30 october - 5 november 2012 computerweekly.com the...
TRANSCRIPT
computerweeklycom 30 October - 5 November 2012 1
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
The Windows 8 dilemma
Will Microsoftrsquos latest operating systeM suit your business page 4Does WinDoWs 8 offer security iMproveMents page 7
30 October - 5 November 2012 | ComputerWeeklycom
computerweeklycom 30 October - 5 November 2012 2
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
the week in it
Financial servicesRBS spends pound80m to link its multiple mainframes betterRoyal Bank of Scotland (RBS) will dedi-cate pound80m of its billion-plus IT budget to eliminate problems caused by patched-together mainframes following multiple corporate acquisitions Over the next year RBS will use the money on top of the hun-dreds of millions already spent on IT to improve the integration of mainframes
Risk managementMcAfee Focus 2012 One fifth of corporate network devices unknownAt least 20 of the devices on corporate networks are not known to the organisa-tion says security firm McAfee ldquoThis is staggering in the light of predictions that by 2020 there will be more than 50 bil-lion connected devicesrdquo said Ken Levine senior vice-president and general man-ager of management systems at McAfee
Media amp entertainmentSony confirms details of 10000 job cuts in entertainment and TV divisionsSony has given investors a more accu-rate breakdown of the 10000 job cuts it announced earlier this year The com-pany admitted it would be slashing the workforce at its Japanese headquarters by 20 along with 20 of its home entertainment and sound business group including its TV division
E-commerce technologyArgos closes stores in move to digitalArgos is to cut up to 10 of its 750 stores as it repositions itself from a catalogue business to a digital retailer Argos said it will wind down the existing branches as their leases expire over the next five years Argos reported pre-tax profits down by 37 to pound18m for its first half results
OutsourcingCornwall Council puts outsourcing move on hold after landslide voteCornwall council has frozen plans to out-source services after councillors voted in favour of a motion to suspend the author-ityrsquos outsourcing programme A total of 93 members of the council voted in favour of the motion to postpone a decision until the full council had debated it Seven abstained and nobody voted against
E-commerce technologyTech companies get pound1m funding potTen start-up companies from the media and B2B sectors will receive pound1m as well as management and mentoring from UK brands Start-up technology firms in England can apply to the new accelerator programme Collider12 which will sup-port 10 businesses developing technolo-gies to help existing big brands engage with customers n
Olympics iT aTTacked daily
the it supporting the london 2012 olympics and paralympics was hit by cyber attacks every day during the games including some that were well organised and auto-mated and one in particular that comprised a major assault
london 2012 cio gerry pennell (pictured) revealed the scale of the threats the olympics successfully coped with in an exclusive post-games interview with computer Weekly
ldquoWe were attacked every dayrdquo gerry pennell saidldquosome of the attacks were fairly well orchestrated some
just before the games were automated We prepared for this well in advance so it didnrsquot cause us any problemsrdquo
When asked if london 2012 was hit by a particularly major cyber-attack pennell replied ldquoyes and thatrsquos all irsquom sayingrdquo
access the latest it news via rss feed
computerweeklycom 30 October - 5 November 2012 3
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
OutsourcingCSC struggling to make a profit from Royal Mail outsourcing dealCSC has stemmed losses in its 10-year outsourcing deal with Royal Mail through job cuts tax breaks and relief payments according to analysis of eight years of accounts for the venture CSC signed the contract in 2003 and operated the out-sourcing through a subsidiary company called CSC Business Systems Limited
Management skillsTech City investor names Facebook executive Joanna Shields as CEOJoanna Shields has resigned from her role as European boss of Facebook to become chief executive of the Tech City Investment Organisation (TCIO) Joanna Shields will join TCIO in January 2013 The government initiative was launched by UK Trade and Investment in 2011 to compete with Californiarsquos Silicon Valley
Privacy amp data protectionICO hits Stoke-on-Trent City Council with pound120000 fineThe Information Commissionerrsquos Office (ICO) has fined Stoke-on-Trent City Council pound120000 for breaching the Data Protection Act A solicitor that worked for the council sent 11 emails containing data about a child protection law suit to the wrong person which the ICO considered a serious breach of the legislation
Hackers amp cyber crime preventionAttackers besiege Google Android OS Trend Micro revealsGooglersquos Android mobile operating sys-tem (OS) is under siege by attackers with a 483 rise in malware and information-stealing adware targeting the platform from the last quarter Googlersquos open plat-form has become a hotbed of malicious activity according to security organisa-tion Trend Micro
Network hardwareJuniper Networks profit collapses 80 following restructuring write-downJuniper Networks profits plummeted 80 in the last three months according to the companyrsquos latest financial results In its third quarter results announce-ment Juniper blamed the drastic decline from $837m to $168m on restructuring although it remained tight-lipped about the exact measures it was taking
Broadband communicationsBT and Virgin Media slam Birmingham broadband plansBT and Virgin Media have each submitted complaints to the European Commission about plans for a state-funded broadband network in Birmingham The City Council was awarded the money for the project after applying to the Urban Broadband Fund set up by Chancellor George Osborne in 2011 n
the week in it
Uk firms sTrUggle TO cOnTain cOnsUmerisaTiOn
Source Study conducted by
Forrester Consulting on
behalf of Unisys June 2012
81 of UK companies see bring-your-own-device (BYOD) apps as dangerous and destructive and potential grounds for dismissal
Yet 83 of IT decision-makers and 33 of average information workers have downloaded non-supported apps or used a non-supported website for work
computerweeklycom 30 October - 5 November 2012 4
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 combines a desktop OS with tablet-touch functionality Cliff Saran and Caroline Baldwin report on the businesses it will benefit ndash and who it wonrsquot
Windows 8 is available now ndash but is it the right choice for your business
With the launch of Windows 8 Microsoft is taking a step into the unknown In a bid to stop its
lucrative PC operating system (OS) business losing sales to tablets such as the iPad the software giant is making its latest Windows launch a tablet-first OS
ldquoWersquore standing on the edge of a revolu-tion redefining what it means to use the word lsquodevicersquo I think it has to date stood for phones and tablets and wersquore walking into a world now where a device is just a com-puterrdquo said Anand Krishnan from Microsoftrsquos UK developer and platforms group
Windows 8 aims to fill a void neither Apple nor Google has yet to occupy namely the demand for an OS that works as well on a desktop as it does carried around on a tablet Patrick Walker head of IT at Beaverbrooks is attracted by the new Windows as a tablet operating system rather than as one support-ing notebook PCs The jewellery company is hoping to extend its mobile till offering but is waiting for Windows 8 tablets to integrate with the rest of its Windows-based systems
Windows 8 could offer Beaverbrooks a compelling alternative to MacOS and Android since the applications the company uses will not have to be redeveloped
ldquoWe use notebooks at the moment which we are looking at replacing with tablets We are waiting to see what Windows 8 has to offer as it would be easier to move onto a Microsoft tablet rather than Apple or Android as it would be more compatible with the rest of our systems which are written in Netrdquo said Walker
Accounting software provider Sage is one of Microsoftrsquos launch partners It has devel-oped a version of its product for Windows 8 The new version uses the touch user inter-face making it possible for users to do their accounts on a Windows 8 tablet
Microsoft vice-president Mike angiulo demonstrates Windows 8 at a preview event in barcelona spain
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
Enterprise IT on the go Windows 8 offers a way for IT departments to run the entire OS from a USB memory stick This makes it useful to deploy when users want to run a secure corporate desk-top from their home desktop laptop PC or even at an internet cafe It can also be used when an IT department wants to pilot the new OS without disrupting the installed OS
Geoff Connell heads up IT at the London Borough of Newham and is head of business systems at the London Borough of Havering He is looking to roll out USB memory sticks installed with Windows 8
ldquoWe are currently only planning to deploy Windows 8 on USB sticks for remote access via home computersrdquo said Connell
He expects the roll-out will involve 1000-2000 users across Newham and Havering
computerweeklycom 30 October - 5 November 2012 5
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
to Windows 7rdquo said Sepp He said Windows 8rsquos lower power con-
sumption and relatively low system require-ments make the operating system a good choice for enterprises
Publisher Reed Elsevier is also migrating from Windows XP to Windows 7 and has no active plans to move onto Microsoftrsquos new-est operating system yet since it too is migrating from XP to Windows 7
ldquoWersquore making an investment right now we donrsquot want to disrupt that by skipping Windows 7 which is an established mature operating system to move to Windows 8rdquo said Jonathan Gregory enterprise architect at Reed Elsevier
What next for Windows 8Windows 8 represents a milestone for Microsoft It is combining desktop laptop and tablet functionality into one operating system It will mean users will only need one device which can work while they are
at their desk with a key-board while they are travelling and when they arrive at a meeting
Some of the CIOs Computer Weekly spoke to believe Windows 8 will be the right choice for enterprises because it avoids the com-plexity of support-
ing alternative tablet OSs such as
Applersquos iOS on the iPad and Googlersquos Android that may not be compat-ible with existing enterprise systems and security policies Newham amp Haveringrsquos Geoff Connell is keen to use the USB boot feature to distribute Windows 8 to remote workers as a plug-on OS
But Microsoftrsquos biggest barrier to Windows 8 adoption is its existing legacy those organ-isations going through the pain of migrating from Windows XP to Windows 7 Many such businesses are unlikely to deploy the new operating system unless there is a compel-ling reason such as to rollout Windows 8 tablets across a mobile workforce n
Newham has been an early adopter of Microsoft technologies since 2004 when it signed a strategic partnership with HP and Microsoft following a controversial tender process where the council pitted open source technologies against Microsoft Windows The council also runs Windows Server 2012
The XP legacyMany organisations are still in the process of mov-ing from Windows XP to Windows 7 or have just completed the migration This could greatly reduce the immediate adoption of Windows 8
ldquoWindows XP is at the end of support and many organisa-tions will be forced to upgrade to either Windows 7 or 8rdquo said Taavi Sepp IT operations manager at the Energy Industries Council (EIC)
ldquoHowever Windows 7 has just about reached maturity which will pose the
question if itrsquos fit for purpose why changerdquo
The EIC is currently moving gradu-
ally from XP to Windows 7 however the migration is being held back due to legacy Iris Integra CRM and Sage account applica-tions which are incompatible
ldquoWe are looking to replace the products within the next three months and then move
rsaquo Suppliers announce Windows 8 devicesrsaquo Windows 8 What SMEs need to know
rsaquo What IT managers can expect of Windows 8
ldquoWindoWs 7 has just about reached maturity Which Will pose the question if itrsquos fit for purpose Why changerdquo
analysis
1 The cumulative number of unique malware samples in the McAfee collection exceeded the 75 million mark at the end of 2011 Source ldquoMcAfee Threats Report Fourth Quarter 2011rdquo available at wwwmcafeecom (httpwwwmcafeecomusresourcesreportsrp-quarterly-threat-q4-2011pdf)
2 No system can provide absolute security under all conditions Requires an Intel Identity Protection Technologyndashenabled system including a 2nd or 3rd Gen Intel Coretrade processor enabled chipset Agravermware software and participating website Consult your system manufacturer Intel assumes no
liability for lost or stolen data andor systems or any resulting damages For more information visit httpiptintelcom 3 Intel AES-NI requires a computer system with an AES-NI-enabled processor as well as non-Intel software to execute the instructions in the correct sequence AES-NI is available on
select Intel Core processors For availability consult your system manufacturer For more information see httpsoftwareintelcomen-usarticlesintel-advanced-encryption-standard-instructions-aes-ni 4 No computer system can provide absolute security under all conditions Built-in security features
available on select Intel Core processors may require additional software hardware services andor an Internet connection Results may vary depending upon conAgraveguration Consult your PC manufacturer for more details Copyright copy 2012 Intel Corporation All rights reserved Intel the Intel logo Intel
Core and Intel vPro are trademarks of Intel Corporation in the US and other countries Other names and brands may be claimed as the property of others
Built for Business Engineered for Security
Learn more at intelcoukpcsecurity
The 3rd Generation Intelreg Coretrade vProtrade Processors
Deliver Unprecedented Protection for Business
75000000UNIQUE MAlwARE SAMPlES1
AddEd PROTECTION AgAINST MAlwARE ANd ROOTkITS
TwO-FACTOR
AUThENTICATION
OFFERS
BUIlT-IN
SECURITy4
PROTECTS dATA FOR wORkERSINTElreg TRUSTEd ExECUTION TEChNOlOgy (INTEl TxT)
INTEl VIRTUAlIzATION TEChNOlOgy (INTEl VT)
INTEl IdENTITy PROTECTION
TEChNOlOgy (IPT) wITh PUBlIC
kEy INFRASTRUCTURE (PkI)2
bull VIRUS PROTECTION
bull MAlwARE PREVENTION
bull SECURE ACCESS
bull dATA PROTECTION
ONSITEON-ThE-gO
UP TO 400
PERCENT FASTER
dATA ENCRyPTION
INTEl AdVANCEd ENCRyPTION
STANdARd NEw INSTRUCTIONS
(INTEl AES-NI)3
10052012 2050 Twist 235
computerweeklycom 30 October - 5 November 2012 7
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 security report card
In the run-up to the launch of Microsoftrsquos Windows 8 much has been said about the new user interface because on the
surface Windows 8 looks very different to anything Microsoft has done before
But is that true when it comes to security If Microsoft is to win back the enterprise as it goes in pursuit of tablets and other mobile devices security is an important factor
embedded hardware securityOne of the most important developments in Windows 8 is Microsoftrsquos decision to focus on active embedded hardware security
This move comes in response to a rapidly changing cyber landscape marked by the threat of sophisticated boot sector viruses compliance with data protection laws an increasingly mobile workforce and porous network perimeters according to Brian Berger executive vice-president of marketing and sales at Wave Systems
Microsoftrsquos decision brings the Trusted Platform Module (TPM) and optional use of self-encrypting drives (SEDs) into the main-stream for enterprises
ldquoHardware-based security becomes even more pervasive in broader platform types and a very real and cost-effective option for securing business continuity and datardquo said Berger ldquoIt also represents a powerful endorsement of open industry standards for
hardware embedded securityrdquoWith advances in malware detection mod-
ern authentication for network access and encryption Windows 8 will provide support for remote attestation by trusted third parties
ldquoThis supports the market need for plat-form level authentication and native support for SEDs as part of the OS Windows 8 plat-forms will include a TPM and optional SED support built into the OSrdquo said Berger
According to the Trusted Computing Group (TCG) ndash which published the TPM specifica-tion ndash the technology offers a cheaper and better alternative to software-based informa-tion security systems
The TCG of which Microsoft is a founder member claims the technology has reached tipping point with TPMs now in more than 600 million computing devices
While there has been third-party sup-port for SEDs on Windows XP Vista and Windows 7 Windows 8 will provide native support for SEDs as part of the OS
This means Windows 8 will have a built-in encryption key management capability for SEDs which offloads encryption processing to hardware
The active use of TPMs allows boot level security features to be implemented TPMs used in conjunction with the Windows 8 sup-ported hardened UEFI BIOS standard can also enable the enterprise to check the platformrsquos
Windows 8 is seen as an evolutionary jump for the operating system but is the security good enough to win back the enterprise Warwick Ashford reports
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
MIF
LIPP
OT
HIN
KSTO
CK
computerweeklycom 30 October - 5 November 2012 8
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
integrity that can be affected by malware in the pre-boot state ensuring the device has not been altered by malicious code
ldquoIt does this through hardware-protected measurements bound to the platform Software security fails to do thisrdquo said Berger
Seeing a commercial opportunity Wave Systems can provide software support for TPMs and SEDs to make it easier for enter-prises to implement these strategic security features on both Windows 7 and Windows 8
ldquoThe launch of the new OS brings fresh capability for the management of virtual smartcards and DirectAccessrdquo said Berger
This allows enterprise users to establish their identity using the machine as a token-for-network log on he said eliminating the need for multiple passwords which fail to live up to the current threats we face
The move to UEFI and TPM to enable trusted boot and to secure the boot chain is a huge step forward according to James Lyne director of technology strategy at Sophos
ldquoMaster boot record (MBR) loaders are undetectable by most anti-malware systems which has been painful so it is good to have a way of tackling it in the OSrdquo he said
However according to Lyne in releasing Windows 8 Microsoft has squandered the opportunity to address a well-known vulner-ability in the way its OS handles IPv6 traffic
Using a tool such as flood_router6 from the thc-ipv6 package a remote attacker can cause a denial of service or system hang by sending multiple router advertisement (RA) messages with different source addresses
Updating the routing tables and configuring IPv6 addresses requires 100 of processing resources If a network is flooded with random router announcements Windows and other operating systems struggle to update their routing tables causing systems to hang
Microsoft has not fixed this problem in Windows 8 said Lyne nor improved the certificate store and the management
of trust to reduce the vulnerability to rogue or compromised certificate authorities by using the TPM more and the ability to intercept and lock down fake certificates used by malware
Security gapsDifferences in the versions of Windows 8 could create security gaps said Lyne
There are three versions Windows 8 which is the ldquohomerdquo edition Windows 8 Pro which includes features for enterprises such as support for Hyper-V BitLocker a
virtual private network (VPN) client and group policy support and Windows RT which is built for ARM-powered devices such as low-powered tablets and lifestyle PC devices
ldquoMy worry is that enterprises and other users will treat them all the same when it comes to security but the risks are differentrdquo said Lyne Windows RT provides a much higher security standard for example as only approved apps will run
ldquoMicrosoft has adopted a similar approach to Apple in creating a walled gardenrdquo he said
For Microsoft to improve security Windows needs to make a break from the shackles of backward-compatibility he adds
ldquoThe rate at which enterprise users have moved to the iPad and similar devices dem-onstrates that enterprises are more willing to change doctrine in return for tangible ben-efits than Microsoft thinksrdquo he said
Lyne believes Microsoft should have pushed the walled garden approach of Windows RT into the other versions of the OS
ldquoWhile Windows 8 moves in the right direction in terms of security it is not that much different from Windows 7rdquo he said
Windows 8 security report card Has shown improvement but could do better There are still some areas that need work n
rsaquo Examining alternatives to Windows 8rsaquo Windows 8 ndash Beauty and the Beast
rsaquo Video interview Why develop for Windows 8
analysis
ldquothe launch of the neW os brings fresh capability for the management of virtual smartcards and directaccessrdquobrian berger Wave systems
computerweeklycom 30 October - 5 November 2012 9
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Case study
Staff at engineering consultancy Buro Happold spent a lot of time travelling until the company found a different way of collaborating Jennifer Scott reports
How video-conferencing saved time and money for one engineering firm
Buro Happold is a global engineering consultancy with 27 offices in seven countries Founded in Bath in south-
west England Buro Happold has 1500 staff worldwide and has worked on projects rang-ing from the O2 in London to the Louvre in Abu Dhabi
However even the most successful busi-ness has its issues For Buro Happold the distance between offices and the time employees spent travelling between them was causing problems
ldquoSome see it as a standard problem of the worklife balancerdquo said Jason Kane IT operations manager for the firm ldquoAll the commuting travel getting to the airport and losing those hours was an issue for usrdquo
Travelling costs were substantial and a lot of engineersrsquo time was spent in transit
Buro Happold decided it needed to revamp its video-conferencing capabilities to save time and make the company more produc-tive It already had a video system in place but it was low-definition and being only room-based could not helping employees already on the move
Choosing a supplierAfter speaking to a number of suppliers the company opted for Polycom
ldquoWe looked at Cisco and Tandberg before deciding on Polycomrdquo said Kane ldquoWe had an office communications server (OCS) but we were just using it for instant messaging so we knew it had much more to give
ldquoThe compatibility with OCS ended up one of the main reasons we went with Polycomrdquo
Polycom provided Buro Happold with two RMX bridges to work as a base platform for the video-conferencing service It provided every member of staff with their own unique virtual meeting number meaning they could use the system regardless of location
Will video conferencing
find its business
market in 2012
Polycom breaks down
barriers to adopting video
conferencing
ldquoOur employees can use the updated room systems to have a point-to-point call they can do a direct call from their desk they can even create a virtual meeting room in a Microsoft Lync windowrdquo said Kane
ldquoWe have provided end points web cam-eras and screens with built-in web cams and everyone has a headset nowrdquo
More than 90 of staff now use the sys-tem In August 2012 7500 calls were made showing great enthusiasm from employees
ldquoThere has been a ripple effect in adop-tionrdquo said Kane ldquoWe have a highly skilled workforce who are often challenging us to move forward
ldquoWith the likes of Skype ndash that has been around for years ndash and the fact they have been going to external systems such as Citrixrsquos GoToMeeting meant it wasnrsquot diffi-cult for them to use
ldquoHowever we found the ripple effect because different people in different loca-tions began to use it and the more people who used it the more were drawn inrdquo
video conferencing cut travel costs and time spent in transit
computerweeklycom 30 October - 5 November 2012 10
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
being developed for the devicesldquoWhen it comes to bring your own device
(BYOD) we donrsquot want to say no so it is about taking that technology and changing the business to fit with itrdquo
Apple vs MicrosoftKane and his team are currently debating whether to get a corporate iPhone contract with Apple or look to Microsoft and its new Windows Phone 8 mobile operating sys-tem available on handsets from the likes of Nokia and HTC
ldquoWith Windows Phone 8 sharing so much with Windows it is quite appealing and there is no ruling out Microsoft at this stagerdquo Kane said
As well as the mobile device route Buro Happold is also encouraging its partners to use the system as bringing as many parts of the ecosystem onto video-conferencing as possible will increase productivity
ldquoClients are now required to have Microsoft Lync to work with us and we are immediately seeing the benefitsrdquo said Kane n
Educating usersIt wasnrsquot all plain sailing though Staff proved keen to use the system in ways they saw fit rather than what it was designed for
ldquoThe one thing I learned from this experi-ence was in terms of communication and trainingrdquo admitted Kane ldquoIf you try and pre-empt how users use the system they will use it in a different wayrdquo
ldquoWe learned that the hard way and had to follow up with a lot of lunchtime briefings as
well as spending a lot of time refining a one-page document explaining how to use itrdquo
