ITIC

IBM STG Group Posts Positive Gains, Offers Strong Strategy & Growth Roadmap

Laura DiDio — Mon, 12 Dec 2011 18:04:42 +0000

Vendor sponsored Analyst conferences are oftentimes long on self-congratulatory hyperbole and short on substance. That wasn’t the case with IBM’s Systems and Technology Group Analyst conference held last week in Rye Brook, NY.
The STG conference, led by Rod Adkins, Senior Vice President of the STG Group, showcased the division’s solid accomplishments over the last several years and detailed the current and future product roadmap and investment strategy. Investments focused around three major areas: Systems, growth markets and strategic acquisitions. Adkins could have easily added a fourth category: patents. The U.S. Patent Office granted IBM’s STG division 2,680 patents in 2010 and it could exceed that number in 2011. One only has to scan the headlines and peruse the ongoing patent purchasing frenzy and the plethora of lawsuits involving all of the major vendors to realize the pivotal role patents play as both and offensive and defensive weapon. IBM, in its Centenary year, holds more patents than any other U.S. technology vendor.
STG 2011 Milestones
Noting that STG is aligned with IBM’s overall growth strategy, Adkins detailed the division’s milestones throughout the first three quarters in 2011. They included:
• Seven consecutive quarters of growth: Much of the increase was directly attributable to the high end systems such as the System z platform, enterprise storage and high end tower servers.
• The Power Systems platform has won over 2,400 competitive displacements since the 2009 first quarter contributing $2.4 billion in revenue to IBM’s bottom line in the last 36 months.
• The Power Systems momentum continued through Q3 2011, when it won 250 competitive displacements in the quarter and 750 displacements year-to-date, Adkins said. Those new customers netted IBM $740 million in revenue so far this year and boosted Power Systems sales by 15 percent.
• System x server revenue is up 9 percent through the first three quarters of 2011 high end revenue growth of 33% YTD and eight consecutive quarters of double digit growth
• Storage up 12% YTD including storage software over 2,100 new storage customers on the XIV platform.
• Analytics 35% quarterly growth through 3Q11 via Watson, optimized Smart Analytics
• Cloud: revenue thru 3Q more than double same period in 2010; introduced Smart Cloud Entry; cross IBM integrated cloud offerings and new business partner enablement
• Overall, STG represented 27 percent of IBM’s growth markets revenue in 2010.

STG Bolstered by Product Performance, Management Stability
STG’s strong performance, helped boost the company’s stock which is now trading at $194.50, very close to a 52-week high. Big Blue’s across-the-board strong performance got a further lift when it was revealed in November that Warren Buffet, invested $10.7 billion, equal to a 5 percent stake in IBM. Buffet’s investment was no doubt sparked at least in part, by the fact that IBM’s Return on Equity to shareholders is 69.84 percent, according to Capital IQ.
While both IBM and STG’s financials tell a compelling tale, they are not the whole story. IBM in general and STG in particular, clearly owe their strong showing to the features and performance of the products. However, IBM’s ability to deliver strong after-market technical service and support, the stability of its business and its’ ability to steer clear of the management tumult that has plagued rivals like Hewlett-Packard also play a large part in its success.
For the past three consecutive years, IBM AIX and Power Systems have recorded the highest uptime and reliability ratings in ITIC’s annual Server Hardware and Server OS Reliability Surveys. In the latest updated ITIC October 2011 poll, IBM’s AIX v7.1 UNIX OS running on the company’s Power System servers scored the highest reliability ratings and recorded the least amount of overall downtime from Tier 1, Tier 2 and Tier 3 outages among 18 different server OS platforms. Reliability is key metric that contributes to lowering or raising total cost of ownership (TCO).
Corporate customers interviewed by ITIC say they are equally impressed with the quality and celerity of IBM service, support and documentation when IT staff lodge technical support calls.
The stability of IBM’s upper management and its ability to provide smooth, orderly leadership transitions resonates well with customers, Wall Street, press and industry analysts. After a decade as Chief Executive Officer Sam Palmisano will step down and will be replaced by Ginni Rometty, IBM’s senior vice president for sales, marketing and strategy, overseeing IBM’s Global Business Services unit, on January 1.
The solid management also extends to STG. Adkins, a 30 year IBM veteran, has successfully headed the group since 2005 and this plays a key role in customer retention. The STG management team has consistently delivered a clear message that includes tactical product launches and long-term strategic direction. This is stark contrast to the upheavals at competitors like HP and Oracle where tumultuous management changes occur with alarming frequency (HP) and large, often hostile mergers and acquisitions and nebulous product roadmaps (Oracle) have left customers scratching their heads regarding future product directions and undermines confidence.
Nowhere is this more evident than in the well documented and highly publicized disaffection of the Oracle (former Sun Microsystems) SPARC server installed base. IBM’s STG group has been able to exploit that dissatisfaction which accounted for a large portion of the Power Systems and System x’ competitive wins during 2010 and 2011.
Adkins and Steve Mills, Senior VP and Group Executive, in STG Software and Systems also outlined the group’s strategy for gaining new business in the ongoing tough economic climate where IT budgets are static. STG continues to invest heavily in research and development (R&D) to drive efficiencies and economies of scale to assist organizations in reducing IT management and labor costs and to cut power and energy consumption. Depending on the size and scope of the individual customer’s infrastructure and workload, Adkins claims that Power Systems servers running IBM’s DB2 are one-third the cost of Oracle DB. Similarly, he says, the System x can lower management costs by up to 50 percent and IBM’s storage platforms can assist businesses in lowering powering and operating cooling costs by as much as 60 percent.
Analysis
In order to maintain and extend STG’s current level of success through 2012 and beyond, IBM is now tasked with topping itself.
STG executives should continue to focus on:
• Differentiating the products: STG is a large group that encompasses servers, storage, cloud computing, software and systems offerings. It’s easy for even stalwart IBM customers to be overwhelmed by the sheer number of products and announcements. The STG Group must strive to highlight the most important product updates and announcements to customers. C-level executives and IT departments are overwhelmed by too much information. IBM’s STG group should emphasize the two or three most crucial products and services per quarter and communicate that via their sales and reseller channels and user groups. IBM has always been good about providing guidance but it must do even better.
• Delivering competitive acquisition, licensing and technical support costs: The biggest singular criticism leveled at IBM is the high cost of its after-market technical service and support. No one expects IBM to offer superior services at Flea Market prices. However, IBM has one of the largest service and support organizations in the world. IT could and should build goodwill in 2012 by offering special promotions, discounts and bundled incentives to loyal STG customers and prospective customers. A sizeable segment of the end user population is currently and will be strapped for capital expenditure funds for the foreseeable future.
• Appeal to Small and midsized businesses: IBM is well entrenched among large enterprises in high profile verticals like financial services, healthcare and government, to name just a few. Small and midsized businesses however account for nearly 60 percent of all businesses. SMBs with fewer than 300 users lack the clout and deep pockets of their enterprise peers. Nonetheless, their numbers and capital and operational expenditure power are enormous – particularly in emerging geographical regions like Africa, which is a big focus for IBM’s STG group. Indeed there are many SMBs in IBM’s vertical bailiwicks. IBM, its current and potential customers would all be well served by the availability of specific purchasing and licensing programs that provide aggressive entry-level price points and value-added licensing deals for SMBs.

