Today’s tale from the front lines of network management comes to us from a network administrator from a technology services provider. Over a period of two months his team spent several agonizing hours trying to figure out the source of an intermittent application performance problem.

ill_disconnected

For weeks, users had been getting randomly disconnected when using Microsoft Dynamics CRM software, and losing their data. The IT team couldn’t figure out if the problem was in the database, on the web server or the network.  And the network management software they were using at the time was offering no help.

Their 2 month to-do list went something like this:

  • Review event logs line-by-line, trying to correlated events with reported problems
  • Run Task Manager
  • Run Perfmon
  • Write scripts to try to recreate the problem in the database
  • Search for answers through Google

After exhausting all options, someone on the team downloaded a free trial of WhatsUp Application Performance Monitor software. After installing and configuring the software, the IT team isolated the problem to a change in a stored procedure that dramatically increased the SQL server query runtime. It turns out a DBA loaded a new stored procedure on a production system rather than a test system.

no_google_logo1If you’re experiencing intermittent application performance problems, you may want to avoid asking Google for help and consider the solution found by the folks in this tale.

 

 

Google has recently revealed its latest endeavor – Project Glass. Project Glass is a pair of ‘smart’ glasses that will provide users with real-time information right in front of their eyes. These glasses can be seen in the picture below.

Google stated “a group of us from Google[x] started Project Glass to build this kind of technology, one that helps you explore and share your world, putting you back in the moment.” They recently launched a video of what this sort of technology could look like, check it out!

So what are your thoughts on Project Glass – cool or creepy?

On Thursday, Google introduced social facial recognition into its Google+ social network.  Think this sounds familiar? The tagging suggestion tool, similar to Facebook’s “Photo Tag Suggest” suggests name tags after scanning user’s faces and matching them to user profile pictures or tagged photos on the network.  Despite the similarities, Google’s tool secures more privacy by giving users the option to opt into the service before suggesting tags.  Learning from the heaps of backlash Facebook has received for privacy issues; Google is treading lightly and carefully trying not to violate user’s privacy concerns. 

“The goal is to only suggest tags for people that you know or we think you know,” said Google’s Petrosky. “It doesn’t have to be bi-directional.”

However, many users may disagree and can’t help but feeling their privacy is being violated by Google as well as Facebook.  As these new tools emerge, we can’t help but wondering – what’s next to come?

What are your thoughts on this? Let us know what you think!

Ipswitch has been cautioning companies about the dangers of private/confidential information being sent through Google (and other hosted and person-to-person services), both from a security and a responsibility perspective.

Last week’s GMail hack further drives home the point that organizations must proactively manage and have visibility into what information is being shared with service providers and how information is being sent between people.

Don’t let your guard down and simply treat the cloud as just another internal resource…. They need to be properly managed and governed just like any other third-party.

Ipswitch’s Frank Kenney recently concluded a 4-part webcast series on integration.  It’s not too late to watch a replay of it.  In parts 3 and 4, Frank talks through the issue of relying on cloud providers and provides tips for managing and governing cloud and person-to-person interactions.

Google revealed yesterday a targeted phishing attack from China against hundreds of GMail users, including government officials and military personnel.  The FBI, Department of Homeland Security, and the White House National Security Council are all participating in an investigation of the cyber attack.

My hope is that this breach will serve as the wake up call that public and private businesses need to start enforcing policies around personal email.  According to an Ipswitch survey at the InfoSec Europe conference, employee use of personal email is still a major problem.  Nearly 70% of respondents send classified information (including payroll and customer info) via standard email every month… And 40% admitted to sending confidential information through personal email accounts specifically to eliminate the trail of what was being sent to whom.

Have you provided your employees with a simple tool to send large and confidential files?  Do you have visibility into what is being sent and to whom??  Do you have a documented AND enforced policy around using personal webmail accounts from work computers???

Employees have proven over and over that they will ‘do what they need to do’ in order to be productive. It’s critical that organizations provide simple, safe and auditable tools that enable employees to collaborate and share files.  It’s equally important that they govern employee activities to mitigate data risk by increasing visibility, control, compliance and security.

