providers, and companies haven’t asked enough questions yet about exactly how cloud providers are protecting data and exactly how they can reassure that nothing bad is going to happen to it.

For example, if their servers come under attack, can they demonstrate credibly how data is going to be protected. These are the types of questions that incidents like this can and should raise in the minds of decision-makers at small and mid-sized businesses, just as they're starting to raise these issues, and have been raising them for a while, among decision-makers at larger enterprise.

Kobielus: I think what will happen is that some cloud providers will increasingly be seen as safe havens for your data and for your applications, because (a) they have the strong security, and (b) they are hosted within, and governed by, the laws of nation states that rigorously and faithfully try to protect this information, and assure that the information can then be removed—transferred out of that country fluidly by the owners, without loss.

How about governments in general, maybe it's the United Nations who steps in? Who is the ultimate governor of what happens in cyber space?

In other words, it's like the Cayman Islands of the cloud—that offshore banking safe haven you can turn to for all this. Clearly, it's not going to be China.

... In terms of who has responsibility and how will governance best practices be spread uniformly across the world in such areas of IT protection, it's going to be some combination of multilateral, bilateral, and unilateral action. For multilateral, the UN points to that, but there are also regional organizations. In Southeast Asia there is ASEAN, and in the Atlantic there is NATO, and so forth.

Bloomberg: Who decides what is enough? We have these opposing forces. One is that information should be free, and the Internet should be available to everybody. That basically pushes for removing barriers to information flow.

Then you have the security concerns that are driving putting up barriers to information flow, and there is always going to be conflict between those two forces. As increasingly sophisticated attacks develop, that pushes the public consensus toward increasing security.

That will impact our ability to have freedom, and that's going to be, continue to be, a battle that I don’t see anybody winning. It's’ really just going to be an ongoing battle as technology improves and as the bad guys attacks improve. It's going to be an ongoing battle between security and freedom and between the good guys and the bad guys, as it were, and that's never going to change.

Hietala: Large enterprises are going to have to be responsible for the security of their information. I think there are a lot of takeaways for enterprises from this attack. If you're talking about specific individuals, it’s almost hopeless, because your average individual consumer doesn’t have the level of knowledge to go out and find the right solutions to protect themselves today.

So, I'll focus on the large enterprises. They have to do a good job of asset inventory, know where, within their identity infrastructure, they're vulnerable to this specific attack, and then be pretty agile about implementing countermeasures to prevent it. They have to have patch management that's adequate to the task of getting patches out quickly.

They need to do things like looking at the traffic leaving their network to see if people are already in their infrastructure. These Trojans leave traces of themselves, when they ship information out of an organization. When people really understand what happened in this attack, they can take something away, go back, look at what they are doing from a security standpoint, and tighten things up.

If you're talking about individuals putting things in the cloud, that’s a different discussion that doesn’t seem real feasible to me to get them to the point where they can secure their information today.

Kobielus: I don't think Google is going to leave China. I think they are going to stay in China and somehow try to work it out with the PRC. I don't know where that's going, but fundamentally Google is a business and has a "don't do evil" philosophy. They're going to continue to qualify evil down to those things that don't actually align with their business interest.

In other words, they're going to stay. There's going to be a lot of wariness now to entrust Google's China operation with a whole lot of your IT—"you" as a corporation—and your data. There will be that wariness.

Preferred platforms
Other cloud providers will be setting up shop or hosting in other nations that are more respectful of IP, other nations that may not be launching corporate or governmental espionage at US-headquartered properties in China. Those nations will become the preferred supernational cloud hosting platforms for the world.

I can't really say who those nations might be, but you know what, Switzerland always sort of stands out. They're still neutral after all these years. You've got to hand that to them. I trust them.

Bloomberg: In the short-term, the noise is going to die down or going to go back to business as usual. The security is going to need to improve, but so are hacks from the bad guys. It's going to continue, until there is the next big attack. And the question is, "What's it going to be and how big is it going to be?"

We're still waiting for that game changer. I don't think this is a game changer. It's just a way to skirmish. But, if a hacker is able to bring down the internet, for example, targeting the DNS infrastructure to the point that the entire thing collapses, that’s something that could wake people up to say, "We really have to get a handle on this and come up with a better approach."

Hietala: From our perspective [at The Open Group], we're starting to see more awareness at higher levels in governments that the threats and issues here are real. They’re here today. They seem to be state sponsored, and they're something that needs to be paid attention to.

Secretary of State Clinton recently gave a speech where she talked specifically about this attack, but also talked about the need for nations to band together to address the problem. I don't know what that looks like at this point, but I think that the fact that people at that level are talking about the problem is good for the industry and good for the outlook for solutions that are important in the future.

Mills: I think Google is going to get out of China and try and lead some kind of U.S. corporate effort or be a role model to try to do business in a more ethical way, without having to compromise and censor.

There will be a divergence that you'll see. China and other countries may be pushed more towards limiting and creating their own sort of channel that's government filtered. I think the battle is just going to get bigger. We're going to have more fights on this front, but I think that Google may lead the way.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download the transcript.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Dana Gardner (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Rob Bamforth, Principal Analyst, Quocirca Posted: 9th February 2010 Copyright Quocirca © 2010

The usage of business communications tools—fixed and mobile, voice and data—appears to be growing relentlessly, but there is a strong counter-current from businesses wanting to reduce complexity and, above all, control costs. The current direction, driven largely by an IT industry agenda, looks and feels like offering everything as a network service (XaaS)—either in-house or in the public cloud—unified on common and consistent network plumbing, all based on the big melting pot of IP. This means carrying telephony as if it is just another data application: but that might not be so appealing to traditional carriers and does it completely meet the needs of enterprise customers?

After all, even though businesses are looking to reduce costs and take advantage of some of the benefits offered by convergence of all communications to IP networks, they still require the availability, security and reliability of traditional telephony, whether fixed or mobile. If the flexibility of mobile can be preserved and the promise of unified communications fulfilled, while call costs are cut and security assured, most businesses would probably be pleased. However, that is a big challenge that will not be solved overnight, so how should businesses look at the process of moving traditional telephony services in an all-IP direction?

Quocirca research shows that it is at this point that companies most often look to their existing carriers and service providers for guidance. In turn, these providers, despite long term ambitions to be converged carriers of voice and data based over a IP Multimedia Subsystem (IMS), still have legacy investments in profitable lines of voice and message-based telephony that both carrier and its shareholders rely on.

Converging or consolidating onto an IP bit pipe too quickly might seem like a bad step for the carriers, who, after all, want to differentiate on more than just price per megabyte of traffic, irrespective of its content or service delivered. However there are a number of stages between the legacy of separate siloed communications systems and the flat and indistinct unified converged nirvana of an all IP connected world.

It is here that carriers can offer something of value—control and quality—while, at the same time, exploiting IP to keep their costs down (and hopefully pass at least part of these reductions on to their customers). To do this, even the most progressive carriers will have to recognise that IP traffic will need to be carried across some networks with legacy terminations or end points, and connected to other carriers that are either further ahead or behind in their adoption of IP. This means a more active operator strategy to carrying IP packets, through managed trunking and routing, and controlling their borders' with other carriers.

It also means that, even in challenging economic climates, businesses need to evaluate their carrier network suppliers—both fixed and mobile—on a broader set of criteria than simply short term cost. They should be asking the carriers questions about quality, integrity and reliability of service, not just about uptime or their network asset level, but about the impact on services, applications and, ultimately, users. This has to include how the network supplier manages its relationships with other external carrier partners, both at commercial and network levels, and the phasing of longer term migration to IP, including what steps are being taken in the meantime.

Those quality, integrity and reliability criteria will determine the impact of communications decisions on business productivity— whether potential gains are achieved or current levels lost. Overall this 'opportunity' cost might be far more significant than a few pounds/dollars or euros shaved off the bill by myopic negotiations.

The telecommunications world is moving to all-IP, but the steps are many and progress will continue to be uneven. Businesses should expect carriers to provide a helping hand and stepping stones, rather than an all-or-nothing approach and, in doing so, seek a route that provides a balance between value and cost.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Rob Bamforth (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Alan Arnold, Chief Technology Officer, Vision Solutions Posted: 9th February 2010 Copyright Vision Solutions © 2010

For the most part, traditional tape-based backup and recovery techniques accomplish their rudimentary goals. Nonetheless, they suffer a number of drawbacks.

The backup process itself is at the heart of one of the problems. Applications typically must be stopped or curtailed, possibly for hours, while data is backed up. At one time, this could be done on weekends or evenings without affecting business activity. However, for many companies, globalized operations, competitive demands to keep factories running longer and Web-based sales and service have eliminated these backup windows.

The issue of disappearing backup windows pales in comparison with the problems that can occur when recovering a system from tape. The tapes have to be retrieved, the data must be loaded and then the system must be reconfigured. Even using modern high-speed tape drives, recovering an entire data center can take hours or even days. That is far too long for many organizations that are dependent on their information systems.

Lack of recovery completeness is another problem. Backup tapes are typically created at night and then shipped off-site where they will be safe from a disaster that strikes the data center. Updates applied during the next day will not have been written to any backup tape and, therefore, may be lost should a disaster occur.

High availability (HA) technologies, which maintain online replicas of production servers, eliminate the drawbacks of tape-based backups. And if the replica is far enough from the primary server, a disaster is unlikely to affect both locations. If the primary system becomes unavailable or needs to be taken offline for maintenance, users can be switched to the backup.

However, neither tape-based backups nor standard HA solutions protect against one type of threat: If a human error, software bug, disk failure or virus attack deletes or corrupts data that was recently created or updated there may be no way to recover that data.

Because tape-based backups are produced only at night, the tape cannot be used to recover data that was added or changed the next day. Standard HA software can't help in this situation either. The software dutifully replicates all updates and deletions, even if they were accidental or malicious. Thus, data will be corrupted equally on both the primary and backup servers.

Fortunately, one class of software that is now available for AIX can solve this thorny data recovery problem. Continuous data protection, or CDP, is a flexible disk-based technology that enables organizations to quickly and easily recover data as it existed at any point in time. This earlier version of the data can then be restored to the production environment.

There are two types of CDP: true CDP and near-CDP. True CDP captures every data write performed on a primary system, immediately transfers those writes to a secondary disk and stores each of them separately rather than applying them to copies of the production files. Consequently, true CDP allows you to "undo" updates and deletions by recovering data to any point in time.

In contrast, near-CDP copies data at particular points in time, typically when a file is saved or closed. The copy frequency varies depending on how the CDP software defines these recovery points and on the nature of the applications updating the data. The copy intervals may be a matter of minutes or seconds, but they might also be as long as several hours. In some circumstances, this may reduce the volume of sustained network traffic somewhat when compared to true CDP, but it may not provide adequate data protection for organizations that must comply with strict regulations or governance requirements.

Continuous Data Protection for AIX, from Vision Solutions, provides true CDP for nearly instantaneous recovery of applications and data at the push of a button. When data is accidentally or maliciously corrupted or deleted, CDP for AIX can reverse the damage and allow operations to continue normally. This added level of cost-effective data protection, makes CDP for AIX an important contributor to any business continuity and disaster recovery strategy.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Alan Arnold (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Philip Howard, Research Director - Data Management, Bloor Research Posted: 9th February 2010 Copyright Bloor Research © 2010

In the previous article with this title I discussed the consolidation of the MDM market. The same thing is happening in the CEP (complex event processing) market. However, here matters are somewhat different. In this sector, first IBM acquired AptSoft, then Aleri merged with Coral8, Informatica got AgentLogic and, most recently, Sybase has acquired the assets of Aleri (along with Coral8).

In the case of IBM, this means that that company has two major CEP engines: AptSoft, which is primarily used in conjunction with business process management, and InfoSphere Streams, which is the high-end, more serious CEP product. Informatica, on the other hand, primarily acquired AgentLogic to support event-driven data integration, though AgentLogic is still being targeted at government implementations where it has historically been strong.

Sybase is different, and it now has three CEP engines since it also has its own Sybase CEP product that works in conjunction with Sybase RAP (real-time analytics platform). However, before Sybase released its own CEP engine it partnered with, amongst others, Aleri and, in fact, Aleri has been a Sybase VAR for a number of years, so the acquisition is not simply tactical and to gain market share (though it undoubtedly does that) but it also has a more strategic rationale.

The point here is that these acquisitions were actually done for different reasons, at least in part. However, the Sybase purchase, in particular, raises interesting questions. For one thing, it means that Streambase is pretty much the only pure play left in the capital markets sector, which now looks like being carved up by Sybase, Streambase and Progress between them. But is Streambase big enough to continue on its own? A merger with Vertica seems likely at some point.

However, this is not the whole point. This acquisition pretty much marks the end of consolidation within the CEP capital markets sector. However, there remains the infrastructure market, exemplified by AptSoft and AgentLogic, and it is also notable that Progress recently bought Saviion and the company is likely to integrate this with Progress Apama to compete in this space.

However, perhaps most interesting is the RFID and sensor space, where there are other active CEP vendors like Starview and Event Zero. This is starting to ramp up and, interestingly, Sybase has stated that it plans to extend beyond capital markets in due course, and IBM has already done so. Progress has some customers here already and obviously this represents an opportunity for Streambase also.

So, what we have is a partial consolidation in the CEP market for one particular sector. It will be some time before that spreads into other areas, where markets are still in their infancy.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Philip Howard (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 8th February 2010 Copyright Interarbor Solutions © 2010

BriefingsDirect now presents a podcast discussion on the ongoing activities of The Open Group's Cloud Computing Work Group. We'll meet and talk to the new co-chairmen of the Cloud Work Group, learn about their roles and expectations, and get a first-hand account of the group's 2010 plans.