He added ldquoThe technology worked beauti-fully but getting people to understand how to use it and what it is for that was the chal-lenge and the one bit of advice Irsquod give is to prepare for thatrdquo
The benefits seemed to outweigh this one negative though with the company reducing its CO2 emissions making meetings more efficient and saving money in the process
Now Buro Happold is looking at extending the Polycom system to mobile devices ena-bling employ-ees to use it on
iPads and mobile phones as well as laptops desktops and the room systems
ldquoWe are trialling the iPad system with a small footprint at the moment including the CEO as we do see that as the next big thingrdquo said Kane ldquoWe are traditionally a BlackBerry house but we are making a shift away because there are hardly any business apps
rsaquo Which video conferencing gives best valuersaquo Video conferencing interoperability issues
rsaquo Questions to ask about video conferencing
ldquothe technology Worked beautifully but getting people to understand hoW to use it and What it is for that Was the challengerdquo
Case study
buro Happold now requires clients to use Microsoft lync to do business
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 2
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
the week in it
Financial servicesRBS spends pound80m to link its multiple mainframes betterRoyal Bank of Scotland (RBS) will dedi-cate pound80m of its billion-plus IT budget to eliminate problems caused by patched-together mainframes following multiple corporate acquisitions Over the next year RBS will use the money on top of the hun-dreds of millions already spent on IT to improve the integration of mainframes
Risk managementMcAfee Focus 2012 One fifth of corporate network devices unknownAt least 20 of the devices on corporate networks are not known to the organisa-tion says security firm McAfee ldquoThis is staggering in the light of predictions that by 2020 there will be more than 50 bil-lion connected devicesrdquo said Ken Levine senior vice-president and general man-ager of management systems at McAfee
Media amp entertainmentSony confirms details of 10000 job cuts in entertainment and TV divisionsSony has given investors a more accu-rate breakdown of the 10000 job cuts it announced earlier this year The com-pany admitted it would be slashing the workforce at its Japanese headquarters by 20 along with 20 of its home entertainment and sound business group including its TV division
E-commerce technologyArgos closes stores in move to digitalArgos is to cut up to 10 of its 750 stores as it repositions itself from a catalogue business to a digital retailer Argos said it will wind down the existing branches as their leases expire over the next five years Argos reported pre-tax profits down by 37 to pound18m for its first half results
OutsourcingCornwall Council puts outsourcing move on hold after landslide voteCornwall council has frozen plans to out-source services after councillors voted in favour of a motion to suspend the author-ityrsquos outsourcing programme A total of 93 members of the council voted in favour of the motion to postpone a decision until the full council had debated it Seven abstained and nobody voted against
E-commerce technologyTech companies get pound1m funding potTen start-up companies from the media and B2B sectors will receive pound1m as well as management and mentoring from UK brands Start-up technology firms in England can apply to the new accelerator programme Collider12 which will sup-port 10 businesses developing technolo-gies to help existing big brands engage with customers n
Olympics iT aTTacked daily
the it supporting the london 2012 olympics and paralympics was hit by cyber attacks every day during the games including some that were well organised and auto-mated and one in particular that comprised a major assault
london 2012 cio gerry pennell (pictured) revealed the scale of the threats the olympics successfully coped with in an exclusive post-games interview with computer Weekly
ldquoWe were attacked every dayrdquo gerry pennell saidldquosome of the attacks were fairly well orchestrated some
just before the games were automated We prepared for this well in advance so it didnrsquot cause us any problemsrdquo
When asked if london 2012 was hit by a particularly major cyber-attack pennell replied ldquoyes and thatrsquos all irsquom sayingrdquo
access the latest it news via rss feed
computerweeklycom 30 October - 5 November 2012 3
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
OutsourcingCSC struggling to make a profit from Royal Mail outsourcing dealCSC has stemmed losses in its 10-year outsourcing deal with Royal Mail through job cuts tax breaks and relief payments according to analysis of eight years of accounts for the venture CSC signed the contract in 2003 and operated the out-sourcing through a subsidiary company called CSC Business Systems Limited
Management skillsTech City investor names Facebook executive Joanna Shields as CEOJoanna Shields has resigned from her role as European boss of Facebook to become chief executive of the Tech City Investment Organisation (TCIO) Joanna Shields will join TCIO in January 2013 The government initiative was launched by UK Trade and Investment in 2011 to compete with Californiarsquos Silicon Valley
Privacy amp data protectionICO hits Stoke-on-Trent City Council with pound120000 fineThe Information Commissionerrsquos Office (ICO) has fined Stoke-on-Trent City Council pound120000 for breaching the Data Protection Act A solicitor that worked for the council sent 11 emails containing data about a child protection law suit to the wrong person which the ICO considered a serious breach of the legislation
Hackers amp cyber crime preventionAttackers besiege Google Android OS Trend Micro revealsGooglersquos Android mobile operating sys-tem (OS) is under siege by attackers with a 483 rise in malware and information-stealing adware targeting the platform from the last quarter Googlersquos open plat-form has become a hotbed of malicious activity according to security organisa-tion Trend Micro
Network hardwareJuniper Networks profit collapses 80 following restructuring write-downJuniper Networks profits plummeted 80 in the last three months according to the companyrsquos latest financial results In its third quarter results announce-ment Juniper blamed the drastic decline from $837m to $168m on restructuring although it remained tight-lipped about the exact measures it was taking
Broadband communicationsBT and Virgin Media slam Birmingham broadband plansBT and Virgin Media have each submitted complaints to the European Commission about plans for a state-funded broadband network in Birmingham The City Council was awarded the money for the project after applying to the Urban Broadband Fund set up by Chancellor George Osborne in 2011 n
the week in it
Uk firms sTrUggle TO cOnTain cOnsUmerisaTiOn
Source Study conducted by
Forrester Consulting on
behalf of Unisys June 2012
81 of UK companies see bring-your-own-device (BYOD) apps as dangerous and destructive and potential grounds for dismissal
Yet 83 of IT decision-makers and 33 of average information workers have downloaded non-supported apps or used a non-supported website for work
computerweeklycom 30 October - 5 November 2012 4
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 combines a desktop OS with tablet-touch functionality Cliff Saran and Caroline Baldwin report on the businesses it will benefit ndash and who it wonrsquot
Windows 8 is available now ndash but is it the right choice for your business
With the launch of Windows 8 Microsoft is taking a step into the unknown In a bid to stop its
lucrative PC operating system (OS) business losing sales to tablets such as the iPad the software giant is making its latest Windows launch a tablet-first OS
ldquoWersquore standing on the edge of a revolu-tion redefining what it means to use the word lsquodevicersquo I think it has to date stood for phones and tablets and wersquore walking into a world now where a device is just a com-puterrdquo said Anand Krishnan from Microsoftrsquos UK developer and platforms group
Windows 8 aims to fill a void neither Apple nor Google has yet to occupy namely the demand for an OS that works as well on a desktop as it does carried around on a tablet Patrick Walker head of IT at Beaverbrooks is attracted by the new Windows as a tablet operating system rather than as one support-ing notebook PCs The jewellery company is hoping to extend its mobile till offering but is waiting for Windows 8 tablets to integrate with the rest of its Windows-based systems
Windows 8 could offer Beaverbrooks a compelling alternative to MacOS and Android since the applications the company uses will not have to be redeveloped
ldquoWe use notebooks at the moment which we are looking at replacing with tablets We are waiting to see what Windows 8 has to offer as it would be easier to move onto a Microsoft tablet rather than Apple or Android as it would be more compatible with the rest of our systems which are written in Netrdquo said Walker
Accounting software provider Sage is one of Microsoftrsquos launch partners It has devel-oped a version of its product for Windows 8 The new version uses the touch user inter-face making it possible for users to do their accounts on a Windows 8 tablet
Microsoft vice-president Mike angiulo demonstrates Windows 8 at a preview event in barcelona spain
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
Enterprise IT on the go Windows 8 offers a way for IT departments to run the entire OS from a USB memory stick This makes it useful to deploy when users want to run a secure corporate desk-top from their home desktop laptop PC or even at an internet cafe It can also be used when an IT department wants to pilot the new OS without disrupting the installed OS
Geoff Connell heads up IT at the London Borough of Newham and is head of business systems at the London Borough of Havering He is looking to roll out USB memory sticks installed with Windows 8
ldquoWe are currently only planning to deploy Windows 8 on USB sticks for remote access via home computersrdquo said Connell
He expects the roll-out will involve 1000-2000 users across Newham and Havering
computerweeklycom 30 October - 5 November 2012 5
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
to Windows 7rdquo said Sepp He said Windows 8rsquos lower power con-
sumption and relatively low system require-ments make the operating system a good choice for enterprises
Publisher Reed Elsevier is also migrating from Windows XP to Windows 7 and has no active plans to move onto Microsoftrsquos new-est operating system yet since it too is migrating from XP to Windows 7
ldquoWersquore making an investment right now we donrsquot want to disrupt that by skipping Windows 7 which is an established mature operating system to move to Windows 8rdquo said Jonathan Gregory enterprise architect at Reed Elsevier
What next for Windows 8Windows 8 represents a milestone for Microsoft It is combining desktop laptop and tablet functionality into one operating system It will mean users will only need one device which can work while they are
at their desk with a key-board while they are travelling and when they arrive at a meeting
Some of the CIOs Computer Weekly spoke to believe Windows 8 will be the right choice for enterprises because it avoids the com-plexity of support-
ing alternative tablet OSs such as
Applersquos iOS on the iPad and Googlersquos Android that may not be compat-ible with existing enterprise systems and security policies Newham amp Haveringrsquos Geoff Connell is keen to use the USB boot feature to distribute Windows 8 to remote workers as a plug-on OS
But Microsoftrsquos biggest barrier to Windows 8 adoption is its existing legacy those organ-isations going through the pain of migrating from Windows XP to Windows 7 Many such businesses are unlikely to deploy the new operating system unless there is a compel-ling reason such as to rollout Windows 8 tablets across a mobile workforce n
Newham has been an early adopter of Microsoft technologies since 2004 when it signed a strategic partnership with HP and Microsoft following a controversial tender process where the council pitted open source technologies against Microsoft Windows The council also runs Windows Server 2012
The XP legacyMany organisations are still in the process of mov-ing from Windows XP to Windows 7 or have just completed the migration This could greatly reduce the immediate adoption of Windows 8
ldquoWindows XP is at the end of support and many organisa-tions will be forced to upgrade to either Windows 7 or 8rdquo said Taavi Sepp IT operations manager at the Energy Industries Council (EIC)
ldquoHowever Windows 7 has just about reached maturity which will pose the
question if itrsquos fit for purpose why changerdquo
The EIC is currently moving gradu-
ally from XP to Windows 7 however the migration is being held back due to legacy Iris Integra CRM and Sage account applica-tions which are incompatible
ldquoWe are looking to replace the products within the next three months and then move
rsaquo Suppliers announce Windows 8 devicesrsaquo Windows 8 What SMEs need to know
rsaquo What IT managers can expect of Windows 8
ldquoWindoWs 7 has just about reached maturity Which Will pose the question if itrsquos fit for purpose Why changerdquo
analysis
1 The cumulative number of unique malware samples in the McAfee collection exceeded the 75 million mark at the end of 2011 Source ldquoMcAfee Threats Report Fourth Quarter 2011rdquo available at wwwmcafeecom (httpwwwmcafeecomusresourcesreportsrp-quarterly-threat-q4-2011pdf)
2 No system can provide absolute security under all conditions Requires an Intel Identity Protection Technologyndashenabled system including a 2nd or 3rd Gen Intel Coretrade processor enabled chipset Agravermware software and participating website Consult your system manufacturer Intel assumes no
liability for lost or stolen data andor systems or any resulting damages For more information visit httpiptintelcom 3 Intel AES-NI requires a computer system with an AES-NI-enabled processor as well as non-Intel software to execute the instructions in the correct sequence AES-NI is available on
select Intel Core processors For availability consult your system manufacturer For more information see httpsoftwareintelcomen-usarticlesintel-advanced-encryption-standard-instructions-aes-ni 4 No computer system can provide absolute security under all conditions Built-in security features
available on select Intel Core processors may require additional software hardware services andor an Internet connection Results may vary depending upon conAgraveguration Consult your PC manufacturer for more details Copyright copy 2012 Intel Corporation All rights reserved Intel the Intel logo Intel
Core and Intel vPro are trademarks of Intel Corporation in the US and other countries Other names and brands may be claimed as the property of others
Built for Business Engineered for Security
Learn more at intelcoukpcsecurity
The 3rd Generation Intelreg Coretrade vProtrade Processors
Deliver Unprecedented Protection for Business
75000000UNIQUE MAlwARE SAMPlES1
AddEd PROTECTION AgAINST MAlwARE ANd ROOTkITS
TwO-FACTOR
AUThENTICATION
OFFERS
BUIlT-IN
SECURITy4
PROTECTS dATA FOR wORkERSINTElreg TRUSTEd ExECUTION TEChNOlOgy (INTEl TxT)
INTEl VIRTUAlIzATION TEChNOlOgy (INTEl VT)
INTEl IdENTITy PROTECTION
TEChNOlOgy (IPT) wITh PUBlIC
kEy INFRASTRUCTURE (PkI)2
bull VIRUS PROTECTION
bull MAlwARE PREVENTION
bull SECURE ACCESS
bull dATA PROTECTION
ONSITEON-ThE-gO
UP TO 400
PERCENT FASTER
dATA ENCRyPTION
INTEl AdVANCEd ENCRyPTION
STANdARd NEw INSTRUCTIONS
(INTEl AES-NI)3
10052012 2050 Twist 235
computerweeklycom 30 October - 5 November 2012 7
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 security report card
In the run-up to the launch of Microsoftrsquos Windows 8 much has been said about the new user interface because on the
surface Windows 8 looks very different to anything Microsoft has done before
But is that true when it comes to security If Microsoft is to win back the enterprise as it goes in pursuit of tablets and other mobile devices security is an important factor
embedded hardware securityOne of the most important developments in Windows 8 is Microsoftrsquos decision to focus on active embedded hardware security
This move comes in response to a rapidly changing cyber landscape marked by the threat of sophisticated boot sector viruses compliance with data protection laws an increasingly mobile workforce and porous network perimeters according to Brian Berger executive vice-president of marketing and sales at Wave Systems
Microsoftrsquos decision brings the Trusted Platform Module (TPM) and optional use of self-encrypting drives (SEDs) into the main-stream for enterprises
ldquoHardware-based security becomes even more pervasive in broader platform types and a very real and cost-effective option for securing business continuity and datardquo said Berger ldquoIt also represents a powerful endorsement of open industry standards for
hardware embedded securityrdquoWith advances in malware detection mod-
ern authentication for network access and encryption Windows 8 will provide support for remote attestation by trusted third parties
ldquoThis supports the market need for plat-form level authentication and native support for SEDs as part of the OS Windows 8 plat-forms will include a TPM and optional SED support built into the OSrdquo said Berger
According to the Trusted Computing Group (TCG) ndash which published the TPM specifica-tion ndash the technology offers a cheaper and better alternative to software-based informa-tion security systems
The TCG of which Microsoft is a founder member claims the technology has reached tipping point with TPMs now in more than 600 million computing devices
While there has been third-party sup-port for SEDs on Windows XP Vista and Windows 7 Windows 8 will provide native support for SEDs as part of the OS
This means Windows 8 will have a built-in encryption key management capability for SEDs which offloads encryption processing to hardware
The active use of TPMs allows boot level security features to be implemented TPMs used in conjunction with the Windows 8 sup-ported hardened UEFI BIOS standard can also enable the enterprise to check the platformrsquos
Windows 8 is seen as an evolutionary jump for the operating system but is the security good enough to win back the enterprise Warwick Ashford reports
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
MIF
LIPP
OT
HIN
KSTO
CK
computerweeklycom 30 October - 5 November 2012 8
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
integrity that can be affected by malware in the pre-boot state ensuring the device has not been altered by malicious code
ldquoIt does this through hardware-protected measurements bound to the platform Software security fails to do thisrdquo said Berger
Seeing a commercial opportunity Wave Systems can provide software support for TPMs and SEDs to make it easier for enter-prises to implement these strategic security features on both Windows 7 and Windows 8
ldquoThe launch of the new OS brings fresh capability for the management of virtual smartcards and DirectAccessrdquo said Berger
This allows enterprise users to establish their identity using the machine as a token-for-network log on he said eliminating the need for multiple passwords which fail to live up to the current threats we face
The move to UEFI and TPM to enable trusted boot and to secure the boot chain is a huge step forward according to James Lyne director of technology strategy at Sophos
ldquoMaster boot record (MBR) loaders are undetectable by most anti-malware systems which has been painful so it is good to have a way of tackling it in the OSrdquo he said
However according to Lyne in releasing Windows 8 Microsoft has squandered the opportunity to address a well-known vulner-ability in the way its OS handles IPv6 traffic
Using a tool such as flood_router6 from the thc-ipv6 package a remote attacker can cause a denial of service or system hang by sending multiple router advertisement (RA) messages with different source addresses
Updating the routing tables and configuring IPv6 addresses requires 100 of processing resources If a network is flooded with random router announcements Windows and other operating systems struggle to update their routing tables causing systems to hang
Microsoft has not fixed this problem in Windows 8 said Lyne nor improved the certificate store and the management
of trust to reduce the vulnerability to rogue or compromised certificate authorities by using the TPM more and the ability to intercept and lock down fake certificates used by malware
Security gapsDifferences in the versions of Windows 8 could create security gaps said Lyne
There are three versions Windows 8 which is the ldquohomerdquo edition Windows 8 Pro which includes features for enterprises such as support for Hyper-V BitLocker a
virtual private network (VPN) client and group policy support and Windows RT which is built for ARM-powered devices such as low-powered tablets and lifestyle PC devices
ldquoMy worry is that enterprises and other users will treat them all the same when it comes to security but the risks are differentrdquo said Lyne Windows RT provides a much higher security standard for example as only approved apps will run
ldquoMicrosoft has adopted a similar approach to Apple in creating a walled gardenrdquo he said
For Microsoft to improve security Windows needs to make a break from the shackles of backward-compatibility he adds
ldquoThe rate at which enterprise users have moved to the iPad and similar devices dem-onstrates that enterprises are more willing to change doctrine in return for tangible ben-efits than Microsoft thinksrdquo he said
Lyne believes Microsoft should have pushed the walled garden approach of Windows RT into the other versions of the OS
ldquoWhile Windows 8 moves in the right direction in terms of security it is not that much different from Windows 7rdquo he said
Windows 8 security report card Has shown improvement but could do better There are still some areas that need work n
rsaquo Examining alternatives to Windows 8rsaquo Windows 8 ndash Beauty and the Beast
rsaquo Video interview Why develop for Windows 8
analysis
ldquothe launch of the neW os brings fresh capability for the management of virtual smartcards and directaccessrdquobrian berger Wave systems
computerweeklycom 30 October - 5 November 2012 9
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Case study
Staff at engineering consultancy Buro Happold spent a lot of time travelling until the company found a different way of collaborating Jennifer Scott reports
How video-conferencing saved time and money for one engineering firm
Buro Happold is a global engineering consultancy with 27 offices in seven countries Founded in Bath in south-
west England Buro Happold has 1500 staff worldwide and has worked on projects rang-ing from the O2 in London to the Louvre in Abu Dhabi
However even the most successful busi-ness has its issues For Buro Happold the distance between offices and the time employees spent travelling between them was causing problems
ldquoSome see it as a standard problem of the worklife balancerdquo said Jason Kane IT operations manager for the firm ldquoAll the commuting travel getting to the airport and losing those hours was an issue for usrdquo
Travelling costs were substantial and a lot of engineersrsquo time was spent in transit
Buro Happold decided it needed to revamp its video-conferencing capabilities to save time and make the company more produc-tive It already had a video system in place but it was low-definition and being only room-based could not helping employees already on the move
Choosing a supplierAfter speaking to a number of suppliers the company opted for Polycom
ldquoWe looked at Cisco and Tandberg before deciding on Polycomrdquo said Kane ldquoWe had an office communications server (OCS) but we were just using it for instant messaging so we knew it had much more to give
ldquoThe compatibility with OCS ended up one of the main reasons we went with Polycomrdquo
Polycom provided Buro Happold with two RMX bridges to work as a base platform for the video-conferencing service It provided every member of staff with their own unique virtual meeting number meaning they could use the system regardless of location
Will video conferencing
find its business
market in 2012
Polycom breaks down
barriers to adopting video
conferencing
ldquoOur employees can use the updated room systems to have a point-to-point call they can do a direct call from their desk they can even create a virtual meeting room in a Microsoft Lync windowrdquo said Kane
ldquoWe have provided end points web cam-eras and screens with built-in web cams and everyone has a headset nowrdquo
More than 90 of staff now use the sys-tem In August 2012 7500 calls were made showing great enthusiasm from employees
ldquoThere has been a ripple effect in adop-tionrdquo said Kane ldquoWe have a highly skilled workforce who are often challenging us to move forward
ldquoWith the likes of Skype ndash that has been around for years ndash and the fact they have been going to external systems such as Citrixrsquos GoToMeeting meant it wasnrsquot diffi-cult for them to use
ldquoHowever we found the ripple effect because different people in different loca-tions began to use it and the more people who used it the more were drawn inrdquo
video conferencing cut travel costs and time spent in transit
computerweeklycom 30 October - 5 November 2012 10
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
being developed for the devicesldquoWhen it comes to bring your own device
(BYOD) we donrsquot want to say no so it is about taking that technology and changing the business to fit with itrdquo
Apple vs MicrosoftKane and his team are currently debating whether to get a corporate iPhone contract with Apple or look to Microsoft and its new Windows Phone 8 mobile operating sys-tem available on handsets from the likes of Nokia and HTC
ldquoWith Windows Phone 8 sharing so much with Windows it is quite appealing and there is no ruling out Microsoft at this stagerdquo Kane said
As well as the mobile device route Buro Happold is also encouraging its partners to use the system as bringing as many parts of the ecosystem onto video-conferencing as possible will increase productivity
