Despite the unseasonably cold weather, I participated in a mobile security event yesterday at the historic Willard hotel in Washington DC. I set the stage and presented a bunch of ESG Research data on mobile device use, security, and management. Other organizations presenting included the Defense Information Systems Agency (DISA), the (NRC), the US Patent and Trademark Office, and Juniper Networks.
It turns out that DISA is doing some very interesting things around mobile computing. For example, members of the US military can access an information portal called Defense Knowledge Online from their mobile phones. DISA also talked about a program called Go Mobile meant to provide numerous communications, training, and collaboration applications to mobile soldiers.
Since we are talking about the US Department of Defense, mobile device security is a critical requirement for this program so Go Mobile includes user authentication, secure data storage and transfer, secure device management, etc.
Initially Go Mobile was built for Blackberry devices but DISA is now adding support for Apple iPhones and Android phones because of high demand from users. Unfortunately, adding iPhone and Android support is more difficult than DISA anticipated. Why? Because both Apple and Google refuse to give DISA access to their security APIs so DISA had to do a series of workarounds to meet its security requirements. For example, DISA had to add an external Bluetooth device to provide secure personal networking capabilities because Apple wouldn’t provide API access to its iPhone security stack.
Hold the phone here! Apple and Google aren’t willing to provide additional technical support to the United States Department of Defense? Nope. One person I spoke with from DOD said that Apple flat out refused to play ball, telling DOD to “talk to our integrators and carriers.”
I understand that Apple and Google want to control their technology. If Citi or GE asked for API access, perhaps it would make technical sense to refuse but we are talking about the Department of Defense here.
Apple and Google have a market advantage and they know it — Androids and iPhones are so popular that Apple and Google can thumb their noses at DOD. In most cases, DOD would exercise cyber supply chain security best practice and refuse to purchase insecure Androids or iPhones at all. The fact that DOD is going the extra mile and developing workarounds demonstrates that it is willing to do the right thing for American troops in spite of this lack of industry cooperation.
It seems to me that Apple and Google are making self-centered bad decisions here that won’t play well with the American public. Clearly, Apple and Google should re-think these myopic and selfish policies. Providing API access to DOD is the patriotic and moral thing to do, especially since DOD is opening the door to lots of sales opportunities for both companies.
Tags: Apple, Bluetooth, cyber security, cyber supply chain security, Department of defense, DISA, DOD, Go Mobile, Google, iPhone, Juniper Networks, mobile computing, mobile devices, Security. Android Posted in Uncategorized | No Comments »
According to ESG Research, only 7% of the large mid-market (i.e., 500-1000 employees) and enterprise (i.e., 1,000 employees or more) are not using server virtualization technology and have no plans to do so. Alternatively, 61% are using server virtualization technology extensively in test/development AND production environments.
Okay, so server virtualization technology is everywhere, but how are large organizations using it? Many technology vendors would have you believe that enterprises are using server virtualization as the on-ramp to cloud computing. The industry crows about server virtualization’s use for IT automation and self-service, as VMs are rapidly provisioned, dynamically re-configured, and moved constantly from physical server to physical server for load balancing and resource optimization.
It’s a great vision, it just isn’t happening today. Most organizations use server virtualization for web applications and file and print services but far fewer have taken on transaction-oriented applications or databases. Many firms still struggle with performance issues when trying to align physical networks, storage devices, and servers with virtualization technology. As for VM mobility (i.e., vMotion), only 30% of the organizations surveyed by ESG use VM mobility on a regular basis. Why eschew VM mobility? It turns out that 24% of organizations say they have no need to use VM mobility functionality at this time.
The ESG data does suggest that server virtualization represents paradigm shift driving huge changes in IT organizations, processes, and technologies, but these transitions will take time to work their way out. Many enterprises will get to a state of more dyanamic data center transformation–around 2013 or so.
Take my word for it, the IT rhetoric around server virtualization is visionary hype rather than actual reality. I’ve got tons of data to back this up. There are more average Joe IT shops out there than whiz-bang organizations like , , and Microsoft and there always will be.
