Intel updates laptop, desktop chip plans
February 10, 2009 at 6:19 pm
________________________________
Intel on Tuesday accelerated plans to release two dual-core laptop and desktop processors, tweaking its road map as it juggles manufacturing efforts to cut costs.
The company will ship dual-core processors for mainstream laptops and desktops made using the 32nm process, skipping plans to release similar chips manufactured using the 45nm process. The chips will ship in the fourth quarter.
[ Related: Intel plans to invest $7 billion in U.S. manufacturing plants. ]
The road map update will quickly bring the latest technologies to laptop and desktop chips, company officials said during a press conference in San Francisco on Tuesday. Intel officials could not say when those chips would reach laptops and desktops.
The 32nm-process chips will be an upgrade over existing 45nm chips that go into current desktops and laptops. The chips will be cheaper to manufacture, work faster and draw less power.
The early shift to the 32nm process will reduce Intel's manufacturing cost, said Jack Gold, principal analyst at J. Gold Associates.
The new chips could also bring excitement to a sore laptop market and provide users a reason to upgrade. For essentially the same cost, users will get a jump in performance with the latest technology Intel has to offer, Gold said.
The new dual-core laptop chips code-named Arrandale replace Nehalem-based Auburndale processors, Intel said. Intel will also ship 32nm dual-core desktop chips code-named Clarkdale, which will replace Nehalem-based Havendale chips.
Arrandale will boost graphics performance while drawing less power than Core 2 processors, said Stephen Smith, vice president and director of group operations at Intel. The new chips will also be more energy-efficient, which could improve laptop battery life.
The clock speeds will be similar to chips used in existing laptops, but offer better performance at a similar power envelope by running more threads via each core.
The new chips will be part of Westmere microarchitecture, which is a shrink of Intel's existing Nehalem microarchitecture. Nehalem, which is used in Intel's Core i7 desktop, integrates a memory controller and provides a faster pipe for the CPU to communicate with system components. It is considered a significant upgrade over Intel's earlier microarchitectures, as it cuts bottlenecks to improve system speed and performance-per-watt. Intel earlier said it would ship dual-core laptops and desktops built around Nehalem in the second half of 2009.
Demand for chips is shrinking, so Intel has to take a drastic step to improve demand for its products, said analyst Gold.
With chip demand slowing, the returns on developing 45nm laptop chips may also be minimal, Gold said. Intel's shift to the 32nm process is smooth, which provides an incentive to quickly move to Westmere chips, he said.
"The optimum time to shift is when demand is down and risk is less," Gold said.
Earlier on Tuesday, Intel CEO Paul Otellini said the company would spend $7 billion over the next two years to revamp manufacturing plants.
Intel is prioritizing its move to the new 32nm process technology to lower chip-manufacturing costs and increase production. That will help the company make more chips at lower costs and add efficiencies to the production process, Intel officials said on Tuesday.
The new manufacturing process will also help create tiny integrated chips that can be fit into devices like set-top boxes and TVs, Intel said during its fourth-quarter earnings call in January. That could help Intel enter new markets and add revenue opportunities.
Intel will begin producing chips with 32nm circuitry in four fabs starting in late 2009. A nanometer equals about a billionth of a meter. In chip manufacturing, the figure refers to the denser features etched on the surface of chips. Chip manufacturers like Intel and AMD are building smaller and smaller transistors into chips to perform quicker and draw less power.
________________________________
Microsoft gets its 10,000th U.S. patent
February 10, 2009 at 4:00 pm
________________________________
Microsoft is marking on Tuesday the recent awarding of its 10,000th U.S. patent, granted for its surface computing technology.
U.S. Patent No. 7,479,950 outlines how users can place objects, ranging from cell phones to fingers, on the surface computer's table-like display and the computer will identify the objects and track their position, orientation, and motion, Microsoft said. This allows objects to be associated with data or media, such as a collection of music or photos.
Microsoft was granted 2,000 patents in 2008, ranking it fourth among companies receiving U.S. patents, Microsoft said. The company spends about $8 billion a year on research and development.
"Most technology companies, Microsoft included, have been increasing their emphasis on IP in recent years, trying to derive greater business value from their intellectual assets," said Bart Eppenauer, chief patent counsel for Microsoft, in a statement released by the company.
Patents had been thought of as clubs to be used in court against competitors, Microsoft said. But now, patents and IP are "serving as bridges to collaboration through licensing and other technology collaboration," Eppenauer said.
