When you think of the levels of innovation you are required to give to the business, cloud is the right technology to do it.
Since the Cloud lives on the Internet, which is built upon the "bricks" of open standards, it should not surprise you that there is a drive to an ubiquitous Infrastructure as a Service (IaaS) open source cloud computing platform for public and private clouds.
In October 2011, my neighbors to the South at Rackspace founded the OpenStack Foundation.
Today, IBM is announcing that we will be joining the OpenStack Foundation as Platinum-level sponsors along with AT&T, Canonical, HP, Nebula, Rackspace, Red Hat and SUSE.
The OpenStack Foundation has a great blog post that covers what's happening today and what the next steps will be.
This is the start of a very exciting future for cloud computing and of course there will be more news coming from the OpenStack Foundation in the weeks to come at events like the OpenStack Design Summit & Conference in San Francisco on April 16-20 and IBM Impact in Las Vegas on April 29 - May 4.
For most of last week I was attending and –
I hope – contributing to itSMF’s international publishing meeting. This was
held in Warsaw in beautiful spring weather, while
was being blasted by wind and rain. That was nice but nowhere the most
important or most pleasurable thing that the week had to offer.
Now, first a little background, just in case
there is anyone who does not know what the itSMF is. The letters stand for IT
Service Management Forum – and that sums it up quite well: a place for those
interested in ITSM to talk, learn, teach, compare and discuss. Part of that communication
naturally involves publication – and our group focuses on that – from reviewing
others’ books through translation and dissemination to encouraging authoring
and publishing books. Crucial to its attitudes and success, itSMF is a
non-profit organisation, owned by its members.
OK, as you may imagine it is – as well as serious
working meeting – a chance to catch up with friends and colleagues of the ITSM
global village. And the active ITSM community really is like a village, except
that it spread across some 50 countries – we have all the relationships that
you would expect: friends, enemies and lots in between.
All of us have our day jobs, many of us
working for cut-throat competitors but that all gets set aside and we settle
back into our ‘all in this together’ mode. One of things that I came back from Warsaw thinking about was
that different set of attitudes we have while focused on itSMF business. Some
of that rests upon the different nature of not for profit organisations – at least
compared to the more usual owned by shareholder companies. It is hard sometimes
to make the switch, but a good lesson for anyone in the service management business
to realise the differences that do exist. Probably the best description I know
is this one: ‘Commercial companies need to do things to in order to make money;
not-for-profit organisations need to make money in order to do things’.
That makes the non-profit member owned
organisations a lot like government – and like governments today we are strapped
for cash. These are hard times and no-one has much in the way of spare money.
But we still strive to fight against what would be a sensible approach for an
organisation focused on shareholder value. We still need to deliver what the ‘right
things’. From our publishing perspective it would be tempting to look only at
safe books – rearranging established best practice into easier, shorter or
simpler reads. Instead though, everyone at our meeting sees that we need a
focus on innovation and stretching our industry.
Of course we need to be financially successful
with enough of our projects, and we have work to do on building a firm base to
take ourselves – and our industry – forwards. But I am proud that the books we
have already managed to publish contain real industry innovations and new
perspectives – both on service management as you would expect but also into wider
topics such as organisational change.
So, I came back feeling the need to write
down how much work people put in – for nothing – last week. I’m not claiming I did
that much, but lots of work was put in, and even more commitments made to keep
the momentum going and I felt that it was a few day’s work I was proud to have
been a part of and an effort worth recording
here. In some later blogs I might relate more about other aspects of the trip - like using budget airlines and the change in perspective of value that goes with that.
So – please go read about what we have
already managed (6 books published, quarterly magazine, whitepaper competition
etc.). You can find out about the books are – and read the magazines for free
by going to http://www.itsmfi.org/content/publications.
If that gets you interested in how you can get your ideas written up and out
there then get in touch. My portfolio responsibility is ‘Authoring’, so I would
love to hear from you. We are keen to find new authors, for whitepapers, books
or articles – and happy to offer any level of support you might need – from
final review through mentoring and even to co-authoring or ghost writing.
By my next blog, I will be back in successful
company mode, but it is good to remember that the commercial companies also
live in and benefit from the wider community. It is good to see that being
recognised through sponsorship and support. IBM sponsored the meeting last year - this time we had support from TSO and BTC. massive thanks to those companies. With more support next year we should have more people and achieve even more.