Join us as we examine the evolution of cloud, how businesses are grappling with that, and how they can learn to best exploit cloud-computing benefits, while fully understanding and controlling the risks. These topics and more were also under discussion at The Open Group's Architecture Practitioners and Security Practitioners conferences last week in Seattle.

In many ways, cloud computing marks an inflection point for many different elements of IT, and forms a convergence of other infrastructure categories that weren't necessarily working in concert in the past. That makes cloud interesting, relevant, and potentially dramatic in its impact. What has been less clear is how businesses stand to benefit. What are the likely paybacks and how can enterprises prepare for the best outcomes?

We're here with an executive from The Open Group, as well as the new co-chairmen of the Cloud Work Group, to look at the business implications of cloud computing and how to get a better handle on the whole subject.

Please join David Lounsbury, Vice President for Collaboration Services at The Open Group; Karl Kay, IT Architecture Executive with Bank of America, and co-chairman of the Cloud Work Group, and Robert Orshaw, IBM Cloud Computing Executive, and co-chair of the Cloud Work Group. The discussion is moderated by BriefingsDirect's Dana Gardner, principal analyst at Interarbor Solutions.

Here are some excerpts:

Lounsbury: One of the things that everybody has seen in cloud is that there has been a lot of take up by small to medium businesses who benefit from the low capital expenditure and scalability of cloud computing, and also a lot by individuals who use software as a service (SaaS). We've all seen Google Docs and things like that. That's fueled a lot of the discussion of cloud computing up to now, and it's a very healthy part of what's going on there.

But, as we get into larger enterprises, there's a whole different set of questions that have to be asked about return on investment (ROI) and how you merge things with the existing IT infrastructure. Is it going to meet the security needs and privacy needs and regulatory needs of my corporation? So, it's an expanded set of questions that might not be asked by a smaller set of companies. That's an area where The Open Group is trying to focus some of its activities.

There is a whole different scale that has to occur when you go into an enterprise, where you have got to think of all the users in the enterprise. What does it take to fund it? What does it take to secure it, protect the corporate assets and things like that, and integrate it, because you want services to be widely available?

Orshaw: A few years ago, there was a tremendous amount of hype, and the dynamics, flexibility, and pricing structures weren't there. It's an exciting time now that you're seeing that from a flexibility, dynamic, and pricing standpoint, we're there. That's both in the private cloud and the public cloud sector—and we'll probably get into more detail about the offerings around that.

A tremendous amount has happened over the past few years to improve the market adoption and overall usability of both public and private clouds.

In a former life, I was CIO of a large industrial manufacturing company that had 49 separate business units. Cloud today can be an issue in the beginning for CIOs. For example, at that large manufacturing company, in order for a business unit to provision new development test environments or production environments for implementing new applications and new systems, they would have to go through an approval process, which could take a significant amount of time.

Once approved, we would have centralized data centers and outsourced data centers. We would have to go through and see if there was existing capacity. If there wasn't, we would then go ahead and procure that and install it. So, we're talking weeks, and perhaps even a few months, to provision and get a business unit up and running for their various projects.

These autonomous business units that weren't very happy with that internal service to begin with, are now finding it very easy to go out with a credit card or a local purchase order to Amazon, IBM, and others and get these environments provisioned to them in minutes.

This is creating a headache for a lot of CIOs, where there is a proliferation of virtual cloud environments and platforms being used by their business units, and they don't even know about it. They don't have control over it. They don't even know how much they're spending. So, the cloud group can have a significant effect on this, helping improve that environment.

Kay: Certainly the leading items like cost savings and time to market are two of the big motivators that we look to for cloud. In a lot of cases, our businesses are driving IT to adopt cloud as opposed to the opposite. It's really a matter of how we blend in the cloud environment with all of our security and regulatory requirement and how we make it fit within the enterprise suite of platform offerings.

The work groups are really focused on trying to deliver some short-term value. In the business use cases, they're really trying to define a clear set of business cases and financial models to make it easier to understand how to evaluate cloud with certain scenarios.

We're seeing a skill-set change on the technical side, in that, if you look at the adoption of cloud, you shift from being able to directly control your environments and make changes from a technical perspective, to working with a contractual service level agreement (SLA) type of model. So it's definitely a change for a lot of the engineers and architects working on the technical side of the cloud.

The Cloud Architecture Group is looking to deliver a reference architecture in 2010. One of the things we've discovered is that there are a lot of similarities between the reference architecture that we believe we need for cloud and what already has been built in the SOA reference architectures. I think we'll see a lot of alignment there. There are probably some other elements that will be added, but there's a lot of synergy between the work that's already going on in SOA and SOI and the work that we are doing in cloud.

Number of activities
Lounsbury: There are a number of activities inside The Open Group. Enterprise architecture is a very large one, but also real-time and embedded systems for control systems and things of that nature. We've got a very active security program, and also, of course, we've got some more emerging technologically-focused areas like service oriented architecture (SOA) and cloud computing.

We have a global organization with a large number of industrial members. As you've seen, from our cloud group, we always try to make sure that this is a perspective that's balanced between the supply side and the buy side. We're not just saying what a vendor thinks is the greatest new technology, but we also bring in the viewpoint of the consumers of the technology, like a CIO, or, as Karl represents on the Cloud Group, an architect on the design side. We make sure that we're balancing the interests.

We did a number of presentations reaching back to our Seattle conference about a year ago on cloud computing. We've reached out to other organizations to work with them to see if there is interest in working together on cloud activities. We've staged a series of presentations.

We've gotten about 500 participants virtually, and that represents about 85–90 companies participating.

The members decided in mid-2009 to form a work group around cloud computing. The work group is a way that we can bring together all aspects of what's going on in The Open Group, because cloud computing touches a lot of areas: security, architecture, technology, and all those things. Also, as part of that we've reached out to other communities to open a nonmember aspect of the Cloud Work Group as well.

Orshaw: At the end of this, we'll have a complete model for both public and private cloud. It's an exciting endeavor by the team, and I'm excited to see the outcome. We'll have short-term milestones, where we'll produce, document, and publish results every two months or so. We hope, towards the end of the year, to have all of these wrapped up into these global models that I described.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Dana Gardner (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Nigel Stanley, Practice Leader - IT Security, Bloor Research Posted: 8th February 2010 Copyright Bloor Research © 2010

According to this article, Greater Manchester Police (GMP) have been struck down by an instance of the Conficker virus. The effect has been immediate, with systems taken off line preventing GMP officers undertaking checks on the police national computer (PNC).

The PNC is a vital tool and contains all types of data ranging from criminal records, stolen vehicles and missing people. Apparently access has been maintained via neighbouring forces. As anyone that has had cause to use the PNC facility will know this will only cause a delay during investigations.

So if you are stuck by the roadside whilst a police officer in GMP undertakes some checks remember that the delay has been caused by a virus that was discovered in August 2008 and had a patch released by Microsoft in November 2008 (MS08-067)...

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Nigel Stanley (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Philip Howard, Research Director - Data Management, Bloor Research Posted: 8th February 2010 Copyright Bloor Research © 2010

When we published our most recent Market Update on MDM, just last August, there were half-a-dozen pure play vendors in the transactional MDM market. Now there are half that number. I need hardly ask the question "what's going on?", because it's obvious that the market is consolidating. Nevertheless, it is worthy of comment since the acquisitions of Amalto by Talend, Siperian by Informatica and Initiate by IBM do not all represent the same approach. In particular, the first two are strategic while the third is tactical.

Talend acquired Amalto last year and the company recently launched the combined offering. This is a stack play by Talend that now offers data integration, data quality and MDM in a combined offering, albeit that registry-based MDM is not offered in this release. While the companies were not partners particularly before the acquisition they were both open source vendors and they were both French so this all made sense.

Informatica is already a stack vendor and it felt that now was the right time to extend its stack. Especially as the company (now with revenues over $500m) is starting to be thought of as a gorilla. In this case the company has been a long-time partner of Siperian's. Siperian embeds Identity Systems (owned by Informatica) in its technology and also the majority of Siperian customers use Address Doctor (also part of Informatica) for cleansing purposes, while the two also had many joint customers. Again, this makes sense from a strategic viewpoint.

IBM's acquisition of Initiate is another kettle of fish. The two have not historically been partnersindeed Initiate was a partner of Datanomic for data quality purposes and, in any case, IBM already has its own MDM solutions. So this is a tactical purchase to gain market share and to acquire a (stronger) foothold within the healthcare market, where Initiate has traditionally been particularly successful (along with government). The problem, of course, is precisely that IBM now has three MDM solutions and it hasn't completed the process of integrating the first two yet, which raises all sorts of questions. As one tweet put it: IBM will need an MDM solution to manage its MDM solutions.

Of course, the same also applies to Oracle with its own rash of MDM solutions plus, now, Sun's.

Apart from the bad news for Datanomic, these purchases raise questions for the remaining vendors in the space: can they survive without a stack? If they need an exit strategy (Stibo probably doesn't because it's part of a larger, but non-IT, group) is there one actually available? Unless HP decides to dip its toes into these waters (which it would most likely do simply by buying Informatica) there doesn't look to be anyone out there to acquire you unless they want to buy market share, which is going to be increasingly difficult to gain with all the big players in the market. Niche markets here we come!

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Philip Howard (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Philip Howard, Research Director - Data Management, Bloor Research Posted: 8th February 2010 Copyright Bloor Research © 2010

You often hear security officers, not to mention vendors, talk about fraud detection and prevention but you seldom (never in my experience) hear anyone talking about Bribery. However, in the wake of BAE Systems settlement with the both the UK and US authorities, it is worth paying a little more attention to it. In particular, in the UK there is a bribery bill currently passing through parliament, and it is expected to be passed before the next general election: in other words in the next few months.

One of the provisions of the bill is that companies can be held accountable for the actions of their employees. In order to defend themselves against such charges companies will need to be able to prove that they have suitable provisions and processes in place to prevent bribery in the first instance and, in the second, to detect it when it does happen.

Well, that sounds a lot like fraud prevention and detection. But it also sounds a lot like Sarbanes-Oxley or other compliance requirements. Fraud is something you would like to prevent for obvious business reasons, however there are not, typically, any regulations that require you to have anti-fraud processes in place. You might argue that PCI-DSS falls into that category but that is a special case.

Of course, while bribery is a crime in terms of offering inducements to other people it is also a crime to accept such inducements. In the UK we tend to think of bribery as being something that is only done in foreign countries but that's certainly not the case: I did some consulting for a UK-based public company a few years ago looking into its supply chain and during the course of that work the manufacturing director was suspiciously unenthusiastic about rationalising the company's suppliers and what it bought from whom. Indeed, so suspicious that the CEO and CFO started to look into it and discovered that he was taking backhanders. So there is no place for complacency.

Until the bill is passed, assuming that it is, we won't know the full extent of the regulation and what will be required of companies but it seems likely that appropriate compliance monitoring will be required, along with forensics. If this is the case then those forensics will need to be run on a regular basis. However, whatever is required this looks another opportunity for SIEM (security information and event management) and log management vendors.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Philip Howard (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 5th February 2010 Copyright Interarbor Solutions © 2010

The growing interest and value in PC desktop virtualization strategies and approaches has its roots in both technology and economics. Recently, a lot has happened technically that has matured the performance and economic benefits of desktop virtualization and the use of thin-client devices.

At the same time as this functional maturity improved, we are approaching an inflection point in a market that is accepting of new clients and new client approaches like desktop virtualization.

Indeed, the latest desktop virtualization model empowers enterprises with lower total costs, greater management of software, tighter security, and the ability to exploit low-cost, low-energy thin client devices. It's an offer that more enterprises are going to find hard to refuse.

In desktop virtualization, the workhorse is the server, and the client assists. This allows for easier management, support, upgrades, provisioning, and control of data and applications. Users can also take their unique desktop experience to any supported device, connect, and pick up where they left off. And, there are now new offline benefits too.

Here to help us learn more about the role and outlook for desktop virtualization, we're joined by Jeff Groudan, vice president of Thin Computing Solutions at HP. The BriefingsDirect interview is conducted by Dana Gardner, principal analyst at Interarbor Solutions.

Here are some excerpts:

Groudan: There certainly are some things in the market that are sure driving a potential inflection point [for client virtualization]. The market-driven things coming out of the recession are opening a lot of customers up to re-looking at some deployments that they may have delayed or specific IT projects that they have put on hold.

Just to put it into context, there was recently some data from Gartner. They feel like there are well over 600 million desktop PCs in offices today. Their belief is that over the next five years, upwards of 15 percent of those could be replaced by thin clients. So that's quite a number of redeployments and quite an inflection point for client virtualization.

In addition, there has been an ongoing desire to increase security and a lot of new compliance requirements that the customers have to address. In addition, in general, as they are looking for ways to save on costs, they are consistently and constantly looking for different ways to more efficiently manage their distributed PC environments. All of these things are driving the high level of interest in virtualizing PCs.

One of the key benefits of client virtualization is the ability to keep all the data behind the firewall in the data center and deploy thin clients to the edge of the network. Those thin clients, by design, don't have any local data.

You're also seeing better performance on the hardware side and the infrastructure side. It's really also helping bring the cost per seat of the client virtualization deployment down into ranges that are lot more interesting for large deployments. Last, and near and dear to my heart, you're seeing more powerful, yet cost-effective, thin clients that you can put on the desk and that really ensure those end-users get the experience that you want them to get.

Not an IT panacea
Our general coaching to customers is that client virtualization is not necessary for everyone, for every user group, or every application set. But, certainly, for environments where you need to get them more manageable, you need more flexibility.

When you think about the cost savings of client virtualization, usually the costs come from some of the long-term acquisition costs.

You need higher degrees of automation in order to manage a high number of distributed PCs with the benefits from centralized control, reduced labor costs, and the ability to manage remote or hard to get at locations—things like branches, where you don't have a local IT. Those are great targets for early client virtualization deployments.

