Last week the IBM attended the UKI itSM Forum and what a
great event it was! Some really thought provoking and motivating sessions, as
well as some truly interesting conversations with our clients and
Below are a few of the highlights from the sessions attended
- would be great to hear anyone else’s thoughts on what their key take-home
messages were from the event.
Session 1 – Introduction by Barry Coreless – Chairman of the
Barry talked about how he sees the future of ITSM – the
growing automated and ever more complex tool sets, and an ever increasing
bewildering array of devices. The main
take home message for me was that he believed that organisations that linked
best practices and industry disciplines are the ones that will truly succeed.
Session 2 – Keynote from Baroness Tanni Grey Thompson DBE
A fantastic motivational speech from Tanni – including memorial
statements like “if you are going to spend time thinking... then think BIG!” She spoke about why it is important to think
about how you can be the best you can be and how individual success if not
always about the individuals themselves, but about the team they have around
them. Tough times call for tough
choices, she continued, and it is how you deal with these, improve and move on
that is what will make you successful.
Session 3 – our own Ivor Macfarlane – Can IT people be
Ivor was introduced as a man whose middle name was “ITIL”
and clearly his reputation preceded him, as we had a full house with over 60 of
the 300 delegates in the room. Ivor spoke
about how Service Managers generally have a low profile, and are orientated to
achieving another person’s hopes and desires.
He carried on the debate by saying that the best attribute a Service
Manager can have is to be invisible! Continuing
that if management don’t empower you as a Service Manager then your stuffed! A final take key message was then given, “Go
to the board – change the change process!”
Session 4 – An interactive panel session hosted by Don Page
Some really interesting stats came up in this session to the
questions asked to the delegate audience my favourite 3 below:
1. 1. Cloud Computing is here to stay – what effect
will it have on ITSM?
Major – 43%, A
bit – 36%, A little – 17%, No Opinion – 4%
2. 2. Your business now understands and is taking
seriously the importance of ITSM as an essential business enabler?
Very Seriously – 12%, Lip Service
– 42%, We don’t talk to them and they don’t take us seriously -20%, Don’t Know–
9%, Don’t Care – 17%
3. 3. Should organisations encourage Social Media to
facilitate communication between IT and end users?
Actively encourage and support –
45%, Natural Course – 37%, No -13%, Don’t Know – 2%, No Opinion – 4%
Session 5 – Stephan Mann – Forrester Research - “Anyone
questioning your value?”
One of my favourite sessions from the event, very
interesting to hear an analysts point of view. He started by stating that
Service Managers can’t deal with the value because we don’t understand the
cost, there is little transparency IT costs and the value it brings. He continued saying that costs are
continually being cut, whilst the demand for IT continues to grow. He told
delegates to take an honest look at their ITSM capabilities and short comings,
in context of what business needs, then link IT services to business
outcomes. Final message for me was “Cost
is important but value is more important... if we could demonstrate the value
they would be encouraging us to spend more”.
Session 6 – Martin Neville – Flattening the Curve
In the last session of the day, Martin discussed what companies
should be looking for from their tool providers, and that the best tool providers
are proactive not reactive. He set out ground rules for both sides – be honest
from the start, early efforts pay interest in the long term, perception is reality – stats do not lie, the
time to innovate is at the start – not when things are looking desperate, short term contractual wrangling will damage
the relationship long term and most importantly KEEP talking!
Session 1- Nigel Mear –Solid Air Consulting - Answers on a postcode
Nigel spoke about how vision is our most valuable asset and leadership
is an act, rather than a position. We
need to show up and engage! It needs to be a progressive improvement, baby
steps are ok, and it needs to be realistic, achievable and practical – don’t
aim for perfection, do something practical.
His take home message for me really was for success, we have to
acknowledge the reality of uncertainty.
Session 2 – Christian F Nissen – CRN People, Denmark –
Acquisition and Implementation of ITSM Tools
Another really interesting session, starting with the
question should organisations use a SM suite of tools from one vendor, or best
of breed tools from various vendors and attempt to integrate them. The answer is not as simple as it seems! He
emphasised the importance of running a Proof of Concept before ever fully
implementing a new tool. Organisations
need to ask themselves, is this vendor that is sleeping or evolving and
Session 3 – Dennis Shields - The 2010 Machine
My final session of the day, Dennis opened the session by
explaining people like direction, but believe their managers are out of touch. Bad
management however means the unit will not function properly. People need to be
given clear and fair directives, otherwise efficiency plummets and costs
escalates, we need to take a long term perspective if the company and its
infrastructure is going to be successful.