ldquoClients are now required to have Microsoft Lync to work with us and we are immediately seeing the benefitsrdquo said Kane n
Educating usersIt wasnrsquot all plain sailing though Staff proved keen to use the system in ways they saw fit rather than what it was designed for
ldquoThe one thing I learned from this experi-ence was in terms of communication and trainingrdquo admitted Kane ldquoIf you try and pre-empt how users use the system they will use it in a different wayrdquo
ldquoWe learned that the hard way and had to follow up with a lot of lunchtime briefings as
well as spending a lot of time refining a one-page document explaining how to use itrdquo
He added ldquoThe technology worked beauti-fully but getting people to understand how to use it and what it is for that was the chal-lenge and the one bit of advice Irsquod give is to prepare for thatrdquo
The benefits seemed to outweigh this one negative though with the company reducing its CO2 emissions making meetings more efficient and saving money in the process
Now Buro Happold is looking at extending the Polycom system to mobile devices ena-bling employ-ees to use it on
iPads and mobile phones as well as laptops desktops and the room systems
ldquoWe are trialling the iPad system with a small footprint at the moment including the CEO as we do see that as the next big thingrdquo said Kane ldquoWe are traditionally a BlackBerry house but we are making a shift away because there are hardly any business apps
rsaquo Which video conferencing gives best valuersaquo Video conferencing interoperability issues
rsaquo Questions to ask about video conferencing
ldquothe technology Worked beautifully but getting people to understand hoW to use it and What it is for that Was the challengerdquo
Case study
buro Happold now requires clients to use Microsoft lync to do business
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 3
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
OutsourcingCSC struggling to make a profit from Royal Mail outsourcing dealCSC has stemmed losses in its 10-year outsourcing deal with Royal Mail through job cuts tax breaks and relief payments according to analysis of eight years of accounts for the venture CSC signed the contract in 2003 and operated the out-sourcing through a subsidiary company called CSC Business Systems Limited
Management skillsTech City investor names Facebook executive Joanna Shields as CEOJoanna Shields has resigned from her role as European boss of Facebook to become chief executive of the Tech City Investment Organisation (TCIO) Joanna Shields will join TCIO in January 2013 The government initiative was launched by UK Trade and Investment in 2011 to compete with Californiarsquos Silicon Valley
Privacy amp data protectionICO hits Stoke-on-Trent City Council with pound120000 fineThe Information Commissionerrsquos Office (ICO) has fined Stoke-on-Trent City Council pound120000 for breaching the Data Protection Act A solicitor that worked for the council sent 11 emails containing data about a child protection law suit to the wrong person which the ICO considered a serious breach of the legislation
Hackers amp cyber crime preventionAttackers besiege Google Android OS Trend Micro revealsGooglersquos Android mobile operating sys-tem (OS) is under siege by attackers with a 483 rise in malware and information-stealing adware targeting the platform from the last quarter Googlersquos open plat-form has become a hotbed of malicious activity according to security organisa-tion Trend Micro
Network hardwareJuniper Networks profit collapses 80 following restructuring write-downJuniper Networks profits plummeted 80 in the last three months according to the companyrsquos latest financial results In its third quarter results announce-ment Juniper blamed the drastic decline from $837m to $168m on restructuring although it remained tight-lipped about the exact measures it was taking
Broadband communicationsBT and Virgin Media slam Birmingham broadband plansBT and Virgin Media have each submitted complaints to the European Commission about plans for a state-funded broadband network in Birmingham The City Council was awarded the money for the project after applying to the Urban Broadband Fund set up by Chancellor George Osborne in 2011 n
the week in it
Uk firms sTrUggle TO cOnTain cOnsUmerisaTiOn
Source Study conducted by
Forrester Consulting on
behalf of Unisys June 2012
81 of UK companies see bring-your-own-device (BYOD) apps as dangerous and destructive and potential grounds for dismissal
Yet 83 of IT decision-makers and 33 of average information workers have downloaded non-supported apps or used a non-supported website for work
computerweeklycom 30 October - 5 November 2012 4
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 combines a desktop OS with tablet-touch functionality Cliff Saran and Caroline Baldwin report on the businesses it will benefit ndash and who it wonrsquot
Windows 8 is available now ndash but is it the right choice for your business
With the launch of Windows 8 Microsoft is taking a step into the unknown In a bid to stop its
lucrative PC operating system (OS) business losing sales to tablets such as the iPad the software giant is making its latest Windows launch a tablet-first OS
ldquoWersquore standing on the edge of a revolu-tion redefining what it means to use the word lsquodevicersquo I think it has to date stood for phones and tablets and wersquore walking into a world now where a device is just a com-puterrdquo said Anand Krishnan from Microsoftrsquos UK developer and platforms group
Windows 8 aims to fill a void neither Apple nor Google has yet to occupy namely the demand for an OS that works as well on a desktop as it does carried around on a tablet Patrick Walker head of IT at Beaverbrooks is attracted by the new Windows as a tablet operating system rather than as one support-ing notebook PCs The jewellery company is hoping to extend its mobile till offering but is waiting for Windows 8 tablets to integrate with the rest of its Windows-based systems
Windows 8 could offer Beaverbrooks a compelling alternative to MacOS and Android since the applications the company uses will not have to be redeveloped
ldquoWe use notebooks at the moment which we are looking at replacing with tablets We are waiting to see what Windows 8 has to offer as it would be easier to move onto a Microsoft tablet rather than Apple or Android as it would be more compatible with the rest of our systems which are written in Netrdquo said Walker
Accounting software provider Sage is one of Microsoftrsquos launch partners It has devel-oped a version of its product for Windows 8 The new version uses the touch user inter-face making it possible for users to do their accounts on a Windows 8 tablet
Microsoft vice-president Mike angiulo demonstrates Windows 8 at a preview event in barcelona spain
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
Enterprise IT on the go Windows 8 offers a way for IT departments to run the entire OS from a USB memory stick This makes it useful to deploy when users want to run a secure corporate desk-top from their home desktop laptop PC or even at an internet cafe It can also be used when an IT department wants to pilot the new OS without disrupting the installed OS
Geoff Connell heads up IT at the London Borough of Newham and is head of business systems at the London Borough of Havering He is looking to roll out USB memory sticks installed with Windows 8
ldquoWe are currently only planning to deploy Windows 8 on USB sticks for remote access via home computersrdquo said Connell
He expects the roll-out will involve 1000-2000 users across Newham and Havering
computerweeklycom 30 October - 5 November 2012 5
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
to Windows 7rdquo said Sepp He said Windows 8rsquos lower power con-
sumption and relatively low system require-ments make the operating system a good choice for enterprises
Publisher Reed Elsevier is also migrating from Windows XP to Windows 7 and has no active plans to move onto Microsoftrsquos new-est operating system yet since it too is migrating from XP to Windows 7
ldquoWersquore making an investment right now we donrsquot want to disrupt that by skipping Windows 7 which is an established mature operating system to move to Windows 8rdquo said Jonathan Gregory enterprise architect at Reed Elsevier
What next for Windows 8Windows 8 represents a milestone for Microsoft It is combining desktop laptop and tablet functionality into one operating system It will mean users will only need one device which can work while they are
at their desk with a key-board while they are travelling and when they arrive at a meeting
Some of the CIOs Computer Weekly spoke to believe Windows 8 will be the right choice for enterprises because it avoids the com-plexity of support-
ing alternative tablet OSs such as
Applersquos iOS on the iPad and Googlersquos Android that may not be compat-ible with existing enterprise systems and security policies Newham amp Haveringrsquos Geoff Connell is keen to use the USB boot feature to distribute Windows 8 to remote workers as a plug-on OS
But Microsoftrsquos biggest barrier to Windows 8 adoption is its existing legacy those organ-isations going through the pain of migrating from Windows XP to Windows 7 Many such businesses are unlikely to deploy the new operating system unless there is a compel-ling reason such as to rollout Windows 8 tablets across a mobile workforce n
Newham has been an early adopter of Microsoft technologies since 2004 when it signed a strategic partnership with HP and Microsoft following a controversial tender process where the council pitted open source technologies against Microsoft Windows The council also runs Windows Server 2012
The XP legacyMany organisations are still in the process of mov-ing from Windows XP to Windows 7 or have just completed the migration This could greatly reduce the immediate adoption of Windows 8
ldquoWindows XP is at the end of support and many organisa-tions will be forced to upgrade to either Windows 7 or 8rdquo said Taavi Sepp IT operations manager at the Energy Industries Council (EIC)
ldquoHowever Windows 7 has just about reached maturity which will pose the
question if itrsquos fit for purpose why changerdquo
The EIC is currently moving gradu-
ally from XP to Windows 7 however the migration is being held back due to legacy Iris Integra CRM and Sage account applica-tions which are incompatible
ldquoWe are looking to replace the products within the next three months and then move
rsaquo Suppliers announce Windows 8 devicesrsaquo Windows 8 What SMEs need to know
rsaquo What IT managers can expect of Windows 8
ldquoWindoWs 7 has just about reached maturity Which Will pose the question if itrsquos fit for purpose Why changerdquo
analysis
1 The cumulative number of unique malware samples in the McAfee collection exceeded the 75 million mark at the end of 2011 Source ldquoMcAfee Threats Report Fourth Quarter 2011rdquo available at wwwmcafeecom (httpwwwmcafeecomusresourcesreportsrp-quarterly-threat-q4-2011pdf)
2 No system can provide absolute security under all conditions Requires an Intel Identity Protection Technologyndashenabled system including a 2nd or 3rd Gen Intel Coretrade processor enabled chipset Agravermware software and participating website Consult your system manufacturer Intel assumes no
liability for lost or stolen data andor systems or any resulting damages For more information visit httpiptintelcom 3 Intel AES-NI requires a computer system with an AES-NI-enabled processor as well as non-Intel software to execute the instructions in the correct sequence AES-NI is available on
select Intel Core processors For availability consult your system manufacturer For more information see httpsoftwareintelcomen-usarticlesintel-advanced-encryption-standard-instructions-aes-ni 4 No computer system can provide absolute security under all conditions Built-in security features
available on select Intel Core processors may require additional software hardware services andor an Internet connection Results may vary depending upon conAgraveguration Consult your PC manufacturer for more details Copyright copy 2012 Intel Corporation All rights reserved Intel the Intel logo Intel
Core and Intel vPro are trademarks of Intel Corporation in the US and other countries Other names and brands may be claimed as the property of others
Built for Business Engineered for Security
Learn more at intelcoukpcsecurity
The 3rd Generation Intelreg Coretrade vProtrade Processors
Deliver Unprecedented Protection for Business
75000000UNIQUE MAlwARE SAMPlES1
AddEd PROTECTION AgAINST MAlwARE ANd ROOTkITS
TwO-FACTOR
AUThENTICATION
OFFERS
BUIlT-IN
SECURITy4
PROTECTS dATA FOR wORkERSINTElreg TRUSTEd ExECUTION TEChNOlOgy (INTEl TxT)
INTEl VIRTUAlIzATION TEChNOlOgy (INTEl VT)
INTEl IdENTITy PROTECTION
TEChNOlOgy (IPT) wITh PUBlIC
kEy INFRASTRUCTURE (PkI)2
bull VIRUS PROTECTION
bull MAlwARE PREVENTION
bull SECURE ACCESS
bull dATA PROTECTION
ONSITEON-ThE-gO
UP TO 400
PERCENT FASTER
dATA ENCRyPTION
INTEl AdVANCEd ENCRyPTION
STANdARd NEw INSTRUCTIONS
(INTEl AES-NI)3
10052012 2050 Twist 235
computerweeklycom 30 October - 5 November 2012 7
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 security report card
In the run-up to the launch of Microsoftrsquos Windows 8 much has been said about the new user interface because on the
surface Windows 8 looks very different to anything Microsoft has done before
But is that true when it comes to security If Microsoft is to win back the enterprise as it goes in pursuit of tablets and other mobile devices security is an important factor
embedded hardware securityOne of the most important developments in Windows 8 is Microsoftrsquos decision to focus on active embedded hardware security
This move comes in response to a rapidly changing cyber landscape marked by the threat of sophisticated boot sector viruses compliance with data protection laws an increasingly mobile workforce and porous network perimeters according to Brian Berger executive vice-president of marketing and sales at Wave Systems
Microsoftrsquos decision brings the Trusted Platform Module (TPM) and optional use of self-encrypting drives (SEDs) into the main-stream for enterprises
ldquoHardware-based security becomes even more pervasive in broader platform types and a very real and cost-effective option for securing business continuity and datardquo said Berger ldquoIt also represents a powerful endorsement of open industry standards for
hardware embedded securityrdquoWith advances in malware detection mod-
ern authentication for network access and encryption Windows 8 will provide support for remote attestation by trusted third parties
ldquoThis supports the market need for plat-form level authentication and native support for SEDs as part of the OS Windows 8 plat-forms will include a TPM and optional SED support built into the OSrdquo said Berger
According to the Trusted Computing Group (TCG) ndash which published the TPM specifica-tion ndash the technology offers a cheaper and better alternative to software-based informa-tion security systems
The TCG of which Microsoft is a founder member claims the technology has reached tipping point with TPMs now in more than 600 million computing devices
While there has been third-party sup-port for SEDs on Windows XP Vista and Windows 7 Windows 8 will provide native support for SEDs as part of the OS
This means Windows 8 will have a built-in encryption key management capability for SEDs which offloads encryption processing to hardware
The active use of TPMs allows boot level security features to be implemented TPMs used in conjunction with the Windows 8 sup-ported hardened UEFI BIOS standard can also enable the enterprise to check the platformrsquos
Windows 8 is seen as an evolutionary jump for the operating system but is the security good enough to win back the enterprise Warwick Ashford reports
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
MIF
LIPP
OT
HIN
KSTO
CK
computerweeklycom 30 October - 5 November 2012 8
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
integrity that can be affected by malware in the pre-boot state ensuring the device has not been altered by malicious code
ldquoIt does this through hardware-protected measurements bound to the platform Software security fails to do thisrdquo said Berger
Seeing a commercial opportunity Wave Systems can provide software support for TPMs and SEDs to make it easier for enter-prises to implement these strategic security features on both Windows 7 and Windows 8
ldquoThe launch of the new OS brings fresh capability for the management of virtual smartcards and DirectAccessrdquo said Berger
This allows enterprise users to establish their identity using the machine as a token-for-network log on he said eliminating the need for multiple passwords which fail to live up to the current threats we face
The move to UEFI and TPM to enable trusted boot and to secure the boot chain is a huge step forward according to James Lyne director of technology strategy at Sophos
ldquoMaster boot record (MBR) loaders are undetectable by most anti-malware systems which has been painful so it is good to have a way of tackling it in the OSrdquo he said
However according to Lyne in releasing Windows 8 Microsoft has squandered the opportunity to address a well-known vulner-ability in the way its OS handles IPv6 traffic
Using a tool such as flood_router6 from the thc-ipv6 package a remote attacker can cause a denial of service or system hang by sending multiple router advertisement (RA) messages with different source addresses
Updating the routing tables and configuring IPv6 addresses requires 100 of processing resources If a network is flooded with random router announcements Windows and other operating systems struggle to update their routing tables causing systems to hang
Microsoft has not fixed this problem in Windows 8 said Lyne nor improved the certificate store and the management
of trust to reduce the vulnerability to rogue or compromised certificate authorities by using the TPM more and the ability to intercept and lock down fake certificates used by malware
Security gapsDifferences in the versions of Windows 8 could create security gaps said Lyne
There are three versions Windows 8 which is the ldquohomerdquo edition Windows 8 Pro which includes features for enterprises such as support for Hyper-V BitLocker a
virtual private network (VPN) client and group policy support and Windows RT which is built for ARM-powered devices such as low-powered tablets and lifestyle PC devices
ldquoMy worry is that enterprises and other users will treat them all the same when it comes to security but the risks are differentrdquo said Lyne Windows RT provides a much higher security standard for example as only approved apps will run
ldquoMicrosoft has adopted a similar approach to Apple in creating a walled gardenrdquo he said
For Microsoft to improve security Windows needs to make a break from the shackles of backward-compatibility he adds
ldquoThe rate at which enterprise users have moved to the iPad and similar devices dem-onstrates that enterprises are more willing to change doctrine in return for tangible ben-efits than Microsoft thinksrdquo he said
Lyne believes Microsoft should have pushed the walled garden approach of Windows RT into the other versions of the OS
ldquoWhile Windows 8 moves in the right direction in terms of security it is not that much different from Windows 7rdquo he said
Windows 8 security report card Has shown improvement but could do better There are still some areas that need work n
rsaquo Examining alternatives to Windows 8rsaquo Windows 8 ndash Beauty and the Beast
rsaquo Video interview Why develop for Windows 8
analysis
ldquothe launch of the neW os brings fresh capability for the management of virtual smartcards and directaccessrdquobrian berger Wave systems
computerweeklycom 30 October - 5 November 2012 9
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Case study
Staff at engineering consultancy Buro Happold spent a lot of time travelling until the company found a different way of collaborating Jennifer Scott reports
How video-conferencing saved time and money for one engineering firm
Buro Happold is a global engineering consultancy with 27 offices in seven countries Founded in Bath in south-
west England Buro Happold has 1500 staff worldwide and has worked on projects rang-ing from the O2 in London to the Louvre in Abu Dhabi
However even the most successful busi-ness has its issues For Buro Happold the distance between offices and the time employees spent travelling between them was causing problems
ldquoSome see it as a standard problem of the worklife balancerdquo said Jason Kane IT operations manager for the firm ldquoAll the commuting travel getting to the airport and losing those hours was an issue for usrdquo
Travelling costs were substantial and a lot of engineersrsquo time was spent in transit
Buro Happold decided it needed to revamp its video-conferencing capabilities to save time and make the company more produc-tive It already had a video system in place but it was low-definition and being only room-based could not helping employees already on the move
Choosing a supplierAfter speaking to a number of suppliers the company opted for Polycom
ldquoWe looked at Cisco and Tandberg before deciding on Polycomrdquo said Kane ldquoWe had an office communications server (OCS) but we were just using it for instant messaging so we knew it had much more to give
ldquoThe compatibility with OCS ended up one of the main reasons we went with Polycomrdquo
Polycom provided Buro Happold with two RMX bridges to work as a base platform for the video-conferencing service It provided every member of staff with their own unique virtual meeting number meaning they could use the system regardless of location
Will video conferencing
find its business
market in 2012
Polycom breaks down
barriers to adopting video
conferencing
ldquoOur employees can use the updated room systems to have a point-to-point call they can do a direct call from their desk they can even create a virtual meeting room in a Microsoft Lync windowrdquo said Kane
ldquoWe have provided end points web cam-eras and screens with built-in web cams and everyone has a headset nowrdquo
More than 90 of staff now use the sys-tem In August 2012 7500 calls were made showing great enthusiasm from employees
ldquoThere has been a ripple effect in adop-tionrdquo said Kane ldquoWe have a highly skilled workforce who are often challenging us to move forward
ldquoWith the likes of Skype ndash that has been around for years ndash and the fact they have been going to external systems such as Citrixrsquos GoToMeeting meant it wasnrsquot diffi-cult for them to use
ldquoHowever we found the ripple effect because different people in different loca-tions began to use it and the more people who used it the more were drawn inrdquo
video conferencing cut travel costs and time spent in transit
computerweeklycom 30 October - 5 November 2012 10
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
being developed for the devicesldquoWhen it comes to bring your own device
(BYOD) we donrsquot want to say no so it is about taking that technology and changing the business to fit with itrdquo
Apple vs MicrosoftKane and his team are currently debating whether to get a corporate iPhone contract with Apple or look to Microsoft and its new Windows Phone 8 mobile operating sys-tem available on handsets from the likes of Nokia and HTC
ldquoWith Windows Phone 8 sharing so much with Windows it is quite appealing and there is no ruling out Microsoft at this stagerdquo Kane said
As well as the mobile device route Buro Happold is also encouraging its partners to use the system as bringing as many parts of the ecosystem onto video-conferencing as possible will increase productivity
ldquoClients are now required to have Microsoft Lync to work with us and we are immediately seeing the benefitsrdquo said Kane n
Educating usersIt wasnrsquot all plain sailing though Staff proved keen to use the system in ways they saw fit rather than what it was designed for
ldquoThe one thing I learned from this experi-ence was in terms of communication and trainingrdquo admitted Kane ldquoIf you try and pre-empt how users use the system they will use it in a different wayrdquo
ldquoWe learned that the hard way and had to follow up with a lot of lunchtime briefings as
well as spending a lot of time refining a one-page document explaining how to use itrdquo
He added ldquoThe technology worked beauti-fully but getting people to understand how to use it and what it is for that was the chal-lenge and the one bit of advice Irsquod give is to prepare for thatrdquo
The benefits seemed to outweigh this one negative though with the company reducing its CO2 emissions making meetings more efficient and saving money in the process
Now Buro Happold is looking at extending the Polycom system to mobile devices ena-bling employ-ees to use it on
iPads and mobile phones as well as laptops desktops and the room systems
ldquoWe are trialling the iPad system with a small footprint at the moment including the CEO as we do see that as the next big thingrdquo said Kane ldquoWe are traditionally a BlackBerry house but we are making a shift away because there are hardly any business apps
rsaquo Which video conferencing gives best valuersaquo Video conferencing interoperability issues
rsaquo Questions to ask about video conferencing
ldquothe technology Worked beautifully but getting people to understand hoW to use it and What it is for that Was the challengerdquo
Case study
buro Happold now requires clients to use Microsoft lync to do business
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 4
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 combines a desktop OS with tablet-touch functionality Cliff Saran and Caroline Baldwin report on the businesses it will benefit ndash and who it wonrsquot
Windows 8 is available now ndash but is it the right choice for your business
With the launch of Windows 8 Microsoft is taking a step into the unknown In a bid to stop its
lucrative PC operating system (OS) business losing sales to tablets such as the iPad the software giant is making its latest Windows launch a tablet-first OS