The final day of Infosec has now finished and what a fantastic event it has been. We had a total of NINE excellent sessions and many many great conversations with attendees wanting to know more about IBMs wide range of security solutions. We also made two new security product announcements at the show – for more details go to the press room on the IBM website here - http://ibm.co/Ii9Nfm
We had one session in the technical theatre today, given by Robert Freeman on IBM XFORCE cyber security threat landscape. The session was very well attended, with over ninety people in the room as well as it being live streamed into conference hall. Robert began the talk by explaining the IBMs X-Force team mission, giving some great stats around the analysis they do. For more information on this and to download the report etc please see below.
Robert then explained how IBM viewed 2011 as the year of security breach. He gave examples of notable security breaches during the last twelve months, including some of the high profile ones we have all seen in the national press. These includedSQL injection attacks against web servers, URL tampering, shell command injection attacks, SSH brute force activity, and phishing based malware distribution and click fraud - which is back up to where it was in early 2008. As had been mentioned in other IBM sessions, Robert spoke about the decline seen in web app vulnerabilities - a decline of 8% from 2011 and the lowest it's been since 2005. He also talked about how there are now much better patching policies due to pressure from public at large and he predicted there will be continued investment in this. Robert closed the session by talking about the security challenges emerging in the emerging areas of cloud and mobile. Smartphones and tablets are ever increasingly being brought into the workplace and attackers are finally warming to the opportunities these devices represent. Unfortunately 3rd party apps can lack secure permission coding etc leaving them vulnerable to attacks. He finished by talking about some of the high profile cloud breaches which are affecting known organisations and large amounts of customers. Good Cloud security requires cloud appropriate workloads, a flexible provider and effective due defence on part of the customer. If anyone is ingesting in learning more about IBMs many security solutions, then please register for our Pulse Comes to You event in London on the 30th May here -http://ibm.co/JgmnZD If you can't attend the event then follow me on @Rswindell or @IBMPulse, as I will be posting updates through out the day. I will also be blogging here both pre and post the event. Please follow @IBMSecurity for more information specifically on our security events, news, collateral and more. If you attended the event, I hope you enjoyed it as much as I did. See you next year!!
IBM had another great four speaking sessions today, and a
colleague of mine -Lauren Mort (@Laurenmort2), joined me to help with our
social media activities throughout the day. Below are the key points that
Lauren and I thought were raised during the sessions.
Despite our first session being a report of the one given
by Simon Smith yesterday, we still learnt some more interesting facts whilst he
took the audience through the journey from basic, to proficient to a final
state of optimised security (which you can see in more detail in our blog from
yesterday - http://ibm.co/IoV9ju). Simon talked about how the optimisation
needs to be the specific to the individual company, be it a large multinational
bank or a 100 person company in the UK. A good security model can mean high
levels of staff retention, because employees are able to be innovative on other
projects, rather than having to deal with the daily struggle of keeping the
about how you need to start understanding what in your network is a normal
state and what isn't a normal state in order to achieve the desired “optimised”
state. The security needs to fit your business processes to ensure the maximum
amount of availability on your systems. Simon finished
by talking about how security needs to be built into the design, in an ideal
world from the word go – which often is untenable, but it certainly should not
just be a “bolt on”. Security is all about risk, and it’s the effective
managing of this risk that can lead you to the desired “optimised” state.
The second session of the day was given by John Smith on application security hacking 101 – to a packed room of over 70 people! He opened the
session by talking about the work of our X-Force team, who monitor 14b security events every day and produce an
annual trends and risks report on what security breaches etc we have seen over
the last 12 months. John talked to the
audience about SQL injection attacks against web servers, and how they are on
the rise - saying there must be a return for the attacker even if it is not at
apparent at first. John told the
audience that in 2011, 41% security vulnerabilities affected web apps – which is
good news as that was down 8% from the previous years, and the lowest it’s been
since 2005. This stat shows the organisations are taking the important steps
needed to address this problem – by using products like IBMs AppScan!
continued the session by looking into XSS vulnerabilities, which still appear
in 40% of app scans that IBM perform for companies – which he said was scary as
they can so easily be addressed. John explained how injection flaws have “become
the poster child of application security”. John then gave the audience an example of an
XSS attack, and how much easily a lot of damage can be done, despite warning
end users of such possibilities.
the discussion by looking at black box (dynamic) analysis & white box
(static) analysis, and gave examples of how these both work. He then offered all the audience a free
demonstration of IBM AppScan on their own networks – which many of the audience
took him up on!
