Thursday, December 15th, 2016

Time	Event
2:00p	Andreessen Horowitz Partner: Cloud Will Go Away While a good chunk of the world’s enterprises have yet to start leveraging cloud services in a meaningful way, some in the Silicon Valley venture capital community are already thinking about a future when cloud will start losing its relevance. “In the not-too-distant future cloud computing is going to go away,” Peter Levine, general partner at Andreessen Horowitz, said to a Gartner data center conference audience in Las Vegas last week. “You think I’m crazy,” he added before diving into an explanation. As computing capacity at edge nodes grows, demand for large centralized pools of processing resources in massive data centers will shrink, representing a pendulum swing not unlike the shift from mainframes to distributed client systems in the past. “Computing goes from centralized to distributed to centralized. That’s been the ebb and flow of computing since the beginning of computing,” Levine said. “Guess what, cloud is the centralized model.” A driverless car or truck, for example, is essentially a data center on wheels. The momentary calculation of where to stop at an intersection is faster if made by the vehicle’s on-board computer than by a server in a remote data center. See also: Is Compute Power Truly Moving to ‘the Edge?’ An Uber-owned Otto truck delivering 50,000 cans of Budweiser in October without a human on board was just a tiny glimpse of what’s to come. Gartner predicts 30 billion Internet of Things sensors by 2020, while Levine thinks there will be trillions of IoT devices at some point in the future, and together those end points will eventually do a lot more computing than the cloud, he said. Edge computing isn’t limited to IoT devices themselves. Vendors such as Vertiv (former Emerson Network Power) and Schneider Electric are seeing a rise in deployments of relatively small-capacity micro data centers in edge locations such as factory floors, retail stores, or telco central offices. These clusters of compute aggregate and process data from sensors and other IoT devices in the same locations as they are, with most of the data collected not being sent to remote data centers. As a VC, Levine is on the lookout for startups that will enable this post-cloud architecture, using what he calls “the Forest Gump rule of investment.” The rule essentially is that individual technologies are seldom relevant forever, so you can come up with interesting ideas if you imagine what can replace a technology that’s prevalent today. Edge computing is what may potentially replace cloud. “Take something in technology, subtract it away, and go replace it with something else,” he said, explaining his Forest Gump rule, which gets its name from its simplicity. “Because all these things eventually go away.” (Comment on this)
5:14p	Stolen Yahoo Data Includes Government Employee Information BLOOMBERG – More than 150,000 U.S. government and military employees are among the victims of Yahoo! Inc.’s newly disclosed data breach, and their names, passwords, telephone numbers, security questions, birth dates, and backup e-mail addresses are now in the hands of cybercriminals. It’s a leak that could allow foreign intelligence services to identify employees and hack their personal and work accounts, posing a threat to national security. These employees had given their official government accounts to Yahoo in case they were ever locked out of their e-mail. The government accounts belong to current and former White House staff, U.S. congressmen and their aides, FBI agents, officials at the National Security Agency, the Central Intelligence Agency, the Office of the Director of National Intelligence, and each branch of the U.S. military. The list includes an FBI division chief and multiple special agents working around the U.S.; current and former diplomats in Pakistan, Syria and South Africa; a network administrator at NSA’s Fort Meade headquarters; the chief of an Air Force intelligence group; and a human resources manager for the CIA. On Wednesday, Yahoo revealed the second major breach of its systems, following the September disclosure of a widespread hack. The newly announced intrusion, which occurred in 2013, affected more than 1 billion users, and the government employee data is likely part of that cache. The other hack was disclosed earlier but took place later, in 2014, and Yahoo has said it threatened 500 million accounts. “Yahoo has taken steps to secure user accounts and is working closely with law enforcement,” the company said in a statement issued Wednesday. The information about the government employees comes from a cyber-security researcher, Andrew Komarov, who discovered a stolen database of Yahoo user information involving hundreds of millions of accounts and turned it over to the government, which in turn alerted Yahoo. Bloomberg News reviewed the database and confirmed a sample of the accounts for accuracy. Yahoo declined to comment on the stolen government employee information. Former intelligence officials said the leak of government worker data could make the job of foreign spies easier, creating an alphabetized hit list of targets for hacking. “We went to great lengths to keep the fact people worked at NSA as low-profile as we possibly could. The last thing we’d want is an alpha list of NSA employees,” said Lonny