ldquoWersquore standing on the edge of a revolu-tion redefining what it means to use the word lsquodevicersquo I think it has to date stood for phones and tablets and wersquore walking into a world now where a device is just a com-puterrdquo said Anand Krishnan from Microsoftrsquos UK developer and platforms group
Windows 8 aims to fill a void neither Apple nor Google has yet to occupy namely the demand for an OS that works as well on a desktop as it does carried around on a tablet Patrick Walker head of IT at Beaverbrooks is attracted by the new Windows as a tablet operating system rather than as one support-ing notebook PCs The jewellery company is hoping to extend its mobile till offering but is waiting for Windows 8 tablets to integrate with the rest of its Windows-based systems
Windows 8 could offer Beaverbrooks a compelling alternative to MacOS and Android since the applications the company uses will not have to be redeveloped
ldquoWe use notebooks at the moment which we are looking at replacing with tablets We are waiting to see what Windows 8 has to offer as it would be easier to move onto a Microsoft tablet rather than Apple or Android as it would be more compatible with the rest of our systems which are written in Netrdquo said Walker
Accounting software provider Sage is one of Microsoftrsquos launch partners It has devel-oped a version of its product for Windows 8 The new version uses the touch user inter-face making it possible for users to do their accounts on a Windows 8 tablet
Microsoft vice-president Mike angiulo demonstrates Windows 8 at a preview event in barcelona spain
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
Enterprise IT on the go Windows 8 offers a way for IT departments to run the entire OS from a USB memory stick This makes it useful to deploy when users want to run a secure corporate desk-top from their home desktop laptop PC or even at an internet cafe It can also be used when an IT department wants to pilot the new OS without disrupting the installed OS
Geoff Connell heads up IT at the London Borough of Newham and is head of business systems at the London Borough of Havering He is looking to roll out USB memory sticks installed with Windows 8
ldquoWe are currently only planning to deploy Windows 8 on USB sticks for remote access via home computersrdquo said Connell
He expects the roll-out will involve 1000-2000 users across Newham and Havering
computerweeklycom 30 October - 5 November 2012 5
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
to Windows 7rdquo said Sepp He said Windows 8rsquos lower power con-
sumption and relatively low system require-ments make the operating system a good choice for enterprises
Publisher Reed Elsevier is also migrating from Windows XP to Windows 7 and has no active plans to move onto Microsoftrsquos new-est operating system yet since it too is migrating from XP to Windows 7
ldquoWersquore making an investment right now we donrsquot want to disrupt that by skipping Windows 7 which is an established mature operating system to move to Windows 8rdquo said Jonathan Gregory enterprise architect at Reed Elsevier
What next for Windows 8Windows 8 represents a milestone for Microsoft It is combining desktop laptop and tablet functionality into one operating system It will mean users will only need one device which can work while they are
at their desk with a key-board while they are travelling and when they arrive at a meeting
Some of the CIOs Computer Weekly spoke to believe Windows 8 will be the right choice for enterprises because it avoids the com-plexity of support-
ing alternative tablet OSs such as
Applersquos iOS on the iPad and Googlersquos Android that may not be compat-ible with existing enterprise systems and security policies Newham amp Haveringrsquos Geoff Connell is keen to use the USB boot feature to distribute Windows 8 to remote workers as a plug-on OS
But Microsoftrsquos biggest barrier to Windows 8 adoption is its existing legacy those organ-isations going through the pain of migrating from Windows XP to Windows 7 Many such businesses are unlikely to deploy the new operating system unless there is a compel-ling reason such as to rollout Windows 8 tablets across a mobile workforce n
Newham has been an early adopter of Microsoft technologies since 2004 when it signed a strategic partnership with HP and Microsoft following a controversial tender process where the council pitted open source technologies against Microsoft Windows The council also runs Windows Server 2012
The XP legacyMany organisations are still in the process of mov-ing from Windows XP to Windows 7 or have just completed the migration This could greatly reduce the immediate adoption of Windows 8
ldquoWindows XP is at the end of support and many organisa-tions will be forced to upgrade to either Windows 7 or 8rdquo said Taavi Sepp IT operations manager at the Energy Industries Council (EIC)
ldquoHowever Windows 7 has just about reached maturity which will pose the
question if itrsquos fit for purpose why changerdquo
The EIC is currently moving gradu-
ally from XP to Windows 7 however the migration is being held back due to legacy Iris Integra CRM and Sage account applica-tions which are incompatible
ldquoWe are looking to replace the products within the next three months and then move
rsaquo Suppliers announce Windows 8 devicesrsaquo Windows 8 What SMEs need to know
rsaquo What IT managers can expect of Windows 8
ldquoWindoWs 7 has just about reached maturity Which Will pose the question if itrsquos fit for purpose Why changerdquo
analysis
1 The cumulative number of unique malware samples in the McAfee collection exceeded the 75 million mark at the end of 2011 Source ldquoMcAfee Threats Report Fourth Quarter 2011rdquo available at wwwmcafeecom (httpwwwmcafeecomusresourcesreportsrp-quarterly-threat-q4-2011pdf)
2 No system can provide absolute security under all conditions Requires an Intel Identity Protection Technologyndashenabled system including a 2nd or 3rd Gen Intel Coretrade processor enabled chipset Agravermware software and participating website Consult your system manufacturer Intel assumes no
liability for lost or stolen data andor systems or any resulting damages For more information visit httpiptintelcom 3 Intel AES-NI requires a computer system with an AES-NI-enabled processor as well as non-Intel software to execute the instructions in the correct sequence AES-NI is available on
select Intel Core processors For availability consult your system manufacturer For more information see httpsoftwareintelcomen-usarticlesintel-advanced-encryption-standard-instructions-aes-ni 4 No computer system can provide absolute security under all conditions Built-in security features
available on select Intel Core processors may require additional software hardware services andor an Internet connection Results may vary depending upon conAgraveguration Consult your PC manufacturer for more details Copyright copy 2012 Intel Corporation All rights reserved Intel the Intel logo Intel
Core and Intel vPro are trademarks of Intel Corporation in the US and other countries Other names and brands may be claimed as the property of others
Built for Business Engineered for Security
Learn more at intelcoukpcsecurity
The 3rd Generation Intelreg Coretrade vProtrade Processors
Deliver Unprecedented Protection for Business
75000000UNIQUE MAlwARE SAMPlES1
AddEd PROTECTION AgAINST MAlwARE ANd ROOTkITS
TwO-FACTOR
AUThENTICATION
OFFERS
BUIlT-IN
SECURITy4
PROTECTS dATA FOR wORkERSINTElreg TRUSTEd ExECUTION TEChNOlOgy (INTEl TxT)
INTEl VIRTUAlIzATION TEChNOlOgy (INTEl VT)
INTEl IdENTITy PROTECTION
TEChNOlOgy (IPT) wITh PUBlIC
kEy INFRASTRUCTURE (PkI)2
bull VIRUS PROTECTION
bull MAlwARE PREVENTION
bull SECURE ACCESS
bull dATA PROTECTION
ONSITEON-ThE-gO
UP TO 400
PERCENT FASTER
dATA ENCRyPTION
INTEl AdVANCEd ENCRyPTION
STANdARd NEw INSTRUCTIONS
(INTEl AES-NI)3
10052012 2050 Twist 235
computerweeklycom 30 October - 5 November 2012 7
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 security report card
In the run-up to the launch of Microsoftrsquos Windows 8 much has been said about the new user interface because on the
surface Windows 8 looks very different to anything Microsoft has done before
But is that true when it comes to security If Microsoft is to win back the enterprise as it goes in pursuit of tablets and other mobile devices security is an important factor
embedded hardware securityOne of the most important developments in Windows 8 is Microsoftrsquos decision to focus on active embedded hardware security
This move comes in response to a rapidly changing cyber landscape marked by the threat of sophisticated boot sector viruses compliance with data protection laws an increasingly mobile workforce and porous network perimeters according to Brian Berger executive vice-president of marketing and sales at Wave Systems
Microsoftrsquos decision brings the Trusted Platform Module (TPM) and optional use of self-encrypting drives (SEDs) into the main-stream for enterprises
ldquoHardware-based security becomes even more pervasive in broader platform types and a very real and cost-effective option for securing business continuity and datardquo said Berger ldquoIt also represents a powerful endorsement of open industry standards for
hardware embedded securityrdquoWith advances in malware detection mod-
ern authentication for network access and encryption Windows 8 will provide support for remote attestation by trusted third parties
ldquoThis supports the market need for plat-form level authentication and native support for SEDs as part of the OS Windows 8 plat-forms will include a TPM and optional SED support built into the OSrdquo said Berger
According to the Trusted Computing Group (TCG) ndash which published the TPM specifica-tion ndash the technology offers a cheaper and better alternative to software-based informa-tion security systems
The TCG of which Microsoft is a founder member claims the technology has reached tipping point with TPMs now in more than 600 million computing devices
While there has been third-party sup-port for SEDs on Windows XP Vista and Windows 7 Windows 8 will provide native support for SEDs as part of the OS
This means Windows 8 will have a built-in encryption key management capability for SEDs which offloads encryption processing to hardware
The active use of TPMs allows boot level security features to be implemented TPMs used in conjunction with the Windows 8 sup-ported hardened UEFI BIOS standard can also enable the enterprise to check the platformrsquos
Windows 8 is seen as an evolutionary jump for the operating system but is the security good enough to win back the enterprise Warwick Ashford reports
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
MIF
LIPP
OT
HIN
KSTO
CK
computerweeklycom 30 October - 5 November 2012 8
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
integrity that can be affected by malware in the pre-boot state ensuring the device has not been altered by malicious code
ldquoIt does this through hardware-protected measurements bound to the platform Software security fails to do thisrdquo said Berger
Seeing a commercial opportunity Wave Systems can provide software support for TPMs and SEDs to make it easier for enter-prises to implement these strategic security features on both Windows 7 and Windows 8
ldquoThe launch of the new OS brings fresh capability for the management of virtual smartcards and DirectAccessrdquo said Berger
This allows enterprise users to establish their identity using the machine as a token-for-network log on he said eliminating the need for multiple passwords which fail to live up to the current threats we face
The move to UEFI and TPM to enable trusted boot and to secure the boot chain is a huge step forward according to James Lyne director of technology strategy at Sophos
ldquoMaster boot record (MBR) loaders are undetectable by most anti-malware systems which has been painful so it is good to have a way of tackling it in the OSrdquo he said
However according to Lyne in releasing Windows 8 Microsoft has squandered the opportunity to address a well-known vulner-ability in the way its OS handles IPv6 traffic
Using a tool such as flood_router6 from the thc-ipv6 package a remote attacker can cause a denial of service or system hang by sending multiple router advertisement (RA) messages with different source addresses
Updating the routing tables and configuring IPv6 addresses requires 100 of processing resources If a network is flooded with random router announcements Windows and other operating systems struggle to update their routing tables causing systems to hang
Microsoft has not fixed this problem in Windows 8 said Lyne nor improved the certificate store and the management
of trust to reduce the vulnerability to rogue or compromised certificate authorities by using the TPM more and the ability to intercept and lock down fake certificates used by malware
Security gapsDifferences in the versions of Windows 8 could create security gaps said Lyne
There are three versions Windows 8 which is the ldquohomerdquo edition Windows 8 Pro which includes features for enterprises such as support for Hyper-V BitLocker a
virtual private network (VPN) client and group policy support and Windows RT which is built for ARM-powered devices such as low-powered tablets and lifestyle PC devices
ldquoMy worry is that enterprises and other users will treat them all the same when it comes to security but the risks are differentrdquo said Lyne Windows RT provides a much higher security standard for example as only approved apps will run
ldquoMicrosoft has adopted a similar approach to Apple in creating a walled gardenrdquo he said
For Microsoft to improve security Windows needs to make a break from the shackles of backward-compatibility he adds
ldquoThe rate at which enterprise users have moved to the iPad and similar devices dem-onstrates that enterprises are more willing to change doctrine in return for tangible ben-efits than Microsoft thinksrdquo he said
Lyne believes Microsoft should have pushed the walled garden approach of Windows RT into the other versions of the OS
ldquoWhile Windows 8 moves in the right direction in terms of security it is not that much different from Windows 7rdquo he said
Windows 8 security report card Has shown improvement but could do better There are still some areas that need work n
rsaquo Examining alternatives to Windows 8rsaquo Windows 8 ndash Beauty and the Beast
rsaquo Video interview Why develop for Windows 8
analysis
ldquothe launch of the neW os brings fresh capability for the management of virtual smartcards and directaccessrdquobrian berger Wave systems
computerweeklycom 30 October - 5 November 2012 9
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Case study
Staff at engineering consultancy Buro Happold spent a lot of time travelling until the company found a different way of collaborating Jennifer Scott reports
How video-conferencing saved time and money for one engineering firm
Buro Happold is a global engineering consultancy with 27 offices in seven countries Founded in Bath in south-
west England Buro Happold has 1500 staff worldwide and has worked on projects rang-ing from the O2 in London to the Louvre in Abu Dhabi
However even the most successful busi-ness has its issues For Buro Happold the distance between offices and the time employees spent travelling between them was causing problems
ldquoSome see it as a standard problem of the worklife balancerdquo said Jason Kane IT operations manager for the firm ldquoAll the commuting travel getting to the airport and losing those hours was an issue for usrdquo
Travelling costs were substantial and a lot of engineersrsquo time was spent in transit
Buro Happold decided it needed to revamp its video-conferencing capabilities to save time and make the company more produc-tive It already had a video system in place but it was low-definition and being only room-based could not helping employees already on the move
Choosing a supplierAfter speaking to a number of suppliers the company opted for Polycom
ldquoWe looked at Cisco and Tandberg before deciding on Polycomrdquo said Kane ldquoWe had an office communications server (OCS) but we were just using it for instant messaging so we knew it had much more to give
ldquoThe compatibility with OCS ended up one of the main reasons we went with Polycomrdquo
Polycom provided Buro Happold with two RMX bridges to work as a base platform for the video-conferencing service It provided every member of staff with their own unique virtual meeting number meaning they could use the system regardless of location
Will video conferencing
find its business
market in 2012
Polycom breaks down
barriers to adopting video
conferencing
ldquoOur employees can use the updated room systems to have a point-to-point call they can do a direct call from their desk they can even create a virtual meeting room in a Microsoft Lync windowrdquo said Kane
ldquoWe have provided end points web cam-eras and screens with built-in web cams and everyone has a headset nowrdquo
More than 90 of staff now use the sys-tem In August 2012 7500 calls were made showing great enthusiasm from employees
ldquoThere has been a ripple effect in adop-tionrdquo said Kane ldquoWe have a highly skilled workforce who are often challenging us to move forward
ldquoWith the likes of Skype ndash that has been around for years ndash and the fact they have been going to external systems such as Citrixrsquos GoToMeeting meant it wasnrsquot diffi-cult for them to use
ldquoHowever we found the ripple effect because different people in different loca-tions began to use it and the more people who used it the more were drawn inrdquo
video conferencing cut travel costs and time spent in transit
computerweeklycom 30 October - 5 November 2012 10
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
being developed for the devicesldquoWhen it comes to bring your own device
(BYOD) we donrsquot want to say no so it is about taking that technology and changing the business to fit with itrdquo
Apple vs MicrosoftKane and his team are currently debating whether to get a corporate iPhone contract with Apple or look to Microsoft and its new Windows Phone 8 mobile operating sys-tem available on handsets from the likes of Nokia and HTC
ldquoWith Windows Phone 8 sharing so much with Windows it is quite appealing and there is no ruling out Microsoft at this stagerdquo Kane said
As well as the mobile device route Buro Happold is also encouraging its partners to use the system as bringing as many parts of the ecosystem onto video-conferencing as possible will increase productivity
ldquoClients are now required to have Microsoft Lync to work with us and we are immediately seeing the benefitsrdquo said Kane n
Educating usersIt wasnrsquot all plain sailing though Staff proved keen to use the system in ways they saw fit rather than what it was designed for
ldquoThe one thing I learned from this experi-ence was in terms of communication and trainingrdquo admitted Kane ldquoIf you try and pre-empt how users use the system they will use it in a different wayrdquo
ldquoWe learned that the hard way and had to follow up with a lot of lunchtime briefings as
well as spending a lot of time refining a one-page document explaining how to use itrdquo
He added ldquoThe technology worked beauti-fully but getting people to understand how to use it and what it is for that was the chal-lenge and the one bit of advice Irsquod give is to prepare for thatrdquo
The benefits seemed to outweigh this one negative though with the company reducing its CO2 emissions making meetings more efficient and saving money in the process
Now Buro Happold is looking at extending the Polycom system to mobile devices ena-bling employ-ees to use it on
iPads and mobile phones as well as laptops desktops and the room systems
ldquoWe are trialling the iPad system with a small footprint at the moment including the CEO as we do see that as the next big thingrdquo said Kane ldquoWe are traditionally a BlackBerry house but we are making a shift away because there are hardly any business apps
rsaquo Which video conferencing gives best valuersaquo Video conferencing interoperability issues
rsaquo Questions to ask about video conferencing
ldquothe technology Worked beautifully but getting people to understand hoW to use it and What it is for that Was the challengerdquo
Case study
buro Happold now requires clients to use Microsoft lync to do business
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 5
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
to Windows 7rdquo said Sepp He said Windows 8rsquos lower power con-
sumption and relatively low system require-ments make the operating system a good choice for enterprises
Publisher Reed Elsevier is also migrating from Windows XP to Windows 7 and has no active plans to move onto Microsoftrsquos new-est operating system yet since it too is migrating from XP to Windows 7
ldquoWersquore making an investment right now we donrsquot want to disrupt that by skipping Windows 7 which is an established mature operating system to move to Windows 8rdquo said Jonathan Gregory enterprise architect at Reed Elsevier
What next for Windows 8Windows 8 represents a milestone for Microsoft It is combining desktop laptop and tablet functionality into one operating system It will mean users will only need one device which can work while they are
at their desk with a key-board while they are travelling and when they arrive at a meeting
Some of the CIOs Computer Weekly spoke to believe Windows 8 will be the right choice for enterprises because it avoids the com-plexity of support-
ing alternative tablet OSs such as
Applersquos iOS on the iPad and Googlersquos Android that may not be compat-ible with existing enterprise systems and security policies Newham amp Haveringrsquos Geoff Connell is keen to use the USB boot feature to distribute Windows 8 to remote workers as a plug-on OS
But Microsoftrsquos biggest barrier to Windows 8 adoption is its existing legacy those organ-isations going through the pain of migrating from Windows XP to Windows 7 Many such businesses are unlikely to deploy the new operating system unless there is a compel-ling reason such as to rollout Windows 8 tablets across a mobile workforce n
Newham has been an early adopter of Microsoft technologies since 2004 when it signed a strategic partnership with HP and Microsoft following a controversial tender process where the council pitted open source technologies against Microsoft Windows The council also runs Windows Server 2012
The XP legacyMany organisations are still in the process of mov-ing from Windows XP to Windows 7 or have just completed the migration This could greatly reduce the immediate adoption of Windows 8
ldquoWindows XP is at the end of support and many organisa-tions will be forced to upgrade to either Windows 7 or 8rdquo said Taavi Sepp IT operations manager at the Energy Industries Council (EIC)
ldquoHowever Windows 7 has just about reached maturity which will pose the
question if itrsquos fit for purpose why changerdquo
The EIC is currently moving gradu-
ally from XP to Windows 7 however the migration is being held back due to legacy Iris Integra CRM and Sage account applica-tions which are incompatible
ldquoWe are looking to replace the products within the next three months and then move
rsaquo Suppliers announce Windows 8 devicesrsaquo Windows 8 What SMEs need to know
rsaquo What IT managers can expect of Windows 8
ldquoWindoWs 7 has just about reached maturity Which Will pose the question if itrsquos fit for purpose Why changerdquo
analysis
1 The cumulative number of unique malware samples in the McAfee collection exceeded the 75 million mark at the end of 2011 Source ldquoMcAfee Threats Report Fourth Quarter 2011rdquo available at wwwmcafeecom (httpwwwmcafeecomusresourcesreportsrp-quarterly-threat-q4-2011pdf)
2 No system can provide absolute security under all conditions Requires an Intel Identity Protection Technologyndashenabled system including a 2nd or 3rd Gen Intel Coretrade processor enabled chipset Agravermware software and participating website Consult your system manufacturer Intel assumes no
liability for lost or stolen data andor systems or any resulting damages For more information visit httpiptintelcom 3 Intel AES-NI requires a computer system with an AES-NI-enabled processor as well as non-Intel software to execute the instructions in the correct sequence AES-NI is available on
select Intel Core processors For availability consult your system manufacturer For more information see httpsoftwareintelcomen-usarticlesintel-advanced-encryption-standard-instructions-aes-ni 4 No computer system can provide absolute security under all conditions Built-in security features
available on select Intel Core processors may require additional software hardware services andor an Internet connection Results may vary depending upon conAgraveguration Consult your PC manufacturer for more details Copyright copy 2012 Intel Corporation All rights reserved Intel the Intel logo Intel
Core and Intel vPro are trademarks of Intel Corporation in the US and other countries Other names and brands may be claimed as the property of others
Built for Business Engineered for Security
Learn more at intelcoukpcsecurity
The 3rd Generation Intelreg Coretrade vProtrade Processors
Deliver Unprecedented Protection for Business
75000000UNIQUE MAlwARE SAMPlES1
AddEd PROTECTION AgAINST MAlwARE ANd ROOTkITS
TwO-FACTOR
AUThENTICATION
OFFERS
BUIlT-IN
SECURITy4
PROTECTS dATA FOR wORkERSINTElreg TRUSTEd ExECUTION TEChNOlOgy (INTEl TxT)
INTEl VIRTUAlIzATION TEChNOlOgy (INTEl VT)
INTEl IdENTITy PROTECTION
TEChNOlOgy (IPT) wITh PUBlIC
kEy INFRASTRUCTURE (PkI)2
bull VIRUS PROTECTION
bull MAlwARE PREVENTION
bull SECURE ACCESS
bull dATA PROTECTION
ONSITEON-ThE-gO
UP TO 400
PERCENT FASTER
dATA ENCRyPTION
INTEl AdVANCEd ENCRyPTION
STANdARd NEw INSTRUCTIONS
(INTEl AES-NI)3
10052012 2050 Twist 235
computerweeklycom 30 October - 5 November 2012 7
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 security report card
In the run-up to the launch of Microsoftrsquos Windows 8 much has been said about the new user interface because on the
surface Windows 8 looks very different to anything Microsoft has done before
But is that true when it comes to security If Microsoft is to win back the enterprise as it goes in pursuit of tablets and other mobile devices security is an important factor
embedded hardware securityOne of the most important developments in Windows 8 is Microsoftrsquos decision to focus on active embedded hardware security