In summary, fantastic event, and can’t wait till next year!
Today's post comes from Vidhi Desai, Market Manager, IBM Security Solutions.
Today’s business environment calls for information sharing at an unprecedented scale. Sensitive information is shared between organizations, end consumers and even business partners. The biggest challenge that organizations face in doing so, is how to ensure that sensitive information is securely shared with different parties and that the right people are accessing the data. With the adoption of cloud and Software as a service deployment models, ensuring secure access is even more critical and challenging.
Consider a scenario where a government agency needs to share information with different agencies, local governments, citizens or even with other business entities (eg. Revenue agency that needs to share information with citizens and other entities like a tax preparation service). If one of the entities is operating in a public cloud environment, its becomes critical for government to ensure that right person is accessing the right data without sacrificing privacy, security or scalability (party requesting information really is the government revenue agency or tax preparer they claim to be).
Over the past couple years, we have seen how the US government has taken steps to ensure secure sharing of data between agencies with regulations such as FISMA, which was introduced in 2002, bringing attention to the critical nature of cyber security and its impact on national security.
Identity is at the core of any information sharing transaction. Hence whenever an individual attempts to access secure online sites or web portals, their identity has to be verified to ensure they are authorized to view that data. Additionally from the end user or citizen’s perspective, they should be able to set up their identity once and then log in to multiple systems without having to log in multiple times.
Federated identity management is the solution which enables multiple applications to share user credentials based on trust. This is especially critical in supporting cloud deployments for secure information sharing across private, public and hybrid clouds. With federated SSO, users can log on to the sites of multiple businesses and organizations by using the same user id and password, hence gaining a seamless and secure entry to multiple applications.
Tivoli Federated identity manager from IBM is an access management solution that provides web and federated single sign on to end users across multiple applications resulting in improved user experience. Tivoli Federated Identity Manager enables central management of access, enhanced user productivity and facilitates trust by delivering single sign on across separately managed infrastructure domains, both within an organization and across organizations.
Today's post comes from Perry Swenson, Market Manager, IBM Security Solutions.
IT departments at financial services firms are under tremendous pressure to ensure servers, desktops, mobile devices and other endpoints are secure and compliant. At the same time, they’re continually looking for ways to save time and resources in areas like software licensing, patch management, asset inventory and security configuration. IBM Tivoli Endpoint Manager, built on BigFix technology, is helping these firms better understand and manage the status of their endpoints, regardless of where they’re located.
In the below video of Nate Howe, VP of Risk Management at Western Federal Credit Union talks about how Tivoli Endpoint Manager provides real-time patching for operating systems and third party applications and utilities. With over $1.4 billion in assets and 32 branches in 10 states serving more than 120,000 members nationwide, Western Federal Credit Union is one of the leading credit unions in the United States. Nate explains that they now have a single view into all aspects of the systems and security for their 400 employees, 100 servers and 2 data centers, including a better inventory of installed software. And, they can do more with fewer people, which enables them to focus less on infrastructure and more on business applications and enabling business automation.
Another customer that’s realizing benefits from Tivoli Endpoint Manager is SunTrust Banks, Inc. Based in Atlanta, SunTrust enjoys leading market positions in some of the highest growth markets in the United States and also serves clients in selected markets nationally. SunTrust has a highly distributed environment with nearly 1,800 branch locations and no local IT resources at most of those locations. Using Tivoli Endpoint Manager, SunTrust now maintains a 98.5 percent patch and update compliance rate. They’ve also decreased update and patch cycle times from 2-3 weeks to 2-3 days while increasing productivity through automation. Read the SunTrust case study here.
By enabling improved endpoint visibility and new levels of automation, Tivoli Endpoint Manager is a powerful solution to help financial services firms enhance their security and compliance.
