May 9, 2011
Volume XXXV, Issue 1
Major Players Zero In on Cloud Computing Market
Excerpted from Washington Post Report by Marjorie Censer
As the cloud computing market grows, the battle for work is getting fiercer, particularly among some of the well-known industry players.
Microsoft, Google, and Amazon Web Services (AWS) have made early inroads, but analysts say much of the market is still yet to be realized.
The federal government has adopted a "cloud-first" policy that makes cloud, or web-based computing, the default choice and has required agencies to move at least three services to the cloud within an 18-month period. The policy announcements have stoked a growing industry of companies - both those better known for commercial work and traditional contractors - hoping to play a part in the shifts.
In recent months, the competition has grown more heated. Teresa Carlson shook up the sector last year when she left her job as head of Microsoft's US Federal Sector to become Vice President of Amazon Web Services' Global Public Sector.
In a statement, Carlson said the move gave her an "outstanding opportunity to join the clear business leader in cloud services and solutions."
Microsoft has not yet filled her spot, but Curt Kolcun, Vice President of Microsoft's US Public Sector Business, said he is seeking a replacement.
"I'm obviously taking the time to find the right person," he said. "I don't think we're missing anything relative to the market opportunities or how we're competing for business across the market space."
More recently, Google and Microsoft have wrangled publicly over whether Google's cloud offering meets a security certification known as FISMA, and Amazon came under fire for a Northern Virginia data center crash that caused an outage for a cloud hosting multiple websites.
Though neither of these events will likely have long-term effects, they are indicative of the kind of rivalries shaping up, said Shawn P. McCarthy, Research Director at IDC Government Insights.
"This is going to be a very competitive space, and people are going to do what they need to do in order to capture that," he said.
Ray Valdes, a Research Director on Gartner's Internet Platforms and Web Services team, said the players are carving out niches within different parts of cloud computing. Amazon, for instance, has a clear advantage in the infrastructure segment of cloud computing.
Microsoft and Google, on the other hand, are more focused on providing platforms for the cloud, he said. Both companies have won government work migrating federal agency e-mail programs to the Web.
Microsoft is in the process of shifting the Agriculture Department's 120,000 e-mail accounts to the cloud, and Kolcun said it has already moved more than 17,000. The agency is moving over 1,600 users each night and expects to complete the shift before the end of the year.
Google partnered with Pennsylvania-based contractor Unisys to win a high-profile job migrating the General Services Administration's e-mail to the cloud.
"The cloud-first mandate has brought increased awareness to this market that there are other options beyond [the] traditional, in-house data center model," Carlson said in an e-mail.
McCarthy said he sees room for all three companies - and many others.
"Ultimately it will be a huge business," he said.
Huawei Eyes Cloud Computing
Excerpted from The Diplomat Report by Jeffrey Carr
On a recent trip to Beijing and Shanghai to attend Huawei's analyst summit, Gartner analyst Lydia Long learned that Huawei is planning to become a one-stop-shop cloud computing provider. In other words, Huawei will not only be making network equipment, it will be developing infrastructure-as-a-service software (IaaS), the cloud stack, needed to provide a public cloud like Microsoft's Azure or Amazon's EC2.
If Huawei's strategy in obtaining market share for its hardware is any indication, Microsoft, Amazon, Google, and other public and private cloud providers should prepare to have their pricing model ripped to shreds.
In addition, the executives of companies that intend to move their data to the cloud would be well-advised to re-think their cloud service provider requirements, moving beyond the question of who is the lowest cost provider and thinking about who will add security guarantees to their service level agreement.
Still, I also wouldn't be surprised if Huawei took the initiative to become the first cloud provider to revolutionize SLAs with exactly that kind of provision, considering that Huawei Symantec is developing secure data storage devices for just such a service.
Huawei isn't the only Chinese company that's investing heavily in the cloud. Cloud computing has been designated a strategic technology by the Chinese State Council in its 12th Five Year plan and placed under the control of the Ministry of Industry and Information Technology (MIIT). MIIT will be funding research and development for software-as-a-service (SaaS), platform-as-a-service (SaaS), and IaaS models as well as virtualization technology, distributed storage technology, massive data management technology, and other unidentified core technologies. Orient Securities has predicted that by 2015, cloud computing in China will be a 1 trillion yuan market.
According to the US-China Council website, MIIT was created in 2008 and absorbed some functions from other departments including the Commission of Science, Technology, and Industry for National Defense (COSTIND):
"From COSTIND, MIIT will inherit functions relating to the management of the defense industry, with a scope that covers the national defense department, the China National Space Administration, and certain administrative responsibilities of other major defense-oriented state companies such as the China North Industries Co. and China State Shipbuilding Corp. MIIT will also control weapons research and production in both military establishments and dual-role corporations, as well as R&D and production relating to "defense conversion" - the conversion of military facilities to non-military use."
