graph databases make connectionsdocs.media.bitpipe.com/io_12x/io_129050/item_1340928/cwe_1005… ·...
TRANSCRIPT
computerweekly.com 10-16 May 2016 1
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
computerweekly.com
PETA
R C
HER
NA
EV/I
STO
CK
Graph databases make connectionsThe graph model of storing and querying data is gaining favour with businesses
Home
10-16 MAY 2016
computerweekly.com 10-16 May 2016 2
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
IBM offers quantum computing as a serviceIBM’s Zurich Laboratory has made its five-bit quantum computer available to researchers through a cloud service. The researchers at IBM have created a quantum processor, made up of five superconducting quantum bits (qubits). IBM said users will be able to access the technology with a desktop or mobile device through a cloud-enabled quantum computing platform.
Designer cyber threats increasing, warns SophosCyber criminals are increasingly designing attacks for specific coun-tries to trick victims into download-ing malware, according to research by SophosLabs. Analysis of data from millions of endpoints world-wide revealed a growing trend of crafting spam to deliver malware that uses vernacular, brands and payment methods for better cul-tural compatibility.
IT challenges may force RBS to miss deadline to split businessesThe Royal Bank of Scotland says difficulties in creating an IT plat-form for the businesses it agreed to split off as part of its taxpayer-funded bailout mean it could miss the EU-imposed deadline of the end of 2017. RBS had to divest part of its business, creating a new standalone bank, after the bailout was agreed. This part of the organisation, which includes hundreds of RBS branches, is known as Williams & Glyn.
Report names Hull as slowest city for broadbandThe city of Hull in East Yorkshire receives the slowest average urban broadband speed in the country, clocking in at an average 12.5Mbps over the six months to February 2016, according to a report com-piled by consumer services com-parison website uSwitch.com. Hull is served by local incumbent KCOM, previously known as Kingston Communications, and not BT.
The most influential woman in UK IT 2016Voting has opened to find this year’s most influential woman in UK IT. Computer Weekly’s list of the 50 most influential women in UK IT aims to showcase role models in the sector and discuss how diversity can make a huge difference to the future of IT. This year’s winner will be announced at a special event as part of London Technology Week on 23 June, during which guests can hear talks by industry leaders.
❯Catch up with the latest IT news online
NEWS IN BRIEF
DRA
GO
NIM
AG
ES/F
OTO
LIA
computerweekly.com 10-16 May 2016 3
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
NEWS IN BRIEF
Fire services adopt shared command and control systemThree fire services have partnered to deploy a joint command and control system – underpinned by Capita’s VisionDS technology – in a bid to save £17m by 2024 through enhanced control centre functional-ity and greater resilience.
Young people overlooking IT roles in financial servicesYoung people are unaware of tech-nology roles and opportunities available in the financial services industry, according to careers firm Investment 2020, which partners with firms to provide apprentice-ships and careers information.
Google company’s access to NHS records raises privacy concernsGoogle-owned artificial intelligence firm DeepMind has been given access to 1.6 million healthcare records through a data-sharing agreement with Royal Free NHS Trust, raising privacy concerns.
NHS 24 IT system delayed furtherWhen NHS 24 went live with a new IT platform in November 2015, it had to take the system offline on grounds of patient safety. A “les-sons learned” report presented to NHS 24’s board in January proposed a second go-live date of 14 June. However, this has now been delayed.
A quarter of banks will use startups to replace legacy ITWith traditional IT suppliers slow to respond to the changing demands of banks, Gartner has predicted that 25% of financial firms will instead turn to startup IT suppliers for their online and mobile require-ments by the end of 2019.
BT pledges to pass two million homes with FTTP by 2020 BT has committed to extending super-fast broadband to a minimum of 10 million UK homes and businesses by 2020, with an additional two million to receive a full fibre to the premises (FTTP) broadband connection. n
Shell insources IT
Oil giant Shell is the latest multinational to insource its IT – previously outsourced – with the opening of a global IT centre in Bangalore which will host in-house software development and cloud opera-tions. The centre in Bangalore will have about 2,000 employees and will become
a major delivery hub for the company. According to reports in India,
Shell CIO Jay Crotts said Shell is “on a path to insource
our project delivery capabilities”.
❯ Fourth-generation flash to rewrite software development.
❯ M&S credits Office 365 with rise in staff collaboration.
❯ Consumers would buy banking and insurance
from Google, Amazon or Facebook.
❯Catch up with the latest IT news online
computerweekly.com 10-16 May 2016 4
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
Verizon report shows organisations fail to take most basic security measuresEven half-baked adherence to the simplest tenets would improve some enterprises’ security, says Warwick Ashford
Business and other organisations are failing to learn the lessons of past cyber attacks, the latest Data Breach Investigations Report (DBIR) from Verizon revealed.
The analysis – of 2,260 breaches and more than 100,000 inci-dents at 67 organisations in 82 countries – showed that organi-sations are still failing to address basic issues and well-known attack methods.