Rob Ford and
Jef Gielkens were next up for IBM, who gave a presentation on Integrated, Intelligent
Security analytics for Enterprises. They talked about as the world is becoming
more and more digitalised and interconnected, we are opening the door to
emerging threats and more data leaks. They looked at four key components that
we are currently seeing, all of which are affecting IT Security in some way – Data
Explosion, Consumerisation of IT, Everything Everywhere and Attack Sophistication.
Jef then looked at the different attacker types and techniques that we are now
seeing, and how this is making security a board room discussion, be in
affecting brand image, business results, supply chain, legal exposures, impact
of hacktivism and audit risk.
about how it is no longer enough just to protect the perimeter, silo point
products are not enough to secure your enterprises, IBM is integrating across
it silos with security intelligence solutions. He spoke about the
X-Force protection systems – which is a purpose built, multi tenanted
infrastructure designed to collect, aggregate, store, summarise and analyse
data to derive the events of most interest.
Rob then took
over and showed the audience the MSS architecture overview and how it
can be used to optimise security intelligence. He looked into suspicious hosts
and IP intelligence. He then took the audience through three use case scenarios
– visibility despite encryption or obfuscation, identification of reconnaissance
and infected websites. Jef wrapped up the session by stating that intelligent
security solutions provide the DNA to secure a Smarter Planet.
Rob Whitters gave the final session of the day for IBM (entitled
Next Generation SIEM in Action), who has just joined IBM through the
acquisition of Q1 labs. Rob opened by giving a brief history of Q1 labs and his
involvement with the company. He explained that Q1 labs
solve customer problems with total security intelligence. He explained how they
are able to help customers look at the threats on their networks, predict risks
against the business, consolidate data silos and detect insider fraud. Rob
spoke about how the product can be used to link context to what threats we are seeing
on the network, where it’s from, which asset it is affecting, changes in
network protocol etc and from this derive vulnerability data.
Rob then took
the audience through a demonstration of the QRadar product, looking at the
customisable dashboards, the role based permissions/access and various
workflows. He explained how QRadar allows you to get to the facts quickly and
the data allows you to be proactive, to do something intelligent with it. He closed by talking about some of the 1500
report templates available inbuilt in the product, that can be used to
demonstrate immediate value.
If you would like to see live comments during the day from the show, please follow
me @RSwindell and @IBMSecurity.
this free webinar, the Tivoli User Community is given an exclusive
opportunity to see a demonstration of this new SmartCloud offering and
ask questions of the IBM product team. IBM SmartCloud Control Desk is a
unique new offering that
provides integrated management, and analytics-driven ITIL process
automation.SmartCloud Control Desk
provides a single platform—at a single price point—for managing incidents,
problems, service requests, changes, configuration, releases, assets,
procurement, service levels and licenses, and includes a service catalog.It is available in a wide range of delivery
models, including traditional install, Software-as-a-service, and virtual
This webinar will cover some of the innovative new features in Control
Desk that allow it to "automate ITIL at cloud speed" and extend the
management to smarter physical infrastructures.Learn More
About The Speakers:
CJ Paul, Senior Technical Staff Member and Chief Architect, IBM IT
Service Management Solutions
Chris Dittmer, Worldwide Sr. Market Manager, IBM Tivoli IT Service
Rich Johnston, Product Manager, Tivoli Change and Configuration
Management Database, IBM SmartCloud Control Desk
The Official Tivoli User Community is the largest online and offline
organization of Tivoli professionals in the world – home to over 160 local User
Communities and dozens of virtual/global groups from 29 countries – with more
than 26,000 members. The TUC community offers Users blogs and forums for
discussion and collaboration, access to the latest whitepapers, webinars,
presentations and research for Users, by Users and the latest information on
Tivoli products. The Tivoli User Community offers the opportunity to
learn and collaborate on the latest topics and issues that matter most.
Membership is complimentary. Join NOW!
It was great to be back at Infosec, with a very colourful IBM booth, that clearly stands out from the crowd! We had four sessions during the day, and below are the key points that I thought were raised.
Our first session was given by Robert Freeman, Manager of X-Force Advance Research Strategy, on The Advanced Persistent Threat in 2012, who opened by talking to the audience about the role of the X-Force team at IBM. He spoke about how 2011 was the year of the security breach, and went into some specific, well known examples that made it into the news during the year. Robert then talked to the audience about who is actually attacking our networks - attacker types and techniques based on the X-Force research, be it off the shelf versus sophisticated attacks, broad versus targeted, financially motivated, state sponsored, or all out cyber war!