This move comes in response to a rapidly changing cyber landscape marked by the threat of sophisticated boot sector viruses compliance with data protection laws an increasingly mobile workforce and porous network perimeters according to Brian Berger executive vice-president of marketing and sales at Wave Systems
Microsoftrsquos decision brings the Trusted Platform Module (TPM) and optional use of self-encrypting drives (SEDs) into the main-stream for enterprises
ldquoHardware-based security becomes even more pervasive in broader platform types and a very real and cost-effective option for securing business continuity and datardquo said Berger ldquoIt also represents a powerful endorsement of open industry standards for
hardware embedded securityrdquoWith advances in malware detection mod-
ern authentication for network access and encryption Windows 8 will provide support for remote attestation by trusted third parties
ldquoThis supports the market need for plat-form level authentication and native support for SEDs as part of the OS Windows 8 plat-forms will include a TPM and optional SED support built into the OSrdquo said Berger
According to the Trusted Computing Group (TCG) ndash which published the TPM specifica-tion ndash the technology offers a cheaper and better alternative to software-based informa-tion security systems
The TCG of which Microsoft is a founder member claims the technology has reached tipping point with TPMs now in more than 600 million computing devices
While there has been third-party sup-port for SEDs on Windows XP Vista and Windows 7 Windows 8 will provide native support for SEDs as part of the OS
This means Windows 8 will have a built-in encryption key management capability for SEDs which offloads encryption processing to hardware
The active use of TPMs allows boot level security features to be implemented TPMs used in conjunction with the Windows 8 sup-ported hardened UEFI BIOS standard can also enable the enterprise to check the platformrsquos
Windows 8 is seen as an evolutionary jump for the operating system but is the security good enough to win back the enterprise Warwick Ashford reports
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
MIF
LIPP
OT
HIN
KSTO
CK
computerweeklycom 30 October - 5 November 2012 8
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
integrity that can be affected by malware in the pre-boot state ensuring the device has not been altered by malicious code
ldquoIt does this through hardware-protected measurements bound to the platform Software security fails to do thisrdquo said Berger
Seeing a commercial opportunity Wave Systems can provide software support for TPMs and SEDs to make it easier for enter-prises to implement these strategic security features on both Windows 7 and Windows 8
ldquoThe launch of the new OS brings fresh capability for the management of virtual smartcards and DirectAccessrdquo said Berger
This allows enterprise users to establish their identity using the machine as a token-for-network log on he said eliminating the need for multiple passwords which fail to live up to the current threats we face
The move to UEFI and TPM to enable trusted boot and to secure the boot chain is a huge step forward according to James Lyne director of technology strategy at Sophos
ldquoMaster boot record (MBR) loaders are undetectable by most anti-malware systems which has been painful so it is good to have a way of tackling it in the OSrdquo he said
However according to Lyne in releasing Windows 8 Microsoft has squandered the opportunity to address a well-known vulner-ability in the way its OS handles IPv6 traffic
Using a tool such as flood_router6 from the thc-ipv6 package a remote attacker can cause a denial of service or system hang by sending multiple router advertisement (RA) messages with different source addresses
Updating the routing tables and configuring IPv6 addresses requires 100 of processing resources If a network is flooded with random router announcements Windows and other operating systems struggle to update their routing tables causing systems to hang
Microsoft has not fixed this problem in Windows 8 said Lyne nor improved the certificate store and the management
of trust to reduce the vulnerability to rogue or compromised certificate authorities by using the TPM more and the ability to intercept and lock down fake certificates used by malware
Security gapsDifferences in the versions of Windows 8 could create security gaps said Lyne
There are three versions Windows 8 which is the ldquohomerdquo edition Windows 8 Pro which includes features for enterprises such as support for Hyper-V BitLocker a
virtual private network (VPN) client and group policy support and Windows RT which is built for ARM-powered devices such as low-powered tablets and lifestyle PC devices
ldquoMy worry is that enterprises and other users will treat them all the same when it comes to security but the risks are differentrdquo said Lyne Windows RT provides a much higher security standard for example as only approved apps will run
ldquoMicrosoft has adopted a similar approach to Apple in creating a walled gardenrdquo he said
For Microsoft to improve security Windows needs to make a break from the shackles of backward-compatibility he adds
ldquoThe rate at which enterprise users have moved to the iPad and similar devices dem-onstrates that enterprises are more willing to change doctrine in return for tangible ben-efits than Microsoft thinksrdquo he said
Lyne believes Microsoft should have pushed the walled garden approach of Windows RT into the other versions of the OS
ldquoWhile Windows 8 moves in the right direction in terms of security it is not that much different from Windows 7rdquo he said
Windows 8 security report card Has shown improvement but could do better There are still some areas that need work n
rsaquo Examining alternatives to Windows 8rsaquo Windows 8 ndash Beauty and the Beast
rsaquo Video interview Why develop for Windows 8
analysis
ldquothe launch of the neW os brings fresh capability for the management of virtual smartcards and directaccessrdquobrian berger Wave systems
computerweeklycom 30 October - 5 November 2012 9
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Case study
Staff at engineering consultancy Buro Happold spent a lot of time travelling until the company found a different way of collaborating Jennifer Scott reports
How video-conferencing saved time and money for one engineering firm
Buro Happold is a global engineering consultancy with 27 offices in seven countries Founded in Bath in south-
west England Buro Happold has 1500 staff worldwide and has worked on projects rang-ing from the O2 in London to the Louvre in Abu Dhabi
However even the most successful busi-ness has its issues For Buro Happold the distance between offices and the time employees spent travelling between them was causing problems
ldquoSome see it as a standard problem of the worklife balancerdquo said Jason Kane IT operations manager for the firm ldquoAll the commuting travel getting to the airport and losing those hours was an issue for usrdquo
Travelling costs were substantial and a lot of engineersrsquo time was spent in transit
Buro Happold decided it needed to revamp its video-conferencing capabilities to save time and make the company more produc-tive It already had a video system in place but it was low-definition and being only room-based could not helping employees already on the move
Choosing a supplierAfter speaking to a number of suppliers the company opted for Polycom
ldquoWe looked at Cisco and Tandberg before deciding on Polycomrdquo said Kane ldquoWe had an office communications server (OCS) but we were just using it for instant messaging so we knew it had much more to give
ldquoThe compatibility with OCS ended up one of the main reasons we went with Polycomrdquo
Polycom provided Buro Happold with two RMX bridges to work as a base platform for the video-conferencing service It provided every member of staff with their own unique virtual meeting number meaning they could use the system regardless of location
Will video conferencing
find its business
market in 2012
Polycom breaks down
barriers to adopting video
conferencing
ldquoOur employees can use the updated room systems to have a point-to-point call they can do a direct call from their desk they can even create a virtual meeting room in a Microsoft Lync windowrdquo said Kane
ldquoWe have provided end points web cam-eras and screens with built-in web cams and everyone has a headset nowrdquo
More than 90 of staff now use the sys-tem In August 2012 7500 calls were made showing great enthusiasm from employees
ldquoThere has been a ripple effect in adop-tionrdquo said Kane ldquoWe have a highly skilled workforce who are often challenging us to move forward
ldquoWith the likes of Skype ndash that has been around for years ndash and the fact they have been going to external systems such as Citrixrsquos GoToMeeting meant it wasnrsquot diffi-cult for them to use
ldquoHowever we found the ripple effect because different people in different loca-tions began to use it and the more people who used it the more were drawn inrdquo
video conferencing cut travel costs and time spent in transit
computerweeklycom 30 October - 5 November 2012 10
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
being developed for the devicesldquoWhen it comes to bring your own device
(BYOD) we donrsquot want to say no so it is about taking that technology and changing the business to fit with itrdquo
Apple vs MicrosoftKane and his team are currently debating whether to get a corporate iPhone contract with Apple or look to Microsoft and its new Windows Phone 8 mobile operating sys-tem available on handsets from the likes of Nokia and HTC
ldquoWith Windows Phone 8 sharing so much with Windows it is quite appealing and there is no ruling out Microsoft at this stagerdquo Kane said
As well as the mobile device route Buro Happold is also encouraging its partners to use the system as bringing as many parts of the ecosystem onto video-conferencing as possible will increase productivity
ldquoClients are now required to have Microsoft Lync to work with us and we are immediately seeing the benefitsrdquo said Kane n
Educating usersIt wasnrsquot all plain sailing though Staff proved keen to use the system in ways they saw fit rather than what it was designed for
ldquoThe one thing I learned from this experi-ence was in terms of communication and trainingrdquo admitted Kane ldquoIf you try and pre-empt how users use the system they will use it in a different wayrdquo
ldquoWe learned that the hard way and had to follow up with a lot of lunchtime briefings as
well as spending a lot of time refining a one-page document explaining how to use itrdquo
He added ldquoThe technology worked beauti-fully but getting people to understand how to use it and what it is for that was the chal-lenge and the one bit of advice Irsquod give is to prepare for thatrdquo
The benefits seemed to outweigh this one negative though with the company reducing its CO2 emissions making meetings more efficient and saving money in the process
Now Buro Happold is looking at extending the Polycom system to mobile devices ena-bling employ-ees to use it on
iPads and mobile phones as well as laptops desktops and the room systems
ldquoWe are trialling the iPad system with a small footprint at the moment including the CEO as we do see that as the next big thingrdquo said Kane ldquoWe are traditionally a BlackBerry house but we are making a shift away because there are hardly any business apps
rsaquo Which video conferencing gives best valuersaquo Video conferencing interoperability issues
rsaquo Questions to ask about video conferencing
ldquothe technology Worked beautifully but getting people to understand hoW to use it and What it is for that Was the challengerdquo
Case study
buro Happold now requires clients to use Microsoft lync to do business
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
1 The cumulative number of unique malware samples in the McAfee collection exceeded the 75 million mark at the end of 2011 Source ldquoMcAfee Threats Report Fourth Quarter 2011rdquo available at wwwmcafeecom (httpwwwmcafeecomusresourcesreportsrp-quarterly-threat-q4-2011pdf)
2 No system can provide absolute security under all conditions Requires an Intel Identity Protection Technologyndashenabled system including a 2nd or 3rd Gen Intel Coretrade processor enabled chipset Agravermware software and participating website Consult your system manufacturer Intel assumes no
liability for lost or stolen data andor systems or any resulting damages For more information visit httpiptintelcom 3 Intel AES-NI requires a computer system with an AES-NI-enabled processor as well as non-Intel software to execute the instructions in the correct sequence AES-NI is available on
select Intel Core processors For availability consult your system manufacturer For more information see httpsoftwareintelcomen-usarticlesintel-advanced-encryption-standard-instructions-aes-ni 4 No computer system can provide absolute security under all conditions Built-in security features
available on select Intel Core processors may require additional software hardware services andor an Internet connection Results may vary depending upon conAgraveguration Consult your PC manufacturer for more details Copyright copy 2012 Intel Corporation All rights reserved Intel the Intel logo Intel
Core and Intel vPro are trademarks of Intel Corporation in the US and other countries Other names and brands may be claimed as the property of others
Built for Business Engineered for Security
Learn more at intelcoukpcsecurity
The 3rd Generation Intelreg Coretrade vProtrade Processors
Deliver Unprecedented Protection for Business
75000000UNIQUE MAlwARE SAMPlES1
AddEd PROTECTION AgAINST MAlwARE ANd ROOTkITS
TwO-FACTOR
AUThENTICATION
OFFERS
BUIlT-IN
SECURITy4
PROTECTS dATA FOR wORkERSINTElreg TRUSTEd ExECUTION TEChNOlOgy (INTEl TxT)
INTEl VIRTUAlIzATION TEChNOlOgy (INTEl VT)
INTEl IdENTITy PROTECTION
TEChNOlOgy (IPT) wITh PUBlIC
kEy INFRASTRUCTURE (PkI)2
bull VIRUS PROTECTION
bull MAlwARE PREVENTION
bull SECURE ACCESS
bull dATA PROTECTION
ONSITEON-ThE-gO
UP TO 400
PERCENT FASTER
dATA ENCRyPTION
INTEl AdVANCEd ENCRyPTION
STANdARd NEw INSTRUCTIONS
(INTEl AES-NI)3
10052012 2050 Twist 235
computerweeklycom 30 October - 5 November 2012 7
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 security report card
In the run-up to the launch of Microsoftrsquos Windows 8 much has been said about the new user interface because on the
surface Windows 8 looks very different to anything Microsoft has done before
But is that true when it comes to security If Microsoft is to win back the enterprise as it goes in pursuit of tablets and other mobile devices security is an important factor
embedded hardware securityOne of the most important developments in Windows 8 is Microsoftrsquos decision to focus on active embedded hardware security
This move comes in response to a rapidly changing cyber landscape marked by the threat of sophisticated boot sector viruses compliance with data protection laws an increasingly mobile workforce and porous network perimeters according to Brian Berger executive vice-president of marketing and sales at Wave Systems
Microsoftrsquos decision brings the Trusted Platform Module (TPM) and optional use of self-encrypting drives (SEDs) into the main-stream for enterprises
ldquoHardware-based security becomes even more pervasive in broader platform types and a very real and cost-effective option for securing business continuity and datardquo said Berger ldquoIt also represents a powerful endorsement of open industry standards for
hardware embedded securityrdquoWith advances in malware detection mod-
ern authentication for network access and encryption Windows 8 will provide support for remote attestation by trusted third parties
ldquoThis supports the market need for plat-form level authentication and native support for SEDs as part of the OS Windows 8 plat-forms will include a TPM and optional SED support built into the OSrdquo said Berger
According to the Trusted Computing Group (TCG) ndash which published the TPM specifica-tion ndash the technology offers a cheaper and better alternative to software-based informa-tion security systems
The TCG of which Microsoft is a founder member claims the technology has reached tipping point with TPMs now in more than 600 million computing devices
While there has been third-party sup-port for SEDs on Windows XP Vista and Windows 7 Windows 8 will provide native support for SEDs as part of the OS
This means Windows 8 will have a built-in encryption key management capability for SEDs which offloads encryption processing to hardware
The active use of TPMs allows boot level security features to be implemented TPMs used in conjunction with the Windows 8 sup-ported hardened UEFI BIOS standard can also enable the enterprise to check the platformrsquos
Windows 8 is seen as an evolutionary jump for the operating system but is the security good enough to win back the enterprise Warwick Ashford reports
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
MIF
LIPP
OT
HIN
KSTO
CK
computerweeklycom 30 October - 5 November 2012 8
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
integrity that can be affected by malware in the pre-boot state ensuring the device has not been altered by malicious code
ldquoIt does this through hardware-protected measurements bound to the platform Software security fails to do thisrdquo said Berger
Seeing a commercial opportunity Wave Systems can provide software support for TPMs and SEDs to make it easier for enter-prises to implement these strategic security features on both Windows 7 and Windows 8
ldquoThe launch of the new OS brings fresh capability for the management of virtual smartcards and DirectAccessrdquo said Berger
This allows enterprise users to establish their identity using the machine as a token-for-network log on he said eliminating the need for multiple passwords which fail to live up to the current threats we face
The move to UEFI and TPM to enable trusted boot and to secure the boot chain is a huge step forward according to James Lyne director of technology strategy at Sophos
ldquoMaster boot record (MBR) loaders are undetectable by most anti-malware systems which has been painful so it is good to have a way of tackling it in the OSrdquo he said
However according to Lyne in releasing Windows 8 Microsoft has squandered the opportunity to address a well-known vulner-ability in the way its OS handles IPv6 traffic
Using a tool such as flood_router6 from the thc-ipv6 package a remote attacker can cause a denial of service or system hang by sending multiple router advertisement (RA) messages with different source addresses
Updating the routing tables and configuring IPv6 addresses requires 100 of processing resources If a network is flooded with random router announcements Windows and other operating systems struggle to update their routing tables causing systems to hang
Microsoft has not fixed this problem in Windows 8 said Lyne nor improved the certificate store and the management
of trust to reduce the vulnerability to rogue or compromised certificate authorities by using the TPM more and the ability to intercept and lock down fake certificates used by malware
Security gapsDifferences in the versions of Windows 8 could create security gaps said Lyne
There are three versions Windows 8 which is the ldquohomerdquo edition Windows 8 Pro which includes features for enterprises such as support for Hyper-V BitLocker a
virtual private network (VPN) client and group policy support and Windows RT which is built for ARM-powered devices such as low-powered tablets and lifestyle PC devices
ldquoMy worry is that enterprises and other users will treat them all the same when it comes to security but the risks are differentrdquo said Lyne Windows RT provides a much higher security standard for example as only approved apps will run
ldquoMicrosoft has adopted a similar approach to Apple in creating a walled gardenrdquo he said
For Microsoft to improve security Windows needs to make a break from the shackles of backward-compatibility he adds
ldquoThe rate at which enterprise users have moved to the iPad and similar devices dem-onstrates that enterprises are more willing to change doctrine in return for tangible ben-efits than Microsoft thinksrdquo he said
Lyne believes Microsoft should have pushed the walled garden approach of Windows RT into the other versions of the OS
ldquoWhile Windows 8 moves in the right direction in terms of security it is not that much different from Windows 7rdquo he said
Windows 8 security report card Has shown improvement but could do better There are still some areas that need work n
rsaquo Examining alternatives to Windows 8rsaquo Windows 8 ndash Beauty and the Beast
rsaquo Video interview Why develop for Windows 8
analysis
ldquothe launch of the neW os brings fresh capability for the management of virtual smartcards and directaccessrdquobrian berger Wave systems
computerweeklycom 30 October - 5 November 2012 9
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Case study
Staff at engineering consultancy Buro Happold spent a lot of time travelling until the company found a different way of collaborating Jennifer Scott reports
How video-conferencing saved time and money for one engineering firm
Buro Happold is a global engineering consultancy with 27 offices in seven countries Founded in Bath in south-
west England Buro Happold has 1500 staff worldwide and has worked on projects rang-ing from the O2 in London to the Louvre in Abu Dhabi
However even the most successful busi-ness has its issues For Buro Happold the distance between offices and the time employees spent travelling between them was causing problems
ldquoSome see it as a standard problem of the worklife balancerdquo said Jason Kane IT operations manager for the firm ldquoAll the commuting travel getting to the airport and losing those hours was an issue for usrdquo
Travelling costs were substantial and a lot of engineersrsquo time was spent in transit
Buro Happold decided it needed to revamp its video-conferencing capabilities to save time and make the company more produc-tive It already had a video system in place but it was low-definition and being only room-based could not helping employees already on the move
Choosing a supplierAfter speaking to a number of suppliers the company opted for Polycom
ldquoWe looked at Cisco and Tandberg before deciding on Polycomrdquo said Kane ldquoWe had an office communications server (OCS) but we were just using it for instant messaging so we knew it had much more to give
ldquoThe compatibility with OCS ended up one of the main reasons we went with Polycomrdquo
Polycom provided Buro Happold with two RMX bridges to work as a base platform for the video-conferencing service It provided every member of staff with their own unique virtual meeting number meaning they could use the system regardless of location
Will video conferencing
find its business
market in 2012
Polycom breaks down
barriers to adopting video
conferencing
ldquoOur employees can use the updated room systems to have a point-to-point call they can do a direct call from their desk they can even create a virtual meeting room in a Microsoft Lync windowrdquo said Kane
ldquoWe have provided end points web cam-eras and screens with built-in web cams and everyone has a headset nowrdquo
More than 90 of staff now use the sys-tem In August 2012 7500 calls were made showing great enthusiasm from employees
ldquoThere has been a ripple effect in adop-tionrdquo said Kane ldquoWe have a highly skilled workforce who are often challenging us to move forward
ldquoWith the likes of Skype ndash that has been around for years ndash and the fact they have been going to external systems such as Citrixrsquos GoToMeeting meant it wasnrsquot diffi-cult for them to use
ldquoHowever we found the ripple effect because different people in different loca-tions began to use it and the more people who used it the more were drawn inrdquo
video conferencing cut travel costs and time spent in transit
computerweeklycom 30 October - 5 November 2012 10
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
being developed for the devicesldquoWhen it comes to bring your own device
(BYOD) we donrsquot want to say no so it is about taking that technology and changing the business to fit with itrdquo
Apple vs MicrosoftKane and his team are currently debating whether to get a corporate iPhone contract with Apple or look to Microsoft and its new Windows Phone 8 mobile operating sys-tem available on handsets from the likes of Nokia and HTC
ldquoWith Windows Phone 8 sharing so much with Windows it is quite appealing and there is no ruling out Microsoft at this stagerdquo Kane said
As well as the mobile device route Buro Happold is also encouraging its partners to use the system as bringing as many parts of the ecosystem onto video-conferencing as possible will increase productivity
ldquoClients are now required to have Microsoft Lync to work with us and we are immediately seeing the benefitsrdquo said Kane n
Educating usersIt wasnrsquot all plain sailing though Staff proved keen to use the system in ways they saw fit rather than what it was designed for
ldquoThe one thing I learned from this experi-ence was in terms of communication and trainingrdquo admitted Kane ldquoIf you try and pre-empt how users use the system they will use it in a different wayrdquo
ldquoWe learned that the hard way and had to follow up with a lot of lunchtime briefings as
well as spending a lot of time refining a one-page document explaining how to use itrdquo
He added ldquoThe technology worked beauti-fully but getting people to understand how to use it and what it is for that was the chal-lenge and the one bit of advice Irsquod give is to prepare for thatrdquo
The benefits seemed to outweigh this one negative though with the company reducing its CO2 emissions making meetings more efficient and saving money in the process
Now Buro Happold is looking at extending the Polycom system to mobile devices ena-bling employ-ees to use it on
iPads and mobile phones as well as laptops desktops and the room systems