“This year’s study underlines that things are not getting better,” said Laurance Dine, managing principal of investigative response at Verizon Enterprise Solutions. “We continue to see the same kind of attacks exploiting the same vulnerabilities because many organisations still lack basic defences.”
The 2016 DBIR showed, for example, that nearly two-thirds of organisations’ confirmed data breaches involved using weak, default or stolen passwords.
The research showed that most attacks exploit known vulner-abilities that organisations have never patched, despite patches being available for months – or even years – with the top 10 known vulnerabilities accounting for 85% of successful exploits.
“User security awareness continues to be overlooked as organi-sations fail to understand that they need to make their employees the first line of defence,” said Dine.
“Organisations should invest in training to help employees know what they should and shouldn’t do, and be aware of the risks so they can alert security teams of anything suspicious,” he said.
Dine said it was important for organisations to have processes in place that make it easy for employees to report security issues.
Phishing attacksPhishing is one area where increased user awareness could help, said Dine, with the use of fraudulent emails to steal credentials or spread malware increasing dramatically in the past year.
“If we could reduce phishing through user awareness training, we could probably reduce a lot of the other stuff as well because many of the attacks start with a simple phishing email,” said Dine.
The study showed that 30% of phishing messages were opened – up from 23% in the 2015 report – and 12% clicked on malicious attachments or links that installed malware.
ANALYSIS
computerweekly.com 10-16 May 2016 5
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
In previous years, phishing was a leading attack pattern for cyber espionage, but now features in most cyber attacks.
According to Verizon researchers, the technique is very effec-tive and offers attackers a number of advantages, such as a very quick time to compromise and the ability to target specific indi-viduals and organisations.
Human error the cause of most attacksUnderlining the importance of user awareness and the human element of security, the report showed that human error accounts for the largest proportion of security incidents; 26% involve sending sensitive information to the wrong person.
Other errors include improper disposal of company informa-tion, misconfiguration of IT systems, and lost and stolen assets such as laptops and smartphones.
Of increasing concern to Verizon’s security researchers was the speed at which cyber crime is committed. In 93% of cases, it took attackers up to a few minutes to compromise systems – and data exfiltration occurred in just minutes in 28% of the cases.
ANALYSIS
BYEB
YET
OKY
O/I
STO
CK
“RansomwaRe is going cRazy. it is eveRywheRe – we aRe dealing
with attacks all the time”Laurance Dine, Verizon
Human error accounts for the largest part of security incidents;
26% involve sending sensitive data to the wrong person
computerweekly.com 10-16 May 2016 6
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
Meanwhile, the time between compromise and its discovery is growing. In 84% of the cases, victims did not find out they had been breached for weeks or more – and most were often informed by law enforcement, not by their own security measures.
As with the 2015 report, compromises of mobile and internet of things (IoT) devices were not a significant factor. However, the report noted that proof-of-concept exploits are real and it is but a matter of time before a large-scale breach affects mobile and IoT devices. This means organisations should remain vigilant about protecting smartphones and IoT devices.
The report noted that web application attacks climbed to the top spot for data breaches, and that 95% of web app breaches were financially motivated.
The report also noted that ransomware attacks are on the rise, where attackers encrypt the contents of a device – rendering it useless – and demand a ransom to unlock the data.
“Ransomware is going crazy. It is everywhere. As an incident response team we are dealing with ransomware attacks all the time,” said Dine.
The rise of the three-pronged hybridThe 2016 DBIR highlighted the rise of a three-pronged hybrid attack that attackers are using repeatedly, with many organisa-tions falling prey to attacks that follow this pattern.
First, attackers send a phishing email containing a link point-ing to a malicious website or a malicious attachment. Malware is then downloaded onto an individual’s PC that establishes the initial foothold, and additional malware can be used to steal data and credentials or encrypt files for ransom. Finally, the stolen cre-dentials are used for further attacks by logging into third-party websites, such as banking or retail sites, for example.
Bryan Sartin, executive director of the Verizon Risk team, said organisations must understand cyber criminals. “By knowing their patterns, we can prevent, detect and respond to attacks,” he said.
The report said basic, well-executed measures are more impor-tant than complex security systems. Verizon researchers recom-mend organisations know the attack patterns most common in their industry; use two-factor authentication; and encourage employees to use two-factor authentication when logging into social networking apps.
Verizon said organisations should monitor all inputs; review all logs to identify malicious activity; encrypt business-critical data; educate employees on security; protect data according to importance; and limit who has access to data. If stolen devices are encrypted, it’s much harder for attackers to access the data.
“The report demonstrates there is no such thing as an impen-etrable system, but often even a half-decent defence can deter cyber criminals, who will look for an easier target,” said Sartin. n
ANALYSIS
❯Mossack Fonseca breach underlines the need to focus cyber security on key data
“often even a half-decent defence can deteR cRiminals, who
will look foR an easieR taRget”Bryan Sartin, Verizon
computerweekly.com 10-16 May 2016 7
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
Why engineers need to build sales skillsThe head of technology at Ticketmaster says undergoing sales training could help software engineers become more persistent in tracking down bugs and keeping digital transformation plans on track. Caroline Donnelly reports
Software engineers should adopt a more sales-like approach to problem solving, or risk slamming the brakes on the pace of digital transformation in their organisation, it is claimed.
