computer world november 8, 2010

8/8/2019 Computer World November 8, 2010

1/48

COMPUTERWORLD

IT execs are getting spookedabout the security risks

of virtual servers.

The Scary Sideof Virtualization

Peer Perspective. IT Leadership. Business Results. | COMP UTER WOR L D .COM | NOVEMBER 8 , 201 0

ALSO INSIDE: Solving SharePoint Sprawl | Getting ITSet for Mobile | User Group Targets Super Vendors
http://computerworld.com/http://computerworld.com/


2/48

Being competitive starts with being productive.Heres your edge.To help your business be more productive, the IBM System x3650 M3 Express server, featuring the IntelXeon processor 5600 series, can help you achieve up to 40% increased performance. With more storageand memory capacity, it is now possible to access and process more data than ever before helping you toefficiently meet your increased business demands.

1Based on Intel Engineering Study, January 2010 - performance increase comparing latest Intel Xeon processor 5600 series to previous generation - Intel Xeon processor 5500 series. See page 8, footnote 3 for more information: http://www.intel.and government customers. Monthly payments provided are for planning purposes only and may vary based on your credit and other factors. Lease offer provided is based on an FMV lease of 36 monthly payments. Other restrictions may apply.

terms apply. For a copy of applicable product warranties, visit http://www.ibm.com/servers/support/machine_warranties. IBM makes no representation or warranty regarding third-party products or services. IBM, the IBM logo, System Storagelegal/copytrade.shtml. Intel, the Intel logo, Xeon and Xeon Inside are trademarks of Intel Corporation in the U.S. and other countries. All other products may be trademarks or registered trademarks of their respective companies. All prices andoperating system or other features. Reseller prices and savings to end users may vary. Products are subject to availability. This document was developed for offerings in the United States. IBM may not offer the products, features, or servicesor IBM Business Partner for the most current pricing in your geographic area. 2010 IBM Corporation. All rights reserved.

IBM System x3650 M3 Express(shown above)

$3,229or $83/month for 36 months2

PN: 7945-E2U

2U dual-socket server featuring up to 2 Intel Xeon processor 5600 series

Energy-efficient design, 92% efficient PS3 HS fan modules, altimeter

IBM System x3550 M3 Express


PN: 7944-E1U

1U dual-socket server featuring up to 2 Intel Xeon processor 5600 series

Energy-efficient design, 92% efficient PS6 HS fan modules, altimeter
http://www.intel.com/Assets/PDF/prodbrief/323501.pdfhttp://www.ibm.com/servers/support/machine_warrantieshttp://www.ibm.com/legal/copytrade.shtmlhttp://www.ibm.com/legal/copytrade.shtmlhttp://www.ibm.com/servers/support/machine_warrantieshttp://www.intel.com/Assets/PDF/prodbrief/323501.pdf


3/48

com/Assets/PDF/prodbrief/323501.pdf.2Global Financing offerings are provided through IBM Credit LLC in the United States and other IBM subsidiaries and divisions worldwide to qualified commercialRates and offerings are subject to change, extension or withdrawal without notice. IBM hardware products are manufactured from new parts or new and serviceable used parts. Regardless, our warranty

and System x are registered trademarks or trademarks of International Business Machines Corporation in the United States and/or other countries. For a complete list of IBM trademarks, see www.ibm.com/savings estimates are subject to change without notice, may vary according to configuration, are based upon IBMs estimated retail selling prices as of 8/09/10 and may not include storage, hard drive,discussed in this document in other countries. Prices are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative

IBM System Storage DS3500 Express


PN: 1746-A2D or 1746-C2A

Dual controller storage system with 2 GB cache, four 6 Gb SAS host

attachment ports and 12 3.5-inch SAS disk drive bays.

See for yourself.

See how much you could be saving in just minutes with the IBM Systems Consolidation Evaluation Tool.

ibm.com/systems/productivity

1 866-872-3902 (mention 6N8AH30A)
http://www.intel.com/Assets/PDF/prodbrief/323501.pdfhttp://www.ibm.com/legal/copytrade.shtmlhttp://ibm.com/systems/productivityhttp://ibm.com/systems/productivityhttp://www.intel.com/Assets/PDF/prodbrief/323501.pdfhttp://www.ibm.com/legal/copytrade.shtml


4/48

28SOLVING

SHAREPOINTSPRAWL

HEADS UP | 4 NASA wants

its data up in the clouds. |

Microsoft may face resistance

to Windows 8. | 6 The FCC

warns of a looming wireless

spectrum shortage. | Meet

the CIO who bought 4,500 iPads.

NEWS ANALYSIS

8 Ozzie to Microsoft:

Simplify, Simplify . . .

10 A new IT user group

targets super vendors.

OPINIONS | 16 Steven J.

Vaughan-Nichols ponders

why the iPad still lacks real

competition. | 36 Bart

Perkins reports that at the

World Equestrian Games,

project management meant

no horsing around. | 44 Scot

Finnie finds that IT shops are

better prepared for the mobile

onslaught than hed suspected.

DEPARTMENTS

12 The Grill: CIO Joe

AbiDaoud | 34 Security

Managers Journal: Is

it spying, or something

innocent? | 38 Career Watch

| 42 Shark Tank

COVER STORY

The Scary SideOf Virtualzation

18 IT execs are starting to get spooked about the security risks of virtual servers.

Solving SharePointSprawl

28 SharePoint sites can spread like weeds

throughout a company, creating regulatory

and e-discovery risks. Its time to assert some

control, without crimping collaboration.

Time for aChange?

32 Computerworld s most recent salary poll

shows that most IT staers havent seen a pay

raise in at least six months, and one out of

three is looking to jump ship.

FOR BREAKING NEWS, VISIT COMPUTERWORLD.COM

THIS ISSUE | 11.08.2010 [ VOL. 44, NO. 21 $5/COPY ] COMPUTERWORLDP.O. Box 9171

492 Old Connecticut Path

Framingham, MA 01701

508-879-0700

Computerworld.com

EDITORIALEditor in Chief

Scot Finnie

Executive Editors

Mitch Betts, Julia King (events)

Managing Editors

Michele Lee DeFilippo (production),

Sharon Machlis (online),

Ken Mingis (news)

Director of Blogs

Joyce Carpenter

Art Director

April Montgomery

Technologies Editor

Johanna Ambrosio

Features Editors

Valerie Potter, Ellen Fanning (specialreports), Barbara Krasnoff (reviews)

News Editors

Mike Bucken, Marian Prokop

Senior Editor

Mike Barton

National Correspondents

Julia King, Robert L. Mitchell

Reporters

Sharon Gaudin, Matt Hamblen,

Gregg Keizer, Lucas Mearian, Patrick

Thibodeau, Jaikumar Vijayan

Assistant Managing Editor

Bob Rawson (production)

Editorial Project ManagerMari Keefe

Associate Online Editor

Ken Gagn

Office Manager

Linda Gorgone

Contributing Editors

Jamie Eckle, Preston Gralla,

Tracy Mayor

CONTACTSPhone numbers, e-mail addresses

and reporters beats are available

online at Computerworld.com

(see Contacts link at the bottom

of the home page).

Letters to the Editor

Send to letters@computerworld.

com. Include an address and phone

number for immediate verification.

Letters will be edited for brevity

and clarity.

News tips

[email protected]

Subscriptions and back issues

(888) 559-7327, [email protected]

Reprints/permissions

The YGS Group, 800-501-9571,

ext. 180, computerworld@

theygsgroup.com
http://computerworld.com/http://computerworld.com/http://computerworld.com/http://computerworld.com/mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]://computerworld.com/mailto:[email protected]:[email protected]:[email protected]:[email protected]://computerworld.com/http://computerworld.com/mailto:[email protected]:[email protected]


5/48
http://www.gotoassist.com/computer


6/48

4 C O M P U T E R W O R L D N O V E M B E R 8 , 2 0 1 0

HeadsUp

FreshInsights

NewTrends

GreatIdeas

N

A

SA

/JP

L-C

A

LTE

CH

/U

C

LA

Enterprises in the midst of migrat-

ing to Windows 7 are unlikely to

repeat that same work in just two

years with Windows 8, an analyst

said last month.

[Businesses] would certainly

like to upgrade only to every other

edition, said Gartner Inc. analyst

Michael Silver. If Windows 8 comes

out in two years, many [enterprises]

will be very suspect about migrat-

ing to the next release.

Silver said companies tire of mi-

grating to new versions of operating

systems, largely because businesseshave critical applications that may

or may not run on a new edition.

It will depend on whether Win-

dows 8 includes major architectural

changes, or if its more of a polish-

ing release, Silver said. If its the

latter, it will be kind of hard to skip.

But if its a major release, Micro-

soft will have a hard time selling

[Windows 8] to the enterprise. They

saw that when [companies] skipped

Vista and stayed with XP.

Silver oered those comments af-ter the Dutch arm of Microsoft Corp.

suggested that the follow-on to

Windows 7 dubbed Windows 8

by most, if not by Microsoft will

ship in 2012.

Michael Cherry,

an analyst at Direc-

tions on Microsoft,

said Microsoft faces a challenge

with Windows 8 because Win-

dows 7 is a good operating system.

It is reliable and works well.