All of a sudden, the data-center guys need to be thinking about the end-user. The end-user guys need to be thinking about the data center. Roles and responsibilities need to be hammered out. How do you charge the capital expense versus operational expense? What gets budgeted where? My advice is: as you're thinking about the technical architecture and all of the savings end-to-end, you need to also be thinking about the internal business processes.

We look at this market in two ways, in the context of client virtualization and in the broader context of thin computing. Just zeroing in on client virtualization, we call it Client Virtualization HP. It's desktop virtualization. It's the same animal.

We look at it as a specific set of technologies and architectures that dis-aggregate the elements of a PC, which allows customers to more easily manage and secure their environment. What we're really doing is taking advantage of a lot of the new software capabilities that matured on the server side, from a server virtualization and utilization perspective. We're now able to deploy some of those technologies, hypervisors, and protocols on the client side.

The first is that you don't want to have customers having to figure out how to architect the stuff on their own. If you think about PCs 20–25 years ago, customers didn't know how to architect a distributed PC environment. In 25 years, everybody has gotten good at it. We're still at the early stages on client virtualization.

Our specific objective is figuring out how to simplify virtualization, so that customers get past the technology, and really start to deliver the full benefit of virtualization, without all the complexity.

So our focus is to deliver more complete integrated solutions, end to end from the desktop to the data center, lay it all out, and reference designs so customers can very comfortably understand how to go build out a deployment. They certainly may want to customize it. We want to get them 80–90 percent there just by telling them what we have learned.

Wide applicability across industries
There are opportunities for just about every industry. We've seen certain verticals on the cutting edge of this. Financial services, healthcare, education, and public sector are a few examples of industries that have really embraced this quickly. They have two or three themes in common. One is an acute security need. If you think about healthcare, financial services, and government, they all have very acute needs to secure their environments. That led them to client virtualization relatively quickly.

We certainly have some very exciting launches coming up in the next couple of months where we're really focused on total cost per seat. How do we let people deploy these kinds of solutions and continue to get further economic benefits, delivering better tighter integration across the desktop to the data center?

The ease of deployment of these solutions can get easier and easier, and then ease of use and manageability tools. They allow the IT guys to deploy large deployments of client virtualization with as little touch and as little complexity as we can possibly make it. We're trying to automate these kinds of solutions. We're very excited about some of the things we'll be delivering to our customers in the next couple of months.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Dana Gardner (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Julian Stuhler, Director, Triton Consulting Ltd Posted: 5th February 2010 Copyright Triton Consulting Ltd © 2010

Worldwide economic uncertainty over the last 12 months has put significant pressure on CIOs to at the very least keep IT costs level with a push for cost reduction across the board. Gone are the days when performance issues were relatively easily handled by adding more hardware and such purchases were part of the routine budget cycle.

Managing performance and cost has become a significantly more difficult job with capacity planners and performance analysts being asked to defer hardware and software upgrades due to squeezed budgets. Many large IT departments have also seen loss of staff due to redundancy and this has put added pressure on maintaining good application performance.

One of the most effective ways of reducing or containing mainframe costs is through better managing CPU consumption. By slowing down the growth of CPU usage, hardware and software upgrades can be deferred while often improving performance thereby allowing organisations to keep costs down and performance and profitability up.

MIPS Growth in the Mainframe Market
In a recent mainframe market study, IBM reported that the mainframe has seen a 20% compound annual growth rate in MIPS since 2003. Also, In Ovum's "The state of the mainframe" research, they found that mainframe MIPS growth is averaging around 20 percent per year and large mainframe-centric enterprises have been consistently averaging 35% plus MIPS growth.

Whilst it is good news for businesses to see transactions on the rise, with usage based pricing for z/OS this increase in workload pushes up software costs and can also negatively impact application performance.

The effects of growing MIPS
Performance - Typically, any significant increase in the amount of CPU used by a given workload will result in an associated increase in transaction elapsed times. For performance-critical online workloads, that increase can translate directly into poorer critical business metrics such as customer satisfaction and retention.

Just throwing more MIPS at a poorly-performing DB2 workload does not always address the issue. A 2 hour response time may be reduced to 1.5 hours with more CPU time being available, but the problem might be due to a poor access path and some DBA attention could get it down to 5 seconds. This is especially true of application performance tuning, which is where the majority of performance issues tend to lie.

Cost - Although performance is a key issue for many organisations, the major diver for many IT teams is the need to reduce mainframe resource usage and thereby potentially defer hardware upgrades and reduce monthly MIPS costs. There is also human costs to consider: maintaining an underperforming system takes more time and resource for IT teams and adds pressure from the business teams who are calling for improved response times.

Can tuning do enough to reduce costs?
The majority of customers have significant potential for reducing resource consumption through tuning. This is especially true for those with older applications that haven't been actively maintained for a while or who have lost some of their deep DB2 skills through retirement or redundancy.

By implementing key tuning procedures, ongoing software costs can be reduced and mainframe upgrades deferred. In addition, application performance will be enhanced and overall TCO reduced.

Tuning Challenges
One of the major challenges in any environment, but particularly with client/server applications, is determining which component is responsible for poor response times, although the tools for this are improving. I often liken this to the classic board game of "Cluedo"; one has to logically and methodically eliminate potential culprits until you're left with the guilty party! Another related challenge is "skills silos", where a client has the individual skills necessary to resolve a particular issue but no single person has the whole picture and internal culture and/or politics prevent the individuals from communicating and collaborating effectively.

The growing trend towards DB2 workloads running on ERP applications such as SAP and Siebel is also bringing some very different challenges to more traditional workloads.

In recent years the Financial Services industry in particular has been hit hard by audit and compliance regulations. When adding audit trails to existing applications it is very easy to increase the path-length of some transactions by up to 30%. It is critical therefore that these changes are properly designed and implemented to minimise the performance impact.

Performance Culture
It is vital that organisations recognise the business value of designing applications for performance from the outset. The best way to ensure this happens is to instil a "Performance Culture" throughout the organisation. This includes ensuring the availability of good skills and expert advice from the beginning of the application development life cycle, formalised design reviews to validate anticipated performance against requirements and a proactive monitoring and tuning strategy once the application goes live.

The benefits of DB2 mainframe tuning can be felt across the entire business. From the CFO who will see significant reduction in IT spend through to the IT teams who benefit from improved application performance and thus improved customer service, a thorough tuning exercise can indeed improve business performance.

About Triton Consulting
Triton Consulting are Data Management specialists and IBM Premier Business Partners. Specialising in DB2 for both the mainframe and distributed systems, Triton provide a full range of services from consultancy through to education and 24/7 DB2 support. For more information on the zTune service visit - http://www.triton.co.uk/DatabaseTuning.php

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Julian Stuhler (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 4th February 2010 Copyright Interarbor Solutions © 2010

The latest BriefingsDirect podcast discussion delves into proper planning and implementation of data-center virtualization to gain strategic-level advantage in enterprises.

Because companies generally begin their use of server virtualization at a tactical level, there is often a complex hurdle in expanding the use of virtualization. Analysts predict that virtualization will support upwards of half of server workloads in just a few years. Yet, we are already seeing gaps between an enterprise's expectations and their ability to aggressively adopt virtualization without stumbling in some way.

These gaps can involve issues around people, process and technology and, often, all three in some combination. Process refinement, proper methodological involvement, and swift problem management often provide proven risk reduction, and provide surefire ways of avoiding pitfalls as virtualization use moves to higher scale.

The goal becomes one of a lifecycle orchestration and governed management approach to virtualization efforts so that the business outcomes, as well as the desired IT efficiencies, are accomplished.

Areas that typically need to be part of any strategic virtualization drive include sufficient education, skilled acquisition, and training. Outsourcing, managed mixed sourcing, and consulting around implementation and operational management are also essential. Then, there are the usual needs around hardware, platforms and system as well as software, testing and integration.

So, we're here with a panel of Hewlett Packard (HP) executives to examine in-depth the challenges of large scale successful virtualization adoption. We'll look at how a supplier like HP can help fill the gaps that can hinder virtualization payoffs.

Please join me in welcoming our panel: Tom Clement, worldwide portfolio manager in HP Education Services; Bob Meyer, virtualization solutions lead with HP Enterprise Business; Dionne Morgan, worldwide marketing manager at HP Technology Services; Ortega Pittman, worldwide product marketing, HP Enterprise Services, and Ryan Reed, worldwide marketing manager at HP Enterprise Business. The discussion is moderated by BriefingsDirect's Dana Gardner, principal analyst at Interarbor Solutions.

Here are some excepts:

Meyer: The downturn has really forced anybody who is on the front to go headlong into virtualization. Today, we are technically ahead of where we were a year or two ago with the virtualization experience.

Everybody has significant amounts of virtualization in the production environment. They've been able to get a handle on what it can do to see what the real results and tangible benefits are. They can see, especially on the capital expenditure side, what it could do for the budgets and what benefits it can deliver.

Now, looking forward, people realize the benefits, and they are not looking in it just as an endpoint. They're looking down the road and saying, "Okay, this technology is foundational for cloud computing and some other things." Rather than slowing down, we'll see those workloads increase.

They went from just single percentage points a year and a half ago to 12–15 percent now. Within two years, people are saying it should be about 50 percent. The technology has matured. People have a lot of experience with it. They like what they see in results, and, rather than slow down, it's bringing efficiency to things like the new services model.

Morgan: Many people have probably heard the term "virtual machine sprawl" or "VM sprawl," and that's one of the risks. Part of the reason VM sprawl occurs is because there are no clear defined processes in place to keep the virtualized environment under control.

Virtualization makes it so easy to deploy a new virtual machine or a new server, that if you don't have the proper processes in place, you could have more and more of the these virtual machines being deployed and you lose control. You lose track of them.

That's why it's very important for our clients to think about ... how they're going to continue to manage virtualization on an on-going basis, so they keep it under control.

Pittman: Many times small, medium, and large organizations have the virtualization needs, but might not have the skills on hand.

The skill demand and the instant ability to get started is something that we take a lot of pride in, and in the global track record of doing that very well is something that HP Enterprise Services can bring from an outsourcing perspective. That's where HP Enterprise Services comes to add value with meeting customers' needs around skills.

Clement: Our 30-plus years of experience in providing customer training has shown, time and time again, that technology investments by themselves don't ensure success.

The business results that clients want in virtualization won't be achieved until those three elements you just mentioned—technology, process and people—are all addressed and aligned.

That's really where training comes in. Increasing the technical skills of our customers' people is often one of the most effective ways for them to grow, increase their productivity and boost the success rates of their virtualization initiatives.

In fact, an interesting study just last year from IDC found that 60 percent of the factors leading to the general success in the IT function are attributed to the skills of people involved. Our education team can help address both the people and process parts of the equation.

Reed: We see a shift in the way that IT organizations have considered what they think would be strategic to their end business function. A lot of that is driven through the analysis that goes into planning for a virtual server environment.

When doing something like a virtual server environment, the IT organizations have to take a step back and analyze whether or not this is something that they've got the core competency to support. Often times, they come to the conclusion that they don't have the right set of skills, resources, or locations to support those virtual servers in terms of their data-center location, as well as where those resources are sitting.

So, during the planning of virtual server environments, IT organizations will choose to outsource the planning, the implementation, and the ongoing management of that IT infrastructure to companies like HP.

It's definitely a good opportunity for IT organizations to take a step back and look at how they want to have that IT infrastructure managed, and often times outsourcing is a part of that conversation.

Meyer: One thing virtualization does very nicely is blur the connections between the various pieces of infrastructure, and the technology has developed quite a bit to allow that to ebb and flow with the business needs.

And, you're right. The other side of that is getting the people to actually work and plan together. We always talk about virtualization as not an end-point. It's an enabler of technology to get you there.

If you put what we're talking about in context, the next thing that people want to go to is maybe build a private-cloud service delivery model. Those types of things will depend on that cooperation. It's not just virtualization that that's causing but it's really the newest service delivery models. Where people are heading with their services absolutely requires management and a look at new processes as well.

Pittman: We'd like to work with our customers to understand that it's a starting point to consolidate, but there is a lot more in the broader ecosystem consider, as they think about optimizing their IT environment.

One of HP's philosophies is the whole concept of converged infrastructure. That's thinking about the infrastructure more holistically and addressing the applications, as you said, as well as your server environments and not doing one off, but looking more holistically to get the full benefit.

Moving forward, that's something that we certainly could help customers do from an outsourcing standpoint in enabling all of the parts, so there aren't gaps that cause bigger problems than the one hiccup that started the whole notion of virtualization in the beginning.

Morgan: We think about this in terms of their life cycle. We like to start with a strategy discussion, where we have consultants sit down with the client to better understand what they're trying to accomplish from a business objective perspective. We want to make sure that the customers are thinking about this first from the business perspective. What are their goals? What are they trying to accomplish? And, how can virtualization help them accomplish those goals?

Then, we also can help them with their actual return on investment (ROI) analysis and we have ROI tools that we can use to help them develop that analysis. We have experts to help them with the business justification. We try to take it from a business approach first and then design the right virtualization solution to help them accomplish those goals.

Pittman: HP Enterprise Services worked with the Navy/Marine Corps Intranet (NMCI), which is the world's largest private network, serving and supporting sailors, marines, and civilians in more than 620 locations worldwide.

They were experiencing business challenges in productivity and innovation and in the security areas. Our approach was to consolidate 2,700 physical servers down to 300, reducing outage minutes by almost half. This decreased NMCI's IT footprint by almost 40 percent and cut carbon emissions by almost 7,000 tons.

We minimized their downtime and controlled cost. We accelerated transfer times, transparency and optimal performance.