That is according to Simon Tarry, director of engineering strat-egy at Ticketmaster, who outlined some of the challenges the ticket-selling site has encountered during its cloud migration efforts during a session at the Cloud Expo conference in London.
The organisation regularly sees huge spikes in the number of visitors to its website, as concert and theatre goers clamour to buy tickets for events as soon as they become available, putting huge pressure on the firm’s IT infrastructure.
As an example, Tarry explained how the imminent release of Beyonce tickets a few years ago led to a record number of website visitors, pushing the resource capacity of its London-based data-centre to the limit.
“Our server response time was around 0.7 seconds, and we could handle a concurrent load of around 300 users per minute. The rest of the traffic was queuing, and it’s not a great experience if you’re sat in a queue, trying to buy tickets,” said Tarry. “We ran out of space in the datacentre in London, so we started to look at
the options we had in terms of doing a migration, and cloud was an obvious one.”
Making the move to cloudThe firm took steps to migrate the workloads and functional-ity housed in its London datacentre to a private cloud instance in Amsterdam, prompting an internal rejig of its IT teams to accommodate the move. “We basically pulled together individu-als from different teams to make sure we had the right capability to do this migration,” said Tarry.
The company initially anticipated the migration would take two to three months, but some misplaced assumptions about the per-formance of its underlying infrastructure led to some unexpected delays. “We made assumptions about the network infrastructure, but that had changed. We assumed it would perform as well as, if not better, than what we had before. We did a lot of testing, and basically played a game of hunt the bottlenecks in the infrastruc-ture or in the software application,” he said.
After a while, this process uncovered shortcomings in the input/output (I/O) performance of the database server, which was
ANALYSIS
computerweekly.com 10-16 May 2016 8
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
resolved through adding solid-state drives (SSDs) to the infra-structure mix, as well as a shortfall in the bandwidth being sup-plied to its communications card.
The power of noHowever, these problems were relatively easy to work through when compared with the bottlenecks caused by the firm’s soft-ware engineers and their response to being told “no”, said Tarry.
A software engineer, when tasked with investigating a problem in a certain part of the infrastructure stack, will need to work with other teams to establish what’s going wrong, he said. If the infra-
structure team does not have time to entertain them, there is a tendency on the software engineering side to turn attention else-where and downgrade the job.
“When someone says no, it’s very easy for a software engineer to think, ‘Right, I don’t need to bother with that area. That team is busy, we’re not going to explore it’,” said Tarry.
ANALYSIS
EDST
OC
K/I
STO
CK
Demand for Beyonce tickets a few years ago led to record
website traffic, pushing Ticketmaster’s datacentre
capacity to the limit
“if youR sales people accepted a ‘no’ all the time, you’d make no sales and have no business”Simon tarry, ticketmaSter
computerweekly.com 10-16 May 2016 9
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
This can lead to delays in completing a cloud migration if the source of the problem takes longer to track down just because engineers are happy to take “no” for an answer, he added. “We found there was a team holding us up, because – even when we started to question them – they said, ‘no, we’re too busy to help’.”
That was until Tarry’s team got hold of some metrics that half-proved this team, and its slice of the infrastructure stack, might be the source of the problem.
“We had the metrics to prove it to them, and asked them to look into it, and they said, ‘yes – it is a problem with us’. We got delayed for many months before we got to that point,” he said.
Evidence was essential in dealing with this situation, but another way to prevent similar delays from occurring could be to send
engineers on some form of sales training, so they become less inclined to take no for an answer, offered Tarry. “Software engi-neers make terrible sales people because we keep accepting ‘no’ from someone else, and going, ‘Oh, I’ll put that problem at the bottom of my list of things to solve’,” he said. “If your sales peo-ple accepted a ‘no’ all the time, you’d make no sales and have no business, and this is very much an engineering mindset we apply to problems.”
The move to Amsterdam paid off, said Tarry, as the site man-aged to hold up in the face of another huge ticket sales surge at the end of 2014, involving Fleetwood Mac.
“We got what we wanted and the performance we wanted, but it took a long time to get there,” he concluded. n
ANALYSIS
❯How cloud computing is helping Uefa prepare for Euro 2016 tournament
GRE
ENPI
MP/
ISTO
CK
computerweekly.com 10-16 May 2016 10
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
Hotel chain head of digital readies business for future of staged expansionYotel’s Fergus Boyd tells Angelica Mari how he is preparing the IT infrastructure to fulfil the business’s ambitions
Hotel chain Yotel is transforming its underlying systems and adopting a digital-first strategy to further develop sales and improve internal operations.
Leading the strategy is Fergus Boyd, the company’s vice-president for digital. A veteran of the travel industry, Boyd has years of experience in senior IT roles in the sector, which include launching British Airways’ first on-board internet services, and an open innovation initiative with UK charity Nesta to collaborate with Virgin Atlantic customers to design new services.
