Below is a digest of some interesting blogs that EMC Thought Leaders have posted in the last 7 days. Coutersy of @mattbuckley.
1. Reflections – EMC Executives Report From The Road
The problem with 80/15/5
By Art Coviello, Executive Chairman, RSA, The Security Division of EMC
As I speak with CIOs, boards of directors, and others with responsibility for IT security and risk management, I hear agreement that a new model of cybersecurity is overdue. For a long time now, organizations have typically spent 80 percent of their IT security budgets on prevention, 15 percent on monitoring and detection, and 5 percent on response. The problem with this allocation is that the vast majority of the spending is perimeter-based, static and inflexible. Even the monitoring spend is probably heavily weighted to IPS (intrusion prevention systems), again perimeter-oriented.
2. Chuck's Blog – An EMC insider's perspective on information, technology and customer challenges.
Thriving In A Post-ITaaS World: Clouds As Platforms For Innovation
For me personally, it's been crazier-than-normal-crazy over the last few months. Most years, summer slows things down a bit, but not this year. Why? As I might have predicted, the brunt of the ITaaS (IT as a service) transformational wave has started to hit. We are now starting to be collectively besieged by growing cadres of IT leaders who want to start driving meaningful change in their own organizations. I couldn't be more pleased.
When Flash Changed Storage: XtremIO Preview
Anyone in the IT infrastructure business is fully aware that flash memory is redefining how we think about performance, and not just storage itself. With most applications, you're usually performance limited by the physical challenge of getting data into (and out of) the processor; shrinking I/O latency from milliseconds to microseconds means a huge boon for anyone concerned about cost-efficient performance. As a result, flash is redrawing the storage landscape. Flash has found its way into traditional storage arrays (e.g. EMC's FAST), server-side caching (e.g. EMC's VFcache), and will soon be available as caching appliance, e.g. EMC's Project Thunder.
Is Glacier cloud tape?
My first thought this morning having read a few things about Amazon Glacier is that yes, Glacier is indeed an object storage system using tape as it’s long term retention media. Front ended with disk to provide the landing area for data transmitted via the Glacier object interface, keep inventories, handle replication, and act as the 24 hour download area. When you’re waiting for your 3 to 5 hour time to first byte window to pass that’s a robot picker waiting for a tape drive or drives to free up so it can load the required tape volumes and start reading them off to a disk staging area from where you then download your data. Nice image, though I expect the pickers will never be idle for any real amount of time.
4. Information Playground – Global High-Tech Innovation
The Analytic Management Assistant
I've started writing a series of blog posts about my experiences managing innovation and research activities at EMC Labs China. Let's call this "Task X". I've also been running some serious experiments in Innovation Analytics this year. These experiments highlight "clusters of innovators" around EMC. One of the biggest clusters was Chinese, and a large majority of those within the cluster were from EMC Labs China (they are quite active in EMC innovation activities). Let's call this "Data Y".
5. Interconnected World – Transforming corporate mindsets, and my discoveries along the way
Last year, I heard James Woolsey said something that has been a useful guide to my behavior in my role as CSO. He said (paraphrasing) that what needs to be done is so important that we can't demand the luxury of people having the motivation we want them to have; we must be satisfied with their taking the action that we want them to take. It comes up often in my role. People say "we didn't do that to reduce GHG emissions; we did it to save money". My response? "Wouldn't it be wonderful if we lived in a world where saving money always reduced GHG emissions?" After all, isn't that our ideal - to have an economy in which what's right for the business is always good for the well-being of the planet and society?
6. Speaking of Security, the RSA Blog and Podcast – featuring a group of experts in identity management, encryption, privacy, policy, and enterprise security standards.
Phishing in Season: A Look at Online Fraud in 2012
The results are in for the first half of 2012, and once again, phishing attack numbers mark a notable increase on the global scale. Compared with H2 2011, end of June numbers show a 19% increase as phishers heavily target the UK, U.S. and Canada – and their associated brands – with the same old online trickery that continues to plague the world. Why is this older, well-known, and rather simplistic threat still so prevalent today? Read on about the numbers, the attacked countries and the reasons why phishing remains successful still. A Numbers Game: 1H2012 phishing attack numbers mark the fourth increase recorded since 2H2010, this time jumping 19% compared with 2H2011. Through the first half of the year, attack numbers averaged monthly at 32,581.
Guest Post: Different Kinds of Document Destruction
The general public and businesses alike fret over how to dispose of their sensitive documents. Anything from a personal paper to PII/PCI data to an accounting sheet can be used by competitors or otherwise be a source of ridicule and liability. The difference for a business is that competition for real money is at stake. A large business can have thousands of pages to destroy. The choice is between small office shredders and professional services.
Keeping Me with Me FINALLY!
One of my recent blogs was called ‘Taking me with me’ where I talked about the concept of having all my personal information held somewhere securely which I could access and allow others like government bodies, medical professionals, financial institutions etc. to access for ‘one time transactions’ only. The idea was that you are in possession/control of your own personal information and could make an informed decision as to with whom and where you share that information.