questions ready for the next Ask the Expert (ATE) event will be held on
November 8th, 2011 from 8:00 am to 8:00 pm Eastern Time USA. Register for this event The "Ask the Experts Online Jam"
(ATE) is a valuable opportunity for Global Tivoli User Community (TUC)
Members to connect with real-world experts on a range of Tivoli
products. These experts, many from IBM development, are recruited to
answer questions on an array of product topics for a concentrated period
of 12 hours This upcoming ATE event will include experts on Tivoli and Maximo topics including: Asset Management (Maximo)
Tivoli Asset Management for IT • Tivoli Usage and Accounting Management • IBM Maximo Asset Management (IBM
Maximo Asset Management for Oil & Gas /IBM Maximo Asset Management
for Utilities /IBM Maximo Asset Management for Life Sciences /IBM Maximo
Asset Management for Nuclear /IBM Maximo Asset Management for
Transportation /IBM Maximo Asset Management for Service Providers) • Maximo Scheduler • Maximo Spatial • Maximo Linear
Network and Service Assurance
Tivoli Netcool/OMNIbus • Tivoli Network Manager and NetVIew
Security, Risk and Compliance Management
IBM Network IPS • Tivoli Endpoint Manager • Tivoli IAA bundle • z Secure
Service Availability and Performance Management
Tivoli Netcool Impact • IBM CloudBurst • IBM Service Agility Accelerator for Cloud • Tivoli Live • IBM Tivoli Monitoring (ITM)
Service Delivery and Process Automation
Change and Configuration Management Database (CCMDB) • Tivoli Service Request Manager (TSRM) • Tivoli Provisioning Manager
Tivoli Storage Manager (TSM) • Tivoli Storage Productivity Center •
Tivoli Storage Manager for Virtual Environments • TSM for Unified
This session will run from 8:00 am to 8:00 pm Eastern Time USA To accommodate AP and EMEA members, questions may be submitted 9 hours prior to the event. To find the time in your city check out the World Clock meeting planner website. WHY SHOULD YOU PARTICIPATE?
It's free to attend.
Your technical questions will be answered directly from the IBM experts themselves, no middleman!
You may ask as many questions as you'd like.
You can learn more about your products and gain a competitive edge for yourself and your company.
Keep up with the next generation technology, and get the scoop on new product release dates and the improvements being made.
ABOUT THE TIVOLI USER COMMUNITY The Tivoli User Community
(TUC) is the largest network of Tivoli professionals in the world.
With more than 30,000+ members in 138 countries and 160+ local and
special interest groups, the TUC links a global network of users,
developers, business partners, and IBM sales/technical staff. Members
share a common interest in increasing the knowledge of Tivoli and
Maximo software and solutions to solve business problems. Register to become a member today. We look forward to your participation.
It is only a week until the 2011 itSMF UK event in London (http://conference.itsmf.co.uk/agenda.html?event=1) where we are hoping to see and speak to many of our well known contacts and to take the opportunity to meet those of you attending that we have not yet had the opportunity to, be it on the IBM stand (F5) or in our session at 10.45 on Monday delivered by Ivor Macfarlane on "Can IT People be Service Managers?".
The event is always a great networking opportunity for those wanting to share their views with their peers and engage in lively debate over the current industry pain points, as well as hear from the industry experts on how they see the market shaping up in 2012 during some of the 40 sessions that are held over the two days.
This year’s session speakers include (but not limited to) experts from Tesco Bank, Deutsche Bank, Heineken, the Met Office, Barclays Bank,BT Global Services and Pepsico, not to mention keynote from Dame Tanni Grey-Thompson (Paralympics athlete with eleven gold medals and six wheelchair marathons) and Mark Hall (Deputy CIO at HM Revenue & Customs).
We encourage you to visit us on the IBM on our stand – F5, where we will be running a series of live integrated product demos, sharing our newest whitepapers and thought leadership papers. All delegates will be welcome to come and discuss with our technical experts where they think Service Management is heading and perhaps learn about new product offerings and the tools IBM has that can help organisations address the challenges they are facing.
Some ideas that we think will be the "hot topics" on our stand:
How ITUP (a free download for you!) can underpin your efforts in building ITIL processes - and how we are already ensuring it stays in line with ITIL now that the 2011 is here
How we have adapted our key SM software to cloud/SaaS. Come and see Tivoli Live!!
People are your major asset - we can help with getting your staff to 'get it' – with tools like simulator – both classroom and on-line versions
And - of course - the Smarter Planet concept - you've seen the adverts on TV, in magazines and elsewhere – now come and talk about what it really means to real people!
Throughout the two days you will also be able to Play IBM’s Watson supercomputer at Jeopardy!... can you beat it?IBM’s Watson is a real time, natural language processing
We will also be attending the annual Awards Dinner on the Monday evening, so would be more than happy to discuss things over a much needed glass (or more) of wine while listening to Lenny Henry's jokes!