Stripping out legacy with an eye to the futureAfter joining Yotel two years ago, Boyd devised a strategy to support the group’s ambition to have 50 hotels by 2020, replac-ing all the company’s legacy systems with new platforms.
“We believe it’s imperative that the systems we are investing in now can grow with us. As a result, we are avoiding traditional, hospitality-centric systems and instead opting for light-touch, cloud-based products, which complement our BYOD [bring your own device] philosophy,” Boyd tells Computer Weekly.
INTERVIEW
Fergus Boyd: “The technology platforms
we are investing in now will be crucial in the
drive to future savings and revenue”
computerweekly.com 10-16 May 2016 11
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
“We firmly believe the technology platforms we are investing in now will be crucial in the drive to future cost savings and revenue. Chiefly, we aim to continue to deliver great guest service, as this is at the heart of what we do, while our infrastructure and systems ensure that we facilitate everything guests need during their stay.”
Keeping IT “lean and light”Boyd says the mantra for Yotel’s IT is to keep assets simple and less complex to manage. The result is a portfolio that largely comprises software as a service (SaaS), with Microsoft Office and Outlook 365 at the core. The company uses a cloud-based intranet from Jostle as a hub for staff communications.
Imminent deployments include other cloud platforms such as ExactTarget, a digital marketing product from Salesforce.com that will be used for guest-facing email communications, and an open-source content management system from Umbraco.
Yotel uses Oracle Opera as a property management system for its New York hotel and a product provided by startup StaynTouch for its bookable by-the-hour airport hotels at London Heathrow, London Gatwick and Amsterdam Schiphol.
The StaynTouch system, as well as self-service kiosks, will be rolled out at an 80-suite property at Paris Charles de Gaulle air-port, which will be launched in June 2016. Boyd will also be work-ing on having IT in place in a 600-cabin hotel on Orchard Road in Singapore, which will open at the end of 2016.
“We will keep our overall proposition lean and light, focusing on investing in new technologies that will help deliver on what our customers need – a seamless guest experience,” says Boyd.
For 2016, other projects will focus on further developing the company’s digital-first policy. Achievements so far include the launch of a responsive website in April 2015 – which converts sales up to 20% better than before, with direct web contribution having almost doubled to more than 30% of the company’s global revenue – as well as a mobile app, which acts as a personal con-cierge for the company’s New York City hotel.
The hotel chain has also developed its own application pro-gramming interfaces (APIs) that enable sharing of room rates and inventory with travel meta-search engines such as Kayak and Trivago. Boyd says this widens the company’s audience reach and Yotel is seeing “excellent returns”. It plans to implement a central reservations system from Sabre Synxis by mid-2016 to help it dis-tribute its inventory more effectively.
Upscaling digitalYotel wants to grow direct digital sales, so it needs enhanced distribution platforms as well as the ability to communicate through sophisticated customer relationship management (CRM) tools and e-marketing, for which it intends to introduce a CRM platform later this year.
“As a technology-focused brand, a key part of our business strategy is to place technology at the heart of our expansion and to upscale our digital presence,” says Boyd. An example of this is its investment in conversion rate optimisation, implementing Maxymiser, a multivariate testing tool supplied by Oracle that tests the entire multi-channel customer experience. Boyd says the plan is to use this to continually tune and optimise the website.
INTERVIEW
computerweekly.com 10-16 May 2016 12
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
Yotel puts a lot of effort into social media as an effective chan-nel to reach guests, and is very active on Facebook, Twitter and Instagram. Boyd says this initiative pays its way, as the company’s sales via social are “significant”.
“We use online survey tools to keep monitoring the heartbeat of our audience. All guests who visit our properties are invited to respond on their stay, plus we use the traditional tools such as TripAdvisor to hear from our guests,” he says. “We are still nimble enough to get things done in an agile way and we have no formal committees, meaning we are freer to respond to guest’s feedback. Project owners collaborate with key stakeholders and things get done in an effective manner.”
Data has an important role to play in the hotel chain’s IT strat-egy. Boyd is leading a large business intelligence project which will give Yotel a view of all key financial and operational insights.
“Our central reservations system will give us a global view of our hotel inventory and pricing as we develop. We don’t yet need a loyalty programme, but one may come as we scale,” he says.
Keeping the human touchYotel plans to introduce mobile-key enabled locks using Bluetooth Low Energy, so that tech-savvy guests can go straight to their cabins without needing to check in at the front desk.
“We will keep our human touch by complementing any fast-track journey with our round-the-clock reception service – although this may become more of a roving, hosted service,” says Boyd. “We aim to be a sustainable company, so our product designers look for low-power, efficient technologies for use in our hotels and cabins.”
Yotel has several partners that help deliver the IT that underpins its operations, but the global team delivering the technology and digital initiatives comprises only four people, while the flagship New York hotel has its own team. The department will grow this year to help with the work going into opening more hotels.