Virtualizing the servers in this environment enabled them to eliminate carbon emissions equivalent to taking 3,600 cars off the road for one year. So, there were tremendous improvements in that area. We minimized their downtime and controlled cost. We accelerated transfer times, transparency and optimal performance.

All of this was done through the outsourcing virtualization support of HP Enterprise Services and we're really proud that that had a huge impact. They were recognized for an award, as a result of this virtualization improvement, which was pretty outstanding. We talked a little earlier about the broader benefits that customers can expect, the services that help make all of this happen.

In our full portfolio within the IT organization of HP, that would be server management services, data center modernization, network application services, storage services, web hosting services, and network management services. All combined, they made this happen successfully. We're really proud of that, and that's an example of the very large-scale impact that's reaping a lot of benefit.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Dana Gardner (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 3rd February 2010 Copyright Interarbor Solutions © 2010

The latest BriefingsDirect Analyst Insights Edition, Volume 48, centers on the IT job landscape for 2010. We interview David Foote, CEO and chief research officer, as well as co-founder, at Foote Partners LLC of Vero Beach, Fla.

David closely tracks the hiring and human resources trends across the IT landscape. He'll share his findings of where the recession has taken IT hiring and where the recovery will shape up. We'll also look at what skills are going to be in demand and which ones are not. David will help those in IT, or those seeking to enter IT, identify where the new job opportunities lie.

I'm your host and moderator Dana Gardner, principal analyst at Interarbor Solutions.

Here are some excerpts:

Foote: I co-founded this company with a former senior partner at McKinsey. We developed a number of products and took them out in 1997. We not only have that big IT executive and trends focus as analysts, but also very much a business focus.

We've also populated this company with people from the HR industry, because one of the products we are best known for is the tracking of pay and demand for IT salaries and skills.

We have a proprietary database—which I'll be drawing from today—of about 2,000 companies in the U.S. and Canada. It covers about 95,000 IT workers. We use this base to monitor trends and to collect information about compensation and attitudes and what executives are thinking about as they manage IT departments.

For many years, IT people were basically people with deep technical skills in a lot of areas of infrastructure, systems, network, and communications. Then, the Internet happened.

All of a sudden, huge chunks of the budget in IT moved into lines of business. That opened the door for a lot of IT talent that wasn't simply defined as technical, but also customer facing and with knowledge of the business, the industry, and solutions. We've been seeing a maturation of that all along.

What's happened in the last three years is that, when we talk about workforce issues and trends, the currency in IT is much more skills versus jobs, and part of what's inched that along has been outsourcing.

If you need to get something done, you can certainly purchase that and hire people full-time or you can rent it by going anywhere in the world—Vietnam, Southeast Asia, India, or many other places. Essentially, you are just purchasing a market basket of skills. Or, these days, you can give it over to somebody, and by that I mean managed services, which is the new form of what has been traditionally called outsourcing.

It's not so much about hiring, but about how we determine what skills we need, how we find those, and how we execute. What's really happened in two or three years is that the speed at which decisions are made and then implemented has gotten to the point where you have to make decisions in a matter of days and weeks, and not months.

Resisting the temptation
There have been some interesting behaviors during this recession that I haven't seen in prior recessions. That lead me to believe that people have really resisted the temptation to reduce cost at the expense of what the organization will look like in 2011 or 2012, when we are past this recession and are back into business as usual.

People have learned something. That's been a big difference in the last three years. ... Unemployment in IT is usually half of what it is in the general job market, if you look at Bureau of Labor Statistics (BLS) numbers. I can tell you right now that jobs, in terms of unemployment in IT, have really stabilized.

In the last three months [of 2009] there was a net gain of 11,200 jobs in these five [IT] categories. If you look at the previous eight months, prior to September, there was a loss of 31,000 jobs.

So going into 2010, the services industry will absolutely be looking for talent. There's going to be probably a greater need for consultants, and companies looking for help in a lot of the execution. That's because there are still a lot of hiring restrictions out there right now. Companies simply cannot go to the market to find bodies, even if they wanted to.

Companies are still very nervous about hiring, or to put it this way, investing in full-time talent, when the overhead on a full-time worker is usually 80–100 percent of their salaries. If they can find that talent somewhere else, they are going to hire it.

There are certain areas, for example, like security, where there is a tendency to not want to hire talent outside, because this is too important to a company. There are certain legacy skills that are important, but in terms of things like security, a lot of the managed services that have been purchased in 2009 were small- to medium-sized companies that simply don't have big IT staffs.

If you have 5,000, 6,000, or 7,000 people working in IT, you're probably going to do a lot of your own security, but small and medium size have not, and that's an extremely hot area right now to be working in.

We track the value of skills and premium pay for skills, and the only segment of IT that has actually gained value, since the recession started in 2007, is security, and it has been progressive. We haven't seen a downturn in its value in one quarter.

High demand for security certification
Since 2007, when this recession started, overall the market value of security certs is up 3 percent. But if you look at all 200 certified skills that we track in this survey that we do of 406 skills, overall skills have dropped about 6.5 percent in value, but security certifications are up 2.9.

It is a tremendous place to be right now. We've asked people exactly what skills they're hiring, and they have given us this list: forensics, identity and access management, intrusion detection and prevention systems, disk file-level encryption solutions, including removable media, data leakage prevention, biometrics, web content filters, VoIP security, some application security, particularly in small to medium sized companies (SMBs), and governance, compliance, and audit, of course.

The public sector has been on a real tear. As you do, we get a lot of privileged information. One of the things that we have heard from a number of sources, I can't tell you the reason why, is that a lot of recruiting is happening in the private sector right now with the National Security Agency and Homeland Security -- in-the-trenches people.

I think there was a feeling that there weren't enough real deep technical, in-the-trenches kind of talent, in security. There were a lot of policy people, but not enough actual talent. Because of the Cyber Security Initiative, particularly under the current administration, there has been a lot of hiring.

Managed services looks like one of the hottest areas right now, especially in networking and communication: Metro Ethernet, VPNs, IP voice, and wireless security. And if you look at the wireless security market right now, it's a $9 billion market in Europe. It's a $5.7 billion market in Asia-Pacific. But in North America it's between $4 and 5 billion.

There's a lot of activity in wireless security. We have to go right down into every one of these segments. I could give you an idea of where the growth is spurting right now. North America is not leading a lot of this. Other parts of the world are leading this, which gives our companies opportunities to play in those markets as well.

For many years, as you know, Dana, it was everybody taking on America, but now America is taking on the rest of the world. They're looking at opportunities abroad, and that's had a bigger impact on labor as well. If you're building products and forming alliances and partnerships with companies abroad, you're using their talent and you're using your talent in their countries. There is this global labor arbitrage, global workforce, that companies have right now, and not just the North American workforce.

Listen to the podcast. Read a full transcript or download a copy. Find it on iTunes/iPod.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Dana Gardner (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Philip Howard, Research Director - Data Management, Bloor Research Posted: 3rd February 2010 Copyright Bloor Research © 2010

I have been preaching the columnar message for data warehousing for the best part of ten years. That argument has been won. However it is now clear that columns on their own aren’t enough. Yes, they give you a great performance boost; yes, they are better able to support improved compression; and, yes they require less administration. But now that almost every mother’s son has a column-based approach it is clear that in today’s competitive environment you need something more than just a columnar database if you want to compete effectively.

You can see this if you look at the various vendor’s offerings. Thus Vertica has projections, Infobright has its knowledge grid and Calpont’s recently launched InfiniDB has an Extent Map (which is similar to the knowledge grid except that it is optimised for I/O). All of this to get better at answering queries.

However, such approaches are also limiting because they suit particular types of analytics. Of course, you could say that about columns in general but what these extra features do is to make products even more specialised. Thus a major focus for Infobright is the analysis of web data, whether in isolation or in conjunction with back-end data, while Vertica has enjoyed particular success in low latency analytics and Calpont reckons that the step map is best suited to data where there is some sort of inherent pattern to the data (for example, by time). Of course, these environments overlap but there are subtle distinctions.

This raises the spectre of vendors becoming specialised (I hesitate to say niche because this might be regarded as pejorative) in particular segments of the market. Of course this is nothing new: this is exactly how Sybase built up a head of steam with Sybase IQ though it is now broadening its attack rather then the reverse.

And then there are things like support for MapReduce or R, which can also be seen in the same light, while the vendors addressing the MySQL market with MySQL front-ends or MySQL compatibility is also a hot area of the market, with Infobright, Calpont and Kickfire all active in this sub-market. Open source is yet another such, again with Infobright and Calpont but also with Ingres waiting in the wings, not to mention MonetDB and LucidDB.

Thus we are witnessing a segmentation of the market. This is a classic scenario: you get a build up of momentum in the market (any market) with many new entrants coming into it; then the market starts to get saturated (in terms of numbers of vendors) so you start to see segmentation; and finally, once the segmentation phase has run its course, you get consolidation. So, I think we are now in the penultimate phase. The question is how long it will last before we see significant numbers of acquisitions? I think it will be a while as we are in the early days of segmentation but be in no doubt that the writing is on the wall.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Philip Howard (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: David Norfolk, Practice Leader - Development, Bloor Research Posted: 3rd February 2010 Copyright Bloor Research © 2010

Everybody's security-focused these days. So, what's wrong with Security? Well, possibly the word "security" itself and the silo'd thinking it encourages. And also, I'm afraid, sometimes the people in the security profession, who often appear to think that security is an end in itself.

I was once paid, on the basis of my having technical knowledge of both the mainframe and PC platforms, to stop the company security officer encrypting all our PC hard disks, because the IT group thought that this would soon stop anybody getting any work done. That says something about the "maturity" of that company, doesn't it? One department trying to stop another department doing what it conceives as its job....

Well, I lost that battle in part and the consequences were that some business departments (those that thought they were so important as to need encryption-protected hard disks) got very little extra security (I knew someone who could overwrite the encrypted system areas of a hard disk with the unencrypted data, in hex and from memory); were a constant maintenance overheard and frequently lost access to business systems for a significant time (there were people who could break their security easily, but they weren't—mostly, we hoped—employed as bankers).

That was many years ago and hard disk encryption wasn't such a bad idea—but the technology and processing power available, and the processes and maturity of the company, weren't adequate for implementing the idea effectively (strong encryption of everything on the hard disk would have been too much of an overhead). The balance between the needs of the business and implementation cost (including maintenance) was what made it a bad idea—then. These days? Well, you still need to balance the needs of business against the cost of security, but the answers may be different.

I actually don't believe in "security" as such. I believe in "business governance", which (of course) includes providing the appropriate levels of Confidentiality, Integrity and Availability needed for the business to operate. But metrics for Confidentiality and Availability are "stretch metrics"; improving the Confidentiality of a resource can impact its Availability to the business and its use for generating business benefit.

So, what does this mean for "security"? Well, first, stop thinking in silos. I was once at a testing conference, talking with people about penetration testing—and no, it wasn't a "security" conference. Some people told me that penetration testing was something Security worried about and that it was all about access to and compromise of the physical hardware and network wiring; and that social engineering attacks were something the application developers should worry about. Others said that penetration testing included social engineering at the application level and any and all compromise of the business systems by the unwashed outside and that it was all part of Security's remit. And what about unauthorised penetration of business systems by insiders? I have no idea which approach is "right" but I do know that all these issues are important and there is apparently a danger that some or all of them will fall into the cracks—that everybody thinks "someone else is looking after that".

I once met someone who implemented a security technology for a telecomms company and was prevailed upon (against his better judgement) to test his own work. So he put on a white coat and picked up a test set and went into the company and asked people for the passwords to his new technology. And, as he was obviously tech support, people gave him the passwords and he could then access information that he wasn't supposed to. So he wrote a report saying that your new technology is fine but you have serious process/people problems around it—and here's something I shouldn't be able to know, as evidence of this. His employers were very angry and accused him of cheating. Well, criminals cheat, I'm afraid....

You have to think of security in holistic terms and in terms of business outcomes. If personal information mustn't be compromised because the Data Protection Act (DPA) says that it mustn't, then it doesn't matter much whether someone sniffs it off a PC electronically (where it is in clear because someone is reading it), reads it off the PC screen with a telephoto lens, blackmails an employee into giving it to them—or finds it, in clear, on a laptop left on the train. And, just perhaps, if the cost of paying the fine for non-compliance is less than the cost of implementing DPA compliance, that makes business sense (although only if you've factored in costs associated with reputation risk if you're found out, and the possible impact of the obvious lack of corporate ethics this entails on employee behaviour generally).

In fact, perhaps you shouldn't think of security at all, but think about the regulatory, social, business confidentiality etc. necessary for a new automated service to deliver business benefit—as part of designing and implementing that service. You should design in good "governance" (Little Oxford Dictionary: action, manner, power etc. of governing; sway, control), which includes what we usually call "security", from the start.

Of course, this doesn't mean that it's a good idea to implement this aspect of design from scratch, for every business system. A lot of these design requirements for governance are common to all systems, and implementing good security policies with something like ISO 27000 might make a lot of sense—not because this will implement "security" but because it will facilitate the resilient delivery of desirable business outcomes.

Then, once you know what your business requirements are in this area, you may find that you can buy technology off the shelf which helps you to implement them—and perhaps you need security professionals to help you choose it. However, the acquisition of security technology should always be driven by holistic business needs.

Seeing it from this point of view brings other benefits. If a security technology is monitoring users for unacceptable business behaviours (such as stealing money or information in transit), it can also monitor end-user experience at the same time and identify problems with the use of technology. It can even provide feedback that will help service developers build more resilient or less fraud-prone, or easier-to-use automated systems. Security stops being just a cost of avoiding bad things and starts to provide proactive benefits. It makes risks visible for proactive management and thus encourages safe (risk-managed) business innovation.