Ipswitch’s Frank Kenney shares his perspective on breach responsibility and security with Information Week:

“Google has asked for U.S. government support against censorship, but the government’s response has been to ask companies to take responsibility.  If Google does have an ulterior motive, it’s likely to be to pressure the U.S. government to take a more active role in defending U.S. companies in markets like China that present obstacles to fair competition.

Google is urging Gmail users to review their account settings to make sure they’re secure, but Kenney suggested Google could do more to alert users when their accounts are accessed from an unfamiliar IP address or when their accounts have been configured to forward messages.”

Take a quick read of Google’s Terms of Service or Amazon EC2’s SLA Exclusions and you’ll see examples of how cloud platform vendors limit their governance and control responsibility.

So what happens when you put your business in the cloud and then the cloud goes down?  Just ask Foursquare, Hootsuite, Reddit, Quora and others who endured the recent EC2 outage that hobbled their websites, resulting in lost revenue and strained customer support teams.

Chances are some of your critical business processes have already moved to the cloud.  But you still need to know the instant one of them fails.

So how should you treat vendor platforms such as Salesforce.com, Amazon EC2, Rackspace Cloud Files and Microsoft Azure?

As the saying goes, “don’t rely on a fox to guard the chicken coop”.   Don’t rely solely on your service providers to alert you of inaccuracies or outages that they themselves have caused…. Service provider dashboards will be of no use when they themselves are responsible for failure.  A governed pipe will instantly give you that information.

Our suggestion is to treat cloud platform vendors the same way you would treat any other vendor.  Manage all file and data interactions, with visibility, management and enforcement… And carefully craft SLAs that represent end-to-end services and link them to easily trackable key performance indicators.  Cloud does not solve all your data issues on its own, but you can and should leverage your Managed File Transfer (MFT) solution to extend and govern the cloud.

Mobile Computing
Here are two more predictions from Ennio Carboni, the Ipswitch Network Management Division president, on another blossoming area of technology in 2011: mobile computing.

2010 witnessed the release of multiple versions of the tablet computer. Although netbooks have been around for a few years now, they continue to remain popular due to their low price. And, it seems like everyone you know is upgrading to a new smartphone from countless providers. With mobile computing’s availability and reach growing quickly, employers are expecting sonic speed response time and near 24/7 availability more now than ever before. In order for this to be viable organizations must ensure their employees can access business applications from these devices, while at the same time maintaining security, speed and functionality.

As we enter 2011, we can count on almost every business software provider or tool releasing mobile-compatible versions and apps for your convenience.

The Rise of the Android

For several years, the top contenders in the smart phone race were the iPhone and Blackberry. 2010 brought the advent of the Android, which threatens to usurp the former smartphone leaders. Google’s Android OS for mobile phones is already toppling Apple’s iOS as the top mobile operating system. While millions of apps exist for the iPhone, it is not considered the friendliest OS to work with. The Android’s opensource capabilities have opened a huge window of opportunity for more hardened business applications, beyond games and social apps.

Enhanced by Zemanta

Did you kill the web?

Let’s check your alibi. Think of how you spent your morning. Normally, I’d share my morning with you here, what websites I’ve visited and what apps I’ve used, but my boss reads my blog posts, and if she knew how much time I spent on … well, let’s let Chris Anderson illustrate the point I’m trying to make:

You wake up and check your email on your bedside iPad — that’s one app. During breakfast you browse Facebook, Twitter, and The New York Times  — three more apps. On the way to the office, you listen to a podcast on your smartphone. Another app. At work, you scroll through RSS feeds in a reader and have Skype and IM conversations. More apps. At the end of the day, you come home, make dinner while listening to Pandora, play some games on Xbox Live, and watch a movie on Netflix’s streaming service. You’ve spent the day on the Internet — but not on the Web. And you are not alone.”

Chris Anderson and Michael Wolff, in an article on Wired.com titled “The Web Is Dead. Long Live the Internet“, present a compelling argument for the demise of the World Wide Web and how “simpler, sleeker services“, like apps, “are less about the searching and more about the getting.”

Peer to peer file transfers are among the suspects at the crime scene:

The applications that account for more of the Internet’s traffic include peer-to-peer file transfers, email, company VPNs, the machine-to-machine communications of APIs, Skype calls, World of Warcraft and other online games, Xbox Live, iTunes, voice-over-IP phones, iChat, and Netflix movie streaming. Many of the newer Net applications are closed, often proprietary, networks.”

This is one of the most interesting articles I’ve read in a while, give it a read and feel free to share your thoughts and whether or not you’re placing any yellow crime scene tape over your PC.

Right at the moment a Safari user visits a website, even if they’ve never been there before or entered any personal information, a malicious website can uncover their first name, last name, work place, city, state, and email address.”
Jeremiah Grossman, founder and CTO of WhiteHat Security

Here’s another new threat to your personal information, and another example how no company is exempt from security breaches.

According to an article written by Thomas Claburn of InformationWeek: “a flaw in the implementation of Safari’s AutoFill mechanism can be exploited to grab Mac users’ names, street addresses, and e-mail addresses.”

[The] entire process takes mere seconds and represents a major breach in online privacy,” says Jeremiah Grossman who believes that “the security flaw may reside in the open-source WebKit engine used by Safari and that the flaw may be present in older versions of Google’s Chrome browser, which also relies on the WebKit engine.”

The article and Grossman’s own blog are worth checking out as it was once all too rare to hear the words “Apple” and “security flaw” in the same sentence.

With all the news around the Apple iPad, I was determined that I would not buy one until the second generation became available. With the second generation, prices will undoubtedly come down and I’ll get more functionality than what’s available in the first generation. I learned my lesson with the first iPhone and the first iPod.

As I sat around on Sunday feeling very smug, I looked over at my five-year-old son who was playing with his iPod Touch. It hit me that not only do I have to base the decision of when to buy an iPad on my technology geekness, I have to base it on my son’s needs and desires. Simply put, the iPad, and similar gadgets, were not built for my generation…but built for my son’s.

With more and more digital natives entering the workplace and procuring executive positions in companies all over the world, the traditional methodologies, mechanisms, and technologies for dealing with risk will have to change. The reason for this is simple: digital natives place a different level of risk on personal and enterprise intellectual property and information. In a world where everyone can be found on Facebook and the intimate details of every company can be found via blog sites, forum discussions, and on a company’s website itself, determining how much risk should be assigned to any individual piece of information is changing and in fact becoming more dynamic.

Let’s expand this thought. What do we need to do to ensure that our technology is being built for use by “Generation I” (ones who always had iPods) and digital natives? If issues around security and trust dramatically change, as we see them already, what does the future WS_FTP client and WS_FTP server  look like? What are the expectations that our future customers will have for this technology? Is it just a new experience, e.g. GUI change? Or do we assume that many of the basics around security and management are taken care of? What does it mean for portability and mobility? Should a user be able to carry around their WS_FTP license for use on any machine? This begs an answer to the question…are Google, Apple and Microsoft my real competitors or are they just enabling the underlying infrastructure that will be and should be commoditized?

These are real questions that need real answers…and we need to have those answers very soon. As we embark on delivering technology and services that are aligned with our next-generation architecture, issues such as what to do about “Generation I” and digital natives must be addressed.

Just a few thoughts…

I’m sure many of you opened your browser to Google this morning to see the capitol of Kansas replace the search giant’s name.

Screen shot 2010-04-01 at 9.16.49 AMIf you’re like me, your first reaction was something like “Really Google? That’s all you got? Topeka? Come on . . .”

Disappointing given Google’s past April Fool’s jokes, like Google Paper and that year they championed the existence of time travel.

Well, in honor of all the creative, well-executed April Fool’s jokes out there this year, we at WhatsUp Gold would like to share with you the top 10 April Fool’s jokes of all time. Well, the top 10 April Fool’s jokes according to the Museum of Hoaxes, anyway. I mean, they’ve got to know what their talking about, right?

Enjoy!