Boyd says the main challenges he faces as a leader in a fast-changing and highly competitive sector are to manage tight budg-ets, retain talent and develop good in-house expertise.
“We have a very aggressive growth plan, so keeping up with that and the pace of change of technology will be key,” he says. “In the next 12 months, we hope to have a robust CRM system with personalised, targeted and effective communications. We hope to have a highly tuned and optimised digital presence, with world-class photo and video content to enhance this, boosting our search engine optimisation and reducing paid search costs.
“We want a streamlined, low-maintenance internal IT infra-structure with most platforms on a cloud environment.” n
INTERVIEW
❯Hotels.com CTO Thierry Bedos strives for the perfect customer experience
“we aim to be a sustainable company – we aRe exploRing the use of tRanspaRent concRete to
let natuRal light into the hotel”FerguS BoyD, yoteL
computerweekly.com 10-16 May 2016 13
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
Computer Weekly, 2nd Floor, 3-4a Little Portland Street, London W1W 7JB
General enquiries 020 7186 1400
Editor in chief: Bryan Glick 020 7186 1424 | [email protected]
Managing editor (technology): Cliff Saran 020 7186 1421 | [email protected]
Head of premium content: Bill Goodwin 020 7186 1418 | [email protected]
Services editor: Karl Flinders 020 7186 1423 | [email protected]
Security editor: Warwick Ashford 020 7186 1419 | [email protected]
Networking editor: Alex Scroxton 020 7186 1413 | [email protected]
Management editor: Lis Evenstad 020 7186 1425 | [email protected]
Datacentre editor: Caroline Donnelly 020 7186 1411 | [email protected]
Storage editor: Antony Adshead 07779 038528 | [email protected]
Business applications editor: Brian McKenna 020 7186 1414 | [email protected]
Business editor: Clare McDonald 020 7186 1426 | [email protected]
Production editor: Claire Cormack 020 7186 1417 | [email protected]
Senior sub-editor: Jason Foster 020 7186 1420 | [email protected]
Sub-editor: Jaime Lee Daniels 020 7186 1417 | [email protected]
Sub-editor: Edward Pearcey 020 7186 1478 | [email protected]
Sales director: Brent Boswell 07584 311889 | [email protected]
Group events manager: Tom Walker 0207 186 1430 | [email protected]
Ofcom’s threats are finally paying off
BT demonstrated last week the depths of its sensitivity to Ofcom’s threat to break up the telecoms giant. Ofcom’s communica-tions market review, published in March, set out its desire to see fibre to the premises (FTTP) broadband become the domi-nant technology over the next 10 years, and retained the right to force the separation of Openreach, BT’s local infrastructure
subsidiary, to achieve that end. Lo and behold, suddenly BT finds a few billion quid down the back
of the sofa and promises two million FTTP connections by 2020. This, despite the many occasions when BT executives have insisted we don’t need FTTP and that sweating its copper assets will provide eve-rything the UK digital economy needs for the foreseeable future.
Ofcom and BT are due to sit down soon to discuss the new regula-tory environment that the telecoms watchdog wants to introduce to encourage rivals to install their own FTTP networks, using BT’s existing poles and ducts. It seems clear that BT wants to go into those negotiations with a halo above its head, saying, “What, us?”
Virgin Media’s announcement in April of an FTTP roll-out to one million properties by 2020 helped too, showing BT that broadband provider momentum is going in a different direction to its preferred plans.
Good for Ofcom. The regulator has taken its fair and justified share of criticism in the past, but it’s shown that when it sees the market being hindered by BT’s dominance it’s not afraid to act. It’s still a shame, nonetheless, that it takes a regulatory threat to make BT act and embrace the FTTP technology that the most advanced digital nations have already invested in. Smaller rivals such as Gigaclear and CityFibre are already making early progress in bringing FTTP to the most economically viable areas, and BT must see that if it lags for too long, then when broadband demand switches to services that require FTTP it would be in a dangerous position.
We’re still taking small steps, but it’s encouraging to see that we are finally starting to make a serious move towards building the digital infrastructure that the UK will need for the next 50 years, not just the next 10. n
Bryan Glick, editor in chief
❯Read the latest Computer Weekly blogs
EDITOR’S COMMENTHOME
we aRe finally making a move towaRds building the digital
infRastRuctuRe that the uk will need foR the next 50 yeaRs
computerweekly.com 10-16 May 2016 14
The recent breach of 2.6TB of data from Panamanian law firm Mossack Fonseca has generated a slew of revela-tions about how the world’s rich and powerful chan-nel their wealth into offshore companies in a bid to
avoid tax, prompting high-profile political resignations and public demands for a clampdown. But the stories would have been a lot less detailed, and taken far longer to surface, without the help of a very old technology that’s currently making a comeback – the graph database.
Graph databases pre-date the relational database (RDB) model that has dominated business IT for more than 40 years. Instead of storing and manipulating data in tabular rows and columns, graph databases are structured more like the scribbled “mind maps” used for freeform note-taking – bubbles of information joined by a tangle of labelled lines that reveal the connections and relation-ships between them.