So, is this all just "pie in the sky". Well, I have been talking with Richard Walters, CTO of Overtis; and its Vigilance Pro solution does appear to support a holistic approach, from physical security (e.g. integration with door locking and card entry systems—so you can be notified if a system which is supposed to be operated on premises is active when its user isn't in the building) all the way through to monitoring user behaviours at the application level. It only takes the availability of one technology implementation to make the sort of things I've been talking about feasible. Nevertheless, the availability of technology doesn't really drive the improvement of process and culture by itself. Most people are still thinking in terms of a security "silo" and addressing particular, very specific, risks (often just those which have hit the papers recently)—they are not thinking in terms of the governance and resilience of automated business systems and ensuring that business automation operates in accord with business strategy/policy and delivers business benefit—and nothing else.

People really don't automate business systems in order to expedite the theft of their information or money, so adequate governance of automated systems is generally an important, if often overlooked, non-functional requirement. So, "business-focussed security designed in from the first" sounds like a really good thing—but what does this mean in practice? It is primarily to do with good governance, with addressing people and process issues, not with buying technology; and thinking purely in technology silos just doesn't help.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact David Norfolk (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Laurie McCabe, Partner, Hurwitz & Associates Posted: 2nd February 2010 Copyright Hurwitz & Associates © 2010

Technology insiders tend to throw around technical terms and business jargon, assuming people outside the industry understand what it all means. By its nature, technology vocabulary is often confusing and complicated, and insiders often add to the confusion by over-complicating things. To help add a sense of clarity to the confusion, Laurie McCabe, a partner at the SMB Group and at Hurwitz & Associates, picks a technology term, explain what it means in plain English, and then discusses why it may be important to you. This month, Laurie takes a look at IT Total Cost of Ownership (TCO).

What is Total Cost of Ownership?
In the IT world, total cost of ownership (TCO) is used to calculate the total cost of purchasing (or in the case of cloud computing, subscribing to) and operating a technology product or service over its useful life. TCO provides a construct to evaluate technology costs that may not be reflected or be apparent in the upfront pricing. For example, if you're buying a new server, the server (including operating systems, database software and storage) usually accounts for roughly 15 to 25 percent of the overall, long-term costs to install, maintain, upgrade and support the server over time.

Why Should You Care?
Although many companies factor TCO into the purchasing equation, they often underestimate the hidden costs of a new technology solution, which can result in negative consequences. For example, if don't have the resources you need to adequately maintain a solution, you may skip upgrades and patches required to keep the solution running securely and at peak performance. Or, if you misjudge the time and expense needed to train employees on a new product or service, they may never use it productively.

While TCO helps you to determine hidden costs of a new technology solution, return on investment (ROI) analysis helps to illuminate benefits that may not be readily apparent, such as improved employee productivity or increased customer satisfaction. ROI assessments can be more subjective in nature than TCO, because these indirect benefits are usually harder to measure than direct costs.

When two solutions provide roughly equivalent benefits over the solution lifecycle, but have different types of costs associated with acquisition, maintenance and operation, a TCO comparison gives you a framework to better evaluate competing solutions to a problem, and avoid getting stuck with hidden costs and unwanted surprises.

For instance, a cloud or software-as-a-service (SaaS) customer management solution may provide business benefits very similar to what an in-house customer management solution would provide. However, TCO over a given time period may vary greatly. That's because the very different business and delivery models and the cost and pricing structures for cloud computing and on-premise solution significantly affect TCO.

For example, on-site solutions usually require significant upfront capital expenditures for hardware, software and application software, along with IT resources to install and configure these components. As a result, first-year costs for on-site solutions are often much higher than those associated with SaaS or cloud computing solutions, and total costs to maintain and manage on-site infrastructure and solutions continue to be a factor over time. On the flip side, TCO analysis may actually favor on-site solutions as the number of users rises and the total time period factored into the calculation increases.

What to Consider
Think about your business and how long you expect to be using a particular solution. In the case of a core business solution, such as accounting or financial, many companies look at a TCO for a period of four or five years (generally thought of as the useful life of hardware and software without the need for major replacements).

In less core or strategic areas—which will vary from business to business—you may want to look at TCO over a shorter time period. Regardless, TCO calculations usually include several categories and components, such as:

• Planning and selection: How long will it take to evaluate the solution, the vendor and service level agreements (if applicable)? Consider whether you can try the product for free and/or if you need to invest money or resources to set up a test environment.
• IT infrastructure requirements: For on-site solutions, do you need to buy hardware and software upfront to run the solution? What associated expenses will you have for space, power and cooling? Consider if you will you need to add, shift or outsource IT personnel to manage and maintain the infrastructure, and how much this will cost. For a SaaS or cloud solution, do you need to upgrade or add networking capabilities or bandwidth?
• Application subscription or license costs: What is the per user charge for the license (on-site) solution, or the per user subscription fee (cloud or SaaS solution)? Are ongoing maintenance costs for patches, bug-fixes, upgrades, etc. included in this price or billed separately?
• Application design, configuration and implementation: What resources (internal and/or external) will it take to design and configure the solution so it fits your business needs? Factor in relevant data migration, integration and customization costs, and any system testing necessary.
• Administration and maintenance: For an on-site solution, what is required to transition daily system administration to your internal staff? How much time, resources and money will you need to invest to manage, upgrade, trouble-shoot, patch, etc. over the solution lifecycle?
• Training costs: What IT administrative training and/or end-user costs are involved to get everyone on board and productive in using the solution.

While TCO is very important for most companies, you should also consider other factors—including contract terms, service level agreements, data security requirements and customization and integration needs—just to name a few. Many companies under-invest when it comes to thoroughly evaluating IT solution requirements and options.

By doing a more careful assessment upfront—either with an internal team, or by hiring an independent consulting organization—you will save your company time, money and aggravation down the road.

(Originally published in Small Business Computing, January 29, 2010)

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Laurie McCabe (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 2nd February 2010 Copyright Interarbor Solutions © 2010

I was a bit distracted from the Apple iPad news due to the marathon Oracle conference Wednesday on its shiny new Sun Microsystems acquisition.

But the more I thought about it, the more these two companies are extremely well positioned to actually fulfill what other powerful companies tried to do and failed. Apple and Oracle may be unstoppable in their burgeoning power to dominate the collection of profits across vast and essential markets for decades.

Apple is well on the way to dominating the way that multimedia content is priced and distributed, perhaps unlike any company since Hearst in its 1920s heyday. Apple is not killing the old to usher in the new, as Google is. Apple is rescuing the old media models with a viable online direct payment model. Then it will take all the real dough.

The iPad is a red herring, almost certainly a loss leader, like Apple TV. The real business is brokering a critical mass of music, spoken word, movies, TV, books, magazines, and newspapers. All the digital content that's fit to access. The iPad simply helps convince the producers and consumers to take the iTunes and App Store model into the domain of the formerly printed word. It should work, too.

Oracle is off to becoming the one-stop shop for mission-critical enterprise IT ... as a service. IT can come as an Oracle-provided service, from soup to nuts, applications to silicon. The "service" is that you only need go to Oracle, and that the stuff actually works well. Just leave the driving to Oracle. It should work, too.

This is a mighty attractive bid right now to a lot of corporations. The in-house suppliers of raw compute infrastructure resources are caught in a huge, decades-in-the-making vice—of needing to cut costs, manage energy, reduce risk and back off of complexity. Can't do that under the status quo.

In doing complete IT package gig, Oracle has signaled the end of the best-of-breed, heterogeneous, and perhaps open source components era of IT. In the new IT era, services are king. The way you actually serve or acquire them is far less of a concern. Enterprises focus on the business and the IT comes, well, like electricity.

This is why "cloud" makes no sense to Oracle's CEO Larry Ellison. He'd rather we take out the word "cloud" from cloud computing and replace it with "Oracle." Now that makes sense!

All the necessary ingredients
Oracle has all the major parts and smarts it needs to do this, by the way. Oracle may need an acquisition or two more for better management and perhaps hosting. But that's about it.

Like Apple, Oracle is not killing the old IT era to usher in the new. Oracle is rescuing the old IT models with a viable complete IT acquisition model. Then it too will take all the real dough.

Incidentally, IBM tried to, and came quite close to a similar variety of enterprise IT domination. That was more than 30 years ago. IBM was an era or two too early. Microsoft tried, and came moderately close—at least in vision—to the same thing, moving from the desktop backward into the data center. But, alas, Microsoft was also an era too early.

Both Sun and IBM were seduced over the past 15 years by the interchangeable parts version of IT ... It's what Java is all about. Microsoft hated Java, never veered from their all-us-or-nothing mantle, which is now passing to Oracle. But Microsoft never had the heft in the core enterprise data center to pull it off. Oracle does.

Yes, Apple and Oracle have clearly learned well from their brethren. And the timing has never been better, the recession a god-send.

So now as consumers, we have some big choices .... er, actually maybe we have a big buy-in, yes, but maybe not too much in the way of choices. As any mainstream consumer and producer of media, I will really need to do business with Apple. Not too much choice. Convenience across the content supply chain has become the killer app. And I love it all the way.

I want my MTV, my New York Times, my Mahler and my Madmen. Apple gets it to me as I wish at an acceptable price. Case closed. The end device is not so important any more, be it big, medium or small, be it Mac or PC. Because of my full-bore consumer seduction, the producers of the content need to follow the gold Apple ring. Same for consumer applications and games, though they are all fundamentally content.

As an IT services buyer, Oracle is making a similar offer. Convenience is killer for IT managers too. Oracle, through its appliances, integrated stack, data ecosystem, tuned high-end hardware, business applications, business intelligence, and sales account heft, leaves me breathless. And taking a next breath will probably have an Oracle SLA attached. Whew!

Critical mass in the accounts that matter
Oracle is already irreplaceable in all—and I mean all—the major enterprise accounts. Oracle can substantially now reduce complexity across the IT infrastructure front, while seemingly cutting costs, apparently reducing risk. But a huge portion of the total savings goes into Oracle's pockets, making it stronger in more ways in more accounts for 20 years. Now they can take the lion's share of the profits in the IT as a service era. I call that dominance.

So let's hear it for the balancing acts still standing. Go IBM! Go Microsoft! Go Google! Go HP! Go SAP! How about Cisco and EMC? You all go for as long as you can, please. Or at least as long as it takes for the next IT and media eras to arrive. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

These handful of companies are about the only insurance policies against Apple and Oracle being able to price with impunity across vast markets that deeply affect us all.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Dana Gardner (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Philip Howard, Research Director - Data Management, Bloor Research Posted: 2nd February 2010 Copyright Bloor Research © 2010

It’s been a long time coming but Calpont has finally come to market with InfiniDB. Actually, it launched the open source Community Edition of the product last year but now it is introducing the commercial Enterprise Edition. There is, essentially, only one difference between the two versions and this is that the former runs on a single server only (as big as you like, with no constraints and all the features of the Enterprise Edition) while the latter runs across multiple servers. Calpont refers to the former as offering scale-up and the latter as scale-out.

Of course, there are some practical differences between the two editions but these only apply because of the supported architectures. Thus, there is no high availability option for the Community Edition; similarly, you can’t deploy the distributed cache from the Enterprise Edition and you can’t use parallel loading capabilities beyond the multi-threading supported by the Community Edition. But apart from the limitations of having a single server there are no differences.

The actual product itself is a column-based relational database with a MySQL front end. The secret sauce is what is known as the Extent Map. This is a metadata layer that sits over the data and which learns, retains and uses patterns that exist within the data in order to optimise I/O. It is particularly relevant where there are natural patterns within the data such as all data being time-stamped, so the product will be well suited to log management, telco call analysis, financial trading environments, web analytics and so on. The Extent Map also records information such as maximum and minimum values, number of entries and so on so that certain types of queries (for example, count queries) can be performed without requiring any I/O at all.

The real kicker is the pricing, which is $11,995 per node with discounts for 11 or more MPP nodes. According to the company this works out at between $4,000 and $7,000 per terabyte. Moreover, this is not a subscription licensing model; this is a one-time license fee, though of course you have to add maintenance and running costs. However, this way undercuts the market, even bearing in mind that some competitors can offer better compression ratios and will therefore require less disk space and therefore reduced hardware and software costs. Moreover, Calpont also offers a discount for six one-node instances (which they refer to as an Analytics 6-pack) with the intention of picking up data mart business in larger enterprises.

Calpont is late to the market and it has competitors that are already established. Nevertheless, the market is buoyant and I don’t think it is too late, particularly given the product’s performance (there are some independent benchmarks that have been run against other open source products in which the company did well—but this only applies to the Community Edition), its pricing and its positioning (in conjunction with MySQL). Put these together and InfiniDB should provide some serious competition to its more established rivals.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Philip Howard (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Andy Hayler, CEO, The Information Difference Posted: 1st February 2010 Copyright The Information Difference © 2010

At the beginning of February a new data warehouse appliance will appear: InfiniDB is a columnar, software-only appliance that has been in an open-source preview form for a few months now. The appliance market is crowded, and InfiniDB will clearly square up against products like Vertica, InfoBright and Sybase IQ, given its columnar nature. While the technology is clearly less mature than these more established products, it does have one potentially significant differentiator, and that is price. The commercial (as opposed to the open source community version) of InfiniDB will, for a typical 5 TB configuration, come in at around $10k per TB for licence (support is additional), and that is very cheap indeed.

The database uses MySQL as an interface layer, with the advantage that customers can use any of the range of administration and additional tools (e.g. data integration) that work with MySQL. A performance benchmark carried out by a well-known MySQL consulting company shows InfiniDB stacking up well against some other columnar storage engines, though in the future it would be interesting to see an independently audited TPC benchmark. The technology is still clearly developing at present, and lacks what some may see as important features in its initial version: it is not currently using a shared-nothing architecture, so users will need to work with the MPP nature of the software against a shared storage asset (SAN) for now. Loading is currently restricted to one node, rather than being parallelised across multiple nodes, for example, and the company will need to deliver these and other features in a timely manner in order to compete technologically with the established players.