Robert used the analogy of in past it was dumpster diving - looking through someone's trash, now its breaking into a computer network & attacking - attackers are now more and more stealthy and stay as long as possible. Web browsers & their plug ins continue to be the largest category of client side vulnerabilities. He said that unfortunately there are no perfect detections methods, but every detection is a win. He also urged the audience to not just put the fire out and go back to work, if it has gone too quiet then you are missing attacks.
The next IBM session was given by Steve Durkin, who joins IBM from our recent acquisition of Q1 labs, whose session was titled “providing your business, total security intelligence”. Steve Durkin opened the session by talking about Security and Information Event Management or SIEM for short! He wanted the audience to understand that SIEM leads to actionable and comprehensive insight into their security infrastructure. He also took the audience through the industry examples of attacks on businesses we have all seen in the press during the last few years. Steve spoke about the four domains or pillars that IBM see as forming a comprehensive IT Security – People, Data, Applications and Infrastructure - if you have got all four areas covered you've cracked it. He then explained that Q1 labs products should been seen as the glue that hold all of these together. Steven urged that internal threats are just as dangerous as external ones. He wanted the audience to ask themselves if they have taken the best steps to protect against these.
Steve then took the audience through some Q1 case studies – such as the work they did at Chevron Oil (more info about you can find out about on the Q1 website). He talked about how the Q1 labs product can help pull all information together and analyse it, to show you where the vital attacks are taking place, what's being hit and impact it will have. He gave a few more product examples and suggested if the audience were interested they should start small and add functionality using normal software updates, the products are simple and quick to deploy, on one pane of glass.
Vijay Dheap was next up for IBM, who talked to the audience about Securing Mobile Devices in the Enterprise. He gave some very interesting stats, such as in 2011 sales of smart phones surpassed that of PCs, soon they will dwarf the sales of PC, by 2015 40% of Enterprise devices will be mobile devices – (an IBM projection) and 50% of all apps send device information or personal details. Social norms are now different - mobile devices used in way more locations, mobile devices shared more often, and user experience is prioritised. He continued by talking about how apps now push the boundaries of collaborations, but unfortunately leave you open to attacks. He urged the audience to have visibility to what mobile devices are connected to their corporate network and be reactive, be responsive, and be transparent.
Vijay explained that lost devices are still top of CSO worries, they want to know things such as how to selectively wipe the device central and how to be 100% compliant. Vijay finished by speaking about the various Mobile Device Management products and services IBM have – all of which you can find out more about on the IBM website.
Our final session of the day was given by Simon Smith who presented on Infrastructure Protection - Towards an Optimised Security Position. He talked about how IBM is keen to usher in new era of security intelligence. He then took the audience through what he saw where the different stages companies are at when it comes to IT Security, asking the audience to share where they thought they were in the journey. He first discussed what “basic” security looks like: point solutions, stand alone products & deployments, different solutions for every problem block and prevent attacks, and analysis is mostly manual & reactive.
Simon then looked at what would constitute as “proficient” security – such as - further data feeds, introduce decision making based on knowledge of assets, greater investigative capability, still large amounts of manual involvement, and analysis and investigation is largely manual.
He then looked at the final stage, “optimised security”, where there is enriched data and increased information such as from - Asset database Vulnerability assessment tools Server logs App logs Security logs
This is combined with correlation and analytics, alerts based on predefined rules and information, auto analysis and assessment reports and alerts. Simon closed by saying there are no absolutes, no scoring systems, you should look at where we are and your aspirations.
Simon mentioned that there will be new product announcements tomorrow morning, so be sure to follow me @RSwindell and @IBMSecurity to find out what they are! #
The conference aimed to help those working in the public sector,
specifically addressing the problem of improving “services whilst managing with reduced budgets”. The sessions looked into
how the need for a greater flexibility of work styles, has created “new ways of
working” that mean work can be carried out “anytime and anywhere”.
previously attended the fantastic Government Property event run by the same
company (Public Sector Connect) I was sceptical about whether this event could
live up to the high standard they had set. I needn’t have worried! The sessions
were highly educational and
enlightening. This blog will cover what I thought were the key learning’s from
the day – so I hope you find it interesting.
The plenary session
was opened by Colin Mair, Chief Exec of Improvement Services, who discussed the
theme of why we need “New Ways of Working” and what it means. He spoke about
the need to manage resource constraints, decrease overheads, increase flexibility
and optimise capacity through sharing services, all the while meeting the public’s
expectations, and increasing the value of the public pound in Scotland.