Anderson, former technology director for the NSA and now executive vice president at security company Federal Data Systems Inc. Gaining access to personal e-mail accounts, even unofficial ones, can be extraordinarily valuable. Clinton campaign chief John Podesta’s Gmail account was hacked in March, revealing over a decade of private communications and fueling weeks of attacks on Hillary Clinton in the crucial final weeks of the U.S. presidential election. The hack was part of a propaganda campaign that U.S. intelligence officials believe was orchestrated by Russia to influence the election. The newly disclosed Yahoo hack — and revelations about stolen government employee information– could further complicate Yahoo’s attempts to  sell its core internet assets to Verizon Communications Inc. for $4.8 billion, a deal that is slated close in the first quarter of 2017. Verizon’s general counsel said in October that Yahoo’s breach would likely have a material impact, meaning Verizon could demand a lower price or back out altogether. In a statement in response to Wednesday’s hacking revelation, a Verizon spokesman said: “As we’ve said all along, we will evaluate the situation as Yahoo continues its investigation. We will review the impact of this new development before reaching any final conclusions.” Komarov found the database in August. As the chief intelligence officer for InfoArmor, a cybersecurity firm, it’s his job to prowl the internet’s darkest corners, infiltrate cybercrime rings and help law enforcement and his company’s clients track down stolen data. For the last three years, Komarov had been watching a prolific Eastern European hacker group when he saw them offering up a huge database for sale. The group Komarov had been surveilling, which he calls Group E, was carefully keeping the sale off of public cybercrime forums. They said they had a database of logins for more than 500 million — perhaps up to 1 billion — Yahoo accounts for sale for $300,000. Komarov watched the hacker group sell the database three times, and he was able to intercept the database during the sales. Two buyers were large spamming groups that are on the Spamhaus Register of Known Spam Operations, or ROKSO, list. The other had an unusual request before completing the purchase. The buyer gave the sellers a list of ten names of U.S. and foreign government officials and business executives, to verify their logins were part of the database. That led Komarov to speculate the buyer was a foreign intelligence agency. Nearly two months later, Yahoo announced it was hacked — the first revelation of a breach. The company said that in 2014, data on more than 500 million accounts was taken, including users’ names, e-mail addresses, dates of birth, phone numbers, and security questions and answers. The haul also included passwords, the “vast majority” of which were protected with a powerful encryption method called bcrypt, which makes it very difficult to discern passwords, the company said. Komarov studied Yahoo’s announcement with interest. The database he had was unlike what the company described: it had different, more minimal encryption and also included users’ backup e-mail addresses. He suspected the company may have been the victim of a second major hack. He alerted law enforcement in the U.S. and U.K. in late October, and about a week later, Yahoo disclosed in a regulatory filing that it was  investigating a new claim of a hack. This breach was confirmed on Wednesday. Komarov said the group selling the database he acquired are professional cybercriminals who sell mostly to spammers, leading him to conclude that a nation was not behind this crime. The hackers are Eastern European and Komarov said based on their communications he suspects they may have never met in person. They are prolific hackers, picking major e-mail providers and social media sites to target based on how much they can sell the logins for. Their operations have netted more than 3.5 billion records from companies including MySpace, Dropbox and VK.com, a popular Russian social networking site. The leak makes government employees especially susceptible to attacks, said Frank Zou, founder of Sunnyvale, California-based startup HoloNet Security. “They’re easy targets,” he said. Foreign spies will go down the list “one by one” trying to hack government employees, even if they’re low-level, Zou said. Hackers will look for any footholds into secure systems or sensitive files workers have sent to their personal accounts. The Yahoo attack is different than other hacks, Komarov said, and poses danger to more than just government employees. “The Yahoo hack makes cyber espionage extremely efficient,” he said. “Personal information and contacts, e-mail messages, objects of interest, calendars and travel plans are key elements for intelligence-gathering in the right hands. The difference of Yahoo hack between any other hack is in that it may really destroy your privacy, and potentially have already destroyed it several years ago without your knowledge.” (Comment on this)