Those with long memories will be curious as to the vendor behind this fresh start-up: Calpont. Calpont has had a somewhat chequered past, having been around nearly ten years without ever really shipping a product, but there seems to have been a clear-out, and the new Calpont shares no staff with the original company, has some new investors, and InfiniDB apparently has not one line of code in common with the previous Calpont technology. Quite why, given this, they did not simply start with a new company name is puzzling to me, but hopefully the new organisation can cast off any lingering memories of the old Calpont and make its way as a new start-up company.

At present there are a number of organisations using the community edition of the InfiniDB software, and it will be interesting to see what commercial traction that the made-over Calpont can gain in the market. While it is not at this stage fully developed, it will hope to emulate the success of MySQL in the database market, which did not pretend to be the most fully functional database, but did deliver most of what people needed at a significantly lower price point than the established players.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Andy Hayler (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Dana Gardner, Principal Analyst, Interarbor Solutions Posted: 1st February 2010 Copyright Interarbor Solutions © 2010

The latest BriefingsDirect podcast discussion hones in on storage virtualization. You've heard a lot about server virtualization over the past few years, and many enterprises have adopted virtual servers to improve their ability to manage runtime workloads and high utilization rates to cut total cost.

But, as a sibling to server virtualization, storage virtualization has some strong benefits of its own, not the least of which is the ability to better support server virtualization and make it more successful.

We'll look at how storage virtualization works, where it fits in, and why it makes a lot of sense. The cost savings metrics alone caught me by surprise, making me question why we haven't been talking about storage and server virtualization efforts in the same breath over these past several years.

Here to help understand how to better take advantage of storage virtualization, we're joined by Mike Koponen, HP's StorageWorks Worldwide Solutions marketing manager. The discussion is moderated by BriefingsDirect's Dana Gardner, principal analyst at Interarbor Solutions.

Here are some excerpts:

Koponen: Storage requirements aren't letting up from regulatory requirements, expansion, 24x7 business environments, and the explosion of multimedia. Storage growth is certainly not stopping due to a slowed down economy.

So enterprises need to boost efficiencies from their existing assets as well as the future assets they're going to acquire and then to look for ways to cut capital and operating expenditures. That's really where storage virtualization fits in.

We found that in a lot of businesses they may have as little as 20 percent utilization of their storage capacity. By going to storage virtualization, they can have a 300 percent increase in that existing storage asset utilization, depending upon how it's implemented.

So storage virtualization is a way to increase asset utilization. It's also a way to save on administrative cost, and it's also a way to improve operational efficiencies, as businesses deal with the increasing storage requirements of their businesses. In fact, if businesses don't reevaluate their storage infrastructures at the same time as they're reevaluating their server infrastructures, they really won't realize the full potential of a server virtualization.

In the past, customers would just continue to deploy servers with direct-attached storage (DAS). All of a sudden, they ended up with silos or islands of storage that were more complex to manage and didn't have the agility that you would need to shift storage resources around from application to application.

Then, people moved into deploying network storage or shared storage, storage area networks (SANs) or network-attached storage (NAS) systems and realized a gain in efficiency from that. But, the same can happen. You can end up with islands of SAN systems or NAS systems. Then, to bump things up to the next level of asset utilization, network storage virtualization comes into play.

Now, you can pool all those heterogeneous systems under one common management environment to make it easy to manage and provision these islands of storage that you wound up with.

Studies show swift pay-back
A recent white paper recently done by IDC focuses on the business value of storage virtualization. It looked at a number of factors—reduced IT labor, reduced hardware and software cost, reduced infrastructure cost, and user productivity improvements. Virtualized storage had a range of payback anywhere from four to six months, based on the type of virtualized storage that was being deployed.

There are different needs or requirements that drive the use of storage virtualization and also different benefits. It may be flexible allocation of tiered storage, so you can move data to different tiers of storage based upon its importance and upon how fast you want to access it. You can take less business-critical information that you need to access less frequently and put it on lower cost storage.

The other might be that you just need more efficient snap-shotting, a replication of things, to provide the right degree of data protection to your business. It's a function of understanding what the top business needs are and then finding the right type of storage virtualization that matches those.

In order to take advantage of the advanced capabilities of server virtualization, such as being able to do live migration of virtual machines and to put in place high availability infrastructures, advanced server virtualization require some form of shared storage.

So, in some sense, it's a base requirement that you need shared storage. But, what we've experienced is that, when you do server virtualization, it places some unique requirements on your storage infrastructure in terms of high availability and performance loads.

Server virtualization drives the creation of more data from the standpoint of more snapshots, more replicas, and things like that. So, you can quickly consume a lot of storage, if you don't have an efficient storage management scheme in place.

And, there's manageability too. Virtual server environments are extremely flexible. It's much easier to deploy new applications. You need a storage infrastructure that is equally as easy to manage, so that you can provision new storage just as quickly as you can provision new servers.

As a result, you certainly get an increased degree of data protection by being able to meet backup windows and not having to compromise the amount of information you back up, because you're trying to squeeze more backups through a limited number of physical servers. When you do server virtualization, you're reducing the number of physical servers and running more virtual ones on top of that reduced number.

You might be trying to move same number of backups through a fewer number of physical servers. You also then end up with this higher degree of data protection, because with a virtualized server storage environment you can still achieve the volume of backups you need in a shorter window.

From an HP portfolio standpoint, we have some innovative products like the HP LeftHand SAN system that's based on a clustered storage architecture, where data is striped across the arrays and the cluster. If a single array goes down in the cluster, the volume is still online and available to your virtual server environment, so that high degree of application availability is maintained.

For people who want to learn more about storage virtualization and what HP has to offer to improve their business returns, I suggest, they go to www.hp.com/go/storagevirtualization. There they can learn about the different types of storage virtualization technologies available. There are also some assets on that website to help them with the justification of putting storage virtualization within their companies.

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Dana Gardner (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Laurie McCabe, Partner, Hurwitz & Associates Posted: 29th January 2010 Copyright Hurwitz & Associates © 2010

I still havent had time to write about Lotusphere 2010, but in the meantime, you may want to listen to the conversation I had with small business guru and friend Brent Leary. Last week, Brent interviewed me about my take on this years Lotus event, announcements and news.

Naturally, our conversation centered on the small business angle, which Brent quite appropriately titled, Does IBM Really Want to Get Small? Thoughts From The Lotusphere with Laurie McCabe. Like many others before him, Brent was curious about how serious IBM really is about pursuing small businessesand ready to gear up against some very serious competition from the likes of Google, Microsoft, Zoho and others to win small business hearts and minds. You can listen to or download the conversation here (just scroll to the bottom of the page).

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Laurie McCabe (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Rob Bamforth, Principal Analyst, Quocirca Posted: 29th January 2010 Copyright Quocirca © 2010

At one time, the only enterprise users of Apple products would have pony tails or job titles with the word ‘creative' somewhere.  That's no longer the case.  The mainstay business tools that reside on desktop PCs running Windows across most enterprises - Word, PowerPoint, Excel, and shortly Outlook - run just as nicely on the Mac today.  Sure, there are Apple equivalents some would find more glitzy, but compatibility and uniformity with PC users is generally possible, although for native Windows-only applications this will mean the additional purchase of a virtualisation capability and a copy of Windows.

So whether it's at a desk or on the move, Apple has a desktop or laptop that will give a very businesslike experience, just with a few more shiny edges and generally a higher price.  Still, upfront hardware cost is only one part of total cost of ownership, and past Quocirca research has shown that end users take more care of their mobile equipment if they like it rather than have it forced on them.  Loss of laptop and, more importantly, data through theft or user carelessness is one cost many businesses bear, along with the inevitable need to replace badly treated devices as they break.  Apple laptops can be more commonly seen in traditional mobile business venues - coffee shops, airport lounges, railway carriages - so clearly more IT purchasers are buying the Macbook case.

On the communications front, the iPhone - initially slated by many analysts as ‘just for consumers' - has become enormously important to many as their business mobile device.  Largely it is down to the applications.  While many see the BlackBerry as a fantastic, well integrated email device, perfect for the enterprise user, they also (wrongly) perceive it as email and personal information management only.  It is not yet seen as a multi-application mobile platform like the iPhone, or for that matter, Google's Android.

The sheer volume of applications for the iPhone are huge - over a hundred thousand on the App Store and billions of downloads to date - and they range from free iTat (and there's plenty of that) up to some reasonably priced and rather useful tools.  Few stretch up into the comprehensive business client applications, as it's difficult to sell at high end prices on what feels like a music and media like experience storefront, but there are some significant ‘Pro' widgets making good revenues for serious ISVs.

The main problem with the iPhone has not been the ‘i', but the rest of the name.  It's not been the greatest of phones, with call drop out reminiscent of the early BlackBerry and a lack of staying power in the battery department.  It's not just that the battery isn't replaceable; it's also difficult to rely on it having sufficient power at the end of a day away from a charging point.  That's not good as so many in their personal as well as working life rely on being able to make mobile phone calls.

So where does this leave the newly baked Apple iPad?

It has the form factor and operation of a laptop, albeit with a virtual rather than real keyboard, and has the expected consumer appeal for media consumption.  With iPhone underpinnings, and support for the existing App Store applications, its architecture suggests iPhone on steroids (lots of them).  The iPhone is ideal for casual on the hoof access and consumption of small screen data, but the iPad will dictate a more laptop-like usage model with the need to use two hands and if typing, the need to sit down.

So where does it fit as a business device and what else will accompany it?  If there is a need to carry a laptop as well, that's too much weight and corporate risk, but as it is unlikely anyone will clasp an iPad next to their head as a mobile superphone, surely business users will still need a mobile phone.  That then means two tariff - one for iPad, one for phone - but then many will have already succumbed to employee demands for 3G laptops as well as their mobile, so is that a problem?  Well, it may be, especially with the consumer and media emphasis surrounding this latest iGadget, but excessive mobile costs - voice or data - are potential issues for anyone managing any fleet of mobile devices.

There is also the potential fragility of the large glass screen and slippery smooth aluminium back, and the desirable nature of the device from a theft perspective.  However, these are problems laptop users and IT managers are getting pretty used to dealing with - according to Quocirca research, more so than looking after smartphones - and so the larger size of the iPad may work in its favour in this regard.

The high end version of the iPad will come with Wi-Fi, 3G and 64GB of storage, but at a price and with constraints on data capacity - no hard drive, CD or DVD capability - it will look expensive next to a standard laptop PC. As iPhone's big brother it also retains the feature of keeping multi-tasking out of the application runtime environment, restricting power users to only do one thing at a time, the only exceptions being internal and tightly controlled by Apple.  Further restraint is applied to applications: by not providing direct support for Adobe's Flash, Apple is still attempting to prevent circumvention of the App Store by smart and direct developers.

However, one thing is pretty certain, given the hype generated by its launch, it will be a device to keep an IT management eye on, and may even surprise as a suitable business tool.  The aftermarket of add-on hardware and software applications will be key to this, and definitely the area to watch.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Rob Bamforth (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Louella Fernandes, Principal Analyst, Quocirca Posted: 29th January 2010 Copyright Quocirca © 2010

Although the recession saw the ink dry-up on printer hardware sales, many vendors turned their focus to managed print services to keep the ink flowing.  As the economy rebounds, vendors will need to focus on a message of more effective printing practices through device optimisation which can drive efficiency throughout a business - in terms of user productivity, device availability and reduced costs. Despite its pervasiveness, controlling printing remains an afterthought for many organisations who are already taking steps to consolidate desktops, servers, control licensing and adopt lower cost service models such as cloud computing in an effort to reduce costs and improve efficiency. With businesses under ever increasing pressure to do more with less, Quocirca expects the following drivers to increase the appeal of adopting a strategic approach to print management in 2010.

Cost control and optimisation: With the weak economy many organisations face tightened budgets and are forced to extend the life of existing hardware to avoid new capital expenditure. Although budgets may remain tight in 2010, organisations must consider the risk in not replacing/retiring aging printer fleets or optimising investment in existing high performance multifunction devices, which can lead to both hardware failures and service disruptions. The hidden costs of printing relate not only to hardware acquisition but also consumables, maintenance and support costs. An optimised print environment is one that balances deployment of devices at the lowest possible costs with higher employee productivity. MPS involves outsourcing some or all elements of the print environment based on a pay-per use model that allows variable costs such as toner and ink to be based on actual usage. It does not always require capital expenditure at the outset, as operational costs can be reduced by device consolidation, more effective printing practices and adopting a usage based pricing model. As well as reducing the cost of hardware acquisition, MPS can significantly improve the quality of service, reduce maintenance costs and improve business continuity.

While take up of MPS to date has been  mainly by large enterprises, Quocirca expects more SMBs to consider simple  contractual models which wrap hardware, support, services and consumables in a monthly payment. These entry-level packaged services enable smaller companies to benefit from predictable expenses and reduce time spent dealing with printer problems.

Sustainable IT: There is now significant pressure on businesses to reduce energy usage in all areas, and printing is no exception. Replacing outdated inefficient printers and copiers with energy efficient multifunction devices to reduce power consumption, can help to shrink the overall carbon footprint of an organisation.  Also, the implementation of effective printing practices can significantly reduce wasteful paper and ink usage. These may include enforcing duplex printing, secure or "follow-me" printing solutions or restricting user access to colour printing on more expensive devices.  