Next up was Derek MacKay – the minister for local government
& planning, who wanted the audience to remember that the current budget
costs should not be seen as restrictive but
instead should be viewed as an impetus for change. He continued that if we continued to do what
we have always done, we will get what we have always got. He emphasised the need for joint, collaborative
working. Derek talked about the four
pillars of Public Sector reform – prevention, closer integration and partnership,
improved performance and a workforce focus. There is a new for “radical change”,
alongside job security. He spoke about
how successful reform is dependent upon managing the culture within and between
organisations, which is part of the mantra of “working smarter”. Other things that would come under this
umbrella include flexibility, new technology, new office designs, and co-location,
all being implemented with an open mind. He concluded by saying there were “big
challenges ahead, but immense opportunities too”.
The next plenary speaker was John McClelland CBE - Scottish
Further & Higher Funding Council, who talked about how these new ways of working
must be citizen driven, but unfortunately
this is not always the case. These changes should be “pull and not push”, and
the public sector has the opportunity to reset the bar. John talked about the need for online
services, and how it is growing exponentially, and these services have to be
seamless. He spoke about how, from an
adoption of new technologies point of view, a lot more could be done, for
instance in Cloud Computing. The deployment of ICT, with the exception of the
health service, has been disappointing, with very little sharing of services
and deployment. John thought there needs
to be a paradigm shift in doing things differently. ICT should be seen as a productivity tool to
save more and work more efficiently.
John was followed by Colin Proctor, director of Scottish
Futures Trust, continued discussing the theme of new ways of working, stating
that we now have a window of opportunity to push the boundaries, and it is a
time for accountability. Property should
be a major consideration; we should
be aiming to do more – with less property.
He believed that a 25% reduction in property is readably achievable,
especially if the public sector can leverage investment in buildings from the
private sector. Colin talked about the 3
Cs – Corporate, Collaborative and Commercial, which he mixed with another C –
Commonsense! He talked about thinking
about the long term game, and the need to act strategically. He urged the audience to think about a move to
open working and efficient space planning by eliminating duplicate desks and space hungry and inflexible systems (incidentally all of which IBM can help you
with, by using the Tririga platform!!) . He concluded by talking about the
need for employees to be able to work anytime, anyplace and anywhere, which
means a wider home and mobile working team. He suggested 10 desks to 8 people
ratio as a starting point. This will
save costs in business miles savings, time spending commuting and reduce carbon
Dr Claire Penny ran the IBM work session to a packed room. She wanted to address the question of whether
ICT is a “help of hindrance”. Claire
began by looking at the iGov survey, which looked at real estate management
challenges and pain points, in which 54% of central government respondents did
NOT see ICT as an inhibitor to realising property savings. She took the
audience through IBMs’ real estate history – especially looking at the acquisitions
we have made such as Tririga and MRO. Claire continued by looking at how IBM has
approached its own real estate transformation, working towards common systems
and process and minimal vacancy. She gave the recent West London strategic rationalisation
project as an example of where IBM have identified 12, 500 m² of office space
that could be vacated.
Claire continued by talked about how important data is when thinking about
Smarter Buildings, and how IBMs Intelligent Building Management software can
help, which she described as “the all seeing eye that enables you to maintain
your buildings as they should be”. She
gave the example of how IBM has implemented this at IBM’s Rochester site, which
saw energy cost reductions of between 5 to 7% consistently year on year.
Claire finished the session by looking at the capabilities of IBMs
latest Smarter Buildings acquisition – Tririga. This product is split into modules of – Real
Estate Portfolio Mgmt, Space & Facilities Mgmt, Operations &
Maintenance Mgmt, Capital Project Mgmt and Energy & Environmental Sustainability.
These modules can be implemented separately, or part of a complete IWMS. Claire
concluded the session by discussing what some of IBMs clients are using Tririga
for – the main points being – improving the utilisation of their portfolio,
operate in an environmentally sustainable way, simplify & improve user
experience, simplify processes, & align their portfolio rapidly to meet
changing business needs. She gave the example of GE, who reportedly save $925M
in the first four years of using the product!
The final session was a panel debate – which included IBM’s Dr Claire
Penny, Mark Baker – Aberdeenshire Council, Harjinder Gharyal & John Dawson – Glasgow City Council, and was led
bySimon Haston, Change
Champion: Improvement Service.
Lots of interesting
questions were asked by the audience, all around the theme of new ways of
working. Claire specifically spoke about how IBM approaches flexible working, whilst
still maintaining important security standards for our mobile devices. The
question was posed, what are the critical success factors for new ways of
working? Many interesting opinions given, with our expert explaining she
thought leadership and a clear strategy were key.
