Sign up for our Technology Newsletter 
HP’s Helion Goes Commercial
HP has announced general availability of its Helion OpenStack cloud platform and Helion Development Platform based on Cloud Foundry.
The Helion portfolio was announced by HP earlier this year, when the firm disclosed that it was backing the OpenStack project as the foundation piece for its cloud strategy.
At the time, HP issued the HP Helion OpenStack Community edition for pilot deployments, and promised a full commercial release to follow, along with a developer platform based on the Cloud Foundry code.
HP revealed today that the commercial release of HP Helion OpenStack is now available as a fully supported product for customers looking to build their own on-premise infrastructure-as-a-service cloud, along with the HP Helion Development platform-as-a-service designed to run on top of it.
“We’ve now gone GA [general availability] on our first full commercial OpenStack product and actually started shipping it a couple of weeks ago, so we’re now open for business and we already have a number of customers that are using it for proof of concept,” HP’s CloudSystem director for EMEA, Paul Morgan said.
Like other OpenStack vendors, HP is offering more than just the bare OpenStack code. Its distribution is underpinned by a hardened version of HP Linux, and is integrated with other HP infrastructure and management tools, Morgan said.
“We’ve put in a ton of HP value add, so there’s a common look and feel across the different management layers, and we are supporting other elements of our cloud infrastructure software today, things like HP OneView, things like our Cloud Service Automation in CloudSystem,” he added.
The commercial Helion build has also been updated to include Juno, the latest version of the OpenStack framework released last week.
Likewise, the HP Helion Development Platform takes the open source Cloud Foundry platform and integrates it with HP’s OpenStack release to provide an environment for developers to build and deploy cloud-based applications and services.
HP also announced an optimised reference model for building a scalable object storage platform based on its OpenStack release.
HP Helion Content Depot is essentially a blueprint to allow organisations or service providers to put together a highly available, secure storage solution using HP ProLiant servers and HP Networking hardware, with access to storage provided via the standard OpenStack Swift application programming interfaces.
Morgan said that the most interest in this solution is likely to come from service providers looking to offer a cloud-based storage service, although enterprise customers may also deploy it internally.
“It’s completely customisable, so you might start off with half a petabyte, with the need to scale to maybe 2PB per year, and it is a certified and fully tested solution that takes all of the guesswork out of setting up this type of service,” he said.
Content Depot joins the recently announced HP Helion Continuity Services as one of the growing number of solutions that the firm aims to offer around its Helion platform, he explained. These will include point solutions aimed at solving specific customer needs.
The firm also last month started up its HP Helion OpenStack Professional Services division to help customers with consulting and deployment services to implement an OpenStack-based private cloud.
Pricing for HP Helion OpenStack comes in at $1,200 per server with 9×5 support for one year. Pricing for 24×7 support will be $2,200 per server per year.
“We see that is very competitively priced compared with what else is already out there,” Morgan said.
OpenSSL Gets Updated
OPENSSL, the web security layer at the center of the Heartbleed vulnerability, has been issued with a further nine critical patches.
While none are as serious as Heartbleed, patching is recommended for all users according to an advisory released today. The vulnerabilities stem from various security research teams around the web including Google, Logmein and Codenomicom, based on their reports during June and July of this year.
Among the more interesting fixes involves a flaw in the ClientHello message process. If a ClientHello message is badly fragmented, it is vulnerable to a man-in-the-middle attack which could be used to force the server to downgrade itself to the TLS 1.0 protocol, a fifteen year old and therefore pre-Heartbleed patch variant.
Other reports include memory leaks caused by denial of service attacks (DoS) and conversely, crashes caused by an attempt to free up the same portions of memory twice.
OpenSSL now has two full time coders as a result of investment by a consortium of Internet industry companies to form the Core Infrastructure Initiative, a not-for-profit group administered by the Linux Foundation. The Initiative was set up in the wake of Heartbleed, as the industry vowed to ensure such a large hole would never be left unplugged again.
While OpenSSL is used by a large number of encrypted sites, there are a number of forks of the project including LibreSSL and the recently launched Google BoringSSL.
Google recently announced that it would be lowering the page rankings of unencrypted pages in its search results as an added security measure.
Many Websites Still Exposed
The world’s top 1,000 websites have been updated to protect their servers against the “Heartbleed” vulnerability, but up to 2% of the top million remained unprotected as of last week, according to a California security firm.