Beijing has a dedicated 7,800 square meter industrial area called Cloud Valley that's home to 10 companies focusing on various aspects of cloud technology such as distributed data-centers, cloud servers, thin terminals, cloud storage, cloud operating systems, intelligent knowledge bases, data mining systems, and cloud system integration.
Clearly, China has made a serious commitment to cloud computing for the long term. This doesn't portend well for today's private cloud service providers like NetApp or public cloud providers like Amazon, Google, and Microsoft; especially if buying decisions are made on price.
Report from CEO Marty Lafferty
Last week, we analyzed Amazon Web Services' (AWS) outage and offered preliminary recommendations to cloud computing users for improving security and back-up. More of that continues below.
Basically, what happened was that a back-up router was improperly configured during routine upgrades, and when the primary router was taken off line for the upgrade, it caused a cascading failure of the Amazon's Elastic Block Store (EBS) system.
The outage was corrected quickly, but recovery took longer than that because Amazon did not want to follow the standard procedure of re-using existing capacity until it was sure data was not going to be lost.
Going forward, the company will increase both the spare, overhead capacity needed for disaster recovery and add more automation in its upgrade procedures to avoid a recurrence. It has also promised 10 days of service credit for EBS for affected users.
Commenting on the AWS outage, Fred Menge of information management firm Magnir said, "Putting your data in the cloud isn't any more risky than keeping your data locally. You have your own issues like local power outage and data theft through viruses and malware."
The questions we've been asked the most this week relate to the Sony PlayStation Network outage, which, unlike AWS, was caused by malevolence, not error.
Paradoxically, cloud computing, as opposed to other distributed computing architectures, tends to centralize data, thereby creating attractive targets for hackers. As John Harris reported in The Guardian, "Inevitably, hacking into stuff stored in the cloud is a global pastime, with its own grim star system."
Following a criminal cyber-attack on Sony Network Entertainment International's (SNEI) data-center in San Diego, CA on April 20th, the company turned off its PlayStation Network and Qriocity services and engaged a group of expert information security firms to assist with an audit of its system.
Timing was especially problematic for Sony, which at the time was launching the multi-player SOCOM 4, Steamworks' Portal 2, the Infamous 2 beta test, and a new Mortal Kombat.
Since then, SNEI and its third-party experts implemented increased security measures and conducted tests to verify their efficacy in protecting the PlayStation Network and Qriocity services. With these measures in place, Sony Computer Entertainment (SCE) and SNEI plan to start a phased resumption of the services region-by-region shortly.
Restoration of online game-play for the PlayStation3 (PS3) and PlayStation Portable (PSP) systems will require online verification of downloaded games. Resumed access to Music Unlimited powered by Qriocity for existing PS3/PSP subscribers will require a password reset through account management functionality. Access to download un-expired Movie Rentals on PS3, PSP, and MediaGo will be supported, as well as PlayStation Home, Friends List, and Chat.
SNEI is creating a new position of Chief Information Security Officer (CISO) reporting to Shinji Hasejima, Chief Information Officer (CIO) of Sony Corporation, to add expertise in and accountability for customer data protection and supplement existing information security personnel.
The new security measures will feature added automated software monitoring and configuration management to help defend against new attacks; enhanced levels of data protection and encryption, increased ability to detect software intrusions within the network, unauthorized access and unusual activity patterns; and implementation of additional firewalls.
SNEI also expedited an already planned move of the system to a new data-center in a different location that has been under construction and development for several months.
PS3 will have a forced system software update that will require all registered PlayStation Network users to change their account passwords before being able to sign into the service. As an added layer of security, that password can only be changed on the same PS3 in which that account was activated, or through validated e-mail confirmation, a critical step to help further protect customer data.
The company is conducting a thorough and on-going investigation and working with law enforcement to track down and prosecute those responsible for the illegal intrusion.
"This criminal act against our network had a significant impact not only on our consumers, but our entire industry. These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers' information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks," said Kazuo Hirai, Executive Deputy President, Sony Corporation.
"Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services."
While there is no evidence at this time that credit-card data was taken, SNEI will help its customers protect their personal data by providing a complimentary offering to assist them in enrolling in identity theft insurance or similar programs. Implementation will be at a local level with further details to be made available in each region.