In a graph database, information is stored in the form of nodes (items such as businesses or individuals), properties (informa-tion about, or relating to, nodes) and edges (the lines connecting nodes to one another or to properties, where much of the impor-tant information resides). They typically don’t require data to be in a rigidly structured format and are often faster and easier to scale than RDBs.
Graph databases: Joining the dotsFrom social networking to the detection of offshore financial shenanigans, Jim Mortleman explores why the growth of graph databases could be pointing the database market in a new direction
BUYER’S GUIDE TO GRAPH DATABASES | PART 2 OF 3
HOMEISSARONOW/FOTOLIA
computerweekly.com 10-16 May 2016 15
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
The graph model works particularly well for applications where relationships between items of data are the most important factor.
Matt Aslett, research director at 451 Research responsible for data platforms and analytics, says: “This means they’re very well-suited to applications like social networking, mapping, route planning and logistics, asset management, loyalty schemes, fraud detection, recommendation engines, master data management systems and more.”
They are also perfect for the task of uncovering hidden connec-tions in a mountain of legal and financial data such as the Panama Papers (see box on page 16).
Mapping out connectionsThe graph database renaissance is perhaps not surprising given how well the model mirrors the linked, non-hierarchical structure of the web itself, and the growing popularity of networked and
BUYER’S GUIDE
Choosing a graph database from an expanding pool of optionsA whole bunch of graph databases, tools and frameworks have sprung up in the past few years, the bulk of them open source. The Wikipedia graph database entry has a non-exhaustive list of around 50 products, with useful feature comparisons.
Most of the business examples in this article use the market-leading Neo4j, which is by far the most mature and widely used graph database, having been around since the early 2000s.
Aslett also notes that Objectivity’s InfiniteGraph, another mature offering that’s particularly effective for crime detection, has significant traction among financial firms and law enforce-ment agencies.
But the options are expanding. Analyst James Governor of RedMonk thinks it makes sense to let your developers explore what’s out there, since products and feature sets are evolving so
rapidly. “Things are changing all the time and there are an unfor-giving number of options, including tools that let you overlay graph capabilities onto your existing relational database system. We think what’s interesting is choosing specific databases for specific tasks and finding ways to bring them together,” he says.
“Neo4j is clearly way out ahead in this market. It has built a solid reputation through its long-term focus on graph technology and I’ve spoken to plenty of developers who’ve had good experi-ences with it,” he adds.
“The TinkerPop stack from Apache is also getting a lot of attention at the moment, so enterprises might want to look at that too. And for really high-scale stuff, there’s Apache Giraph which runs on the Hadoop stack and is being used by the likes of Facebook,” says Governor.
computerweekly.com 10-16 May 2016 16
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
social applications. Indeed, it was social web giants like Twitter, Facebook and Google that prompted the comeback in the first place, since they needed more efficient ways to manage and understand the relationships among their vast networks of users. And as networked smart cities and the internet of things (IoT) take hold, we’re likely to see many more use cases for the technology.
Already, businesses beyond the high-tech giants are increas-ingly turning to graph databases. Lufthansa, for example is using
graph databases to store relationships between the content it offers on flights and the different devices people use to access that content. “To deliver, say, a movie or in-flight offer to a passenger’s personal device, the airline needs to understand the devices people are using – their screen sizes, performance and so on – then map that onto the content deliv-ered to the individual user, as well as knowing
details about passengers such as whether they’re frequent flyers or members of any of the company’s loyalty schemes,” says Aslett.
BUYER’S GUIDE
Picking apart the Panama Papers – how a consortium of investigative journalists used graph technology to plot the offshore connections of the rich and powerfulThe Institute of Investigative Journalists (ICIJ) is a global consor-tium of almost 200 reporters who work with many of the world’s leading news organisations. When they were handed a cache of more than 11.5 million breached documents from Panamanian law firm Mossack Fonseca, which specialises in setting up off-shore companies for its wealthy clients, it was clear that untan-gling the web of connections concealed within the 2.6TB of data was not going to be possible manually.
“We’ve been dealing with data connected to offshore deal-ing for the past four years, and during our investigation into the leaked HSBC Swiss Leaks in 2014/15, we implemented the
Linkurious data visualisation tool, which uses the Neo4j graph database as its engine,” says Mar Cabra, head of the ICIJ’s data and research unit.
The tool’s implementation was only completed at the tail end of that investigation, so was used mainly for fact-checking, she says. However, the size of the Panama Papers breach eclipsed all previous data hauls. “We don’t have an army of data scientists here. There are only three developers, so it was vital to provide journalists with an intuitive tool they could use to explore the data without the need for technical experts,” says Cabra.
continued on next page...
