Have you heard of the Technology CEO Council? Neither had I until recently. The council is made up of a strange mix of tech CEOs from organizations including Applied Materials, , , IBM, Intel, Micron, and Motorola. Why this group and not Adobe, Cisco, HP, Juniper Networks, Microsoft, Oracle, and Symantec? Beats me.
Anyway, the group published a paper in early October called, “One Trillion Reasons: How Commercial Best Practices to Maximize Productivity Can Save Taxpayer Money and Enhance Government Services.” The paper stresses the need to reduce federal spending and suggests some IT initiatives in support of this objective. The initiatives include:
The paper is available at www.techceocouncil.org.
I agree with the spirit of this paper as there are plenty of ways to use IT costs savings to reduce overall federal spending. That said, the paper is pretty weak and self-serving. Specifically:
The CEOs also need to remember that their own internal IT organizations are far different than those in the federal government. When EMC executives mandate a massive VMware project, all of IT jumps into formation. It doesn’t work that way in the public sector.
There were certainly some good points in the paper, but overall it is really a marketing piece put out by a lobbying organization. In my humble opinion, there is some irony in this paper and organization–while the Technology CEO Council puts out a paper about how the federal government can save money on IT, companies like Dell, EMC, IBM, and Intel are happily wasting dough on a half-baked lobbying/PR organization. Funny world.
Tags: Applied Material, CIA, Cloud Computing, data center consolidation, Dell, DHS, DISA, EMC, Federal Enterprise Architecture, FedRAMP, FISMA, IBM, Intel, Klinger-Cohen Act, Micron, Motorola, NASA, Technology CEO Council, Vivek Kundra Posted in Uncategorized | No Comments »
Earlier today, IBM announced its intention to acquire OpenPages, a privately-held software company focused on identifying and managing risk and compliance.
There is obvious value in this deal based upon market interest in risk management alone. In the past ten years we’ve seen the subprime mortgage securities collapse, a rise in global terrorism, and explosive growth in cybercrime. Certainly businesses need better risk management tools to cope with these kinds of events.
With OpenPages, IBM gets to throw its hat further into the risk management ring, but that’s not all. OpenPages provides IBM with strong synergies around other IBM business opportunities like:
Clearly the OpenPages wasn’t as newsworthy as HP buying ArcSight or Intel buying McAfee, but it certainly aligns with IBM’s strategy, complements existing products and services, and gives IBM sales reps another solution to sell to customers.
Tags: ArcSight, Consul, HP, IBM, Intel, IT Risk Management, McAfee, OpenPages, Risk Management Posted in Uncategorized | No Comments »
It’s been a few days since Intel‘s surprising McAfee acquisition announcement. This weekend, I took time to read what others were saying about the merger and there seems to be a lot of posturing and confusion out there. Here is a short list of some of the misconceptions:
Many of the smartest financial and industry analysts can’t make heads or tails out of this deal and I can understand their confusion. There really are no obvious synergies between the two technologies. Nevertheless, I believe that the security market is in transition where new products will need a whole new level of scale, intelligence, integration, and enterprise-class sophistication. The “new” security market will start abruptly and grow to over $1 billion extremely quickly. Intel wants a piece of this transition as well as portfolio diversification. It’s that simple.
Tags: Good Technology, Intel, Juniper, McAfee, Microsoft, Mobile Active Defense, SafeBoot, SMobile, vPro Posted in Uncategorized | No Comments »
Before the bell rang on Wall Street, Intel shocked the army of Latte sipping financial wonks by announcing its intentions to buy security leader McAfee. The deal is valued at $7.7 billion or $48 per share, about a 60% premium on the stock price.
A few financial analysts who cover Intel say that this is about Intel’s mobile device aspirations. Maybe, but McAfee just got into the mobile device security market and my guess is that this business accounts for $5 million in revenue or less.
Sorry Wall Street but that ain’t it at all. I believe that Intel sees the same thing I see. The security market is wildly fragmented with vendors producing tactical point products for its customers. These point products can no longer address the environment of sophisticated and massive threats. In the very near future, enterprise and service provider security technologies must deliver unprecedented levels of scalability, manageability and integration.
Guess what? In today’s market there isn’t a single vendor who can deliver a security product suite anywhere near what’s needed in the market. Get it Wall Street? There is massive emotional demand but no supply. Here’s the kicker — without significant improvements in security, this whole Internet party hosted by companies like , eBay, , , etc. could get really, really ugly soon.