Tags: Amazon, Cloud Computing, ESG, ESG Research, Google, Microsoft, server virtualization, vMotion, VMware Posted in Uncategorized | No Comments »
Microsoft and partners announced a series of new mobile phones yesterday. The new phones are based upon Windows 7 which replaces the more antiquated Windows Mobile OS.
This announcement places Microsoft in an unfamiliar spot, the “hot seat.” Everyone is pressing Microsoft on how its Windows 7 phones will compete with iPhone and Google Android. When Microsoft CEO Steve Ballmer visited NBC’s “Today” show, host Matt Lauer mentioned the iPhone several times. Ballmer continually re-directed him back to the product.
One overused IT cliche is to declare that a company or product is “dead.” I’m sure that many pundits are saying this about Microsoft, trumpeting that Windows Phones are simply too little too late. I disagree for several reasons. Yes, Apple and have become the sexy consumer phones, but Microsoft still has a huge enterprise installed base. According to a recent ESG Research survey, 62% of enterprises already offer formal support for Microsoft mobile phones. Only Blackberry enjoys a higher support status. Combined with its Windows prowess, Microsoft has an opportunity to:
Microsoft shouldn’t try to compete with consumer-focused iPhone or Android. Rather it should combine some sexy consumer features with rock-solid business functionality. Apple and Google have momentum, Blackberry is vulnerable. If Microsoft establishes this position as “good enough” for consumers but superior for the enterprise, it wins where it counts–with software revenue.
Tags: Android, Apple, Blackberry, Google, iPhone, Microsoft, RIM, Windows Mobile, Windows Phone Posted in Uncategorized | No Comments »
If you watched any football games yesterday, you are well aware of the fact that October is National Breast Cancer Awareness Month. Kudos to the NFL for bringing national attention to this deadly disease and donating money to find a cure.
You are probably unaware, however, that October is also National Cybersecurity Awareness Month.
Over the course of the last year, we’ve witnessed visible cyber attacks on Google in January. We’ve seen the activation of the U.S. Cyber Command at Ft. Meade. At my last count, there were ten different bills in Congress related to cybersecurity, including, “The Protecting Cyberspace as a National Asset Act,” a comprehensive piece of legislation coming out of the Senate’s Homeland Security and Government Affairs Committee. Former “cyber czar” Richard Clarke published a new book titled, “Cyberwar.” Finally, we’ve recently witnessed the Stuxnet worm, a cyber weapon attacking the Iranian nuclear infrastructure.
I am providing this brief history to highlight a problem–if you aren’t a Washington cybersecurity insider, you would never know it is National Cybersecurity Awareness Month. Ironic? Yes, but also sad.
Now, I know it is early in the month and there is lots of further activity planned. I am also aware of the fantastic work driven by the National Cyber Security Alliance, an industry group spearheading the National Cybersecurity Awareness Month (www.staysafeonline.org). President Obama will step up and talk about cybersecurity and the indefatigable Howard Schmidt will be as vocal and visible as possible throughout October.
These folks deserve a lot of credit, but somehow the IT and security industries continue to offer lip service support for National Cybersecurity Awareness Month through their Federal offices alone. I did a quick website scan of leading IT and security companies this morning: only RSA Security mentioned National Cybersecurity Awareness Month on its website (Note: The acting NCSA President works at EMC/RSA).
My point here is that National Cybersecurity Awareness Month isn’t making enough people aware of cybersecurity vulnerabilities, education, or government initiatives. Why? It doesn’t appear to me like the industry really cares. Oh sure, there is a bit of token money to appease their clients in Washington, but where is the national spotlight? Beats me.
I was on this soap box last year and will continue to be until I’m proven wrong. I probably have 20 meetings scheduled with security industry insiders in October and I’ll ask each and every one of them if they know what month it is. My guess is that they will say National Breast Cancer Awareness Month.
Tags: EMC, Google, Howard Schmidt, National Cybersecurity Awareness Month, NCSA, President Obama, Richard Clarke, RSA, Stuxnet Worm, U.S. Cyber Command Posted in Uncategorized | No Comments »
Consumer buzz tends to center on two mobile phones: Apple iPhone and Android. As far as the enterprise is concerned however, these two phones remain down the list.