If you are
interested in learning more why not come to Pulse Comes To You on 30th May at
The Grange, Tower Hill – where our customers & prospects can learn more
about the entire Tivoli portfolio. Please register here - http://ibm.co/JgmnZD.
It’s now just one week until the biggest security
event of the year – Infosec!! Once again IBM will be attending, this year we
will be giving NINE speaking sessions.
Note Session -
Presentation Title: 2011 was the year of the
Security Breach...what are the security & risk trends for 2012? Speaker:
Robert Freeman, Manager, X-Force Advanced ResearchStrategy, IBM Theatre: Technical Theatre Date: 26/04/2012 Time: 12:00
over the three days:
Workshop Title: The Advanced Persistent Threat in
- Robert Freeman, Manager, X-Force Advanced Research Strategy, IBM
- In years past, there was a common misperception that Advanced Persistent
Threat (APT) was just a problem for governments and government contractors. In 2011,
there were many high-profile security breaches that were influential in
affecting this misperception. Organizations of different sizes and focus areas
face the threat of operationally sophisticated, targeted attacks to their
computer networks. These attacks are amongst the greatest challenges facing
network security professionals and researchers alike. To meet this challenge,
IBM X-Force thinks it is important to consider new perspective and approaches
to network hardening, breach detection and incident response. One needs to
think beyond thinking like an attacker and see it as the game that it is. We
have been on the forefront of understanding these threats and this talk will
provide updated information from IBM X-Force on this threat and the mindset required
to meet the APT challenge.
Workshop Title: Providing Your Business, Total
Speaker: Steve Durkin, EMEA Channels Director at Q1
Labs, an IBM Company
Synopsis: As the world becoming more digitised and
interconnected, more doors are being opened to emerging threats and leaks.
Security is needed to be made a top concern, from the boardroom down. A report
published by Verizon on Business Data Breaches in 2011, found that 48% of total
data breaches were caused by insiders and 48% of breaches involved a misuse of
an insider’s privileges. All organisations, no matter the size or industry,
need to put security first, allowing for the analysis of people, data,
applications and infrastructure to be carried out easily and intelligently and
providing instant information and visibility into business risks.
Securing Mobile Devices in the Enterprise
Speaker: Vijay Dheap, Security Systems Product
Manager - IBM Mobile Security Solutions
Synopsis: Enterprises want to fully capitalise on
the business value of mobility but still have significant concerns about the
security implications. To address these
challenges, mobile security needs to be viewed and understood holistically from
securing the device and the data on the device to secure access to enterprise
systems and application security. In
this session we will highlight the spectrum of requirements that Mobile
Security covers, describe how some organisations have gotten started and
introduce the concept of mobile security intelligence. Given the innate dynamic nature of mobility,
an intelligent, adaptable mobile security solution is required to provide an
enterprise with the necessary visibility, and control in managing threats and
risks without degrading user experience.
Workshop Title - Infrastructure Protection - Towards an Optimised
Speaker - Simon Smith, CISSP - Client Technical Professional, IBM Security
Synopsis - As the nature of the threat to business
changes it is important that companies review their position with regard to
security and particularly how mature their detection and prevention
capabilities are. This session looks at
some of the technology that can be used for Infrastructure protection and how
this might be integrated with other systems and data sources to provide a more
optimised solution. We will discuss the
way that a company can move from a basic security position, through proficient
and finally to optimised, giving the capability to be pre-emptive with
protection and use Security Intelligence and Analytics to provide better
protection and thus stay ahead of the threat.
Workshop Title: Application Security Hacking 101
John Smith - IBM Application Security Specialist
Synopsis: Despite a decreased share of the
vulnerability disclosures in 2011 (X-Force
Trends and Risks report, 2011) Web Application
vulnerabilities still represent the single largest category of issues. This
session will examine some of the common types of attacks and show how they work
and how to defend against them.
Workshop Title: Integrated,
Intelligent Security Analytics for the Enterprise
Speaker(s): Rob Ford - Architect - IBM Security
Services, Global OM&D
Jef Gielkens - Managed Security Services Executive,
Europe IBM Security Services
a hyper-connected era can we ever achieve strong security? The answer is yes,
but it requires some fundamental changes on how information and events are
aggregated from the enterprise. The very strengths of these interconnected
networks — their speed and openness, the easy access anywhere on the globe —
also create a myriad of vulnerabilities. This session focuses on how you can
enhance the levels of security intelligence and visibility provided by your
existing security infrastructure, by leveraging the benefits of Security
focused Cloud Based Data Analytics and protection technologies, in an efficient
We will also have a smoothie bar on the stand (F40), so if you are attending, why not
come along to the stand at grab a FREE refreshing fruit drink! You will also
get the chance to talk one on one with our many experts – perhaps getting a
demo of our latest products/solutions, use our Touchscope technology to browse
key IBM Security pieces of collateral, or check out our Tweetwally, which will
show all the twitter conversations during the day.