5:27p	New Horizons 2017: Five Ideas That Will Shape Your World New year, new horizons. That’s what 2017 is shaping up to be. With that in mind, some of the editors-in-chief of the Penton Technology Channels Group, which include at Kris Blackmon (The VAR Guy), Aldrin Brown (MSPmentor) and Nicole Henderson (The WHIR and Talkin’ Cloud), have put their collective heads together to single out five companies, five innovations and five people that will shape your world in 2017. I’m contributing five ideas that will influence it as well. In ascending order, here they are: Traditional IT Departments Will Continue to Lose Influence If you thought the Bring Your Own Device (BYOD) workforce trend was disruptive to traditional IT departments, then consider the Bring-Your-Own-App (BYOA) revolution. Driven by younger workers and line-of-business managers who prioritize productivity and personalization above securitization and standardization, BYOA will transform IT departments more than BYOD did. You can add some defensive code to a worker’s phone to protect an organization, after all, but to a third-party app? That’s a little trickier. In 2017, workers will demand access to everything from Google apps to their preferred collaboration tools and more. In most instances, they will “ask forgiveness instead of permission,” before using deploying services, meaning it will be next to impossible for an IT department—or a trusted advisor, by way of extension—to dictate terms. Nick Jones, vice president and distinguished analyst at Gartner, says that more than 90 percent of “knowledge workers who own a personal smartphone or tablet use third-party apps for work-related tasks.” The ramifications of this trend are complex. Best to get to know line of business buyers and embrace the unconventional ways of the people who work for them. National MSPs Will Challenge to Local ICT Service Providers The announcement in December that AWS will begin offering managed services to customers is a bombshell. One colleague likened it to the entry of direct-sales manufacturers including Dell and Gateway to the PC market in the 1990s. Initially these firms were dismissed if not disparaged. But over time their impact was transformative. A lot of people today are saying that the entry of AWS into managed services will have only a modest impact on the broader channel as a whole. AWS will only go for enterprise customers, they say. Respectfully, I say that’s nonsense. This step by AWS will have significant ramifications for all channel companies going forward. Think pricing models, support strategies, applications aggregation and more. The impacts might not be apparent in 2017, but the seeds of change will be planted throughout the year. Smaller partners must react accordingly. How? By developing niche specializations, deeper customer intimacy and even vertical market expertise. Alternative or Specialized Channels Will Get a New Look For years professional accounting firms have influenced the apps and technologies end customers use. Same with insurance brokers, human resource consultants and even digital marketing agencies. As these organizations increase their influence with customers, their preferred way of doing business, which includes recommending technology and contracting options, grows in importance. If you thought you were the only one making product recommendations, in other words, think again. You’re now in competition with companies that you may have only a scant notion what they do—or whose ear they have—within your accounts. Vendors, including the ones that rely on you, are starting to take notice. As a result, they are adapting partner programs designed for resellers to accommodate new types of “influencers.” The net-net is that the money that was once set aside for companies like yours is now being divided among partner types. For you to continue to collect the rewards, support and recognition that you deserve, you’re going to have to get used to living in a more diverse ecosystem. To stand out, you’re going to have to demonstrate your value and fight for your recognition. You’re also going to have to broaden your skillset. Get more comfortable selling to heads of marketing, sales, HR, finance and more. And think more deeply about developing your own value add, including your own intellectual property. Play offense to defend your turf. The Gap Between Security and Cybercrime Will Widen Baby monitors. Insulin pumps. And the U.S. Presidential election. What do they have in common? They all fell prey to hacking in 2016. And yet a new study suggests “more than 80 percent of CEOs are very confident in their firm’s cybersecurity strategies.” Make no mistake: there is growing evidence that the gap between cybercrime and cyber-security is widening. Despite all the technological advances, research and best practices embraced in 2016, the industry should prepare itself for an even more challenging 2017. The big moment will occur not when another tier one retailer gets compromised or even a tech company like Yahoo; we’ve already lived through breaches like these. Instead it will be when a national bank or electronic clearing house like PayPal, which has millions user profiles linked to personal banking accounts, gets hacked. Let’s face it: cyber threats are growing. And the hackers and tools are getting more sinister. Today we fear generic phishing schemes targeted at the lowest common denominator. What happens when sophisticated schemes target individual customers? These attacks are on their way. And they will leverage artificial intelligence, voice recognition, IoT devices and more. A perfect storm is brewing and the forecast is gloom. Get ready. A New Industry