The company will also roll-out a PlayStation Network and Qriocity "Welcome Back" program worldwide, which will be tailored to specific markets to provide customers with a selection of service options and premium content as an expression of the company's appreciation for their patience, support, and continued loyalty.
Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region.
All existing PlayStation Network customers will be provided with 30 days of free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days of free service. Music Unlimited powered by Qriocity subscribers will also receive 30 days free service.
Additional "Welcome Back" entertainment and service offerings will be rolled-out over the coming weeks as the company returns the PlayStation Network and Qriocity services full operation. SNEI will continue to reinforce and verify security for transactions before resuming the PlayStation Store and other Qriocity services.
For more information about the PlayStation Network and Qriocity services intrusion and restoration, please visit http://blog.us.playstation.com or http://blog.eu.playstation.com. Share wisely, and take care.
Octoshape at Content Delivery Summit in New York on May 9th
The proliferation of video to a fast-growing sea of consumer devices has content owners, online event producers, and operators seeking advanced approaches for content delivery. Octoshape US General Manager Scott Brown will join senior executives from global players Deutsche Telecom and Ericsson to discuss how to best meet evolving challenges in a session entitled "CDN Management and The Video Ecosystem."
The Content Delivery Summit roundtable on May 9th is a core part of the upcoming Streaming Media East conference in New York. This session will discuss how CDNs and carriers plan to manage content, what systems they are putting in place to deliver a quality user experience, and what challenges they see content owners facing as consumers view more video on multiple devices.
Brown will discuss how Octoshape's innovative software-based video streaming services Multicast and Cloudmass open opportunities to all members of the video ecosystem by breaking the constraints of scale, quality, cost, and global reach in content delivery. This is achieved by discarding the long-held and limiting relationship between the distance from the media server, and the quality of media the consumer receives.
Schedule a meeting with Octoshape at Content Delivery Summit.
US IPTV to See Steady Growth through 2015
Excerpted from Connected Planet Report by Dan O'Shea
The US Internet protocol television (IPTV) market could see more than 20% compound annual growth rate (CAGR) through 2015, according to IMS Research, whose analysis also suggests that pay TV cord-cutting will have a minimal effect on that video service provider market in the coming years, notwithstanding such contrary forecasts as Latest Pay TV Threat: TVs Going the Way of Landlines.
The research firm said that IPTV CAGR will run about 20.1% from the end of 2010 to 2015, while digital satellite TV comes in around 2.5%. Also, while cable TV operators are expected to lose 2.75 million subscribers during that stretch, they may pick-up about 7.8 million digital cable customers.
Cutting the pay TV cord for over-the-top (OTT) video services could be something of a shooting star, as the possibility remains that some customers who have cut the cord could actually return to pay TV in the future, especially if pricing changes occur, IMS Research said. After pay TV cord-cutting became a much-debated issue last year, more recently, industry research has tended to question both its immediate and long-term effect.
Also, while much has been made in recent days of Netflix nearing the top of the market heap in terms of number of video subscribers, IMS pointed out that cable TV players such as Comcast continue to deliver far higher monthly average revenue per user (ARPU). For example, while Netflix reported ARPU of $12.19 for the first quarter, that figure is nowhere near Comcast's fourth quarter 2010 ARPU of more than $133.
Where Does "Network" End and "Cloud" Begin?
Excerpted from Multichannel News Report by Leslie Ellis
Cloud. It's everywhere in the intersecting languages of business and tech.
As a person of words and tech, it's noticeable that lately even "cloud" has lost its participle - like how the British talk about taking someone to "hospital," not "the hospital."Example, from a recent batch of notes: "Cloud is a big space, with lots of different players. Cloud isn't just one particular thing - it's what Amazon does, yes, but it's a lot more than infrastructure-as-a- service (IaaS)."
In general, "cloud" is a catch-all term that means services or functions you used to get locally on a fixed machine at your house or workplace, but that you now get from anywhere, in real time, delivered to you over the Internet.
Maybe you've experienced what happens when the "in real time" part of "cloud" isn't there: No connection means no Facebook, no access to the files you stored on SugarSync or Dropbox. (This usually happens when you're out of town and either bored out of your mind, or in desperate need of your stuff.)
In cable, navigating subscription TV via something other than the remote is a good cloud example. Letting consumers use their gadgets (iPads come to mind) to change channels, set the digital video recorder (DVR) or stream TV means acknowledging that different screens have different decompression engines, resolutions, and communication passageways than set-tops.
So instead of trying to do everything from the set-top, why not use the cloud - the connection - to bridge the differences?
Here's where I get flummoxed when it comes to cable and cloud: Where does "the network" end, and "the cloud" begin? Lots of people use the two terms synonymously: Cloud is network; network is cloud.