To join in our Twitter activity on the day – please
use #infosec12 with #IBM. You can
follow me @RSwindell, or our main
security account @IBMSecurity.
Several of our security experts are on Twitter –
John Paul Ballerini - @jpballerini, Bharat Bhusan - @_bharat_, Tom Mellow -
@vintage1951, Glenn Ambler - @gambler2073, Marc Van Zadelhoff - @mvzadel and
Nick Coleman - @teamsecurity. Darren Argyle - @D_Argyle
One of the experts – Vijay Dheap (@dheap) -
recently shared his views with me, on what he saw the main topics of
conversation at the event being. With many organisations needing to for address
the speed of mobile adoption in the workplace, what their options are and how
to get started. He added that the most mature organizations have one or more
solutions deployed and trying to be more proactive in designing their security
posture – of course all of which our IBM experts at the event would be able to
Vijay also has a blog that I am sure you would find
interesting - http://ow.ly/aj7Z9
If you are not attending the event, but keen to
speak to IBM about their sessions, then please visit –email me at firstname.lastname@example.org and I will be happy to send the decks to you,
and put you in touch with one of our experts!
We also have Pulse Comes To You on 30th May at The
Grange, Tower Hill – where our customers & prospects can learn more about
the entire Security Systems and Tivoli division. Registration is now open at - http://ow.ly/aiP1C
No trouble spotting the biggest news in
service management this week – with COBIT 5 available. I guess with both ITIL
and COBIT having released new versions over the last 12 months, that should
tell us something about the SM industry. Mostly, I think it tells us that as a
concept and topic to take seriously, service management is not going away any
But I suspect we might reading more in the
next few weeks of the ‘should I do ITIL or COBIT’ type of question. That’s a
shame, because it is still not a sensible question. Both ITIL and COBIT are
expanding their scope of course and that means more and more overlap, but I
can’t – admittedly after quick glance through only –see where any real
Of course COBIT is still a product of ISACA
and it builds upon a philosophy of control and governance. ITIL initially came from
a team set up to advise on approach rather than massive detail and that still
shows even in the 2011 version I think. And I do still believe any serious SM
profession would have both on their (electronic) bookshelf, the way a good cook
will have books by more than one cookery author on their kitchen bookshelf.
Analysing the content, requirements and
fine print can come later – and will open us up to all sorts of interpretation
and contextual adjustment. But some things hit you straight away. The core
COBIT product is available for free and takes up 685k of pdf file. The core
ITIL books cost around £300, weigh five kilos and/or take up 77.4MB of my hard
drive inside a fancy secure Adobe reader to make sure I don't pass them on to anyone
who hasn’t paid their £300. Now I know that there are lots more books around
the COBIT 5 core than give you more detail – and ISACA charges for those - but
still I must confess to liking the idea of free entry to the gig even if it
doesn’t get you that near the stage.
Putting a positive spin on the size
differential and the lack of real conflict, you can see that it shows how the
two products can be seen as complementary: COBIT’s distillation of what should
be done and structure with ITIL’s more wordy guidance.
And COBIT’s heritage shows through with several
pages on maturity assessment – great stuff for the ‘give me a number’ crew.
But maybe the most encouraging thing is the
differences that exist – the pretty clear realisation that frameworks aren’t competition
but different perspectives. Everyone in this business is really concentrating
on helping each other get better at delivering value to the customer. COBIT 5
will help so this is a good week.
Now all I need is a long flight somewhere to
give me peace and quiet to read it carefully.
Yesterday I was lucky enough to attend the UK launch of IBMs new
PureSystems & was involved in the Social Media taking place on the day. IBM
had announced the new system the day before, & a live webinar was held at
7pm GMT. This blog is slightly longer than my usual ones, but it was just such
an interesting day that I wanted to share all of my learning.
The UK launch event was extremely well attended, with every seat
in the auditorium filled. It was kicked off by Stephen Leonard, Chief Executive,
IBM UK, discussing the agenda for the morning & introducing the WW experts
that would be presenting a deeper dive of PureSystems later in the day.
Stephen spoke about the “New Era of Computing”, & the
emergence of a “number of phenomena” which are changing the world we live in.
