gary mckinnon to remain in ukcdn.ttgtmedia.com/rms/computerweekly/cwe_231012_ezine_27...adopting...
TRANSCRIPT
computerweekly.com 23-29 October 2012 1
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime Gary McKinnon to remain in UKA 10-yeAr cAmpAign to block the self-confessed hAcker’s extrAdition ends in success pAge 4
23-29 October 2012 | ComputerWeekly.com
bac
kgro
un
d im
ag
e: Z
mee
l Ph
oto
gra
Phy
mc
kin
no
n im
ag
e: W
ilsh
a/W
ikim
edia
computerweekly.com 23-29 October 2012 2
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
the week in it
IT in educationTeacher training registry at standstill amid technical problemsPotential teachers are unable to apply for training courses because of problems with the graduate teacher training registry. the part of the website for applicants to courses next year is not working and when graduates attempt to apply they are greeted with the news that “gttr apply 2013 is currently offline for essential maintenance. We apologise for the incon-venience that the ongoing technical issues with gttr apply 2013 have caused”.
Cloud hostingThe Pirate Bay moves into the cloud swedish file sharing website the Pirate bay has moved into the cloud to improve its services, lower costs and evade shut-down from authorities. the bittorrent site, which had its servers raided by police in 2006, has moved its entire infrastruc-ture into several cloud hosting providers around the world.
Mobile softwareFacebook opens engineering centre in London for mobile productsFacebook opened an engineering centre in london, its first outside the us. launched by chancellor of the exchequer george osborne, the hub will focus on building Facebook mobile and platform products. “there are 7,000 different mobile devices hitting Facebook,” said mike schroepfer, Facebook’s vice-president of engineering
IT technical skillsAdvanced analytics skills shortage stymies big data programmesa “critical” advanced analytics skills short-age is impeding big data programmes, according to a research report from ibm and the saïd business school. Analytics: the real-world use of big data is based on a survey of 1,144 business and it profession-als from 95 countries and 26 industries. it found that less than 25% of the respond-ents worldwide said they have the skills and resources to analyse unstructured data, such as text, voice and sensor data.
IT jobs and recruitmentGM recruits 3,000 HP IT workersgeneral motors (gm) is hiring 3,000 staff from hP as part of its aggressive plan to bring outsourced it work back in-house. gm announced plans to bring its out-sourced it, which was about 90% of the total, back in-house and recruit 10,000 it workers in the process. the 3,000 hP staff are already working on projects at gm. Public sector ITCornwall Council axes leader Alec Robertson in outsourcing controversycornwall council leader alec robertson has lost a confidence vote and will step down over a controver-sial proposal to outsource shared council services that has split cornwall council. he lost the vote 63 to 49. he was replaced by Jim currie.
GDS launcheS Gov.uk webSite
the government digital service (gds) has launched its gov.uk website, intended to become a single domain for online public services to replace hundreds of departmental sites.
the move is expected to create significant cost savings. According to cabinet office minister francis maude, directgov’s running costs were more than four times higher than that of gov.uk, totalling £21.4m for 2011-12.
mike bracken, executive director for digital at gds, said: “it is the first major, full platform release from the gds. this release heralds a new approach to digital deliv-ery of public services in the uk and a new approach to all things digital in central government.”
in a report to cabinet minister francis maude in october 2010, martha lane fox recom-mended all government digital services should be under a single url.
access the latest it news via rss feed
computerweekly.com 23-29 October 2012 3
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
the week in it
IT securitySecurity remains a barrier to mobilitysecurity is still the primary barrier to adopting mobile business applications, a study has found. more than three-quarters of the 300 uk firms polled said they planned to adopt mobile business applications in the next 12 months. but security, potential loss of data and compli-ance remain key concerns, according to the study commissioned by global security and risk management firm integralis.
Cloud computing softwareTelefonica Digital saves 40% with cloud HR platformtelefonica digital is investing in a cloud-based hr system to manage its 6,500-worldwide workforce in a project that is expected to pay for itself in under two years. it is to spend several million on Workday’s cloud-based hr software over three years, saving 30-40% of the cost of a traditional, non-cloud-based platform.
Datacentre hardwareToday’s datacentres run at much lower temperatures than necessarydatacentres are wasting electricity by running at below 20°c when the optimum temperature for operating is 25-26°c, experts have said. “many datacentres operate at cooler temperatures than necessary because customers fear that the systems will fail,” said Jim hearnden, product technologist for datacentre power and cooling at dell.
IT risk managementDraft Data Communications Bill will be ineffective, says ICOthe uk’s draft data communications bill – aimed at making it easier for authori-ties to spy on electronic communications – will be ineffective against terror, says information commissioner christopher graham. he told a special select com-mittee of mPs and peers that it will catch only incompetent criminals and accidental anarchists.
Broadband communicationsScottish universities provide superfast rural broadbandremote areas of scotland are now able to access superfast broadband, thanks to a research project by two of the country’s universities. the university of edinburgh and the university of the highlands and islands have been working together on the tegola project, which aims to bring fast internet connections to rural scotland.
Microsoft Windows softwareMicrosoft revenues suffer as users wait for Windows 8 upgrademicrosoft has blamed lower-than-expected Q1 results on consumers and businesses delaying desktop software upgrades until after Windows 8 is launched. For the three months to 30 september, microsoft reported revenues of $16bn. Q1 came in $1.3bn less than the same period last year and the Windows & Windows live division posted sales of $3.24bn, a 33% decrease. n
Finance cioS reveal receSSion recovery planS
Top priorities for the next few years
Reducing costs
Improving efficiency
Mobile banking/mobile payments
Security concerns
Upgrading current IT systems/applications
Managing on a restricted budget
Adopting/moving to the cloud
Virtualisation
Increasing/improving customer experience
Becoming more innovative
Maximising growth
Improving skill sets
51%
22%
18%
15%
11%
9%
27%
20%
18%
13%
9%
7% Source: Fujitsu
computerweekly.com 23-29 October 2012 4
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
analysis
Gary McKinnon’s mother shed tears of relief and triumph as she thanked the home secretary for blocking the US extradition order. Mark Ballard reports
Hacker McKinnon to remain in UK
The mother of hacker gary mckinnon marked the end of a traumatic chapter of their lives when she gave thanks to
all those who helped in their 10-year cam-paign against a us order for his extradition to face charges for hacking federal computers.
Janis sharp shed tears of relief and triumph at a press conference as she publicly thanked home secretary theresa may for withdraw-ing the us extradition order.
“it was a brave decision to stand up to a nation as powerful as america. We’ve done something for the little person and that is a considerable achievement. it’s so emotional, i’m overwhelmed and incredibly happy,” she told a packed room at the london offices of mckinnon’s lawyers.
congratulations were passed all round for sharp’s tireless campaigning to raise public, media and political support for her son, and she was commended in Parliament. she gave her own thanks to those who had lent their support, including lawyers, rights campaign-ers, mPs and journalists.
