8/14/2019 The Grill: (ISC) 2s W Hord Tipton
1/32
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
2/32
(MakeYour OrganisationAgile Enough To Grow In AMoments Notice)
MYOAETGIAMN
Get secure.Get compliant.Then belt up and
Once your IT security is doing everything you expect it to, make it do something no one would ever expect: make your organisation moreefficient, more flexible and more competitive than ever before. CAs approach to IT security centralises Identity and Access Management
(IAM). That means you can deploy applications that deliver new services or capitalise on new opportunities, faster and more securely.
And with best-in-class modularity, scalability and integration, CA security solutions enable efficiency. To learn more about the full
potential of IT security, download the latest white paper atca.com/au/secure.
Copyright2009CA.
Allrightsreserved.
G O V E R N M A N A G E S E CUR E
http://www.ca.com/au/securehttp://www.ca.com/au/securehttp://www.ca.com/au/securehttp://www.ca.com/au/secure8/14/2019 The Grill: (ISC) 2s W Hord Tipton
3/32
NewsFebruary 2009 | www.computerworld.com.au | 3
INBRIEFIN THIS ISSUE February 2009
Linux.conf.auSPECIAL REPORT: Check out our
extensive coverage of this years
open source conference in Hobart
Smartphones, iPhones,BlackBerrys and beyond.MOBILITY: All the latest news,
reviews, features and videos on the
iPhone, Blackberrys and other smart
devices
Google explores ocean depthWEB: Latest version of Google Eart
offers 3D maps of the ocean floor,
well as Mars and historical images
The A-Z of ProgrammingLanguagesSPECIAL REPORT:Computerworld
ongoing series of investigations in
the most widely used programmin
languages, including Ada, AWK,
Bash, C# and more
www.computerworld.com.au
ONLINE
News3 In Brief4 Flying docs pilot rst
national e-health database
5 Privacy group callsGoogle Latitude a dangerto security
6 HTC launches rst Androidphone in Australia
8 Windows 7 to be soldin six versions
10 On the scene:Linux.conf.au 2009
12 The Grill: W Hord Tipton
Opinion14 Top 10 qualities of a
great IT shopPaul M Ingevaldson
15 Panic and how toprevent it
Paul Glen
15 Security predictionsfor 2009
Andreas Antonopoulos
In Every Issue14Shark tank30Good, bad & ugly30 Notes from left eld
Features16 The Big Switch to
cloud computingNicholas Carr touts reliability
but fears vendor lock-in
Thomas Hoffman
18 Forecast 2009:The year ahead for ITExperts weigh in with their predic-
tions of what will be hot and
not in IT for 2009
By Staff Writers
24 Ofce bling for 09Old notion: Squeeze every drop
from your old equipment. New
order: Fresh gadgets crank up
your productivity
Russell Kay
26 10 tech people youshould knowThese power-brokers decisions
could shape enterprise IT foryears to come
Ann Bednarz
29 Service-level agreements:ITs value propositionAn SLA is your chance to demon-
strate ITs worth to the business.
Heres how to get it right
Bob Anderson
24
10
ACS, AIIA disappointed at Rudd stimulusAustralian ICT industry representative bodies have panned the exclu-
sion of ICT infrastructure spending from the Rudd Governmentseconomic stimulus package. In response to the grim global economic
climate and bleak forecasts of the International Monetary Fund (IMF),
the Rudd Government unveiled a far-reaching $42 billion stimulus
package that included, among other incentives, a 30% tax break for
small businesses on items worth more than $1000 purchased before
June 30.
Australian Information Industry Association CEO, Ian Birks, said
while the package would bring a welcome boost to technology spend-
ing by organisations, it failed to look at the big picture for ICT.
I think we would say the package has insufficient focus on the
digital economy, on new technologies, and really feels like the
Government may be missing the point somewhat about the transfor-
mational impact ICT can have, Birks said.
We would urge the fast tracking of a lot of existing commitments
like the NBN, the e-Health commitment, and the use of smart IT in
carbon reduction. All of those things that have been talked about and
socialised in the Governments agenda need to be fast tracked and
need to happen sooner rather than later. That will have a massive
stimulatory impact.
Australian Computer Society president, Kumar Parakala, praised
the Governments approach to assisting the economy but also criti-
cised the lack of ICT infrastructure spending in the package. This
has been a missed opportunity to invest in Australias digital economy,
which could potentially have helped Australia to become an interna-
tional powerhouse in these times of crisis, Parakala said.
Despite the lack of big picture spending, both Birks and Parakala
welcomed the other incentives, in particular the tax breaks for smallbusinesses.
Under the plan, small businesses with a turnover of less than
$2 million a year can claim a 30% tax deduction on items (includ-
ing ICT hardware) worth more than $1000 and bought before June
30. A 10% deduction will also be given for assets bought between
July and December (and installed before December 31, 2010). Larger
businesses are eligible for the same tax breaks on eligible items worth
more than $10,000. Trevor Clarke
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
4/32
News4 | www.computerworld.com.au | February 2009
Telstra, AFL win hyperlinkcase against News LtdThe Federal Court has ruled
hyperlinks to Telstra-copyrighted
AFL video clips on YouTube were
unlawful.
The hyperlinks, which were
featured on News Limited subsidi-ary Web sites in mid-2008, were
found to have breached copyright
laws by undermining the exclusive
broadcasting rights granted to
Telstra by the AFL.
A spokesperson at Telstra
said the company was pleased
the court had ruled in such a way
that saw its hard-won media rights
upheld. Were a rights-holder. We
fought hard to gain these rights. . .
If anyone chooses to act in a way
that directly violates [our rights],
were going to take action.
Telstra and the AFL first took
News Limited to court after their
requests to remove the offending
hyperlinks from the AdelaideNow,
Courier Mail, Daily Telegraph,Herald Sun and PerthNow Web
sites in May and June 2008 fell on
deaf ears. In the end, it was the
broadcasting behemoth YouTube
who agreed to remove the infring-
ing video clips.
The Federal Court Orders
should serve as a warning to
ensure that the exclusive new
media rights that Telstra holds
for premier Australian sports are
respected, said Justin Milne,
group managing director, Telstra
media.
If third parties are allowed to
undermine these agreements, it
undermines the value of future
media rights and jeopardises rev-
enues that the AFL invests in thefuture of the game.
While the full details of the court
settlement remain confidential,
News Limited has agreed never
again to provide hyperlinks to
infringing AFL footage on YouTube
or other related Web sites.
The AFL uses the revenue from
media rights to support all AFL
clubs and improve club facilities.
Emma McKinnon
MySQL co-founderquits SunMichael Monty Widenius, the
original developer of the open-
source MySQL database, has left
Sun Microsystems and is starting
his own company, Monty Program
Ab, he said in a blog post on Feb 5.Widenius and Sun had a slightly
rocky relationship since the vendor
bought MySQL last year for US$1 bil-
lion. In a much-discussed November
blog post, he trashed Suns decision
to give MySQL 5.1 a generally avail-
able designation, saying it was rid-
dled with serious bugs.
In a December interview with
IDG News Service, Marten Mickos,
senior vice president of Suns data-
base group, downplayed Widenius
criticisms, saying that at an open-
source-oriented company like Sun,
people are free to blog about what
they want.
And now in his latest blog post,
Widenius revealed what was hap-
pening in the months prior to his
departure, and what he plans to
do now.
Rumours that Widenius would
resign were circulating around
August and September last year, he
wrote. Widenius acknowledged that
he told Sun management he would
submit his resignation immediatelybecause he strongly believed that
the 5.1 release was not ready and
that those problems needed to be
fixed before it went GA.
Widenius ultimately agreed to
stay for three more months to help
Sun work out things in MySQL
Development and also give Sun a
chance to create an optimal role
for me within Sun.
That ended up lasting a few
more months, and the changes I
had hoped Sun would apply to in
the MySQL Database group to fix
our development and community
problems did not happen fast
enough, he wrote.
Meanwhile, Monty Program Ab
will be a true open-source com-
pany, with only a small number of
employees who strive to have fun
together and share the profit we
create. The company will work on
the Maria project, a storage engine
Widenius and others developed
Chris Kanaracus
Flying docs pilot firstnational e-health databaseRegional sites united after 80 years
The Royal Flying Doctor Service (RFDS) is deploying whatmay be the first national e-health records managementsystem to unify disparate medical databases across its
four regional sites.The RFDS was established in 1928 as the Area Medical
Service and provides not-for-profit aero-medical and pri-
mary healthcare to regional and remote Australia. It con-sists of four independent divisions, with 25 sites and 776staff, and services all but the upper region of the Northern
Territory.Speaking at an e-health summit in Sydney, RFDS
national and sectional ICT manager Gary Oldman said the
$2.9 million government-funded e-health records systemwill replace siloed databases and manual processesthroughout the organisation.