IBM, Stratus, Microsoft Score High Marks in ITIC Fall 2011 Global Reliabillitty Survey

Laura DiDio — Mon, 12 Dec 2011 16:45:25 +0000

For the third year in a row, IBM AIX v7.1 UNIX operating system (OS) running on the company’s Power System servers scored the highest reliability ratings and recorded the least amount of overall downtime from Tier 1, Tier 2 and Tier 3 outages among 18 different server OS platforms.
Over three-quarters or 78% of survey respondents indicated they experienced less than one of the most prevalent, minor Tier 1 incidents per server, per annum on IBM’s AIX v. 5.3 and AIX v 7.1 distributions. An 83% majority of IBM AIX v 7.1 and Novell SUSE Enterprise Linux Server 11 and 82% of Windows Server 2008 R2 survey respondents indicated their organizations experienced less than one unplanned, severe/lengthy Tier 3 outage per server, per annum (See Exhibit 1).
Microsoft’s Windows Server 2008 R2 (which scored the biggest year-over-year reliability gains), and Novell’s SUSE Enterprise Linux Server 11 closely challenged IBM’s AIX v 7.1 server OS reliability and uptime – particularly with respect to the most severe and costly Tier 3 outages. Unplanned Tier 3 outages – whether manmade or as the result of a disaster — typically cause downtime in excess of four hours. There is widespread disruption of applications and network operations; customers and business partners are frequently impacted and Tier 3 incidents will almost always require remediation by a significant portion of the IT staff.
Those are the results of the ITIC 2011 Global Server Hardware and OS Reliability Survey. ITIC partnered with GFI Software (formerly Sunbelt Software) to conduct this independent Web-based survey. It polled C-level executives and IT managers at over 500 corporations from 23 countries worldwide from November 2010 through April 2011. ITIC updated and revised the survey in October 2011. And while the results of this latest survey were very similar, they also reflect the turmoil and controversy surrounding some of the vendors – most notably Hewlett-Packard and Oracle – that have the potential to impact reliability in the future.
On the server hardware side, IBM, Stratus Technologies, Fujitsu and Hewlett-Packard servers (in that order) were the four most reliable platforms, achieving an average 99.99% or 99.999% uptime per server, per annum. That equates to 5.25 minutes (99.999%) to 52 minutes (99.99%) of unplanned per server annual downtime.
The survey data indicated that the inherent reliability and uptime of all the major server OS and server hardware distributions has improved significantly over the past several years. In particular, IBM AIX and Novell SUSE Linux Enterprise Server consistently have maintained the highest reliability scores their platforms recorded in the prior ITIC 2008 and 2009 Global Server Hardware and Server Operating System surveys. IBM AIX and Novell SUSE users also praised the manageability and technical service and support available for those server operating systems.

Microsoft’s Windows Server 2008 and Windows Server 2008 R2 scored impressive reliability gains in the 2011 survey compared to the prior 2008 and 2009 polls. Survey respondents now rank Windows Server 2008 R2 as among the top three most reliable, mainstream server operating systems. Windows Server 2008 R2’s reliability renaissance is especially impressive since Microsoft’s Windows Server OS noticeably lagged behind the majority of the UNIX, Linux and Open Source distributions in the ITIC/Sunbelt Software (now GFI Software) 2008 and 2009 Server Reliability surveys. Among the other survey highlights:

• Security: The biggest surprise of the survey was the strong security showing by Windows Server 2008 R2
• Highest Percentage of Severe Tier 3 Outages: Oracle’s Solaris 10 running on SPARC hardware had the highest percentage of survey respondents — 16% – who said they experienced at least three and more than 12 unplanned per server, per annum prolonged Tier 3 outages lasting more than four hours.
• Lowest Percent of Severe Tier 3 Outages: By contrast just 5% of both IBM AIX v 7.1 and Microsoft Windows Server 2008 R2 survey participants reported experiencing at least three and more than 12 unplanned per server, per annum Tier 3 outages of more than four hours duration.
• Integration and interoperability issues: (e.g., incompatible drivers) and problems applying patches are the most common culprits of protracted, unplanned downtime. These problems are exacerbated when IT managers are forced to spend valuable time searching for fixes, or if the vendor has not yet recognized the issue and there is no fix.
• Server Age: A 57% majority of respondents said their servers – particularly the critical main line of business servers — are between one and three years old. Keeping the server hardware updated has a major impact on reliability. One-in-five survey respondents – 20% – said their servers were three-to-four years old.
• Server Refresh Rates: One-quarter – 25% — of businesses refresh their main line of business server hardware “as needed” and 10% said they upgrade a portion of their servers annually. However, 17% of survey participants said their organizations refreshed their main line of business server hardware every five-to-six years and another 15% indicated they had no specific timetable.

ITIC Survey Finds CRM Usage Soars Among SMBs, SMEs

Laura DiDio — Wed, 27 Jul 2011 13:21:08 +0000

Thanks to the 300 of you who took time out of your busy schedules to respond to the joint ITIC/GFI survey on customer relationship management and for OSF-Global in assisting us in composing the questions.
The survey results showed that nearly three-quarters – 74% — of companies are currently using a CRM solution and 57% of survey participants revealed that interest in CRM is increasing significantly. And perhaps most surprising, a 52% majority of survey respondents said they use more than 51% of their CRM solution’s functionality; of that number 18% utilize over 75% of CRM features.
CRM Usage Soars Among SMBs and SMEs
Customer relationship management (CRM) solutions long a staple in large enterprises are now also being widely embraced and deployed by small and mid-sized businesses to more efficiently track and manage businesses’ interactions with customers and partners.
The survey addressed broad ranging issues including CRM deployment trends, timetables and specific vendor products; the issues that propel and/or impede CRM deployment and usage; the types of CRM deployed: On-premise, SaaS, cloud or a combination and the benefits derived from a CRM solution by the company as well as the company’s customers
Overall, the survey results indicate that there is continued widespread support for and adoption of, CRM solutions. Half of the survey respondents – 50% — said they are analyzing or evaluating CRM solutions with an eye towards adoption while another 20% indicated they plan to install a CRM solution within the next six to 12 months. Interestingly, 26% of the survey participants indicated they’ve used a CRM solution for over 10 years. Ironically, an equal 26% of respondents revealed they do not currently use CRM.
Nearly three-quarters or 73% of the 74% of businesses that currently utilize a CRM solution reported that deployment and maintenance generally been smooth and free of any major deployment and maintenance problems. Some 26% of survey participants said they encountered “no problems” while another 47% of participants said they encountered only the “usual migration issues associated with new deployments.”
Survey Highlights
Among the other survey highlights:
• Among the 26% of respondents who are not currently using a CRM solution, the main impediments are:
• Cost – 57%
• No compelling business reason – 50%
• Unsure of what value it would provide – 50%
• Complexity – 43%
• Salesforce.com; Sage, Microsoft Dynamics, Sugar CRM and Oracle/Siebel were the most popular CRMs
• A 57% majority of participants said they are using or plan to deploy an on-premise CRM. This was followed by 18% of firms that indicated they are or will deploy a cloud-based CRM solution; 10% who say they are using or will implement a SaaS CRM and 15% who will use a combination of on-premises, cloud or SaaS CRM solution.
• An 86% majority of respondents cited Features/performance as the factor that most influenced their CRM purchasing decision. This was followed by 74% of respondents who checked off cost; while 71% said Ease of Use influenced their purchasing decision.
• Six out of 10 companies – 60% use only internal IT resources to deploy their CRMs; 31% use a combination of internal resources and external consultants or Systems Integrators
• A 52% majority of survey participants said they use >51% of their CRM solution’s functionality; of that number 18% utilize >75% of CRM features
• Nearly two-thirds of respondents – 62% — say that “upper management leads by example, using CRM, touting its benefits” in order to encourage employee usage
• On-premise CRM is the most popular choice among 57% of respondents

As with any poll, the survey did elicit some surprises. Foremost among these was the fact that organizations utilize a higher percentage of the inherent CRM solution’s functionality than previously thought. There is a long held perception that a significant portion of corporate end users find CRM packages too complex and fail to take full advantage of their features or avoid using them altogether. Failure to use a CRM solution not only squanders the corporation’s investment in the technology but it can also result in less efficiencies in tracking and managing customer relationships, with the unhappy consequence of making the end users less productive and their companies less competitive.
The survey findings contradicted those perceptions. A 52% majority of participants said that their businesses used 50% or more of their CRM’s functionality. However none of the respondents said they utilized “all” of the CRM’s functions. And nearly two-thirds or 60% of survey respondents indicated that in order to maximize CRM usage within the organization, senior executives lead by example and use it themselves.
As with any technology, CRM does present some challenges for would-be adopters. Foremost among these are: cost, complexity, ease of use and ease of manageability. Over half of the respondents revealed that they were using the “CRM-like” capabilities within Microsoft Office to achieve baseline CRM functions.