ldquoWe are trialling the iPad system with a small footprint at the moment including the CEO as we do see that as the next big thingrdquo said Kane ldquoWe are traditionally a BlackBerry house but we are making a shift away because there are hardly any business apps
rsaquo Which video conferencing gives best valuersaquo Video conferencing interoperability issues
rsaquo Questions to ask about video conferencing
ldquothe technology Worked beautifully but getting people to understand hoW to use it and What it is for that Was the challengerdquo
Case study
buro Happold now requires clients to use Microsoft lync to do business
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 7
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
analysis
Windows 8 security report card
In the run-up to the launch of Microsoftrsquos Windows 8 much has been said about the new user interface because on the
surface Windows 8 looks very different to anything Microsoft has done before
But is that true when it comes to security If Microsoft is to win back the enterprise as it goes in pursuit of tablets and other mobile devices security is an important factor
embedded hardware securityOne of the most important developments in Windows 8 is Microsoftrsquos decision to focus on active embedded hardware security
This move comes in response to a rapidly changing cyber landscape marked by the threat of sophisticated boot sector viruses compliance with data protection laws an increasingly mobile workforce and porous network perimeters according to Brian Berger executive vice-president of marketing and sales at Wave Systems
Microsoftrsquos decision brings the Trusted Platform Module (TPM) and optional use of self-encrypting drives (SEDs) into the main-stream for enterprises
ldquoHardware-based security becomes even more pervasive in broader platform types and a very real and cost-effective option for securing business continuity and datardquo said Berger ldquoIt also represents a powerful endorsement of open industry standards for
hardware embedded securityrdquoWith advances in malware detection mod-
ern authentication for network access and encryption Windows 8 will provide support for remote attestation by trusted third parties
ldquoThis supports the market need for plat-form level authentication and native support for SEDs as part of the OS Windows 8 plat-forms will include a TPM and optional SED support built into the OSrdquo said Berger
According to the Trusted Computing Group (TCG) ndash which published the TPM specifica-tion ndash the technology offers a cheaper and better alternative to software-based informa-tion security systems
The TCG of which Microsoft is a founder member claims the technology has reached tipping point with TPMs now in more than 600 million computing devices
While there has been third-party sup-port for SEDs on Windows XP Vista and Windows 7 Windows 8 will provide native support for SEDs as part of the OS
This means Windows 8 will have a built-in encryption key management capability for SEDs which offloads encryption processing to hardware
The active use of TPMs allows boot level security features to be implemented TPMs used in conjunction with the Windows 8 sup-ported hardened UEFI BIOS standard can also enable the enterprise to check the platformrsquos
Windows 8 is seen as an evolutionary jump for the operating system but is the security good enough to win back the enterprise Warwick Ashford reports
Developing software for
Windows 8
CW Buyerrsquos Guide
Windows 8
MIF
LIPP
OT
HIN
KSTO
CK
computerweeklycom 30 October - 5 November 2012 8
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
integrity that can be affected by malware in the pre-boot state ensuring the device has not been altered by malicious code
ldquoIt does this through hardware-protected measurements bound to the platform Software security fails to do thisrdquo said Berger
Seeing a commercial opportunity Wave Systems can provide software support for TPMs and SEDs to make it easier for enter-prises to implement these strategic security features on both Windows 7 and Windows 8
ldquoThe launch of the new OS brings fresh capability for the management of virtual smartcards and DirectAccessrdquo said Berger
This allows enterprise users to establish their identity using the machine as a token-for-network log on he said eliminating the need for multiple passwords which fail to live up to the current threats we face
The move to UEFI and TPM to enable trusted boot and to secure the boot chain is a huge step forward according to James Lyne director of technology strategy at Sophos
ldquoMaster boot record (MBR) loaders are undetectable by most anti-malware systems which has been painful so it is good to have a way of tackling it in the OSrdquo he said
However according to Lyne in releasing Windows 8 Microsoft has squandered the opportunity to address a well-known vulner-ability in the way its OS handles IPv6 traffic
Using a tool such as flood_router6 from the thc-ipv6 package a remote attacker can cause a denial of service or system hang by sending multiple router advertisement (RA) messages with different source addresses
Updating the routing tables and configuring IPv6 addresses requires 100 of processing resources If a network is flooded with random router announcements Windows and other operating systems struggle to update their routing tables causing systems to hang
Microsoft has not fixed this problem in Windows 8 said Lyne nor improved the certificate store and the management
of trust to reduce the vulnerability to rogue or compromised certificate authorities by using the TPM more and the ability to intercept and lock down fake certificates used by malware
Security gapsDifferences in the versions of Windows 8 could create security gaps said Lyne
There are three versions Windows 8 which is the ldquohomerdquo edition Windows 8 Pro which includes features for enterprises such as support for Hyper-V BitLocker a
virtual private network (VPN) client and group policy support and Windows RT which is built for ARM-powered devices such as low-powered tablets and lifestyle PC devices
ldquoMy worry is that enterprises and other users will treat them all the same when it comes to security but the risks are differentrdquo said Lyne Windows RT provides a much higher security standard for example as only approved apps will run
ldquoMicrosoft has adopted a similar approach to Apple in creating a walled gardenrdquo he said
For Microsoft to improve security Windows needs to make a break from the shackles of backward-compatibility he adds
ldquoThe rate at which enterprise users have moved to the iPad and similar devices dem-onstrates that enterprises are more willing to change doctrine in return for tangible ben-efits than Microsoft thinksrdquo he said
Lyne believes Microsoft should have pushed the walled garden approach of Windows RT into the other versions of the OS
ldquoWhile Windows 8 moves in the right direction in terms of security it is not that much different from Windows 7rdquo he said
Windows 8 security report card Has shown improvement but could do better There are still some areas that need work n
rsaquo Examining alternatives to Windows 8rsaquo Windows 8 ndash Beauty and the Beast
rsaquo Video interview Why develop for Windows 8
analysis
ldquothe launch of the neW os brings fresh capability for the management of virtual smartcards and directaccessrdquobrian berger Wave systems
computerweeklycom 30 October - 5 November 2012 9
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Case study
Staff at engineering consultancy Buro Happold spent a lot of time travelling until the company found a different way of collaborating Jennifer Scott reports
How video-conferencing saved time and money for one engineering firm
Buro Happold is a global engineering consultancy with 27 offices in seven countries Founded in Bath in south-
west England Buro Happold has 1500 staff worldwide and has worked on projects rang-ing from the O2 in London to the Louvre in Abu Dhabi
However even the most successful busi-ness has its issues For Buro Happold the distance between offices and the time employees spent travelling between them was causing problems
ldquoSome see it as a standard problem of the worklife balancerdquo said Jason Kane IT operations manager for the firm ldquoAll the commuting travel getting to the airport and losing those hours was an issue for usrdquo
Travelling costs were substantial and a lot of engineersrsquo time was spent in transit
Buro Happold decided it needed to revamp its video-conferencing capabilities to save time and make the company more produc-tive It already had a video system in place but it was low-definition and being only room-based could not helping employees already on the move
Choosing a supplierAfter speaking to a number of suppliers the company opted for Polycom
ldquoWe looked at Cisco and Tandberg before deciding on Polycomrdquo said Kane ldquoWe had an office communications server (OCS) but we were just using it for instant messaging so we knew it had much more to give
ldquoThe compatibility with OCS ended up one of the main reasons we went with Polycomrdquo
Polycom provided Buro Happold with two RMX bridges to work as a base platform for the video-conferencing service It provided every member of staff with their own unique virtual meeting number meaning they could use the system regardless of location
Will video conferencing
find its business
market in 2012
Polycom breaks down
barriers to adopting video
conferencing
ldquoOur employees can use the updated room systems to have a point-to-point call they can do a direct call from their desk they can even create a virtual meeting room in a Microsoft Lync windowrdquo said Kane
ldquoWe have provided end points web cam-eras and screens with built-in web cams and everyone has a headset nowrdquo
More than 90 of staff now use the sys-tem In August 2012 7500 calls were made showing great enthusiasm from employees
ldquoThere has been a ripple effect in adop-tionrdquo said Kane ldquoWe have a highly skilled workforce who are often challenging us to move forward
ldquoWith the likes of Skype ndash that has been around for years ndash and the fact they have been going to external systems such as Citrixrsquos GoToMeeting meant it wasnrsquot diffi-cult for them to use
ldquoHowever we found the ripple effect because different people in different loca-tions began to use it and the more people who used it the more were drawn inrdquo
video conferencing cut travel costs and time spent in transit
computerweeklycom 30 October - 5 November 2012 10
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
being developed for the devicesldquoWhen it comes to bring your own device
(BYOD) we donrsquot want to say no so it is about taking that technology and changing the business to fit with itrdquo
Apple vs MicrosoftKane and his team are currently debating whether to get a corporate iPhone contract with Apple or look to Microsoft and its new Windows Phone 8 mobile operating sys-tem available on handsets from the likes of Nokia and HTC
ldquoWith Windows Phone 8 sharing so much with Windows it is quite appealing and there is no ruling out Microsoft at this stagerdquo Kane said
As well as the mobile device route Buro Happold is also encouraging its partners to use the system as bringing as many parts of the ecosystem onto video-conferencing as possible will increase productivity
ldquoClients are now required to have Microsoft Lync to work with us and we are immediately seeing the benefitsrdquo said Kane n
Educating usersIt wasnrsquot all plain sailing though Staff proved keen to use the system in ways they saw fit rather than what it was designed for
ldquoThe one thing I learned from this experi-ence was in terms of communication and trainingrdquo admitted Kane ldquoIf you try and pre-empt how users use the system they will use it in a different wayrdquo
ldquoWe learned that the hard way and had to follow up with a lot of lunchtime briefings as
well as spending a lot of time refining a one-page document explaining how to use itrdquo
He added ldquoThe technology worked beauti-fully but getting people to understand how to use it and what it is for that was the chal-lenge and the one bit of advice Irsquod give is to prepare for thatrdquo
The benefits seemed to outweigh this one negative though with the company reducing its CO2 emissions making meetings more efficient and saving money in the process
Now Buro Happold is looking at extending the Polycom system to mobile devices ena-bling employ-ees to use it on
iPads and mobile phones as well as laptops desktops and the room systems
ldquoWe are trialling the iPad system with a small footprint at the moment including the CEO as we do see that as the next big thingrdquo said Kane ldquoWe are traditionally a BlackBerry house but we are making a shift away because there are hardly any business apps
rsaquo Which video conferencing gives best valuersaquo Video conferencing interoperability issues
rsaquo Questions to ask about video conferencing
ldquothe technology Worked beautifully but getting people to understand hoW to use it and What it is for that Was the challengerdquo
Case study
buro Happold now requires clients to use Microsoft lync to do business
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 8
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
integrity that can be affected by malware in the pre-boot state ensuring the device has not been altered by malicious code
ldquoIt does this through hardware-protected measurements bound to the platform Software security fails to do thisrdquo said Berger
Seeing a commercial opportunity Wave Systems can provide software support for TPMs and SEDs to make it easier for enter-prises to implement these strategic security features on both Windows 7 and Windows 8
ldquoThe launch of the new OS brings fresh capability for the management of virtual smartcards and DirectAccessrdquo said Berger
This allows enterprise users to establish their identity using the machine as a token-for-network log on he said eliminating the need for multiple passwords which fail to live up to the current threats we face
The move to UEFI and TPM to enable trusted boot and to secure the boot chain is a huge step forward according to James Lyne director of technology strategy at Sophos
ldquoMaster boot record (MBR) loaders are undetectable by most anti-malware systems which has been painful so it is good to have a way of tackling it in the OSrdquo he said
However according to Lyne in releasing Windows 8 Microsoft has squandered the opportunity to address a well-known vulner-ability in the way its OS handles IPv6 traffic
Using a tool such as flood_router6 from the thc-ipv6 package a remote attacker can cause a denial of service or system hang by sending multiple router advertisement (RA) messages with different source addresses
Updating the routing tables and configuring IPv6 addresses requires 100 of processing resources If a network is flooded with random router announcements Windows and other operating systems struggle to update their routing tables causing systems to hang
Microsoft has not fixed this problem in Windows 8 said Lyne nor improved the certificate store and the management
of trust to reduce the vulnerability to rogue or compromised certificate authorities by using the TPM more and the ability to intercept and lock down fake certificates used by malware
Security gapsDifferences in the versions of Windows 8 could create security gaps said Lyne
There are three versions Windows 8 which is the ldquohomerdquo edition Windows 8 Pro which includes features for enterprises such as support for Hyper-V BitLocker a
virtual private network (VPN) client and group policy support and Windows RT which is built for ARM-powered devices such as low-powered tablets and lifestyle PC devices
ldquoMy worry is that enterprises and other users will treat them all the same when it comes to security but the risks are differentrdquo said Lyne Windows RT provides a much higher security standard for example as only approved apps will run
ldquoMicrosoft has adopted a similar approach to Apple in creating a walled gardenrdquo he said
For Microsoft to improve security Windows needs to make a break from the shackles of backward-compatibility he adds
ldquoThe rate at which enterprise users have moved to the iPad and similar devices dem-onstrates that enterprises are more willing to change doctrine in return for tangible ben-efits than Microsoft thinksrdquo he said
Lyne believes Microsoft should have pushed the walled garden approach of Windows RT into the other versions of the OS
ldquoWhile Windows 8 moves in the right direction in terms of security it is not that much different from Windows 7rdquo he said
Windows 8 security report card Has shown improvement but could do better There are still some areas that need work n
rsaquo Examining alternatives to Windows 8rsaquo Windows 8 ndash Beauty and the Beast
rsaquo Video interview Why develop for Windows 8
analysis
ldquothe launch of the neW os brings fresh capability for the management of virtual smartcards and directaccessrdquobrian berger Wave systems
computerweeklycom 30 October - 5 November 2012 9
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Case study
Staff at engineering consultancy Buro Happold spent a lot of time travelling until the company found a different way of collaborating Jennifer Scott reports
How video-conferencing saved time and money for one engineering firm
Buro Happold is a global engineering consultancy with 27 offices in seven countries Founded in Bath in south-
west England Buro Happold has 1500 staff worldwide and has worked on projects rang-ing from the O2 in London to the Louvre in Abu Dhabi
However even the most successful busi-ness has its issues For Buro Happold the distance between offices and the time employees spent travelling between them was causing problems
ldquoSome see it as a standard problem of the worklife balancerdquo said Jason Kane IT operations manager for the firm ldquoAll the commuting travel getting to the airport and losing those hours was an issue for usrdquo
Travelling costs were substantial and a lot of engineersrsquo time was spent in transit
Buro Happold decided it needed to revamp its video-conferencing capabilities to save time and make the company more produc-tive It already had a video system in place but it was low-definition and being only room-based could not helping employees already on the move
Choosing a supplierAfter speaking to a number of suppliers the company opted for Polycom
ldquoWe looked at Cisco and Tandberg before deciding on Polycomrdquo said Kane ldquoWe had an office communications server (OCS) but we were just using it for instant messaging so we knew it had much more to give
ldquoThe compatibility with OCS ended up one of the main reasons we went with Polycomrdquo
Polycom provided Buro Happold with two RMX bridges to work as a base platform for the video-conferencing service It provided every member of staff with their own unique virtual meeting number meaning they could use the system regardless of location
Will video conferencing
find its business
market in 2012
Polycom breaks down
barriers to adopting video
conferencing
ldquoOur employees can use the updated room systems to have a point-to-point call they can do a direct call from their desk they can even create a virtual meeting room in a Microsoft Lync windowrdquo said Kane
ldquoWe have provided end points web cam-eras and screens with built-in web cams and everyone has a headset nowrdquo
More than 90 of staff now use the sys-tem In August 2012 7500 calls were made showing great enthusiasm from employees
ldquoThere has been a ripple effect in adop-tionrdquo said Kane ldquoWe have a highly skilled workforce who are often challenging us to move forward
ldquoWith the likes of Skype ndash that has been around for years ndash and the fact they have been going to external systems such as Citrixrsquos GoToMeeting meant it wasnrsquot diffi-cult for them to use
ldquoHowever we found the ripple effect because different people in different loca-tions began to use it and the more people who used it the more were drawn inrdquo
video conferencing cut travel costs and time spent in transit
computerweeklycom 30 October - 5 November 2012 10
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
being developed for the devicesldquoWhen it comes to bring your own device
(BYOD) we donrsquot want to say no so it is about taking that technology and changing the business to fit with itrdquo
Apple vs MicrosoftKane and his team are currently debating whether to get a corporate iPhone contract with Apple or look to Microsoft and its new Windows Phone 8 mobile operating sys-tem available on handsets from the likes of Nokia and HTC
ldquoWith Windows Phone 8 sharing so much with Windows it is quite appealing and there is no ruling out Microsoft at this stagerdquo Kane said
As well as the mobile device route Buro Happold is also encouraging its partners to use the system as bringing as many parts of the ecosystem onto video-conferencing as possible will increase productivity
ldquoClients are now required to have Microsoft Lync to work with us and we are immediately seeing the benefitsrdquo said Kane n
Educating usersIt wasnrsquot all plain sailing though Staff proved keen to use the system in ways they saw fit rather than what it was designed for
ldquoThe one thing I learned from this experi-ence was in terms of communication and trainingrdquo admitted Kane ldquoIf you try and pre-empt how users use the system they will use it in a different wayrdquo
ldquoWe learned that the hard way and had to follow up with a lot of lunchtime briefings as
well as spending a lot of time refining a one-page document explaining how to use itrdquo
He added ldquoThe technology worked beauti-fully but getting people to understand how to use it and what it is for that was the chal-lenge and the one bit of advice Irsquod give is to prepare for thatrdquo
The benefits seemed to outweigh this one negative though with the company reducing its CO2 emissions making meetings more efficient and saving money in the process
Now Buro Happold is looking at extending the Polycom system to mobile devices ena-bling employ-ees to use it on
iPads and mobile phones as well as laptops desktops and the room systems
ldquoWe are trialling the iPad system with a small footprint at the moment including the CEO as we do see that as the next big thingrdquo said Kane ldquoWe are traditionally a BlackBerry house but we are making a shift away because there are hardly any business apps
rsaquo Which video conferencing gives best valuersaquo Video conferencing interoperability issues
rsaquo Questions to ask about video conferencing
ldquothe technology Worked beautifully but getting people to understand hoW to use it and What it is for that Was the challengerdquo
Case study
buro Happold now requires clients to use Microsoft lync to do business
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 9
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Case study
Staff at engineering consultancy Buro Happold spent a lot of time travelling until the company found a different way of collaborating Jennifer Scott reports
How video-conferencing saved time and money for one engineering firm
Buro Happold is a global engineering consultancy with 27 offices in seven countries Founded in Bath in south-
west England Buro Happold has 1500 staff worldwide and has worked on projects rang-ing from the O2 in London to the Louvre in Abu Dhabi
However even the most successful busi-ness has its issues For Buro Happold the distance between offices and the time employees spent travelling between them was causing problems
ldquoSome see it as a standard problem of the worklife balancerdquo said Jason Kane IT operations manager for the firm ldquoAll the commuting travel getting to the airport and losing those hours was an issue for usrdquo
Travelling costs were substantial and a lot of engineersrsquo time was spent in transit
Buro Happold decided it needed to revamp its video-conferencing capabilities to save time and make the company more produc-tive It already had a video system in place but it was low-definition and being only room-based could not helping employees already on the move
Choosing a supplierAfter speaking to a number of suppliers the company opted for Polycom
ldquoWe looked at Cisco and Tandberg before deciding on Polycomrdquo said Kane ldquoWe had an office communications server (OCS) but we were just using it for instant messaging so we knew it had much more to give
ldquoThe compatibility with OCS ended up one of the main reasons we went with Polycomrdquo
Polycom provided Buro Happold with two RMX bridges to work as a base platform for the video-conferencing service It provided every member of staff with their own unique virtual meeting number meaning they could use the system regardless of location
Will video conferencing
find its business
market in 2012
Polycom breaks down
barriers to adopting video
conferencing
ldquoOur employees can use the updated room systems to have a point-to-point call they can do a direct call from their desk they can even create a virtual meeting room in a Microsoft Lync windowrdquo said Kane
ldquoWe have provided end points web cam-eras and screens with built-in web cams and everyone has a headset nowrdquo
More than 90 of staff now use the sys-tem In August 2012 7500 calls were made showing great enthusiasm from employees
ldquoThere has been a ripple effect in adop-tionrdquo said Kane ldquoWe have a highly skilled workforce who are often challenging us to move forward
ldquoWith the likes of Skype ndash that has been around for years ndash and the fact they have been going to external systems such as Citrixrsquos GoToMeeting meant it wasnrsquot diffi-cult for them to use
ldquoHowever we found the ripple effect because different people in different loca-tions began to use it and the more people who used it the more were drawn inrdquo
video conferencing cut travel costs and time spent in transit
computerweeklycom 30 October - 5 November 2012 10
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
being developed for the devicesldquoWhen it comes to bring your own device
(BYOD) we donrsquot want to say no so it is about taking that technology and changing the business to fit with itrdquo
