Last week’s Sony data breach shattered TJX’s longstanding record for the largest customer data theft ever, a dubious honor that TJX has held since 2007.

The massive Sony breach leaves millions and millions of credit cards at risk.  Details still aren’t clear yet, but the Sony breach *may* have included the theft of customer credit card information, as well as other personal information such as billing addresses, usernames/passwords, email addresses, birthdays, and transaction histories.

Did Sony take reasonable care to protect, encrypt, and secure the private and sensitive data of its users?

Did Sony take too long to notify customers that their personal information had been exposed?

Looks like these questions will be answered in a courtroom as the first lawsuit resulting from the Sony security breach of the personal data of more than 75 million Sony PlayStation Network customers has been filed.

The class action lawsuit seeks seeks a trial by jury and fitting monetary reimbursement…. And the case’s Overview cites “breach of warranty, negligent data security, violations of consumers’ rights of privacy, failure to protect those rights, and failure and on-going refusal to timely inform consumers of unauthorized third party access to their credit card account and other nonpublic and private financial information” as cause enough, noting Sony’s “failure to maintain adequate computer data security of consumer personal data and financial data.”

For more information, take a look at the post on the Sony PlayStation blog.  I’m sure we’ll be learning more as further breach details are disclosed and as court proceedings advance.

There is no doubt that the upcoming Royal Wedding is the biggest wedding since Prince Charles and Princess Diana.  In 1981, when Prince Charles and Princess Diana married it set a world record for the largest TV audience.  The wedding of Prince William and Kate Middleton will certainly set a new record.  Not only will people be watching this event on TV, it is estimated that 400 million people will be watching online.  The big event will be taking place tomorrow Friday, April 29th – unfortunately for network admins this will take place during work hours in Asia, Europe and parts of the US. 

Many of us here at Ipswitch are extremely excited about the Royal Wedding (she arrives a commoner and leaves a princess – who wouldn’t be excited?); however others are more concerned with the effect this might have on their business and the bandwidth of their networks. 

Make sure you have a solution to detect any network performance issues during the “Wedding of the Century”.

Customers frequently ask questions about the necessity of Syslog. “I have turned SNMP on and am collecting SNMP stats and alerts. Isn’t that enough?” It depends.

The first answer is relatively simple; if you are monitoring solely for up/down status, well known error conditions, some performance parameters and high-level troubleshooting, then SNMP will address your needs.

However, to understand individual device to device or user to device transactions at a highly detailed level then it is advisable to enable Syslog and collect the messages generated by each device.

While most networking devices support SNMP and virtually all network management solutions use SNMP as their main mechanism to provide status of networked devices, SNMP can be limited in scope compared to Syslog. For example, a large Cisco switch may have over 6,000 different Syslog event messages and the specific SNMP MIB for the device supports approximately 90 trap notifications.

Would you rather have 6,000 different types of events to monitor through Syslog or 90 through SNMP?

While 6,000 different events may seem daunting, some of the lower level informational or debug messages can be filtered out for reporting and analysis, but still stored as part of a Syslog log management strategy. The good news here is that customers can now have the best of both worlds.

Check out WhatsUp Gold for your SNMP needs and for Syslog try WhatsUp Gold Event Log Management Suite.

Earlier this month we teamed up with Security Advisor (premier reseller of Ipswitch in Chile) to put on a special customer event.  Remsis Perez, SE at Security Advisor (and local “guru”), and our very own Alessandro Porro, Vice President of International Sales, gave attendees a sneak peek into our upcoming release.  

The event was held at Cerveceria Nacional, a National Brewery in Chile.  The turnout was incredible and the event was a great success.  Thank you to everyone who attended and to the brewery for your hospitality.  A special thank you to Security Advisor for all their hard work!

Many thanks to the Verizon RISK Team (along with the U.S. Secret Service and the Dutch High Tech Crime Unit) for publishing their 7th annual analysis of data breaches.  Compromised data continues to plague organizations worldwide, and studies like the 2011 Data Breach Investigations Report can help us all avoid becoming a victim – both as individuals and also as corporate citizens.