For those of us who grew up in cable knowing "network" as the word that grew up out of "plant" - where "plant" is the connectors, coaxial cable, pole-line hardware, pedestals, fiber, lasers, and related headend whatnot needed to move video, data, and voice signals from one place to another - the distinction is nebulous.
It's good, says a cloud-engineering pal, to tease the two terms apart. Part of it involves getting to know the "data-center," a place filled with servers and software that "abstract" the stuff running over a network from the network itself. Part of it, too, involves knowing the difference between "service" and "server."
More on that next time.
2,000 Register for Cloud Computing World Forum
Over 2,000 senior level information technology (IT) decision makers have already registered to attend the 3rd Cloud Computing World Forum taking place on June 21st and 22nd in London, England.
The leading two day conference and expo has seen considerable interest after the success of last year's event, which attracted over 1,500 attendees.
This year's event sees the introduction of the ABC Approach to Cloud Computing with three theatres each focusing on a core topic vital to cloud computing's make-up. The Cloud Approach theatre will be about strategy, providing new perspectives and insightful forecasts. The Cloud Build theatre will address the mechanics of making the switch to cloud computing. And the Cloud Connect theatre will cover being mobile and social, examining the social cloud, enterprise 2.0, and the rise of the mobile cloud.
Delegates will hear from over 100 senior representatives from leading organizations in the industry, including Barclays Bank, BP, Cabinet Office, Cisco Systems, Comic Relief, Dell Services, Gala Coral Group, Gatwick Airport, Google, HM Revenue and Customs, Livebookings, MasterCard, Marks and Spence, Royal Mail, Severn Tren, and Thomson Reuters.
Partners and sponsors of the show include the DCIA.
To register for the event and take advantage of an early booking discount rate, which is available until May 20th, please click here. For information about speaking opportunities, sponsorship, and exhibition options, please e-mail info@keynoteworld.com.
BitTorrent Tracker Becomes Official Movie Distributor
Excerpted from Torrent Invites Report
Lithuania's most popular torrent tracker Linkomanija has endured its fair share of intellectual property (IP) related troubles in the past, such as the multi-million dollar lawsuit launched by Microsoft last year.
Nevertheless, there are also copyright holders with a more positive view towards the tracker. Today the local movie studio Iron Cat chose the site to become the official distributor of an upcoming movie.
Last year Microsoft joined the movie and music industries by suing a major BitTorrent tracker. With approval from their United States headquarters, Microsoft went after the largest BitTorrent site in Lithuania, LinkoManija. Demanding $45 million in damages, Microsoft accused the site and its operator of assisting in the unlawful distribution of Office 2003 and 2007. The software giant failed to shut down the site through the courts, but the main trial against LinkoManija's operator and his company is still ongoing.
Luckily, however, there are also copyright holders who see the BitTorrent tracker as a useful means to promote and distribute their works.
Today, the independent movie production company Iron Cat announced that it has partnered with LinkoManija to distribute its upcoming film "Barzda" (The Beard), both in Lithuania and abroad. The film will be distributed in collaboration with other torrent trackers to gain maximum exposure.
Previously, Iron Cat experimented with sharing a movie on Linkomanija and this turned out to be a great success. The film "Knygnesys" (The Book Smuggler) was downloaded 25,000 times in the first day alone, generating a lot of press and positive comments from the public.
"We have been using Linkomanija for quite a while, so when an opportunity for mutually beneficial cooperation presented itself, we did not hesitate to take it. Of course, the popularity of Knygnesys was an important factor in this decision," Barzda director Jonas Trukanas said. Linkomanija says that it will ensure that users notice the upcoming release.
"Our objective is to make the film accessible to the widest possible audience," Linkomanija's owner said in response to news of the unusual partnership.
If anything, the deal illustrates that BitTorrent trackers are more than the infringement havens they are often portrayed as. For many independent artists, obscurity is still a bigger problem than piracy, but it's a problem that BitTorrent can solve.
In the near future Linkomanija and Iron Cat hope to experiment further with new ways to finance and promote Lithuanian cinema.
Outside Lithuania, BitTorrent's potential as a promotion, revenue generating and publishing platform for filmmakers has been illustrated best by the Vodo project. Through this BitTorrent powered project, several filmmakers have already reached an audience of hundreds of thousands of viewers, and today two major new releases ("P1" episode 4 and "Zenith" part 2) were added to this list.
Cloud Computing Adoption Underestimated
Excerpted from CRN Report by Chad Berndtson
Business adoption of cloud computing enablers, from virtualization management to software-as-a-service (SaaS), is happening faster than even the most optimistic projections, according to Bill McCracken, CEO of CA Technologies.