Driving this change are the globalisation & digitalisation of the world.
This “digitalisation of the world gives us an opportunity to look at the
systems that make the world work in a different way”. Stephen continued to talk
about how, in computing terms, the traditional views of back & front office
tasks are no longer valid, & these two components are merging, it is now
difficult to see a real split.
He then talked about the shifting world of IT, & how it must be leveraged
to get the best business value. As IT
moves to the strategic centre of business the model must shift to smarter
computing, traditional models have to change, as they lack agility &
responsiveness. Smarter Computing means expertise have to be built into these
systems, not just into the individuals that run them, the systems need to be
able to predict what is going to occur.
Stephen then took the audience through two reports, one Forrester &
one IBM, both of which had some really interesting statistics. He summarised
the Forrester report by saying that the “realities of what businesses can
afford today, are far from what they require”. The IBM report did show though that only one
in five companies have broken the mould, & are using half of their budget
on IT innovation, meaning they can use advance technologies better than others,
& deploy new solutions & technologies a lot faster than others.
Stephen then introduced IBMs new breed of system, which HAD the
expertise built in, from 100000s of deployments all over world & coding
them into one system, meaning the system does it for you, so you can release
experts to the innovation of your IT. This is integrated by design, with all
the components tightly connection through engineering & NOT packaging. Finally,
the experience is simplified; expertise is consolidated into a single interface
& having only one number to call when you have an issue!
boxes were then unveiled by Tom Rosamilia (VP of Corporate Strategy) &
Marie Wieck (GM Application & Integration Middleware) to a rapturous
applause from the audience. Tom then took the audience through the first member
of the family – PureFlex – which is the base for PureApplications. He did a deeper dive into the components
Stephen had mentioned - about the built in expertise, the simplified experience
& the integration by design. Tom included some real client examples from a
bank, a manufacturing company, a retailer & a managed services company &
their forecasted savings, such as $2.6M savings in systems & OPEX costs,
$3.8M in software savings, 1 day or less to deploy new service which used to be
seven days & $2.8M lower IT costs.
Tom then took that audience through the anatomy of the new
systems, showing how it included one system for compute storage & systems
networking, a 4 chassis per rack scalable up to four racks, support for apps
across four operating environments & a secure start up for both physical &
virtual environments. Tom concluded his session included a demo of what he
termed a “four click deploy”.
Marie Wieck next took the audience through the other new member of the family –
the PureApplication System, & through how this new platform system is
“expert at optimally deploying & running apps in real time”. She talked
about how clients often struggle to “overcome barriers of time, cost &
risk”, & discussed the top causes for these project delays. Marie explained
to the audience how during the development of PureSystems, IBM wanted to look
at all aspects, including the management & the middleware, so clients can get
immediate benefit across the complete solution stack across the enterprise. Expertise
is built into the system, so best practice is capture from people who “deploy
the systems in complex environment & get them to scale”.
Marie went through a deeper dive of the three key components
mentioned by both Stephen & Tom, & how this was shown in the new
PureApplication system. This new systems will change buying patterns, you buy
it as if you would a piece of software, & can be up & running typically
within four hours (which was the target set to IBMs own development team). She
explained how the new system lets you capture your own expertise, add third
party apps of expertise & use IBM patterns of expertise throughout the
The panel session was led by Steven Leonard – & featured John
Schlesinger, Chief Enterprise Architect, Temenos, Philippe Forestier, Executive
Vice President, Global Affairs & Communities, Dassault Systems, Niall
Norton, CEO, Opennet, Simon Withers, Head of Product Development, SunGard &
George Thaw - Chief Operating Officer UKI – SAP. Each panel member introduced
themselves & gave their opinion on PureSystems & the difference it will
make to their business & customers. Niall even stating that this new system
was “the answer to our prayers”.
As part of the Social Media team, we were taking questions from
Twitter – from those in the room as well as watching on the live stream - for
the panel, using the #askstephen. We had several submitted & Stephen asked
two of these to the panel, who gave very extensive answers, which you can see
on the lives stream video recording now available (see link below).
After the main session, delegates were able to have one to one
meetings with IBM executives, giving them the opportunity to ask any questions &
give feedback on what they have heard & seen earlier on in the day.
You can also follow @IBMPureSystems for worldwide updates on this
fantastic new offering from IBM. You can
read more blogs from the experts about Pure Systems here – http://expertintegratedsystemsblog.com/.
Please follow me on Twitter @RSwindell; to see updates from other
events I am involved in this year & beyond!