Of course we hope to see you as many of you as possible at Ivor’s session on Monday; in case you have not seen the summary on the itSMF UK website, here is what he will be addressing this year:
“The need for ‘people, process and technology’ working together for successful service management is well accepted. Technology is ever more sophisticated and ITIL and COBIT ensure process is taken seriously, but the people aspect of SM does not get the attention it deserves. Successful services rely on more than creating IT applications and installing technology. Bridging the gap needs more than just adding a little extra learning – it needs a genuine change in culture, attitude and understanding.
The changes required involve focusing on every aspect of the service, how it is to be used and why – and how – it is important to the organization. Effectively, this means seeing it from the customer’s perspective. This talk will approach these issues and aims to illustrate some of the key concepts – using analogy and hopefully a little humour to explore the human elements: • what’s involved • what prevents it happening • the key aspects we should build the new culture around”
Of course will be tweeting throughout the day - @servicemgmt - so make sure you follow us and join in the debate there too!
We will continue blogging after the event, so come back and read our take on the highlights from these two fun-filled days.
Today's post comes from Veronica Shelley, Market Manager, IBM Security.
With IBM's October 12th SmartCloud launch, perhaps you're considering cloud computing for your organization. After all, the benefits of cloud computing are well known. Cloud computing is flexible, scalable, and cost-effective, and it's a proven delivery platform for providing business or consumer IT services over the Internet. Cloud computing can help you cut costs and IT complexity, provide new services to customers, and streamline business processes. Cloud computing is gaining in popularity and may be the wave of the future. Yet, many organizations hesitate to get started due to security concerns and confusion over how to get started.
Perceived risk versus actual risk
Cloud computing may seem new, but the fact is companies have been outsourcing services and technology for years. Providers already deliver hosted technology offerings that are located off-site with client access via the Internet. This is a common scenario for services such as remote storage or hosted email and other software as a service (SaaS) solutions. And just because companies may give up some control to the provider when they move to a cloud-based environment (just as they give up some control in any outsourced arrangement), it doesn't mean they have to compromise on security. By asking the right questions and adequate preparation, companies can build a "trust and verify" relationship with the cloud provider they are working with.
Questions to ask to ensure cloud security
It's important to remember that the same factors apply to ensuring security whether it is cloud-based or within a traditional IT infrastructure. The key difference in the cloud model is that it includes external elements, and those elements will be managed by the cloud service provider. This means companies need to understand the environment beyond their own data center and consider how it impacts the organization from a security standpoint. To help ensure security and peace of mind, as well as a good working relationship with the cloud provider, the client company should always identify and prioritize cloud-specific security risks beforehand. Often, companies will find they have the same amount of control, if not more, with a cloud service.
There are specific tactics an organization can use to enhance cloud security. For identity and access management issues, companies need to control passwords, support privileged users and enable role-based access to these cloud services. With data protection, a key concern is knowing whether or not a company's hosted data is secure, especially if data from rival companies is also being stored on the provider's cloud service. Companies should also ensure the cloud provider is deploying antivirus software on all supported systems that could be exposed to attacks, and ensuring that selected programs can identify and protect against malicious software or processes. From an auditing and monitoring perspective, companies need to determine how the cloud provider is testing and monitoring the infrastructure to meet legal and regulatory requirements.
Reaping the benefits of cloud
Organizations interested in reaping the benefits of cloud can best begin by understanding the security ramifications of a cloud deployment to their business, keeping in mind they can start small by deploying cloud in low-risk workload areas like email services. This easing-in process gives organizations valuable time to become familiar with cloud on a scale that's simpler to grasp and doesn't put them at increased security risk. And as familiarity of cloud and trust in the provider grows over time, companies can expand their use of cloud computing into other areas of business. By following this gradual path, companies can start enjoying the benefits of cloud in a way that's safe and secure.
IOD 2011 is just around the corner, and it should be no surprise that I was psyched to learn that Washington correspondent and anchor for BBC News Katty Kay is hosting the conference.
Full disclosure: I drive a Mini Cooper, I watch Doctor Who and I follow Neil Gaiman on Twitter.
So, yeah. I was also excited to see that she's going to be on stage with great IBM speakers like Jeff Jonas, Robert LeBlanc, Mike Rhodin and Steve Mills.
As if that wasn't enough (and there are a bunch of other IBM speakers not listed), guest speakers Mike Lewis and Billy Beane will also be there. Mike Lewis wrote the book Moneyball: The Art of Winning an Unfair Game and Billy Beane is the VP and General Manager of the Oakland Athletics (the subject of the book).
I know, right? It's a pretty great group of speakers.
Having attended IOD in the past, it's a great show that I know that customers and business partners are going to get a lot of value out of.