GREGG KEIZER

DESKTOP SYSTEMS

Microsoft MayFace ResistanceTo Windows 8

NASA IS backing open-source cloudcomputing with a single goal inmind: to stick to space explorationand stop running data centers.

Chris Kemp, NASAs chief technology

o cer, said the agencys long-term plan isto move internal IT resources to externalclouds over the next 10 to 20 years.

I dont see why NASA needs to operateany [IT] infrastructure, he said at GartnerInc.s Symposium/ITxpo in Orlando lastmonth. We can build space probes, we canbuild deep space networks, we can stay outon the frontiers where the American public

wants us to be, and not spend over $1 billiona year on IT infrastructure.

But many cloud platforms are still pro-prietary, which makes switching from one

cloud provider to another di cult.

Hoping to solve that problem, NASA de-veloped its own cloud computing software,Nebula, and released it as open-source code.Cloud service provider Rackspace HostingInc. then incorporated the Nebula code

into its own cloud management software.That led to OpenStack, which this summeremerged as an open-source cloud platform.

For NASA, Kemp said, the benefitsof open source are clear: It expands thenumber of developers working onOpenStack code and enables NASAto help influence its developmentand standards. This furthers ourobjective of having o-the-shelf productsthat meet our requirements, which includeless custom development and fewer propri-etary systems, Kemp said.

Patrick Thibodeau

DATA CENTERS

NASA Wants Its Data Up in the Clouds

NASA wants to focus on exploringnew frontiers like this space cloudteeming with gas, dust and newbornstars not IT infrastructure.

GET BREAKING NEWS ATCOMPUTERWORLD.COM


7/48

Coverage not available everywhere. The 3G Sprint Mobile Broadband Network (including data roaming) reaches over 269 million people. The Nationwide Sprint and Nextel National Networks reach over 275 and 274 million people,respectively. Other restrictions apply. See store or sprint.com for details. 2010 Sprint. Sprint and the logo are trademarks of Sprint. Other marks are the property of their respective owners.

While youwere out ... If you miss a call, you miss anopportunity. With Sprint Mobile Integration and Global MPLS,

youll have one number, one voicemail and one easy way

to control mobile usage. Simplify the way your company

stays in touch. Make it easier for clients to reach you.

And reduce company telecom expenses. Less dialing,

happier clients. Start closing. 1-866-653-1056

sprint.com/convergence

IT professionals name Sprint best provider of MPLSdelivering

best value, customer service, technology and network reliability.
http://sprint.com/http://sprint.com/convergencehttp://sprint.com/http://sprint.com/convergence


8/48

6 C o m p u t e r w o r l d N o v e m b e r 8 , 2 0 1 0

Between the linesb Jn Klssn

heads up

ino management

i vy

-c k,

62% qy

k f bc

v.

S o u r c e : L e x iS N e x iS S u r v e y o f 1 , 7 0 0

w h ite - c o L L a r w o r Ke r S , o c to b e r 2 0 1 0

MicroBurst

Metonic Inc., which maes mei-

cal evices, may be one o the eali-

est an biggest copoate byes o

Apple Inc.s iPa tablet. CIO Michael

Heges has pchase 4,500 iPas

o his company, which employs

40,000 people.

The iPa was elease on Apil 3,

a Satay, an Heges qicly a-

ange to by 10 iPas to ship to atae show in Gemany the ollow-

ing Wenesay.

Nomally, Metonic has lage

an vey expensive isplays at its

booth, bt in this case it loae p

the iPas with poct inomation

an then pt them on isplay.

The iPa wasnt being sol yet in

Eope, an the evices wee an

immeiate hit, Heges ecalle at a

Gatne Inc. event last month.

It was sch a hge sccess,

becase people came to o boothnot to loo at the Metonic poct

bt to loo at the iPa, he sai. I

int cae I jst wante them at

the booth.

Bt Heges boght many moe

iPas becase they ofe instant

access to ata an vieo, a pa-

ticlaly impotant attibte when

showing poct inomation to

cstomes. Heges ae that the

iPas instant-on capability was a

ey eate o the bsiness.

PATrICk THIBOdEAu

moBile Computing

Meet the CIO

Who Bought4,500 iPads

moBile data trac in the U.S.

will be 35 times higher in 2014than it was in 2009, leading toa massive wireless spectrum

shortage i the government ails to make moreavailable, the Federal Communications Com-mission said in a paper released last month.

About 42% o U.S. mobile customers nowown a smartphone, up rom 16% three years

ago, and between the rst quarter o 2009and the second quarter o 2010, data use permobile line grew by 450%, the paper said.

The FCC expects smartphone use anda corresponding increase in mobile data use to continue to skyrocket, FCC Chairman

Julius Genachowski said.I we dont act to update our spectrum poli-

cies or the 21st century, were going to run intoa wall a spectrum crunch that will stife

American innovation and economic growthand cost us the opportunity to lead the worldin mobile communications, he warned.

In a national broadband plan released in

March, the FCC called or 300 MHz o spec-trum to be made available or mobile broadbanduses in the next ve years, and an additional200 MHz in the subsequent ve years.

Much o that spectrum would come rombands now controlled by the FCC or other gov-ernment agencies, but 120 MHz would comerom spectrum now owned but unused by U.S.television stations. Under the broadband plan,

the stations would give back unused spectrumin exchange or part o the prots when thespectrum is sold at auction.

The FCC would need congressional approv-al to hold these so-called incentive auctions.

The National Association o Broadcasterswas cool to the proposal that TV stations giveup spectrum. NAB Executive Vice Presi-dent Dennis Wharton said the trade grouplooks orward to working with the FCC andCongress to ensure that spectrum deploy-ment matches actual spectrum demand anddoesnt harm the U.S. broadcasting system.

Grant Gross, IDG News Service

washington watCh

FCC: Wireless Spectrum Shortage Looms
http://www.jklossner.com/


9/48
http://www.eset.com/


10/48


News ANAlysis

DepArtiNg miCrosoft Corp. executive Ray Ozzie isleaving behind a new ve-year plan that exhorts thecompany to push urther into the cloud or perish.

The so-called Dawn o a New Day memoran-dum written by Ozzie, who succeeded Bill Gates as

Microsots chie sotware architect in 2006, urges the companyto imagine a world where the PC is replaced by a slew o simple,low-cost devices that are constantly connected to the Internetand through that to cloud-based services.

The memo was posted on Ozzies personal blog site shortly

ater Microsots Oct. 18 announcement that thecreator o Lotus Notes planned to retire soon.

Wes Miller, an analyst at Directions on Microsotand a ormer Microsot product manager, noted thatOzzies doomsday-ish missive rarely mentions the

words PCor Windows. The words that are most promi-nent are devices and services. That shows that Ozziebelieves the uture will revolve around connecteddevices and continuous services.

The communiqu is in many ways reminiscent oone Ozzie wrote in 2005 warning ofcials that thecompany had to quickly jump into the cloud.

Ray has become synonymous with connectedcollaboration and the cloud, Miller said, notingthat Ozzie oversaw development o the Azure cloudplatorm that Microsot released earlier this year. Hesought the valiant ght at Microsot, but hes sayingthe company needs to continue investing in the cloud.

While Ozzie acknowledged the success that someo Microsots rivals have had in moving toward his

worldview, he didnt name names. Our early and clearvision notwithstanding, their execution has surpassed

our own in mobile experiences, in the seamless usiono hardware & sotware & services, and in social net-working & myriad new orms o Internet-centric socialinteraction, Ozzie wrote.

Ozzie didnt have to mention Apple, Google orFacebook to get his message across to Microsot, saidMiller. They know who hes talking about.

The memo urged Microsot to stress simplicityover complexity and essentially said that the lucrative35-year-old Windows ranchise and its surroundingecosystem are examples o the latter.

Complexity kills, Ozzie said. Complexity sucksthe lie out o users, developers and IT. Complexity

makes products difcult to plan, build, test and use.Complexity introduces security challenges. Complex-ity causes administrator rustration.

Its unlikely that Ozzies message came as a surpriseto Microsots management team. This may be the last chanceor Ray Ozzie to make his thoughts known, but I think hes saidthis internally or a long time, said Miller.

But moving rom a PC-centric world into the cloud wont beeasy or a company the size o Microsot.

My rustration is that its a big ship, and the velocity withwhich the boat is going will make it hard, Miller said. Youretalking about competing with companies that are, i not out-innovating Microsot, then outpacing them. u

Nanc ghn of the IDG News Service contributed to this story.

Ozzie to Microsoft:Simplify, Simplify . . .The chief software architects doomsday-ishclarion call implores Microsoft to further embracecloud computing or face irrelevancy in anindustry it has long dominated. By Gregg Keizer

Complexity kills. Complexitysucks the lie out o users,

developers and IT. Complexity makesproducts difcult to plan, build, test and use.

rAy ozzie,(left) chief software architect,microsoft corp.

J a m e s D u n c a n D a v i D s o n / o R e i l l y m e D i a , i n c .


11/48

IBM, the IBM logo, ibm.com, Smarter Planet and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service namesmight be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at www.ibm.com/legal/copytrade.shtml. International Business Machines Corporation 2010.

A data visualization of the settlement pricesfor gold, silver and other commodities from

March 1 to September 1, 2010.

It means that the futures contract for that gold can trade instantly and more securely. The Dubai Gold & Commodities

Exchange (DGCX) has maintained their complex network of worldwide members for four years without a single

security breach due to malware, and without any unplanned downtime. The DGCX worked with IBM SecuritySolutions to help implement an intrusion prevention system that builds security into every aspect of their online

trading services and proactively adapts to ever-evolving threats. A smarter business is built on smarter software,

systems and services.

Lets build a smarter planet. ibm.com/exchange

Smarter technology for a Smarter Planet:

What 99.9% system uptimemeans to a kilo of gold.
http://ibm.com/http://www.ibm.com/legal/copytrade.shtmlhttp://ibm.com/exchangehttp://ibm.com/http://ibm.com/exchangehttp://www.ibm.com/legal/copytrade.shtml


12/48


News ANAlysis

WheN the opeN dAtA CeNter AlliANCewasintroduced late last month, its leaders claimedthat the initial 70-plus members representedover $50 billion in collective IT spending. Theirmessage to IT vendors was unmistakable.

Andrew Feig, global head o the technology advisory group atalliance member UBS, said the new association aims to help itsmembers retain the ability to really run our business the way we

want, versus being told how to run it [by vendors].Thus the consortium will use its combined clout to, amongother things, persuade technology companies to slow or haltseveral trends, including the move toward

vendor lock-in in the cloud, the increase inthe number o proprietary and highly inte-grated technology stacks, and the continu-ation o IT industry consolidation whichalliance members cite as a key cause o theother problems they want to combat.

The worldwide alliances membershipincludes major companies in a variety o in-dustries that arent ocused on any one tech-

nology, including automaker BMW; nancial

services rms UBS, Deutsche Bankand JPMorgan Chase; hospitalitycompany Marriott International; andenergy supplier Shell Oil.

Jonathan Eunice, an analyst at Illu-minata Inc., noted that the ormationo the alliance runs counter to thetrend o user groups shrinking in sizeand inuence and becoming tightlyintegrated with specic vendors. Wereally lack powerul user organiza-tions in this industry, he said.

The alliance doesnt plan to publishspecications or standards, but it

will create road maps and use casesthat look at broad corporate IT needs,such as cross-platorm management,interoperability and the ability tomove inrastructure and applicationsrom one cloud platorm to another.

Then the group will use its hoped-or clout to urge tech vendors to planproducts with those needs in mind.

Feig said many o the problemsaced by large users can be traced tothe persistent industry consolidationthat is creating what Gartner Inc.calls super vendors.

Consolidation is continuing at arapid pace, he said. Start-ups getbought early on in their lie cycleand never get to become big com-

petitors to any o these guys.Feig warned that without adequaterecourse, companies that becomeexcessively reliant on integratedproducts made by the big vendors

will become less likely to adopt innovative new technologies.Martin Wheeler, chie strategy ofcer at IT inrastructure

services provider Terremark Worldwide Inc., and chairman andsecretary o the alliance, added, Weve got to start having anorganized voice so all these tremendous technological advancescan be organized in a meaningul way.

Alliance President Curt Aubley, who is vice president o cyber-security and next-generation innovations at Lockheed Martin

Inormation Systems and Global Services, said he sees amazingcapabilities developing on the Web. However, he added, i adeveloper needs to move applications that they develop on one

cloud platorm to another cloud platorm, theyare in essence rewriting that application.

Vendors encourage eedback and want to beresponsive to customer demands, said Aubley.The consortium will provide that eedback in amore unied ashion, he explained.

Eunice said the creation o the alliance waslikely encouraged in part by social media,

which has led to more collaboration, opennessand new attitudes about cooperation between

vendors and their customers. u

New IT User GroupTargets Super VendorsThe Open Data Center Alliance, which claims to collectively

spend billions on IT, hopes to wield a big stick in combatingvendor lock-in and tech consolidation. By Patrick Thibodeau

F o t o l i a / D m i t r y E r s l E r


13/48

90-Day MoneyBack Guarantee

24/7 Toll-FreeSupport

*Offers begin Novembe r 1, 2010. 12 month minimum contract term applies for web hosting of fers. Setup fee and othe r terms and conditions may apply. Domain offers valid first year only. Af ter first year, standard

pricing applies. Visit www.1and1.comfor full promotional offer details. P rogram and pricing specifications and availability subject to change without notice. 1&1 and the 1&1 logo are trademarks of 1&1 Internet AG,

all other trademarks are the proper ty of their respective owners. 2010 1&1 Internet, Inc. All rights reser ved.

ALL WEB HOSTINGPACKAGES JUST: $3.99For the first 3 months!per month*

Call 1-877-GO-1AND1 or visit us now www.1and1.com

DOMAIN OFFERS:

.info only $0.99first year*

.com only $4.99first year*

Free WebMarketing Tools

Whether youre a beginner or aprofessional, 1&1 offers a full rangeof website solutions to suit your needs.For a limited time, were offering allweb hosting packages at one incredible

low price. Website building tools,unlimited traffic, and search enginemarketing dollars are included withall packages.

Go to www.1and1.com to choose yourpackage!

WEBSITE PLANS

ON SALE!
http://www.1and1.com/http://www.1and1.com/http://www.1and1.com/http://www.1and1.com/http://www.1and1.com/http://www.1and1.com/


14/48


The

Grll

Joe AbidAoud, CIO at Toronto-based metals mining company HudBay Minerals Inc.,supports more than 1,400 employees, including 1,200 miners in Flin Flon, a remoteoutpost in Manitoba where copper and zinc ore are extracted rom a mine over a mileunderground. Since starting in February, he has overseen the launch o a $20 million

ERP project, but he has also been looking or low-hanging ruit projects with a quickpayback. AbiDaoud talked about what its like to support IT operations in ar-fung locations.

whas h s changng asc f vng it svcs a nng snss? Theoperations happen in very remote areas of the world, so we support IT in a decentral-ized model. We provide regional support at the site of operation and have some central-ized IT functions around shared services and IT governance. For the most part, we tryto provide end-user support locally. Logistically, thats easier.

Continued on page 14

r : Kuud Kalia, CIo at

Dict engy. H is n th st

CIos in th industy and hlpd

wk int y st diisin CIo j.

Fav as: I ha tw

childn und 2, s its spnding as

uch ti as I can with th.

I cllct win, and I lik gd cigas.

Fav vc: I d l t at.

I l ating ut at difnt

stauants quit a it.

rcn ks:

Good to Great: Why Some Companies

Make the Leap . . . and Others Dont, y

Ji Cllins. Als Rework, y

Jasn Fid and Daid Hini

Hanssn, unds 37signals LLC.

Anyn ging int th wkc

shuld ad that k.

This ining cpany

CIo ust ngin

chang in a cultuthat sists it.

JAda


15/48

Congratulations, to the2010 Winners and Finalists!

ACHIEVING ENTERPRISE AGILITY

Sponsored by

PROVEN

FOCUSN

AGILITY

ISION

INSIGHT

ECISION

SMARTER

SMART

FOCUPROV

Computerworldproudly announces the results of this yearsEnterprise Intelligence Awards Program. This program honors bestpractices in the use of information technology solutions built onTeradata platforms.

The worlds business leaders have trusted Teradata and its partnersfor decades as the key to their competitive edge... empoweringinnovators to cut through the complexities of business to makesmarter, faster decisions.

The Winner and Finalists in each category are:

Winner: Maybank BerhadFor the significant business and technical results of its Analytical Customer Relationship Management (aCRM) project.With an ROI of 180%, the system shortened lead generation time from weeks to one day.

Finalist: Shop Direct Group submitted with Speed-TrapFinalist: The Bank of East Asia, Limited

Winner: Cabelas Inc. submitted with Informatica Corporation

For a multi-channel data warehouse initiative and creation of an analytical information framework that has improvedadvertising effectiveness, inventory and margin strategies.

Finalist: Station Casinos submitted with IBMFinalist: VIVO, S/A

Winner: Defense Logistics Agency (DLA) and United States Transportation Command(USTRANSCOM)For excellence in strategic reuse of existing architecture across government agencies to create a scalable system thatenables faster development of data applications.

Finalist: Centers for Medicare & Medicaid Services

Finalist: Land Transport Authority of Singapore submitted with Wipro Technologies

Winner: VonageFor the speed and difficulty of building, in less than one year, a data warehouse with advanced analytics that collectsand processes billions of registration records/day.

Finalist: Banco BradescoFinalist: Discover Financial Services

Winner: GE HealthcareFor the scope, process and results involved in the successful integration of data from different systems at more than

400 legal entities around the world, into an enterprise performance management system.Finalist: American AirlinesFinalist: Siam Commercial Bank PCL
http://www.teradata.com/


16/48

The Grill | Joe AbiDAouD

14 C o m p u T e r w o r l d N o v e m b e r 8 , 2 0 1 0

The mining indus-try is closely tied to theeconomy. When pro-duction ramps down,IT is a cost center thatneeds to be rampeddown accordingly. Wehave to be able to reactquickly. We are tryingto create some variabil-ity in the IT services

we provide, so werelooking at servicingsome things throughexternal parties. Data-base support has beenoutsourced. Were alsolooking at some inra-structure support. OurIT sta is pretty lean.[HudBays IT groupconsists o 12 ull-timestaers and sevencontract workers.]

wat a y ky

iT ntatvs t

cng ya? Our ERPproject is our No. 1 pri-ority. No. 2 is buildingout another mine we

have in the Flin Flonarea, our largest todate. Our No. 3 prior-ity is enhancementsto the ERP system,

which is expected to go into production in April 2011.The ourth thing is to digitize the exploration anddevelopment divisions geological data.

wat as t bsnss cas t n erp syst?

Management realized they couldnt scale. I we wentout and bought another mine, we could not integratethat operation onto the platorm that exists. I we

put a mine in Arizona or Guatemala, we wouldnthave best-in-class systems and business processesor it. Our current business processes are very muchcustom-tailored to how people were doing things inFlin Flon. They are not scalable. Theyre very manual.

h s t tnss Fn Fn act y iT

actct? We have mini data centers at these sitesor perormance reasons. However, I am not sure i

were going to stay with this model. Our new ERPsystem will be a shared service and will be hosted inour primary location.

is t a cang t fn bsnss csss

a n erp syst n a ct tat snt s t

cang? Youve got people who enjoy doing things theway they have always done them or 25 or 30 years.So to come along and say, Heres something newand something you can do dierently, theres a hugeamount o resistance to that.

Were talking about that right now with our ERPimplementation. There has not been a major sotwareimplementation in this company since the early 90s.For us to introduce this new ERP system with newunctionality, new ways o doing things and chang-ing the business processes, theyre nding that verydifcult to cope with.

h a y assng tat sstanc? The conver-sation [needs to be] around change management andhow you get people to identiy with the project.

I people cant identiy with it, it has no relevanceto their job. In act, the guy who is driving a pickuptruck [at a mine site] may not see a signicant impactin terms o his job. But in terms o scheduling thatpersons job and scheduling repairs or that truck andordering parts that all will be driven by businessprocesses governed by the new ERP system. So wehave someone who works with each o the departmentheads to come up with a way o explaining how thechange impacts people so they can identiy with it.

T a jst 6,500 n t gat Fn Fn

aa. h y fn qaf iT n sc a

t catn? It is very difcult to recruit people,so we developed a program that takes people who

are already in the organization and trains them tobecome IT proessionals. These people could beworking anywhere in mining operations.

wat a y iT ganzatns bggst cangs?

One is the perception o IT as an order-taker. Notonly can we provide services, but we can anticipatethe business needs and come to the table with thingsthat add value.

For example, our exploration and development di-vision is the lieline o this organization. Theyre theones that go out and nd new mines or extend theore body beyond what currently exists. We provide

them with laptops and e-mail, and thats about it.They have kept all o their geological data on spread-sheets and paper. They could leave, and we wouldhave no idea what they did or did not do. So werelooking at how to digitize all o that geological dataand how to connect it so that its more meaningul.

We have historical data thats been sitting in vaultsor 40 or 50 years. I we digitize it and apply somenew algorithms to it that didnt exist 40 or 50 yearsago, they could probably nd some more mines onland we explored and [thought was] exhausted. Thisis an area where IT can play a leadership role.

Interview by rbt l. mtc

Continued from page 12

Nt ny can vsvcs,ut w can

anticipat th usinssnds and c t th talwith things that add alu.


17/48
http://microsoft.com/cloud


18/48


opinion

I predictedthat Linux-based tabletswould quicklygive the iPad

a run for itsmoney. I was

wrong.

W

here is the iPads competition?By this time, Id expected to see some real comers gunning

or Apples iPad tablet. Hasnt happened.You want to talk about HPs just-released Slate 500? It has a

starting list price o $799. An iPad can cost thatmuch, but the price starts at $499, and peoplehave demonstrated that theyre willing to pay thatmuch and more. Are people going to eel the same

way about the Slate 500? Highly doubtul.The Slate has an 8.9-in. screen, compared to

iPads 9.7 in., and it runs Windows 7. Now, tellme, how many Windows 7 apps are there or apure touch-screen tablet? The iPad boasts over

5,000. And get this: For your 800 bucks, you geta Wi-Fi-only device. Makes you wonder whetherHPs goal is to see whether it can ship a productthat can die even aster than Microsots Kin did.

Some people would tell you that since Windowsis under the hood, the Slate is going to getsnapped up by business users who wouldnt touchan Apple product. Really? Thousands o peopleare already buying iPads or business use.

Its not just HP, though. HP just stands out orhaving the dumbest iPad-rival launch to date.

Anyone paying attention knows that iPads areselling aster than hotcakes on a cold Vermont

morning. So, where are the iPads rivals?The rst problem was that everyone under-estimated just how popular the iPad would be.There was a sense it was going to be big, but whoknew that almost 7.5 million iPads would be soldin the devices rst two quarters o existence? Sud-denly, tablets went rom being a niche market orcompanies like Fujitsu to being big, big business.

The result? Almost no one had their manu-acturing ducks in a row. Even now you can seeOEMs struggling with basic design issues. Willtablets with 7-in. displays sell? Maybe. Maybe not.

When it rst became apparent that the iPad

was going to turn the tablet PC rom a niche

product into a best-seller, I predicted that Linux-based tablets would quickly give the iPad a run orits money. I was wrong. I still think it will happen,just not as soon as I thought.

Linux-powered tablets like the Dell Streak,which is due to get upgraded to Android 2.2, arenally making their way into the marketplace, butthere wont be a food o them out by the holidays.

It turns out that while Android 2.0 and 2.2

make killer smartphone operating systems, theyrenot quite ready or tablets. The problem that manywould-be Android tablet builders, such as Archos,Toshiba and ViewSonic, have encountered is thatthe current generations o Android dont do such agreat job with a tablets larger interace.

The other Linux contenders, such as MeeGo the embedded Linux with the best chance to rival

Android wont be rolling out until 2011. TheGoogle Chrome operating system, due out realsoon now, is well, still due out real soon now.

Windows 7? Oh, I guess it could be a competi-tor, but historically Microsot has always fopped

with mobile phones and other embedded devices.The olks in Redmond have also done a lousy jobo competing head-to-head with Apple in thisarena. I can make my point with one word: Zune.

So, or the time being, or at least through the2010 holiday season, the iPad rules. Sometimein 2011, well start seeing real competition, butnot this year. I still think that the Android Linuxmodels will be the rst to give the iPad a real race.Unlike the other possible contenders, the AndroidLinux community already has a large group o ap-plication programmers ready and able to developtablet apps, just as Apple does. But or now, its

still an iPad world. u

sv J. Vaga-

nc has been

writing about

technology and the

business of technology

since CP/M-80 was

cutting-edge and

300bit/sec. was a fast

Internet connection

and we liked it!

He can be reached at

[email protected].

The iPad Stands Alone

S.J.Vaughan-nicholS
mailto:[email protected]:[email protected]


19/48

2010 Schneider Electric Industries SAS, All Rights Reserved. Schneider Electric, APC, Smart-UPS, and Legendary Reliability are owned by Schneider Electric, or its affiliated companies in the United States and

other countries. e-mail: [email protected] 132 Fairgrounds Road, West Kingston, RI 0289 2 USA 998-2158

Intuitive alphanumeric display:Get detailed UPS and power quality

information at a glance including status,about, and diagnostic log menus in yourchoice of up to five languages.

Energy savings:A patent-pendinggreen mode achieves

online efficiencies

approaching 99 percent,reducing heat loss andutility costs.

Configurable interface:Set up and control key UPS parameters andfunctions using the intuitive navigation keys.

On rack/tower convertible models, thedisplay rotates 90 degrees for easy viewing.

Announcing the new, interactiveenergy-saving APC Smart-UPS

Only APC offers the most technologically advanced,

user-friendly features, and guaranteed reliability youneed to protect your critical data and equipment. Look

for APC on the outside to ensure Legendary Reliabilityon the inside.

What do you get when you combine 25 years of Legendary Reliability with

the latest in UPS technology? Introducing the new APC Smart-UPSrange of

interactive, intuitive, and energy-saving UPS units, designed to protect critical

server and network equipment from power threats and downtime.

New APC Smart-UPS: Smarter. Easier. Greener.

Thanks to millions of dollars in research, APC can proudly claim that only the

new Smart-UPS features the unique battery life expectancy predictor, telling

you the exact month and year for battery replacement. Precision temperature-

compensated charging extends battery life; unique power meter function

monitors energy usage; and a patent-pending green mode boosts online

efficiencies up to 99 percent, saving on utility costs. Plus, the interactive LCD

provides detailed status, configuration, and diagnostic information previously

available only via software.

When dollars count and performance is critical, insist on the more intelligent,

more intuitive APC Smart-UPS. Now more than ever, the name on the outsideguarantees reliability on the inside: APC Smart-UPS.

If you want Legendary Reliabilityinside, it had better say APC outside.

Download a FREE copy of the APC White Paper #10, Preventing Data

Corruption in the Event of an Extended Power Outage.Visitwww.apc.com/promo Key Code w698w Call 888-289-APCC x9793 Fax 401-788-2797
mailto:[email protected]://www.apc.com/promohttp://www.apc.com/promomailto:[email protected]://www.apc.com/promo


20/48

18 C O M P U T E R W O R L D N O V E M B E R 8 , 2 0 1 0

COVER STORY


21/48

Computerworld . Com 19

At the Computerworld Premier 100 ITLeaders conference in March, one CIOstood up to express his unease about thesecurity of a virtual infrastructure that hassubsumed more than half of his companysproduction servers. Two other IT executiveschimed in with their own nagging worries.

None of the executives in that room wantedto admit on the record that they feel vulnerable, but Jai

Chanani, senior director of technical services and architec-ture at Rent-A-Center Inc., feels their pain. One of my biggest

The

ScarySide ofVirtualizationIT execs are starting to get spooked about the security risksof virtual servers.By roBert l. Mitchell

+++++++++++++++++++++

Fo

to

lia

/

Ja

co

b

lu

n

d

/

a

r

tca

lin

/

K

a

rlio

n

a

u

coVer story
http://computerworld.com/http://computerworld.com/http://computerworld.com/


22/48


Cover story

ears is the abilityto steal [virtualservers], he says.

Chananis teamhas about 200

virtual serversoperating as le,print and, in somecases, applicationservers. But, orsecurity reasons,his shop doesntuse virtualizationor the companysERP system, data-bases or e-mail.

Michael Israel, CIO at amusement park operatorSix Flags Inc., voices a dierent concern. For him,the most unnerving scenario is a rogue administratormoving virtual servers rom a secure network segmentonto physical hosts in an unsecured segment, or creat-ing new, undocumented, unlicensed and unpatched

virtual servers. The last thing I want is 25 servers outthere that I dont know exist, he says.

John Kindervag, an analyst at Forrester ResearchInc., says hes heard stories rom clients who have hadVMwares vCenter management console compro-mised, enabling the attacker to copy a virtual machinethat can then be run to access data. When you steal aVM, its like you broke into the data center and stole apiece o hardware. Its potentially devastating, he says.

We worked or many years with customers on best

practices that make this a complete nonissue, saysVenu Aravamudan, senior director o product market-ing at VMware Inc. He says most users address suchrisks by ollowing best practices such as creating anisolated network segment or managing the resources,and creating role-based access controls.

The migration onto virtual servers has saved busi-nesses huge sums o money as a result o consolida-tion and improved efciency, but as virtualization

C ak a, az a 50% f b-ccaa a

fac a a,G, a c?

Kris lovejoy,vice president,

iBM security solutions

r-A-C ja Caa aza f erp, aaba -a.i

n An unCheCKed, unnitd itual ninnt, adinista-

ts a all-pwul and thats nt a gd thing, cnsultants and IT

xcutis ag. This gis s adins th kys t th kingd,

and st th ti thy dnt undstand th scuity isks, says

vauda Jdan, sni scuity ngin th Phnix city gnnt.

F xapl, adinistats ay cat a itual FTP s that

cpiss scuity. o thy ay inadtntly us a itual-achin

igatin tl t a s nt dint hadwa aintnanc

asns, withut alizing that th nw hst is n an untustd ntwk

sgnt.

Failu t iplnt st pactics, t stalish a cla spaatin

dutis in itual inastuctu, is an all-t-cn pl, says Andw

mul, a sni scuity cnsultant at rSA. Flks still tday dnt lik t

pactic sggatin dutis. Thy gi th cwn jwls t a sall nu-

ppl, mul says. H cnds dlping a stng chang-

anagnt pcss that includs issuing chang anagnt tickts.

KC Cndit, sni dict

inatin scuity at rnt-A-

Cnt, ags. In th itual

wld, th is n inhnt spa-

atin dutis, s yu ha tuild that in, h says. Chang

anagnt, cnguatin

anagnt and accss cntl

a ital t scuing th itual

inastuctu.

Cplianc is anth cncn.

As dict systs ngin-

ing at th Cuncil eup

Dlpnt bank, Jan-Luis

Nguyn nds t nit actiity

t nsu that th adinistats

140 itual achins cply

with gulatins and anag-nt quints. Th ank tid using vmwas lgging capailitis

ut ndd a tt way t cnslidat th inatin. Gtting at ths

lgs was nntiial, h says. H ndd up using a ddicatd tl

HyTust that pids a cntal lg all actiity.

Th ank als usd HyTust t st up a cpltly sggatd i tual n-

innt th chi scuity fc, wh can nit th nti physi-

cal and itual s inastuctu.

Th ky is t assu yu anagnt that ths n adinistat

aus, Nguyn says. W ndd t ctain that w adinisting

systs and nt pking int th data.

roberT L. mITCHeLL

r-A-CKC C aa ca aa f k a az .

BewAre the

All-powerfulAdMin+++++++++++++++



23/48

www.dell.com/KACE 877.MGMT.DONE

Deploy in days,

not months.

Other Systems

Management Vendors

No kidding around. Installing a Dell KACE appliance gives you comprehensive systems managementin days, not months. We also do it for a low total cost of ownership. Give us a call, let us prove it.

Network World

> Best of the

Tests 2010
http://www.dell.com/KACEhttp://www.dell.com/KACE


24/48

Copyright 2010 CA. All rights reserved.


25/48

you can

quit stalling

Virtual stall.

It happens when virtualization deployments grow fast across an

enterprise or across silos. Eventually, you run into scalability issues.

It gets harder and harder to map the application to the infrastructure.

Visibility diminishes. Process issues multiply.

CA Technologies can help you break through virtual stall and realize

the value of your virtualization investment. We offer virtualization

management solutions that can help you prioritize applications and

measure both physical and virtual performance.

To overcome virtual stall and accelerate

real results, visit ca.com
http://ca.com/http://ca.com/


26/48


Cover story

gobbles up more and more production servers, someIT executives are getting indigestion. Has anythingbeen overlooked? Could a catastrophic breach bringdown critical applications or perhaps an entiredata center?

Customers wake up one day, realize that 50% otheir business-critical apps reside on virtual inra-structure and say, Gee, is that secure? Thats verycommon, says Kris Lovejoy, vice president o strategyat IBM Security Solutions, a security consultancy.

There are some huge, well-known corporatenames around the globe that youd think would havethis stu pretty much beat. That couldnt be urtherrom the truth, says Andrew Mul, a senior securityconsultant in EMC Corp.s RSA unit.

The problem isnt that a virtual inrastructure isdicult to secure per se, but that many companiesstill havent adapted their best practices (i they havethem) to the new environment.

v HchVirtualization introducestechnologies includinga new sotware layer, thehypervisor that must bemanaged. Also new: virtualswitching, which routesnetwork trac between

virtual servers in ways thatarent always visible to toolsdesigned to monitor trac on

the physical network.Moreover, virtualizationbreaks down the traditional separation o duties

within IT by allowing a single administrator togenerate new virtual servers en masse at the pusho a button, without approval rom purchasing orinput rom the network, storage, business continuityor IT security groups (see Beware the All-Powerul

Admin, page 20).Meanwhile, virtualization-aware security technol-

ogies and best practices are still evolving. The markethas emerged so quickly that customers havent beenable to keep up rom a best-practices standpoint, says

Lovejoy. Theres a lack o knowledge on the subjectand a lack o skills in the feld.The questions about security in a virtual environ-

ment are centered around lack o visibility, lack ocontrol, and ear o the unknown, says Bill Trussell,managing director o security research at TheIno-Pro, an IT market research frm in New York.

Could someone hijack a hypervisor within a busi-nesss virtual inrastructure and use it to compromiseall o the virtual servers residing on top o it as oneCIO eared? Could an attacker breach one virtualserver and use it as a platorm to attack another

virtual server, such as a payment-card processing ap-

plication residing on the same hardware, without the

administrator ever knowing about it?Concerns about scary scenarios like those persist

despite the act that there have been no knownattacks against virtual inrastructures, says EricBaize, RSAs senior director or secure inrastructure.

When TheInoPro surveyed 214 IT security proes-sionals earlier this year, it ound that one-third werevery or extremely concerned about security in a

virtualized environment.Worries about an attack that could compromise a

hypervisor rose ater Joanna Rutkowskas demonstra-tion o the Blue Pill hypervisor malware rootkit at aBlack Hat conerence in 2006.

Since then, however, the industry has movedorward with hardware technologies to ensure theintegrity o hypervisors, such as Intels Virtualiza-tion Technology or Directed I/O (known as VT-d).Today, most o [Intels] Core i5 and i7 processorshave those technologies, and virtualization sotwareproviders have moved to support those eatures, saysRutkowska, ounder and CEO o Invisible ThingsLab, an IT security research frm.

Rutkowska hersel doubts that anyone will actuallyuse a Blue Pill-type rootkit to compromise virtualmachines. The bad guys dont really have any incen-tive to use such sophisticated rootkits, she says,especially since better-known rootkit technologyrom the 90s still works well or attacking traditionaloperating systems.

People are wringing their hands over theoreticalscenarios rather than ones that have been document-ed to be a problem, Trussell says.

But virtualization does involve risks i bestpractices arent ollowed and adapted to a virtualinrastructure. For example, the hypervisor must bepatched just like any other operating system, saysKC Condit, senior director o inormation security atRent-A-Center.

Security consultants say theyve noticed a widevariety o security problems at customer sites.

Lovejoy is seeing malware and cross-site scriptingissues that result rom poorly constructed virtualmachine images, or example. Commonly, thatimage will contain malware or have vulnerabilitiesthat can be exploited very easily, she says. It used to

happen once. Now these images are being deployedwithout end, creating massive headaches or people.Were seeing a lot o misconfgured hypervisors,

adds RSAs Mul. He says he oten sees poor patch-management practices or virtual machines andthe use o easily guessed or deault usernames andpasswords or virtual machine manager programsthat have ull access to the hypervisor. In addition, hesays, we sporadically see virtual machine manage-ment tools on the wrong side o the frewall.

Using deault passwords when creating new virtualservers is very common, says Harold Moss, CTO ocloud security strategy at IBM Security Solutions,

Hypervisor:tHe virtual enforCer?

Thid-paty nds such as t mc ic.

a fing add-n stwa t up th

cuity th hypis lay. but s xpts

wy that as th lay gts cwdd and

cplx, it cs a igg tagt scuity

attacks. F n this tpic, s u sty at

h://.c/h-c.


http://tinyurl.com/hyper-securehttp://tinyurl.com/hyper-securehttp://tinyurl.com/hyper-secure


27/48

Scale up, scale downno biggie.

Cloud management should be quick and easy. With Computing as a Service (CaaS) SMB, it is. Our

intuitive dashboard enables you to provision servers and scale computing up or down in minutes.CaaS SMB lets you pay only for the capacity your business needs, when it needs it, so you can avoid

the expense of expanding and maintaining on-site servers. Only Verizons service features physically

redundant architecture for up to 100 percent availability, fully integrated rewalls, and enterprise-

grade virtualization, so your data and applications stay secure. And unlike other cloud solutions,

theres no minimum commitment to use it.

To get started with CaaS SMB, visitverizonbusiness.com/caassmb today.

ON DEMAND NO COMMITMENT EASY TO USE SCALABLE RELIABLE SECURE 2010 Verizon. All Rights Reserved.

altogetherbetter
http://verizonbusiness.com/caassmbhttp://verizonbusiness.com/caassmbhttp://verizonbusiness.com/caassmbhttp://verizonbusiness.com/caassmb


28/48


Cover story

and people responsible or administering the newmachines dont always change them either. Would-bethieves could dial into a machine, guess the passwordand have complete control, he explains.

In addition, because virtual machine images aredata program code stored on a hard disk drivesomewhere those les must be protected. Youdont want someone walking away with an entireserver on a USB drive, says Vauda Jordan, senior se-curity engineer or the Phoenix city government. Shesays the city uses a combination o physical security,network storage access controls and le integritymonitoring to protect virtual machine images.

The trac owing between virtual machines isanother area o concern, since rewalls, intrusion-de-tection and -prevention systems, and other monitoring

tools cant tell i the virtualmachines are running onthe same hardware.

Ive put packet snif-ers on virtual servers, andnothing is going in and outo the physical networkinterace. So, how are thosecommunications happen-ing? And are they oversecure channels? asks

Jordan. While the city hasa signicant investmentin virtual inrastructure,

Jordan wont even talk about

the technology or its scope,citing security concerns.With VMwares ESX

Server and the other majorvirtualization platorms, thedata that passes between

virtual machines is unen-crypted. Aravamudan saysencryption is being actively

considered at VMware, but he declined to say whenit might be added to the companys products.

Systems like VMwares vShield and other third-party tools can create virtual rewalls that segment

VMware, XenServer, Hyper-V and other virtualmachines into diferent security zones, but not allorganizations have implemented them. For example,the creation o secure zones hasnt been a big ocusat Rent-A-Center. But as the virtual inrastructurescales up, thats becoming a necessity, says Condit.

Some existing rewall tools have visibility intovirtual server trac, but in other cases IT needs toadd another set o virtualization-specic tools, andthat adds to management complexity.

Its better to have a tool set that spans both thephysical and virtual environments, says Neil Mac-Donald, an analyst at Gartner Inc. Until the tradition-

al security tool vendors catch up, however, IT may

need to bring in tools rom lesser-known vendors likeAltor Networks, Catbird Networks and HyTrust thathave been tailored specically to virtual machines.

More important, the core network architecturesneed to change to accommodate virtualization, saysRSAs Mul. Networks that work correctly withphysical servers dont necessarily work well with

virtual machines. Security would be improved iproper routing and subnets and virtual LANs wereimplemented, he says. Most business continuityailures in virtualized settings can be attributed tonetwork design aws, he contends.

Matthew Nowell, senior systems engineer at SixFlags, uses virtual LANs to segregate virtual servers.Depending on how we set up routing rules, theymay or may not be able to talk to each other, he says.

But MacDonald cautions that VLANs and router-based access controls alone are not sucient orsecurity separation. The research rms guidelinescall or the deployment o some sort o virtualization-aware rewall.

At the Phoenix city government, Jordan insists thatsystems administrators isolate each virtual server

within its own security zone. I had to ght withserver admins who swear up and down that the hy-pervisor can do that. But I trust rewalls more than Itrust hypervisors, she says.

sc F h saSecuring a virtual inrastructure isnt about buyingmore tools, says RSAs Baize. Theres a lot availabletoday in terms o controls or virtual inrastructure.

What is lacking is the understanding o what the con-trols are or and when they should be applied, he says.The best way to create a secure virtual inrastruc-

ture is to get security experts involved early. Gartnerestimates that as many as 40% o IT shops dont seekIT securitys input on a virtual deployment until aterthe system is already built and online.

The problem becomes more evident as mission-critical applications move into virtual machines.When you start looking at virtualizing SharePoint orExchange or ERP, you really are running into sensi-tive data. That orces the issue, MacDonald says.

By then, organizations are trying to bolt on

security that should have been designed in rom thebeginning. That kind o ater-the-act redesign workcan get expensive. CIOs should make sure they havetheir top people in the loop when designing this typeo architecture, MacDonald says.

It all comes down to policy, contends Condit. Iyou dont have a strong security policy in place, avirtual inrastructure is going to show up those weak-nesses much more quickly because things happenmore rapidly, he says, reerring to how quickly

virtual servers can be created and then movedaround between physical host servers.

CIOs are right to worry. Says Condit, A certain

healthy level o paranoia is always a good thing. u

GettinG worriedHw nnd is gniztin with th

iss sit in itizd ninnt?

Source: THeINfoPro Survey of 214 IT SecurITyProfeSSIoNalS, November 2010

v xt:

32.7%Swht:

36%

mini:

23.7%Nt t :7.6%



29/48

The Computerworld LinkedIn Forum

is a community for all things IT:

news, analysis and discussion about

topics within IT, including careers,

management and hot topics.

If you are an enterprise IT practitioner

at any level wed love to have you join.

Apply for membership today at

www.computerworld.com/linkedin

(want in?)

on
http://www.computerworld.com/linkedinhttp://www.computerworld.com/linkedin


30/48


like the wild west thats how Dave Rettig,

a senior manager in the strategy and technologyalignment group at Raymond James Financial Inc.,describes the frms frst implementation o Share-Point 2003. It was a ree-or-all. Everyone just sort ojumped in, Rettig says.

SharePoint is Microsot Corp.s sotware or collaboration, flesharing and Web publishing. People saw it as just another fleserver, Rettig says, and it ended up like someones garage or attic.

So when SharePoint 2007 came out, a steering group thatincluded Rettig decided to take some control. Instead o automati-cally upgrading, the group did so manually, porting just 10% othe earlier versions content to the new platorm. It also required asteward and a backup person or each teams content site.

Security was another concern. Rettig categorized the fnancial

Collaboration

F o t o l i a / t w i x x

ShaPint sits can spad likwds thughut a cpany,

cating ig lgal isks. Its ti tst s uls. by my b

SolvingSharePoint

s


31/48


services rms 14,000 to 15,000 SharePoint subsites into threegroups team sites, project sites and community sites each

with dierent levels o security controls. In addition, the steeringgroup created a specic site to lock down any content containingpersonally identiable inormation, with oversight by the data secu-rity sta. No one can get into that area without security knowingabout it, Rettig says. I personally identiable inormation is oundoutside o that boundary, either through an automated scanner orhuman detection, its immediately fagged, deleted or moved.

Moreover, orms that enter the SharePoint system rom theretail sales orce are archived in an optical storage system, withbuilt-in rules or regulatory compliance and security enorcement.

In terms o centralized control, we keep an eye on storagecapacity, and we have tools to see how activity is going on the site,Rettig says. [But] we dont really have total command and control,and I dont think there are a lot o companies out there who do.

Thats or sure, agrees Doug Miles, director o market intel-ligence at AIIM, an association ocused on enterprise contentmanagement. In a June survey o 624 organizations, AIIM ound

that 55% were establishing SharePoint policies or team sites,but other orms o governance were lacking. Just 22% said theyprovided sta with guidance on content type and classication,and only 15% had ormal document-retention policies and legal-discovery procedures. Despite this, nearly a quarter (23%) hadrolled out SharePoint to their entire stas.

Its kind o throw it against the wall and see what sticks, interms o what theyll use it or, which seems to fy in the ace o alot o good IT practice, Miles says. Im not saying Im a controlreak, but I do err on the side o decently written policies. Milesalso urges companies to dene which types o content can show upon SharePoint and which types should be reserved or other places,such as human resources and document management systems.

Microsot included security, document management and othercontrol-related capabilities in the newer versions o SharePoint(2007 and 2010), but the general intent behind SharePoint ree-orm collaboration runs counter to the notion o control.

And nearly everyone who works with the system is reluctant toquash that reedom.

The way to get control is to design policies upront, like whatthe site is designed to be used or and what content is intended tobe on it, says Larry Briggi, a managing director in the technol-ogy practice at FTI Consulting Inc. in New York. But i youstife it too much, users wont be able to do everything theyresupposed to and the system is less useul.

Greg Clark, a consultant at C3 Associates Inc., a Calgary, Alberta-

based consultancy specializing in enterprise content management,

Pop just put ShPointout th, nd it gos vi

suddny youv got tnso thousnds o sits.

GreG Clark,consultant, c3 associates inc.

SharePointPros and Cons

Source: AI IM Survey o 624 orgAnIzAtIonS, J une 2010

DeploymentChallenges

ShPoint impmnts istd th oowings thi top dpoymnt difcutis:

1

Maaipss ha

2tk lha xpd

3rsisa mss (addiialia la)

4

thiallm dilha xpd

5P p-ma/iadqaias

6Dil ia wihxisi ssms

B: 362 mgr wh r g r mpmg shrP

Top 10 Functions

Th most popu ppictions o ShPoint:

1cllabaiwkspas ams

2Dm

maam

3ilshai4

Ias(sa-aiWb sis)

5ms,bls, wikis

6Pals mpa ws

7

Pals ml-ipl

psiis

8epissah9

Wkw/bsi-ss pssmaam

10Sa pfls/diis

B: 445 mgr wh r g r p shrP


32/48


Collaboration

says SharePoint governance needs to include records managers andthe legal department, not just IT. People just put SharePoint outthere, and it goes viral suddenly youve got tens o thousands osites, he warns. The trick is to manage SharePoint in a systematic

way thats not so constrained that people dont want to use it.

e-scv CcsOne area that must be addressed is e-discovery o inormation orcourt cases. SharePoint will be the next new dumping groundor electronic documents, ollowing e-mail and shared directo-ries, Briggi says. Thats a good thing rom a usage and conve-nience perspective, but the downside is that it becomes a new[legal] discovery source. And thats a little more challenging.

Briggi points out that SharePoint systems can have millions odocuments and hundreds o record custodians, and theres rarelya single go-to person who knows everything about the SharePointenvironment.

Plus, the usual mechanism or nding documents in Share-Point keyword searches wont necessarily identiy all thecontent relevant to a particular case. Part o this hinges onhaving the right keywords, and i indexing is not turned on or

specic sites, the data in those areas will not be searched. Toovercome such challenges, FTI Consulting designed an approachthat searches the site by individual custodian, regardless okeywords, and then transers that content outside o SharePoint,

where it can be preserved in a legally acceptable way, Briggi says.But companies need to consider the e-discovery implications

o SharePoint at the outset o a project, beore theyre suddenlyhit with a discovery request during litigation, observers say.

Jessica Carroll, managing director o IT at the United States GolAssociation, says her organization is working to integrate Share-Point 2007 into its e-discovery system. The association purpose-ully selected an e-discovery system that could be customized toreach into SharePoint so the organization could place documents

on legal hold and comply with document retention regulations.The USGAs SharePoint implementation has two audiences:The organizations 350 internal employees, plus the externalcommittee members and regional gol associations it works with.USGA SharePoint sites are used to publish reerence materialand orms, share ideas and host discussions between the outsidegroups and staf.

Companies also need to pay attention to government regula-tions, particularly those requiring retention periods or diferenttypes o documents. Miles says SharePoint 2007 provides theability to move documents to a records repository. But accordingto the AIIM survey, only 40% o SharePoint users have institutedlong-term archiving policies. Theyre actually exposing them-

selves [to legal risks] because e-discovery and archiving havent

as qs f sh hv Shp:

Focus on businessrequirements.Dont let IT drive

the implementation.

SharePoint is notan out-o-box imple-mentation. With

more and more implementa-tions going on, good SharePointconsultants/experts arehard to come by.

[You] need a gover-nance plan frst. Itis an absolute must.

The step cannot be skippedunder any circumstances.

Sort out governance.Sort out training.Sort out the

inormation architecture.Sort out a basic taxonomy.

Look or third-partytools to round itout. Find a good

integrator.

Shp h x

f cc cs.larry briggi,managing director, Fti consulting inc.

Advice FromThe Trenches

Source: AI Im Survey of ShArePoINt ImPlemeNterS, JuNe 2010


33/48


caught up to how people are using SharePoint, Miles says.At the USGA, Carroll says that while SharePoint is used or

document sharing and version control, materials that need to beretained or that have legal value will be kept in a conventionaldocument management system.

Microsot has added document management eatures to Share-Point, and although they all short o the unctionality in dedicat-ed content management systems like Documentum, Open Textand FileNet, Miles says, SharePoints tools are available at a muchlower cost, making it possibleto give document managementcapabilities to more users.

The AIIM survey ound thatsome companies are usingSharePoint as their very rstcontent management system,

while others are using it intandem with a conventionaldocument management systemor as a ront-end interace to anexisting system.

Everyone thinks [Share-Point] works out o the boxas a document managementsystem, but it doesnt, Milessays. For example, compa-nies need to establish rulesor maintaining consistencyamong corporate departmentsand ensure that the documentsare managed according to thecorporate records manage-

ment plan throughout their liecycles, he says. You dont wanteveryone creating dierent in-dexing schemes, or instance,Miles adds. Those are issuesthat could come back and bite

you later on.For companies where

individual departments createtheir own subsites, C3 Associ-ates consultant Clark suggestssetting up global guidelines orstructural elements like older

taxonomies, metadata manage-ment and records retention.

Whos in Charge?AIIMs survey ound that most SharePoint projects are run by theIT department sometimes with input rom records managersand sometimes not. But in other cases, SharePoint is managed atthe business unit level, leaving IT sidelined.

At the Georgia Aquarium, Vice President o IT Beach Clark setup a governance structure in which IT is the administrator orthe entire SharePoint operation; its responsible or setting up allsubsites, and it responds to user requests or changes.

The aquarium has a public site or volunteers and an intranet

or internal use. Departments tend to publish orms and other

documents, whereas the corporate site publishes a newsletter andeatures a dashboard that reports on aquarium attendance andoperational income. We update those on a daily basis to help ev-eryone maintain ocus on achieving those two goals, Clark says.

Governance and user training were big actors when the NavyReserve Forces Command implemented SharePoint last June.The command uses the system to share inormation and createstandard workfows or processes such as requesting training orapplying or a waiver o active duty. When rolling out SharePoint,

the command developed acomputer-based curriculum

with a two-day module or ageneral overview and a ve-day course or power users.We wanted to make surethe audience was educatedin the proper unctionalityo SharePoint to put somecontrol on how its used, saysCapt. Matt Ragan.

The training coverssecurity issues, such as theneed to saeguard personalinormation, he says. Thecommand also created a toolthat asks users i documentstheyre uploading contain per-sonally identiable data andprovides a link to inormationon dealing with such les. I adocument does contain sensi-tive inormation, the user is

required to protect it with apassword, says Ragan.In addition, documents

with personally identiableinormation are tagged so thecommand can nd all suchles and lock them down inecessary.

Security was also a hugeconcern or the USGA,particularly or internal sitesthat are shared by externaland internal users, according

to Carroll. The associationaddressed that issue by givingexternal users log-in access tothe portal rather than access

to the internal network. It did that with SharePoints orms-basedauthentication tool, which provides the external users with log-incredentials separate rom the internal Active Directory.

As use o SharePoint continues to grow, the issues o gover-nance and control will evolve because people will continuallycome up with new ways to use it, according to Rettig. Were stillat it, he says. We dont think we have it down, because humanschange more than systems do. uBrandel is a Computerworld contributing writer. You can contact

her at [email protected].

2010 SonicWALL, Inc. SonicWALL and the SonicWALL logo

are registered trademarks of SonicWALL, Inc.

[ TOUGH QUESTION #5 ]

DYNAMIC SECURITY FOR THE GLOBAL NETWORK

SonicWALLs network security solution integrates next

generation rewall defenses and intrusion prevention.

Further, the solution scans all trafc for malware while

providing Application Intelligence and Control to manage

and visualize by applicationsnot just by port and protocol.

Learn how SonicWALLs solution can visualize and control

any type of application at sonicwall.com/control

HOW DOES ANENTERTAINMENT GIANTCONTROL WEB 2.0

APPLICATION USAGE?

_ _
http://computerworld.com/mailto:[email protected]://sonicwall.com/controlhttp://computerworld.com/http://sonicwall.com/controlmailto:[email protected]


34/48

C

ompanies have cut salaries andtraining, held back on bonuses andpiled more work on employees inresponse to the economic downturn.These tactics may well be pushingmany IT proessionals to go jobhunting, according to a recent Com-puterworld salary survey.

More than one-third (36%) o the 343 respondentsto our recent poll said that theyre looking to moveto a new employer in the next six months. And 69%reported that they hadnt received a pay raise in theprevious six months. The survey was conductedduring the last two weeks in September.

For employers, the warning couldnt be more clear:As the economy improves, the most able IT workersmight leave or something better.

Further results rom the survey explain why em-ployees want to bolt.

For example, only 54% o the respondents saidtheir salary is higher today than it was in 2008, while26% said there had been no change and one out ove said they were making less money than they

were two years ago (see charts at right).John Moore, a director o enterprise sotware

development at a manuacturing rm, believes thatIT budgets will ree up early next year i the U.S.economy manages to avoid a double-dip recession,and then companies will begin catching up on ne-glected projects and hire new workers.

For companies that dont want to lose their tech-nology stafers, Moores advice is to ensure that IT

employees are recognized as valued contributors.Its not about money its about employee ap-preciation, says Moore. Its about open communica-tion, and its really about ensuring that your IT staf isinvested in what you are doing.

s ey mkBut it wont be easy or job seekers, even i theeconomy picks up. The recession has changed howemployers hire people. Job ads are much more specicand oten include a list o exacting technical require-ments, say IT proessionals interviewed or this story.

Employers are much more particular its very

much an employers market, says Bob Hibbits, anetwork engineer at a telecommunications company.Hibbits says job seekers should expect to have

a technical interview over the phone beore beinginvited to a ace-to-ace meeting. Employers are onlygoing to look at very well-qualied people, he notes.

In years past, it might have been good enough tohave six to eight o the 10 technical skills an employermight want, but now there are enough people whodont have work that they can nd someone who hasthem all, says Hibbits. He adds that he has also seenmore employers initially hiring people on a contractbasis beore lling jobs permanently.

Steve Watson, a recruiter at executive search rm

F o t o l i a / a n d r e s r o d r i g u e z

careers

32 c o m p u t e r w o r l d N o v e m b e r 8 , 2 0 1 0

Timefor a

Change?AComputerworldpoll shows that oneout of three IT staffers is looking to switch

employers. By PatriCk thiBodeau


35/48


Stanton Chase International in Dallas, says its notsurprising that more than one-third o IT workersresponding to Computerworlds salary survey are in-terested in leaving their current jobs, but he says thatsentiment isnt entirely due to dissatisaction withpay. Some o that is lack o career advancement,he says. In the poll, 46% o the respondents said thattheyre less satised with their advancement opportu-nities now than they were six months ago, while only14% said that theyre more satised.

And, o course, the doing more or less drumbeathas made IT proessionals more open to calls romrecruiters, says Watson.

Several people interviewed or this article were re-luctant to share their names, but their stories tendedto corroborate the larger trends that showed up in thesalary poll. One person interviewed ofered a twist tothe numbers.

An energy industry proessional who asked oranonymity says younger people have greater job secu-rity because they cost less to employ. Meanwhile, thebetter-paid baby boomers are in danger o job loss.

Among those at risk are those who are doing thesame jobs that people are doing three to ve years outo college, he says. IT proessionals in the best posi-tion to survive a cut are those who have business ana-lytical skills and can work with outsourcers, or those

who can work on a system thats key to the companysmission, he says.

To some employers, the ideal job applicant issomeone who is both a brain surgeon and a Porschemechanic, says an unemployed IT proessional whodidnt want his name used.

Indeed, employers are looking or a precision,laser-guided skill set, says Robert Novak, a systemarchitect.

My strong advice to anybody in the business ismake sure you are getting back to school to keepbrushing up on your skills, says Novak, adding thathe makes an efort to do that.

But wherever IT proessionals look or new work,the pickings will be slim, at least or now. Only 37% othe respondents to Computerworlds poll said their com-panies are currently hiring in their IT departments. u

If you can get h rih sills rii, h slr prmim imprssi.

Cnsier te master science in analtics egree prgram tat

cmputer science pressr Micael Rappa starte at Nrt Car-

lina State Universit ur ears ag. Te 10-mnt curse eatures

all-a classes an as a maximum enrllment 40 stuents. Te

curriculum stresses teamwr an cmines matematics, cm-

puter science an usiness, wit te gal training peple t elp cmpa-

nies turn te vast amunts ata te cllect int actinale inrmatin.

In te mst recent class, 97% te stuents a j ers witin 90

as grauatin. Tse js a an average starting salar an nus

$94,000 wic is mre tan enug t cver te cst te prgram.

Te prgrams in-state tuitin an ees are aut $7,000; ut--state stu-

ents pa $21,000. Aut 90% te peple in te prgram are U.S. citizensr permanent resients ecause te tpes fnancial assistance tat reign

stuents tpicall see arent ere. Mrever, te prgrams empasis n

teamwr requires stuents t ave strng Englis sills, sas Rappa.

Te stuents range in age rm teir earl 20s t earl 50s, e sas.

S man cmpanies recruit te prgrams stuents tat empler eman

excees te suppl grauates. We a a numer emplers cme in

an wal awa empt-ane, sas Rappa, w ntes tat e wul lie t

expan te prgram.

PATRICk ThIbodEAU

My s v yby h bsss s mk s

y bk sh kp bsh p

y sks.RobeRt novak, SySTEM ARChITECT

Education Pays Of

Frozen SalarieSHa ci

a pa ais i h passi hs?

SatiSFaction StagnateSCpa wih si hs ag,

has saisfaci wih cpsai . . .

loSing ground?Pas cpa c saa h saa a i 2008.

Is c saa . . .

ys:

31%

n:

69%Irsd:

18%

Rmid

h sm:

50%

Drsd:

32%

Hihr:

54%th

sm:

26%

Lwr:

20%

SourCe: exCluSIve Computerworld Survey, SePtember 2010; 343 It reSPondentS


36/48


Idont knowwhether I shouldadmit this, but one o my avoriteactivities as a security manager isincident response.

Sure, incidents can be a securitymanagers worst nightmare, putting youand your security program on the spot.But they are airly rare at my company,so when we do have one, it is something

o a break rom my general routine oaudits, compliance activity and meet-ings. They are usually challenging, andsometimes we catch a bad guy.

Our most recent eventdidnt uncover any badguys, as it turns out,but we did discover aconguration error in ourMicrosot DNS servers.

Heres what happened: One o ourengineers was using sotware calledRemote Admin (Radmin) to troubleshoot

one o the expensive, specialized mea-surement tools that my company designsand manuactures. While reviewingconnection logs rom the Radmin serversotware, he noticed some suspiciousactivity that had originated rom thePCs o two o the most senior executivesin the company. That was very strange,since our high-level executives dont

normally log into the tools. Why wouldthese executives have done that? I hadto wonder. So I asked them. One took alook at the logs and said that at the timeo the connection, he had been sleep-ing. The other executive said that whenhis machine was supposedly logginginto one o our tools, he was high abovethe Atlantic on his way to Europe. So

how could these machines, which wereturned o or unattended, be responsibleor the suspicious connections?

As it turned out, they werent. In act,the log-ins werent donerom two dierentPCs belonging to twoexecutives but rom onePC belonging to an en-gineer with a legitimate

reason to log into the tool.So how was it that a Domain Name

System reverse lookup had ngered the

wrong parties?In our company, we use Dynamic HostConguration Protocol, or DHCP, whichassigns an IP address rom a predenednetwork range. We have DHCP cong-ured so that each IP address assignmentexpires ater two weeks, ater which thePC is assigned a dierent IP address thenext time it comes on the network. What

I hadnt realized was that our Windowsenvironment keeps the cache inorma-tion on all these IP address assignmentsrather than purging the old entries.

Cachg oI couldnt understand why we wouldarrange things this way, so I asked ourWindows server team, who told me thatthey had disabled automatic fushing othe DNS cache because it had causedproblems. What sort o problems? I

wanted to know. Uh, well, no one couldremember exactly. In any event, thiscaching was why our logs had pointed tothe two executives, since their PCs hadbeen assigned those two IP addresses in

the past.Well have to investigate what thereason was or disabling the fushingo the DNS cache; it might not evenbe a real problem anymore, and wellcertainly nd a way around it i it is stilla valid problem, so that we can re-enablethe automatic fushing.

In the end, we didnt have any execu-tives involved in industrial espionage.But even though this incident was a alsepositive, it was an interesting diversion.

And it provided a good lesson on the

importance o reviewing congurationbaselines to ensure that DNS serversproperly fush inormation. O course, Ialso want to have historical inormationavailable to answer questions such as

who was assigned a particular IP addressat a given date and time. That can becritical inormation to have, and well

want to retain it. uThis weeks journal is written by a real

security manager, mahas tha,

whose name and employer have been disguised

for obvious reasons. Contact him at mathias_

[email protected].

Incident response can be an interesting diversion,

but its also a chance to uncover vulnerabilities.

A ss: A lg shwsthat tw high-ll

xcutis PCs w usdt lg int a snsititl. That ss athsuspicius.

Ac a: Lk intth incidnt, stating

y asking th xcutiswhat thy w ding at thti f th lg-ins.

TroubleTicket

Join in th discussins autscuity!c.c/

bgs/scy

A log suggests that two executives logged into a tool they

shouldnt mess with. Time to investigate.

Syg, Shg ic?

SecurityManagers

JournalMathias thurMan
mailto:[email protected]:[email protected]://computerworld.com/blogs/securityhttp://computerworld.com/blogs/securityhttp://computerworld.com/blogs/securitymailto:[email protected]://computerworld.com/blogs/securityhttp://computerworld.com/blogs/securitymailto:[email protected]


37/48

Congratulationsto the Winners!SNW, in conjunction with Computerworldand the Storage

Networking Industry Association (SNIA), proudly announces

the winners of the S

computer world november 8, 2010

Documents