"The rate and pace is going to pick up," McCracken told a gathering of CA solution providers in New York, NY on Tuesday, discussing cloud adoption. "The industry estimates are wrong. They're low. You can write that down. It's growing faster and moving faster than we're predicting. The opportunity is standing in front of us."
The kickoff Tuesday of CA's first Channel Summit in several years showed a sense of renewal for the oft-conflicted software management company. A parade of CA executives - many of whom have been with CA for less than two years - sought to assure the more than 125 partners in attendance that CA is a channel-focused company, free of the channel conflict and process issues that have plagued its program in the past, not to mention the financial scandal that shattered confidence in CA years ago.
It's time to start a channel renaissance, said CA's leadership team.
"Years from now, we will look back and say this is the group of people we started a new chapter of growth with," said George Fischer, Executive Vice President and Group Executive, Worldwide Sales and Operations
At the heart of CA's strategy is a big bet on the cloud. In October, CA lifted the curtain on a new MSP channel program based on its acquisition of 3Tera and 3Tera's AppLogic offering. What's coming next, said CA executives Tuesday, is also a turn toward the midmarket, which CA defines as customers between $200 million and $1 billion in annual revenue and representing a potential $17 billion opportunity for CA and its solution providers.
Cloud is coming fast in the midmarket, executives said. It's coming fast, period - even to the large enterprise customers that still account for 90% of CA's $4.5 billion in annual revenue, and who are hesitant to put aside the massive data centers in which they've invested millions.
But the change is unmistakable, McCracken said. CA is looking at ways to make all of its products deliverable as-a-service.
"Today's technology allows companies to change the way they're able to run their businesses and compete in their business," McCracken said. "Companies have a business model that's built on IT that drives their competition out of business."
In his keynote address, McCracken sought to portray CA as deeply experienced in IT management software, and therefore decades more prepared for the cloud migration than newer entrants to the market.
"We will grow off our base. We're not going into an adjacency," he said. "We have managed and secured IT for 35 years, and that's what's needed in the cloud environment now. It's our core, it's what we've done, it's what we've learned, it's what we've made mistakes in. We've probably forgotten more about management than some companies trying to drive into it have yet learned."
In the past two years, CA's spent about $1.2 billion on acquisitions, but also about $600 million on its own technology research and development, he said. That adds up to nearly a $2 billion investment by CA in the cloud environment - "that's where the growth is coming from," McCracken said.
"You're in the heart of it, and we're in the heart of it. We need you to partner with us to become who we want to be and grow the way we want to grow."
The breadth of CA's portfolio, including the myriad technologies and platform options it's acquired via acquisition, is one of the industry's best bets for cloud computing, said David Dobson, Executive Vice President and Group Executive, Customer Solutions Group. The biggest areas of untapped potential for CA are the midmarket, and also with service providers, who are building as-a-service infrastructure to deliver to customers.
"The opportunity for us to grow is a very large opportunity," said Dobson, who joined CA from Pitney Bowes, where he was president of Pitney Bowes Management Services, in April 2010.
Going forward, CA will increase - by a factor of five, Dobson said - the amount it invests in how to turn products acquired by CA into integrated solutions more effectively. In general, CA will look to optimize what Dobson called "outdated processes" and make it easier for both solution providers and end user customers to do business with the company.
"We have a fair amount of work to do to transform our business to make us easier to do business with and streamline," he said.
Watch for CA to continue to focus on all of the areas where it has strengths, said Dobson, who described CA as "the glue that holds all this together." Those include service assurance, security, virtualization management, and service automation, service, and portfolio management, mainframe, and the cloud-connected enterprise.
"We can't be a thought leader and industry leader if we don't participate in every one of these segments," Dobson said. "We need to be a leader in these segments."
Dobson said solution providers need to think of the cloud computing migration as both evolutionary and revolutionary: the former in the sense that bigger enterprises will make the transition more slowly, while hanging on to a lot of their existing infrastructure for a few years, and the latter in the sense that smaller companies are generally faster cloud adopters because it's easier and more effective for those customers to buy and use IT resources on demand.
CA executives urged partner patience as CA continues to tighten up its channel program and attempt to leave the past in the past.
"It's a work in progress," said David Bradley, Senior Vice President, Global Channel Sales. "One pillar we're going to bring forth is simplification."
"We're not defect-free," added Fischer. "We're not here to compete with you, we are here to partner with you. We take this very seriously and we've made a few mistakes. The good news on that is that we have learned, and we are in learning mode."