Tivoli will be at IOD, and we're looking to meet customers such as yourself who are attending the conference. Here's a list of where you can find us:
IBM Tivoli Ped (Booth 101-04): IBM Tivoli/Predictive Analytics for IT and Service Management
IBM System z Software (aka, System z Zone): OMEGAMON for z/OS Management Suite (Booth 105-05) and System z as Enterprise Security Hub (Booth 105-06)
Smarter Computing Zone (Booth 101 and Booth 515)
IBM Expo Theater (Booth 001): October 24, 05:30 - 06:00 - Consolidated Data and Application Security Management (Session: ISA-4198A)
October 25, 11:15-12:15: Securing Your Mainframe Virtual and Cloud Services With Enhanced IBM zSecure Suite (Session 4153A - Mandalay Bay North Convention Center - Mariners B)
October 25, 2:30-5:45: Predictive Business Service Management Leveraging Performance & Capacity (Session 4142A - Mandalay Bay South Convention Center - South Seas D)
October 25, 4:30-5:45: Security & zSecure at Mariners B – Mandalay Bay North Convention Center (Session #4097A)
We have a website with more details and of course you can follow the conversation on Twitter #iod11 and watch the general sessions on the Livestream.
...and speaking of Las Vegas and IBM Conferences. The Pulse 2012 call for speakers deadline is fast approaching (November 7). See Jen's Pulse blog for the details on how you can submit a session proposal.
Today, IBM has a number of exciting announcements around SmartCloud. It's such a big announcement that we might have to turn it into a national holiday (which wouldn't be cool for the one dude waiting by the mailboxes for his copy of Zookeeper on BluRay).
Why Cloud? Why Now?
When we listen to customers across industries, we hear them tell us about the bold moves they must make to stay ahead of their competition. They tell us about how they need to quickly and efficiently provide new and innovative services to their customers.
Speed to market. Efficiency. Reducing costs.
These are their watch words and they look at cloud computing as a technology that offers these advantages.
That said, there's also a requirement to ensure the same levels of governance they currently have set in place. They also want to ensure that they are reducing (not increasing) their level of risk. And, of course, it has to be done securely.
Can all of this be done with cloud computing?
I would not joke about delaying that dude's copy of Zookeeper if it wasn't.
In all seriousness, yes it can and IBM has been helping customers do this for a while now. We've been successful with a large number of customers already and these new announcements build upon our previous success and really enforce our message: "Rethink IT. Reinvent Business."
IBM offers clients the freedom of choice to find solutions that meet their business requirements ranging from a portfolio of cloud solutions targeted directly at the enterprise to a choice of delivery models (public, private and hybrid) as well as expertise and service management capabilities.
There are a number of announcements in this launch across every brand in IBM (all of which are on the website).
For this blog post, I'm going to focus on IBM SmartCloud Foundation.
IBM SmartCloud Foundation
There's a full press release on this, but basically the SmartCloud Foundation family of private cloud solutions help companies quickly design and deploy private cloud environments with a new level of control over cloud service delivery and management.
As organizations take the next step beyond virtualized data center and begin to expand their cloud environments, they are concerned with managing what has become known as "image sprawl."
The SmartCloud Foundation portfolio contains these offerings:
A new cloud ‘starter kit’ - IBM SmartCloud Entry is prepackaged, private-cloud software that provides simplified cloud administration, standardization of virtual machines and improved operations productivity with an easy-to-use, self-service interface (highly optimized for IBM Power and System x hardware).
A new powerful provisioning engine and image management system – At the heart of cloud computing is the ability to dynamically create or "provision" virtual machines. Called IBM SmartCloud Provisioning, the software can create hundreds of virtual machines in less than a minutes and scale to more than 4,000 virtual machines in less than an hour.
New cloud-based monitoring software – IBM has applied its industry-leading monitoring expertise to create cloud-specific software called IBM SmartCloud Monitoring. It provides greater visibility into the performance of virtual and physical environments: storage, network and server resources.
Just a few kilometres from where I live
there is a great spot for walking – with or without a dog. It is quiet and
traffic free, with spectacular view across the countryside. The grand
perspective across surrounding countryside was likely more appreciated in
earlier days; it is the site of a 2500 year old hill fort with the
earthworks still very obvious and impressive despite being worn down by the
One of the things I love most about the
site is how very little we really know for sure about it, the people who built
it and how people actually lived there. There is a goodly amount that can be
inferred from what is left, but when walking around it you do feel that we can
only know a little, presume a bit more, guess a good chunk and – importantly –
accept that there is much we do not know and will never know.