Here are a few noteworthy data points:

  • Nearly 800 data breaches were reported in 2010, a sharp increase from the 900 breaches reported in the previous six years combined
  • 4 million records were compromised in 2010  which is significantly less than the 144 million compromised in 2009
  • Many breaches involved sending data externally – Take this as a warning to pay more attention to information leaving your organization
  • 89% of companies suffering credit card breaches were not PCI compliant at the time of the breach, indicating that organizations with rigorous compliance efforts are less likely to be breached
  • Only 17% of breaches implicated insiders (down from 31% last year) and 29% had a physical component

A key takeaway is that while the quantity of data breaches quintupled in 2010, the number of compromised records actually dropped.  This data is consistent with the growing belief that attackers are increasingly targeting smaller companies (which tend to have less focus and expertise on IT security) simply because they are easier to exploit.

As the Verizon team points out, in the world of cyber crime, knowledge is power.  Not only do companies require visibility into the  files and data that are being transferred around an in/out of their organization, but they also need the management and enforcement capabilities to control, govern, and protect the growing number of mission-critical and confidential files that are being accessed every day by internal and external systems, applications and people.

Are you a WhatsUp Gold customer in the Salt Lake City area? We are organizing a Customer Connect meet up on Thursday, April 28th from 11:00 a.m. – 1:00 p.m. MT at the Holiday Inn in American Fork.

Our Utah R&D team understands the only way to get to the truth is to get to the customers who use our product.  We want to know your thoughts, suggestions and maybe even complaints.  A few hours with our customers is the most valuable information we could gather.  And for our appreciation of your time, each attendee will receive a $100 American Express gift card.

Don’t miss this exciting discussion with our Utah Team!  For more information, and to register, click here.

Read the series introduction here

Trend #9 – Automation

Where’s mom? Management tool developers have promised a manager of managers (MoM) for more than a decade. MoM would “automate and integrate intensive day-to-day and tactical processes.”

Automation remains a top priority. But Gartner explains that MoM has evolved into a new form: “run book automation” (RBA). Run books once contained documentation of mainframe operational processes.

Though Gartner expects RBA to take about another two years to mature, the wait sounds worth it. Look for RBA capabilities to:

  • design, build, orchestrate, administer and report IT operations workflows
  • cross all management disciplines
  • interact with all types of IT infrastructure elements
  • provide an orchestration interface to design, administer and monitor processes

While RBA isn’t here yet, it’s definitely not too soon for network managers to deal with it.

Gartner recommends planning for RBA, monitoring its evolution, and investing in management tools that lead to it.

Trend #10 – Cloud Computing

To deliver on the promise of cloud computing, IT must provide “a rich set of network services to a broad set of applications and services.” Garter has identified a set of cloud network options, along with their application service characteristics and use cases.

For example, applications running over the public Internet option (such as consumer-facing applications) must be ubiquitous and low cost yet not necessarily consistent in high performance, especially when delivered globally.

But an application running over the private site-to-site delivery option (such as core business-critical applications) calls for strong SLAs, consistent performance, and lowest latency, among other application service characteristics. 

To mitigate latency issues, Gartner recommends the use of application delivery controllers (ADCs) and WAN optimization controllers (WOCs) – along with direct interconnection of networks, such as a secure gateway between MPLS and the Internet.

Gartner’s summary recommendation: “Network managers should test or emulate the performance of cloud-based applications in all geographies where they plan to deploy them.”

This concludes our summaries of Gartner’s RAS Core Research Note “Network Managers’ 10 Most-Challenging I&O Trends.” Read the full report here

Read the series introduction here

Trend #7 – Network Operations Integration

The convergence of formerly distinct network technology platforms – take telephony systems and LANs, for example – is precipitating a major networking operations transition, including alterations in IT organizational structure.

Gartner recommends network managers adopt an ITIL approach, creating an organization centered around processes that deliver IT services. To enhance end-to-end IT service delivery, consider greater integration of the Network Operations Center (NOC) with IT infrastructure operations.

This trend is driving complex IT organization changes, subordinating technology to processes, with the ultimate goal of seamless service delivery across all of IT.

Trend #8 – IT (and Network) Services

Gartner prediction: by 2012 as many as 30 percent of large enterprises will define core business-oriented IT services, along with formal service-level agreements for each service. The number of enterprises engaged in this analysis will rise from 15% in 2010.