Cloud Computing Security: Emerging Vendor Round-Up
Excerpted from Datamation Report by Jeff Vance
Cloud computing security is a hot topic these days. Last week, we covered seven emerging cloud security vendors who are doing their best to make cloud computing every bit as secure - if not more so - than on-premise computing.
Last week's story featured the likes of Okta, SecureAuth and Symplified. In other words, it was heavy on identity management and access controls - two of the most critical components of secure cloud computing.
This week, we look at virtualization security, security for e-commerce transactions, cloud-based data loss protection and more. Here are seven more cloud security up-and-comers:
Awareness Technologies: With high-profile security breaches, such as those that hit TJX, the VA, the FAA, the DoD, and, well, this list could go on and on, data-loss protection is a critical issue for all organizations. It's especially an issue for those that must comply with regulations like PCI-DSS, FISMA and HIPPA.
The problem with current Data Loss Protection (DLP) solutions, according to Brad Miller, CEO of Awareness Tech, is that they sit within the corporate network and therefore act in a manner similar to traditional perimeter security. They work well when integrated with Outlook or when blocking USB ports on laptops.
When users are disconnected from the corporate network, when they access their own personal web-based e-mail accounts or when they are using an array of mobile devices, traditional DLP doesn't keep up.
In other words, Awareness Tech argues that traditional DLP ("traditional" may be a stretch since this is still a fairly new space) is not up to snuff when it comes to cloud computing and mobility.
Awareness Tech focuses on insider security risks through its InterGuard suite of products that offer DLP, web filtering, employee monitoring, mobile monitoring and mobile device recovery, remote data retrieval and wiping, and remote tracking (for both recovery and forensic purposes).
InterGuard is a cloud-based solution designed to bolster security in a world increasingly moving to the cloud and to mobile devices, such as smart-phones and tablets. The company is backed by $6 million in VC and private funding and is both revenue and cash-flow positive.
One of key features of the InterGuard suite is that when a device is lost or stolen, InterGuard will track what's happening on the device. In industries rife with corporate espionage and IP theft, if a thief logs into an e-mail account, you'll have a record of it. If the person signs into Facebook or some other social networking site, you'll know who they are. And, of course, with built-in geolocation, you'll be able to alert the authorities to track them down and recover the device.
Customers include NASA, the Department of Justice, Allstate, IBM, and Wells Fargo.
HyTrust: Within virtualized environments, maintaining security without hindering end user accessibility can seem like an uphill battle. Too often, one is sacrificed for the other - and security is what is most often sacrificed. Gartner studies report that up to 60% of virtualization environments are less secure than their physical counterparts, leading the enterprise to be understandably apprehensive when it comes to virtualization and cloud computing.
Moreover, a majority of breaches are caused by simple misconfigurations or inappropriate user privileges. In a virtual environment, a single misconfiguration, if exploited, could lead to a major incident.
Instead of focusing only on the security requirements of VM operating systems, HyTrust addresses security, multi-tenancy and compliance for both cloud and virtual environments. The HyTrust virtual appliance provides access control, policy enforcement, and audit-quality logging for vSphere, Nexus, and UCS.
HyTrust addresses a key vulnerability in an increasingly large market. Without policy enforcement and access control, virtual and cloud environments pose serious risks. The company is backed by $16 million in funding from Cisco Systems, Granite Ventures, Trident Capital, and Epic Ventures. Customers include Pepsi, AMD, GEICO, State of Michigan, US Navy, Netflix, and Hudson News.
Shavlik Technologies: Malware. Viruses. Web-based worms. No matter how small the network a bevy of new and increasingly dangerous security threats loom just beyond the perimeter. Attackers are increasingly quick to discover new vulnerabilities and to exploit them.
Thus, taking a proactive approach to managing patches and plugging known vulnerabilities must be a priority for IT.
To adapt to new threats, many organizations have turned to deep-packet-level inspection. But small- to medium-sized businesses have different needs - and smaller budgets - than larger enterprises. SMBs have limited funds and few (or no) personnel to devote to endpoint management. Many also lack the necessary security expertise to repel evolving threats, even if they do have the bodies to throw at the problem. These businesses need a lower-cost, turnkey solution for their patch, asset and security remediation needs.
Shavlik's Cloud Patch is a web-based scanner that detects missing security patches for both the OS and third-party products that are installed locally. Using Shavlik's technologies, any IT administrator can launch the Shavlik scanner through a browser. The scanner will then agentlessly detect all of the missing security patches. Scanning is executed without forcing IT to change firewall ports or otherwise lower the security perimeter. Cloud Patch also delivers tools for asset management and remediation.