Electronic records are being deployed to otherregions [following] the success of the first roll out in ourSouth East [division], Oldman said, adding it will be the
first time the RFDS sites have cooperated in
80 years.[Other regions] have separate databases
in their laptops without central storage. . .
There are problems with remote access andretrieving patient data after-hours.
We want to end-up with a single national
medical identifier, but [RFDS] is split intolegally separate entities. We will use separateidentifiers for now.
The national deployment, dubbed E-Healthfor Remote Australia (EHRA), will mirror theinitial e-health system deployment which cen-
tralised nine isolated databases.It is expected that the Medical Doctor con-
tent management database will be installedon all RFDS laptops to facilitate central storage of medicaldata using Telstras Next G mobile network. A replication
feature allows data uploads to be delayed during coverageblack spots in remote areas.
Oldman said the transition to EHRA will be a huge
challenge for some RFDS sites, but is confident of meet-ing the February 2010 completion date thanks to therecruitment of a dedicated project manager, extensive
system testing and scheduled staff training.Staff from the South East division are already calling
for more complex data such as X-rays to be included in
the database, which holds more than 14,000 client details.The South East wing employs 165 staff including
doctors, nurses, and specialist clinicians, receives some
5000 calls a year, and is the only division to cross threestate boundaries. Oldman said the federal government willsoon reform laws that require its clinicians to hold medical
licences for each state.Funding for EHRA was granted by the Howard govern-
ment under its Clever Networks initiative.
The RFDS last year flew more than 23 million kilome-tres in 51 aircraft, performed almost 36,000 aerial evacua-tions and helped 132,524 patients. Darren Pauli
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
5/32
NewsFebruary 2009 | www.computerworld.com.au | 5
Privacy group calls Google Latitudea danger to securityUpgrade to Google Maps lets friends,family, employers know ones every move
A privacy group is calling Googles new mapping application an unnecessary
danger to users security and privacy.The criticism comes almost immediately after Google unveiled Google
Latitude, an upgrade to Google Maps that allows people to
track the exact location of friends or family through theirmobile devices. Google Latitude not only shows the locationof friends, but it can also be used to contact them via SMS,
Google Talk or Gmail.Privacy International is raising a red flag about the tech-
nology. Many people will see Latitude as a cool product,
but the reality is that Google has yet again failed to deliverstrong privacy and security, said Simon Davies, the directorof London-based Privacy International.
The company has a long way to go before it can capture the trust of phoneusers. As it stands right now, Latitude could be a gift to stalkers, prying employ-ers, jealous partners and obsessive friends. The dangers to a users privacy
and security are as limitless as the imagination of those who would abuse thistechnology.
Google, responding to Computerworldquestions in an e-mail, said their
engineers and designers took privacy and security concerns into account whenthey were creating Google Latitude.
Concerns have been raised about the possibility of the product being
installed onto someones mobile phone covertly, said a Google spokeswoman.
While many of the scenarios that have been described are unlikely, we take thisissue seriously and always listen to feedback from our users. We already havea safety feature working on certain mobile devices that actively alerts users that
Latitude is running and we are in the process of extending this notification toother mobile platforms supporting Google Latitude.
Privacy International, in an online posting, expressed concern that Google
Latitude lacks sufficient safeguards to keep someone from surreptitiously optingin to the tracking feature on someone elses device. The problem arises when
someone can gain physical access to anothers mobile phone.
The privacy group added that the only way to reduce thisthreat is to have a regular message pop up on the phone,reminding the user that Latitude is in use.
Googles spokeswoman noted that the message thatpops on BlackBerry devices is engaged when Latitude hasbeen installed but not been used for a while.
That doesnt appear to be an adequate safeguard forthe privacy group, which said in a written statement, If the
tracked party is unaware that her phone has been enabled, the Latitude settings
could indefinitely be set to continuous tracking, thus ensuring that the alert mes-sage is never sent from Google.
Dan Olds, principal analyst at Gabriel Consulting Group, said the Google
tool is interesting even if there are obvious potential privacy issues when peopleknow your every move.
Olds added that people need to think through who can access such per-
sonal information. Users need to understand how to do it and why they prob-ably dont want to constantly broadcast their locations to the world at large,he said. Sharon Gaudin
http://www.apc.com/promo8/14/2019 The Grill: (ISC) 2s W Hord Tipton
6/32
News6 | www.computerworld.com.au | February 2009
Lenovo CEO resignsas PC maker postsUS$97M lossWilliam Amelio resigned from
his job as president and CEO at
Lenovo Group after the PC maker
reported a US$97 million loss for
the last three months of 2008.
Amelio, a former Dell execu-tive, had led a broad restructuring
of Lenovos worldwide operations
since he took over as CEO in late
2005. Just last month, for example,
Lenovo said it planned to lay off
2500 workers, cut executive sala-
ries and combine its operations in
Russia and the Asia-Pacific region.
But the companys business
outlook has only grown worse
since then. In the announcement
of its latest financial results and
Amelios departure, Lenovo said
revenue declined 20% on a year-
to-year basis in its fiscal third quar-
ter, which ended Dec 31. And in a
filing submitted to the operator of
Hong Kongs stock exchange, the
company warned that it expects
the next several quarters [to]
remain very challenging for Lenovo
and the rest of the PC industry.
Lenovo said Amelios three-
year employment contract had
expired. He will work as an adviser
to the company through the end of
September, the company said in a
separate filing to the Hong Kong
exchange. Mr. Amelio confirmed
that he has no disagreement with
the board, and there are no matters
in respect of his resignation that
need to be brought to the attention
of the shareholders of the com-
pany, Lenovo wrote in that filing.But the sudden nature of
Amelios departure caught many
Lenovo watchers by surprise.
They said he had a three-year
contract, but that just raises the
question of why they didnt renew
it, said Bryan Ma, an analyst at
the Asia-Pacific unit of market
research firm IDC.
Amelio is being replaced as
CEO by Yang Yuanqing, who was
Lenovos CEO from 2001 to 2004
and has been its chairman since
then. Liu Chuanzhi, Lenovos
founder and chairman prior to
Yang, will now re-assume that posi-
tion at the company. Rory Read,
who had been Lenovos senior
vice president of global operations,
is being promoted to president and
chief operating officer.
Lenovo said its third-quarter
results were hurt primarily by
a slowdown in the Chinese PC
market, which accounted for
almost half of its sales in the quar-
ter. Shipments in China during the
third quarter fell 7% compared with
the same period a year earlier,
according to Lenovo, which said
that its new management team
plans to focus more closely on
China in an effort to boost sales
there.
Amelio is the second AmericanCEO to step down since Lenovo
acquired IBMs PC division in 2005
and moved its corporate head-
quarters to the US. His predeces-
sor, Stephen Ward, who became
CEO immediately following the
acquisition, resigned later that
year. Sumner Lemon
Fannie Mae engineerindicted for plantingserver bombA former Unix engineer for the
US Federal National Mortgage
Association, better known as
Fannie Mae, has been accused
of planting malicious code on the
corporations network that was to
destroy and alter all of the data
on the companys servers.
Rajendrasinh Babubhai Mak-
wana, 35, was indicted on Feb 3
by a US federal court on a single
charge of computer intrusion.
Makwana, an employee for
OmniTech Systems, was let go
from his contract position at one
of Fannie Maes data centres on
Oct 24, 2008, after he had erro-
neously created a computer script
that changed the settings on the
Unix servers without the proper
authority of his supervisor, reada complaint sworn by FBI Special
Agent Jessica Nye. Makwana had
created that settings-changing
script on Oct 10 or Oct 11, Nye
said, as much as two weeks before
he was fired.
Within 90 minutes of being told
he was terminated on Oct 24, and
several hours before his access to
the Fannie Mae network was disa-
bled later that evening, Makwana
embedded a malicious script in a
legitimate script that ran on Fannie
Maes network every morning, Nye
said in her affidavit.
The malicious script was set to
trigger Jan 31 but was discovered
by another Fannie Mae engineer
just five days after Makwana was
fired. According to the criminal
complaint filed in US District Court,
Makwana tried to hide the mali-
cious script by inserting a page
of blank lines at the bottom of the
legitimate script.
It was only by chance that [the
Fannie Mae engineer] scrolleddown to the bottom of the legiti-
mate script to discover the mali-
cious script, the complaint read.
If the malicious script had
gone undiscovered, it would have
disabled monitoring alerts and all
logins, deleted the root passwords
to the approximately 4000 servers
that Fannie Mae operates, then
erased all data and backup data
on those servers by overwriting
with zeros.
Finally, this script would power
off all servers, disabling the abil-
ity to remotely turn on a server,
said the governments complaint.
Subsequently, the only way to turn
the servers back on was physically
getting to a data centre.
The script would have caused
millions of dollars in damage and
reduced if not shutdown [sic]
operations at [Fannie Mae] for at
least one week if it had not been
found before the trigger date, the
complaint said. Gregg Keizer
HTC launches first Androidphone in AustraliaDream available on the Optusnetwork from 16 Feb
HTC has partnered with Optus to release the first mobile
phone in Australia based on Googles Android platform,the Dream.
Boasting a large touch screen and an intuitive user
interface, HTCs Dream is set to target early adoptersrather than typical consumers or business users. The opensource Android operating system is the key feature, along
with instant access to a range of Internet services includ-ing the suite of Google applications Gmail, GoogleMaps, Google Talk, Google Calendar and Google Search.
The Dream will be available from the 16 Feb on a rangeof Optus plans. It will not be sold outright, though Optushas confirmed the handset will not be network locked.
Despite Optus being the only carrier to launch the Dream,there is no exclusivity period.
The Dream will be available to purchase on four plans,
including two timeless plans. A $59 Internet Cap planincludes $350 worth of calls and text and 500MB of data,while a $79 Internet Cap plan includes $550 worth of calls,
unlimited text and 700MB of data. Two timeless plans offer1.5GB ($113.95 per month) and 3GB ($129) data allow-ances respectively.
Optus offers all plans on either 12 or 24 month con-tracts, with monthly handset repayments differing depend-ing on the length of the plan. For more information on
these plans, check out www.optus.com.au/dream.Optus confirmed the Dream will not run on its 900MHz
3G network, and will instead operate only on the 2100MHz
band. Key features of the touch screenequipped Dreaminclude a full, slide-out QWERTY keyboard, 3G connectiv-ity and a 3.2-megapixel camera. It also features Wi-Fi,
Bluetooth and a navigational trackball, as well as access tothe Android Market, where users can download a variety ofapplications. Ross Catanzariti
HTCs Dreamphone
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
7/32
INVENT YOUR FUTURE.
Get Certified!
Exam Registration Deadline: 8 April 2009
Exam Date: 13 June 2009
Visit www.isaca.org/cwaustralia.
http://www.isaca.org/cwaustraliahttp://www.isaca.org/cwaustralia8/14/2019 The Grill: (ISC) 2s W Hord Tipton
8/32
News Analysis8 | www.computerworld.com.au | February 2009
Windows 7 to besold in six versionsAll Windows 7 editions to run on
netbooks as Microsoft returns to theversioning strategy it employed for XP
Eric Lai
LOOKING TO ANSWER COMPLAINTS about the prolifera-tion of Windows flavours, Microsoft said that it will generally
deploy two primary versions of Windows 7, although it will still
offer six editions for sale.
The two main editions will be Windows 7 Home Premium for
consumers and Windows 7 Professional for business users.
The first change in Windows 7 was to make sure that editions
of Windows 7 are a superset of one another. That is to say, as cus-
tomers upgrade from one version to the next, they keep all features
and functionality from the previous edition, Mike Ybarra, Microsoft
general manager for Windows, was quoted as saying in a Q&A on
Microsofts PressPass public relations Web site.
That decision represents a return to the version structure that
Microsoft used for Windows XP.
As for the decision to focus on just two versions, Ybarra said: We think
those two SKUs [stock-keeping units] will meet most customers needs.
Home Premium will give consumers a full-function PC experience and
a visually rich environment in everything from the way they experience
entertainment to the way they connect their devices, he said. Windows
7 Professional is the recommended choice for small businesses and
for people who work at home but have to operate in an IT-managed or
business environment where security and productivity are critical. For
those running Windows Vista Business, it will be a very logical move toWindows 7 Professional.
Starter to UltimateAltogether, the company will still offer six main editions of Windows 7,
not including the special N versions that lack Windows Media Player, a
move mandated for customers in the European Union. Thats the same
number of versions as in Windows Vista and XP, which both came in six
basic editions plus two EU-mandated N versions.
A Microsoft spokesperson confirmed that the company will continue
to offer N SKUs of Windows 7 for the EU but declined to say how many
would be offered. But the Home Basic version that is at the heart of the
ongoing Vista Capable lawsuits will be exiled to emerging markets.
With Windows 7, the lowest-end version consumers in the developed
world will see will be the Windows 7 Starter Edition, which Ybarra said
will become available worldwide for pre-installation on new PCs limited
to specific types of hardware. That hardware would include netbooks,
according to a separate PressPass Q&A with Brad Brooks, Microsofts
corporate vice president for Windows consumer product marketing.
In addition, there will also be Enterprise and Ultimate versions, which
both existed in Windows Vista. Enterprise includes all of Professionals
features and then some, and it will only be available to large corporate
customers.
Windows 7 DVDs will continue to include the code for all versions of
the operating system. That means users with a licence for Starter Edition,
for instance, can do an Anytime Upgrade all the way up to Ultimate by
visiting Microsofts Web site and paying. Users can then upgrade their
PCs using the original Windows 7 DVD in a matter of minutes, according
to Microsoft.
Microsoft also plans to offer upgrade pricing for XP users looking to
move to Windows 7, but they will be required to do a clean install of the
new operating system.
Logical LineupWindows blogger Paul Thurrott applauded Microsofts strategy, saying it
is less about trying to achieve a Mac OS X-like minimalism Apples
operating system comes in a single version than to create a logical
lineup. In Vista, some supposedly higher-end versions of the operatingsystem lacked features that lower-end versions possessed, and vice
versa.
I think that confused people and made them mad, he said. That has
been cleaned up in Windows 7, he said, so that each version is a super-
set of the one below it. That means Windows 7 Ultimate will come with
every feature, including supposedly enterprise-oriented ones, which was
not true in Vista, Thurrott said. Microsoft did not disclose prices for each
version. Thats the missing piece, he said. If Microsoft does the right
thing there, with the stinking economy, then this is all good news.
Microsoft has no plans to bring back the Media Center and Tablet
editions that were part of the XP lineup, according to Thurrott, who was
briefed by Microsoft. Media Center features, for instance, will be available
in all versions from Home Premium and up, including business-oriented
flavours such as Professional and Enterprise.
Windows 7 Starter will restrict users from opening more than three
applications at a time. It will also lack multimedia features such as the
Aero Glass user interface, native DVD video playback and authoring, and
support for multiple monitors.
Home Basic will actually include more features than Starter, though
it too will lack Aero and Media Center and DVD playback, according to a
chart seen by Computerworld.
Home Premium includes all of the above features, plus the new
Windows Touch support. Professional includes all of Home Premiums
features, plus business-oriented networking and security functions, such
as file system encryption and group policy controls. Windows 7 Enterprise
and Ultimate will have identical feature sets, according to the chart.
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
9/32
Security Without Compromisefrom a single appliance
SECURITY THREATS AREstrategic and take a multi-
layered approach to attacking
network systems. Some of the
more sophisticated network
security threats are symbiotic
in nature. In some instancesthese exploits go by unnoticed
for long periods of time, and
once they are identified, the
damage is done.
Network security must
not only address the
known threats, but must
protect businesses from the
unknown. A pre-emptive
approach is vital for organisa-tions as they expand their
network-based application
structure and reliance on
information passed and
obtained through the
Internet. The need for data
protection and business
sustainability increases
exponentially as more
information is transferred
across workstations, businessnetworks, partner portals,
and the Internet.
Unified ThreatManagement
The unified threat manage-
ment (UTM) space evolved
out of the need for IT security
to both address the evolv-
ing threats and support
expanding business require-ments. Basic firewall protec-
tion was not enough for most
companies, and to expand
protection with siloed
security products was costly.
As a result, unified threat
management (UTM) solutions
offer multiple security
solutions in a single platform,
allowing organisations to
implement cost effectivesecurity for their network.
Learn more about how
you can reduce costs, while
simplifying your defence
against Internet-based
threats to your network with
unified threat management
(UTM) from IBM.
Call the world leader in
security IBM or their specialist
security partner Southern Cross
on 1800 804 203 and secure
your network from only $2,198
Call the world leader insecurity IBM or their specialistsecurity partner Southern Crosson 1800 804 203 and secure your
network from only $2,198
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
10/32
News Analysis10 | www.computerworld.com.au | February 2009
IN JANUARY THIS YEAR more than 500 Linux and open sourceenthusiasts descended on Hobart in Tasmania for Linux.conf.au, one
of the most popular open source software conferences in the world.
Computerworlds Rodney Gedda was there to cover the event and dis-
cover the latest developments in Linux and open source software and
what the advancement will mean for IT departments.
One noteworthy aspect of this years event was the inroads that Linux
and open source software are making in the business world. Many of this
years attendees were from enterprise and government organisations,
and the content catered for them well.
Exchange compatibility coming to LinuxRecent developments in the OpenChange and KDE open source projects
are set to bridge a missing link in messaging and groupware compat-
ibility from Microsofts Exchange to open source clients.
Canberra-based OpenChange and KDE developer Brad Hards
said the ultimate goal of the OpenChange project is to implement the
Microsoft Exchange protocols that are used by Outlook.
In my workplace a major government department that shall remain
nameless the main dependency on Outlook and Exchange is not mail,
but seeing other peoples calendars and making shared appointments.
You cant get appointments with some people unless you send them
invitations.
OpenChange has client- and server-side libraries for Exchange inte-
gration and relies heavily on code developed for Samba 4. It is open
source software licensed under the GPL version 3.
Hards said more work is being done on the client side and we have
code for the server, but estimates another 12 months of development is
required to produce an OpenChange server ready for production.
Active Directory comes to Linux with Samba 4Enterprise networks now have an alternative choice to Microsoft Active
Directory (AD) servers, with the open source Samba project aiming for
feature parity with the forthcoming release of version 4, according to
Canberra-based Samba developer Andrew Bartlett.
Bartlett said Samba 4 is aiming to be a replacement for AD by provid-
ing a free software implementation of Microsofts custom protocols.
Because AD is far more than LDAP and Kerberos Samba 4 is not
only about developing with Microsofts customisation of those protocols,
Bartlett said, it is also about moving the project beyond simply providing
an NT 4 compatible domain manager.
Over the past year, Samba 4 has added multi-master replica-
tion leveraging OpenLDAP, making Samba no longer a single-server
implementation.
Samba also changed its scripting language to Python, which Bartlett
said should be easier for administrators, and there are bindings for other
On the scene: Linux.conf.au 2009As open source enthusiasts descended on Hobart for this years Linux.conf.au
event one thing was clear: open source is maturing in the enterpriseRodney Gedda
http://linux.conf.au/http://linux.conf.au/8/14/2019 The Grill: (ISC) 2s W Hord Tipton
11/32
News AnalysisFebruary 2009 | www.computerworld.com.au | 11
tools. Bartlett also said Samba 4 has had a
lot of input from system administrators, but
still needs more help.
Microsoft has also provided a copy of its
AD schema which can be worked around by
the Samba team.
Linux virtualisation battlesfor hacker interestIf the Linux virtualisation space wasnt heated
enough, the open source hypervisors Kernel
Virtual Machine (KVM) and Xen are now
battling it out for independent developer inter-
est, according to Xen hacker Simon Horms
Horman.
While Xen has attracted a lot of commer-
cial support from big-name software vendors
like Citrix, Novell and Oracle, Horms believes
it is losing its appeal to and contributions
from independent kernel developers due
to sheer geek value.
Its the nature of the maturity of a technology. The developers are
drawn to the bleeding edge, Horms said. There are a lot more interest-
ing things happening in the KVM space now.
He said Xen is more mature so if a business is going to deploy virtuali-
sation software now it will be either Xen or VMware; however, if you are
looking at the future KVM is in a strong position because of the way it
is already integrated into the Linux kernel.
Horms said it could take another six months to a year before Xen gets
into the mainline kernel.
Xen is working to strip out the need for a full-blown Linux instance,
Horms said, and the idea is to shrink it to make it easer to trust it.
A new Linux for netbooks with Ubuntu mobile
The Ubuntu Mobile operating system is undergoing its most radicalchange with a port to the ARM processor for Internet devices and net-
books, and may use Nokias LGPL Qt development environment as an
alternative to GNOME.
Canonicals David Mandala said Ubuntu Mobile has changed a lot
over the past year and now includes netbook devices in addition to MIDs
and the ARM port.
Ubuntu Mobile uses the GNOME Mobile (Hildon framework) instead
of a full GNOME desktop, but since Nokia open-sourced Qt under the
LGPL it may consider this as an alternative.
The KDE stuff and Qt is getting LGPL which will change the whole
space. So watch this space as it is changing dramatically. We will chose
the best tool.
Mandala said some of the KDE apps fit on the smaller screens well. I
cant say anything about KDE at this point, but who would have thought
Qt would go LGPL? he said.
Ubuntu Mobile for netbooks will also get its own distribution in line
with the release of Jaunty Jackalope in April 2009.
Wikipedia and Google shed lighton tech developmentsThe proliferation of standards-based video sharing and collaboration is
set to take off with a $US100,000 grant from the Mozilla Foundation to
fund the development of the Ogg Theora video codec and server-side
streaming software.
Wikimedia developer Michael Dale announced the sponsorship during
a presentation on Wikipedias video content initiatives at the conference.
The $100,000 grant is a six-month project for Ogg Theora encoder
enhancements, improvements to network seeking, and client and server
libraries which will end up in Firefox and MediaWiki.
Aussie software is helping to bring video to Wikipedia. Annodex, the
software being used to power Wikipedias collaborative video sharing,
has its origins at the CSIRO.
Australian Annodex developer Conrad Parker will spend one day a
week working on the server-side seeking support to improve the speed
of doing network seeking as a result of the Mozilla funding.
Ill be improving network seeking in general, Parker said, adding he
will collaborate with the W3C media fragments working group to help
develop the open standard.
Google ramps up IPv6 mission
Google has begun preaching the wonders of IPv6 in the hope moreawareness will help expedite the transition from the legacy IPv4 net-
works most people use today.
Senior Google software engineer Angus Lees recalled how Googles
IPv6 efforts started as a covert, hobbyist project about two years ago and
has gained enough momentum that a AAAA record for google.com could
be added to Googles DNS in a year.
Lees biggest challenge is how to make any IPv6-supported services
completely transparent to end-users. The content will be the same, but
running over IPv6 instead of IPv4.
Google has had an IPv6-only search site at ipv6.google.com for the best
part of a year, but only just announced its IPv6 whitelist at google.com/ipv6.
Locally, Lees said AARNet has expressed interest in joining the whitelist, so
people on AARNet should be able to access Googles IPv6 site.
As for the death of IPv4, Lees was pragmatic: We will never turn off
IPv4 so long as people are still using it.
All for charity, the great Linux shaveAt this years conference the attendees participated in a charity auc-
tion to raise money for the Save the Tasmanian Devil foundation. An
award-winning photo taken by Bdale Garbees wife was auctioned at
the Penguin Dinner. A bidder offered $5000 for the painting if Garbee,
the Linux CTO at HP, shaved his 27-year-old beard off. It was then
extrapolated by Garbee and other bidders that if the total money raised
exceeded $25,000 then Linus Torvalds would shave Garbees beard. As
it turned out, the total money raised was pushing $40,000 by the last day
of the conference. The the great shave was on!
Clockwise from left: Paul Rusty Russell talks Tuz in Linux; the crowd for the keynote; BdaleGarbee and Linus Torvalds both clean shaven; Andrew Bartlett prepares to talk about Samba 4
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
12/32
The Grill12 | www.computerworld.com.au | February 2009
GRILL
THE
W Hord Tipton
The International Information Systems SecurityCertification Consortium, or (ISC)2, is a nonprofit organisation that
educates and certifies information security professionals. W Hord
Tipton has been promoting (ISC)2s new certification, the Certified
Secure Software Lifecycle Professional, or CSSLP.
Whats your primary mission as the new executive director of
(ISC)2?
I want to bring together the [various technology security organisa-
tions], so when were delivering a message in this complex world,
were speaking as more of a single voice. Too often, the organi-
sations think were competitors, when in 80% to 90% of what we
do, were not competitors at all. We have a lot of similarities, even
with the different credentials and acronyms. Microsoft has their
gold standard. HP, Cisco all have their [certifications]. SANS has
theirs. And Ive been talking with the directors of these to come up
with some better ways to work together so were all on the same
side to promote IT security.
W Hord Tipton of (ISC)2The (ISC)2 executive director talks about designing security software,compensating for human error and pulling together to beat the bad guys
Mary K Pratt
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
13/32
The GrillFebruary 2009 | www.computerworld.com.au | 13
Given all the information about
computer security, we still see some
pretty significant breaches. Why
arent we further ahead?
Its all about software. Why has it taken
so long to recognise that something
different has to be done to eliminate
what in many cases are easy pathsinto these [systems]? My theory is if
we move a little faster, obtain some
synergy working together, then maybe
we can have time to think ahead and
put prevention methods in place. We
have tools to do this, but we either dont
think ahead or people cant afford them
or they havent been deployed; they just
get overlooked.
Thats our thinking with the new
credential were launching. Everyone
at this point recognises that much of
the issue is around human errors
lost passwords, phishing, etc. These
are just the result of people not being
aware, properly trained or educated in
things to look out for. So we need to
adjust the balance between software
that maintains functionality but at the
same time is more ingrained with secu-
rity protection.
Are you saying that security in
software needs to protect against
human error and carelessness?
I am saying a balance is needed
between user-friendliness, functional-ity, controls and edit checks built into
the software. Software can do much
more to help avoid human error and
improper-access violations. These mis-
takes never show up in a security vul-
nerability scan.
Who are the leading threats to enterprise security, and what exactly
are they after?
At this point, its more than just bragging to your buddies about messing
up someones Web site. Its a complete criminal enterprise. They have
resources and can hire very sharp people to do their evil work. Its hard to
keep up with them. Thats why a lot of the shift is to protect the financial
interests. Thats where it seems the threats and the attacks have shifted to.
How are they getting into computer systems?
Fifty percent of the attacks are Web-based at this point. And PDAs and
mobile computing devices are real targets too. Those are about 13%.
How do the threats to enterprise security differ from those posed to
the individual computer user?
Theyre actually connected. They go after individual computers. Youre
familiar with the botnet piece of it, where individual computers become
a network of a 100,000 or so where you have massive computing power.
The botnets are used primarily for mass distribution of spam and mal-
ware, and sometimes DDOS [distributed denial-of-service] attacks. A
credit card number could be picked up
along the way, since the computer is
captured and many of us have financial
programs on our PCs. But most of the
credit card and Social Security numbers
come from large breaches from institu-
tional sources. That is when bundling
of card packages occurs and profitingbegins. These are generally the work of
organised professionals.
The concern has been that security
is an afterthought. How do you get IT
leaders to stop tacking on security at
the end of the software development
lifecycle and instead consider it from
the start?
We need to talk to developers at the very
beginning of the conception stage. Right
now, you have modules of security that
are in a library. So if you can reuse those
objects in your application, you save a lot
of time. And in many cases, theyre very
thoroughly vetted models, but they may
not be the solution to all issues. So you
need someone at the front end to remind
developers what youre trying to protect
and to ask intelligent questions as the
software evolves.
Once the software gets turned over
to the programmers, theyre operating
on different incentives and motivations.
They have locked-down budgets, the
rush to market begins, and if someone
comes in and asks, Have you designedin there the need for input validation?
for example, its too late. It will cost extra
money and will slow things down.
And [the software] has to be deployed
correctly. There needs to be a change
configuration management process in
place that at least has someone aware of how the software evolved and
[that] if you change something in one place in the application, that might
introduce a vulnerability in another place.
This is what we need to make sure the CIOs [and] the CFOs under-
stand. Once its made clear to them what risk they entertain by doing cer-
tain shortcuts, it makes it easier for them to understand why they need to
spend the extra time and resources to produce a quality, secure product.
What do you think the enterprise security landscape will look like
in five years?
We should be thinking about whats going to be happening in encrypt-
ing. Well probably have quantum computing in not too many years, and
encryption codes that now would take 100 years to break can be broken
in a few minutes if you have the capability of quantum computing. So
there has to be some thinking on how we deal with things in light of new
computing.
So in five years, security will still be a big issue in IT?
Absolutely. Thats why I think theres such a growing need for security
professionals. Its what I see as the No. 1 recruitable position.
DossierName: W Hord Tipton
Title: Executive director, (ISC)2
Location: Palm Harbor, Florida
Favourite place: Alaska. Its wild, its verythinly populated, and it has great fishing andgreat hunting and all the outdoor things I like
to do. Ive been all the way from Juneau tothe Arctic Circle. Dream job: Sea kayakingtour guide in the Discovery Islands, east of
Vancouver Island, Canada.
Best workday ever: When I was [CIO in the USDepartment of the Interior] and the White House
determined that our IT architecture was the bestin government and a best practice. That was in
2005. It was so significant to me because whenI went into the job, it was the lowest-ranked ingovernment.
Favourite technology: It has to be computers.
Ive built 19 of them and a couple of servers;thats my hobby.
When he retires: I retired [from the Interior
Department in 2007]. I fished, I golfed, Ihunted, I worked 20 hours a week consulting.I liked that. Ill probably do it again unless
another exciting job like this pops up.
Favourite nonwork pastime: Thats easy:
playing with my granddaughter. Shes seven.
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
14/32
Opinion14 | www.computerworld.com.au | February 2009
aul Mngevaldson
SH RKTANK
Got a problem? Turn to IT
University IT department rolls out a new Webportal to simplify access to the schools various
information systems, reports a techie workingon the project. We marketed the heck out ofthe Web portal, purchasing balloons, mouse
pads and custom M&Ms, he says. To furtherfoster adoption, we put up a suggestion boxon the log-in page, asking for improvements
users would like to see on the new portal. Oneof our female students responded with thefollowing: I think hooks on the inside of the
bathroom stall doors would be beneficial to
students. At least for the women.
Why IT loves HRThis IT tech has worked his way throughuniversity at a supermarket chain, but with his
new IT degree, he applies for a job at an insur-ance company. One Friday afternoon at thesupermarket, the personnel department at the
insurance company called and asked me if Icould start Monday, he says. I explained thatI had given my word to the supermarket that I
would give two weeks notice. They said if notMonday, the offer would be withdrawn. Fast-forward two weeks: Personnel calls again.
Same scenario, Monday or else. I kind of liked
the supermarket job anyway. Fast-forward
another two weeks. Personnel called again.This time, they asked if I could give two weeks
notice and start two weeks from Monday. Weagreed, and two weeks later I went to work.First words from my new boss: I dont know
what took so long. We really could have usedyou a month ago.
Just one more thingIts time for this IT techs annual review. I getcalled into the bosss office, and we go over
the review, says tech. Our review is based ona 1-to-5 scale, where 3 is adequate, 1 is aboveand beyond the call of duty, and 5 means you
stink. Im getting nothing but 1s and 2s, andIm feeling pretty good. Boss asks, Any ques-tions? I say, Nope. Boss says, I have to lay
you off. I do a trout imitation.
Automation, redefinedWhile chatting with the manager of a depart-ment that prepares daily operation reports,this IT worker comments, With all your new
software, I would imagine that all of yourreports are automated now. Replies manager,Oh, yes, we dont do anything manually any-
more. We copy and paste everything now!
Happy now?
This IT worker writes a program to check activityon a particular server, then starts it up and leaves
it running. Results? The software to monitorthe server for errors had stopped working twomonths before, he says. The software to moni-
tor the server for intruders had stopped workingfour months before, and nobody had noticed.The server had several rogue sessions taking
up resources and slowing it down. The e-mailsystem had a stuck message in it. The networkhad an intermittent fault. The only thing working
properly was my program. A number of teamshad to sort out the errors and explain why theywere not picked up. Lets just say I am not the
most popular person with them at the moment.
Oops!This IT worker and his cohorts have worked out asystem for identifying laid-off co-workers. And itsreliable. . . mostly. We generally found out that a
colleague had been fired when we tried to call theperson and the office phone number no longerworked, he says. Things got a bit tense one day
when the phone system went on the fritz.
Send your true tales of IT life to sharky@com-
puterworld.com
Top 10 qualities of a great IT shopThe 10 most important practices to look for if moving to a new company or evaluating an ITshop as a consultant
NO TWO IT SHOPS CONDUCT BUSINESS IN THE SAME WAY: CIOsreport to various executives, project approval processes are all over theboard, and personnel policies are vastly different. Unlike other profes-
sions, IT doesnt seem to have a common set of basic principles acrosscompanies.
But some best practices have bubbled to the top. If I were anticipat-
ing a move to a new company or evaluating an IT shop as a consultant,here are the most important practices Id be looking for:
1. The CIO reports to the CEO or, at least, the chief operating
officer. This is vital to the success of the IT department. It gives the CIOclout and ensures ITs independence.
2. There is an IT steering committee composed of C-level execu-
tives from the business units. The executives make their decisionsbased on some set of priorities and criteria such as ROI. The committeeis necessary to ensure that allocation decisions are made in the inter-
ests of the entire company, not of an individual department.3. The IT shop uses up-to-date software and hardware. It should
also have reasonable policies for PC software upgrades and other regu-
lar system updates. In addition, the company should be spending anappropriate percentage of corporate revenue on IT. This indicates thecompanys level of commitment to IT.
4. There is a high-visibility system security team. Since security isone of the most vulnerable areas of IT, it must be well managed.
5. There is an ongoing disaster recovery process involving
users, and a documented recovery plan that is tested regularly.Commitment to security and disaster recovery indicates the importanceof IT to senior management.
6. There is an ongoing commitment to training to keep IT staffers
up to date. This should include attendance at technology conventionsas well as training seminars and industry events. If there is a lack of
training and a parallel use of consultants, you know that the focus isnot on in-house staff.
7. There is rigid adherence to some system development lifecy-
cle (SDLC) that is understood by IT and the user community alike.(Knowing how IT works helps users interact with IT more effectively.)Any of several SDLC plans may be used, depending on the type of project,
but the process of selecting the approach should be documented. Thisgives you some insight into the professionalism of the IT organisation.
8. There are established technical and managerial career paths
that enable workers to remain technical and achieve higher pay and
status within the organisation. This is the only way to retain top techni-cal people who have no interest in managing others.
9. IT produces, at minimum, a monthly status report that shows
progress on all major IT projects. This document should be widelydistributed throughout the company. Its existence shows the level of
interest of IT within the organisation.10. IT sits at the long-range planning table and participates. If
this is lacking, it is a sure sign that IT is looked at as an implementer
and not an enabler.These are the things I would look for in a top IT shop. I have seen many
shops that follow some of these practices, but few that follow all of them.
Paul M Ingevaldson retired as CIO at Ace Hardware in 2004
after 40 years in the IT business
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
15/32
OpinionFebruary 2009 | www.computerworld.com.au | 15
Paul Glen
AndreasAntonopoulos
Panic and how to prevent itHow IT managers should confront todays reality and tomorrows fears
THE YEAR AHEAD ISNT SHAPING UP TO BE A GOOD ONE FOR IT, to
say the least. As we settle into a recession, budgets are increasinglygoing to reflect the worsening business conditions. That means a year ormore of tough times for all of us. The sad reality is that more of us will
be looking for work in the next 12 months.And for those with jobs, its not going to be so pleasant either. When
times get tough, people feel stressed out, frazzled and nervous. Thats
not unreasonable. When people are faced with a combination of resourcelimits, personal insecurity and demands for productivity, emotionsrun high. There are no easy jobs left. Those of us lucky enough to be
employed have stressful jobs now.For managers, this represents a significant challenge. Stressed-out
knowledge workers do not perform at their best. Just when we need
people to focus and produce, they are distracted by the ugly realityoutside. You really cant expect people who are worried about their per-sonal financial security to completely shut out those thoughts in order
to concentrate on their work. But knowledge work requires exactly thatsort of composure.
To a degree, distraction is unavoidable. But as managers, we need to
do our best to help people stay on track and do that which is completelyunnatural: keep their eyes off their fears and on their work.
Doing this requires careful thinking about the emotional state of the
staff. Now more than ever, we need to realise that we are not managersof stuff, but of people who do stuff. We dont manage tasks; we managethe people who do those tasks. And people have emotions that affect
their performance.The most important emotional state to pay attention to right now is
panic. We have to help keep stressed-out staffers from becoming a pan-
icked mob. Stress may be unavoidable, but panic is not. As a consultant,
Ive seen lots of organisations and project teams under pressure. Somehave been composed and focused; some, stressed out; and others,panicked. Whats interesting is that the facts surrounding their work are
often similar. They are all under time and resource constraints, and manyare facing the same personal insecurity. But they respond differently.
Ive noticed that one of the key differences is in how the managers of
these groups respond to those facts. Managers who deny reality generallydont fare too well. Telling people, Theres no problem here; what are youworried about? usually convinces the staff that you are either an idiot or
a liar. Neither is a useful image. Managers who try to tell their peoplewhat they should or shouldnt feel about reality generally dont fare welleither. Telling people You shouldnt worry about this usually gets them
worrying. Managers who panic themselves are the most likely to inducepanic in their people.
The teams that do the best seem to be those whose managers openly
acknowledge reality and meet it with determination rather than trepida-tion. And how you respond is more important than anything you say.When you establish a common frame for reality and convince everyone
that you see the same challenges they do but are willing to take them on,you demonstrate the best response.
Having done that, you need to focus attention on the things you can
control on the activities that will give the best chance for success. Ifthose around you see the possibility of a better future and feel that theyhave the power to be part of creating it, they are most likely going to
respond well, no matter how challenging reality may be.
Paul Glen is the founder of the Geekleaders.com Web community
MY PREDICTIONS FOR INFORMATION SECURITY in 2009 are just pre-dictions, not recommendations. I am trying to guess what will happen,not suggesting what should. As always, take these with a grain of salt.
Though these predictions are based on primary research and many,many discussions with CSOs, they concern information security onlyand can be affected by external factors that are unpredictable (at least
by me). Case in point: My predictions for 2008 did not take into accounta severe downturn in the economy that was underway already at thebeginning of the year. Lets hope that my 2009 predictions also miss the
mark by assuming a continuation of economic difficulties that turn outto be less severe than predicted. Here goes:
Host-based security becomes the focus for 2009. The imminent
release of Windows 7 and the continued interest in Mac OS and Linuxas alternative desktops are once again focusing attention on operating-system and endpoint security.
Mobile security concerns and solutions grow. The Android andiPhone platforms continue to grow, and with them comes an ecosys-tem of independent application developers. With mobile platforms truly
becoming platforms for all kinds of new applications, security issuesare not far behind. 2009 could be the year of the first widespread securityscare on a mobile platform. Perhaps a rogue application? A Trojan?
Encryption grows. At-rest encryption of hard drives on all desk-top systems becomes the norm. Servers still lag behind. Encryption ofmobile-device storage starts getting interesting. And once again in 2009,
its still impossible to send an encrypted e-mail to someone without
making special arrangements in advance. Public-key infrastructure (PKI)encryption remains fragmented in small disconnected islands. Ugh.
No news is bad news. There are no new, high-profile, fast-spreading
mega-worms. The world rejoices at the defeat of malware. Meanwhilesuper-stealthy malware spreads further than ever before, and those inthe know quietly weep.
New botnets are discovered and theyre bigger than ever. The mal-ware industry feeds the ever-increasing botnet industry. As usual, mostof the innovation happens on the other side of the industry. Botnet
makers continue to build incredible distributed, encrypted, anonymous,unbreakable command-and-control systems. Who said there are noprofits to be made in 2009? If only BTNT was a publicly traded stock!
Regulatory compliance is back with a vengeance. All the scan-dals and Ponzi schemes you heard about in 2008 become subtitlesfor new regulations in 2009 and beyond. Regulations in hedge funds,
credit-default swaps and derivatives are just the beginning. A whole newindustry of auditors, special software and consultants rises up to meetthe challenge. You thought SOX was a pain? Just wait.
Security projects struggle for funding. It will take a lot of arguingto get a budget for more than upkeep in 2009. But wait, regulatory com-pliance comes to the rescue: Use compliance to push through budget
requests on everything. Its 2007 all over again!
Andreas Antonopoulos is a senior vice president and founding part-
ner at Nemertes Research, an independent technology research firm
Security predictions for 2009On botnets, encryption and mega-worms . . .
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
16/32
Storage16 | www.computerworld.com.au | February 2009
John Scumniotales
Cloud computing may be the answer for organisations looking to boosttheir server and storage utilisation rates without increasing the workforce
supporting those systems, says Nicholas Carr, author of The Big Switch:
Rewiring the World, From Edison to Google(WW Norton, 2008). Carr toldThomas Hoffman that he thinks the cloud will enable companies to lower
their capital equipment costs and reinvest IT money in other areas, such
as new product development.
Why should Fortune1000 CIOs trust the reliability of the cloud?
If you look overall at the records of Amazon.com and Salesforce.com,
theyre actually quite good. But theyre not perfect, and I dont think theyll
ever be perfect, any more than any companys internal systems are. But
I think what were going to see is that over time, the reliability of these
cloud systems is going to steadily increase. And eventually, if not already,
theyre going to be more reliable than the average companys systems
are.
Well see different things move to the cloud in different stages, and
one of the criteria will be, How reliable do you need this system to be?
For instance, I was speaking a few weeks ago to some federal gov-
ernment CIOs, including some from the intelligence community, and its
pretty clear that there are some sorts of systems that need to be basically
bulletproof. And I think its going to be a long time before companies and
governments are going to trust those types of applications to the cloud.
But from what weve seen already, whether its Amazons infrastructure or
various software-as-a-service offerings, even now, the reliability is good
enough for a lot of corporate applications.
Another top concern among IT execs is how to avoid getting locked
into a particular vendors cloud service. I think buyers should be worried
about lock-in. If were going to have the kind of interoperability and stand-
ardised data formats necessary to ensure fairly easy migration among
The Big Switch tocloud computingNicholas Carr touts reliability but fears vendor lock-in
Thomas Hoffman
Photo courtesy Jason Grow
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
17/32
StorageFebruary 2009 | www.computerworld.com.au | 17
vendors, its going to have to be the buyers pushing the vendors to move
in that direction. Unless the buyers make that a demand for doing busi-
ness with a vendor, I fear that well see a lot of vendors even if they talk
a good game about standardisation actually pursue strategies to make
it hard to get off their clouds, to quote Mick Jagger.
How concerned should CIOs be about the possibility of Microsoft,
Google and other heavyweights coming to dominate the cloud?
When we look ahead and try to figure out the ultimate structure of the
cloud or the computing utility industry, there are a lot of open questions.
But when we look at the infrastructure side, it certainly appears to be a
very capital-intensive operation. So were seeing companies like Google
and Microsoft spending billions of dollars a year, and that leads me to
believe that because of the capital expense of building these networks,
theres going to be a relatively small number of suppliers who can afford
to build them.
So that in itself raises some red flags. But another question is, what
about the services, the applications that ride on top of that infrastructure?
Will that remain sort of a separate business with lots of providers compet-
ing? Or will the Googles of the world suck up those applications as well?
Will we see a small number of vendors holding power over both the
infrastructure and the applications?I dont really know. Regulations will play some part in it and also the
ability of a company like Google to innovate in a way thats attractive for
businesses, which it really hasnt done much of yet.
How do CIOs make the big switch without decimating their IT
staffs and placing their own jobs at risk?
One of the advantages of the cloud is that it allows you to not only reduce
your capital expenditures in IT but to reduce your IT staff. And if it didnt, it
wouldnt be that attractive, because IT labour costs are such a big part of
IT costs. So as CIOs look ahead, they should come to grips with the fact
that this may mean that their empire may shrink.
On the positive side, as the head count shrinks, their visibility and
importance to the business may increase as they move away from man-
aging the machinery and the applications and the licences to focusing
more on the business logic. But if you go into it thinking, I can only do
something that allows me to maintain my current staff or to expand my
staff, youre probably going to run into roadblocks with the cloud pretty
quickly.
Some companies that have outsourced their IT operations still
retain staff in-house to work with outsourcers and users. Would you
expect to see the same type of model playing out in the cloud?
I think so. Cloud computing is a form of outsourcing, using outside suppliers.
And I think it will tend to have that same effect on IT shops. There will be
some kind of information systems broker who, similar to the people who
manage outsourcing relationships, figures out how we distribute our sys-
tems and our requirements and applications among these cloud providers.
You still need somebody to make the connection between the busi-
ness and the application, though in a radical scenario, that job may move
outside the IT department and into the businesses themselves.
How should CIOs change the way they approach IT in light of the
troubled economy?
Clearly and this is something that CIOs have gotten used to this
decade, for better or for worse cost is going to continue to be a big
factor. I think the judicious use of the cloud can help in that [regard],
because it does allow you to avoid capital investments, which can be very
hard to make a case for now.
Running counter to that, companies tend to get very conservative in
periods of economic tumult, and even experimenting with new models
such as cloud computing may begin to be difficult. But compared to a few
years ago, there are more options now for getting more IT capability at
the same or a lower price. Companies shouldnt be afraid to explore those
options and experiment with them.
Might recent investments in virtualisation keep large companies
from making a wholesale switchover to cloud computing, at least
in the short term?
I dont think big companies are going to make a wholesale switchover tothe cloud, because I dont think the cloud is ready for all the things that
companies do internally in IT.
But I think virtualising your own IT infrastructure is going to make it
easier in the long run to pull in more and more capabilities from the cloud,
or begin to use the cloud as basically an extension of your own data
centre so that every time you get an upsurge in demand for a particular
application, youre not faced with the need to go out and buy a lot of new
servers. You can use the cloud as kind of an add-on and expand to it.
You were interviewed by Stephen Colbert on The Colbert Report
recently. What was that like?
I watch the show a lot, so I kind of knew what I was getting into. But my
wife was like, Dont do it! Dont do it!
The producer told me to make a few points, try to be serious and clear,
and try to ignore [Stephen Colbert] because hes going to try to play off
you and trip you up. And that was good advice. It was fun, actually.
Youve said that Google has made us all stupid. But some research
suggests that the Internet may stimulate some neural activity.
I think [it] can do both things. The study youre talking about showed that
when we use the Internet, a lot of the areas of our brains are active,
including decision-making parts that arent very active when we read.
But [I wonder about] the quality of thinking thats going on in your brain.
[If] so many areas of your brain are activated when youre online, does
that hinder the type of concentration and reflectiveness that occurs when
youre sitting quietly reading?
One of the advantages of the cloud is that it allowsyou to not only reduce your capital expenditures in
IT but to reduce your IT staff
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
18/32
Forecast 200918 | www.computerworld.com.au | February 2009
Forecast 2009:The yearahead for ITMichael WarrilowManaging directorHydrasight1. Cloud computing will begin to
occupy the thoughts and strategies
of most IT organisations. While
there are many possible definitions
and interpretations for cloud com-
puting a problem that will lead to
increased confusion in 2009 the
underpinnings for cloud computing
in the enterprise are straightfor-
ward. Namely, that the server-
centric computing model is (slowly)
returning to favour on a globally-connected scale. Moreover, we
believe that addressing variability
in demand for computing resources
and solutions will make traditional internal/on-premise solutions increas-
ingly cost and time prohibitive. While the implementation styles for cloud
will often be very different, the underlying principles of resource sharing
will pervade all major solutions. In that sense, cloud computing is not so
much a revolution as a major contributor to the IT industrys evolution.
2. The downturn in the economic environment will force a major
(re)focus on cost reduction. However, the extent of the fall in IT spend-
ing will not mirror the post-Y2K hangover of 2001 if only for the fact
that IT budgets have been more tightly managed in recent years. Whats
more, most of the banks and (federal) government departments began to
tighten their belts in 2008. Regardless of the starting point, every major
RFT and contract review will be subject to extreme scrutiny on reducing
expenditure. Savvy CIOs will use the current opportunity to capitalise on
labour restructuring, to negotiate more favourable licence and support
contracts as well as to reset operational performance expectations within
the business. Moreover, they will use technology as a reason to restruc-
ture the business.
3. Green IT will become subsumed into broader organisational pro-
grams and roles for environmental and social responsibility compliance.
In the process, Green IT will increasingly be viewed as a subset of doing
greener business. During 2009, the environmental sustainability market
will be thrown into a state of confusion resulting from legislation that, com-
bined with vendor opportunism, will lead to a questioning of confidence.
4. Virtualisation: As server virtualisation adoption rates continue to
increase, IT organisations will be forced to place greater focus on man-
aging virtualised environments and integration with existing manage-
ment tools and processes as well as a variety of "point" solutions. The
perceived success will continue to drive investigation of desktop virtuali-
sation during 2009. However, the vast array of options and approaches
available will confuse the majority of organisations. Leading organisa-
tions will begin to recognise the opportunity to leverage their existing
server virtualisation efforts to facilitate early cloud deployments.
5. Video conferencing and telepresence will slowly increase in
adoption due to often-misguided beliefs about the cost savings and
environmental benefits. Despite the absence of any greater measures
of success or rewards over previous video conferencing initiatives many
organisations will nonetheless make substantial over-investments in fixed
location video-based collaborative technologies. Moreover, 2009 will seean increase in the perceived failure of unified communications projects.
6. Mobile computing: Due in no small part to the iPhone, there will
be a renewed business focus on dedicated remote devices, especially for
delivery and capture of field data. The high cost of poor data quality will
be highlighted by renewed interest in organisational efficiency projects.
However, until local economic conditions improve, only those projects with
a direct, tangible cost benefit analysis will proceed. Ultimately, 2009 will see
an increasing awareness of the reality of moving away from managing the
development and deployment of applications on specific devices to ena-
bling secure information access irrespective of device, platform or location.
7. Microsoft Windows: Despite Windows Vistas perceived fail-
ure, Windows 7 will prove to be no more compelling or attractive for
the majority of organisations during 2009. Enterprise upgrades to Vista
will nonetheless proceed during 2009, but on a less aggressive scale
than Microsoft would undoubtedly like. Management and administra-
tion costs for the Windows platform will generally continue to increase
as organisations become more dependent on the technology. However
many of these costs will be obscured by complex cross charging and
line-of-business/workgroup specific resources that become considered
business roles rather than IT roles.
8. Business intelligence: Information analysis will consume sub-
stantial business and IT resources during 2009 as organisations attempt
to better understand and remediate the impact of the financial downturn.
Interest in, and use of, business intelligence, analytics and modelling
tools will increase, though adoption will be broadened across the enter-
prise rather than being substantially transformative.
Experts weigh in with theirpredictions of what will
be hot and not in IT for 2009
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
19/32
Forecast 2009February 2009 | www.computerworld.com.au | 19
Ross DawsonChairmanFuture Exploration Network
The last year of the decade will bring more change than any other
year this decade, says Ross Dawson, chairman of Future Exploration
Network, a global consulting firm that helps companies understand the
future.
Perversely, a slowing economy will accelerate the pace of change,
says Dawson. Many companies will take advantage of the downturn to
use technology in innovative ways. Technology ranging from mobile appli-cations to online gaming will become an everyday part of our work lives.
Social change tends to be faster in a downturn, notes Dawson. Our
attitudes to what is acceptable behaviour by the government and compa-
nies will rapidly evolve. Technology is shaping society, but society is also
shaping technology, particularly in how it allows us to express forcible
opinions.
Dawson points to six important forces that will shape business and
society in 2009:
1. Constant Partial Attention: 2009 will see more people consuming
20 hours or more of media a day. And no, its not just the insomniacs. It is
due to a phenomenon called Constant Partial Attention, or CPA, in which
our attention is constantly divided between a massive array of channels
now including mobile Internet, video screens on buses, and more. Over
two-thirds of people watch TV while reading. To be successful, we need
to thrive on constant interruption.
2. Half of us expose ourselves; the other half watches: 2008 saw
a surge in Australians using Twitter the worlds most popular micro-
blogging platform. As a result, people are becoming more and more
comfortable living their lives online. In 2009, expect to see more of your
friends. Literally. With increased access to online video technology, and
mobile data plans getting cheaper, sending video updates of our every
move will seem normal.
3. Gen Y wakes up to Gen Z: In 2009, Generation Y (1979-1990)
wont be the new kids on the block any more as Generation Z enters
the workforce. The me generation will wake up to dramatically changed
conditions in the workforce, including younger competition, after expect-
ing instant rewards for years. Sophisticated and with a social conscience,
Gen Z has never lived without the Internet or mobile phones. Their adapt-
ability and early experience of economic woes will create new challenges
and opportunities for employers.
4. Outsourcing for the masses: Outsourcing used to be for banks
and telcos. This year will see a big increase in outsourcing for us mere
mortals. Many will use assistants in India or Hungary to make travel book-
ings, set up a personal Web site, or design a flyer for the school fete.Australian company 99designs is letting companies small and large tap
designers all over the world, and Australians are among the leading users
of online outsourcing services.
5. Companies become social: In 2009, companies will truly embrace
social networks, blogs, and other Web 2.0 tools, bringing new ways of
connecting into the workplace. From zero users just two years ago,
now over 3.5 million users Australians are socialising using Facebook.
Companies are realising that better connected staff are good for busi-
ness. Westpac, Lend Lease and Deloitte are just some of the companies
paving the way for a transformation of how we work.
6. Media industry shatters: Major Australian media companies could
fall in 2009. They have seen the rivers of gold of print classifieds rapidly
shift to the Internet. In the US, classified advertising has fallen by over
60% in the last two years, and newspapers including Christian Science
Monitor have stopped printing, shifting to solely online. Journalists them-
selves will prosper having the most relevant skills in an information
age but for many their future wont be in traditional journalistic roles.
Simon ElishaChief technologistHitachi Data Systems Australia & New Zealand
1. Doing a double take on data
deduplication: While data dedu-
plication moved quickly from dis-
cussion to implementation, in
2009 organisations will realise
that there is still a home for tape intheir backup environment. In some
cases the cost of data deduplica-
tion does not always merit the solu-
tion, making a 50/50 mix of disk and
tape the preferred option for 2009
and beyond.
2. Going beyond a pragmatic
green approach: The increasing
cost of power, lack of available data
centre space and imminent Carbon
Trading Scheme will put increased
pressure on organisations to imple-
ment tangible Green IT strategies.
While most organisations have adopted a pragmatic green approach to
date, Government departments will lead the Green IT agenda in 2009 by
implementing best practices that deliver benefits for the environment and
the bottom-line. Financial organisations will quickly follow suit.
3. Feeling the skills squeeze: Organisations will shed or freeze
headcount in their IT departments, making easy-to-use technologies that
allow IT professionals to do more with less paramount. With the eco-
nomic downturn comes the greater availability of highly skilled IT staff.
Progressive organisations will use this to their advantage to make hires
in 2009 that will position the company for growth in the future.
4. Deciding to defer, defer, defer: Deferring IT projects will become
the norm in 2009 as the economic downturn worsens. Technologies like
thin provisioning and storage virtualisation will continue to grow in popu-
8/14/2019 The Grill: (ISC) 2s W Hord Tipton
20/32
Forecast 200920 | www.computerworld.com.au | February 2009
larity as organisations turn to technology to get more juice out of their
existing infrastructure and defer future IT investments until tough times
improve. Progressive organisations will use 2009 as a time to get their
house in order and implement IT projects that deliver a measurable ROI.
5. Introducing annoying archiving: Data archiving will become
sufficiently annoying, especially in large organisations as the growth of
unstructured data continues to escalate. In 2009, organisations will start
to view archiving as a strategic rather than tactical activity that unlocksthe value of information to the entire organisation. Active archiving solu-
tions will become more integral to an organisations information manage-
ment initiatives, and many organisations will move there their tier two
storage to this archival tier.
David BarnesManaging directorUnisys Australia & New Zealand
Australian organisations will look to their IT departments as the global
economy tightens to help adapt quickly to changing market conditions by
stabilising internal processes, delivering greater efficiency and enhancing
cost management.
The five areas of technology that Unisys predicts will drive IT strategy
in 2009 are:
1. Automation: Automation tools will allow IT infrastructure to quickly
and automatically respond to changing business demands based on pre-determined rules.
2. On-demand service delivery: Utility computing models will experi-
ence a greater take-up in 2009 as businesses look to pay only for what
they use.
3. Centralised IT infrastructure: Knowledge management and mod-
elling methodologies will be used to track interdependencies across an
organisation so that management can take a whole of company view
of all facets of their organisation and provide an equitable service for all
employees whilst removing unused applications.
4. Better asset management: Under-utilised IT resources will
become a large focus for companies looking to identify wasted resources
and improve organisational efficiencies.
5. Being green an added benefit only: Solutions that help organi-
sations meet their green commitments will only be an added benefit in
2009 not a primary decision driver as businesses look to protect their
bottom line first and foremost.
Dr Michael HarriesDirector of technology strategyCitrix Systems1. Everyones heads will be in the
clouds: With increased interest in
cloud computing, enterprises will
start looking to leverage the ben-
efits of the cloud. But this is not an
all or nothing move while every-
ones heads will be in the cloud theirfeet will still firmly be planted on the
ground. The cloud brings new IT
capabilities to the IT toolbox and
should be treated as just part of the
enterprise IT architecture strategy.
IDCs Predictionsfor 2009Analyst firm IDC predicts current
economic crisis will still provide
for pockets of opportunities
within the Asia-Pacific
Despite the global economic slow down, IDC
believes that in
Top Related