Cloud services: Cloud computing continues to gather pace, but has yet to become a mainstream way of delivering print services. A potential cloud printing service would be based on the following characteristics. Firstly, printing is used and paid for on demand - so resources that are not needed are not paid for in advance; this allows, consumption can be scaled up or down based on demand. Finally, the managed print infrastructure is owned and completely managed by the provider. Other cloud printing opportunities include high end production printing, minimising the need for businesses to invest in high end digital production printers. A example of a services in this area is HubCast which offers a global service that automates production and delivery of print jobs to any user location.   

Enterprise mobility. Workers will continue to be distributed across a number of office locations and their homes. Branch offices play a critical role front line services, and emphasise the importance of supporting printing in remote locations. There is  also an increasing interest in printing from mobile devices - some which often have limited or no printing systems, for example on the spot parking fines, bed side prescriptions in hospitals. ThinPrint recently announced a cloud printing solution for Google Chrome OS and HP also offer CloudPrint for Blackberry devices. The challenge remains for organisations using these tools to retain control of printing, while enabling mobile workers to be productive.

Security. With the best IT security solutions in place, an often overlooked weak link is printers. This includes uncollected confidential output and the fact that as with most networked devices, printers have hard disks, RAM and Ethernet ports all of which to need securing as on any conventional server. More organisations are recognising the potential security vulnerabilities of printers and are taking steps to protect these devices. Hard disk overwrite and encryption capabilities protect data on the device, while secure print solutions release print jobs using identification methods such as PIN, swipe cards or even finger prints.

While printing is not going to disappear any time soon, the complexity of the cost reduction and security pressures together with an increasingly mobile workforce brings many challenges. Businesses must recognise the impact that these trends have on existing printing practices and take measures to implement solutions and services which enable printing to be carried out efficiently, cost effectively and without risk.

Read more about how organisations have benefited from MPS in Quocirca's report

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Louella Fernandes (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Clay Ryder, President, Sageza Group, Inc. Posted: 28th January 2010 Copyright Sageza Group, Inc. © 2010

EMC has announced new high-density configurations of its EMC CLARiiON CX4 and EMC Celerra Gateway systems. The new high-density configurations feature 5,400 rpm 2TB SATA drives that provide double the capacity of 1TB 7,200 rpm SATA drives but at 60% less power per GB. These latest configurations also support EMC spin down technology that powers down inactive disk drives to reduce power requirements by up to 65% over traditional always-spinning solutions. In combination with high-performance enterprise flash drives, and storage efficiency technologies such as EMC FAST, these solutions target organizations that are seeking to more easily manage the growth of storage-intensive applications while reducing power consumption, cooling costs, and floor space requirements in the datacenter or remote office locations.

The high-density CLARiiON CX4 configurations support up to 390 2TB, 5,400, and 7,200 rpm SATA drives as well as high-performance flash drives in a single rack that requires half the floor space and number of power connections over conventional racks with full access to all disk drives from the front of the rack. Organizations that desire CIFS and NFS support can select the high-density Celerra Gateway system, which is based on the CLARiiON CX4.

Pricing/Availability: The new high-density CLARiiON and Celerra Gateway configurations are now available worldwide. EMC has indicated that it will make high-density EMC Celerra unified storage system configurations available later in 2010.

Net/Net: At first blush this announcement might be overlooked as simply an update to a venerable series of storage products. However, upon closer consideration, one can see that these new offerings are a clever approach to meet the growing need for corporate storage that simultaneously addresses several of the ongoing operational challenges in both the datacenter and the remote office. For many, the notion of 5400 rpm and 7200 rpm disk drives in a contemporary enterprise-grade storage solution may seem archaic, yet the crafty inclusion of these seemingly retro technologies facilitates the power-thrifty and high-density achievements of these solutions.

Although performance is always an important factor in any storage solution, not all data demands the highest echelon of performance. When dealing with large quantities of data, it is all the more imperative that organizations successfully match the business value of the data with the cost-effectiveness of its storage. The impressive price/performance ratio of SATA drives combined with the latest 2TB capacity is difficult to overlook especially when this raw capacity is incorporated into storage arrays that offer other performance boosting capabilities. For those who find energy consumption to be a driving consideration, the modest performance tradeoff of an energy-sipping 5400 rpm rotational speed may offer a means by which to increase overall storage capacity in the datacenter while further reducing the power envelope over that of 7200 rpm platters. Additionally, EMC’s inclusion of auto spin down technology further reduces energy consumption as otherwise unused drive arrays are idled and their impact on power consumption diminishes substantially.

Granted, these high-density, smaller footprint storage technologies will not match the performance of high-speed drives common to high-end storage solutions. But that is not the goal of these new offerings; these offerings are about efficiency as manifest in floor space, energy consumption, cooling, and financial performance. Hence it is important to remember how these systems fit into the big picture. First, these systems are not positioned as high-end, high-performance offerings. Second, these systems support EMC FAST, which allows the promotion and demotion of data to primary, secondary, and tertiary storage platforms as demanded by business need. Third, array technology can improve the overall performance of the storage solution, which is after all more than just a standalone storage platter. Last, and most importantly, the efficacy of a storage solution is not measured by the speed or capability of a specific component, but as a holistic undertaking that combines multiple hardware and software technologies with business process to align the solution with the goals of the organization.

With this in mind, we believe that these latest CLARiiON CX4 and Celerra Gateway systems are well positioned to address many of the storage needs within organizations. The focus on efficiency achieved through a clever use of tried, tested, and true storage technology should resonate with organizations that are seeking to balance the multiple constraints inherent in delivering storage services regardless of whether they are datacenter- or remote office-based. These new offerings serve as a reminder that in the quest for the latest and greatest, one can often find the answer in places that might be inadvertently overlooked or easily dismissed. It also illustrates that while EMC prides itself in being a forward-looking company from both a technical and market perspective, the company is quite able to leverage technologies that by themselves may seem less than cutting edge into a solution that addresses contemporary challenges with cutting edge creativity.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Clay Ryder (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Clay Ryder, President, Sageza Group, Inc. Posted: 28th January 2010 Copyright Sageza Group, Inc. © 2010

Earlier this week Omnifone and HP announced a partnership to distribute the MusicStation Desktop music service on 16 HP PC models in 10 European countries. The service will provide unlimited access to millions of tracks from Universal Music Group, Sony Music Entertainment, EMI Music, and Warner Music International as well as leading independent labels. It will be preloaded on new HP Pavilion, Compaq Presario, and HP Envy models, and will offer a 14 day free trial. MusicStation will be available to users of new HP PCs in the UK, France, Germany, Italy, Spain, Austria, Belgium, The Netherlands, Sweden and Switzerland, who will be able to download, play, and share tracks on their computer for a monthly subscription fee. Tracks are downloaded directly via the Internet to the PC for online and offline playback; subscribers can also burn 10 tracks a month into DRM-free MP3 files. The monthly subscription fee is £8.99 in the UK, 9.99 for Austria, Belgium, France, Germany, Italy, The Netherlands, Spain, CHF14.95 in Switzerland, and 99SEK for Sweden.

OK, I am generally skeptical of subscription based music services since they rely on the customer having a sufficiently short music attention span such that the user is always seeking new sounds to replace the old. Otherwise, the user ends up paying rent for his/her music forever, which can far exceed the cost of purchasing the CD or other legitimate download, even in the overpriced retail music haven known as the EU. However, this partnership differs from past approaches whereby I think it might actually make financial sense to the user, especially if he/she is prone to purchasing single tunes as opposed to entire albums. Although the service is predicated upon playback on a PC, the growing number of media center PCs does somewhat blunt this shortcoming, however, the lack of an integrated portable device a la the iPod does place this at somewhat of a disadvantage over iTunes and other competitors. But on the other hand, this service does not require the upfront purchase of a portable media player and 79p/99cent per track charges and users can indirectly load their prepaid 10 tracks/month onto an MP3 player if they wished.

Granted, I have not been over the pond for a couple of years now, but even then an £8.99 CD was at best a discount label reissue of public domain songs from the Edwardian era. Hence the ability to burn 10 tunes a month from the major music labels for less than 10 quid is notable, and effectively positions MusicStation Desktop as a gigantic music preview service. As such, it could also help drive additional offline purchases including CDs, or other pay per song downloads, which would accrue to the labels bottom lines. In the realm of popular music, especially for those in the younger demographic or those with an insatiable appetite for only that which is currently charting, this try it all and keep some of what you like approach may prove to be an good fit with the market; it might represent a new balance between the rent forever and buy it all up front schemes that exist today.

At the same time, there are other market segments where I do not expect to see much uptake. For those whose tastes tend towards the high-art end of the music spectrum or view the album as a audio mural intended to be enjoyed from start to finish, it seems unlikely that a piece parts approach to audio fulfillment would be well received. Further, the ardent audiophile is unlikely to consider digitally compressed music to be of sufficient quality, they might in fact still prefer the drop of the tone arm into a vinyl groove over even the best mastered DVD-Audio, let alone MP3 download. But then again, these are likely not the markets that Omnifone and HP are seeking with this announced partnership.

So overall, I think this musical partnership has a rational premise, and may prove to be well suited to certain market segments. It offers incremental revenue to the partners involved and record labels, and it is a low risk affair for the customer. In the consumer marketplace, this is a good balance between risk and reward. It will be interesting to see, er perhaps hear, just how well it all plays out.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Clay Ryder (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Laurie McCabe, Partner, Hurwitz & Associates Posted: 27th January 2010 Copyright Hurwitz & Associates © 2010

As a follow up to my post What Is Green IT and Why Should You Care?, I had the opportunity to talk with Steve Sams, VP for IBM's Global Site and Facilities Services, along with several other members of IBM's green team. As part of its Smarter Planet mission, IBM is active on all fronts in the green IT movement, with many technology-related products and services that help companies be more environmentally responsible.

We discussed several of these, from desktop virtualization to supply chain and transportation management. One of the initiatives that I was most interested in is IBM's Scalable Modular Data Center (SMDC) for midsize companies. SMDC provides end-to-end consulting and implementation services (including planning, design, construction and full production testing) to help firms run their IT operations in a greener, more cost-efficient way. Despite the sluggish economic recovery, take up for the service has been phenomenal. Since announcing SMDC about 30 months ago, IBM has implemented more than 200 scalable modular data centers for midsize organizations, and helped another 200 to 300 customers a year to restructure existing facilities to achieve energy and cost savings and improve IT reliability and performance.

With so many green IT offerings vying for midsize customers' attention, why is SMDC gaining so much momentum? I see a few key ways in which this solution stands out in the sea of green IT, including:

• Connecting the dots to illustrate big picture value. Many companies want to reduce their carbon footprint, but they also need a clear and compelling connection between energy-efficiency and financial and IT performance gains. IBM has developed a strong business case for SMDC and provided customer metrics to back it up. For example, IBM and Business Partner American Power Conversion (APC) worked with Bryant University, a small private college in Rhode Island, to improve IT service levels, cut energy costs and reduce operational costs. Bryant replaced four server rooms—none of which were providing the reliability and performance it needed—with a SMDC. As a result, Bryant has reduced energy consumption by 15% and operational costs by 21%, while providing a 12 to 15% improvement in service delivery.
• Starting with an upfront assessment service to determine if a company can stretch the life of an existing facility, or if it needs to build a new one. The first question the SMDC service helps customers answer is whether they can retrofit an existing facility to achieve the reliability gains and energy and cost efficiencies they need, or if they need to replace it.

If the customer has a traditional data center, IBM can often help the customer redesign it to increase utilization and efficiency. According to Steve Sams, most organizations use only 10% to 20% of their available technology capacity—and sometimes utilization is as low as 5%. Servers are cheap, so customers often end up just adding more servers to satisfy different requirements, without regard to the total operational costs. As a result, a company may be spending up to ten times more than they need on software licenses, maintenance, management, etc. As alarmingly, they also overspend on energy to power, heat and cool under-utilized equipment and space. In many cases, IBM can help customers use existing space and technology assets more efficiently. Simple things, such as turning up the temperature in the data center, moving things around for better airflow, and consolidating servers can generate up to 23% in energy savings, and about 40% to 50% of the total operational costs of the running the data center.

In other cases, such as with Bryant University, the organization doesnt have a purpose-built data center. Servers, storage and networking gear are stashed in closets or spare office space. IBM helps them to replace this type of jury-rigged space with a modular data center that reduces energy costs up to 15% and improves IT reliability and performance.

• Centering design on midsize business requirements. SMDC services can serve companies with data center needs as small as 500 square feet. When a customer needs to start from scratch, SMDC provides a modular approach. New space can be added as needed in a plug and play fashion. With this approach, companies can reduce upfront capital costs by as much as 25%, and shrink ongoing expenses for electricity, maintenance, and energy consumption by 15%.
• End-to-end project lifecycle support. In addition to technology and energy assessment and implementation services, IBM provides data center construction planning when required. While Big Blue doesn't pour concrete, it does develop design criteria and specifications, and provides a construction project manager to run the project. This includes monitoring and managing recycling for both construction material, such as steel and wood, as well as IT equipment. This end-to-end engagement is an important value-add for midsize companies.
• Helping to overcome cultural obstacles. Politics is often the obstacle that stops companies from making strides to consolidate IT operations in a more environmentally friendly facility. In some cases, strong business owners across different functions or departments want to control "their own IT". They don't want to let go of physical and operational control of IT infrastructure. IBM consulting services can provide companies with the facts and data points to convince skeptics of the business benefits of streamlining and centralizing IT facilities. Stakeholders can improve energy efficiency and cut costs for the organization, and get better IT performance and reliability. Furthermore, by reducing ongoing IT facility, maintenance and energy costs, they can free up resources for new initiatives.

The bottom line is that IBM has a very good story to tell as to how SMDC can help midsize companies gain significant capital savings, reduce ongoing expenses and cut energy consumption. IBM is also currently piloting a scalable modular server room service in India. This program provides a similar approach and benefits for smaller companies, whose data center footprint needs range from 10 to 50 square meters (roughly 100 to 500 square feet). IBM recently published its first success story in this space with Karad Urban Cooperative Bank.