#1: The Swiss Spaghetti Harvest


1957:
The respected BBC news show Panorama announced that thanks to a very mild winter and the virtual elimination of the dreaded spaghetti weevil, Swiss farmers were enjoying a bumper spaghetti crop. It accompanied this announcement with footage of Swiss peasants pulling strands of spaghetti down from trees. Huge numbers of viewers were taken in. Many called the BBC wanting to know how they could grow their own spaghetti tree. To this the BBC diplomatically replied, “place a sprig of spaghetti in a tin of tomato sauce and hope for the best.”

#2: Sidd Finch

1985: Sports Illustrated published a story about a new rookie pitcher who planned to play for the Mets. His name was Sidd Finch, and he could reportedly throw a baseball at 168 mph with pinpoint accuracy. This was 65 mph faster than the previous record. Surprisingly, Sidd Finch had never even played the game before. Instead, he had mastered the “art of the pitch” in a Tibetan monastery under the guidance of the “great poet-saint Lama Milaraspa.” Mets fans celebrated their teams’ amazing luck at having found such a gifted player, and Sports Illustrated was flooded with requests for more information. In reality this legendary player only existed in the imagination of the author of the article, George Plimpton.

#3: Instant Color TV

1962: In 1962 there was only one tv channel in Sweden, and it broadcast in black and white. The station’s technical expert, Kjell Stensson, appeared on the news to announce that, thanks to a new technology, viewers could convert their existing sets to display color reception. All they had to do was pull a nylon stocking over their tv screen. Stensson proceeded to demonstrate the process. Thousands of people were taken in. Regular color broadcasts only commenced in Sweden on April 1, 1970.

#4: The Taco Liberty Bell


1996:
The Taco Bell Corporation announced it had bought the Liberty Bell and was renaming it the Taco Liberty Bell. Hundreds of outraged citizens called the National Historic Park in Philadelphia where the bell was housed to express their anger. Their nerves were only calmed when Taco Bell revealed, a few hours later, that it was all a practical joke. The best line of the day came when White House press secretary Mike McCurry was asked about the sale. Thinking on his feet, he responded that the Lincoln Memorial had also been sold. It would now be known, he said, as the Ford Lincoln Mercury Memorial.

#5: San Serriffe

1977: The British newspaper The Guardian published a special seven-page supplement devoted to San Serriffe, a small republic said to consist of several semi-colon-shaped islands located in the Indian Ocean. A series of articles affectionately described the geography and culture of this obscure nation. Its two main islands were named Upper Caisse and Lower Caisse. Its capital was Bodoni, and its leader was General Pica. The Guardian‘s phones rang all day as readers sought more information about the idyllic holiday spot. Only a few noticed that everything about the island was named after printer’s terminology. The success of this hoax is widely credited with launching the enthusiasm for April Foolery that gripped the British tabloids in subsequent decades.

#6: Nixon for President

1992: National Public Radio’s Talk of the Nation program announced that Richard Nixon, in a surprise move, was running for President again. His new campaign slogan was, “I didn’t do anything wrong, and I won’t do it again.” Accompanying this announcement were audio clips of Nixon delivering his candidacy speech. Listeners responded viscerally to the announcement, flooding the show with calls expressing shock and outrage. Only during the second half of the show did the host John Hockenberry reveal that the announcement was a practical joke. Nixon’s voice was impersonated by comedian Rich Little.

#7: Alabama Changes the Value of Pi

1998: The April 1998 issue of the New Mexicans for Science and Reason newsletter contained an article claiming that the Alabama state legislature had voted to change the value of the mathematical constant pi from 3.14159 to the ‘Biblical value’ of 3.0. Soon the article made its way onto the internet, and then it rapidly spread around the world, forwarded by email. It only became apparent how far the article had spread when the Alabama legislature began receiving hundreds of calls from people protesting the legislation. The original article, which was intended as a parody of legislative attempts to circumscribe the teaching of evolution, was written by physicist Mark Boslough.

#8: The Left-Handed Whopper

1998: Burger King published a full page advertisement in USA Today announcing the introduction of a new item to their menu: a “Left-Handed Whopper” specially designed for the 32 million left-handed Americans. According to the advertisement, the new whopper included the same ingredients as the original Whopper (lettuce, tomato, hamburger patty, etc.), but all the condiments were rotated 180 degrees for the benefit of their left-handed customers. The following day Burger King issued a follow-up release revealing that although the Left-Handed Whopper was a hoax, thousands of customers had gone into restaurants to request the new sandwich. Simultaneously, according to the press release, “many others requested their own ‘right handed’ version.”

#9: Hotheaded Naked Ice Borers

1995: Discover Magazine reported that the highly respected wildlife biologist Dr. Aprile Pazzo had found a new species in Antarctica: the hotheaded naked ice borer. These fascinating creatures had bony plates on their heads that, fed by numerous blood vessels, could become burning hot, allowing the animals to bore through ice at high speeds. They used this ability to hunt penguins, melting the ice beneath the penguins and causing them to sink downwards into the resulting slush where the hotheads consumed them. After much research, Dr. Pazzo theorized that the hotheads might have been responsible for the mysterious disappearance of noted Antarctic explorer Philippe Poisson in 1837. “To the ice borers, he would have looked like a penguin,” the article quoted her as saying. Discover received more mail in response to this article than they had received for any other article in their history.

#10: Planetary Alignment Decreases Gravity

1976: The British astronomer Patrick Moore announced on BBC Radio 2 that at 9:47 AM a once-in-a-lifetime astronomical event was going to occur that listeners could experience in their very own homes. The planet Pluto would pass behind Jupiter, temporarily causing a gravitational alignment that would counteract and lessen the Earth’s own gravity. Moore told his listeners that if they jumped in the air at the exact moment that this planetary alignment occurred, they would experience a strange floating sensation. When 9:47 AM arrived, BBC2 began to receive hundreds of phone calls from listeners claiming to have felt the sensation. One woman even reported that she and her eleven friends had risen from their chairs and floated around the room.

A small Wyoming bank made national headlines when it filed a lawsuit against Google after an employee inadvertently sent sensitive customer data to the wrong user’s Gmail account (http://www.informationweek.com/story/showArticle.jhtml?articleID=220100410).  This incident reaffirms that a company doesn’t need to be the target of a massive plot by hackers to suffer a costly and damaging data breach.  In this case, simple user error resulted in the disclosure of sensitive data to unintended parties.

Obviously companies need a mechanism to exchange sensitive data with their partners and customers in order to conduct business.  Ignoring the obvious problem, using email to pass data in plain-text and no authentication to speak of along with the risk of the “Fire and Forget” nature of email is what really struck me about this incident.  Once the email containing sensitive data was sent, the sender had zero control or visibility into what happened afterwards.

Deploying a solution like MOVEit DMZ with Secure Messaging is a reasonable way to reduce the risk posed by sending sensitive data by email.  Using MOVEit DMZ provides for end-to-end encryption of the data, integrity checking, audit logging and non-repudiation, but in this incident, the two-step approach to sending sensitive data really saves the day.

When using MOVEit DMZ and Secure Messaging to send sensitive data to an external partner or customer, rather than pushing the sensitive data all the way to the intended (or unintended) recipient, that data is pushed to the MOVEit DMZ server where it is stored encrypted and available for pickup.  The intended recipient is sent temporary credentials and a link he/she can use to access the sensitive data.  All access is audited, so the sender knows exactly who, if anyone, has accessed the sensitive data.

In this particular incident, had MOVEit DMZ been used to send the sensitive data to the customer, the temporary credentials sent to the unintended recipient’s email account could have been immediately recalled as soon as the mistake was noticed, before any sensitive data was accessed.  Even if the mistake went unnoticed for days, the MOVEit DMZ tamper-evident audit logs would show whether the account had been used to access the sensitive data, or if the account credentials were sitting unread in someone’s inbox.  If the account had been used by the unintended recipient to access the sensitive data, once again the tamper-evident audit logs would provide non-reputable evidence of the unauthorized data access, giving the company stronger means to pursue legal action to recover the data.