Identity Will Take Root: Digital Services Providers (DSPs) It’s been a while since I met a new company that called itself a “VAR.” Ditto with “solution provider,” “trusted technology advisor” and more. And yet I meet new tech services companies every month. Some call themselves “cloud services brokers” or “MSPs” or “ICT consultants.” Suffice to say there is little consensus industry-wide, even among practitioners, as to what practitioners should call themselves. At several industry gatherings in 2016, the debate over this raged. Me? I’ve always thought going to market without a well-recognized distinction or definition was a liability. Accountants don’t have to explain what they do. Nor do Realtors, plumbers or physicians. But managed services providers? That’s fuzzy. My attorney is managed services providers of sorts. You get my point. The monikers “MSP,” “VAR,” “agent,” etc., served their purpose. But they no longer convey the most important thing these organizations do. A VAR’s greatest value today isn’t access to physical products but providing services instead. Digital services. Same for solution providers, consultants, MSPs, telecom agents and more. At the end of the day, they all sell digital services of one variety or another. 2017 is the perfect time for “Digital Services Providers” or DSPs to rise. This article originally appeared here at The VAR Guy. (Comment on this)
5:38p	Experts Expose Myths, Offer Best Practices for Office 365 Data Protection Eran Farajun is the Executive Vice President for Asigra. For many organizations, Microsoft Office 365 has become the essential cloud-based productivity platform. According to Microsoft public filings, it’s used by four out of five Fortune 500 companies, and at the other end of the scale, more than 50,000 small and medium sized companies sign up for the service every month. Its subscriber base grew nearly 80 percent in a 12-month period ending Q3 2016. However, for many corporate subscribers, Office 365’s popularity and convenience may obscure a critical data retention and compliance requirement: the need for users to take responsibility for protecting their own data in cloud-based platforms such as Microsoft Office 365. While it is a highly secure platform, there is a lot more to comprehensive data protection than encryption and hard passwords. To learn more about the importance of protecting data in cloud-based platforms, I asked three data protection professionals to join me for a discussion exploring why protection of Office 365 data is mission critical. Accompanying me on the panel were Chad Whaley, CEO of Echopath, an IT services and data backup company based in Indiana; James Chillman, managing director of UK Backup, a provider of cloud backup and disaster recovery services in England; and Jesse Maldonado, director of project services at Centre Technologies, an IT solutions provider out of Texas. I began by asking the panel to identify the top myths about data protection they encounter when talking to customers about Microsoft Office 365. Chillman: The top misunderstanding we encounter is that people assume that, by signing up for Office 365, Microsoft has now taken charge of their data. However, that’s not true. Microsoft is responsible for running the service and keeping it secure. They do a great job and aren’t going to destroy your data. However, users are still responsible for managing their data and protecting it from threats such as accidents, malicious behavior and ransomware attacks. Maldonado: We often run into the perception that Office 365 data is not mission critical, and that only data from enterprise resource planning (ERP) solutions or other line-of-business applications need to be protected. That’s simply not the case. Office 365 is at the heart of business communication, and particularly for organizations with compliance requirements, the data created and stored in Office 365 is vital and must be protected. Whaley: Many customers are drawn to Office 365 by the potential cost savings, but are surprised to find that there are still costs associated with storing data in the cloud. It’s still your data, whether it’s in your data center or Microsoft’s cloud, and if you want to ensure it’s protected, you will need to have a data protection plan. The fact that you have to manage your data doesn’t change. Farajun: What consequences have your customers experienced due to insufficient protection of Office 365 data? Chillman: We’re seeing a huge increase in the number of restores due to ransomware attacks—it’s our main area of focus when it comes to retrieving client data. The consequences of ransomware are very serious, including the cost of downtime, loss of earnings and potential fines from breaking data protection laws. We’ve had customers who believe moving data to Office 365 protects their data from ransomware. But that’s not true. If ransomware has infected your data center and you sync to Office 365, then the ransomware can spread to your cloud-based data too. Microsoft does its best to protect against malware but ransomware is becoming much more advanced and it changes every day. It’s a huge problem. Whaley: I was looking at a study of unscheduled downtime, and found that two factors – human error and software malfunction—accounted for 40 percent of all downtime. Moving your data to Office 365 doesn’t do anything to change these