While a majority of competitors are taking a perimeter management approach to securing SMB networks, Shavlik is one of the few security vendors offering a scanning and patch-management solution from the cloud. This approach delivers a more flexible, scalable solution with significantly lower TCO.
Shavlik has been around for almost 20 years, so why are they an up-and-comer? Simple: cloud security is a land grab right now, and Shavlik is busy grabbing land in the much neglected SMB space. Shavlik claims 200,000 customers worldwide, and says it has delivered over 600,000 patches to tens of thousands of endpoints worldwide.
Several security partners have embedded Shavlik's technology into their own solutions, including BMC, Dell KACE, Symantec, and Scriptlogic.
Verifi: Commerce and online sales will only continue to rise in the coming years. Forrester Research projects that by 2014, US online sales will comprise nearly 8% of all retail sales in the country, equaling almost $250 billion dollars. For thieves, though, the steady growth of online sales presents countless opportunities.
Unlike brick and mortar retailers, online merchants only have credit card numbers and a few key personal identifiers to rely on when processing online transactions. Inherent limitations to the market (e.g., you can't check the person's ID over the web) make it tough to sort out the frauds from valued consumers. And with more retailers moving to a multichannel sales model to increase online presence and revenue, there is also the potential threat of vulnerabilities in making this transition online.
Verifi's solution to this problem starts with analyzing a company's transaction history and comparing it to historical data. This data is used to develop specific rules for the merchant that prevent fraud but don't over-reject transactions. Merchants then tailor and scale a solution to their specific needs and experience. Verifi's software works with partner solutions, like ThreatMetrix (included in last week's article). Verifi works with partner solutions to leverage multiple data points before accepting a transaction. A few examples include geo-location, device finger-printing, internal databases and fraud filters.
Online fraud is an enormous problem, and anything to help e-merchants cope will have a decent chance of success. The US Department of Commerce stated that in Q3 2010 e-commerce sales increased 14.1% compare to the year prior, versus 5.8% over the same period for physical retail. E-commerce currently represents only about 5% of the total sales in the US, so there's huge room for growth. Verifi intends to capitalize on that growth by mitigating the risks that will plague those moving their sales online.
Voltage Security: Clients want to ensure that their confidential information - such as financial and personal information - is safe from theft. But critical information must be available on demand for various business processes. If traditional encryption methods are not compliant with data in the cloud, this inhibits the data from being accessed at critical moments.
Voltage enables the protection of confidential enterprise data when it's in use in, being processed in, or stored in the cloud in a way that allows it to still be used for a variety of business processes. This is accomplished by cryptographic technologies and simplified key management. Identity-Based Encryption (IBE), Format-Preserving Encryption (FPE) and tokenization, data masking and other technologies allow data to be protected inside and outside the cloud. Even if external attackers or malicious insiders gain access to the data, they won't be able to decipher it.
According to Ponemon Institute, enterprises now spend, on average, more than $6.65 million to recover from a single data breach. Entire security spaces, such as DLP, have emerged to target the breach-prevention market.
Voltage is backed by more than $42 million in VC funding and has an impressive client and partner roster, including Heartland Payment Systems, Microsoft, AT&T, CUNA Mutual, Kodak, Wells Fargo, WatchGuard, and Websense.
Vyatta: It's no secret that the perimeter, hardware-based networking and security model doesn't quite work in the cloud. Traditional edge networking and security has not been modernized the way server and storage infrastructure has been over the past decade. According to Vyatta, the next generation of infrastructure must be delivered as an application that maps to the elastic model of the cloud in order to keep up.
Some vendors in hardware-based routing and security are tying services to virtual switches or providing firewall-only virtual machines, both of which represent a continuation of the sort of vendor lock that many organizations are hoping the cloud will break. This doesn't just fall short of meeting cloud network architecture requirements (on-demand, elastic, mobile, platform neutral, limited footprint), but it also limits cloud developers' ability to properly protect virtual machines and users in a multi-tenant environment.
The platform-independent Vyatta Network OS virtual machine is a bridging, routing and network security (firewall, IPS, IPSec & SSL VPN, web filtering+, layer 2 cloud bridging) solution for cloud computing platforms. Vyatta addresses the complex automation, migration and advanced security needs of hosted public cloud data and centralized private clouds by enabling cloud architects to design complete n-tier networks within a hypervisor environment. Vyatta's solution is delivered on-demand and can be used on a per-customer or per-server basis.
The company is backed by more than $28 million in VC funding and claims to have over one thousand customers and tens of thousands of software and appliance installations around the world. Fortune 500 customers include Toyota, EMC, Honeywell, and CBS.