Apple vs MicrosoftKane and his team are currently debating whether to get a corporate iPhone contract with Apple or look to Microsoft and its new Windows Phone 8 mobile operating sys-tem available on handsets from the likes of Nokia and HTC
ldquoWith Windows Phone 8 sharing so much with Windows it is quite appealing and there is no ruling out Microsoft at this stagerdquo Kane said
As well as the mobile device route Buro Happold is also encouraging its partners to use the system as bringing as many parts of the ecosystem onto video-conferencing as possible will increase productivity
ldquoClients are now required to have Microsoft Lync to work with us and we are immediately seeing the benefitsrdquo said Kane n
Educating usersIt wasnrsquot all plain sailing though Staff proved keen to use the system in ways they saw fit rather than what it was designed for
ldquoThe one thing I learned from this experi-ence was in terms of communication and trainingrdquo admitted Kane ldquoIf you try and pre-empt how users use the system they will use it in a different wayrdquo
ldquoWe learned that the hard way and had to follow up with a lot of lunchtime briefings as
well as spending a lot of time refining a one-page document explaining how to use itrdquo
He added ldquoThe technology worked beauti-fully but getting people to understand how to use it and what it is for that was the chal-lenge and the one bit of advice Irsquod give is to prepare for thatrdquo
The benefits seemed to outweigh this one negative though with the company reducing its CO2 emissions making meetings more efficient and saving money in the process
Now Buro Happold is looking at extending the Polycom system to mobile devices ena-bling employ-ees to use it on
iPads and mobile phones as well as laptops desktops and the room systems
ldquoWe are trialling the iPad system with a small footprint at the moment including the CEO as we do see that as the next big thingrdquo said Kane ldquoWe are traditionally a BlackBerry house but we are making a shift away because there are hardly any business apps
rsaquo Which video conferencing gives best valuersaquo Video conferencing interoperability issues
rsaquo Questions to ask about video conferencing
ldquothe technology Worked beautifully but getting people to understand hoW to use it and What it is for that Was the challengerdquo
Case study
buro Happold now requires clients to use Microsoft lync to do business
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 10
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
being developed for the devicesldquoWhen it comes to bring your own device
(BYOD) we donrsquot want to say no so it is about taking that technology and changing the business to fit with itrdquo
Apple vs MicrosoftKane and his team are currently debating whether to get a corporate iPhone contract with Apple or look to Microsoft and its new Windows Phone 8 mobile operating sys-tem available on handsets from the likes of Nokia and HTC
ldquoWith Windows Phone 8 sharing so much with Windows it is quite appealing and there is no ruling out Microsoft at this stagerdquo Kane said
As well as the mobile device route Buro Happold is also encouraging its partners to use the system as bringing as many parts of the ecosystem onto video-conferencing as possible will increase productivity
ldquoClients are now required to have Microsoft Lync to work with us and we are immediately seeing the benefitsrdquo said Kane n
Educating usersIt wasnrsquot all plain sailing though Staff proved keen to use the system in ways they saw fit rather than what it was designed for
ldquoThe one thing I learned from this experi-ence was in terms of communication and trainingrdquo admitted Kane ldquoIf you try and pre-empt how users use the system they will use it in a different wayrdquo
ldquoWe learned that the hard way and had to follow up with a lot of lunchtime briefings as
well as spending a lot of time refining a one-page document explaining how to use itrdquo
He added ldquoThe technology worked beauti-fully but getting people to understand how to use it and what it is for that was the chal-lenge and the one bit of advice Irsquod give is to prepare for thatrdquo
The benefits seemed to outweigh this one negative though with the company reducing its CO2 emissions making meetings more efficient and saving money in the process
Now Buro Happold is looking at extending the Polycom system to mobile devices ena-bling employ-ees to use it on
iPads and mobile phones as well as laptops desktops and the room systems
ldquoWe are trialling the iPad system with a small footprint at the moment including the CEO as we do see that as the next big thingrdquo said Kane ldquoWe are traditionally a BlackBerry house but we are making a shift away because there are hardly any business apps
rsaquo Which video conferencing gives best valuersaquo Video conferencing interoperability issues
rsaquo Questions to ask about video conferencing
ldquothe technology Worked beautifully but getting people to understand hoW to use it and What it is for that Was the challengerdquo
Case study
buro Happold now requires clients to use Microsoft lync to do business
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
httpeuacronisinfocom
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 12
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
inteRView
Accenturersquos CIO talks about adopting video technology to reduce travel and managing IT in a company full of IT experts Karl Flinders reports
Being IT leader in a company with a quarter of a million potential CIOs
Frank Modruson joined Accenture in 1987 He worked initially as an analyst on complex IT projects at customers
For the last 10 years he has been Accen-turersquos CIO responsible for the outsourcing giantrsquos own IT operation
Modruson says as an outsourcing service provider the company eats what it sells
ldquoWe outsource IT to Accenture and use the same capabilities as our customersrdquo he says All internal IT is completed by the dif-ferent customer-facing parts of Accenturersquos outsourcing business
ldquoWe aggressively apply the best practices we recommend to customers to ourselves
ldquoWhere Accenture has the capability we outsource to it If we donrsquot we outsource to a third-partyrdquo Modruson says
Like its customers Accenture outsources the operations of IT to different delivery units but the internal IT team retain con-trol of things like strategy and planning Accenturersquos internal IT team is approxi-mately 450 people
Getting the most out of this team by ensuring that IT staff are used and developed in the best way to benefit the company along with helping the business do more is a key challenge for his role he says But Modruson says his main technology focus is video
ldquoA big area for me today is driving video adoption to help us reduce travel and how we use locations
ldquoThe next two to four years will be all about videordquo he says This is part of the companyrsquos plan to become a virtual corporation in terms of the use of video
Video is a genuine business toolPlummeting connectivity prices has made video a genuine business tool
ldquoThe cost of video is dropping and it is becoming so inexpensive to communicate
via videordquo says ModrusonAccenture now uses video in both its
internal operations and its services business Through video it can deploy consultants to clients in a more cost-effective way
ldquoOur clients love being able to meet experts without flying out for a one-hour meetingrdquo he says
frank Modruson accenture
Will video conferencing
find its business
market in 2012
UK calls for video-
conferencing standard
ldquoour clients love being able to meet experts Without flying out for a one-hour meetingrdquo
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 13
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
desktop virtualisation is a very effective and fast way of doing so
ldquoIt is a way to get to the same situation quicklyldquo he says
On cloud computing Modruson says about 80 of 500 applications are in the cloud as a service but the company will move more and more to the cloud when it becomes appropriate
Back seat driversModruson supports IT for a company that has 257000 people all of whom are potential CIOs
ldquoThe most common background of CIOs I meet are ex-Accenture consultantsrdquo he says
Although this means that his job will be heavily scrutinised he says it is also a great benefit
ldquoI get a lot of free advicerdquo he saysldquoIt is great because we have an organisa-
tion and individuals that are excited about technology which challenges and pushes us A demanding customer is the best you can have because they tell you what they need and what works
ldquoTelling me nice stuff is fine but the com-plaints are very valuablerdquo
In his role Modruson also supports Accenturersquos delivery business with advice and also communicates with its CIO customers
ldquoCustomers are curious about how we solve problems and we share that informa-tion with themrdquo n
Businesses should take a look at how con-sumers are using video ldquoWe have it at home but we have not yet brought it into the workplace But itrsquos comingrdquo says Modruson
ldquoTen years ago doing what you do on Skype would have cost thousands of dol-lars Now it is on everyonersquos desktop and is almost freerdquo he says
Modruson says video is a more effective way to communicate than telephone ldquoWe have had the phone for years but what is missing are the visual cuesrdquo
Accenture has been using video for internal meetings for years ldquoWe have an IT steering committee that used to get together twice a year for one-day sessions They have not met in person since 2007
ldquoWe save a lot of money We have one project where the savings in travel was 20 times the investment in video It paid for itself in less than a monthrdquo
Accenture has over 100000 video end-accounts in its internal business
Video is the current drive for Accenturersquos IT department because industry buzzwords like server virtualisation flexible working desk-top virtualisation bring-your-own-device (BYOD) and the cloud are already in hand
Accenture has 98 of its servers virtual-ised has been doing BYOD since the iPhone 2 and has 115000 devices registered in its programme
On flexible working Modruson says ldquoAccenture has been doing it so long we forget itrsquos coolrdquo
When it comes to desktop virtualisation Modruson says Accenture does not do it
simply because it does not need it
ldquoI do not need
virtual desktops because in 2001 my predecessor decided to move to browser-based applicationsrdquo he said He added if he bumped into that person today he would give himher a big hug
With desktop virtualisation ldquoyou end up with two computers versus onerdquo he says
But he adds that if an organisation has not got the functionality required to enable applications to be accessed anywhere
rsaquo BT teams with Dolby for video conferencingrsaquo Selling video collaboration Where to start
rsaquo Tools to improve wireless video performance
ldquoWe save a lot of money We have one project Where the savings in travel Was 20 times the investment in video it paid for itself in less than a monthrdquo
inteRView
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 14
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
editoRrsquos Comment
Microsoftrsquos future is likely to come from back-office strengths
Despite the hype about iPad minis the most sig-nificant launch of the week for IT managers was the release of Windows 8 Unlike Applersquos ldquotop
secret but with leaksrdquo approach we know pretty much everything about Windows 8 already
We know combining a new touch-oriented interface with the conventional method will confuse a lot of users
We know it is going to present challenges for software developers who have the ARM-based Windows RT ver-sion for tablets to consider too
And we know it is going to be scrutinised more than ever as to whether it is good enough to attract con-sumer sales away from the iPad as the bring-your-own-device (BYOD) trend continues in the workplace
There is no denying that Windows 8 is going to be an attractive option for IT managers looking to eliminate the complexity of multiple environments but more is expected of our technology these days
It would be a more significant move if Microsoft were to release Office for iOS and Android and also an Active Directory client for those tablet environments Increasingly the corporate commitment to Microsoft comes less from the Windows PC and more from Windows Server Active Directory SharePoint and other back-office infrastructure ndash and from the integration between Office and those products
Companies that look to tablets for line-of-business applications are going to tend towards Surface or its Windows 8 alternatives In areas like healthcare educa-tion or field sales integration with the corporate envi-ronment is a winner and users would not expect such devices to be used in their personal life
But for the general purpose user computing envi-ronment where employees want to have a dual-use machine that is also their personal device they are less likely to be swayed by an IT manager telling them itrsquos better for the company if they choose Windows
Windows 8 for all its cross-platform standardisation is unlikely to be the core of Microsoftrsquos continued suc-cess in business Microsoftrsquos future area of dominance is increasingly going to be back-office based n
Bryan GlickEditor in chief
Computer WeeklyComputerWeeklycom1st Floor 3-4a Little Portland Street London
W1W 7JB
general enquiries
020 7186 1400
eDitorial
editor in chief bryan glick 020 7186 1424
bglicktechtargetcom
Managing editor (technology) cliff saran 020 7186 1421
csarantechtargetcom
Head of premium content bill goodwin 020 7186 1418
wgoodwintechtargetcom
services editor Karl flinders 020 7186 1423
kflinderstechtargetcom
security editor Warwick ashford 020 7186 1419
washfordtechtargetcom
networking editor Jennifer scott020 7186 1404
jscotttechtargetcom
senior reporter Kathleen Hall 020 7186 1426
khalltechtargetcom
special projects editor Kayleigh bateman020 7186 1415
kbatemantechtargetcom
Datacentre editor archana venkatraman020 7186 1411
avenkatramantechtargetcom
storage editor antony adshead07779 038528
aadsheadtechtargetcom
business applications editor brian McKenna 020 7186 1414
bmckennatechtargetcom
editorial content assistant caroline baldwin 020 7186 1425
cbaldwintechtargetcom
production editor claire cormack 020 7186 1417
ccormacktechtargetcom
senior sub-editor Jason foster 020 7186 1420
jfostertechtargetcom
sub-editor philip Jones020 7186 1416
pjonestechtargetcom
Display aDvertising
sales director brent boswell 07584 311889
bboswelltechtargetcom
group events manager chris Hepple 07826 511161
cheppletechtargetcom
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 15
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
opinion
CIOs frequently play the dual role of technology owner and business architect ndash Alex Peters outlines how to develop business technology governance practices
Forrester Five important guidelines for business technology governance
Forrester believes good IT governance is business technology governance
ndash the process of senior executives establishing strategies struc-tures processes and measure-ments for managing technology to boost business results
In the past governance focused on the IT department which played the role of the organisa-tionrsquos main technology supplier
But this traditional approach is changing as organisations use new technologies ndash mobile social cloud analytics and business process management ndash that are often managed by stakeholders outside ITrsquos direct control
Given this reality senior executives need to revisit the traditional approach to IT govern-ance understand the directions of change and identify the most appropriate practices for making business technology governance more effective and less bureaucratic
Today almost every organisation has a portfolio of IT capabilities comprising sys-tems of record applications and repositories that support transactional processes such as ERP and systems of engagement that build on cloud mobility and big data and focus on people rather than processes
Some of the systems of engagement are under the direct control of business stake-holders Sometimes IT does not even know about their existence As a consequence organisations may end up practicing technol-ogy governance in different ways and with different levels of integration
Furthermore senior executives have different expectations from and perceptions of IT management In some organisations they view their IT colleagues as internal technology suppliers whose role is to sup-port applications and devices In others CIOs
Early signs of poor
business-IT alignment
business architect role
vital to transforming
business processes
are business partners who co-create business platforms and optimise business processes across functional units
IT executives on their side engage with business stakehold-ers in different ways
Forrester data clearly shows that organisations with mature business-focused architectures also have more mature IT govern-ance and management processes
CIOs in these organisations frequently play the dual role of technology owners and business architects In this dual role they drive governance development and facilitate the governance execution ensuring that ultimately business stakeholders not IT make key technology-related decisions such as how IT is budgeted sourced and used
To determine best practices in developing business technology governance Forrester interviewed 25 governance and technology experts and reviewed 17 case studies Using the Cobit 5 principles as the starting point Forrester identified five strategic guidelines and practices for turning existing IT govern-ance practices into business technology governance ndash a more effective and sustain-able decision-making framework1 Make business technology governance an
integral part of business strategy 2 Align cross-functional business 3 Maintain an integrated framework 4 Train staff and democratise decision-
making and 5 Govern business technology from outside
IT services provisioning n
Alexander Peters is principal analyst at Forrester Research
peters Developing best practices for business it
This is an excerpt Click here to read the full opinion online
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 16
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
The growing use of virtualisation has really helped many organisations Not only have the average utilisation rates of servers and storage improved but the use of appli-cations and other software packaged ready for installation ndash commonly known as virtual images or virtual machines ndash has meant that systems can be implemented or
recovered far faster than they used to beHowever this can be a two-edged sword The good side of being able to implement a run-
time application rapidly is seen in hosted systems cloud computing and private datacentres but the bad side is seen most in development and test departments and is spreading out into the runtime
The problem is that virtual machines (VMs) are just too easy to use In the past if you wanted to install a copy of an application the first thing to do was order a server Then wait to receive the server Then get it up and running install all the patches to the operating
ISTO
CK
PHO
TOT
HIN
KSTO
CK
Guide to virtual
machine back-up
Expert Strategies
for VM Performance
Monitoring
Manage licences and virtual machines to avoid VM sprawlWhen considering asset management firms should select a system to manage both software licences and virtual machine lifecycle Clive Longbottom reports
Buyerrsquos guideasset management part 2 of 3
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 17
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
system that the supplier had neglected to put in place Then install all the support software that is required ndash app server database whatever followed finally by the software you want to run Long-winded Yes ndash and often enough to put a general developer off and they would just re-use a single server time and time again cleaning the server down after each test and building back up from a golden back-up image to then test the next iteration of their software Maybe a couple of hours each time to get to a ldquocleanrdquo position
Today it is possible to grab some spare resource from a virtualised hardware base spin up a VM and then install your software This takes just a few min-utes and as the resource pool can be pretty big it is easy for the developer to ldquoforgetrdquo that they have a live VM running and just start up another one IT depart-ments could experience greater problems with VM sprawl ndash with test groups growing the VM pool and users being able to self-service systems that they may only use a couple of times
The move towards a developmentoperations (DevOps) model for organising IT where the development and test employees can push new images directly into the runtime will make it much harder for IT administrators to keep track of all VMs
Effective management of software licences and VMsThe result is that not only are resources being locked down by VMs that are not doing anything useful but there could also be licences tied up in these VMs that are doing abso-lutely nothing useful For many it may not appear to be an issue ndash unless someone from the Federation Against Software Theft (FAST) walks in through the door asking to carry out a licence inspection
Managing licences is something that many organisations still do not do Suppliers such as Flexera offer full-service licence management which can not only track licence usage but also manage them against suppliersrsquo licence agreements and in most cases against their tiering systems ensuring that an organisation gets the best value from its licences Others such as Centrix Software can track licences and advise on how they are being used so that an organisation can decide how licences should be allocated more effectively although Centrix really is for dealing with virtual desktop systems
However what a buyer really should be looking for is a system that not only manages licences but also manages the lifecycle of the VM itself Features to look out for includen Building ndash the capability to create the VM from the component parts on the fly using the
right components for the right VM every timen Provisioning ndash the capability to take the VM and make it live out on the target platformn Patching and updating ndash the capability to ensure that all components and VMs are at the
right level of patch for the job ndash not necessarily that everything is at the latest patch level but that the build engine can gain access to components that meet the needs of the final provisioned system For example there may be a dependency on a certain piece of soft-ware to run on an operating system that is not patched to the latest level ndash the chosen system must have the granularity to be able to
ensure that such rules are followedn VM monitoring ndash ensuring that VMs are running correctly and are ldquohealthyrdquo Also track-
ing usage and advising when VMs seem to be unused but live so using up resources and licences that could be used elsewhere
a buyer should be looking for a system that not only manages licences but also manages the lifecycle of the vm itself
rsaquo SMEs Optimising IT assetsrsaquo Digital asset management success
hinges on integrationsupport
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 18
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
buyeRrsquos guide
n Resource management ndash the capability to provision VMs with the right amount of resources at the right time through thin-provisioning storage and low-resourcing central processor unit (CPU) and network to managing peaks and troughs of resource demands in a flexible and elastic manner
n VM management ndash full reporting on VM usage to both technical and line-of-business users along with rules-based lifecycle management of VMs in test and development and in the runtime environment as well as full inventory of VMs and their contents
n VM portability ndash the capability for VMs to be moved from development to test machines and then to runtime systems in a seamless and fully audited manner Also the capability for runtime VMs to be moved from one platform to another particularly where an organi-sation is looking to use hybrid cloud environments and may need to move a VM from an on-premise platform to a co-location datacentre or into the public cloud
n Auditability ndash every action on a VM and how it is used needs to be logged so that a full audit path is maintained With an increase of activity in governance risk and compliance (GRC) the need to be able to prove exactly what was used when dealing with any outsider or even for a particular transaction is an issue that is not going away and as such audit capabilities should be high on the list of requirements of any systems for managing VMs
Optimising the virtual environmentMost of the incumbent systems management compa-nies ndash IBM with Tivoli CA BMC ndash are moving in this direction in one way or another However others are doing more Dell has been building on its Kace acqui-sition and now that it has acquired Quest Software expect to see a rapid move to a more full-service physi-calvirtual systems management toolset
Another company to watch is Serena Software Under the umbrella of ldquoorchestrated ITrdquo Serena is taking its existing application lifecycle management (ALM) approach and expand-ing it through to offer an organisation the choice of running as separate but closely man-aged development and test teams and a runtime team or moving towards a more seamless DevOps approach where the various VMs are all fully managed according to a corporately and technically defined set of rules
Outside of its Tivoli systems management capability IBM also has its PureSystems and its zEnterprise groups with a universal resource manager that can ensure that a workload is placed on the best available resources ndash whether this be Windows Linux or even a main-frame platform in the case of zEnterprise and also whether an Intel or Power chip is the best place for that workload to lie This still needs the basic capabilities of Tivoli for other areas of managing the build and management of VMs but gives good pointers as to the probable future of a fully managed virtual environment