❯When looking at more agile, open source alternatives to
proprietary databases, how do you choose which is the best
fit for your needs?
computerweekly.com 10-16 May 2016 17
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
BUYER’S GUIDE
First the team reverse-engineered Mossack Fonseca’s internal database of around 215,000 offshore companies from the piece-meal data they’d been given. They then used the Talend transform and load tool to import the data into Neo4j, from where it could be visualised in Linkurious. “My reporters found it very intuitive and easy to use. They were able to just click dots on the screen to reveal – instantly – how people and entities are connected,” says Cabra. “It has an advanced query language, Cypher, that more technically-savvy reporters can use, and you can also tap into an API [application programming interface] to visualise the data elsewhere. Fuzzy matching, where the system finds similar names, was also really useful. Another great feature for reporters is the ability to export interactive widgets, for example to let read-ers visually explore the connections around particular politicians.”
Meanwhile, the mass of unstructured data – comprising emails, legal documents and so on – was put into a document store where
it could be searched by journalists with familiar Google-style text-search tools. This combination of a visual graph database and searchable document store was vital for piecing together the stories, since the database alone did not reveal all the names. “Mossack Fonseca didn’t record many beneficial owners in its database, only inside PDFs or scanned documents, so it was vital to be able to explore both,” says Cabra.
And from this month, anyone will be able to seek out more connections hidden in the graph data when the ICIJ combines it with the data from previous offshore leaks and makes it publicly available for exploration with a Linkurious front end.
“We’re going to crowdsource even more revelations,” says Cabra. “Our website will contain data on over 300,000 compa-nies in tax havens and the people behind them. Reporters, the public, tax officials and prosecutors are all going to be able to explore those connections – and no doubt that will throw up even more surprising names.”
...continued from previous page
There are plenty of other examples. Mobile operator Telenor uses the technology to understand its users – where they are, what devices they’re using and what they’re permitted to access. Many banks and financial institutions use it for fraud detection. Royal Bank of Scotland is using it in a change management tool called Dart that continually tracks the implication of changes on its core Agile Markets trading system. Online gambling provider
Gamesys is using it to manage a referral system and Facebook integration for its customers. The list goes on.
Growth and change aheadWe’re not, however, likely to see graph databases taking over from relational databases any time soon. They still only repre-sent a minuscule fraction of the total database market, although
computerweekly.com 10-16 May 2016 18
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
precise figures are hard to come by. 451’s Aslett estimates the market currently represents around $200m of the $286bn sec-tor – which equates to a share of about 0.07%.
But he notes the whole NoSQL market (which includes key value and document stores as well as graph databases) is nonetheless growing at an impressive rate.
“We’re seeing a compound annual growth rate of 43%, com-pared with 11% for the market overall. The dominance of the relational model means things will naturally take a long time to change, but we’re at the beginning of a potentially significant shift,” Aslett concludes. n
BUYER’S GUIDE
“the dominance of the Relational model means things
will natuRally take a long time to change, but we’Re at
the beginning of a potentially significant shift [towaRds
gRaph databases]”matt aSLett, 451 reSearch
Graph databases don’t require data to be in a rigidly structured format. Information is joined by a tangle of lines
that reveal connections and relationships
ISSA
RON
OW
/FO
TOLI
A
computerweekly.com 10-16 May 2016 19
Nand flash as a technology has been around since the late 1980s, but it has only really been adopted for enterprise storage in the past eight to 10 years.
The main modes of flash storage deployment have been to implement the technology in the form of either traditional drive format solid-state disks (SSDs) or as PCIe SSDs as an add-in card in the PCI slot.
But, as the market for flash storage continues to develop, a range of technologies and methods of deployment are appearing outside this mainstream, many of which could represent an inter-esting direction for storage in the coming years.
DSSD and MangstorThe initial selling point of flash was raw speed, measured either as throughput (Mbps) or input/output operations per second (IOPS), both delivered at low latency. The key numbers have typically been up to 1,000,000 IOPS and less than one millisec-ond of latency.
These performance figures seemed incredible when flash was introduced to the enterprise. There was a lot of talk in the industry about “over-delivering” input/output (I/O) capacity that couldn’t be fully exploited. But times change, and with the ongoing march of Moore’s Law, we have continued to see performance gains in processor and memory speeds. This has resulted in the need for a new breed of storage system – the ultra-fast appliance.
Flash storage moves beyond the mainstream
Flash storage doesn’t just come in traditional drive format and PCIe card. There are significant outliers in the market that make use
of custom flash modules, Dimm and QLC, says Chris Evans
FLASH STORAGE
OLG
ASA
LT/F
OTO
LIA
HOME
computerweekly.com 10-16 May 2016 20
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
The ultra-fast systems, as developed by EMC DSSD and Mangstor, represent a niche market in which extremely high throughput is delivered at very low latency.
As an example, Mangstor claims latency figures as low as 110 microseconds (read) and 30 micro-seconds (write), at least an order of magnitude faster than today’s all-flash arrays. A single appli-ance can deliver up to three million IOPS. EMC recently launched the so-called rack-scale flash DSSD D5, which offers 10 million IOPS with average latencies of around 100 microseconds and 144TB in 5U of rack space. A DSSD D5 supports up to 48 serv-ers with a mesh of non-volatile memory express (NVMe) PCI Express (PCIe) Gen3 connectivity.