Spring 2011: Hackers Had a Bonanza

Laura DiDio — Thu, 23 Jun 2011 16:04:58 +0000

Hackers have had a bonanza in April, May and June
(so far). Nary has a day gone by without news of yet another major attack.
Here’s a partial list of some of the most publicized hacks of the last
10 weeks:

RSA
Security: On April 1, in a move akin to raiding Fort Knox,
RSA’s Secure ID technology (one of the industry’s gold standards in security
software) was hacked. RSA executives described the hack as “very
sophisticated.” They characterized it as an advanced persistent threat
(APT)-type targeted attack. It used a routine tactic – a phishing Email that
contained an infected attachment that was triggered when opened.
Epsilon: This Irving, TX –based company handles
customer email messaging for over 150 firms, including large banks and
retailers like Best Buy, JPMorgan Chase, Citigroup and L.L.Bean. In April,
millions of consumers learned that Epsilon’s networks were breached when they
received Emails from their banks and credit card companies informing them that
the hack might have exposed their names and Email addresses to the hackers.
Epsilon released a statement assuring consumers that only Email addresses and
names were compromised and that no sensitive data was disclosed.
Sony:
Sony’s
PlayStation gaming network suffered a series of massive security attacks in
April/May that affected more than 100 million online accounts and shuttered the
site for days. Sony executives estimate the hacks cost the Japanese electronics
firm $170 million.
Lockheed
Martin: On May 21, the aerospace giant released a statement
saying its internal information systems network had been penetrated by what it
called a “significant and tenacious” attack. The company declined to
divulge details other than stating that “no customer, program or employee personal
data had been compromised.”
Public
Broadcasting System: the PBS website was hacked in mid-May
and the perpetrators planted an erroneous story stating that deceased rapper Tupac
Shakur was alive in New Zealand. The group that claimed credit for the hacking was
apparently unhappy about PBS’ recent “Frontline” investigative news program on
WikiLeaks.
Google:
At least 84 instances of malware have been discovered in the company’s Android
Market app store in the last three months. In March Google removed 50
applications from the store that contained malicious code embedded in
legitimate applications. Over the Memorial Day weekend Google was forced to
pull an additional 34 smart phone applications off Android Market because of
suspected malware infections. Google’s security woes don’t stop there. In early
June, Google disclosed that Chinese hackers targeted the email accounts of top
U.S. officials and hundreds of other prominent people in a fresh computer
attack certain to intensify growing concern about the security of the Internet.
The victims, including government and military personnel, Asian officials,
Chinese activists and journalists, were tricked into sharing their Gmail
passwords with “bad actors” based in China, according to a Google
blog post. The attack’s goal was to read and forward the victims’ email.
Apple
(yes, Apple!): The Mac OX X 10.x OS has been under attack for
the last month from the malicious Mac Defender/Mac Guard malware. A few days
ago, Apple engineers released a fix and 24 hours later the hackers struck again
with a new virus variant called Mindinstall.pkg which is specifically designed
to bypass Apple security.

Security Wars: Time to Use Continuous Monitoring Tools to Thwart Hackers

Laura DiDio — Thu, 23 Jun 2011 16:01:03 +0000

It’s time for corporations to wise up and use the latest, most effective weapons to safeguard and secure their data.
High tech devices, software applications, Emails, user accounts, social media and networks – even those presumed safe — are being hacked with alarming alacrity and ease.
Security tools, encryption and updating your networks with the latest patches are certainly necessary, but they are not enough. Corporations must arm themselves with the latest security tools and devices in order to effectively combat the new breed of malware, malicious code and ever more proficient hackers. I’m referring to the new breed of continuous monitoring tools that identify, detect and shut down vulnerabilities before hackers can find and exploit them.
In the late 1980s – the “early days” of computer networking hacking was a means to an end. The modus operandi of hackers, (usually white males in their teens and twenties) was to perfect their skills, perform a high profile penetration, claim it was a mistake and then land a well paying job with a legitimate security company. Many of today’s hackers are professionals who operate within an organized ring. Hacking is the means and the end. It’s an extremely lucrative business.
“The hackers have upped their game,” says Stu Sjouwerman, founder and CEO of KnowBe4, a Clearwater, FL company that trains corporate knowledge workers on how to avoid spam, phishing, spear phishing and social engineering hacks. “Hackers have gone completely professional. They’ve graduated from identity theft to full-fledged Internet bank robbery or cyber heists. There are now highly organized computer security “Mafias” in Eastern Europe, Russia, the Ukraine and Romania that employ highly qualified computer science majors who do nothing but hack. Most companies are woefully ignorant and unprepared to deal with the new threats,” Sjouwerman asserts.
On June 1, 2010 The National Institutes of Standards and Technologies (NIST) published new guidelines that require enterprises to engage in continuous monitoring of their networks. These guidelines are based on a wealth of real-world experience, and highlight the necessity of using new tools to facilitate implementation, says Major General John P. Casciano, USAF-Retired served as director of intelligence, surveillance and reconnaissance, deputy chief of staff, air and space operations, Headquarters U.S. Air Force, Washington, D.C. He is currently President and CEO of GrayStar Associates LLC, and consults on Cyber Security issues.
“ In the dynamic and ever- changing network, continuous monitoring simply can’t be performed manually; it must be supported by software that provides powerful new weapons with which to successfully defend and thwart attacks,” Casciano says.
Continuous monitoring encompasses both a new approach as well as new products and tools is a preventive and prescriptive measure. It Continuous monitoring enables organizations to detect threats as they occur, and most importantly to identify vulnerabilities that can be mitigated or plugged in advance of a cyber “intrusion” or “attack.” The NIST guidelines are based on a wealth of real-world experiences. These include “routine” attacks launched on individuals’ online social media accounts like Facebook and Twitter. Each day the headlines deliver yet another sobering call for corporations and consumers alike to wise up and defend their data.
We all know that there is no such thing as a 100% hack proof network, application or device. Hacks from malware (phishing, Trojans, bots, worms, zombies et al) to exploits that result in forgotten back doors to targeted corporate espionage are facts of 21st Century computing life.
Hackers are more organized and the attacks themselves are becoming more sophisticated and more pernicious. They use the Internet as a superhighway to circumnavigate the globe faster than you can say “Magellan.” What’s worse, the hackers are aided and abetted by corporations with lax, porous and often outdated computer security measures. Consumers too, are often the hackers’ best helpmates particularly when they don’t keep their anti-virus and firewalls up-to-date and don’t check the privacy settings on the many social networking sites they frequent!
Security experts warn that malware is proliferating at the astounding rate of 73,000 new threats cropping up on a daily basis; a 26% increase over the 2010 statistics. Even if we apply the 10/90 rule: 10% of all malware and rogue code is responsible for 90% of the damage, the upswing in security threats is alarming.
Unfortunately, corporations and consumers tend to get complacent in the absence of a data breach that directly impacts them or their organizations. It’s easier to rationalize and downplay the very real security threats and delay implementing the necessary proactive measures. It takes headlines or more recently those messages appearing with alarming regularity in our personal Email boxes to give us all a much needed jolt. Computer, cell phone/smart phone, notebook, tablet and networking security are fragile, ephemeral and fluid. Meaning the risks are always present and exploits are always lurking and waiting to happen.
This is War: Continuous Monitoring, the Latest Weapon in the Ongoing Security Battle
In response to the growing cyber-threat, United States Senators John Kerry and John McCain have introduced a bi-partisan online privacy bill designed to protect and control personal information. If the legislation passes it will prohibit the collection and sharing of private data by businesses that have no relationship to the consumer for purposes other than advertising and marketing.
The 2010 Verizon Data Breach Investigations Report, released last July and based on a first-of-its kind collaboration with the U.S. Secret Service, found that breaches of electronic records last year involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups.
The report cited stolen credentials as the most common way of gaining unauthorized access into organizations in 2009, pointing once again to the importance of strong security practices both for individuals and organizations. Organized criminal groups were responsible for 85 percent of all stolen data last year, the report said.
The stories behind the statistics are even more alarming. Hackers collaborating via the Web and forming their own online communities to exchange data and perfect hacks, And now they’re moving from V2P: virtual to physical, with entire communities – most prominently in Eastern Europe devoted to the pursuit of career cracking. The city of Râmnicu Vâlcea, population 120,000 and located three hours outside of Bucharest in the Transylvania Alps has been dubbed “Hackerville” by global law enforcement agencies. The town is brimming with cyber crooks that specialize in targeted corporate malware attacks and Ecommerce scams. Business is so profitable that the town is home to luxury car dealerships and apartment buildings and upscale restaurants, shops and nightclubs. The town’s reputation as a malware maelstrom has become so notorious that it was the subject of a feature article in the March issue of Wired Magazine.
The real lesson of the Verizon Business Data Breach Report and even Hackerville is that the overwhelming majority of data breaches can be thwarted if companies establish and follow good computer security practices and back these up with the latest technical weapons. Astoundingly, only four percent of breaches assessed in the Verizon Business Data Breach report required difficult and expensive protective measures. The report further claimed that 87% of attacks could be prevented using simple, proactive measures.

The 2010 Verizon report concluded that being prepared remains the best defense against security breaches. For the most part, organizations still remain sluggish in detecting and responding to incidents. Nearly two-thirds of breaches — 60% — continue to be uncovered by external parties and then only after a considerable amount of time. And while most victimized organizations have evidence of a breach in their security logs, they often overlook them due to a lack of staff, tools or processes.
Casciano maintains that any corporation that is serious about creating and maintaining a secure environment needs to deploy continuous monitoring tools. Right now there are two types of continuous monitoring devices: “those that address what’s going on in the enterprise and identify vulnerabilities and those that enable companies to plug holes and correct vulnerabilities in advance so the attack is not effective,” Casciano says. There are several companies that address this emerging market segment. Veteran security firm ArcSight which was acquired in 2010 by Hewlett-Packard Co. and the Einstein Program developed by the Dept. of Homeland Security produce products that enable businesses to identify the potential weak spots in their networks. Other companies like RedSeal in San Mateo, CA and the Security Content Automation Protocol (SCAP) address the rapidly emerging secure product class of both identifying and closing the holes in the network.
RedSeal’s Systems Network Advisor v4.1 and Vulnerability Advisor v4.1, for example, are near real-time risk management solutions that use network and vulnerability data to determine risk and provide prioritized remediation recommendations. RedSeal security packages allow organizations to assess and strengthen their cyber defenses. Unlike systems that detect attacks once they occur, RedSeal identifies holes in the security infrastructure that create risk – before they are discovered by hackers.
Casciano says organizations must utilize both types of continuous monitoring. The products in the first group (HP’s ArcSight and the Einstein Program) provide business with “tactical warnings and a snapshot in time of the activities within the IT enterprise” so that management can react to specific events. The second class of products (RedSeal and SCP) “exposes the strengths and weaknesses of the entire IT enterprise, identifies potential avenues of attack and enables management to take defensive actions well in advance of an attack,” Casciano notes.
Ultimately though, computer security products represent only half the solution. The other 50% is human element. Companies and their IT departments must construct strong computer security policies and procedures, disseminate them to the entire staff and employee population and enforce them. In an age where hackers’ ranks are swelling and successful penetrations are increasing, corporations would be wise to arm themselves with the continuous monitoring tools to thwart cyber terrorists.
Ask yourself: “What have you got to lose?”

2011 in High Tech YTD Part 3: Cisco Pulls Plug on Flip, Focuses on Core Competencies

Laura DiDio — Fri, 06 May 2011 17:27:40 +0000

Cisco Pulls the Plug on Flip
Following two consecutive fiscal quarters, Cisco Systems shocked the industry three weeks ago with the news that it will cease to manufacture its popular Flip video camera and will lay off the division’s 550 workers, substantially reducing its consumer businesses.
Also within the past two weeks, Cisco unveiled a voluntary retirement program aimed at workers 50 years old whose age plus tenure at the company equals 60; these workers have from May 10 through June 24 to opt in. This is the first time in two years that Cisco instituted such a cost cutting policy.
Cisco recently hired Gary Moore as Chief Operating Officer to fine tune its re-focused initiatives.
Then yesterday (May 5) Cisco, headquartered in San Jose, CA announced more dramatic actions to get back on track. With its heretofore unchallenged dominance in networking switches and routers, now under attack by Arista, Hewlett-Packard, Juniper Networks and others, Cisco announced it is reorganizing and streamlining its management operations and structure. In the past year, Cisco (like many high tech Titans) has seen a number of key executives defect to rivals. Longtime CEO John Chambers acknowledged in an April memo that the departures had slowed decision-making and caused lapses in operational execution. The net result: confusion among customers, dissension among company investors and lots of worry on Wall Street.
Yesterday’s initiatives are aimed at simplifying and re-focusing the company’s focus around its core competencies in switches and routers, even as Cisco eyes transitioning those products to the cloud. Going forward, Cisco will re-organize operations around specific geographic areas and customer segments. Chambers believes this will enable mid and lower level managers to make decisions autonomously and respond more swiftly to customers and changing market dynamics.
“It’s time to simplify the way we execute our strategy, and today’s announcement is a key step forward,” Chambers said in a prepared statement.

Cisco identified five areas of growth that are crucial to its success. They include: routing, switching and services; video; collaboration and Web-conferencing offerings; data-center virtualization and cloud computing, which are technologies that help companies outsource and streamline computing operations; and architectures for business transformation.
Cisco also unveiled some management changes. Senior vice presidents Pankaj Patel and Padmasree Warrior—who is also Cisco’s chief technology officer—were named to co-lead Cisco’s engineering group.

What the Moves Mean

Cisco has grown rapidly in the past decade, in large part through a flurry of well timed and targeted acquisitions. Unlike HP and Oracle, which are known for gobbling up very large competitors, Cisco’s Chambers prefers to acquire small and midsized firms that can boost Cisco’s presence in a particular market arena. This strategy has served Cisco well. It’s issued far fewer pink slips to employees than either HP or Oracle who have cut tens of thousands of workers in the past several years as they’ve absorbed industry giants. At the same time though, Cisco’s stock has been stagnant. As of today Cisco’s stock is at $17.62 which is at the bottom of its 52-week range of $16.52 to $26.80. On the plus side its profit margin is still a healthy 17.89% and its operating margin is a robust 21%. However, return on assets is only 7%, although return on equity is a respectable 17.38%. Chambers has always been fiscally responsible and it shows in the balance sheet. Cisco has $40.23 billion in cash and just $15.24 billion in debt.

Cisco will report its fiscal third-quarter earnings report next week. Wall Street, investors and competitors will be watching closely. It is imperative that Cisco jumpstart its momentum in switches and routers and repel rivals. Cisco must also score a big win with its cloud initiative. It’s no secret that nearly all the top tier high tech vendors are aiming for a dominant position in this emerging market. Financial analysts are openly wondering how long Chambers can hold out before he’s forced to lower prices on Cisco’s networking gear. Cisco must also executive and defend its position in its stated five core product/technology priorities: switches and routers; cloud computing and data centers; “architectures” (network design) and video.
As we said at the beginning of this article, all of the executive personnel and product changes underscore increasingly cutthroat, competitive market conditions. To stand still and do nothing is to fall by the wayside and effectively be shut out of the race.

2011 in High Tech YTD Part 2: Management Shakeups at Google, HP, Microsoft etc.

Laura DiDio — Fri, 06 May 2011 16:36:25 +0000

Revolving Door
In contrast to Apple’s stunning success, the first calendar quarter of 2011 was a revolving door for other Silicon Valley companies and executives. There were management shifts, shakeups and ousters at Advanced Micro Devices (AMD), Google, Hewlett-Packard (HP) and Microsoft. They were variously aimed at jumpstarting product momentum (AMD, Microsoft), polishing a tarnished image and placating stockholders (HP) and providing an orderly transition of power (Google).
You need a scorecard to keep up with all the comings and goings.
AMD’s board ousted chief executive Dirk Meyer in mid-January after only 18 months on the job. It then appointed Senior Vice President and CFO Thomas Seifert, as interim CEO while the search goes on for a permanent chief executive. Siefert continues as chief financial officer and says he does not want to be considered for the permanent CEO position. This is probably a smart move. AMD’s flamboyant co-founder Jerry Sanders spent 33 years as CEO (1969 to 2002), but everyone who’s followed has had a short tenure.
The challenge for any AMD chief executive is to jumpstart momentum and somehow find a way to gain ground on perennial logic chip front runner Intel and Nvidia which dominates the mobile (Tegra 2) and graphics chip market. AMD’s Opteron dual and quad-core processors and the mobile and graphic chips which it acquired in its 2006 purchase of ATI are all solid offerings. However, AMD’s former CEO Hector Ruiz and Meyer elected to focus on optimizing their chips for traditional notebooks instead of the lightweight mobile devices and tablets that are stars in today’s markets. According to statistics published by International Data Corp., Intel’s share of the PC and server chip market is approximately 81% compared with AMD’s 19%.
AMD continues to shuffle its executive ranks. In February, two senior executives, Bob Rivet, executive vice president and chief operations and administrative officer, and Marty Seyer, senior vice president of corporate strategy, also resigned. In late March the company named former HP executive Mike Wolfe as its new chief information officer. Prior to joining AMD, Wolfe served as vice president of information technology for product development and engineering at HP. Wolfe is now responsible for managing AMD’s global technology infrastructure. Ironically, AMD’s former CIO Ahmed Mahmoud, who departed in 2010, went to HP where he is currently the Senior Vice President of the global information technology group.
HP Still Hurting from Hurd Scandal
HP has also had its share of executive shakeups in 2011. All of them stem from the continuing fallout from former CEO Mark Hurd’s exit last summer. The reverberations have tainted the company’s once pristine image and they are as toxic to HP as the radiation leaking from Japan’s Fukushima nuclear power plant. Hurd left under a cloud of scandal amidst charges of sexual harassment and dodgy expense accounting related to an undefined but inappropriate relationship with a female contract employee. A scant week after Hurd’s departure which included a platinum severance package worth $44M — a group of HP shareholders filed suit. The suit alleges that HP board members are guilty of “gross mismanagement and waste of corporate assets.” They claimed the board put the shareholders’ finances at risk by failing to disclose the charges of sexual harassment against Hurd. It sounds reasonable. What’s particularly galling to shareholders and rank and file employees is that Hurd got rewarded for his bad behavior after he spent the last several years cutting tens of thousands of workers from HP’s payroll.
In January, HP replaced four of its board members and added an additional director to the board. The departing HP board members are Joel Hyatt, John Joyce, Robert Ryan and Lucille Salhany. They are replaced by Shumeet Banerji, chief executive officer of Booz & Company; Patricia Russo, former CEO of Alcatel-Lucent; Gary Reiner, former CIO at GE; Dominique Senequier, CEO of AXA Private Equity and Meg Whitman, former president and CEO of eBay Inc.
The new board members provide HP with diversity and wide ranging experience. By overhauling its board, HP seeks to mollify outraged shareholders and distance itself from the Mark Hurd debacle. This is no easy task. HP launched its own investigation of Hurd’s departure. It will be conducted by CEO Leo Apotheker, the new board members and outside legal counsel. Apotheker has wasted no time assembling his team. On April 18, HP announced that Thomas Hogan, who headed the company’s enterprise business sales and marketing, will leave on May 31 to “pursue other interests.” Hogan’s replacement is Jan Zadak (a former Compaq executive). Zadak is presently the managing director for HP’s Europe, Middle East and Africa (EMEA) operations. In mid-April, HP also appointed Marty Homlish as executive VP and chief marketing officer. Homlish will be responsible for overseeing and leading marketing across the company and will become a member of the company’s Executive Council, reporting directly to Leo Apotheker. Homlish and Apotheker worked together before at SAP AG, where the latter was CEO. Prior to joining HP, Homlish spent 10 years at SAP AG, where he served as the global chief marketing officer and corporate officer, as well as president and CEO of SAP Global Marketing, Inc.
There was also a seismic (though amicable) shift at search engine market leader Google. The company announced in January that Eric Schmidt would relinquish his CEO post in April in favor of company co-founder Larry Page. Page took over in early April and immediately reshuffled managers and the reporting structure.
The CEO change at Google is prompted by the desire to aggressively expand into new markets. Page is going to have to prove himself. Wall Street is nervous. In the wake of continuing skirmishes with leading vendors including Microsoft and Apple and latest and somewhat disappointing financials reported on April 14, many on Wall Street are concerned about Google’s prospects. They question the company’s aggressive spending spree. Months ago Google announced plans to hire 7,000 to 10,000 new workers; hand out 10% company-wide salary increases and aggressively pursue new business. That includes technology expansion into everything from smart phones to social networking to mobile and expensive marketing campaigns.
In its latest quarter, Google reported expenses of $2.84 billion; a 54% increase from the prior year. While revenues in the latest quarter ended March 31 rose by 29%, Google’s stock price has decline by nearly 9% since January when it announced that Schmidt was stepping down as CEO. The decrease has wiped out roughly $12.5 billion from Google’s market capitalization which now stands at $173.09 billion (still one of the best in the industry). Google remains the dominant player in the search engine arena with a commanding 65% market share. Its next closest competitor is Microsoft’s Bing which has about 14% and Bing is linked to Yahoo which has another 16% for a combined share of 30%. Google’s Android mobile operating system meanwhile remains the undisputed market leader with a solid 45% market share; twice that of its nearest rival Apple’s iOS.
“Dog Wars” Android App Bites Google’s Image
Meanwhile, Google faces growing and well deserved criticism by the Humane Society, the ASPCA and animal rights activists who are outraged over an Android application called “Dog Wars.” The video game built by Kage Games glorifies dog fighting and depicts a bloodied pit bull next to the game’s logo on Kage’s website. Humane Society President Wayne Pacelle said in a prepared statement that “Dog Wars” could be used as virtual training ground for would-be dogfighters. Even Philadelphia Eagles quarterback Michael Vick who spent 18 months in prison after being convicted of illegal dogfighting, condemned the Android application. “I’ve come to learn the hard way that dogfighting is a dead-end street,” Vick said in a statement posted on the Humane Society’s website. “Now, I am on the right side of this issue, and I think it’s important to send the smart message to kids, and not glorify this form of animal cruelty, even in an Android app.”
Google ducked the issue for two weeks before it was finally pulled from Android Marketplace. on April 28. This incident also shines the spotlight on a larger issue: as Google further expands into the gaming industry via the number one Android operating system, will profits win out over principles and ethics? To further extend the Android mobile OS and solidify its lead, Google launched the new “Games at Google” gaming unit and they are seeking a Product Manager to fill the post. Let’s hope it top management provides some much needed ethical oversight.

Changes are also afoot at Microsoft. In late January CEO Steve Ballmer announced the departure of 23 year veteran Bob Muglia who successfully ran the company’s very profitable Server and Tools business. Under Muglia’s direction, STB recorded a $1.63 billion operating profit on sales of $3.96 billion in the prior fiscal quarter. Muglia will leave sometime this summer. To date, Microsoft has been mum about his replacement and while the company isn’t saying anything publicly word inside the company is that Ballmer forced Muglia out to accelerate Microsoft’s cloud strategy.
Whether or not that’s the case, Ballmer should speed up the search for Muglia’s successor and plug the gaping holes left by other very visible departures. They include: Brad Brooks, a corporate vice president in the Windows consumer marketing group who left to work for Juniper Networks; Matt Miszewski, the general manager of Microsoft’s government business who is taking an executive post Salesforce.com and Johnny Chung Lee, the infamous Wii hacker who partnered with engineers in Microsoft’s Applied Sciences group to develop the Kinect for the Xbox 360. Lee is defecting to Google. Ouch! The Kinect motion camera has been an unqualified success for Microsoft. It sold eight million units in the first 60 day. Microsoft is also betting heavily on its Windows Phone 7, which has garnered generally positive reviews. Microsoft says it has sold over two million units to date but it isn’t clear how many of those units (which have been shipped to partners) have actually been sold. Microsoft will have to bring its “A” game to challenge Android-based smart phones, Apple’s iPhone 4 and RIM’s Blackberry.

20011 YTD in High Tech: Bold Aggressive Actions

Laura DiDio — Fri, 06 May 2011 15:45:03 +0000

It’s hard to believe but the first quarter of 2011 is now a memory and we’re well into spring. The tone for the year in high technology was set in early January: fast, bold, aggressive action and sweeping management changes.
In the first four months of the year high tech vendors moved quickly and decisively to seize opportunities in established sectors (smart phones, virtualization, back-up and disaster recovery) and emerging markets (cloud computing, tablet devices and unified storage management). As 2011 unfolds, it’s apparent that high technology vendors are willing to shift strategies and shed executives in order to stay one step ahead of or keep pace with competitors. The competition is cutthroat and unrelenting. No vendor, no matter how dominant its market share, how pristine its balance sheet or how deep its order backlog and book to bill ratio dares relax or rest on its laurels for even a nanosecond.
Recaps of some of the year’s highlights thus far are very revealing.
January lived up to its reputation for sweeping out the old and ushering in the new. The first four weeks of the year were hell on top executives. Advanced Micro Devices (AMD), Apple, Google, Hewlett-Packard and Microsoft all had shake-ups in their management ranks, albeit for very different reasons.
Apple delivered the first jolt early in the month. In a well orchestrated announcement (on the Martin Luther King holiday, a slow news day, and just in advance of its second quarter earnings release) the company said founder and chief executive Steve Jobs, the architect of Apple’s renaissance, would take a leave of absence for an undisclosed period of time to focus on his health. Tim Cook, Apple’s chief operating officer will serve as the interim CEO and he is most likely to inherit the top spot if Jobs doesn’t return.
News of Jobs’ departure was not entirely unexpected. He’s battled serious health problems for the past several years which necessitated a prior medical leave. Industry watchers greeted the news with gloom and dire prognostications. The fears were assuaged somewhat when Jobs made two high profile appearances. He was among a select group of Silicon Valley luminaries who dined with President Barack Obama in mid-February. More importantly though Jobs was on hand to launch the iPad 2 at Apple’s March 2nd press conference. This was an encouraging sign for Wall Street and industry watchers. They constantly wonder: can Apple continue to maintain its incredible momentum and success absent Jobs’ leadership, creative genius and vision with “just” an ops guy (Tim Cook), no matter how smart and accomplished? The answer for the first fourth months of 2011 is a resounding “Yes.”
The fears concerning Jobs are not wholly unreasonable. However, based on Apple’s continuing strong performance across all market sectors in which it participates, it would take freight train to blunt the Cupertino firm’s momentum. Apple’s iPhone powered by the iOS mobile operating system is one of the top three smart phone platforms along with devices powered by Google’s Android and Research In Motion’s BlackBerry. On the tablet front, Apple is the preeminent vendor with a dominant 65%+ market share. This won’t change anytime soon. Despite some early problems with light leakage on its displays, demand for the iPad 2 is robust – outpacing even its predecessor, the original iPad. The first shipment of iPad 2s sold out within the first 24 hours of its availability on March 11 at all of the 220 Apple stores in the U.S. Over a month later, the current order backlog for online sales stands at one to two weeks.
At press time, Apple’s stock was hovering at about $347 – which is on the high end of its 52-week range of $199.25 – 364.90. Apple’s sales for its last fiscal year, ended Sept. 30 2010, were $65.2 billion a little more than half of the $126 billion in annual revenues that HP recorded in its most recent fiscal year and approximately two-thirds of IBM’s revenues of $99.9 billion in FY 2010, while. A recent survey of financial and industry analysts conducted by Thomson Reuters forecasts that Apple’s fiscal 2011 revenues could rise by over 30% to $99.94 billion and reach $117.77 billion in fiscal 2012 for a very impressive two-year compound annual growth rate of 34.4%.
Location, Location, Location
Apple’s sales are on fire because their products are cool.
This is a big reason why Apple’s reputation hasn’t suffered much from the so-called “Locationgate” flap that cropped up in the last two weeks. The core issue is that unbeknownst to users Apple’s iOS was recording and storing all the details of all the places they visited via their iPhones and iPads. Apple was mum for a couple of weeks and then finally on April 27 the company issued a statement clarifying the situation.
First, Apple acknowledged that this was a bug and would be rectified. Next Apple said that the devices were not tracking the users’ movements but rather “maintaining a database of Wi-Fi hotspots and cell towers around your current location that is then used by your iPhone to rapidly and accurately calculate its location when requested.” The data is then downloaded by the user’s iPhone or iPad. The bug occurs because the iPhone continues to maintain the cache of data even after the iOS Location Services are switched off. Apple will rectify the matter by deleting the cache when Location Services is switched off.
To drive home the point even further, Steve Jobs did telephone interviews with several reporters. The better late than never explanation has satisfied most users although some in the blogsphere and forums say that Apple is doing little more than engaging in spin control because it got caught. Should Apple have said something sooner? In a perfect world, yes. Apple’s products are not perfect. They do experience problems. ITIC’s latest 2010 Apple Consumer and Enterprise Survey, which polled nearly 800 users last November/December found that Apple has an excellent track record with respect to addressing and fixing technical issues and performance problems. Eight-out-of 10 or 82% of respondents said they “never”, “rarely” or only “occasionally” encounter difficulties with Apple products/devices. Only a 7% minority indicated they experience weekly or daily issues. But whether you believe Apple’s statement is a ploy or a sincere public mea culpa, Apple is fixing the problem and that’s what counts.

For future reference though, Apple and all high tech vendors would do well to respond to these issues as they occur and not wait days or weeks.

ITIC 2011 Reliability Survey: Users Give IBM AIX v7, Windows Server 2008 R2 Highest Security Marks

Laura DiDio — Mon, 04 Apr 2011 15:25:49 +0000

IBM AIX v7 and Windows Server 2008 R2 Highest Security Marks
Nine out of 10 — 90% — of the 470 respondents to ITIC’s 2010-2011 Global Server Hardware and Server OS Reliability survey rated the security of Microsoft’s Windows Server 2008 R2 and IBM’s AIX v7 as “Excellent” or “Very Good.” This was the highest security ratings out of 18 different Server Operating System distributions (See Exhibit below). Three-quarters or 75% of survey participants gave HP UX 11i v3 “Excellent” or “Very Good” security ratings; this was the third highest ranking of the 18 major server OS distributions polled. This was followed by Ubuntu Server 10 and Debian GNU/Linux 5, which tied for fourth. Seven out of 10 survey participants — 71% — of those polled ranked the two most popular open source distributions’ security as “Excellent” or “Very Good.” Red Hat Enterprise Linux v 5.5 and Novell SuSE Linux Enterprise 11, the two most widely deployed Linux distributions trailed Debian and Ubuntu but were nearly tied with each other in security rankings. Just over two-thirds — 67% — of Red Hat users rated its security as “Excellent or Very Good” while 66% of survey participants judging Novell SuSE Linux Enterprise 11 security to be “Excellent” or “Very Good.”
Some 58% of Apple Mac OS X 10.6 survey respondents rated its security as “Excellent” or “Very Good,” putting it at the bottom of the pack, beating only Oracle’s Solaris 10 which was rated “Excellent” or “Very Good” by 63% of respondents.
, which in the past two years has been notching modest gains among corporate users,
Also noteworthy was the fact that only a very small percentage of respondents gave thumbs down “Poor” or “Unsatisfactory” security grades to their server operating system vendors. In this category, Apple had the highest percentage of respondents – 7% — who gave its Mac OS X 10.6 both “Poor” and “Unsatisfactory” marks. This might appear puzzling to some since Apple’s users have long touted the security of the platform. Apple users have long boasted about the fact that there are far fewer viruses and malicious code written targeting Macs compared to Windows. However, now that Apple is once again re-emerging as a significant presence in corporate networks, the Mac OS X 10.6 will no longer enjoy the “security by obscurity” that it claimed as a standalone consumer OS. Macs, iPhones, iPads and tablets are becoming mainstream staples as business tools. Hence, the number of exploits, including such malware as worms, Trojans and bots that target the Mac is increasing commensurately. Apple will have to respond accordingly with tighter security.
Survey Methodology
ITIC and our survey partner GFI Software conducted an independent Web-based survey of 470 corporate IT mangers and C-level executives worldwide from November 2010 through February 2011. The survey’s objective was to poll corporate customers on the reliability of 14 of the most popular server hardware platforms and 18 of the top server OS distributions.
Survey participants came from 23 countries worldwide; approximately 83% hailed from North America. The survey consisted of multiple choice questions and one essay question. ITIC supplemented the Web survey two dozen first person customer interviews. In order to maintain objectivity, ITIC accepted no vendor sponsorship monies.
Solid Security is Essential to Network Reliability
Solid security is an essential element for every network environment. The server operating system upon which corporate middleware and software e.g., databases, word processing applications, spreadsheets and other mainstream line of business (LOB) applications run is the cornerstone of the entire network computing environment. As the saying goes, “the chain is only as strong as the weakest link.” Server and their operating systems literally run the business and incorporate a significant percent of organizations’ sensitive data and intellectual property (IP). If server OS security is flawed, buggy or easily hacked, the entire business and its operations are potentially at risk.
Each GFI/ITIC survey invariably serves up some unexpected responses. And in this survey the biggest came in the responses regarding server operating system security.
The biggest of these, of course, was Microsoft, which like the Bible’s Prodigal Son, has returned home to rejoicing and rave reviews. Over the past decade Microsoft has struggled to shed the stigma that Windows is a porous server OS, perennially plagued with security flaws and easily compromised. It is now nine years since Microsoft publicly launched its Trustworthy Computing Initiative which was designed to make all of the company’s software inherently more secure by default and by design. Based on the survey responses, Microsoft has succeeded – particularly with Windows Server 2008 R2.
Of particular note, Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 are the only three operating systems out of the 18 different server OSes in the GFI/ ITIC poll in which the majority of the respondents indicated that the security has improved over the past 3 years. This is an 18 percent improvement over Windows Server 2008 and a 30 percent jump in the number of survey participants who gave a similar rating to Windows Server 2003.
It is equally true in analyzing the responses that the Windows Server OS was the platform that most needed to strengthen and shore up its security. Based on the results of prior ITIC surveys as recently as 2008, user perception was that Windows Server security lagged behind nearly all of the other server OSs by a substantial margin.
Other Server Operating Systems Stay the Course
In all of the other 15 distributions, the majority of survey participants indicated that the security of the other server OS platforms “has remained the same.”
If Windows Server 2008 R2 is the Prodigal Son, then IBM’s AIX v 7.1 is the “Good Son” which has consistently delivered superlative security year after year, always garnering top ratings for overall reliability and security in each of the annual ITIC Reliability surveys. The 2010-2011 Global Server Hardware and Server OS Reliability poll was no exception. IBM tied for first place with nine out of 10 respondents – 90% — giving AIX v 7.1 an “Excellent” or “Very Good” rating. Many of the IBM security managers ITIC interviewed, cited the consistency and inherent ‘bullet proof” nature of the server OS source code and the fact that IBM is quick to discover, inform them and issue a fix when a security issue does arise.
Other distributions like HP’s UX, Red Hat Enterprise Linux , Novell SuSE Linux Enterprise and Apple’s Mac OS X 10.x also received high security marks and praise from customers.
The results of ITIC’s latest 2010-2011 Global Server Hardware and Server OS Reliability survey indicated that organizations of all sizes and across all vertical markets feel that it is critical that they monitor the server OS and associated server-based line of business (LOB) applications for vulnerabilities. A 51 percent majority of businesses feel that the security of the OS has an impact on the overall security and reliability of the network. Specifically, 60% of respondents indicated they place equal importance on monitoring the vulnerabilities of all network components followed by 56% that rated the OS as crucial and 42% say they feel the security of their databases and other main LOB applications are pivotal to the overall security of their network computing environments.
Among the other security highlights in the ITIC/GFI 2010-2011 Global Server Hardware and Server OS Reliability Survey:
• In response to the question: “Estimate the impact or perceived impact that server OS security has on overall network reliability”
o 10% of respondents said “No impact, they are separate and distinct”
o 37% of participants said “minimal impact
o 21% said “moderate impact
o 17% said “significant impact
o 12% said “extremely crucial, server OS and security are intertwined”

Based on ITIC’s first person customer interviews, we determined that the biggest customer complaint was not with the inherent security of a specific server OS platform, but rather in finding fixes and getting technical service and support when the organization was stymied. In many of these particular instances, the organizations were very large enterprises and a common complaint was that searching for a fix was akin to finding “proverbial needle in a haystack.” Since the underlying reliability and security of nearly all the server operating systems and server hardware has improved, the majority of the more moderate and severe Tier 2 and Tier 3 outages are mainly due to integration and interoperability issues e.g., incompatible applications or drivers.

Conclusions and Recommendations
Server OS security is fluid and not static. No server operating system, application or hardware component is immune to penetration. Customer perception can and does change the minute a security flaw is found or malware is unleashed that successfully penetrates or threatens to compromise the security of any platform.
None of the server operating system vendors can rest on their laurels. Microsoft has made impressive security gains making Windows Server inherently secure by default, design and deployment, now it must endeavor to maintain the consistency of its security. Windows Server also has the biggest bull’s eye on its back since it is one of the most widely deployed server operating systems. Other server OS distributions, most notably Apple’s OS X 10.6x, which has so far managed to avoid falling prey to very major or public security holes, must likewise maintain its vigilance as the OS increases its presence in corporate enterprises.
Corporations also bear at least 50% of the responsibility for securing their respective environments. Even the most bulletproof server OS can be compromised and undone by configuration errors and failure to install and turn on OS security features. Organizations are also advised to conduct quarterly threat assessments of their environments. Staying current on the latest patches and fixes is also a must, as are regular updates of anti-virus applications and other security packages. Corporations should also review and update their security policies and procedures annually.
These results are especially important considered in light of the ongoing economic crunch which has caused companies to cut their IT budgets and reduce staff. As they strive to accomplish more with fewer resources, IT departments must rely even more heavily on their vendors to deliver more reliable and secure servers and server OS platforms.
Time is literally money. Even a few minutes of downtime – especially when a hack or a suspected security leak occurs — can result in significant costs and cause internal business operations to grind to a halt. Downtime as a result of a security breach can also undermine company’s relationship with its customers, business suppliers and partners. Reliability or lack thereof can potentially damage a company’s reputation and result in lost business.