Changes to the law“today is a victory for compassion,” said david burrowes, mckinnon’s mP. earlier he had pressed the home secretary in Parliament: “can we make a promise that
never again will a vulnerable uk citizen have to endure a 10-year mental torture, like gary mckinnon, and that the british prin-ciples of justice and fair play will return to extradition?”
mckinnon’s lawyer, edward Fitzgerald, commended the home secretary for making
Websense takes aim at
modern hacker attack methods
Hackers target White
House military network
mckinnon will not be extradited
hacker meant no harm to uS Government SyStemS
gary mckinnon stands accused of hacking into us military and nasa computers. he admits accessing various us government computer systems, but denies causing any damage or disrup-tion on the scale claimed.
the former national high tech crime unit arrested mckinnon in 2002, three years after he began looking for evidence of extra-terrestrial beings and technologies on us computers. mckinnon was obsessed with finding evidence that the us government was hiding alien technol-ogy that would provide free energy. had he found it, he’d planned to “blow it to the world’s press”.
it was child’s play to get into us military systems, according to mckinnon. many were running netbios over tcp/ip with blank or default passwords, which allowed him to access administra-tor privileges. he admitted writing scripts to harvest passwords, and to using password crackers to get into more protected systems.
computerweekly.com 23-29 October 2012 5
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
a brave decision, but said she could not have done it without the powers granted her by the human rights act.
but may told Parliament she would remove the home secretary’s discretion to intervene in extradition cases under human rights law and to leave it with judges. she said she would instead introduce a law to allow people accused of crimes with dual jurisdiction – such as hackers based in one country and infiltrat-ing another – to be prosecuted at home, if it was in the interests of justice. she warned that extradition remained important in a world where it was easy to commit cross-border crimes, either digitally or in person.
Future considerationsbritish courts had repeatedly thrown out mckinnon’s pleas for the extradition pro-cess to strike a merciful balance between his minor hacking crimes and the vulnerable psychology caused by his having asperger’s syndrome, a form of autism.
Fitzgerald said the government had agreed to consider what more could be done to ensure extradition orders were handled proportionately and not pursued when the
burden of an extradition outweighed minor charges. the uk routinely prevents cases being brought before its own courts if it is against the public interest. but it fails to extend the same protections over british people ordered before foreign courts.
the home secretary also agreed to look into the way the police handle the arrest and laying of charges against people with autism. campaigners say the inherent vulnerabilities of asperger’s sufferers mean they are often mistreated by society and the law. n
Extradition rEmains important in a world whErE it is Easy to commit cross-bordEr crimEs, EithEr digitally or in pErson
key DevelopmentS in hacker’S leGal battle2002n march: mckinnon arrested in uk n september: released on bail, us authorities
begin extradition proceduresn november: mckinnon faces extradition to us
2006n may: mckinnon claims us military made
basic errors in data security
2007n february: extradition threatens life sentence
2008n June: mckinnon faces lords to fight extraditionn June: uk law lords reject appeal, mckinnon
turns to european court of human rightsn August: mckinnon loses appeal in european
court, leaving us free to extradite mckinnonn october: final appeal turned down
2009n January: mckinnon to stay in uk while direc-
tor of public prosecutions considers uk trialn January: high court to review extradition
ordern June: mckinnon launches legal challengen september: mps bid to stop extradition n october: court throws out appeal
2010n June: charges found to be exaggeratedn september: extradition review could see
mckinnon tried in the ukn november: blunkett repents over uk-us
extradition treaty
2011n may: us dashes hopes of uk trialn may: obama gives uk power to deciden december: mps call for changes
to uk-us extradition treaty
2012n July: Judge issues ultimatum on mckinnon
health assessmentn september: uk sets deadline to decide
fate of mckinnonn october: us extradition order withdrawn
analysis
Read more articles
about Gary McKinnon
online
1 The cumulative number of unique malware samples in the McAfee* collection exceeded the 75 million mark at the end of 2011. Source: “McAfee Threats Report: Fourth Quarter 2011,” available at www.mcafee.com (http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2011.pdf).
2 No system can provide absolute security under all conditions. Requires an Intel Identity Protection Technology–enabled system, including a 2nd or 3rd Gen Intel Core™ processor, enabled chipset, Àrmware, software, and participating website. Consult your system manufacturer. Intel assumes no
liability for lost or stolen data and/or systems or any resulting damages. For more information, visit http://ipt.intel.com. 3 Intel AES-NI requires a computer system with an AES-NI-enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on
select Intel Core processors. For availability, consult your system manufacturer. For more information, see http:///software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni. 4 No computer system can provide absolute security under all conditions. Built-in security features
available on select Intel Core processors may require additional software, hardware, services, and/or an Internet connection. Results may vary depending upon conÀguration. Consult your PC manufacturer for more details. Copyright © 2012 Intel Corporation. All rights reserved. Intel, the Intel logo, Intel
Core, and Intel vPro are trademarks of Intel Corporation in the U.S. and other countries. *Other names and brands may be claimed as the property of others.
Built for Business. Engineered for Security.
Learn more at intel.co.uk/pcsecurity.
The 3rd Generation Intel® Core™ vPro™ Processors
Deliver Unprecedented Protection for Business
75,000,000UNIQUE MAlwARE SAMPlES1
AddEd PROTECTION AgAINST MAlwARE ANd ROOTkITS
TwO-FACTOR
AUThENTICATION
OFFERS
BUIlT-IN
SECURITy4
PROTECTS dATA FOR wORkERSINTEl® TRUSTEd ExECUTION TEChNOlOgy (INTEl TxT)
INTEl VIRTUAlIzATION TEChNOlOgy (INTEl VT)
INTEl IdENTITy PROTECTION
TEChNOlOgy (IPT) wITh PUBlIC
kEy INFRASTRUCTURE (PkI)2
• VIRUS PROTECTION
• MAlwARE PREVENTION
• SECURE ACCESS
• dATA PROTECTION
ONSITE/ON-ThE-gO
UP TO 400
PERCENT FASTER
dATA ENCRyPTION
INTEl AdVANCEd ENCRyPTION
STANdARd NEw INSTRUCTIONS
(INTEl AES-NI)3
10.05.2012 20:50 Twist 235
computerweekly.com 23-29 October 2012 7
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
analysis
Security models often ill-prepared for a modern, sophisticated attack
Current business security models fail to prepare for cyber threats in the face of highly-sophisticated, powerful cyber
attack tools that are no longer the preserve of nation states, as they filter down to a wider community of attackers.
For the first time, hackers are conducting military-grade cyber attacks on less well-resourced commercial enterprises in pursuit of data assets. cyber criminals are using these attack vectors to target better defended organisations higher up the supply chain.
researchers report cyber attackers are adapting to new technologies and communi-cation channels to collaborate on new tools and by passing traditional defences.
besides this increased capability of a wider group of malicious actors, corporate it is going through a massive transformation as it grows bigger and more complex than ever.
Still spending on perimeter defencethe need to move beyond the traditional perimeter-based defence model was a theme running through keynote and track sessions at rsa conference europe 2012.
kicking off the conference, art coviello, executive chairman of rsa, said: “as einstein observed, insanity is doing the same thing over and over and expecting a different outcome.” yet that is what many companies are doing with their data protection security strategy, he said.
research commissioned by rsa showed many companies still spend 80% of the it security budget on prevention; and only 15% on detection and 5% on response.
“in an age of openness, where breaches are to be expected, the balance must shift,” said coviello. organisations need the capability to detect and respond to threats fast enough.
Need for damage limitationa growing number of organisations are real-ising cyber criminals are switching tactics and they need to change their data protec-tion security strategy, said tom heiser, president of rsa.
but this is not the same as accepting that damage will occur, he said. a new model is required, so organisations can respond faster to avoid, or limit, loss and damage.
Expert analysis indicates that most organisations need to rethink their security strategies and move away from traditional methods. Warwick Ashford reports
Cybercrime Battle Basics:
Online Account,
Transaction and Device Protection
E-Guide: Identifying and
addressing evolving threats
ma
xk
aba
kov/
isto
ck
Pho
to
computerweekly.com 23-29 October 2012 8
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
the goal is to reduce the amount of time attackers can move freely in the network to reduce the window of opportunity to steal information and cause damage, said coviello.
Complexity throws up challengecomplexity is increasing with new technolo-gies and consumer-style devices and ser-vices with bring-your-own-device (byod) schemes. this means the it department is in danger of losing control, said Francis desouza, group president of enterprise products and services at symantec.
businesses are failing to address consum-erisation security risks, compounded by hackers’ adoption of multi-flank attacks.
defence alone is no longer enough for data protection if organisations are to deal with multi-flank attacks, in which several apparent independent attacks are used in concert by a single attacker, said desouza.
in the past, it security professionals looked at individual elements, said desouza, but now there is a need to understand how attack campaigns are constructed and to be able to pull all the elements together.
Intelligence-led securityso if traditional security models are failing, what is the alternative?
across the security suppliers represented at rsa conference europe 2012, intelligence-led security was the single, most common theme.
successful data protection requires a secu-rity strategy that uses multiple sources of internal and external information delivered to analytical engines.
last year, eugene kaspersky, chief execu-tive and co-founder of kaspersky lab, said it security industry collaboration could elimi-nate 90% of malware.
only by integrating and correlating security intelligence can organisations avoid being
tricked into focusing on traditional attacks such as distributed
denial-of-service (ddos) attacks while some-thing more serious is going on, said desouza.
“it is not uncommon nowadays for attack-ers to launch ddos attacks as a diversion at the same time as they are breaching
databases to copy credit and debit card information,” said desouza.
Growing demand for skillsaccording to rsa’s coviello, organisations are facing a serious shortage of it security skills. analysts estimate the number of information security professionals will need to more than double from 2010 levels by 2015, but it is not clear how addressing the demand for techni-cal security skills will be achieved.
educating boards and the media about the challenges and adversaries information secu-rity professionals face is also essential.
Few people outside the law enforcement and information security research communi-ties have an understanding of the problem, said coviello. they are seeing only the tip of the iceberg, because most organisations being hit do not want to tell anyone about it.
Cloud can help create rapid responseintelligence-led security, said coviello, is about combining all the data about what is going on in a network to provide actionable information in near real-time. “it is about starting with risk, and finding out where potential compromises exist, which turns the traditional model on its head,” he said.
many existing and traditional security systems do not scale, said Philippe courtot, chairman and ceo of Qualys. organisations need to find new, more flexible approaches and should be looking to build new cloud-based security intelligence platforms to deliver real-time threat analysis, mitigation and compliance with security policies.
“real-time big data is a key element of tomorrow’s security, because once an organi-sation has created one platform, it can be cloned easily and used globally,” said courtot.
Putting this all in perspective, security author and journalist misha glenny said uk targeted attacks have gone from four a year to 500 a day in just two years.
“it is not just big corporations that are being targeted, attackers are going after everyone in the supply chain,” glenny said, supporting the idea that all organisations probably need to rethink their security strate-gies if they have not done so already. n
› Ten ways to dodge cyberbullets: reloaded› Anatomy of a cyber attack
› Technical guide on emerging threats
analysis
This is an edited version. Read the full article online.
computerweekly.com 23-29 October 2012 9
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
case study
When the charity sought an outsourcer to provide e-learning, back-office systems and IP-based communications, Foehn fitted the bill. Cliff Saran reports
IT delivers e-learning capabilities at homeless shelter Anchor House
Anchor house, the hostel and life skills centre for homeless people, selected it and communications provider
Foehn to deploy it for e-learning, iP-based communications and back-office systems.
based in east london, the charity provides accommodation for 180 homeless people each year, and offers training and devel-opment for more than 1,000. many of its residents have experienced varying levels of social exclusion.
in terms of training, anchor house pro-vides it, literacy and numeracy training. it is a construction skills certifications scheme (cscs) testing station for safety certifica-tion in the construction industry and offers 50 e-learning modules, including basic microsoft training.
anchor house has gone through a £9m renovation programme since keith Fernett
joined as director in 2004. Fernett, who had previously managed large, complex local and central government projects, says the charity was facing closure before he joined.
“We had £2.5m of financial liability. We developed a masterplan for each aspect of the organisation – the building, the services and the technology,” he says.
the masterplan still holds true today, says Fernett: “We have been able to system-atically expand our services and the use of technology because we have taken a holistic approach to everything we have done.”
in terms of the it, he says anchor house was a greenfield site. Previous planning was achieved using a large whiteboard.
“there was not much computing power here when i joined. i did not want to hire someone who was computer-savvy as an it manager,” says Fernett.
Anchor house provides a hotel-like system for residents, with in-room messaging, data services and video content
Why Tesco chose open source
software
Video interview with
Anchor House’s Keith Fernett
computerweekly.com 23-29 October 2012 10
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
many of the systems at anchor house are based on open source technologies. along with the obvious cost savings, Passingham says open source offered Foehn open stand-ards for the it integration it undertook as part of the anchor house project.
Foehn deployed an iP network using hP networking equipment. this is used to run the asterisk open source iP telephony system, which provides a ringfenced Pbx, allowing residents, anchor house staff and external training providers to share the same system.
the company also implemented the open source videolan video server, which provides multi-casting to broadcast Freeview to residents’ rooms. each room is equipped with a set-top box from amino technologies which runs a web browser
and provides a linux desktop, delivered using Pc over iP. the browser connects to an apache server, which provides users with access to the virtual linux, e-learning and Freeview systems. n
instead, he decided to outsource the whole it operation. “i wanted to outsource, with one contractual arrangement that could offer the scalability to deal with our growth poten-tial,” he says.
Finding the right fitchoosing the right supplier was not an easy task. “a lot of companies did not meet our objectives because the approach of selling one size for everyone did not fit with us,” says Fernett.
in the end, he chose Foehn to provide all the it and ongoing support for the charity.
Fernett decided to standardise on the microsoft suite and sage for accounts in the back office. he also wanted to offer e-learning, which involved building and equipping a computer room.
his overall vision was to offer a “holiday-inn-like” experience, in that residents would access their rooms, switch on electricity and use computer terminals with a smartcard.
the it elements to support these users needed to be separate from the business systems. “i wanted the ability to run services remotely and ensure our business systems were completely separate from our service users’ it,” says Fernett.
James Passingham, technical services director at Foehn, says the it and communi-cations provider wanted to deliver a hotel-like system for the residents, with in-room messaging, data services and video content.
Foehn implemented a core iP backbone to provide networking for the video displays and computer terminals.
many of thE systEms at anchor housE arE basEd on opEn sourcE tEchnologiEs with opEn standards
case study
the Anchor house computer room was
built and equipped to support e-learning
http://eu.acronisinfo.com
computerweekly.com 23-29 October 2012 12
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
inteRView
Meeting the demands of gambling regulations meant rebuilding site
European regu-lations for the gambling sector,
launching new products and driving revenue
growth as a recently-floated public com-pany put enormous pressure on the it team at betfair.
but chief technology officer (cto) tony mcalister, in the post for over three-and-a-half years, talks with confidence when taking stock of the team’s achievements and look-ing at what is coming next.
“i think i have done most of the things i said i would when i joined,” mcalister told computer Weekly in an exclusive interview.
mcalister concedes that the job is far from easy. in fact, it has got more complicated since he joined betfair – then still a private company mostly focused on the uk market.
“in the eu, each of the countries regulate online gambling in a different way. i have to make changes in the systems where custom-ers’ information and money is kept to allow for unique things like the national id cards in spain, which i don’t have to account for in italy, for example,” says mcalister.
Building a jurisdictional architecturethe it team has needed to support regula-tory changes – such as italian regulators wanting to see bets taking place in real time or authorities in denmark and spain wanting information to be placed in a safe location in case the government needs to access it.
to manage it, the company built what it calls a “jurisdictional architecture”, a project com-pleted in april, which broke the it architecture down into country-related components.
“it was a big exercise, which we did while running a high-growth business,” says mcalister. “the project was challenged by product implications and regulatory issues,
but we got there in the end,” since everything in betfair’s architecture
from hardware to code was uk-focused and intertwined, the team spent three years rebuilding the set-up and moving it to a services-oriented architecture (soa).