On Thursday, Menifee, Calif.-based Sucuri Security scanned the top 1 million websites as ranked by Alexa Internet, a subsidiary of Amazon that collects Web traffic data.
Of the top 1,000 Alexa sites, all were either immune or had been patched with the newest OpenSSL libraries, confirmed Daniel Cid, Sucuri’s chief technology officer, in a Sunday email.
Heartbleed, the nickname for the flaw in OpenSSL, an open-source cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption, was discovered independently by Neel Mehta, a Google security engineer, and researchers from security firm Codenomicon earlier this month.
The bug had been introduced in OpenSSL in late 2011.
Because of OpenSSL’s widespread use by websites — many relied on it to encrypt traffic between their servers and customers — and the very stealthy nature of its exploit, security experts worried that cyber criminals either had, or could, capture usernames, passwords,\ and even encryption keys used by site servers.
The OpenSSL project issued a patch for the bug on April 7, setting off a rush to patch the software on servers and in some client operating systems.
The vast majority of vulnerable servers had been patched as of April 17, Sucuri said in a blog postthat day.
While all of the top 1,000 sites ranked by Alexa were immune to the exploit by then, as Sucuri went down the list and scanned smaller sites, it found an increasing number still vulnerable. Of the top 10,000, 0.53% were vulnerable, as were 1.5% of the top 100,000 and 2% of the top 1 million.
Other scans found similar percentages of websites open to attack: On Friday, San Diego-based Websense said about 1.6% of the top 50,000 sites as ranked by Alexa remained vulnerable.
Since it’s conceivable that some sites’ encryption keys have been compromised, security experts urged website owners to obtain new SSL certificates and keys, and advised users to be wary of browsing to sites that had not done so.
Sucuri’s scan did not examine sites to see whether they had been reissued new certificates, but Cid said that another swing through the Web, perhaps this week, would. “I bet the results will be much much worse on that one,” Cid said.
IT Dissatisfaction Growing
Companies want to reduce spending on IT operations and infrastructure and shift resources to revenue-producing areas, according to two new studies. But businesses leaders and IT executives are also registering higher levels of dissatisfaction with IT as more demands are placed on technology.
The reports, by the Hackett Group and McKinsey & Co., both agree that business executives want IT to do more to improve the bottom line while companies spend less on infrastructure in the process.
The bad news for people who work in IT operations is that large businesses expect to cut IT staff positions by about 2% this year, thanks to automation and outsourcing, according the Hackett’s survey of 160 businesses with revenues above $1 billion.
One path to improved automation will likely be through adoption of software-defined infrastructures, something Bank of America plans to do.
IT budgets will grow by 1.7% this year as IT pivots, increasingly, from a service-providing operation to a revenue-generating one, the Hackett Group said in its study.
IT managers are being told that “you’ve got to grow the business, not just run the business,” said Mark Peacock, an IT transformation practice leader and principal at Hackett.
McKinsey & Co., in its online survey of more than 800 executives — with 345 having a technology focus — also found that executives want less of their budgets to go to infrastructure so more resources can be shifted to analytics and innovation.
The McKinsey survey found that business executives are less likely to say now that IT performs effectively, compared to their views two years ago.
“The IT executives are even more negative,” wrote McKinsey, with only 13% of them saying their IT organizations “are completely or very effective at introducing new technologies faster or more effectively than competitors.” That percentage was down from 22% in 2012.
The negative results “likely reflect the overall rising expectations for corporate IT,” wrote McKinsey.
When asked how to fix IT shortcomings, respondents cited improved business accountability, more funds for priority projects and a higher the level of IT talent, the report said.
The Hackett Group survey didn’t report on dissatisfaction, but it did find that the top goal for IT organizations this year is “to strengthen partnership and goal alignment between IT and the business.”
Techies Demand More Money
February 11, 2014 by admin
Filed under Around The Net
Comments Off on Techies Demand More Money
Employers may need to loosen their purse strings to retain their IT staffers in 2014, according to a salary survey from IT career websiteDice.com.
Among the tech workers who anticipate changing employers in 2014, 68 percent listed more compensation as their reason for leaving. Other factors include improved working conditions (48 percent), more responsibility (35 percent) and the possibility of losing their job (20 percent). The poll, conducted online between Oct. 14 and Nov. 29 last year, surveyed 17,236 tech professionals.