The ability to achieve these figures requires both a bespoke architecture (DSSD has custom flash modules, Mangstor uses custom PCIe SSDs) and a new mode of connectivity.
These appliances don’t connect over Fibre Channel or Ethernet, but use low-latency protocols such as NVMe over RDMA and PCIe. The sacrifice here is in flexibility and scalability.
These protocols have restrictions on cable distances and implement a more dedicated point-to-point net-work, much like with SCSI 20 years ago. In addition, the advanced fea-tures of traditional arrays are typically missing (including data protection) to achieve such high performance.
Ultra-fast appliances will see uses in finance and analytics – any application where the latency of an I/O request is critical. This makes it unlikely to be deployed by the typical IT organisation.
NVDimmAn alternative to building a faster array is to look at moving storage closer to the processor and cut
the distance an I/O request needs to travel to persistent storage.Companies such as Diablo Technologies and Netlist have
introduced what is termed either “memory channel storage” or “storage class memory”, but is essentially Nand flash deployed on a Dimm form factor, identical to that used by server memory DRAM. Diablo partners with SanDisk to produce ULLtraDimm, which comes in either 200GB or 400GB capacities. Each device is capable of delivering up to 140,000 IOPS (read) and 44,000 IOPS (write) with write latencies as low as five microseconds. This is an order of magnitude faster than the ultra-fast appliances.
Unfortunately, NVDimm technology can’t simply be put into any server. The hardware Bios needs to be modified to support
NVDimm technology. Drivers are required in the operating system so the difference between volatile and non-volatile memory can be identi-fied to the application.
The potential of the technology is enormous. DRAM is relatively expensive and NVDimm bridges
FLASH STORAGE
❯We survey an all-flash array market in which the big six in storage have largely settled
on strategy, but key new technologies are emerging.
the potential of nvdimm is enoRmous – it bRidges the pRice
peRfoRmance gap between dRam and tRaditional flash
computerweekly.com 10-16 May 2016 21
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
the price performance gap between DRAM and traditional flash. As an enabling technology, in-memory databases and hyper-con-vergence seem the most obvious workloads for NVDimms, where the server/node is treated as a unit of resilience (or failure).
QLCThe outliers in the use of flash aren’t all focused on high per-formance or low latency. Cost is a determining factor in flash adoption. In particular, the price per gigabyte still determines many product purchases. One way costs have been reduced is by storing more information in each flash cell.
Initially, single level cell (SLC) technology stored one bit of data, multi-level cell (MLC) stored two and triple-level cell (TLC) stored three. Toshiba is forecasting that QLC (quad-level or four bits per cell) technology will be available in 12 to 24 months, with the prospect of drives that can store up to 88TB of data each.
The downside to QLC and the progression to higher bit density per cell is the relative lifetime of the media, which gets progressively worse with the more bits that are stored in each cell. However, with the right controller algorithms and the use of other flash products for write-intensive workloads, QLC could get to a point where the humble hard disk drive is replaced in all but the most long-term archive requirements. In fact, many
IT departments may move to simply having flash and tape in their datacentre.
M.2 SSDWe’ve talked about performance and capacity in flash. Another area where there is outlier activity is in product form factor. SSDs initially emulated the hard drive and were packaged in 3.5in and 2.5in formats. Alternatively, they were delivered as add-in cards
that plugged into the PCIe bus.M.2 is a different form factor alto-
gether, and has developed from the laptop market. It provides up to 512GB of flash on a device that can be as little as 1.5mm thick, 22mm wide and up 110mm long. These products support PCIe and NVMe standards and might offer the ability to build a highly dense storage array that consumes relatively low power.
The challenge to flashOf course, not all future developments of storage are based around flash technology. The imminent arrival of 3D-XPoint from Micron/Intel could change the dynamics of the storage industry entirely, offering 1,000 times the endurance and performance of flash with a density 10 times that of DRAM.
If 3D-XPoint delivers at an acceptable price point, some of these outliers may be short-lived or not see the light of day at all. n
FLASH STORAGE
Qlc could get to a point wheRe the humble haRd disk dRive is Replaced in all but the most
long-teRm aRchive ReQuiRements
computerweekly.com 10-16 May 2016 22
Home
News
Organisations fail to take most basic security measures
Why software engineers could benefit from sales training
Hotel chain head of digital readies business for future expansion
Editor’s comment
Buyer’s guide to graph databases
Flash storage moves beyond the mainstream
Downtime
DOWNTIME
❯Read more on the Downtime blog
How not to do passwordsIt was World Password Day on 5 May. As part of the global push to promote better password habits, nonagenarian actress Betty White agreed, in a series of pep talks, that passwords annoy the “f**ing heck” out of you.
Perhaps that’s why the UK director general for cyber security at GCHQ rec-ommends IT administrators only set passwords “when they are really needed”. Because that’s how you make your systems more secure... Downtime isn’t con-vinced. Presumably that just makes it much easier for the spooks to log in. Bet they never thought of trying “admin”/”admin” on the Cisco router. n
S-C
PHO
TO/I
STO
CK