“We broke the architecture down into hundreds of pieces and relayered application programming interfaces [aPis] between our front end, middle tier and back end. now, we can modify our aPi based on the changes that need to happen,” says mcalister.
betfair’s mostly bespoke set-up is based on Java, but also relies heavily on an oracle database, as it is “the fastest, most scalable database out there”, according to the cto, who adds that his Pl/sQl capabilities also had to be scaled up.
mcalister needed more database licences, and a renegotiation with the supplier took place. he says he got a very good deal with oracle as an oracle Financials suite was thrown in as part of the deal. the roll-out of the finance system, which included integra-tion with an saP hr platform, ended in July.
“often companies mention migrations of a large financial system as their major project
tony mcAlister, cto at betfair
Betfair CTO Tony McAlister oversaw the architecture reconstruction needed to meet the differing demands of online gambling in Europe. Angelica Mari reports
Betfair sees 120% increase
in mobile customers
Betfair CTO Tony McAlister
switches datacentre
horses
CW500 interview
computerweekly.com 23-29 October 2012 13
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
for the year. For us, it was something we did at lunch,” he says.
on the hardware front, betfair had a signifi-cant fleet of large sun servers, which were replaced by hP kit. it also consolidated six datacentres down to two – based in dublin – making the network easier to maintain.
Big data focusas the company grew internationally, adopting a customer relationship manage-ment (crm) system became an increas-ingly important consideration for mcalister. the it team went through a quite exhaus-tive request for information, where all alternatives, from saP and oracle to niche providers, were considered.
“in the end, we decided to park that project but we will possibly revisit that decision,” says mcalister.
but he says betfair’s it team has done extensive work in its data warehousing set-up under a new project dubbed betfair information management (bim).
“We redesigned our data layer with a logi-cal data flow and are building a new data warehouse on top of that, which will allow us to keep less data and enable us to make the information more efficient for internal uses, particularly for the fraud and customer service teams,” he says.
betfair is using ab initio software to extract, transform and load data, and the cto is very pleased with the results so far.
“i am struggling to get people with skills for that, so we are using ab initio consultants to show our people how to use the tools. We have already deployed as much of the data
warehousing project as we can in an agile fashion across some of our products and
are looking to finish this by the end of the next fiscal year,” he says.
Website improvementsone of mcalister’s main areas of focus over the years has been to make betfair’s web-sites more user-friendly and relevant to the mass market. until recently, its websites were running on designs from several years
ago and some features were taking nearly 30 seconds to load on a standard computer.
the cto brought in architecture special-ists to revamp the web portfolio. according to mcalister, so far all sports programs are running on the new architecture and loading time is under three seconds.
“this process gave us the chance to make changes to the website more like a web com-pany does – what used to take months and weeks now takes days, if not hours,” he says.
a new iPad program is also due to be launched, with all the betting exchange func-tionality that is available on the web.
Growing the teambetfair now employs 800 people in it across the world – up from about 600 in 2009. during that time, its romanian team, which initially dealt mostly with testing, has grown from 60 to 220 people and now works on all aspects of the company’s it.
all offshore teams cover mobile – half of all betfair customers in the uk and ireland placed a mobile bet in the first quarter of the year, driving the volume of bets up 114% and generating a 98% increase in revenue.
despite having to keep up with his balanc-ing act on regulations, keep the company running and stay ahead of the competition, mcalister says the job remains his most interesting role so far.
“i am not sure if i expected to still be here [in 2012] back when i joined, but right now i feel as if i’ve just started and i’m just as excited as i was back in 2009.” n
This is an edited version. Read the full interview online.
› Betfair increases mobile sales by 78%› Betfair opens up to software developers› CW500 Interview: Betfair IT goes global
inteRView
“oftEn companiEs mEntion migrations of a largE financial systEm as thEir major projEct for thE yEar. it was somEthing wE did at lunch”
computerweekly.com 23-29 October 2012 14
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
editoR’s comment
Legacy of McKinnon’s ordeal should put security on the agenda
So gary mckinnon stays free – for now.at computer Weekly, we’ve followed the self-
confessed hacker’s story for the 10 years it has taken to fight his extradition to the us. along the way we have seen his cause become an international issue, with prime ministers and presidents discussing his case.
it is for others to discuss the legalities of home secretary theresa may’s decision to rescind the extradition order. it is also for others to debate the approach of us prosecu-tors that once told mckinnon they wanted him “to fry”.
but it is also important to remember that mckinnon is guilty – something he has never denied. it is right that he should face up to the law, and the consequences of his actions – but it is equally right that those conse-quences should be proportionate to the crime.
the 10 years since mckinnon came to public attention have put his hacking into a very different context. govern-ments now do far worse on a regular basis than gary did.
and as we have seen in the last year or two, there are plenty of new, young garys out there, operating under the guise of hacktivist groups such as anonymous, still exploiting the security flaws that are all too inherent in modern technology.
the immediate priority for mckinnon is his health. then he has to face whatever the legal authorities in the uk decide to do about his case. but he also now has an opportunity to put something back into the it security community, and it would be great to see him put his unwanted notoriety to good use in highlighting to others just how vulnerable our it systems remain. nick leeson, the man who brought down barings bank, does a similar thing these days about banking fraud.
but beyond the legalities, and the human cost of mckinnon’s 10-year ordeal, there is a lesson for every-one in it. information security is now a matter of national security, let alone of business success. gary mckinnon’s case went well beyond the hacking crime he committed. it security goes well beyond the techni-calities of hackers and viruses. if gary’s legacy is to put the topic onto the boardroom agenda of every organisa-tion, then he can, at least, be thanked for that. n
Bryan GlickEditor in chief
Computer Weekly/ComputerWeekly.com1st Floor, 3-4a Little Portland Street, London
W1W 7JB
generAl enquiries
020 7186 1400
editoriAl
editor in chief: bryan glick 020 7186 1424
managing editor (technology): cliff saran 020 7186 1421
head of premium content: bill goodwin 020 7186 1418
services editor: karl flinders 020 7186 1423
security editor: Warwick Ashford 020 7186 1419
networking editor: Jennifer scott020 7186 1404
senior reporter: kathleen hall 020 7186 1426
special projects editor: kayleigh bateman020 7186 1415
datacentre editor: Archana Venkatraman020 7186 1411
storage editor: Antony Adshead07779 038528
business applications editor: brian mckenna 020 7186 1414
editorial content assistant: caroline baldwin 020 7186 1425
production editor: claire cormack 020 7186 1417
senior sub-editor: Jason foster 020 7186 1420
sub-editor: philip Jones020 7186 1416
displAy AdVertising
sales director: brent boswell 07584 311889
group events manager: chris hepple 07826 511161
computerweekly.com 23-29 October 2012 15
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
opinion
A lawyer’s duty is to protect the client, but agile methodology can conflict with risk-averse instincts, making contract negotiation tricky, writes Callum Sinclair
How to guide your lawyers in brokering agile software contracts
Agile software methodolo-gies have been around for years and are here to stay,
yet many in the legal profession still feel they are entering uncharted waters. so what can it professionals do to bridge the gap, and how can they best understand the lawyer’s point of view? in short, how can you keep your lawyers agile?
the job of a technology lawyer is to protect clients from undue risk arising from relationships they form in the course of their business, or at least to flag that risk so they can make informed decisions.
but for a commercial lawyer, it is also critical to understand the context in which contracts are drafted and negotiated on behalf of clients. this may appear to be stating the obvious but, in the context of agile software development, it is not hap-pening readily enough. lack of understand-ing of agile methodologies among legal professionals, and the resulting lack of contract precedent and “legal” case studies, are slowing down the uptake of agility in big business.
the flexibility, responsiveness to change and other benefits which agile methodolo-gies can deliver if properly implemented are generally accepted among the technology community. statistics around relative project success of agile versus more traditional waterfall techniques are also well publicised among it professionals. in the 11 years since the publication of the agile manifesto, the past couple of years have seen perhaps the most raised public profile of agile with the likes of the cabinet office’s “lean and agile” procurement agenda.
however, when presented with (or asked to draft) a contract to embody an agile approach, a lawyer sees lack of certainty
Project management
competency built on agile methods and
risk mitigation
Best practice
for mixing Agile and
outsourcing
sinclair: lawyers sees lack of certainty in agile deals
around price, time scales and ultimate deliverability. they will also be concerned about “agree-ments to agree” – such as defer-ring decisions about scope, acceptance criteria and budget for a sprint until just prior to that sprint’s commencement. these are generally difficult to enforce under law in the event of dispute. a combination of these factors can defeat the risk control sys-
tems of most large organisations and militate against the use of agile methodologies.
so as a customer believing in the benefits of agile, or a supplier seeking to sell them, how do you begin to persuade lawyers and senior management that agile is the way to go? suggestions include:n ensure there is a basic understanding of what agile development is and what ben-efits it can deliver at an early stage in the process. brief crib sheets or case studies may help to illustrate and secure buy-in. be upfront about the risks, but focus on char-acteristics of agile which may help to miti-gate those risks. For example, agile’s focus on a working deliverable at the end of each iteration can help to alleviate lawyers’ concerns about early termination and liability provisions.n consider the relative merits and risks of agile versus waterfall for the proposed project in light of the scale of the project, the culture of the customer organisation, the availability of resource on the customer side and so on. decide early whether that analysis rules out any specific approach for the project concerned. n
Callum Sinclair is a partner in the intellectual property and technology team in DLA Piper’s Scottish practice.
This is an edited excerpt. Read the full article online.
computerweekly.com 23-29 October 2012 16
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
BuyeR’s guide
Without an investment in it asset lifecycle management people, process and technology, there is no way you can credibly answer questions about the it assets of your organisation.
it departments need information on what assets they have, where they are, who is using them, the services they support, what they cost and how they are configured. they must also be able to ascertain whether the business is compliant, the value the it assets deliver and whether the company is fully exploiting its it assets.
With the millions spent and planning to be spent on it, coupled with heightened expecta-tions from the business, a lack of proper it asset lifecycle management is no longer accept-able. this is increasingly important as do-more-with-less efficiency mandates are prioritised, supplier software audits and compliance initiatives increase and the business places greater focus on what it costs and the value internal it delivers.
to address these challenges and pressures, it managers are striving to improve how they manage it assets throughout their lifecycle. this is a tall order because the term “asset” has an expansive definition including: business applications and software (enterprise resource planning (erP) systems such as saP or personal productivity tools such as microsoft office),
thin
ksto
ck
Enhance Your
enterprise asset
management Efforts
SMEs: Optimising IT
assets
How to manage your assets and control business costsAsset lifecycle management allows the IT department to improve governance, mitigate risk and improve service quality and efficiency, writes Stephen Mann
Buyer’s guideAsset management part 1 of 3
computerweekly.com 23-29 October 2012 17
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
BuyeR’s guide
datacentre infrastructure (server, mainframe, storage and network), user computing infra-structure (Pcs, tablets, mobile devices and telephony) and branch office technologies (switches, routers, servers and printers).
the technical, financial and service-related information available from an it asset lifecycle management programme can allow it managers to improve efficiency and effectiveness and to optimise its investment (or divestment) in its asset base. it provides a comprehensive view of the resources feeding it service delivery and an assurance that best use is made of its assets. by investing in it asset lifecycle management people, process and technology, it managers can cut costs, reduce risk and improve the quality of it services
Managing costsasset management provides the organisation with information on how it funds are invested and how these investments are performing. this not only helps with running current projects but can make it easier to fund new ones. it organisations can use this intelli-gence to improve total cost of ownership (tco) by continuously reducing it asset costs throughout their lifecycle. moreover, it asset lifecycle management allows it managers to take a service-centric approach to it management decisions that can result in addi-tional savings by scaling back or fully removing low-value services altogether.
Improving governanceby conducting it asset lifecycle management, an it organisation can enhance the governance of its it assets through a common management and control mechanism across all domains. For example, organisa-tions can use an integrated information set and a consistent knowledge base for decision-making around it infrastructure investment or divestment. as it infrastructure is the foundation for planned it capability, it is also important to have an asset repository that reflects the current ability of it assets to enable future projects or support consolidation and cost reductions.
Mitigating riskone of the principal benefits of optimised it asset lifecycle management is improved risk management, as it tracks assets during their entire lifecycle (which includes creation, acquisition, use, maintenance and decommissioning and/or disposal). by understanding the state an asset is in, the it organisation can coordinate a variety of processes, such as checking utilisation for capacity planning or removing sensitive data before assets are disposed of. this not only mitigates data privacy risks but also avoids the fee charged by it asset disposal service providers to process end-of-life assets. risk management also includes the management of the physical failure of assets (particularly when sweated during times of limited asset investment) and is related to capacity management and disaster recovery.
Ensuring complianceit asset lifecycle management, when encompassing software assets, can provide detailed information on software license compliance or compliance with other regulations, such as security or environmental regulations. Failure to meet licensing rules or regulatory perfor-mance requirements can result in costly fines — which are often dwarfed by the potential risk to your organisation’s reputation.
assEt lifEcyclE managEmEnt can providE dEtailEd information on softwarE licEnsE compliancE
computerweekly.com 23-29 October 2012 18
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
BuyeR’s guide
Making IT greenit professionals are increasingly tasked with moving their organisations from green it awareness to action. Forrester recommends creating a green it baseline as the first step. Why? because the age-old adage that “you can’t manage what you can’t measure” is relevant to any it project, green or not.
it asset lifecycle management tools can help to create an accurate baseline by accounting for all it assets both within and outside of the datacentre. From there, it professionals can calculate the energy-related consumption, costs and carbon-dioxide emissions of operating their it. this data will offer a practical green it starting point, by exposing your most eco-taxing assets. conversely, without it, you can not accurately quantify and report the benefits of your greening efforts to internal and external stakeholders.
Improving organisational efficiencyit asset lifecycle management ultimately allows it to run a tighter ship. it is more than just managing costs; it’s about doing the right thing. While hardware and software expenditure control is important, so is how the it organisation conducts itself in the it asset lifecycle management framework and the larger context of it operations. having fit-for-purpose policies, processes, procedures and enabling technol-ogy will help ensure the non-financial resources applied to it asset lifecycle management are also used optimally.
Delivering higher-quality IT servicehaving a better understanding of what assets are used where and for what purpose (especially if service-aligned) can dramatically improve it’s ability to oper-ate a number of information technology infrastructure library (itil)-espoused it service management processes such as incident, problem and change management. there are also obvious links to configuration and capacity management in terms of knowing more about the it estate.
Better alignment with business knowing what assets cost and their remaining economical life through effective it financial and service portfolio management allows the it organisation to better under-stand whether its investment of available it funds is optimally aligned with business
needs. likewise, it asset lifecycle management intelligence is not just specific to the asset management roles within the it organisation, such as software asset managers or hard-ware asset managers. many different roles across the enterprise can make use of it asset lifecycle management intelligence.
an effective it asset lifecycle management implementation (or adoption) requires a disciplined approach. it needs to enable an enterprise to maximise value and deliver its strategic objectives through the management of its it assets throughout their entire lifecycle. it asset lifecycle management requires the monitoring, controlling and accounting of assets over time and should be an embedded part of the overall service support and service delivery processes in it. n
assEt managEmEnt allows thE it organisation to bEttEr undErstand its invEstmEnt
This is an extract from the Forrester report, Cover your assets; Use IT asset lifecycle management to control IT costs, by Stephen Mann and Evelyn Hubbert
› The value of corporate information governance as a business asset
› How to manage device lifecycles
computerweekly.com 23-29 October 2012 19
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
Renegotiating outsouRcing
It outsourcing is going through a period of major change as the result of an economic downturn of extreme proportions alongside major advances in technology.
tight budgets amid recession and increased service options as a result of new tech-nologies, such as the cloud, mean many it outsourcing contracts are no longer fit for
purpose or the best option available.For example, a bank might have signed a 10-year agreement to outsource its datacentres
in 2006; since then, a lot has changed. the financial services crash of 2008 might mean the bank has fewer customers, processes a smaller number of transactions and has less money. at the same time, cloud computing has matured, meaning the bank does not require as much datacentre space and does not need to pay for equipment up front.
retail, manufacturing and travel sectors are all examples of sectors also hit hard by recession and targeting new technologies to help them recover.
Downturn drives renegotiationsteve tuppen, director at sourcing advisory isg, says the company’s tax and price index (tPi) shows that renegotiations across all types of outsourcing contracts are on the rise: “as a proportion of total outsourcing contracts awarded, they are at a 10-year high at 33%, and the first quarter of 2012 revealed an even higher figure of 44%.”
in the first half of 2012, restructured contracts worth €20m or more made up 15% of total it outsourcing contracts, he adds. “it outsourcing contracts are simply a projection of future requirements, and renegotiations are now seen as a normal adjustment to changing business conditions,” says tuppen.
Web
Pho
tog
raPh
eer/
isto
ck
Look before you leap into
renegotiating an outsourcing
deal
How to preserve your
relationship with an
outsourcing partner
Renegotiating outsourcing contracts to fit new realityOrganisations in many sectors seek to renew the terms in their contractual agreements as they adjust to the economic climate. Karl Flinders reports
computerweekly.com 23-29 October 2012 20
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
Renegotiating outsouRcing
many businesses today find themselves in it outsourcing agreements that are ineffective and need to change. kit burden, head of technology sourcing at law firm dla Piper, says the number of contract renegotiations has been high over the last year. “We were doing almost as many renegotiations as new deals last year. it has eased off, but there are still a lot.”
he says while some of the negotiations are attempts by the client to reduce costs further, many are driven by a desire to restructure deals that were hurriedly agreed. “the first wave of deals, done in haste during the first stages of the recession, are in trouble and need to be reworked.
“as a customer’s business has constricted dur-ing the recession, the pricing regime hasn’t flexed as much as intended and so the deal has become uneconomic,” adds burden.
Reasons to rethink your contracttuppen at isg says reasons for renegotiating can be broken down into internal or external factors.
the main internal factor is low satisfaction, he says. he cites an isg survey that found, on average, companies report that they only received 72% of the value that they anticipated from out-sourcing contracts. tuppen says deals without clearly defined objectives and structures are most likely to have lower levels of satisfaction.
“this is not always the supplier’s fault – unrealistic client expectations and low client invest-ment in managing the relationship can also lead to contract renegotiation,” he adds.
tuppen also says that contracts are not always renegotiated for negative reasons: “it can also be to increase scope within a successful relationship and can be triggered by the service provider – which has identified an opportunity to introduce innovative practices or technolo-gies that add increased value.”
he says external factors that trigger a desire to renegotiate might be: a change in busi-ness conditions; mergers and acquisitions; new service offers or channels; and the desire to embrace technologies and processes.
Peter schumacher, ceo at management consultancy value leadership group, says in the current economic conditions buyers are primarily aiming to cut costs and improve the perfor-mance of services suppliers.
“a typical problem is that incumbent suppliers – offshore and traditional – become compla-cent over the years. contracts are often renegotiated or a second supplier introduced to keep the prime supplier on its toes and create a wake-up call,” he says.
schumacher adds that there is often a problem when it services providers interpret agree-ments differently to customers: “over time, companies find that these contracts do not prop-erly reflect operational realities and actual capabilities of the business/supplier.”
Position of strengthrobert morgan, director at sourcing consultancy burnt oak Partners, says the number of renegotiations he is dealing with has increased by 50% over last year.
he says businesses are in a strong negotiating position: “it is open season from clients which are approaching a break or merely because they feel that they can extract a better price from the market – and they can.”
Factors driving renegotiations include competitors to the incumbent supplier offering price cuts which the customer can use to get a better price on the existing deal, says morgan. this combined with pressure on procurement teams to reduce costs is even leading to recently signed contracts being renegotiated.
“thE first wavE of dEals, donE in hastE during thE first stagEs of thE rEcEssion, arE in troublE and nEEd to bE rEworkEd”kit burdEn, dla pipEr
computerweekly.com 23-29 October 2012 21
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
Renegotiating outsouRcing
other typical reasons to change an outsourcing agreement include when a deal goes bad. “clients which signed a bad deal have more power to renegotiate in a recession to redefine services, metrics and service delivery models,” adds morgan.
HagglingFeatures of contracts that could be changed or reworked, other than prices, include service scope, the obligations of the parties involved as well as changes to delivery models.
Peter brudenall, outsourcing lawyer at berwin leighton Paisner, says there is no desire cur-rently to redo the terms and conditions. “it is usu-ally the description of services and related obliga-tions that were perhaps not dealt with in enough detail the first time round.”
this might include reporting obligations, govern-ance arrangements, communication obligations and how the parties will work together, he says. “these are given more detail during the renegotia-tion. this is often because the parties have estab-lished a working model that they want to capture in the agreement, or sometimes because they want a better roadmap for dealing with issues and problems when they arise.”
value leadership group’s schumacher says businesses are increasingly trying to link their contracts to measurable improvements in areas that matter the most. “For example, with offshore contracts, buyers are setting more aggressive targets around offshore process ratios and insisting on greater transparency with regard to where the services are being performed.”
and it is not just the users that are open to change. isg’s tuppen says suppliers are even up for it. “anecdotally from clients, we also know that service providers are much more open to the idea of renegotiations,” he says.
Change is goodthe appetite for change is there. but what should cios take to the negotiating table?
morgan at burnt oak Partners says be prepared to concede certain aspects such as increasing the term, adding to the scope and simplifying measurement criteria, to secure a better contract. “absolutely check out the financial stability of your supplier before signing anything – two major suppliers could go under before year end. get expert legal and sourcing advice as to the real auditability and step-in rights that you have,” he says.
dla Piper’s burden says businesses need to be very clear on the reasons for the renego-tiation and what the objectives are. “try to do a ‘once and for all’ rebaselining, taking into account all issues, rather than ‘death by a thousand cuts’,” he advises.
isg’s tuppen agrees. he says the most important thing for a company considering renego-tiations is to have a clear understanding of their objectives, and what they want to get out of the restructured it outsourcing contract.
“a successful renegotiation also relies on creating financial leverage, a willingness to exe-cute viable alternatives and a strong commercial relationship with the supplier,” he says.
he also says that time is important. “Whether mid-term or end-term, companies must ensure
that they allow enough time to analyse and understand all factors, which might affect the new contract.”
but tuppen warns that the process of renegotiation does not guarantee change to everything a business wants.
“it is easy to get caught up in the renegotiations process,” he says. “but it should be remem-bered that not everything is negotiable – a company must decide on its priorities and negoti-ate to build a workable solution and sourcing relationship, not to win a battle.” n
“sErvicE providErs arE also much morE opEn to thE idEa of rEnEgotiations”stEvE tuppEn, isg
› Outsourcing IT: goals and negotiations› How to renegotiate an IT contract
› Outsourcing demand rises in buyers’ market
Who do you think is:· The most innovative?· The most successful?· The biggest influence on IT in the UK?
Computer Weekly is launching the second annual UKtech50—the only list of the realmovers and shakers in UK IT—the CIOs, industry executives, public servants and businessleaders driving the creation of a high-tech economy. We will identify the 50 most influentialleaders in UK IT—the people who will be central to developing the role of technology inimproving the UK economy.
Whoever comes on the top of the list will be the person that, in the opinion of our expertjudging panel, holds the most influence over the future of the UK IT sector—and hence thefuture of IT professionals across the country.
Who do you think should be on the list? We want to know your suggestions for the mostpowerful people in UK IT—visit www.computerweekly.com/uktech50 to submit the nameof the person you would like to nominate and tell us why you think they should be selected.
TTeellll uuss wwhhoo yyoouu tthhiinnkk iiss tthhee mmoosstt iinnflfluueennttiiaall ppeerrssoonn iinn UUKK IITT bbyy2266tthh OOccttoobbeerr aatt wwwwww..ccoommppuutteerrwweeeekkllyy..ccoomm//uukktteecchh5500
Help select the most influentialpeople in the UK IT community
iinn aassssoocciiaattiioonn wwiitthh
computerweekly.com 23-29 October 2012 23
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
datacentRe eneRgy-efficiency
Apower-hungry datacentre is one of the main concerns of an it executive. growing data volumes and storage hardware increase a datacentre’s energy requirements, while tighter budgets and stricter carbon emissions regulations put restrictions on electricity usage.
but despite the pressure, existing datacentres are inefficient. servers run idle 90% of the time, says david Flynn, chief executive of Fusion.io. cooling costs account for a significant portion of the energy consumption of a typical datacentre. they are also the biggest contrib-utors of an enterprise’s carbon emissions.
virtualisation should improve utilisation, but far too few servers are virtualised, according to clive longbottom, managing director of datacentre consultancy firm Quocirca.
“a majority of servers are still not virtualised and are running at lower than 10% utilisation rate, with storage being at around 30%. unless utilisation rates are dealt with, datacentres cannot be highly energy-efficient,” he says.
and while server processors are very powerful, an enterprise can only use 20-30% of that power because storage systems cannot feed data to the cPu fast enough.
Industry efforts towards datacentre efficiencylarge businesses are now facing regulatory pressure to make their datacentres more green. For instance, prime minister david cameron has made it mandatory for Ftse com-panies to report carbon emissions from april 2013, making them accountable, transparent and responsible.
Google opens €75m
energy-efficient
datacentre facility in
Dublin
Datacentre energy efficiency: identifying truths and mythsThere is no one-size-fits-all solution to optimising datacentre efficiency, so CIOs should consider all available options. Archana Venkatraman reports
1 / August 2008 / Copyright EDS 2008 EDS ENVIRONMENTAL SUSTAINABILITY PERSPECTIVES
Megawatts to Business Value
30W Energy into Data Center
17W Energy Into Server
9W Energy Into Chips
.3W–1.5W Energy into Applications
Under-Utilization 85%-97% • Compute • Storage • Bandwidth
100W Energy into Power Plant
Fans 10%
Power Supply 35%
Inefficient Business
Processes ??%
Cooling 33%
Lighting 4%
UPS 15%
Transmission 10%
Power Plant 67%
.12W-.9W Energy into Business Process
.00?W Energy into Customer Value
Inefficient & Zero-Value Applications 10%-40%
$
sou
rce:
ed
s/h
P
computerweekly.com 23-29 October 2012 24
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
datacentRe eneRgy-efficiency
in addition, the carbon reduction commitment (crc) energy efficiency scheme requires enterprises, both private and public, to reduce their carbon emissions or face hefty penalties. crc is a mandatory scheme aimed at improving energy efficiency and cutting emissions and will apply to organisations using more than 6,000mWh of electricity every year – equal to an annual electricity bill of approximately £500,000, according to mark allingham, a datacentre design professional.
there are between 4,000 and 5,000 such organisations in the uk, collectively accounting for around 10% of the uk’s total emissions, he says.
but cost is still the single biggest driver of datacentre efficiency. For an enterprise using an inefficient datacentre, there is a danger of overspending on it equipment and licensing of operating systems, applications servers and database servers, as well as maintenance and the need for more systems administrators to manage the equipment, says longbottom.
at the moment, it is only worth doing some-thing if it saves money – no-one is really invest-ing in “green”, he says. “but these cost-saving activities are washed with a green message and are added to the csr [corporate social responsibility] statement.”
to understand datacentre energy efficiency, cios should consider looking at metrics that meas-ure electricity consumed for given workloads. “a datacentre’s energy efficiency can be measured in terms of how much data can be processed per watt, and how much data can be stored per watt,” says Flynn.
“While different people define datacentre effi-ciency differently, for Fusion-io it is using the resources you have to the fullest with the least amount of waste,” he adds.
Fusion-io has developed iodrives, which it says puts idle cPus back to work and delivers efficiency across the datacentre so that its customers do not have to sprawl out their servers and storage to meet the data demands they face.
Architectural considerationsmany companies are changing their architectural designs and moving to a “cloud-like” structure to increase utilisation – motivated by the need for agility and energy effi-ciency, says ian brooks, european head of innovation and sustainable computing at hewlett-Packard.
so a datacentre that is very disk-centric could waste energy in powering the mechanically spinning disks, as well as cooling down the building from all the heat created by those drives.
innovative new-age datacentres built by companies such as Facebook which use flash memory in place of disk consume less energy.
as flash memory continues to be more affordable and energy costs keep rising, more com-panies are likely to switch to flash memory, not just to improve application performance, but also because they generally run cooler than hard disks, says Fusion.io’s Flynn.
hP has designed an energy-efficient datacentre using solar power, which aims to save power costs as well as minimise the environmental impact.
google will use wind-energy to power its oklahoma datacentre as part of its green strategy.rackspace is working with the open compute project for energy efficiency best practices.
“We are working with a community of peers to constantly rethink what we must have and what we can do without to improve efficiency,” says melissa gray, director of sustainability at rackspace.
cooling costs account for a significant portion of thE EnErgy consumption of a typical datacEntrE
Goldman Sachs adopts
modular datacentres to
save costs, improve
efficiency
computerweekly.com 23-29 October 2012 25
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
datacentRe eneRgy-efficiency
Hot aircooling techniques such as air cooling, water-based cooling and evaporative cooling, using renewable energy such as wind energy, and using containerised datacentres are seen as effective ways of controlling it’s energy use.
but each of these techniques has limitations. For instance, chiller-less datacentres – which rely on the use of outside air for infrastructure cooling rather than the use of expensive, energy-guzzling air-conditioning units – significantly reduce operating and capital expenses, but they can only be built in climates that do not experience hot temperatures or high humid-ity levels.
regulatory bodies such as the american society for heating refrigeration and air conditioning engineers (ashrae) recommend the use of such datacentres.
a dell study on climate data in the us, europe and asia found that chiller-less datacentres require it equipment that can withstand short-term excursions of up to 45°c. but much available it equipment can withstand only 35°c. aiming to overcome this, dell built its next-generation serv-ers to withstand temperatures of up to 45°c.
Busting the energy efficiency mythsmetrics used to measure datacentre efficiency provide crucial insights on what an it executive can do to improve it. Power usage effectiveness, or Pue, is the most common metric used to measure just how effective a datacentre is.
Pue is measured as: Pue = total energy it energy
an optimal Pue of 1.0 is accepted to be ideal, but is it achievable? longbottom says it is not. a single 2W led light used for emergency maintenance in a lights-out, free-air-cooled, non-uPs-based datacentre means that not all the energy is being used for it purposes, even if that light only gets turned on once a year, he says.
companiEs arE changing thEir architEctural dEsigns and moving to a “cloud-likE” structurE to incrEasE utilisation
Dell’s Next Generation Servers: Pushing the Limits of Data Center Cooling Cost Savings 9
Figure 4. Air-side economization of North America (27C with 15C dew point)
Note on Figure 4: The geography suitable for a chiller-less fresh air cooled data center (economization for 100% of the hours in a year) corresponds to the dark blue region in Alaska and northernmost Canada. The remaining regions below the dark blue region would all require a chiller plant, air conditioning system, or other supplemental cooling capability.
Figure 5. Dell fresh air specification for North America (45C with 26C dew point)
Note on Figure 5: With the Dell fresh air capable IT equipment specifications of 45C and a 26C maximum dew point, the dark blue region corresponding to economization for 100% of the hours in a year (chiller-less fresh air cooling) envelopes almost the entire North American continent.
Dell’s Next Generation Servers: Pushing the Limits of Data Center Cooling Cost Savings 10
The change in the number of hours of available economization between the ASHRAE recommended range (or even ASHRAE Class A2) and the Dell fresh air limits is dramatic. In fact, with Dell fresh air capable hardware, nearly all of North America is a candidate location for chiller-less (8,760 hours per year of economization) data centers as is nearly all of Europe.
Maps for Japan show similar results as seen in Figure 6 and 7. With IT equipment rated at the Dell fresh air limits, nearly all of the Japanese islands could be candidates for chiller-less data centers, or at least data centers that make extensive use of economization as would the majority of Asia. Currently, partially economized data centers are deployed only on the northernmost island of Hokkaido.
Figure 6. Air-side free cooling map of Japan (27C with a 15C dew point)
Note on Figure 6: Under the assumed conditions of 27C maximum dry bulb temperature and a maximum dew point of 15C, none of the islands of Japan are suitable for chiller-less fresh air cooling. Any data center built under these temperature assumptions would have to have to bear the capital cost of installing a chiller, air conditioner or some kind of cooling plant.
Air-side free cooling map of Japan (27°c with a 15°c dew point). under the assumed conditions of 27°c maximum dry bulb temperature and a maximum dew point of 15°c, none of the islands of Japan are suitable for chiller-less fresh air cooling. Any datacentre built under these temperature assumptions would have to have to bear the capital cost of installing a chiller, air-conditioner or some kind of cooling plant. source: dell
Air side economisation AshrAe recommended range (27°c with a 15°c dew point). the geography suitable for a chiller-less fresh air cooled datacentre (economisation for 100% of the hours in a year) corresponds to the dark blue region in Alaska and northernmost canada. the remaining regions below the dark blue region would all require a chiller plant, air-conditioning system, or other supplemental cooling capability. source: dell
Green datacentre
market to grow from
£10bn to £28bn by 2016
computerweekly.com 23-29 October 2012 26
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
“even a 99% efficient uPs means that there is a 1% loss, so the datacentre can only have a nominal Pue of 1.01,” adds longbottom.
typically, a 10-12-year-old datacentre might have a Pue of 2.8, which is not great, but not awful, says hP’s brooks. hP’s audits showed that its clients are achieving Pues in the low twos – say 2.3 to 2.6 – which can be further improved using close-coupled air-conditioning units, he says.
hP says its ecoPod products are designed to help enterprises achieve a Pue of 1.05.
meanwhile, according to Fusion.io’s Flynn, while disk-spinning infrastructure cannot deliver an optimal Pue, flash memory plat-forms can not only help businesses achieve better Pue but can also lead to consolidation of servers.
but Pue is a pretty crude measurement in many datacentre instances, experts insist. “Pue does not measure the efficiency of the compute or the emissions from the power consumed or other aspects of the datacentre,” says rackspace’s gray.
the more you know about the computing workload, the cooling needs and the climate, the better you can fine-tune the datacentre’s energy use, she says.
it executives must look at effective Pue (ePue), which takes into account the utilisation levels of it equipment and is more meaningful, says longbottom.
ePue is measured as: ePue = total energyutilisation rate x it energy
Steps towards energy efficiencyso what can organisations do to improve energy use in their datacentres? a good start-ing point is the green grid organisation. but there is no one-size-fits-all solution, so cios should consider all available options, such as cloud computing, server virtualisation and it consolidation.
an infrastructure running in an empty office space that is repurposed and has a lot of redundant servers will perform poorly compared with a datacentre purpose-built for the cloud,” says gray.
replacing four to five-year-old servers with highly energy-efficient ones can achieve an energy-saving payback within a year, according to hP.
“but a lot of the choice comes down to the environmental conditions of where the datacentre is located,” says longbottom.
For example, evaporative cooling may sound good for a warm climate, but if the prevailing conditions are 99% humidity – as the case would be in singapore and malaysia – evaporation will not work, he adds.
meanwhile, air cooling, if implemented well, can be used even in relatively warm areas – but will need backing up with standard
computer room air conditioning (crac) systems or other cooling methods to cover times when the external conditions are warmer.
the datacentre’s energy efficiency will remain a key focus for datacentre managers. but efforts do not necessarily mean massive changes to the facility and the equipment housed within it, but simple, small, yet strategic steps. n
datacentRe eneRgy-efficiency
“puE doEs not mEasurE thE EfficiEncy of thE computE, Emissions from thE powEr consumEd or othEr aspEcts of thE datacEntrE”mElissa gray, rackspacE
› Next-generation datacentres: The cloud› Forrester: Datacentre transformation
› CW500: Datacentre transformation
computerweekly.com 23-29 October 2012 27
Home
News
Gary mckiNNoN extraditioN
order blocked
it is time to retHiNk security
strateGies
Homeless Get HiGH-tecH
learNiNG boost
buildiNG aN it arcHitecture for oNliNe GambliNG
editor’s commeNt
opiNioN
buyer’s Guide to asset
maNaGemeNt
outsourciNG coNtract
reNeGotiatioN
addressiNG eNerGy-efficieNcy
iN dataceNtres
dowNtime
downtime
capturing the moment on camera. “**** off, i am leaving you!”
Can Chinese printer pose a threat to national security?downtime was contacted recently by someone representing a chinese printer company, that is now selling in the uk. after huawei and Zte was found dodgy by a White house security review, one wonders what the spooks will make of the new laser printer. maybe it posts a copy of every page printed back to china via snail mail. n
Spy kit surplus hits consumer sectoras power politics takes a back seat these days, there seems to be a lot of unused spy equipment lying around.
so spygadgets4u is flogging them as a way for happy families to capture those happy moments in life.
you know by having a secret camera in your clothing you can really catch people in natural moods.
i can see the tv show You’ve Been Framed getting lots of material – “happy anniversary, darling,” says the husband, presenting his wife with flowers while
Furby Double aGent in extraDition FiGht
A furby accused of divulging important us military information has called on the uk govern-ment to block its extradition to the us.
back in 2000, the furby repeated a conversation it had overheard from its owner’s parent – a senior us army official – discussing secret arms information on the phone with a colleague.
the furby became surplus to requirements for the official’s child and was sold in a car boot sale and transported to the uk where it is accused of giving the information to a political refugee from cuba. in 2005, the us called for the furby’s extradition to face spying charges in the us.
the furby has been to the european court of human rights to get the extradition overturned, but was devastated to find that a furby is not protected under european human rights law.
the furby has generated significant support from politicians, journalists and pop stars. u2’s bono visited the furby at its south london home only last week. he said the furby is in good spirits but the case is taking its toll.
the legal team behind the furby said repeating the information it heard from its previous owner was just evidence that it was a normal furby and it should have its case heard in the uk.