Fifty-four percent of the workers polled weren’t content with their compensation. This figure is down from 2012′s survey, when 57 percent of respondents were displeased with their pay.
The decrease in salary satisfaction could mean companies will face IT staff retention challenges this year, since 65 percent of respondents said they’re confident they can find a new, better position in 2014.
This dissatisfaction over pay comes even though the survey, released Wednesday, showed that the average tech salary rose 2.6 percent in 2013 to US$87,811 and that more companies gave merit raises. The main reason for last year’s bump in pay, according to 45 percent of respondents, was a merit raise. In comparison, the average tech salary was $85,619 in 2012 and 40 percent of those polled said they received a merit raise.
Meanwhile, 26 percent of respondents attributed their 2013 salary increase to taking a higher-paying job at another company.
Employers realize tech talent is coveted and are attempting to keep workers satisfied by offering them a variety of incentives, the survey found. In 2013, 66 percent of employers provided incentives to retain workers. The two most popular incentives were increased compensation and more interesting work. Incentives that allow employees to better balance their work and personal lives were also offered, such as telecommuting and a flexible work schedule.
Skills that commanded six-figure jobs in 2013 came from some of the hottest areas of IT. Data science led the way with big data backgrounds yielding some of the highest salaries. People skilled in Knowing R, the popular statistical computing language, can expect to make $115,531 on average, while those with NoSQL database development skills command an average salary of $114,796. IT pros skilled in MapReduce to process large data sets make $114,396 on average.
Microsoft Buys Parature
Microsoft Corp said that they it will acquire cloud-based software maker Parature Inc, which assists businesses in managing help desks and provide other customer support services.
Parature’s software helps businesses provide automated customer service, manage online discussion boards and forums, and conduct online surveys.
The company’s customers include Ask.com, the U.S. Environmental Protection Agency, International Business Machines Corp and Saba Software Inc.
Microsoft did not disclose the terms of the deal.
The acquisition will boost Microsoft’s Dynamics unit, which makes business software and counts Mattress Firm Holding Corp, Pandora Media Inc and Nissan Motor Co as customers.
Cloud computing, a broad term referring to the delivery of services via the Internet from remote data centers, is a favorite with businesses because it is faster to implement and has lower upfront costs than traditional software.
Oracle Corp said in December that it would buy web-based marketing software maker Responsys Inc for about $1.39 billion to bolster its cloud computing offerings.
Salesforce.com Inc, the biggest maker of online sales management tools, said in June that it would pay $2.5 billion for marketing software maker ExactTarget, which helps companies reach customers on social networks through mobile devices.
Is The Tech Industry Going Independent?
Comments Off on Is The Tech Industry Going Independent?
The tech industry is undergoing a shift toward a more independent, contingent IT workforce. And while that trend might not be cause for alarm for retiring baby boomer IT professionals, it could mean younger and mid-career workers need to prepare to make a living solo.
About 18% of all IT workers today are self-employed, according to an analysis by Emergent Research, a firm focused on small businesses trends. This independent IT workforce is growing at the rate of about 7% per year, which is faster than the overall growth rate for independent workers generally, at 5.5%.
The definition of independent workers covers people who work at least 15 hours a week.
Steve King, a partner at Emergent, said the growth in independent workers is being driven by companies that want to stay ahead of change, and can bring in workers with the right skills. “In today’s world, change is happening so quickly that everyone is trying to figure out how to be more flexible and agile, cut fixed costs and move to variable costs,” said King. “Unfortunately, people are viewed as a fixed cost.”
King worked with MBO Partners to produce a recent study that estimated the entire independent worker headcount in the U.S., for all occupations, at 17.7 million. They also estimate that around one million of them are IT professionals.
A separate analysis by research firm Computer Economics finds a similar trend. Over the last two years, there has been a spike in the use of contract labor among large IT organizations — firms with IT operational budgets of more than $20 million, according to John Longwell, vice president of research at Computer Economics.
This year, contract workers make up 15% of a typical large organization’s IT staff at the median. This is up from a median of just 6% in 2011, said Longwell. The last time there was a similar increase in contract workers was in 1998, during the dot.com boom and the run-up to Y2K remediation efforts. Computer Economics recently published a research brief on the topic.
“The difference now is that use of contract or temporary workers is not being driven by a boom, but rather by a reluctance to hire permanent workers as the economy improves,” Longwell said.