To be fair, McAfee can’t deliver the level of scale, manageability and integration that the market demands but it’s as close as any other vendor. Combine this with Intel hardware, money, and brainpower and you’ve gotten something.
I believe Intel sees a market opportunity, not a product opportunity. Yes, there is plenty of room to integrate McAfee with mobile phones, microprocessors, and NSPs but this is a footnote to the story.
A few other observations:
Tags: ArcSight, Check Point, Fortinet, IBM, Intel, LogRhythm, McAfee, Nitro Security, RedSeal, RSA, Sourcefire, Symantec Posted in Uncategorized | No Comments »
Two stories caught my eye yesterday.
First, a company named Newegg shipped counterfeit Intel i7 chips to customers. Customers received a clay mold and piece of scrap metal rather than a real processor. Intel and others are investigating this situation.
In another story, the Energizer Duo Charger, a laptop battery charger kit made of up hardware and software, was found to contain a Trojan Horse program in its optional battery charge monitoring software (note: the Trojan impacts Windows, but not Macintosh computers). When activated, the Trojan, which opens port 7777, can install files, read directories, and communicate with remote hackers. Energizer is cooperating with US-CERT to try to figure out how the code got into its product.
How are these stories related? Both describe an issue that gets little attention: cyber supply chain assurance.
The cyber supply chain is made up of a network of suppliers, distributors, business partners, and customers that share cyber business processes, develop technology, and distribute products. Since the cyber supply chain composes a vast network of companies, one weak organization or bad apple can compromise products and create vulnerabilities for all downstream parties.
With the Intel case, it appears that someone corrupted the distribution chain. With Energizer, it seems like a rogue developer or software tester was introduced into the development cycle.
So here’s the problem: in general, we trust that the products we purchase are safe. Bad assumption, as the Intel and Energizer example points out. This also holds true for technology vendors themselves, who ultimately integrate a bunch of microprocessors, specialized chips, and software code together. Could any of these components be tainted? Absolutely.
Here’s a scary statistic: in a recent study, the U.S. Department of Defense found that only 2% of all the microprocessors and integrated circuits purchased are actually manufactured in the United States. This gives foreign adversaries ample opportunity to tamper with critical systems in a way that is extremely hard to detect.
Technology is developed by distributed groups of engineers and outsourced firms across the globe. Final assembly is often done offshore. Distributors install software on systems and then repackage them. Testing software security is often weak or ignored.
The Intel and Energizer stories prove that trusted products can be tampered with in the supply chain. We need to address this with the right knowledge, processes, and countermeasures. Continuing to ignore it will lead to more and more similar events.
Tags: Cyber Supply Chain Assurance Model, DHS, DOD, Energizer, Intel Posted in Uncategorized | No Comments »
It’s pouring in San Francisco, but ironically, the RSA Conference is already pointed toward clouds–in this, case cloud computing security.
There were two announcements yesterday around securing private clouds. New initiative king Cisco announced its “Secure Borderless Network Architecture,” which is actually pretty interesting. Cisco wants to unite applications and mobile devices through an “always-on” VPN. In other words, Cisco software will enforce security policies for mobile devices regarding which applications they can use and when–without user intervention. Pretty cool, but you would need a whole bunch of new Cisco stuff to make this happen.
On another front, industry big-wigs EMC, Intel, and VMware are pushing for a “hardware root of trust” for cloud computing. The goal here is to create technology that lets cloud providers share system state, event, and configuration data with customers in real time. In this way, customers can integrate cloud security with their own security operations processes and management. This is extremely important for regulatory compliance. (Note: Another reason why EMC/RSA bought Archer Technologies).
These interesting announcement probably presage a 2010 RSA Conferernce trend: “all cloud all of the time.” Since ESG Research indicates that only 12% of midsized (i.e., 100 to 999 employees) and enterprise (i.e., more than 1,000 employees) will prioritize cloud spending in 2010, all of this cloud yackety yack may be a bit over the top.
Two other announcement worth noting here:
See you at the show!
Tags: Cisco Systems, Cloud Computing, Cloud Computing Alliance, EMC, F5 Networks, Federal Government, Infoblox, Intel, VMware Posted in Uncategorized | No Comments »
Your email: