Cloud & Service Management blog
ivor macfarlane 2700022KPS IVORMACF@uk.ibm.com Tags:  ibm ivor tivoli service-management itil 1,495 Visits
Noah Kuttler 110000SVNJ firstname.lastname@example.org Tags:  pulse cloud service-management pulse-2012 simulator ibmcloud 1,827 Visits
As you know, the team held a Cloud Service Management Simulator Workshop at Pulse 2012 and I was in the room for a portion of the session (look for me in the background at 1:03) and I know that the attendees had their eyes opened.
The team cut together a pretty cool trailer to give you an idea of what goes on at one of these simulator sessions.
If it looks like chaos, that's because there is a good bit of chaos in the process of role-playing the real-world interaction between IT and business when they are not aligned properly.
The goal is to keep the company profitable. That lasts for about 3 minutes...
But here's the thing. As the workshop progresses, the transformation occurs and balance is achieved (and money starts to be made).
Every service management practitioner should bring their co-workers to this workshop. It is an experience that will help drive your company towards innovation.
Watch the video to see what I mean, and for more information on the simulator, send an email to tivmktg [at] us [dot] ibm [dot] com.
Noah Kuttler 110000SVNJ email@example.com Tags:  puresystems cloud smartcloud tivoli service-management 2,467 Visits
The Expert Integrated Systems, IBM PureSystems being announced today is probably one of the most exciting solution announcements to hit our industry.
The New York Times wrote a very good piece on the announcement, "I.B.M. Aims to Sharply Simplify Corporate Data Center Technology"
Our own press team put together two releases. One about the announcement ("IBM Sets the Stage for the Next Era of Computing") and another around the 600 partners supporting this announcement worldwide ("Global IT Companies Support IBM Puresystems").
It's not hardware. It's not software. It's a new category of solution; expert integrated systems.
It's one of the "game changer" solutions that our customers have come to expect from IBM (and that our partners love). It's solving very specific problems that customers have on their road to innovation.
One of those problems is built-in expertise. This is a hardware and software solution that is integrated at levels you've not seen before on a solution; giving customers and partners a simplified user experience for implementation and maangement.
IBM SmartCloud & Tivoli
To that point, you'll notice IBM PureSystems has it's own end-to-end management capabilities specific to the solution.
It does. But, for broader management challenges, IBM SmartCloud and Tivoli software will extend the investment in that IBM PureSystems solution by providing Visibility. Control. Automation(tm) across the entire IT infrastructure.
Together with IBM SmartCloud and Tivoli software, IBM PureSystems will push customers to higher levels of efficiency with their service management practice.
As you talk to your IBM sales rep or your business partner, ask them about IBM SmartCloud & Tivoli software with IBM PureSystems for your entire infrastructure and service management.
Noah Kuttler 110000SVNJ firstname.lastname@example.org Tags:  cloud openstack smartcloud open-standards 2 Comments 9,552 Visits
Our General Manager, Dr. Danny Sabbah, framed cloud computing perfectly in his keynote address at Pulse 2012.
When you think of the levels of innovation you are required to give to the business, cloud is the right technology to do it.
Since the Cloud lives on the Internet, which is built upon the "bricks" of open standards, it should not surprise you that there is a drive to an ubiquitous Infrastructure as a Service (IaaS) open source cloud computing platform for public and private clouds.
In October 2011, my neighbors to the South at Rackspace founded the OpenStack Foundation.
Today, IBM is announcing that we will be joining the OpenStack Foundation as Platinum-level sponsors along with AT&T, Canonical, HP, Nebula, Rackspace, Red Hat and SUSE.
The OpenStack Foundation has a great blog post that covers what's happening today and what the next steps will be.
This is the start of a very exciting future for cloud computing and of course there will be more news coming from the OpenStack Foundation in the weeks to come at events like the OpenStack Design Summit & Conference in San Francisco on April 16-20 and IBM Impact in Las Vegas on April 29 - May 4.
To close out this post, I thought I'd embed the keynote mentioned above. Worth a watch if you haven't seen it since nobody explains the importance of cloud better than Danny.
Rebecca Swindell 270003U1MK REBECCA.SWINDELL@UK.IBM.COM Tags:  new_ways_of_working public_sector facilities_management claire_penny tririga iibm 1,280 Visits
Less than five days to go until IBM are exhibiting and speaking at the New Ways of Working – Scotland event run by Public Sector Connect, at the Radisson Blu hotel in Glasgow - http://newwaysscot2012.publicsectorconnect.org/
The conference aims to help those working in the public sector, specifically addressing the problem of improving “services whilst managing with reduced budgets”. The sessions will look into how the need for a greater flexibility of work styles, has created “new ways of working” that mean work can be carried out “anytime and anywhere”. The benefits of these new styles of working will also be explored, such as boosting morale within the organisation and aiding employee retention, offering a wider variety of services, improving efficiencies in the provision of those services and reducing and consolidating the property portfolio, which is the second biggest cost to an organisation.
As such IBM will be discussing our Smarter Buildings and Flexible Working initiatives.
If you are attending the event, please make sure to come and listen to the IBM Smarter Buildings experts at 13:30. Claire Penny will deal with the question “ICT – Help or Hindrance?” The session will cover the 2011, UK Public Sector Property, Estates & FM Survey Report which provided great insight into the challenges facing Public Sector property managers – and what they were doing about tackling them. Challenges ranged from balancing operational requirements, with the need to demonstrate value for taxpayers’ money, to the need to manage Public Sector assets efficiently.
You can also talk to our experts by coming to stand 12, where we will be happy to take you through a demo of Tririga, or IIBM, and discuss the current road map with you.
Please follow us throughout the day on @ibmtivoli or @RSwindell, and join in the conversation using #nwowscotland
If you are not attending the event, but keen to speak to IBM about the session highlighted above, then please visit – www.ibm.com/smarterbuildings, email email@example.com or call on IBM on 01475898688.
Come back after the event to see what we thought were the highlights from the event!!!
Rebecca Swindell 270003U1MK REBECCA.SWINDELL@UK.IBM.COM Tags:  marie_wieck tom_rosamilia pureflex puresystems pureapplications stephen_leonard ibm 1,729 Visits
Yesterday I was lucky enough to attend the UK launch of IBMs new PureSystems & was involved in the Social Media taking place on the day. IBM had announced the new system the day before, & a live webinar was held at 7pm GMT. This blog is slightly longer than my usual ones, but it was just such an interesting day that I wanted to share all of my learning.
The UK launch event was extremely well attended, with every seat in the auditorium filled. It was kicked off by Stephen Leonard, Chief Executive, IBM UK, discussing the agenda for the morning & introducing the WW experts that would be presenting a deeper dive of PureSystems later in the day.
Stephen spoke about the “New Era of Computing”, & the
emergence of a “number of phenomena” which are changing the world we live in.
Driving this change are the globalisation & digitalisation of the world.
This “digitalisation of the world gives us an opportunity to look at the
systems that make the world work in a different way”. Stephen continued to talk
about how, in computing terms, the traditional views of back & front office
tasks are no longer valid, & these two components are merging, it is now
difficult to see a real split.
Stephen then took the audience through two reports, one Forrester & one IBM, both of which had some really interesting statistics. He summarised the Forrester report by saying that the “realities of what businesses can afford today, are far from what they require”. The IBM report did show though that only one in five companies have broken the mould, & are using half of their budget on IT innovation, meaning they can use advance technologies better than others, & deploy new solutions & technologies a lot faster than others.
Stephen then introduced IBMs new breed of system, which HAD the
expertise built in, from 100000s of deployments all over world & coding
them into one system, meaning the system does it for you, so you can release
experts to the innovation of your IT. This is integrated by design, with all
the components tightly connection through engineering & NOT packaging. Finally,
the experience is simplified; expertise is consolidated into a single interface
& having only one number to call when you have an issue!
Tom then took that audience through the anatomy of the new
systems, showing how it included one system for compute storage & systems
networking, a 4 chassis per rack scalable up to four racks, support for apps
across four operating environments & a secure start up for both physical &
virtual environments. Tom concluded his session included a demo of what he
termed a “four click deploy”.
Marie went through a deeper dive of the three key components mentioned by both Stephen & Tom, & how this was shown in the new PureApplication system. This new systems will change buying patterns, you buy it as if you would a piece of software, & can be up & running typically within four hours (which was the target set to IBMs own development team). She explained how the new system lets you capture your own expertise, add third party apps of expertise & use IBM patterns of expertise throughout the system.
The panel session was led by Steven Leonard – & featured John Schlesinger, Chief Enterprise Architect, Temenos, Philippe Forestier, Executive Vice President, Global Affairs & Communities, Dassault Systems, Niall Norton, CEO, Opennet, Simon Withers, Head of Product Development, SunGard & George Thaw - Chief Operating Officer UKI – SAP. Each panel member introduced themselves & gave their opinion on PureSystems & the difference it will make to their business & customers. Niall even stating that this new system was “the answer to our prayers”.
As part of the Social Media team, we were taking questions from Twitter – from those in the room as well as watching on the live stream - for the panel, using the #askstephen. We had several submitted & Stephen asked two of these to the panel, who gave very extensive answers, which you can see on the lives stream video recording now available (see link below).
After the main session, delegates were able to have one to one meetings with IBM executives, giving them the opportunity to ask any questions & give feedback on what they have heard & seen earlier on in the day.
This blog is simply my main take homes from the event. For much more detail you should definitely watch the live stream video that was recorded (it’s well worth an hour of your time) – please visit www.livestream.com/ibmuk or go to the new YouTube channel for various new videos – www.youtube.com/http://www.youtube.com/expertintegratedsys.
You can also follow @IBMPureSystems for worldwide updates on this fantastic new offering from IBM. You can read more blogs from the experts about Pure Systems here – http://expertintegratedsystemsblog.com/.
Please follow me on Twitter @RSwindell; to see updates from other events I am involved in this year & beyond!
ivor macfarlane 2700022KPS IVORMACF@uk.ibm.com Tags:  ibm itil cobit tivoli service-management ivor itsmf 1,540 Visits
No trouble spotting the biggest news in service management this week – with COBIT 5 available. I guess with both ITIL and COBIT having released new versions over the last 12 months, that should tell us something about the SM industry. Mostly, I think it tells us that as a concept and topic to take seriously, service management is not going away any time soon.
But I suspect we might reading more in the next few weeks of the ‘should I do ITIL or COBIT’ type of question. That’s a shame, because it is still not a sensible question. Both ITIL and COBIT are expanding their scope of course and that means more and more overlap, but I can’t – admittedly after quick glance through only –see where any real conflict.
Of course COBIT is still a product of ISACA and it builds upon a philosophy of control and governance. ITIL initially came from a team set up to advise on approach rather than massive detail and that still shows even in the 2011 version I think. And I do still believe any serious SM profession would have both on their (electronic) bookshelf, the way a good cook will have books by more than one cookery author on their kitchen bookshelf.
Analysing the content, requirements and fine print can come later – and will open us up to all sorts of interpretation and contextual adjustment. But some things hit you straight away. The core COBIT product is available for free and takes up 685k of pdf file. The core ITIL books cost around £300, weigh five kilos and/or take up 77.4MB of my hard drive inside a fancy secure Adobe reader to make sure I don't pass them on to anyone who hasn’t paid their £300. Now I know that there are lots more books around the COBIT 5 core than give you more detail – and ISACA charges for those - but still I must confess to liking the idea of free entry to the gig even if it doesn’t get you that near the stage.
Putting a positive spin on the size differential and the lack of real conflict, you can see that it shows how the two products can be seen as complementary: COBIT’s distillation of what should be done and structure with ITIL’s more wordy guidance.
And COBIT’s heritage shows through with several pages on maturity assessment – great stuff for the ‘give me a number’ crew.
But maybe the most encouraging thing is the differences that exist – the pretty clear realisation that frameworks aren’t competition but different perspectives. Everyone in this business is really concentrating on helping each other get better at delivering value to the customer. COBIT 5 will help so this is a good week.
Now all I need is a long flight somewhere to give me peace and quiet to read it carefully.
Rebecca Swindell 270003U1MK REBECCA.SWINDELL@UK.IBM.COM Tags:  john_paul_ballerini pulse gpj tweetwally xforce vijay_dheap touchscope marc_van_zadlehoff infosecurity pcty 3,564 Visits
It’s now just one week until the biggest security event of the year – Infosec!! Once again IBM will be attending, this year we will be giving NINE speaking sessions.
Our Key Note Session -
Presentation Title: 2011 was the year of the
Security Breach...what are the security & risk trends for 2012?
Workshops over the three days:
Workshop Title: The Advanced Persistent Threat in 2012
Speaker - Robert Freeman, Manager, X-Force Advanced Research Strategy, IBM
Synopsis - In years past, there was a common misperception that Advanced Persistent Threat (APT) was just a problem for governments and government contractors. In 2011, there were many high-profile security breaches that were influential in affecting this misperception. Organizations of different sizes and focus areas face the threat of operationally sophisticated, targeted attacks to their computer networks. These attacks are amongst the greatest challenges facing network security professionals and researchers alike. To meet this challenge, IBM X-Force thinks it is important to consider new perspective and approaches to network hardening, breach detection and incident response. One needs to think beyond thinking like an attacker and see it as the game that it is. We have been on the forefront of understanding these threats and this talk will provide updated information from IBM X-Force on this threat and the mindset required to meet the APT challenge.
Workshop Title: Providing Your Business, Total Security Intelligence
Speaker: Steve Durkin, EMEA Channels Director at Q1 Labs, an IBM Company
Synopsis: As the world becoming more digitised and interconnected, more doors are being opened to emerging threats and leaks. Security is needed to be made a top concern, from the boardroom down. A report published by Verizon on Business Data Breaches in 2011, found that 48% of total data breaches were caused by insiders and 48% of breaches involved a misuse of an insider’s privileges. All organisations, no matter the size or industry, need to put security first, allowing for the analysis of people, data, applications and infrastructure to be carried out easily and intelligently and providing instant information and visibility into business risks.
Workshop Title: Securing Mobile Devices in the Enterprise
Speaker: Vijay Dheap, Security Systems Product Manager - IBM Mobile Security Solutions
Synopsis: Enterprises want to fully capitalise on the business value of mobility but still have significant concerns about the security implications. To address these challenges, mobile security needs to be viewed and understood holistically from securing the device and the data on the device to secure access to enterprise systems and application security. In this session we will highlight the spectrum of requirements that Mobile Security covers, describe how some organisations have gotten started and introduce the concept of mobile security intelligence. Given the innate dynamic nature of mobility, an intelligent, adaptable mobile security solution is required to provide an enterprise with the necessary visibility, and control in managing threats and risks without degrading user experience.
Workshop Title - Infrastructure Protection - Towards an Optimised Security Position
Speaker - Simon Smith, CISSP - Client Technical Professional, IBM Security Systems
Synopsis - As the nature of the threat to business
changes it is important that companies review their position with regard to
security and particularly how mature their detection and prevention
capabilities are. This session looks at
some of the technology that can be used for Infrastructure protection and how
this might be integrated with other systems and data sources to provide a more
optimised solution. We will discuss the
way that a company can move from a basic security position, through proficient
and finally to optimised, giving the capability to be pre-emptive with
protection and use Security Intelligence and Analytics to provide better
protection and thus stay ahead of the threat.
Workshop Title: Application Security Hacking 101
Speaker: John Smith - IBM Application Security Specialist
Synopsis: Despite a decreased share of the vulnerability disclosures in 2011 (X-Force
Trends and Risks report, 2011) Web Application vulnerabilities still represent the single largest category of issues. This session will examine some of the common types of attacks and show how they work and how to defend against them.
Workshop Title: Integrated, Intelligent Security Analytics for the Enterprise
Speaker(s): Rob Ford - Architect - IBM Security Services, Global OM&D
Jef Gielkens - Managed Security Services Executive, Europe IBM Security Services
Synopsis: In a hyper-connected era can we ever achieve strong security? The answer is yes, but it requires some fundamental changes on how information and events are aggregated from the enterprise. The very strengths of these interconnected networks — their speed and openness, the easy access anywhere on the globe — also create a myriad of vulnerabilities. This session focuses on how you can enhance the levels of security intelligence and visibility provided by your existing security infrastructure, by leveraging the benefits of Security focused Cloud Based Data Analytics and protection technologies, in an efficient manner.
We will also have a smoothie bar on the stand (F40), so if you are attending, why not come along to the stand at grab a FREE refreshing fruit drink! You will also get the chance to talk one on one with our many experts – perhaps getting a demo of our latest products/solutions, use our Touchscope technology to browse key IBM Security pieces of collateral, or check out our Tweetwally, which will show all the twitter conversations during the day.
To join in our Twitter activity on the day – please use #infosec12 with #IBM. You can follow me @RSwindell, or our main security account @IBMSecurity.
Several of our security experts are on Twitter – John Paul Ballerini - @jpballerini, Bharat Bhusan - @_bharat_, Tom Mellow - @vintage1951, Glenn Ambler - @gambler2073, Marc Van Zadelhoff - @mvzadel and Nick Coleman - @teamsecurity. Darren Argyle - @D_Argyle
One of the experts – Vijay Dheap (@dheap) - recently shared his views with me, on what he saw the main topics of conversation at the event being. With many organisations needing to for address the speed of mobile adoption in the workplace, what their options are and how to get started. He added that the most mature organizations have one or more solutions deployed and trying to be more proactive in designing their security posture – of course all of which our IBM experts at the event would be able to help with.
Vijay also has a blog that I am sure you would find interesting - http://ow.ly/aj7Z9
If you are not attending the event, but keen to speak to IBM about their sessions, then please visit –email me at firstname.lastname@example.org and I will be happy to send the decks to you, and put you in touch with one of our experts!
We also have Pulse Comes To You on 30th May at The Grange, Tower Hill – where our customers & prospects can learn more about the entire Security Systems and Tivoli division. Registration is now open at - http://ow.ly/aiP1C
Rebecca Swindell 270003U1MK REBECCA.SWINDELL@UK.IBM.COM Tags:  colin_proctor pulse mark_baker smarter_buildings iibm john_mcclelland trirgia public_sector_connect claire_penny derek_mackay colin_mair 3,314 Visits
On Tuesday IBM were Sponsors at the New Ways of Working, Scotland event, at the Radisson Blu Hotel in Glasgow- http://newwaysscot2012.publicsectorconnect.org/.
The conference aimed to help those working in the public sector, specifically addressing the problem of improving “services whilst managing with reduced budgets”. The sessions looked into how the need for a greater flexibility of work styles, has created “new ways of working” that mean work can be carried out “anytime and anywhere”.
Having previously attended the fantastic Government Property event run by the same company (Public Sector Connect) I was sceptical about whether this event could live up to the high standard they had set. I needn’t have worried! The sessions were highly educational and enlightening. This blog will cover what I thought were the key learning’s from the day – so I hope you find it interesting.
The plenary session was opened by Colin Mair, Chief Exec of Improvement Services, who discussed the theme of why we need “New Ways of Working” and what it means. He spoke about the need to manage resource constraints, decrease overheads, increase flexibility and optimise capacity through sharing services, all the while meeting the public’s expectations, and increasing the value of the public pound in Scotland.
Next up was Derek MacKay – the minister for local government & planning, who wanted the audience to remember that the current budget costs should not be seen as restrictive but instead should be viewed as an impetus for change. He continued that if we continued to do what we have always done, we will get what we have always got. He emphasised the need for joint, collaborative working. Derek talked about the four pillars of Public Sector reform – prevention, closer integration and partnership, improved performance and a workforce focus. There is a new for “radical change”, alongside job security. He spoke about how successful reform is dependent upon managing the culture within and between organisations, which is part of the mantra of “working smarter”. Other things that would come under this umbrella include flexibility, new technology, new office designs, and co-location, all being implemented with an open mind. He concluded by saying there were “big challenges ahead, but immense opportunities too”.
The next plenary speaker was John McClelland CBE - Scottish Further & Higher Funding Council, who talked about how these new ways of working must be citizen driven, but unfortunately this is not always the case. These changes should be “pull and not push”, and the public sector has the opportunity to reset the bar. John talked about the need for online services, and how it is growing exponentially, and these services have to be seamless. He spoke about how, from an adoption of new technologies point of view, a lot more could be done, for instance in Cloud Computing. The deployment of ICT, with the exception of the health service, has been disappointing, with very little sharing of services and deployment. John thought there needs to be a paradigm shift in doing things differently. ICT should be seen as a productivity tool to save more and work more efficiently.
John was followed by Colin Proctor, director of Scottish Futures Trust, continued discussing the theme of new ways of working, stating that we now have a window of opportunity to push the boundaries, and it is a time for accountability. Property should be a major consideration; we should be aiming to do more – with less property. He believed that a 25% reduction in property is readably achievable, especially if the public sector can leverage investment in buildings from the private sector. Colin talked about the 3 Cs – Corporate, Collaborative and Commercial, which he mixed with another C – Commonsense! He talked about thinking about the long term game, and the need to act strategically. He urged the audience to think about a move to open working and efficient space planning by eliminating duplicate desks and space hungry and inflexible systems (incidentally all of which IBM can help you with, by using the Tririga platform!!) . He concluded by talking about the need for employees to be able to work anytime, anyplace and anywhere, which means a wider home and mobile working team. He suggested 10 desks to 8 people ratio as a starting point. This will save costs in business miles savings, time spending commuting and reduce carbon emissions.
Dr Claire Penny ran the IBM work session to a packed room. She wanted to address the question of whether
ICT is a “help of hindrance”. Claire
began by looking at the iGov survey, which looked at real estate management
challenges and pain points, in which 54% of central government respondents did
NOT see ICT as an inhibitor to realising property savings. She took the
audience through IBMs’ real estate history – especially looking at the acquisitions
we have made such as Tririga and MRO. Claire continued by looking at how IBM has
approached its own real estate transformation, working towards common systems
and process and minimal vacancy. She gave the recent West London strategic rationalisation
project as an example of where IBM have identified 12, 500 m² of office space
that could be vacated.
Claire finished the session by looking at the capabilities of IBMs latest Smarter Buildings acquisition – Tririga. This product is split into modules of – Real Estate Portfolio Mgmt, Space & Facilities Mgmt, Operations & Maintenance Mgmt, Capital Project Mgmt and Energy & Environmental Sustainability. These modules can be implemented separately, or part of a complete IWMS. Claire concluded the session by discussing what some of IBMs clients are using Tririga for – the main points being – improving the utilisation of their portfolio, operate in an environmentally sustainable way, simplify & improve user experience, simplify processes, & align their portfolio rapidly to meet changing business needs. She gave the example of GE, who reportedly save $925M in the first four years of using the product!
The final session was a panel debate – which included IBM’s Dr Claire Penny, Mark Baker – Aberdeenshire Council, Harjinder Gharyal & John Dawson – Glasgow City Council, and was led by Simon Haston, Change Champion: Improvement Service. Lots of interesting questions were asked by the audience, all around the theme of new ways of working. Claire specifically spoke about how IBM approaches flexible working, whilst still maintaining important security standards for our mobile devices. The question was posed, what are the critical success factors for new ways of working? Many interesting opinions given, with our expert explaining she thought leadership and a clear strategy were key.
If you are interested in learning more why not come to Pulse Comes To You on 30th May at The Grange, Tower Hill – where our customers & prospects can learn more about the entire Tivoli portfolio. Please register here - http://ibm.co/JgmnZD.
Rebecca Swindell 270003U1MK REBECCA.SWINDELL@UK.IBM.COM Tags:  xforce infosecurity q1_labs mobile_device_management robert_freeman siem 1,353 Visits
It was great to be back at Infosec, with a very colourful IBM booth, that clearly stands out from the crowd! We had four sessions during the day, and below are the key points that I thought were raised.
Our first session was given by Robert Freeman, Manager of X-Force Advance Research Strategy, on The Advanced Persistent Threat in 2012, who opened by talking to the audience about the role of the X-Force team at IBM. He spoke about how 2011 was the year of the security breach, and went into some specific, well known examples that made it into the news during the year. Robert then talked to the audience about who is actually attacking our networks - attacker types and techniques based on the X-Force research, be it off the shelf versus sophisticated attacks, broad versus targeted, financially motivated, state sponsored, or all out cyber war!
The next IBM session was given by Steve Durkin, who joins IBM from our recent acquisition of Q1 labs, whose session was titled “providing your business, total security intelligence”. Steve Durkin opened the session by talking about Security and Information Event Management or SIEM for short! He wanted the audience to understand that SIEM leads to actionable and comprehensive insight into their security infrastructure. He also took the audience through the industry examples of attacks on businesses we have all seen in the press during the last few years. Steve spoke about the four domains or pillars that IBM see as forming a comprehensive IT Security – People, Data, Applications and Infrastructure - if you have got all four areas covered you've cracked it. He then explained that Q1 labs products should been seen as the glue that hold all of these together. Steven urged that internal threats are just as dangerous as external ones. He wanted the audience to ask themselves if they have taken the best steps to protect against these.
Vijay Dheap was next up for IBM, who talked to the audience about Securing Mobile Devices in the Enterprise. He gave some very interesting stats, such as in 2011 sales of smart phones surpassed that of PCs, soon they will dwarf the sales of PC, by 2015 40% of Enterprise devices will be mobile devices – (an IBM projection) and 50% of all apps send device information or personal details. Social norms are now different - mobile devices used in way more locations, mobile devices shared more often, and user experience is prioritised. He continued by talking about how apps now push the boundaries of collaborations, but unfortunately leave you open to attacks. He urged the audience to have visibility to what mobile devices are connected to their corporate network and be reactive, be responsive, and be transparent.
Our final session of the day was given by Simon Smith who presented on Infrastructure Protection - Towards an Optimised Security Position. He talked about how IBM is keen to usher in new era of security intelligence. He then took the audience through what he saw where the different stages companies are at when it comes to IT Security, asking the audience to share where they thought they were in the journey. He first discussed what “basic” security looks like: point solutions, stand alone products & deployments, different solutions for every problem block and prevent attacks, and analysis is mostly manual & reactive.
This is combined with correlation and analytics, alerts based on predefined rules and information, auto analysis and assessment reports and alerts. Simon closed by saying there are no absolutes, no scoring systems, you should look at where we are and your aspirations.
Simon mentioned that there will be new product announcements tomorrow morning, so be sure to follow me @RSwindell and @IBMSecurity to find out what they are! #
If you would like copies of any of the presentations, please email be at email@example.com.
Come back tomorrow evening for my thoughts from day 2 of Infosecurity 2012!
TUC Webinar - April 26: Managing the Smarter Physical Infrastructure with the IBM SmartCloud Control Desk
Hope Ruiz 110000NU71 HRUIZ@US.IBM.COM Tags:  smarter_physical_infrastr... ibm_smartcloud tuc tivoli_user_community 863 Visits
TUC Webinar - come learn with us!
Spend the day in the cloud! This webinar is the hour followin
Rebecca Swindell 270003U1MK REBECCA.SWINDELL@UK.IBM.COM Tags:  application_security x-force rob_ford infosec rob_whitters simon_smith infosecurity john_smith q1-labs qradar 3,894 Visits
IBM had another great four speaking sessions today, and a colleague of mine -Lauren Mort (@Laurenmort2), joined me to help with our social media activities throughout the day. Below are the key points that Lauren and I thought were raised during the sessions.
Despite our first session being a report of the one given by Simon Smith yesterday, we still learnt some more interesting facts whilst he took the audience through the journey from basic, to proficient to a final state of optimised security (which you can see in more detail in our blog from yesterday - http://ibm.co/IoV9ju). Simon talked about how the optimisation needs to be the specific to the individual company, be it a large multinational bank or a 100 person company in the UK. A good security model can mean high levels of staff retention, because employees are able to be innovative on other projects, rather than having to deal with the daily struggle of keeping the network secure.
Simon spoke about how you need to start understanding what in your network is a normal state and what isn't a normal state in order to achieve the desired “optimised” state. The security needs to fit your business processes to ensure the maximum amount of availability on your systems. Simon finished by talking about how security needs to be built into the design, in an ideal world from the word go – which often is untenable, but it certainly should not just be a “bolt on”. Security is all about risk, and it’s the effective managing of this risk that can lead you to the desired “optimised” state.
The second session of the day was given by John Smith on application security hacking 101 – to a packed room of over 70 people! He opened the session by talking about the work of our X-Force team, who monitor 14b security events every day and produce an annual trends and risks report on what security breaches etc we have seen over the last 12 months. John talked to the audience about SQL injection attacks against web servers, and how they are on the rise - saying there must be a return for the attacker even if it is not at apparent at first. John told the audience that in 2011, 41% security vulnerabilities affected web apps – which is good news as that was down 8% from the previous years, and the lowest it’s been since 2005. This stat shows the organisations are taking the important steps needed to address this problem – by using products like IBMs AppScan!
John then continued the session by looking into XSS vulnerabilities, which still appear in 40% of app scans that IBM perform for companies – which he said was scary as they can so easily be addressed. John explained how injection flaws have “become the poster child of application security”. John then gave the audience an example of an XSS attack, and how much easily a lot of damage can be done, despite warning end users of such possibilities.
John closed the discussion by looking at black box (dynamic) analysis & white box (static) analysis, and gave examples of how these both work. He then offered all the audience a free demonstration of IBM AppScan on their own networks – which many of the audience took him up on!
Rob Ford and Jef Gielkens were next up for IBM, who gave a presentation on Integrated, Intelligent Security analytics for Enterprises. They talked about as the world is becoming more and more digitalised and interconnected, we are opening the door to emerging threats and more data leaks. They looked at four key components that we are currently seeing, all of which are affecting IT Security in some way – Data Explosion, Consumerisation of IT, Everything Everywhere and Attack Sophistication. Jef then looked at the different attacker types and techniques that we are now seeing, and how this is making security a board room discussion, be in affecting brand image, business results, supply chain, legal exposures, impact of hacktivism and audit risk.
Jef talked about how it is no longer enough just to protect the perimeter, silo point products are not enough to secure your enterprises, IBM is integrating across it silos with security intelligence solutions. He spoke about the X-Force protection systems – which is a purpose built, multi tenanted infrastructure designed to collect, aggregate, store, summarise and analyse data to derive the events of most interest.
Rob then took over and showed the audience the MSS architecture overview and how it can be used to optimise security intelligence. He looked into suspicious hosts and IP intelligence. He then took the audience through three use case scenarios – visibility despite encryption or obfuscation, identification of reconnaissance and infected websites. Jef wrapped up the session by stating that intelligent security solutions provide the DNA to secure a Smarter Planet.
Rob Whitters gave the final session of the day for IBM (entitled Next Generation SIEM in Action), who has just joined IBM through the acquisition of Q1 labs. Rob opened by giving a brief history of Q1 labs and his involvement with the company. He explained that Q1 labs solve customer problems with total security intelligence. He explained how they are able to help customers look at the threats on their networks, predict risks against the business, consolidate data silos and detect insider fraud. Rob spoke about how the product can be used to link context to what threats we are seeing on the network, where it’s from, which asset it is affecting, changes in network protocol etc and from this derive vulnerability data.
Rob then took
the audience through a demonstration of the QRadar product, looking at the
customisable dashboards, the role based permissions/access and various
workflows. He explained how QRadar allows you to get to the facts quickly and
the data allows you to be proactive, to do something intelligent with it. He closed by talking about some of the 1500
report templates available inbuilt in the product, that can be used to
demonstrate immediate value.
If you would like copies of any of the presentations, please email me at firstname.lastname@example.org.
Come back tomorrow evening for my thoughts from day 3 and
final overview of Infosecurity 2012!
Rebecca Swindell 270003U1MK REBECCA.SWINDELL@UK.IBM.COM Tags:  infosec ibm pulse xforce robert_freeman 1,297 Visits
ivor macfarlane 2700022KPS IVORMACF@uk.ibm.com Tags:  ivor itsm ibm tivoli best-practice itsmf service-management 1,426 Visits
For most of last week I was attending and – I hope – contributing to itSMF’s international publishing meeting. This was held in
Now, first a little background, just in case there is anyone who does not know what the itSMF is. The letters stand for IT Service Management Forum – and that sums it up quite well: a place for those interested in ITSM to talk, learn, teach, compare and discuss. Part of that communication naturally involves publication – and our group focuses on that – from reviewing others’ books through translation and dissemination to encouraging authoring and publishing books. Crucial to its attitudes and success, itSMF is a non-profit organisation, owned by its members.
OK, as you may imagine it is – as well as serious working meeting – a chance to catch up with friends and colleagues of the ITSM global village. And the active ITSM community really is like a village, except that it spread across some 50 countries – we have all the relationships that you would expect: friends, enemies and lots in between.
All of us have our day jobs, many of us
working for cut-throat competitors but that all gets set aside and we settle
back into our ‘all in this together’ mode. One of things that I came back from
That makes the non-profit member owned organisations a lot like government – and like governments today we are strapped for cash. These are hard times and no-one has much in the way of spare money. But we still strive to fight against what would be a sensible approach for an organisation focused on shareholder value. We still need to deliver what the ‘right things’. From our publishing perspective it would be tempting to look only at safe books – rearranging established best practice into easier, shorter or simpler reads. Instead though, everyone at our meeting sees that we need a focus on innovation and stretching our industry.
Of course we need to be financially successful with enough of our projects, and we have work to do on building a firm base to take ourselves – and our industry – forwards. But I am proud that the books we have already managed to publish contain real industry innovations and new perspectives – both on service management as you would expect but also into wider topics such as organisational change.
So, I came back feeling the need to write down how much work people put in – for nothing – last week. I’m not claiming I did that much, but lots of work was put in, and even more commitments made to keep the momentum going and I felt that it was a few day’s work I was proud to have been a part of and an effort worth recording here. In some later blogs I might relate more about other aspects of the trip - like using budget airlines and the change in perspective of value that goes with that.
So – please go read about what we have already managed (6 books published, quarterly magazine, whitepaper competition etc.). You can find out about the books are – and read the magazines for free by going to http://www.itsmfi.org/content/publications. If that gets you interested in how you can get your ideas written up and out there then get in touch. My portfolio responsibility is ‘Authoring’, so I would love to hear from you. We are keen to find new authors, for whitepapers, books or articles – and happy to offer any level of support you might need – from final review through mentoring and even to co-authoring or ghost writing.
By my next blog, I will be back in successful company mode, but it is good to remember that the commercial companies also live in and benefit from the wider community. It is good to see that being recognised through sponsorship and support. IBM sponsored the meeting last year - this time we had support from TSO and BTC. massive thanks to those companies. With more support next year we should have more people and achieve even more.