As a result of this trend, IT is tasked with proving its enterprise value and with identifying metrics for service levels.

Because IT organizations increasingly define their services as processes, it’s not always obvious how to demonstrate the value of a process to the business.

Gartner proposes IT organizations tackle this perception gap in three phases.

Phase 1: Consider how the enterprise actually uses IT

Example: processing enterprise applications and computations; storing/retrieving essential data; and communicating among employees, suppliers and customers to make decisions and complete transactions.

Phase 2: Subdivide each category into sub-categories

Example: communications can be divided into telephony, messaging, conferencing, collaboration and data transfer, and presence.

Phase 3: Analyze each sub-category in terms of service-level requirements

Example: establish service-level uptimes by sub-category (such as data transfer) and for various enterprise sites (such as headquarters, field office, home).

Gartner cautions IT organizations: “Our key principle is to define services in the way the enterprise uses them, not necessarily what IT delivers as processes.”

Coming next: Our Ten Most Challenging trends series concludes with trends #9, Automation, and #10, Cloud computing.

Enhanced by Zemanta

Read the series introduction here

Trend #5 – New Client Architectures

Today’s client architecture requirements have evolved to become user transparent. Operating systems as well as applications run just as well on PCs as on servers – or can run on a server and be streamed to a PC.

The network, bolstered by a variety of virtualization capabilities, determines how efficiently the enterprise IT architecture serves evolving user needs. Example: hosted virtual desktops (HVDs) separate the PC from its operating system and applications, which run on a server in the data center.

At the same time, HVD architectures require more bandwidth and may provoke latency issues. Gartner advises network managers to implement application delivery controllers (ADCs) and WAN optimization controllers (WOCs) to ensure adequate response rates.

Trend #6 – Use of the IT Infrastructure Library® (ITIL)

IT organizations find themselves increasingly accountable to deliver end-to-end service quality to the business. The IT Infrastructure Library (ITIL) framework, now in its third iteration, lays out a process to achieve this goal.

ITIL can be used to establish continuous service improvement for IT operations management, with an emphasis, states Garter, on “best practices in specific processes for the service desk function.” 

When IT organizations implement the ITIL framework to systematize Network Operations Center processes, results include:

  • Reduced operational errors
  • Completion of operational processes faster
  • Increased workload segmentation according to skill level
  • Improved service levels 

Gartner’s recommendation: Network managers should budget for ITIL v. 3 training of networking professionals.

Coming up: Trends 7 and 8 – Network Operations Integration and IT (and Network) Services.

Read the series introduction here


Trend #3 – Virtualization

Virtualization of today’s typical server workload stands at a scant 12 percent. But not for much longer. Because virtualization holds the key to more agile and manageable IT infrastructure and operations, Gartner predicts a 4-fold increase in server workload virtualization by 2012.

The virtualization trend is accelerating everywhere in IT. Consider:

Storage: virtualization moves beyond vendor-specific architectures and into virtual SANs (VSANS).

PCs: virtualization separates the application, operating system and hardware layers so each can be updated without affecting the others.

The network: First virtual LANs (VLANS) and VPNs virtualized the network configuration. Now networking functions follow suit, using virtual resource pools to handle load balancing, SSL encapsulation, and more.

To promote greater server virtualization, Gartner recommends:

  • The design of data center networks with high I/O and throughput, enabling multiple VMs per physical server
  • Greater network flexibility, for example: top-of-rack switching, terabit-class Ethernet switches, and pooling network resources and functions within data centers.

Trend #4 – Convergence

Convergence continues its tremendous, decade-long influence on the network – and begins to expand beyond the network.

Watch for an emerging category of convergence targeting the data center directly.

Driven by Cisco, HP and IBM, this new trend “vertically integrates server, storage and network systems and components with element-level management software.”

Now the foundation exists to dynamically share data center resources with optimal efficiency.

Data center convergence brings with it speed and agility in provisioning, configuration and re-purposing.  However, Gartner notes that data center convergence “won’t remove the boundaries between vendors completely” – at least not in the short term.

Outside the data center Ethernet is the clear winner in the “platform wars.” But enterprises are unlikely to deploy all-Ethernet solutions until 2012 at the earliest.

Gartner recommends that network managers gain expertise in data center convergence through these actions:

  • implementing top-of-rack I/O convergence to simplify cabling and improve flexibility
  • deploying fiber optics to all server racks and storage arrays
  • limiting InfiniBand to applications that require it
  • reorganizing to include all data-networking assets under one manager

Next up: Trends 5 and 6 – New Client Architectures, IT Infrastructure Libraries

Security researcher Derek Newton and a few Dropbox users have found a significant security hole in Dropbox. They published their results and Dropbox responded.

Dropbox’s response is not adequate.  It’s not enough for them to bury their head in the sand and to say that this security gap is not their problem if a hacker has physical access to the computer. The very nature of Dropbox lets its users increase their physical presence onto many more computers.  As such, these users are increasing the risk of their information being stolen and their businesses being compromised.

Instead, Dropbox needs to say what steps they are taking to close this security gap.  If Dropbox wants to minimize the impact to their business and to increase their presence as a responsible corporate citizen, Dropbox needs to make this security issue theirs to resolve.

Encryption is the best way for Dropbox to proceed right now.  Encrypting their configuration files would be the first and best place to start.  Second, Dropbox (like Google or my credit card company) should monitor users’ accounts for unusual activity.  Whenever they notice a blip or a change in user’s activity, they should send the user an email or SMS.

Third, no application or user should be given implicit access to a user’s files.  All access needs to be explicit.  An end user needs to specify each application and user that has permission to view, update, copy or remove their files. 

As all our transactions become electronic, it’s more important than ever that securing the data, securing access to the data without compromising usability and authorized access is the number one requirement for software vendors.

Today’s blog post is from Ennio Carboni, the Ipswitch Network Management Division president:

I must admit that I have been enamored with John Chambers for some time.  While the rest of the world is pre-occupied with Steve Jobs, I argue that one of the greatest business leaders we can learn from remains John Chambers.  Why?  Chambers understands markets and the forces that can create and shape markets but more importantly he understands the value of corporate culture as a catalyst or diffuser of and for corporate strategy.  Employee culture is a soft topic most feel lost in describing but I view it as the organizational glue that keeps the business intact during accelerated growth or sudden stoppages.  Culture includes important attributes like business ethics, norms, values and the culture inside the small pods and groups that make up the organization.

Yet, as much as I believe in John Chambers he disappointed me this past week with the announcement he made regarding the mis-alignment and directional changes needed at Cisco.  As a shareholder, the earnings reports don’t concern me much as I consider this and the next few quarters to be transitional ones that enable Cisco to align better.   My disappointment was more rudimentary.  I was disappointed in Chambers for the same reason I was disappointed in others making directional changes at the time when earnings disappointed.  Why is the strategic direction and strategic effectiveness only re-evaluated at the time when the numbers miss Wall Street expectations?  Is this a sign of management being out of touch with the ground troops in marketing, sales and customer support?   How could you not see the traction HP and others were making in comparison to your own?

In full disclosure, I run a business much smaller than Cisco at under $100M and less challenging organizationally because of size of scope.   Yet, it’s still a sizable organization that employs hundreds and supplies thousands upon thousands of customers worldwide.  We have a prosperous business with strong top-line and bottom-line metrics in a marketplace with a strong outlook.  It is here that I value lessons learned a while back – “stay close to your field people who are collecting market information daily”.    The best practitioner of this style remains New York Mayor Bloomberg as the founder and CEO of the Bloomberg Media Empire.   Bloomberg is well remembered for his persistence with sitting in an open area next to sales where he could listen, observe and reflect upon real time market data.  The key is not to react to a single piece of data you hear. 

John Chambers  and Cisco will again thrive.  They are the backbone for much of what we do as a business community.  HP and others are making great strides as they should but Cisco is not going anywhere.  If I were to offer a single piece of advice to John it would be that this is a perfect time to think about divisonalizing the company down to P&L’s and utilizing market forces, strategic execution and P&L responsibility to separate the best from the rest.   You’d be amazed to see what ordinary people can do when given the opportunity to partake in extraordinary activities.