threats. Human error is still very prevalent, like the proverbial Bob in Accounting who deletes all of his data and doesn’t notice for 45 days, at which point it’s gone. The largest restore we’ve ever done was due to an admin who didn’t use Office 365 properly and ended up purging a massive amount of data. Human error is still very much at the forefront of downtime risks and you have to protect against it. As for software, whether it’s on premises or in the cloud, it’s still Microsoft Office and it’s susceptible to the same glitches in either location. Maldonado: Without comprehensive data protection, data can be lost or destroyed just as easily in the cloud as in the data center. If a Word document disappears and has to be recreated from the ground up, a company will lose productivity. We’ve seen instances where data loss events have led to organizations going out of business—they were never able to recover from the data loss. Farajun: What considerations and best practices do you recommend to your customers when discussing Office 365 data protection? Chillman: We make sure that our customers understand the core data protection capabilities built into Office 365. Then we look at how to address the gaps. We work with customers to define service-level agreements to determine what data retention policies they need for their particular business requirements. We also make sure customers understand that they are still ultimately responsible for their data in the cloud. You need to make sure your data protection solution gives you the power and flexibility to manage it effectively. Maldonado: We find that a lot of customers haven’t defined the Recovery Time Objective (RTO) or Recovery Point Objective (RPO) for their business, so we help them determine their tolerance for data loss. We also help them understand what data retention requirements they must comply with due to regulation. For instance, healthcare and financial organizations have strict guidelines about what data must be stored and for how long. Whaley: For Office 365 data protection, the best practice we recommend is to plan your solution before you move your data there. For many businesses, data protection is an afterthought. We recommend that our customers get to know their data, understand what’s critical and what’s not, and make sure they realize, whether it’s in the cloud or on premises, that they are ultimately responsible for it. Farajun: In conclusion, I would add that Microsoft Office 365 offers great simplicity and cost savings for businesses seeking to place their productivity tools in the cloud. However, email and document retention requirements still apply and must be followed regardless of where your data is stored. Microsoft Office 365 provides basic data recovery and archiving capabilities, but this elemental level of protection may not satisfy your compliance obligations. To mitigate your risk and meet compliance mandates, protect your Office 365 data the same way you would protect your on-premise data to avoid data loss as a result of intentional or accidental user error, ransomware attacks, unplanned data overwrites or other breaches. This requires a comprehensive approach to data protection that protects all enterprise data from any source, including Office 365, with a single, easily managed solution. Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library. (Comment on this)
10:46p	Arista Wins Big Against Cisco in Federal Court Brought to you by The VAR Guy Arista Networks finally caught a break in its long legal battle against Cisco Systems. A federal court in Northern California denied Cisco’s demand for $335 million in damages and ruled Arista did not infringe a Cisco patent, nor Cisco’s copyright on its user manuals. The main part of software in question was Cisco’s command line interface (CLI). Cisco argued that Arista, several of whose executives are former Cisco employees, illegally copied Cisco’s CLI right down to the typos. Arista claimed that the CLI is used by many of Cisco’s rivals, and that Cisco’s attack against Arista stems from personal enmity. Cisco originally filed the suit in 2014. The decision stands in stark contrast to the ruling last week from the International Trade Commission (ITC) that Arista had violated two of Cisco’s patents, after previously ruling that Arista had violated three other patents. For a brief time, it even banned the import of Arista products into the U.S. The jury ruled that Arista was protected by what’s called the ‘scenes a faire’ doctrine, a legal principle that says if there is no other way to make a product, the value of it cannot be attributed to the creator of the work. The company has been steadily gaining market share since it was founded in 2004, threatening Cisco’s position as undisputed leader of the networking world. “Arista copied despite the fact that other competitors have developed user interfaces in a wide variety of ways that do not copy,” said Mark Chandler, general counsel and secretary of Cisco, in a blog post. “Cisco’s user interface is well-known and successful, and while it has often been referred to as an ‘industry standard’ – meaning a popular benchmark – none of Cisco’s technology in this case has been incorporated in any actual industry standard; in fact, no CLI standards body actually exists.” (Comment on this)

<< Previous Day

2016/12/15 [Calendar]

Next Day >>