It seems to me that this acceptance of what
we do not know, and more importantly what we cannot know, is a hard thing to do,
and one we as a society are getting rapidly worse and worse at. Maybe we expect
too much? Certainly if we were to take too seriously some of the criminal
investigation TV programmes we see we would believe we can know everything –
where a small nick in a 10 year old bone can lead to complete diagnosis, arrest
and conviction in a single 45 minute episode.
Of course, real life is rarely like TV, but
there does seem an increasing belief that we can know everything, which I
doubt is justified by any kind of objective assessment of our own lives. It is
almost as if we believe that we can find out anything we want – or that we can
ask an expert who will simply tell us what we need to know. In fact there are –
even now –many things we do not know, and will never know. That is true in most
aspects of life – from what our children get up to through to configuration
management – the trick perhaps is to accept that and make the best use of what
we can know. That includes realising that what we do think we know may not be
100% accurate – but that is it still useful all the same.
Way back last century, I studied Physics at
University. Well, I was supposed to
be studying Physics, I certainly recall making TV programmes and being in the
bar – somehow my memory can’t have stored all the time I spent studying.
But one thing I do recall was that in the
lab work the answer ALWAYS had to be expressed in terms of the uncertainly –
the temperature of the liquid under examination was not 23 degrees – it was
something like 23 º
± 2º. Being realistic about your accuracy was seen as a critical aspect of
And rightly so. It
is of critical importance, because if we just think that everything we know is an
absolute black and white fact – then we will make bad choices. Being aware of
the accuracy does – or certainly should – affect our decisions. If you want a
common example of where we get it wrong then think about some of the customer
satisfaction surveys you may have seen in your time. Even a good customer
survey will show only a good indication of opinion, attitude and desires. It
will never be totally accurate but it can be useful – especially in terms of
availability is about averages, happenstance and luck – so a 99% availability
does not necessarily mean 99% customer service delivery – because you don't
know when that bad 1% will happen – and so don’t know what affect it might
have. Is it going to be peak period or quiet time? But it can help us decide how
to build and manage systems – and lead us into sensible risk/benefit decisions.
In fact getting on and using the data you do have might be a good mantra? All
too often we seem to seek data for its own sake rather than because we see a
need for it.
Those people who built that hill fort 2500
years ago certainly knew a lot less facts and data than we do. But they knew
what they needed to know to do a good job and made great use of what they did
know. Hopefully we can use the knowledge and data that we have without being
distracted by trying to get even more? And then maybe our constructions will
also still look good in 2500 years.
Maybe you can spot some places where you
are spending time, money and worry tying to get ever more precise data that you
don’t really expect to use. Or more likely you can see where – or your
management – take as absolute data that you know is actually just an estimate
within a significant range of values?
Today's post comes from Vikash Abraham, Market Manager, IBM Security.
Virtualization has proven its business worth as a technology, however there is still limited understanding about how to secure it. To many, the question still remains - why do virtual environments need separate security when we have already secured the physical environment i.e. physical servers and the network in a data center. To answer this, it is essential to understand that the virtual environment creates a totally new layer above the physical server, which in turn, acts like a mini data center with all the complexities of multiple virtual machines, hypervisors, virtual networks and virtual appliances. The biggest risk that comes with a virtualized environment is the lack of visibility into it. Thus even if the environment is being attacked it isn’t necessary that the administrators are aware of it. Hackers are also excited with the hope of unveiling a set of new vulnerabilities that this environment could come with.
Having realized this risk of vulnerability and possible loss of millions-worth of data, the PCI Security Standard Council has come up with compliance guidelines for virtual environments. In June 2011, PCI group released ‘PCI DSS Virtualization Guidelines’ that broadly describes aspects that need to be considered while securing a virtual cardholder data environment. The guidelines consider the new entities that pop up with virtualization, such as Hypervisors, Virtual Machines, Virtual Appliances, Virtual Switches or Routers, Virtual Applications & Desktops and provide the virtualization considerations across the 12 PCI DSS requirements.
It is clear that a new approach to security is required, with concepts like ‘secure by design’ making further sense in this multilayered environment. Also, a specialized security solution would be needed to provide visibility, control and proactive protection. The solution needs to protect all entities of the virtual environment and monitor data that is being shared between these entities.