ITIC 2011 Reliability Shows that Dell, HP, IBM & Stratus Score High Marks for Service & Support

Laura DiDio — Mon, 04 Apr 2011 15:19:38 +0000

Dell, HP, IBM and Stratus Technologies won high praise from corporate users for their prompt and efficient after market technical service and support in the latest ITIC 2010-2011 Global Server Hardware and Server OS Reliability survey.
The results came from a broad based survey that polled organizations worldwide on the reliability, security and technical service and support from among 14 of the leading server hardware platforms and 18 of the most widely deployed server operating system distributions.
As we said in an earlier discussion, each poll elicits some surprising and unexpected revelations. In this survey, users reserved their highest encomiums and most critical barbs for the server hardware vendors – both in terms of product performance and reliability and the service and support they receive from their respective vendors.
Among the mainstream hardware vendors with the largest market shares, users expressed the most satisfaction with Dell, HP and IBM service and support. Stratus Technologies, whose ftServer line specializes in high availability, also got customer kudos for delivering superior service and support.
Specifically, the results show that 76% of HP customers rated its service and support as Excellent or Very Good, followed by 72% of IBM corporate accounts who gave Big Blue servers Excellent or Very Good grades and 70% of Dell customers who said their technical service and support was Excellent or Very Good.
Equally important is the fact that only a very small minority of Dell, HP and IBM customers dinged those vendors with negative ratings for their technical service and support. Only three percent of IBM server users rated the company’s technical service and support as Poor and none called it Unsatisfactory. Among Dell users, only a very small two percent minority called technical service and support Poor and only one percent deemed it Unsatisfactory. Similarly, only three percent of HP server respondents called technical service and support Poor and only two percent rated it Unsatisfactory.
The high ratings users gave HP and IBM is perhaps not surprising since service and support is a core competency that represents roughly 50% of each company’s respective annual revenue. The most common complaints voiced about HP support was that updates are difficult to roll out because they come out sporadically and there is a constant need to check HP’s website for the newest updates. IBM customers were mainly satisfied with the alacrity and quality of Big Blue’s support, but some did complain that it “was too expensive.”
Over eight-out-of-10 or 84% of Stratus ftServer customers gave the company’s technical service and support an Excellent or Very Good rating. Significantly, none of Stratus’ customers said the technical service and support was Poor or Unsatisfactory. Stratus, based in Maynard, MA and which is among the last of the small, independent server vendors, won rave reviews from mid-market and enterprise customers for the depth and breadth of its technical service and support and the willingness of its support staff. “In the rare instances when we have occasion to call Stratus support, they are extremely responsive and always willing to do whatever it takes to resolve the issue,” said an IT director at a mid-Atlantic enterprise.
User Support Concerns
ITIC conducted over two dozen first person interviews with IT managers and C-level executives in order to delve more deeply into issues like technical service and support that positively or negatively impact reliability. Based on those conversations, we determined that with rare exceptions the biggest customer complaint was not with the inherent performance, reliability or security of a specific server hardware or server OS platform, but rather in finding a fix and getting technical service and support when an IT department is stymied.
This is especially problematic for enterprises that have large, complex enterprises and multiple remote locations. This means that network administrators spend more time ferreting out the cause of the outage before they can even begin to search for a fix.
Since the underlying reliability and security of nearly all the server operating systems and server hardware has improved, the majority of the more moderate and severe Tier 2 and Tier 3 outages are mainly due to component failures, integration and interoperability issues e.g., incompatible applications or drivers.
Interestingly, the service and support issues that most irked IT managers were the sometimes lengthy waits for replacement component parts for their servers and incompatibilities among the server hardware, server OSs and third party applications. The latter point left many IT managers scrambling to escalate support issues to get the fix in a reasonable amount of time.
An IT administrator at an SMB construction firm and a self-described “Dell fan boy” commented, “I have always found Dell’s support to be good… but over the last year to year and a half I have had some problems getting parts or servers in a timely fashion. I ordered two servers last year that the sales rep quoted 2-3 weeks to arrive. It took almost 3 months to get the servers and only after having to escalate the order more than once.”
The long lead time in ordering and receiving replacement parts was not limited to Dell. Many IT managers voiced the same complaint about other vendors, although there did not seem to be a groundswell of consensus that the lead times to receive replacement parts affected one vendor more than any other.
Network administrators like the manager at an SMB manufacturing firm, lamented the lack of an overarching toolset that could be used for more synergistic security and system monitoring. He noted that while there are some overlapping tools that can be deployed for the server OS, the server hardware and the networking gear, there is “no comprehensive “offering.
“It would certainly be nice to have a common portal to manage & monitor all aspects of security and reliability among all hardware/OS platforms. This may not make sense for large organizations, but for the SMBs, where all of these systems are managed by the same team (or individual), it would be a dream,” he said. “We just don’t have the manpower to keep an eye on everything 24×7. The sooner we can react to issues, the better our business operates,” he added.
A VP of IT and security at a midsized organization in the Northeast observed that size does matter when it comes to technical service and support. “Most of the big server vendors provide adequate support if you have 50+ servers and you can escalate past first level support quite easily.”
So how do SMBs who lack the budgets and the clout of their enterprise counterparts manage? The survey responses and customer interviews reaffirmed the fact that SMBs are heavily reliant on managed service providers (MSPs) or consultants to solve thorny reliability issues.

Survey Methodology
ITIC conducted an independent Web-based survey of 470 corporate IT mangers and C-level executives worldwide from November 2010 through February 2011. The survey’s objective was to poll corporate customers on the reliability of 14 of the most popular server hardware platforms and 18 of the top server OS distributions.
The survey participants came from 23 countries worldwide; approximately 83% of the respondents hailed from North America. The survey consisted of multiple choice questions and one essay question. ITIC supplemented the Web survey two dozen first person customer interviews. In order to maintain objectivity, ITIC accepted no vendor sponsorship monies.
Nonetheless, downtime, regardless of the reason, still disrupts network operations, costs the corporation time and money and raises the risk of litigation. Additionally, any extended amount of downtime (and these days even a 15 or 20 minute outage can be classified as lengthy) will almost certainly cause service disruptions that can have a domino effect on business partners, customers and suppliers.
This underscores the importance of timely and efficient technical service and support, which can make the difference between minutes or hours of downtime. It is not hyperbole to state that technical service and support is one of the pillars – along with product features, performance, security and scalability — that solidifies or undermines the overall reliability of the network infrastructure.
Conclusions and Recommendations
Vendors’ ability to deliver top notch technical service and support – including a quick response with updates, fixes and patches to known flaws and security vulnerabilities – has a direct impact on overarching network reliability. Technical service and support – good and bad – also distinguishes and differentiates vendors from their competitors. How promptly, efficiently and courteously a vendor responds to its customers definitely plays a role in an organization’s planned purchases and upgrades.
Vendors who provide shoddy service, or have been inattentive to their customers’ requests for information on products and pricing or who fail to effectively respond in times of crisis, may find that such behavior backfires. A vendor that ignores its clients needs once the contract has been signed, may find themselves unable to upsell to those users or tossed out of the account completely when the contact expires. At the very least, such vendors can expect that service contract renewals will be imperiled.
Competition is fierce among hardware and server operating system vendors. Users have choices and they know it. In 21st Century networks, time is literally money. Fast action and superior service and support can save or cost a corporation thousands or even millions of dollars for every minute of downtime.