Brevity is the Soul of Wit – a Security Haiku
A friend of mine is giving a security address and has 5 minutes to talk about “Security and the Cloud.” I tried this once for a partner of mine’s customer dinner… and I was awful at it. In my defense, I had the same subject and only 3 minutes. So I jokingly wrote a response to my friend about brevity and said “you should do a haiku.” Then I thought about it… and wrote one. It’s not good as I am not a Haiku poet. So here is my first attempt:
Looking for the Unknown Risk
A couple of weeks ago, I spoke at the annual Computerlinks Forum in Münich, sharing the agenda with a number of other major security vendors. We decided that a good topic would be “The Next Generation Security Operations Center”, a discussion about the fundamental shift in security strategy that is driven by the changes in our adversaries and their tactics, as well by the changes in the enterprise that enable different attack models. It was great to have a chance to speak about security strategy and why a combination of visibility, analytics, actionable intelligence and incident management is essential for dealing with targeted attacks. There was a lot of interest and some very good questions.
Stalking the Kill Chain: The Attacker’s Chain
In 2009, incident responder Mike Cloppert with the Lockheed Martin CERT, published a series of articles that discussed security intelligence and leveraging indicators. In this series, he introduced a concept known as the “attacker kill chain”. This concept breaks attacker methodology into a series of sequential stages. Each stage represents a focus on a particular aspect of an attack, both from an attacker perspective, as well as a defender perspective.
7. The Backup Window – 360° view of backup and recovery
Even the Insurance Guys Need Insurance
Backup is often referred to as a company’s insurance policy – something you spend money on in case you need it. Just like you invest in health insurance to protect your family, you invest in backup to protect your data. Well, the world of IT is to backup as the commonwealth of Massachusetts is to health insurance – everyone’s got to have it. This includes the insurance companies themselves, who often protect our valuable health records along with other business critical data.
EMC NetWorker Setting Boundaries
Why should you honor boundaries? Last year I was skiing with a group that had lost a 13 year old friend during a ski accident. The 13 year old was skiing out of bounds with an adult when they set off an avalanche. Yes, the adult encouraged the 13 year old to take the risk of skiing the untracked powder which was marked “out of bounds”. Basically, the adult was willing to risk the life of a child simply to reach his own personal goal. In the end, the adults survived, and the 13 year old was not so lucky. It is very difficult for a ski resort to guarantee that skiers are fully isolated from out of bound areas that are dangerous and/or prone to avalanches. Prior to NetWorker 8.0, customers had a similar challenge as the ski resorts when it came to defining boundaries for the NetWorker data and resources.
8. Thought Feast – The technology blog to feed your brain with industry trends and topics
IT Security is only as good as the People Protecting the Secrets
One of the great things about traveling is the interesting folks you meet. That’s true not only in meetings and conferences and such, but also on the plane. I’ve had fascinating conversations many times with the people sitting next to me — sometimes about computer security, as when the director of consulting at Verisign and I spent hours talking during a long transatlantic flight. But often the conversations are on wide-ranging topics far removed from IT security. In all those conversations that I can recall, there was always a balance between candor and a certain tacit agreement about the level of confidentiality each of us would bring to the discussion. We might talk about work, but not about products under development. We might talk about family, but only rarely exchange contact information. We might talk about hobbies and avocations, but not about new ideas for books (at least in my case).
9. InFocus – EMC Global Services Blog
Most Excellent Big Data Strategy Document
I was at a recent client meeting and the CIO shared with me a document that he had developed to align his organization’s Big Data strategy across IT and their different business organizations. Fortunately, he has allowed me to share parts of the document, once I had removed any company confidential data. I am very eager to share this document because I think it uses a format that any organization can use, as long as you truly understand and stay focused upon your organization’s key business initiatives. Here is why I think this document is so useful:
Key Takeaways from EMC’s ITaaS Curriculum
Back at EMC World, I presented a session entitled “Cloud Architect: Do You Have What it Takes to Lead the Transformation?” highlighting the key points of EMC’s IT as a Service curriculum. In this video blog post, I discuss the key take-aways from the IT as a Service course, including the importance of managing organizational change, Governance, Risk and Compliance (GRC), and service management. In future videos, coming soon, I’ll discuss the issues of GRC and Trust in more detail.
Transforming Your Applications
Businesses spend large amount of time and money to develop, enhance and support custom applications that give them the competitive edge. However, these can quickly grow old and be overtaken by competitors adopting new functionality and technology. Organizations need to rationalize their application portfolio and transform applications to extend their lifespan; and optimize the value of their investments. In this blog post we continue our IT Transformation journey and discuss how organizations can transform their applications. There are a few key approaches which organizations can consider when transforming their Applications and Application Portfolio:
10. Managed View – From Silos to Services
The Software-Defined Data Center
The software-defined data center is cloud computing realized through intelligent software that abstracts hardware resources, pools it into aggregated capacity, and automates distributing it as needed to applications. It consolidates all systems into a single platform built on an x86 architecture supporting both industry-standard protocols and open APIs. With software-defined networking gaining acceptance, the concept of a software-defined data center is getting more attention.