As this pilot wraps up in the first half of 2010, I hope to get another update from IBM so I can give you some ideas as to how smaller companies can also go green and save green. In the meantime, let me know whats motivating your business to explore green IT solutions in this poll.

View This Poll

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Laurie McCabe (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Alastair Revell, Managing Consultant, Revell Research Systems Posted: 27th January 2010 Copyright Revell Research Systems © 2010

I suspect many businesses and probably most members of the general public are unawarethat the fees for notification under the Data Protection Act 1998 were changed witheffect from 1st October 2009. The change was made through The Data Protection (Notificationand Notification Fees) (Amendment) Regulations 2009 Statutory Instrument 2009/1677laid before Parliament by Michael Willis, Minister of State in the Ministry of Justice,on 6th July 2009.

The annual notification fee has been £35 for all data controllers, regardlessof their size, since 2000. However, from 1st October 2009, two-tiers of fees havebeen in force. Essentially, small and medium sized-organisations with fewer than 250 employees or lessthan £25.9M turnover continue to pay £35 annually and are now definedas “Tier 1” organisations. All other bodies (including any public authoritiesdefined in the 1998 act) will now fall into “Tier 2” and must pay £500annually. I think the general public have come to realise over the last couple of yearsjust how important their data is and how easily it can be lost by cavalier organisations(including government departments!) I welcome the change in the fee structure provided the extra funds takenare used to increase the Information Commissioner’s capability to ensure allof our private data is kept more securely by those with whom it is entrusted and thatthose who flagrantly breach the rules are brought to task. Many businesses see the current fee as a stealth tax and I suspect a goodnumber of the general public too. However, I hope with the increased funding thatthe Information Commissioner will be seen to be doing more to actively protect thepublic from cavalier data controllers by everybody. These fee increases have been introduced ahead of new powers that will come intoeffect in April 2010 that will allow the InformationCommissioner to fine people and organisations that recklessly breach any of theeight principles that underpin the act. These new powers were introduced as part of the Criminal Justice and ImmigrationAct 2008, but will only come into force in April 2010. The InformationCommissioner will only be able to fine data controllers when one or more of the eightprinciples have been seriously breached in cases where the breach was deliberate,or where the controller knew (or ought to have known) that the risk of such a breachwas likely to cause substantial damage or distress; and the controller failed to takeaction to stop it. Hopefully, these new teeth will work in tandem with the new funding to ensureall of our personal data is kept much more safely.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Alastair Revell (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Marcia Kaufman, Partner, Hurwitz & Associates Posted: 26th January 2010 Copyright Hurwitz & Associates © 2010

I am looking forward to attending The Smart Governance Forum (23rd meeting of the IBM Data Governance Council) in California on February 1–3, where I will be a panelist for a session on Smart Governance Analytics. As my panel group started to plan for the event, I did some background research on the Council to understand more about them. What kinds of questions were Council members asking about information governance when they began meeting in 2004 and how are things different today? Have they developed best practices that would be useful to other companies working to develop an information governance strategy?

Information governance refers to the methods, policies, and technology that your business deploys to ensure the quality, completeness, and safety of its information. Your approach to information governance must align with the policies, standards, regulations, and laws that you are legally required to follow. When a group of senior executives responsible for information security, risk, and compliance at IBM customer organizations began meeting in 2004, interest in IT governance was high, but there wasn't as much attention focused specifically on information governance.

Books like IT Governance: How Top Performers Manage IT Decision Rights for Superior Results by Peter Weill and Jeanne W Ross helped companies understand the benefit of aligning IT goals with the overall goals and objectives of the business. In addition, there were other publications at this time focused on how to take a balanced scorecard approach to managing business strategy and on best practices for implementing IT governance. These approaches are of critical importance to business success, however there was also a need to develop a framework for understanding, monitoring, and securing the rapidly increasing supply of business data and content.

And that is what a group of IT information-focused business leaders and IBM and business partner technology leaders decided to do. The amount of data they needed to collect, aggregate, process, analyze, share, change, store, and retire was growing larger every day. In addition to data stored in traditional databases and packaged applications like CRM (customer relationship management) systems, they were also concerned about information stored and shared in unstructured formats like documents, spreadsheets, and email.

Having more information about your company's customers, partners, and products creates great opportunity, but more information also means more risk if you don't manage your information with care. Council members asked each other lots of questions such as:

• How can we be sure that the right people get access to the right information at the right time?
• How can we make sure that the wrong people do not get access to our private information at any time?
• How can we overcome the risks to data quality, consistency, and security increased by the siloed approach to business data ownership that is so prevalent in our organizations?
• How can we create a benchmarking tool for information governance that will help our businesses to increase revenue, lower costs, and reduce risks?
• How can we improve our ability to meet the security and protection standards of auditors and regulators?

As a result of its discussions, the Council developed a Maturity Model to help you assess your current state of information governance and provide guidance for developing a roadmap for the future. The Model identifies 11 categories of information governance. The categories cover all the different elements of building an information security strategy, such as understanding who in the business/IT is responsible for what information, what policies do you follow to control the flow of your information in your company, what are your methodologies for identifying and mitigating risk, and how do you measure the value of your data and the effectiveness of governance. I read two IBM White Papers on the Model that add insight to the questions you need to ask to begin building a path to better information governance, The IBM Data Governance Council Maturity Model: Building a roadmap for effective data governance and The IBM data governance blueprint: Leveraging best practices and proven technologies.

So, what's changed? FInancial crises, increasing regulation, high-profile incidents of stolen private data, cloud technology, and other factors have added substance and complexity to the questions you need to ask about information governance. There is much to do. One question we will explore at the conference next week is, How do you measure the effectiveness of your information governance strategy and what analytical measures are appropriate? For example, some companies are using analytical tools to look for patterns of email communication across the company and discover a greater level of insight into how information is flowing and what needs more review. Look for more on analytics and governance after the conference.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Marcia Kaufman (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Bob Tarzey, Service Director, Quocirca Posted: 26th January 2010 Copyright Quocirca © 2010

The key elements of the recent holiday season—food and presents—and much else can be bought over the internet and, if physical goods are involved, be delivered to the door a few days later. This is taken for granted by more and more of us.

It's so easy, in fact, that it's easy to forget the internet belies a reality. The real world still exists and, for a supplier, understanding customers' physical location can be fundamental to successful and efficient e-commerce.

Take this example: if thousands of households choose to order their turkeys from a supermarket's website, for the retailer, this is only good business if it can efficiently deliver them from a central depot to thousands of separate locations. It needs to be able to do this more cheaply than distributing them to multiple stores and selling them over the counter, or at least to cover any extra cost by imposing a delivery surcharge and/or suffering less waste through turkeys not being left unsold or having to be heavily discounted in its stores.

This is a supply chain and logistics issue. In other cases it may make sense for such a supermarket, with both an online and high street presence—'clicks and mortar' if you like—to establish a tie between an online visitor and a local store: 'Yes, you can order your turkey online but before you do did you know that your local store is selling excess stock at half price?'

Making such a link allows a retailer to balance the efficiency of online sales with the need to have goods in-store. Some retailers also make such links to offer the near instant gratification to their customers of collecting online purchases from local stores within hours rather than waiting days for delivery.

Such geographic awareness can have all sorts of other benefits too. A global ticketing website could highlight local events to visitors from a given town, for instance. A landing page could be selected to suit visitors from different countries or regions, offering local language by default or seasonal goods depending on the time of year. In some cases access could be blocked, for instance to online gambling sites for individuals located in regions where such activities are illegal.

These features require an understanding of where a user is as soon as they arrive at a given site—before they have shown any real interest and certainly before they have offered up any personal information. How can this be done? The answer lies in the use of geolocation software.

The one thing that is known about a website visitor when they first arrive is the IP address via which their hardware is accessing the internet. IP addresses are assigned to regional internet registries (RIRs), which are part of ICANN (the Internet Corporation for Assigning Names and Numbers). RIRs, in turn, assign them to internet service providers, government organisations, large enterprises, etc. This is all public information; geolocation providers take this information, enrich it with other information such as postal codes and provide a look-up service for IP addresses that allows website owners to locate a visitor's most probable physical location, if necessary before a landing page is displayed.

Some IP addresses tell us nothing; for example if the user is accessing the internet via a known proxy. But that in itself is useful information which allows a visitor to be handled in a certain way. Other IP addresses may indicate that the user is accessing a site via a mobile service provider—again in this case their actual location may not be known, but the fact they are likely to be using a device with a limited display is, and their visit can be handled accordingly.

Geolocation also allows internet advertising to be more targeted. For example a political party does not want to waste advertising in areas where it has no chance of winning and instead only wants to pay for access to voters from marginal seats. Geolocation allows for key word adverts to be displayed only to visitors from such regions.

Advertising can also be more finely tuned if trends are understood; geolocation can help with this too. Gathering intelligence about website visitors and storing geolocation information along with it allows hotspots to be identified. For example, spotting a growth in online searches for an ethnic food category in an area where there had previously been limited demand. This indicates a local population change and a supplier can respond by stocking more of the given goods in the local store and advertising the fact that it has done so to online visitors from that area—a virtuous circle.

Geolocation databases can be purchased and installed on a given web server but this is old hat. Real time lookup, delivered as an on-demand service makes more sense—send an IP address and receive a co-ordinate. This is the way leading vendors in this area such as Quova, IP2 Location and MaxMind have moved.

While consumers continue to enjoy the benefits of buying online, there is increasing effort to link them seamlessly with the real world behind the scenes. Being online many sometimes feel like a virtual experience but the solid Earth and the real kilometres that separate us all remain a reality.

You can read more in Quocirca's report, 'Customers in the Real World' - available for download here.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Bob Tarzey (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Simon Holloway, Practice Leader - Process Management & RFID, Bloor Research Posted: 26th January 2010 Copyright Bloor Research © 2010

Singularity announced the release of LiveAgility, their SaaS BPMS offering, on January 21st 2010. Like all SaaS offerings this means users can cost the purchase of software on an OPEX rather CAPEX basis.

Based on what Singularity describe as “ a low” monthly subscription fee, LiveAgility users are able to model, execute, monitor and improve their business processes. Singularity is also offering to take care of the hardware, software, security, data etc. needed to operate the solution. Padraig Canavan, CEO of Singularity, commented, "Organizations today need business process support that is fast and easy to engage while also being quick to evolve as business needs change. Whether the challenge is to be better, faster or cheaper; the pressure on organizations to execute their day-today business processes more efficiently is growing. The speed at which new ideas can be put into practice is also increasingly important and it is to meet these challenges that we are bringing LiveAgility to market."

Having been given an advanced preview of the product about a month ago, one of the tings I liked was the user interface, which is based on Apple iApps view, where the windows work on a carousel pull in. LiveAgility is a Rich Internet Application, developed using Microsoft's latest SilverLight technology. Olivia Bushe, Marketing Manager at Singularity, described this interface, "LiveAgility's 3-dimensional user interface and underlying SaaS architecture mean that anyone who can use a smartphone can now design and execute business processes quickly, easily and affordably,"

Singularity is offering users the chance to have a free trial. (go to www.liveagility.com ).

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Simon Holloway (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon

By: Andy Hayler, CEO, The Information Difference Posted: 25th January 2010 Copyright The Information Difference © 2010

On 25th January open source vendor Talend announced the general availability of Talend MDM, an open source master data management (MDM) product based on their earlier acquisition of French MDM technology Xtentis from Amalto. As I commented when that acquisition occurred, this is a significant step, since customers who are thinking about dipping their toe in the water with MDM can now experiment with a free "community" license of some modern MDM software. If customers wish to move beyond this version, then the enterprise version has additional functionality (e.g. around workflow, multiple roles, and of course technical support), and is likely to be priced at under $100k for an annual license. Given that the software of major players in the MDM market typically sells at half a million to a million dollars, this is relatively affordable.

Functionally, the enterprise version of Talend MDM has the features that you would expect from an MDM product; it is based heavily on Java and Eclipse, and uses JBoss for event management. It has built-in data quality functionality (profiling, name and address matching) as well as workflow capability, role-based security and the MDM hub itself. It is able to take advantage of Talend's established open source integration technology for data movement e.g. for bringing together master data sources, and publishing of "golden copy" data to other systems. One important aspect of the technology is that it is heavily model-driven, and does not have a fixed data model, so is inherently multi-domain by design. It is anticipated that the open source community may develop specific "starter kit" data models and integration jobs, but our research consistently shows that customers require hubs that can deal not just with customer and product data, but with other types of master data such as location, asset and financial hierarchies, as well as industry-specific data such as oil-well information, or diseases in the case of the life-science industry. We believe that this "multi-domain" approach (rather than building around a fixed data model) is the one that most customers desire, but frequently cannot get, so Talend MDM is well-positioned here.

Talend will need to demonstrate that the unusual XML database platform that is used (which has some advantages in data modelling and search) also scales properly when significant volumes of data are to be managed, and will need to handle objections from database purists who prefer to standardise on a major relational platform. They also will need to back up their claims of rapid implementation with properly documented case studies. Amalto did have a dozen or so customers, mostly in France, but Talend has significantly enhanced and enriched the acquired technology and new prospects will want to see growing evidence of wider deployment of the new and improved open-source platform.

Overall, it can only be a good thing for the industry to have an open-source MDM choice available; this provides useful pricing pressure on the current industry leaders, and allows customers to get started with MDM in a low-risk fashion.

Useful Links:

• Post Comment | Read Comments
• Send Page Referral
• Contact Andy Hayler (Private)
• Social Bookmarks: Delicious | Digg | Reddit | Facebook | StumbleUpon