Virtualisation is a definite positive evolution in the use of available hardware resources However organisations and technical teams have to understand that it is no silver bullet on
its own In fact uncontrolled usage of virtualisation can lead to bigger problems where VM sprawl happens at both the resource and the corporate responsibility levels
It is incumbent on those responsible for the IT function to ensure that the right systems are in place to enable VMs to be
managed at the right levels of granularity for full lifecycle management with licence recovery and full audit capabilities in place to ensure that everything works to the best possible level n
audit capabilities should be high on the list of requirements of any systems for managing vms
rsaquo Where does VM sprawl come fromrsaquo Delivering value from desktop virtualisation
rsaquo Manage assets and control business costs
Clive Longbottom is a director of analyst Quocirca
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 19
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Cost pressures and the rise of cloud computing have led many businesses to turn to lower-cost virtual environments on premise and in the cloud but a lack of expertise and experience may be exposing these organisations to unnecessary security risk
Researchers and other members of the security industry believe that in addition to a general lack of understanding about how virtual environments work the fact that the business is so focused on performance and cost often means security is either overlooked or tagged on only at the end
According to Forrester security and risk analyst Andrew Rose many IT professionals think a virtual server is just the same as a physical one even though the risks are different
As organisations seek the economic benefits of virtualising their IT environments serv-ers are no longer individual pieces of equipment that are hard-wired into carefully controlled physical networks Instead they are complex software instances running on top of virtual networks and connecting to increasingly virtualised storage layers which means data protec-tion must change accordingly
So what should information security professionals be doing to ensure that their organisa-tionsrsquo virtual environments are secure as well as cost efficient
The Information Security Forum (ISF) has worked with its members to identify key responses that have been included in a standard of good practice for securing virtual environments
The ISF believes these key responses should includen Establishing a policy for the use of virtual serversn Limiting the number of virtual servers that can run on a single physical server n Controlling the number of critical business applications that can be run on a single server
F9PH
OTO
SIS
TOC
KPH
OTO
Six questions to
ask about security and
virtualisation
Virtualisation
is often a missed security
opportunity
Seeking nirvana virtualisation without security riskFinding a harmonious balance between cost-saving and safety is a vital task Warwick Ashford reports
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 20
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
Virtual servers should be protected by applying standard security management practices to hypervisors which are the key point of protection says Adrian Davis principal research analyst at the ISF
These practices include applying a strict change management monitoring reporting and reviewing super-user activities restricting access to the virtual server management con-sole and monitoring network traffic between different virtual servers and between virtual servers and physical servers to detect malicious or unexpected behaviour
ldquoEach virtual server should be protected by applying similar security management practices to those applied to physical servers including restricting physical access system hardening applying change management and malware protection monitoring and performing regular reviews and applying network-based security controls such as firewalls intrusion detection and data leakage protectionrdquo says Davis
He also believes that security professionals should not consider only virtualised environ-ments in their own organisation but should also focus on virtualised environments in their suppliers and demand that those suppliers adhere to the same good practices
Lee Newcombe managing consultant at Capgemini supports the view that security profes-sionals must consider new strategies and technologies to apply the most appropriate secu-rity controls in such virtualised environments
ldquoWe should not simply be replicating the familiar deployment models from the physical world in the virtual worldrdquo he says
Traditional n-tier architecture which separates out the presentation application and data tiers via physical firewalls is not as effective in the virtual world he says where there may be two or more of these tiers hosted on the same physical hardware
Consider compliance In designing security for virtualised environments Newcombe advises that information security professionals consider compliance requirements identify resources required iden-tify types of users who will access data conduct a risk assessment group resources into zones or security domains and base security controls around these zones
Gartner researcher Trent Henry says that by providing virtual switches that allow
isf recOmmends special aTTenTiOn is paid TO
n segregation of virtual servers according to the confidentiality requirements of information they process
n separation of virtual servers to prevent information being transferred between discrete environments
n restricting access to a limited number of authorised individuals (eg hypervisor administrators) who are capable of creating virtual servers and making changes to them correctly and securely
n encrypting communications between virtual servers (eg using secure sockets layer (ssl) or ipsec)
n segregating the roles of hypervisor administrators (for multiple virtual servers)
ldquoeach virtual server should be protected by applying similar security management practices to those applied to physical serversrdquoadrian davis isf
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 21
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
ViRtualisation seCuRity
communication between guests on a physical host virtualisation hides a considerable amount of traffic from traditional physical network protection including intrusion detection and intrusion prevention systems
ldquoZoning and network visibility not only help with defence in depth but also answer compli-ance obligations and limit infrastructure scope for auditsrdquo says Henry
Gartner clients take three approaches rout-ing virtual traffic to physical choke points (routersfirewalls) increasing protection in guests via system firewalls and using hypervi-sor-integrated protection like virtual firewalls
While controlling and monitoring the activi-ties within and interactions between security zones is important this often raises concerns says Capgeminirsquos Newcombe
ldquoIn a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farmsrdquo he says
ldquoFurthermore the hypervisor itself represents a single point of separation failure that is not present in the physical world albeit one that may have undergone formal security evaluationrdquo
Newcombe believes security professionals need to be pragmatic adapting to the capabili-ties of virtualised environments and making the best use of these new capabilities rather than seeking to simply ldquolift and shiftrdquo designs from the physical world to the virtual world
Security standards for virtualisationBut securing a virtual environment is not just about focusing on technology you also need to look at standards processes controls monitoring and logging says Kevin Wharram of the London Chapter ISACA Security Advisory Group
In securing virtual environments information professionals first have to identify what virtu-alisation technology their organisation has in-house
ldquoIt is then advisable to find various online resources for securing that technology such as VMWare security advisoriesrdquo says Wharram
ldquoZoning and netWork visibility ansWer compliance obligations and limit infrastructure scope for auditsrdquotrent henry gartner
Tips fOr VirTUal secUriTy design
n consider compliance requirements are there any requirements that enforce a degree of physical separation such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separationn identify the resources that the service requires in order to function think in terms of network access compute resource and storage rather than servers and network segmentsn identify the different types of users that require access to the service eg external users inter-nal users or trusted partnersn group the identified resources into zones (security domains) based on the characteristics of the data user communities and access requirementsn conduct a risk assessment identify the risks that need to be managed per zonen base the security controls around these zones controlling and monitoring the activities within each zone and more importantly controlling and monitoring the interactions across each zone
Source Capgemini
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 22
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
Other guidelines are available from Microsoft Citrix the National Institute of Standards and Technology (NIST) the Center for Internet Security (CIS) and from the Defense Information Security Agency (DISA) in the form of SIGs (special interest groups)
Step two is to develop security standards and guidelines for securing your virtual environments
He also recommends IT security chiefs develop processes and controls around configuration and access ldquoThe biggest threat to any virtual environment is misconfiguration and lack of processesrdquo says Wharram
To prevent any security issues the virtual infrastructure requires even more rigorous controls and configuration man-agement practices An example of lack of controls in a virtual environment is VM sprawl ndash the uncontrolled propagation of virtual machines which is often forgotten by IT administrators he says
IT should also log and monitor all virtual environments to enable the detection of any access control issues or any other potential issues that could cause a security breach
Virtualisation creates a new layer of software that must be managed in accordance with change control procedures patched periodically and protected from attack says Gartnerrsquos Trent Henry ldquoMost organisations first turn to tools provided by Citrix Microsoft and VMware for control but management and orchestration solutions from other suppliers can provide enhanced functionalityrdquo he says
Virtualisation can offer more security if done properlyHowever Vladimir Jirasek director of research UK chapter Cloud Security Alliance says in order for virtualisation to provide the same level of assurance as separate physical servers organisations have to ensure trusted hardware architecture and implementation trusted hypervisor architecture and implementation and trusted virtual hypervisor administration
But the problem is that although very close these are not yet fully available he says and therefore in a sense the same level of security cannot be achieved In the meantime Jirasek says organisations can achieve a reasonable level of assurance by using hardware that sup-ports Intel TXT or AMD TrustZone
ldquoThis will satisfy the first requirements Most hardware that you can buy these days does support it but it is worth checking The kernel of the host operating system must also support this technology to get full advantage of the hardware and software integrity checksrdquo he says
Next implement the latest versions of the hypervisor technologies ldquoFor compliance reasons I would suggest you run generic and critical guest instances on separate hardware servers or bladesrdquo says Jirasek
Finally he believes the hypervisor administrators hold the key to the security of any installation ldquoYou need to verify they are trustworthy
ldquoIn some instances you may want to separate these into various groups each responsible for a group of the systems based on security classifica-tionsrdquo says Jirasek The security suppliers are waking up to the hypervisor challenge and many are introducing intrusion detection antivirus host firewall and other products that are ready for the hypervisor he says
Jirasek recommends asking security suppliers for product roadmaps to prepare for the new versions ldquoIn summary virtualisation brings some level of compromise at least for now However the systems can be secured reasonably well and virtualisation should be embracedrdquo he says n
rsaquo Virtualisation security on the risersaquo Virtualisationlsquos three main security issuesrsaquo Network professionals on virtualisation
ldquothe biggest threat to any virtual environment is misconfiguration and lack of processesrdquokevin Wharram
isaca security advisory group
ViRtualisation seCuRity
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
Mobile documents made easy with
When you are out of the office work doesnlsquot stop Taking your work on the road is easy with todayrsquos lightweight and powerful laptops multitasking smartphones and tablet deviceshellip but what about all those files and the paperwork on your desk With Fujitsulsquos ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device Office PC notebook iPadreg iPhonereg and now even on Androidreg devices thanks to the ScanSnap Connect App and in the cloud with Google Docs SalesForce CRM SugarSync Evernote Dropbox and more Make your documents as mobile as you are ndash with just the press of one button
Have a look atwwwScanSnapitcomcw2
All names manufacturer names brand and product designations are subject to special trademark rights and are manufacturerlsquos trademarks andor registered brands of their respective owners All indications are non-binding Technical data is subject to change without prior notification Apple iPad iPhone iPod touch and iTunes are trademarks of Apple Inc registered in the US and other countries App Store is a service mark of Apple Inc Google Google Docs and Android are registered trademarks or trademarks of Google Inc
Available for iPadreg iPhonereg and Androidreg 22 or later details on our website
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 24
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Computer chips powered directly by the sun and cooled by water Data stored on a single electron Self-learning cognitive systems Chips
with as many synapses and neurons as the human brain A supercomputer that analy-ses in just one day more than double the worldrsquos current internet traffic
Such a list may seem like the realm of sci-fi to some but these are all projects currently underway at IBMrsquos Zurich research labs and are likely to produce commercially available products in the next 10 to 15 years
ldquoWhat would you do with 1000 times the capability [of todayrsquos computers]rdquo asks Matthias Kaiserswerth the director of the Zurich labs ldquoWe are actively working to make this happen in the next 10 yearsrdquo
The humble datacentre has reached a turning point It already costs more in electricity to operate and cool a datacentre than it does to build and run the computers it contains The more processing power and storage space we demand the more energy is used
Whatrsquos more the basic chip and storage technologies are close to the physical limits of current design and manufacturing techniques If Moorersquos Law is to continue we need new paradigms for how computers are made
There is only so far that current technology can scale due to physical size energy use and heat generation says Kaiserswerth This is the starting point for the work carried out by IBM researchers in Zurich ndash a team that has won two Nobel prizes
Self-learning systemsIBM likes to show off its computers It has over the years famously developed the first computer to beat a grand master at chess and more recently the first to beat a top com-petitor on the US quiz show Jeopardy Watson the game show winner is described as a ldquoself-learningrdquo system using the very latest in statistical and analytical software to work out the most likely answer to a question
But we humans still retain one great advantage even in defeat A system such as Watson requires about 200000W of energy ndash the human brain it defeated uses just 20W ldquoIn the brain energy and cooling is delivered by the same fluid ndash blood We want to replicate this for chipsrdquo says IBM researcher Bruno Michel
IBM has already built its first ldquosynapse chiprdquo a processor with 262 programmable syn-apses designed to mimic the way the brain processes information The human brain by comparison has about 100 trillion synapses
But one of the things that makes the brain so energy efficient is the fact that its key components ndash the synapses and neurons ndash are so close together The conventional
IBM
RES
EARC
H
Computer Weekly guide
to energy-efficient IT
Download an exclusive
special report on IBM
How IBM researchers hope to change the worldSolar-powered chips are among the technologies we can expect to be using in 10 to 15 years as Bryan Glick discovered on a visit to IBMrsquos Zurich research labs
concentrating the sunrsquos energy
by 1000 times
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 25
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
two-dimensional design of computer chips means comparatively big distances between components such as processors and memory ndash that slows down speeds and requires more energy to bridge the gap
Solar-powered 3D chipsSo IBM is working on a stacked or 3D chip where components are layered on top of each other reducing the distances increasing performance and reducing the electricity needed to power it Michel predicts that 3D chips can theoretically improve system performance by a factor of 5000 ndash although the ability to deliver this is about 15 years away
Even then there will be a need for new ways to provide enough energy to power a com-puter based on such advanced 3D chips ndash one that could provide the power of the largest supercomputer today in a system the size of a desktop PC
To address this IBM is researching ways of powering the chip directly from the sun On the roof of the Zurich labs is a giant concave mirror ndash it looks more like a large satellite dish The mirror focuses and concentrates the sunlight directly onto a single chip which converts 43 of the solar energy to power the chip
The light reflected from what is still a fairly low level of solar concentration would be enough to permanently damage your eyes if you looked at it without a filter Ultimately IBM needs to find a way to concentrate sunlight by a factor of 1000 onto a specific point on a chip Even then the chip will still need to be cooled ndash and it is likely that will be done with water
ldquoWe know the future design of a chip with concentrated solar power and water cooling We are aiming to get there through our researchrdquo says Michel
A prototype chip already exists with tiny pipes on top feeding the coolant directly into the structure of the processor
New storage technologiesA faster more energy-efficient computer will require more storage capacity too One of the projects driving these requirements is IBMrsquos involvement in the Square Kilometre Array (SKA) an international consortium building the worldrsquos largest and most sensitive radio telescope When completed in 2024 SKA will generate 10 exabytes of data every day ndash thatrsquos about 10 petabytes every second roughly double the current levels of global internet traffic according to IBM
ldquoWe are entering the cognitive systems era With computers 1000 times more poWerful than noWrdquomatthias kaisersWerth ibm research Zurich
Super-computers will reach
exascale speeds within a decade
View more photos
from IBM research labs
the worldrsquos first water-cooled supercomputer
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 26
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
innoVation
Processing and storing that much data will require technologies that do not exist today ndash so-called exascale computing ndash with processing power estimated at 25 exaflops One exa-flop is 1000000000000000000 (1018) floating point operations per second
The supercomputers that will support SKA will also need to analyse all that information in near real time to remove unnecessary data and store only what is required for the project
ldquoYou have to screen out data reduce the order of magnitude by two to six times and analyse in real timerdquo says IBM fellow Evangelos Eleftheriou
SKA will need new storage technology in what Eleftheriou calls the biggest change in IT architec-ture since IBMrsquos System 360 mainframe launched in 1964 This will be a ldquodata-centric modelrdquo where data is retained in persistent memory and is sur-rounded by many central processing units (CPUs) ndash unlike todayrsquos model where the CPU sits at the centre and calls in data from different media as needed
This will involve blurring the boundaries between what current paradigms see as memory and stor-age ldquoMemoryIO hierarchy will eventually disap-pear and be replaced by flat globally addressable memoryrdquo says Eleftheriou
IBM is developing a technology called phase change memory (PCM) which overcomes the scaling problems of existing DRAM memory PCM exploits the different electrical resistance of two distinct solid phases of a metal alloy ndash changing the physical properties of the metal to store a bit The first commercial PCM chips are expected by 2016
Even tape storage will continue to have a role to play according to the supplier
NanotechnologyThe research at Zurich does not stop at the level of technologies such as chips and storage Researchers are looking at the use of nanotechnology in chip design Nanowires ndash connec-tions a thousand times thinner than a human hair ndash can reduce the voltage used within an individual switch as it changes its state from binary zero to one
Analysis at an atomic level takes things even further ldquoWe have shown in principle that a single atom can be used to store a single bitrdquo says researcher Fabian Mohn
IBM scientists have even proved that they can control the natural spin of electrons using magnetic forces The discovery could lead to new ways of designing processor gates that require significantly less voltage to induce the change of state from one to zero
Meanwhile Watson ndash the self-learning sys-tem that won Jeopardy ndash is now finding prac-tical uses in business IBM is working with a leading US cancer hospital to develop a new version of Watson to assist oncologists with cancer diagnosis and treatment
IBM predicts that the combination of Watsonrsquos big data handling with exascale computing cognitive chips and nanotechnol-ogy is the future of IT
ldquoIT for the back office has happened Where itrsquos interesting is where itrsquos facing out-wardsrdquo says Kaiserswerth ldquoWe are entering the cognitive systems era with computers 1000 times more powerful than nowrdquo n
ldquoin the brain energy and cooling is delivered by the same fluid ndash blood We Want to replicate this for chipsrdquobruno michel ibm
QampA guide to supercomputers
Managing big data
Petabytes exabytes and
analytics
Water-cooled processors and blades
IBM
RES
EARC
H
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog
computerweeklycom 30 October - 5 November 2012 27
Home
News
is wiNdows 8 tHe rigHt cHoice for
your busiNess
wiNdows 8 security still
Needs some work
How video coNfereNciNg caN save time
acceNture cio oN copiNg witH
250000 it experts
editorrsquos commeNt
opiNioN
buyerrsquos guide to asset
maNagemeNt
balaNciNg cost aNd security iN a virtual it estate
iNNovative tecHNology from
ibm researcHers
dowNtime
downtime
intruders But Downtime does get annoyed by IT sometimes well most times and is very tempted to rename the Wi-Fi network ldquoScrew you ITrdquo or ldquoFU ITrdquo
Daley Thompson out of retirementMany a lunch hour in the 1980s was spent crowded around the Atari game console while a digital Daley Thompson powered through 10 events using the wrist power and timing of the gamers of the day
Well Daley thompsonrsquos Decathlon is back A new Android and iOS version is available for smartphone and tablet users
Apple will have to sort out the problem of iPhones not being waterproof As Downtime remembers competing in the 110m hurdles on the game generated more sweat than doing the real thing
Downtime is trying to picture how the game could be played with a touchscreen n
Putting the wind-up into Wi-Fia recent bbc feature on passive-aggres-sive Wi-Fi network names prompted many users to share the stories behind their imaginative and witty network names
One reader said his Wi-Fi net-work name had been set to ldquoOne Direction Are Rubbishrdquo to annoy his daughter while another called hers ldquoPoliceSurveillanceVanrdquo to wind up stu-dents living next door
But naming witticisms arenrsquot restricted to Wi-Fi Downtime spent a while on Twitter researching accounts such as beiberinmypants GayObama boast-ing tens of thousands of followers or even BadBorisJohnson You donrsquot want to know the names and description of the fake Ryan Giggs Twitter account
Thankfully Computer Weeklyrsquos office is surrounded by city chic so Downtime doesnrsquot feel the need to ward off Wi-Fi
Therersquos an app fOr ThaT nOw
ever thought about baking your mobile phone into a cake no How about using the torch on your iphone to peer up a cowrsquos uterus still no okay yoursquore probably sensible enough to own a mobile phone
Mobileinsurancecouk has released a list of the weirdest claims they have ever had for losing handsets which Downtime also read as a list of idiots who should not be trusted to have one
there was the pyro-technician who left his phone in the blast zone and expressed surprise it couldnrsquot be found after being shot 2000 feet in the air a man who dropped his out of a tree while trying to film a blur gig and a dog walker who claims her phone was stolen by a bird
Downtime knows mobile insurance is often a farce but really donrsquot give these people new smartphones until they learn to look after them
Read more on the
Downtime blog