Zscaler: Data breaches, insider threats and cloud-based vulnerabilities all tax traditional security. For instance, when employees at an organization fall victim to an attack, be it a phishing attack or malware on a device used for both business and personal use, they can unknowingly bring malware into the corporate network, which can easily add up to millions of dollars in productivity or IP loss.
Additionally, addressing the issues of regulating a mobile workforce and providing advanced content scanning are both issues that put such a large burden on IT that many organizations can't keep up.
Zscaler provides "policy-based secure internet access for any employee, on any device, anywhere." Through "innovations in its massively scalable cloud architecture," the Zscaler Security Cloud provides an ultra-low latency SaaS security solution that requires neither hardware nor software to function properly.
Zscaler's cloud security service suite offers anti-virus, anti-spyware, anti-spam, URL filtering, Web 2.0 control, bandwidth control, mail flow control, and Data Loss Prevention (DLP). Large enterprises and small businesses can take advantage of the cloud to secure their employees at much lower TCO than traditional solutions.
In just two years, Zscaler's cloud security service has grown to over 40 data centers, processing over a billion transactions a day to secure millions of enterprise, SMB and Service Provider customers. According to the company, this growth is due to major advancements in service architecture, scanning speed and capacity, and logging and reporting. Zscaler claims that it can actually scan every byte of data to provide the most comprehensive security across web and email traffic.
Customers include La-Z-Boy, HDFC (India's largest home mortgage company), HCR ManorCare, LANCO Group, and Crutchfield.
Patent Acquisition Opportunity Related to Cloud Computing
Global Technology Transfer Group (GTT Group) has announced a new distributed computing patent portfolio acquisition opportunity.
GTT Group is a patent transaction advisory and consulting firm, which combines core competencies in patent valuation and analysis with its global network to deliver unparalleled results. The company's corporate headquarters are in Portland, OR, with representation in North America, Asia, and Europe.
The distributed computing patent portfolio consists of nine issued US patents. The portfolio contains early priority patents in the cloud computing space and covers virtual data storage, resource management, and distributed computing infrastructure.
The portfolio provides a unique acquisition opportunity due to its early priority and applicability to current industry solutions. The patented inventions clearly foresaw the adoption of cloud computing and the replacement of centralized systems.
GTT Group has prepared detailed information describing the patented inventions and their use in current distributed systems. Detailed information will be made available to qualified interested parties under an appropriate confidentiality agreement.
"We regard the portfolio as essential to the present and evolving cloud computing ecosystem," remarked Michael Lubitz, CEO & Chairman of GTT Group.
To receive more information about this opportunity, please contact Andrew Godsey at GTT Group.
Coming Events of Interest
1st International Conference on Cloud Computing - May 7th-9th in Noordwijkerhout, Netherlands. This first-ever event focuses on the emerging area of cloud computing, inspired by some latest advances that concern the infrastructure, operations, and available services through the global network.
Cloud Computing Asia - May 30th - June 2nd in Singapore. Cloud services are gaining popularity among information IT users, allowing them to access applications, platforms, storage and whole segments of infrastructure over a public or private network.CCA showcases cloud-computing products and services. Learn from top industry analysts, successful cloud customers, and cloud computing experts.
Cloud Expo 2011 - June 6th-9th in New York, NY. Cloud Expo is returning to New York with more than 7,000 delegates and over 200 sponsors and exhibitors. "Cloud" has become synonymous with "computing" and "software" in two short years. Cloud Expo is the new PC Expo, Comdex, and InternetWorld of our decade.
The Business of Cloud Computing - June 13th-15th in San Diego, CA. Cloud Computing is the latest disruptive technology. Enterprises, large and small, are looking to cloud computing providers for savings, flexibility, and scalability. However, potential adopters of all sizes are concerned about security, data management, privacy, performance and control.
CIO Cloud Summit - June 14th-16th in Scottsdale, AZ. The summit will bring together CIOs from Fortune 1000 organizations, leading IT analysts, and innovative solution providers to network and discuss the latest cloud computing topics and trends in a relaxed, yet focused business setting.
Cloud Leadership Forum - June 20th-21st in Santa Clara, CA. This conference's enterprise-focused agenda, prepared with the help of nearly a dozen IT executives, will bring you case studies and peer insights on how leading organizations are approaching the cloud opportunity - plus much more.
Cloud Computing World Forum - June 21st-22nd in London, England. This third annual event is free to attend and will will feature all of the key players within the cloud computing and software-as-a-service (SaaS) market providing an introduction, discussion and look into the future for the ICT industry.
|