While securing virtual environments, the physical components of the data center should not be ignored. These physical components should continue to be secured as it would have been prior to virtualization. The PCI guideline points out that to ensure total security, the entire infrastructure hierarchy needs to be secured. This means that even if only one Virtual Machine (VM) is carrying cardholder data, both the hypervisor and the physical server need to be secured. Since the VM sits on the hypervisor and the physical server, a compromise to either of them can lead to the VM getting compromised.
Also with the increasing buzz around Cloud computing and Cloud-based service offerings, there would be further security requirements and considerations that need to be implemented to create a secure Cloud based cardholder data environment. However, if Cloud is considered as the next level of virtualization, the additional security required would be on top of the current virtualization considerations.
An enterprise would one day need to move on to the virtualized environment, considering the pressure to carry out continuous optimization and increase utilization. This would also mean that the ever growing cardholder data would need to move into this environment. The current deterrents that hinder this move are the lack of understanding of the environment and its security requirements to achieve a PCI compliant datacenter. However, sooner or later, the compelling business advantage of virtualization would push a CIO to take that leap.
Good news from the Application Portfolio Monitoring (APM) team.
The 2011 Gartner Magic Quadrant for Application Performance Monitoring (APM) has been released, Gartner has identified IBM as a leader.
I think I speak for everyone at IBM when I say, "W00T!" (which is leet, for "awesome!")
Talking to customers, this is no surprise. The APM portfolio is a "fan favorite" among companies worldwide and IBM is delivering solutions built on innovative technologies that provide superior value for our customers and their business.
For folks familiar with our APM portfolio and for new readers (welcome), I recommend getting your hands on a copy of the Garnter Magic Quadrant for APM and see what they have to say.
Next, there a number of useful pages about IBM Tivoli monitoring solutions on ibm.com.
And, of course, contact your IBM sales rep or one of our Business Partners using the Business Partner Locator website to talk about the Magic Quadrant and how the product portfolio can meet your business needs.
In the comments section below, please feel free to talk about the APM portfolio and how you are using the products in the portfolio.
I am going to tell you a story, and the truth is it's probably pretty familiar to you already.
Here goes: in today's competitive market, your services are what make your organization innovative. They are what set you apart from your competition.
They are what have taken your IT from being seen as a "cost center" to playing a role as one of the most crucial parts of your organization's success (or failure).
The services you provide are what make your organization innovative. Failure on the part of IT can mean failure for everyone.
(No pressure. Am I right?)
By definition, a competitive market is one that is in constant states of change. New customer demands. Competitive maneuvers. New service offerings. Industry or government regulations.
Speed is of the essence. But, of course there's the need to ensure that everything stays within the governance you've put in place, your security policies and of course you're trying to be as risk adverse as possible.
Doing all of this while navigating the complexity of your IT.
(Like I said. No pressure.)
This is the story you already are pretty familiar with. So now, let's talk about what we do about this.
Today, Tivoli along with Rational and WebSphere are a part of a larger IBM Software Group launch around Business Agility.
There are a number of announcements around Business Agility - about providing you with "business agility levers" that assist with combinations of technology capabilities that accelerate the path to agility with reduced cost and greater efficiency.
This is the start of a series of blogs where we'll be discussing a number of the business agility levers. Today, I'm going to talk about one; Predictive Business Service Management. My next blog will focus on Collaborative Development & Operations.
Predictive Business Service Management
With Business Service Management solutions from IBM, organizations are able to put services in the proper business context so that both IT and the business teams can accurately see the complex relationships their services and supporting technology infrastructure have with each other.
On Tuesday, IBM announced a new version of the Tivoli Business Service Manager solution. Key to this new version (Announcement 211-444) are role-based dashboards with easy self-service, drag & drop capabilities to customize a user’s visibility into key service health indicators, KPIs, and business or IT detail required for their role or tackling a current issue.
That level of "Visibility" can be taken to a new level when organizations leverage Predictive Analytics.
Business service disruptions and outages cost organizations millions of dollars per year. Even with existing investments in infrastructure monitoring and performance management solutions, organizations are often unaware of an impending service issue…until it is too late.
Predictive Business Service Management identifies performance issues in an organization's IT and network infrastructure prior to these costly service disruptions or outages. With this type of early warning system, detection is done early enough that mitigating steps can be taken to stop the issue from ever negatively impacting critical application or business services. Put simply: it finds problems before the organization knows to look for them.
Also on Tuesday, IBM previewed a new solution for predictive business service management that will address predictive business service management (Announcement 211-468).