ESG Research conducted a survey of 174 IT professionals from enterprise organizations (i.e., greater than 1,000 employees) and asked them which mobile device platforms their organizations support. Here is what they said:
Phone: Support today: Will support in the future:
Blackberry 74% 11% Windows Mobile 62% 9% iPhone 43% 18% Palm WebOS 24% 17% Google Android 8% 16% Symbian 7% 14%
A few facts about the survey. First, it was conducted at the very end of 2009 so it doesn’t capture recent momentum or the impact of new products like iPad and iPhone 4. Additionally, this data comes from IT professionals in North America only.
My read of this data is as follows:
Unlike consumers, enterprises want more than just cool devices — application development, device management, security, and integration into the existing infrastructure are all important considerations. Vendors need to find the right combination of consumer cool and corporate requirements support if they want to defend their position or gain share in the enterprise.
Tags: Android, Apple, Blackberry, Google, HP, iPhone, Microsoft, Palm, Palm WebOS, RIM, Symbian, Windows Mobile Posted in Uncategorized | 1 Comment »
The latest iPhone commercials feature video calls and multiple couples sharing intimate moments. When describing , wireless carrier talks about, “the apps you crave.” Microsoft’s latest pitch is that Windows Mobile phones fold neatly into social networking.
There are a few common themes here. Each vendor is targeting consumers with whiz-bang functionality and lots of applications. Video capabilities are highlighted in all cases.
Given this focus, you would think that mobile devices = consumer devices but this is not the case. Enterprises are also running to and jumping on the mobile device bandwagon in a big way.
ESG Research surveyed 174 IT professionals about their organizations’ adoption and use of mobile devices. Here are a few data points that illustrate growing mobile device usage in the enterprise.
Question 1. What are your organization’s spending plans for mobile devices and mobile device support?
37% spending will increase significantly 45% spending will increase moderately 14% spending will stay flat 3% spending will decrease 1% don’t know
Question 2. How important are mobile devices to your organization’s business processes and productivity?
38% critical 48% important 11% somewhat important 1% not important today but will be important in the future 1% not important today or in the future 1% don’t know
Question 3: Does your organization develop, or plan to develop, specific applications for mobile devices?
28% already develop applications for mobile devices 34% plan to develop applications for mobile devices 26% no plans at this time but interested in developing apps. 11% no plans or interest in developing apps. 1% don’t know
In summary, enterprises are spending more on mobile devices and device support, they believe these devices are “critical” or “important” for the business, and most already develop mobile device applications or plan to do so.
Sounds to me like every IT vendor in the endpoint (PC, laptop, mobile device), network, security, management, and application markets should have a mobile device strategy. Those that either haven’t developed or articulated their strategies are way behind.
Tags: Android, Apple, Google, iPhone, Microsoft, Sprint, Windows Mobile Posted in Uncategorized | No Comments »
Here is another must read New York Times article providing more details about the cyber attack at :
Apparently the bad guys became cyber stowaways — unwelcome and undetected network occupants. Once network access was secured, the cyber stowaways fished around until they found the source code to Google’s password system that controls access by millions of users to Google services. While Google has since added new layers of security, it is still possible that the attackers inserted a Trojan Horse/back door in the password system or studied the code to discover other software vulnerabilities.
Google has some of the smartest software engineers in the world so it is likely that they can stay one step ahead of the bad guys, but the lessons of the Google breach should send up a red flag elsewhere for several reasons:
The bad guys are extremely good at what they do and in many cases, we are several steps behind. There could be cyber stowaways on lots of major commercial, government, and military networks just sitting there, biding their time, and waiting for the right opportunity or target. I hope this realization is now emanating in corporate boardrooms, congress, DHS, DOD, and NSA.
Tags: China, cybercrime, DHS, DOD, Google, NSA Posted in Uncategorized | No Comments »
Last week, Google announced that it will support OpenID as a Single Sign-On (SSO) and identity standard in its Apps Marketplace.
For the most part, this announcement flew under the radar of most people but it may be far more significant than a simple technology integration play for several reasons:
There are other standard and open source identity efforts like Project Higgins (backed by IBM and Novell) and Microsoft’s recently announced U-Prove technology. Now that Google is on board with OpenID, I hope we can start to merge these efforts and get the most out of each.