Computer Economics expects large IT organizations to step up hiring in 2014, which may cause the percentage of contract workers to decline back to a more normal 10% level. But, Longwell cautioned, it’s not clear whether that new hiring will be involve full-time employees or even more contract labor.
U.S. Cloud Vendors Hurt By NSA
Edward Snowden’s public unveiling of the National Security Agency’s Prism surveillance program could cause U.S. providers of cloud-based services to lose 10% to 20% of the foreign market — a slice of business valued at up to $35 billion.
A new report from the Information Technology & Innovation Foundation (ITIF) concludes that European cloud computing companies, in particular, might successfully exploit users’ fears about the secret data collection program to challenge U.S. leadership in the hosted services business.
Daniel Castro, author of the report, acknowledges that the conclusions are based, so far, on thin data, but nonetheless argues that the risks to U.S. cloud vendors are real.
Indeed, a month prior, the Cloud Security Alliance reported that in a survey of 207 officials of non-U.S. companies, 10% of the respondents said that they had canceled contracts with U.S. service providers after Snowden’s leak of NSA Prism documents earlier this year.
“If U.S. companies lose market share in the short term, it will have long-term implications on their competitive advantage in this new industry,” said Castro in the ITIF report. “Rival countries have noted this opportunity and will try to exploit it.”
To counter such efforts, the U.S. must challenge overstated claims about the program by foreign companies and governments, said Jason Weinstein, a partner in the Washington office of law firm Steptoe & Johnson and a former federal prosecutor and deputy assistant attorney general specializing in computer crime.
“There are a lot of reasons to be concerned about just how significant those consequences will be,” Weinstein said. “The effort by European governments and European cloud providers to cloud the truth about data protection in the U.S. was going on well before anyone knew who Edward Snowden was. It just picked up new momentum once the Prism disclosures came out.”
Weinstein contends that European countries have fewer data protection rules than the U.S.
For example, he said that in the U.K. and France, a wiretap to get content can be issued by a government official without court authority, but that can’t happen in the U.S.
“U.S. providers have done nothing other than comply with their legal obligations,” he said. But because of Snowden’s leaks, “they are facing potentially significant economic consequences.”
Gartner analyst Ed Anderson said his firm has yet to see any revenue impact on cloud providers since the Prism disclosures, but added, “I don’t think Prism does U.S. providers any favors, that’s for sure.”
Nonetheless, Anderson added, “I think the reality is [the controversy] is likely to die down over time, and we expect adoption to probably continue on the path that it has been on.”
One reason why U.S. providers may not suffer is because “the alternatives aren’t great if you are a European company looking for a cloud service,” he said.
6 of 10 Companies Approve BYOD
April 18, 2013 by admin
Filed under Around The Net
Comments Off on 6 of 10 Companies Approve BYOD
More than six out of 10 companies allow or mandate the use of employee-owned mobile devices for work in order to increase productivity, according to a survey published on Tuesday.
While the BYOD (bring your own device) push has been at the forefront of press coverage, the majority of companies still provide at least a subset of devices to employees. One third of companies strictly mandate which devices can be used for work purposes and don’t allow any type of device provided by the employee, according to the survey conducted by the Computing Technology Industry Association (CompTIA), a nonprofit trade group.
The online survey of 502 U.S. IT and business executives was conducted in February. It also found that the most popular option, at 58%, was to have a mix of corporate-owned and employee-owned devices.
For 53% of those surveyed, the top reason for allowing employees to use or select their own devices was to increase productivity while employees are away from the office. Another reason was that employees like to use familiar devices.
Twelve percent of the respondents stated it was simply too difficult to stop employees from using their own devices.
CompTIA’s report said that companies looking to maximize the benefits of a mobile device-enabled workforce must “look beyond simply which devices are used and re-examine business processes and workforce needs.”
Companies should assess the specific needs of workers, rather than just deploying one device over another on a corporate-wide basis, said Seth Robinson, director, technology analysis, at CompTIA.
Passwords Continue As The Weakest Link
Comments Off on Passwords Continue As The Weakest Link
Passwords aren’t the only failure point in many recent widely publicized intrusions by hackers.
But passwords played a part in the perfect storm of users, service providers and technology failures that can result in epic network disasters. Password-based security mechanisms — which can be cracked, reset and socially engineered — no longer suffice in the era of cloud computing.
The problem is this: The more complex a password is, the harder it is to guess and the more secure it is. But the more complex a password is, the more likely it is to be written down or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant.
Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.
All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”