For more information around everything that is happening around the Business Agility launch contact your IBM sales rep or one of our Business Partners using the Business Partner Locator website.
Also, we're doing something a bit new with this announcement. The IBM Software Group Blog, Impact Blog, Rational Blog and this blog are all telling the story together. You'll be able to click across the different blogs and get more information about all aspects of this launch.
Today's post comes from Anne Lescher, Product Marketing Manager, IBM Security.
Many enterprises run their mission critical application workloads on their mainframe systems. They would like to centralize their application security controls, security policy enforcement, data protection, auditing reporting and compliance management for a consolidated view of security. They are looking for smarter security intelligence that will help them leverage the mainframe as their enterprise security hub.
IBM Security zSecure suite V1.13 consists of multiple individual components designed to help you administer your mainframe security server, monitor for threats, enforce policy compliance, audit usage and configurations, and assist in compliance management and audit reporting.
• IBM Security zSecure Admin, Visual, and CICS Toolkit provide administrative, provisioning, and management components that can significantly reduce administration time, effort, and costs, and help improve productivity and response time, as well as help reduce training time for new administrators.
• IBM Security zSecure Audit, Alert, and Command Verifier provide security policy enforcement, audit, monitoring and compliance management components. These offerings help ease the burden of compliance audits, can improve security and incident handling, and can increase overall operational effectiveness.
New Security zSecure suite V1.13 capabilities offer enhancements for DB2, CICS, and IMS application security auditing that:
• Automates security analysis of CICS and IMS transactions and programs
• Provides automated determination of which System Authorization Facility (SAF) classes are being used by each active IBM DB2, IBM CICS, or IBM IMS subsystem
• Enhances Access Monitor and allows you to improve data consolidation
• Allows annotating userid displays with data from external human resource files such as department and employee number
• Adds globalization enhancements to support international language support and auditing
• Allows addition of your own sensitivity classification, audit concern, and priority to data set names and general resources
• Supports currency with z/OS V1R13, ACF2 R14 and R15, CICS V4R2, and Top Secret R12, R14, and R15
• Extends integration with Communications Server and provides various interface improvements
Today's post comes from Anne Lescher, Product Marketing Manager, IBM Security Solutions.
As the mainframe continues to extend support for
consolidated workloads on System z, enterprises should strongly consider
utilizing the mainframe as their enterprise data and security hub. Mainframes are uniquely able to protect
information with a rich collection of encryption capabilities that includes
self-encrypting tape and disk storage for data at rest, in addition to robust
access controls, file level encryption, database encryption, and communication
encryption protocols. Now with the mainframe’s ability to support virtual
workloads, organizations can create cloud environments with protected data
available for shared innovative collaborative ventures.
Encryption is the ultimate solution for protecting sensitive
data. But many practitioners are reluctant to utilize encryption due to
concerns of performance overhead, disruption to their operations and changes
required in their applications, and encryption key management complexity. But
the biggest fear of all is losing all access to encrypted data if the
encryption key is ever lost or forgotten.
In most cases, organizations have less and less choice over
when and how to encrypt information as more and more industries and governments
enact legislation and standards that mandate the use of encryption.
industry via HIPAA HITECH in the US protects sensitive patient
transactions mandate encrypted payment card information with PCI-DSS
financial information must be protected as regulated by SOX, GLBA, etc.
notification regulations include 45 US
states, national laws protecting
their citizens data such as in Italy, the recent rules
changes for the EU Directive on Privacy and Electronic Communications,
So a superior encryption key lifecycle management solution
is essential in order to implement the best end-to-end security which protects
enterprise mission critical data and sensitive personal information.This solution should include standards based
key management and help:
Centralize and automate encryption key management process
Work with hardware based encryption built into a
variety of IT components like self encrypting tape and disk drive
Reduce the number of encryption keys to be
managed through techniques like key wrapping of unique keys per device
Simplify encryption key management with an
intuitive user interface for configuration and management
Maintain performance by using hardware
acceleration and not slowing down data access paths
Facilitate compliance management of regulatory
standards with proof of encryption for safe harbor from disclosure requirements
Leverage open standards like the OASIS standard
Key Management Interoperability Protocol (KMIP) to give the choice of best of
breed components and facilitate vendor interoperability
Operate transparently without requiring code
IBM Security Key Lifecycle Manager for z/OS allows enterprises to fully exploit the security strengths of their mainframes to act as both an enterprise data hub and an enterprise security hub for the consolidated workloads that run on the newest System z platforms.
For more information, you can visit us online here.