Internet identity is broken right now and we need a solution. Kudos to Google for recognizing this and supporting OpenID, an industry standard, rather than sending users down yet another proprietary path.
Tags: Google, IBM, Microsoft, Novell, OpenId, Ping Identity, Project Higgins, U-Prove Posted in Uncategorized | No Comments »
Caught between a rock and a hard place, Google did something few companies are brave enough to do — it went public about a data breach. This is especially noble as the company is really betting on cloud computing and SaaS for future growth.
While Google applications were not breached, Google (and all cloud providers) took a PR hit with this incident. That said, Google did a good job of reassuring the public about its security.
Clearly Google has its own business reasons for outing China with regard to its cybersecurity attacks. Nevertheless, there are a few bigger and more ominous warnings contained here:
Google has a lot of chutzpah but it is really fighting a battle for the good of Google. It is up to the rest of us to recognize that we are under attack and protect ourselves accordingly.
Tags: cyber supply chain, Cybersecurity, DOD, Federal Government, Google, industrial espionage, NSA Posted in Uncategorized | No Comments »
Yesterday, Cisco, EMC, and VMware unveiled the next iteration of their partnership. Together, the three will offer common support, professional services (through their joint venture, Alpine), and an integrated server, networking, and storage hardware offering called Vblocks. The companies will also work together on service and support.
During the announcement, all three participants highlighted the fact that Vblocks were really targeted at “private clouds.” In other words, a sort of turnkey cloud infrastructure to be consumed by a single organization.
Hmm. So some Fortune 500 company is going to buy a single hardware and hypervisor stack from these guys and replace all kinds of other servers, storage, networking, management tools, etc? Perhaps, but this seems like a stretch to me as this simply isn’t the way IT consumes products. That said, I believe that Cisco, EMC, and VMware could be very successful with Vblocks and its other new initiatives in the broad public sector space because:
* The Federal government is ga-ga over cloud computing. Since early this year, we’ve seen the feds allocate money for cloud initiatives, propose that GSA offer cloud services, and task NIST with developing cloud standards. Federal CIO Vivek Kundra can’t speak often enough about cloud computing’s potential. Sensing an emerging trend, many federal integrators like Lockheed-Martin, SAIC, and Unisys are building their own clouds believing that Federal agencies will soon buy capacity and services. Cisco, EMC, and VMware should be all over every cloud effort inside the beltway.
* Governments are modernizing IT. Federal, state, and local governments are actively consolidating data centers, replacing legacy systems, and adopting virtualization technology as a foundation. Case-in-point, the Commonwealth of MA released its, “IT Strategy for the Commonwealth 2009-2011″ plan in 2008. The plan calls for the Commonwealth to create, “a robust, agile enterprise IT architecture, shared services and applications, and common, effective management practices.” As part of this, MA will consolidate down to 2 data centers, one of these will be a brand new facility in Holyoke. Seems to me that a massive and somewhat green-field opportunity is a perfect target for Vblocks.
* Governments are already onboard. Kundra already selected Google Apps for Washington DC at his previous job and just last week the City of Los Angeles decided to abandon its own email system in favor of Gmail. These aren’t pure play government cloud computing efforts but they do represent a growing trend. It is likely that more and more service providers will develop specific SAAS applications for the public sector and they will need servers, networks, storage, and virtualization when they do.
The common theme here is that net-new infrastructure presents the biggest short term opportunity for Cisco, EMC, and VMware and that a lot of this activity is occurring in the public sector. This trend will only accelerate as more stimulus dollars flow to IT projects and/or some type of healthcare reform legislation gets passed.
Cisco, EMC, and VMware are leading enterprise companies but so are competitors like HP and IBM. What’s more, technology migration is always ugly. Yes, these three must enter these knife fights together but a public-sector push may be more fruitful while the private sector sorts out this whole nebulous cloud thing over time.
Tags: Cisco Systems, Cloud Computing, EMC, Federal Government, Google, GSA, HP, IBM, Los Angeles, NIST, Vivek Kundra, VMware Posted in Uncategorized | No Comments »
Your email: