The cost of breaches due to poorly designed applications is reaching a tipping point that will force enterprises to re-evaluate their development priorities.
The need for greater collaboration between development and security groups as well as better education and training in secure code development has never been greater.
The IT industry is getting to a point in the evolution of cybercrime where it will have to truly pay more attention to secure applications development. Right now developers are not properly trained or incented to create secure applications – they are incented to write more code that addresses specific business functions. Enterprises do not pay enough attention to how well systems and applications can stand up to malware, and that inattention has come back to haunt them. The reliance on bolt-on security—security that is largely an afterthought to the full lifecycle of enterprise applications—is the norm. And the constant search for vulnerabilities, notification of such vulnerabilities, patching and so on is costly, complex and error prone. Two of the largest breaches reported in 2011—the Sony and RSA breaches—were the result of unpatched software. (It should be noted that the RSA breach cost the company $66 million, and one estimate on Sony’s damage went as high as $1.25 billion.) It should be broadly understood at this point in time that it is much more expensive to remediate vulnerabilities after applications are released into production than it is to fix those issues during the design phase. Continue reading “Enterprises Should Emphasize Secure, Not Rapid, Application Development”→
The annual Telefonica Leadership Conference in Miami showcases technology innovation and market trends, while also updating customers, partners, and analysts on the company’s key areas of focus.
Telefonica continues to adjust to economic realities, looking for the right blend of organizational structure and services to ensure a leading role in global markets, at a time when Spain and much of Europe is struggling.
Telefonica finished 2011 with a 3.5% increase in revenues, principally due to its 13.5% year-over-year growth in Latin America, which compensated for the sharp 7.6% revenue slide in its incumbent market in Spain. While the operator acknowledges the difficulties behind it (and ahead of it), it also continues to demonstrate its role in creating the future. The annual Telefonica Leadership Conference in Miami (held this year from March 26-28) highlighted its view of how, as a global telecoms leader, it is helping to shape the world. Highlights included: Continue reading “Live from the Telefonica Leadership Conference”→
Many vendors offer embedded application platforms within either WAN or LAN equipment (or both), touting performance benefits.
Customer adoption remains tepid, however, and many often opt for appliances or servers/virtual machines due to convenience or familiarity.
Nearly every major networking vendor provides an application platform with which either their partners or customers themselves may embed applications. These platforms can come in several forms, such as HP’s ONE module, which resides in a switch; Cisco’s UCS Express, a router/switch application services device; or Arista’s new 7124SX switch, to name just a few. Potential benefits include, for example, improved packet processing performance, faster application response times, and deployment simplicity. Whether it is a lightweight application such as a DNS or DHCP server, or something more robust such as Exchange or a call management suite, these emerging application platforms appear to be gaining steam in the market. Vendors say their customers find ease of use, tight integration, and performance/responsiveness top the list of benefits, though operational simplicity and (perhaps more important) network team control help. This last element is one of the most notable, as it demonstrates the divide that remains and inhibits enterprise growth into a more aggressive cloud adoption curve. The storage, server, application, and network teams often remain separate functions; therefore, appropriation of resources to their peer groups can oftentimes be slow. However, these quasi ‘network appliances’ give the network team back the keys to a server resource, yet administration and control remain within their domain. Continue reading “Embedded Network Applications: Friend or Foe?”→
Companies are segmenting their highly mobile users and looking at FMC solutions that can re-direct their calls over a VoIP network to reduce mobile costs, including not only roaming costs in the case of frequent travellers, but also in cases of ‘mobile-only’ offices.
Service providers that are offering FMC solutions to enterprises include Verizon (Global FMC), BT (Onevoice Anywhere), and Orange (Mobile Access).
The good things about FMC solutions are they can work to reduce mobile costs, leverage companies’ existing infrastructure (e.g., VoIP VPN), offer one number and identity, and work on any mobile carrier networks. In terms of the sales process, price points are reasonable at EUR 4 to EUR 7 per user, per month, and trials are easy enough to get off the ground; it can take less than two weeks for an administrator to set this up via an online portal. Customers may cancel during the first three months with no early termination charge. Continue reading “Breathing Life Back into FMC”→
Microsoft Lync appliances for SMBs are available from small, regional solution developers
There may be a certain degree of risk associated with purchasing from smaller, regional solution developers <br><br>
My recent post about the lack of a Microsoft-delivered Lync appliance generated some messages about Microsoft UC offerings for small businesses. The first was from Maarten Swemmer:
“I completely agree with your analyses. And although Microsoft offers Lync Online for SMBs, it does not offer the telephony functionality one would desire in a Unified Communications solution. You’re still stuck with your old PBX. However, implementing voice isn’t easy and often requires customization on a hardware level. That’s an area Microsoft explicitly does not like to involve itself in. This might be one of the reasons why Microsoft has not implemented Lync as an appliance itself.”
It’s a good point – that Microsoft steers clear of products that require customized hardware, and in the world of business telephony solutions, customized hardware platforms have traditionally been quite common. That being said, in many cases these days, business telephony (aka PBX) software runs on industry-standard servers (just like Microsoft Lync), is SIP-based (just like Microsoft Lync), and includes a messaging, conferencing and collaboration feature set beyond basic telephony (just like Microsoft Lync). In fact, many PBXs ran as software on a plain old server long before Lync was a gleam in Microsoft’s eye. So it’s not really the IT buyer that has this problem with PBXs, since PBXs can offer many of the same features and benefits of Microsoft Lync. It’s the Microsoft reseller that has the problem, because more often than not Lync is the only arrow in his quiver when it comes to telephony.
Another comment that came in was anonymous:
“There are several attractive options for SMBs at the moment…As a Microsoft Partner and SMB ourselves, we are grateful that Microsoft left the door open for us to fill a niche in the product portfolio.”
This was from someone at CyberUC, a provider of hosted Lync services. Swemmer, incidentally, is associated Active Communications, a Microsoft business partner based in the Netherlands. Both make a very valid point: That while Microsoft may not be delivering a Lync appliance of its own, several of its partners have stepped in to do so. These include boxedUC from Italy-based FrabbicaDigitale, Netherlands-based StartReady, SynSIP in Belgium (a developer of Asterisk-based PBX that added a Lync appliance to its portfolio), and Iluminari Tech in Canada.
What’s striking about this list is, first, a number of the vendors on it are based in Europe. I don’t really associate Lync strongly with Europe, in part because it lacks support for emergency services outside the US. And second, they are all very small companies. I’m surprised larger developers are not getting into the game. HP, given its close partnership with Microsoft, would be a prime candidate for pairing its servers with Microsoft’s UC software for a combined offering. The company offers (or offered, as it’s not on the HP Web site anymore) a “survivable branch appliance” that runs Lync on a gateway deployed at an enterprise’s remote offices. But HP has been actively backing away from UC, discontinuing sales of the 3Com line of VCX products and divesting itself of its Halo telepresence solution. Meanwhile Dell has a Lync-centric UC practice. This pairs Microsoft UC software with Dell storage and server hardware, but stops short of a pre-packed Lync appliance.
For IT buyers in SMBs considering Lync as an alternative to more traditional business communications systems, the appliances noted above are clearly worth considering. But bear in mind that these are from small developers whose staying power, telephony expertise, and ability to support customers not near their center of operation may still need to be proven.
As security technology and services continue to improve, a new IBM X-Force report on enterprise threats notes fewer exploits of application vulnerabilities.
However, attackers (including a small but particularly threatening new class of ‘hacktivists’) are finding new and unprotected entry points as they use emerging technologies to prey on opportunistic targets.
A pair of security trend reports from Verizon and IBM’s X-Force research and development team released this week paint a complex and nuanced picture of the current threat environment and the way organizations are arming themselves against risk. While there is evidence that the combination of better and more accurate security technology, services, and best practices is helping enterprises limit their exposure, the reports show no reason for IT organizations to declare victory. IBM compiled its “X-Force 2011 Trend and Risk Report” from a massive store of event and vulnerability data gathered by the company’s threat monitoring services. The report shows a 30% drop in the availability of exploit code, a decrease in the number of un-patched software vulnerabilities, and a precipitous 50% decline in cross-site scripting vulnerabilities versus the previous year. However, attackers are proving their resilience by finding new ways into the enterprise. Continue reading “Security Technologies Advance, but Are Practices Keeping Pace with Emerging Threats?”→
Richer display technology, more powerful cameras, and ubiquitous, high-speed connectivity are ushering in a new era of mobile computing wherein mobile devices begin eating into traditional desktop UI paradigms.
Seeking to capitalize upon this trend, communications and collaboration vendors are sure to push their product sets deeper into these mobile devices, a move that will create some interesting opportunities for IT administrators.
Along with a number of my cohorts here at Current Analysis, I’ll be heading to Orlando, Florida next week to attend Enterprise Connect. This is one of the oldest and most important events on the calendar for unified communications (UC) and video vendors. Over the years, this show has heralded and helped to define a number of important market transitions, such as the move to make voice and video operations not just an IT cost center, but an agent of revenue generation for the entire enterprise. Last year in particular, Enterprise Connect was home to one such market-redefining moment, namely the consumerization of IT. This was epitomized by Microsoft’s demonstration of its communications solution (Microsoft Lync) working together with its gaming console, Xbox Kinect, forming a gesture-based conferencing solution. Continue reading “Enterprise Connect Sure to Reflect Mobilization Trend”→
The intelligent network should adapt to varying demands and self-heal at failure points, regardless of who owns the infrastructure.
IT managers need to seek carriers that know how to offer intelligent networking over multiple off-net partner networks.
Neither the Vanco model nor establishing a world super-carrier, as in the large telco merger attempts exemplified by KPN-Qwest around 2000/2001, really worked. Vanco did succeed at closing a respectable list of MNC clients, but the company was ultimately acquired by Reliance Globalcom. The VNO model continues to work in niche segments, but we have always argued that there are advantages in running traffic and applications across wholly owned networks. KCOM in the UK, for example, is filling the niche successfully based on a small degree of MPLS PoPs and then relying on a large national partner (BT Wholesale) for infrastructure, which allows KCOM to concentrate on marketing and customer service. It should be noted that KCOM is a UK supplier; it does not play in the global market place for multinational accounts! It is an indefatigable truth that a service provider which owns the network can offer better control and healthier service margins. One can also argue that owning the network will result in more concrete SLAs. However, in a large-scale and geographically widespread global data WAN implementation, there is no single carrier that can provide all on-net connectivity. Continue reading “Does It Still Matter Who Owns Infrastructure as the Industry Migrates Towards Intelligent Networks?”→
Most customers would probably not be able to describe the perfect customer interaction until they experience it. So, asking customers to describe their expectations will probably be an unsuccessful effort on your part.
‘Personalization,’ ‘up-selling,’ and ‘cross-selling’ are often perceived as negative terms in customer service efforts. However, experience tells me that, if used appropriately, they can enrich customer interactions and often lead to customer elation.
Most savvy customer service executives would tell you their goal is to use personal information to cross-sell and up-sell every customer that contacts their enterprise. It’s just good business, right? However, the terms ‘personalization,’ ‘up-sell,’ and ‘cross-sell’ have negative connotations with many customers who are worried about protecting their privacy and being forced to buy something they do not need. Allow me to relay an experience I had with my financial institution that, I am certain, will open your mind to the benefits of personalization, up-selling and cross-selling. Continue reading “The Perfect Customer Interaction: You Will Know It When You Experience It”→
Dell clearly believes that security is an important strategic capability.
There is no standard model for how large technology companies become leading security vendors.
Dell’s acquisition this week of SonicWALL got me thinking again about market consolidation and the geography of the security industry. What does it say (if anything) about the current state of the security industry that Dell feels the need to be a serious security player? That question leads to other important questions. How important is it for large IT technology vendors to have security expertise? Moreover, if they have that expertise, where should it live organizationally? Continue reading “Security: Thinking Big”→