The company in 2003 began a commitment to broaden IP licensing efforts and has since signed more than 500 licensing agreements with companies of all sizes and types, Microsoft said. The company's 2006 IP agreement with Novell, though, has been a controversial one, raising ire in the Linux community over whether Novell made too big a concession to Microsoft over Linux IP issues.
[ For an updated look at this controversial deal, see: The Microsoft-Novell Linux deal: Two years later ]
________________________________
Adobe revamps online marketplace for AIR apps
February 10, 2009 at 3:11 pm
________________________________
Adobe Tuesday revamped an online marketplace for applications developed on its AIR (Adobe Integrated Runtime) to make it easier for developers to find, post, and get feedback on AIR applications.
The Adobe AIR Marketplace showcases developer applications that are powered by AIR, a runtime that allows developers to create cross-platform desktop applications with the same technologies they use for building Web-based applications, such as HTML, AJAX (Asynchronous JavaScript and XML) and Flash.
[ Test Center: Adobe breathes fresh AIR into RIA. ]
While Adobe calls the site a "marketplace," the applications on it are actually free for download and not for sale, the company said.
Adobe has improved the search and download capabilities of the site, as well as added RSS feed and "e-mail a friend" features that make it easier for developers to share applications.
Developers also can rate, review and comment about features of applications to give developers instant feedback, according to Adobe. The revamped site also allows developers to create profiles for themselves and manage the applications they post in a self-service interface.
Adobe also has added dashboards that show statistics, ratings and reviews for AIR developers to the site.
Adobe said that there are already hundreds of AIR applications on the marketplace, which was first launched in October 2007 so developers could begin sharing apps built on a beta version of AIR.
Adobe released the first full version of AIR at the end of February 2008. The company hopes the runtime will help it bring the success it's had with Web development and design tools such as Dreamweaver and Flash to the desktop by giving those developers and designers an easy migration path to building desktop applications.
Adobe said last week there have been more than 100 million installations of AIR less than a year after its release, proving that developers are at least testing the technology, if not using it for wide-scale desktop deployments.
________________________________
McAfee touts integrated compliance suite
February 10, 2009 at 2:49 pm
________________________________
McAfee has taken steps to integrate its vulnerability assessment and policy management products in a single suite to make it easier for enterprises to stay on top of compliance initiatives.
Total Protection for Compliance provides centralized reporting for audit and compliance purposes via ePO (ePolicy Orchestrator), the primary management console for a wide array of McAfee security products. It lets security managers combine audit and scanning results to generate reports for compliance initiatives such as the Payment Card Industry guidelines, federal requirements like FISMA, and the Center for Internet Security's best practices, says Bob Tesh, McAfee's group marketing manager.
[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
McAfee's Vulnerability Manager and Policy Auditor products are included in Total Protection for Compliance.
"We've changed Vulnerability Manager, which performs agent-less policy assessments, so it's now looking for both the known good as well as the vulnerabilities," Tesh says.
Vulnerability Manager 6.7 (formerly Foundstone Enterprise) is now integrated with ePO so it can populate ePO with information about IT assets in order to generate compliance-related reports, Tesh notes.
Policy Auditor 5.0.1, McAfee's agent-based software that runs on desktops and servers, is also now sharing information with ePO that can be used to centralize automated compliance reporting.
Another new element in the Total Protection for Compliance suite is what McAfee is calling its CARMA (Counter-Measure Aware Risk-Management Application), which takes threat information produced by McAfee Avert labs to co-relate with any discovered vulnerabilities in IT assets.
While not intended for real-time analysis, the CARMA-generated reports with ePO give security managers details about where their systems may be vulnerable to new types of threats, and can help justify investment in endpoint security protection, Tesh said.
Total Protection for Compliance is priced based on the number of monitored IP addresses, ranging from $100 to as low as $10 with 75,000 monitored assets.
Network World is an InfoWorld affiliate.
________________________________
Microsoft shuts off Windows 7 beta downloads
February 10, 2009 at 2:28 pm
________________________________
Microsoft has shut off the Windows 7 beta spigot, but will allow users who have started the download process to wrap it up by Thursday.
As promised more than two weeks ago, Microsoft blocked new downloads of the Windows 7 preview Tuesday. The site where users could formerly obtain the beta now reads: "Sorry, Windows 7 Beta downloads are no longer available."
[ Special report: Early looks at Windows 7 ]
Although Microsoft had said it would cut off users Tuesday, company spokesman Brandon LeBlanc had said last month only that on Feb. 10 "new downloads of the Windows 7 Beta will no longer be available." At the time, he did not specify an hour Tuesday when the downloads would be pulled.
Last night, about 70 minutes before the deadline expired, LeBlanc specified that midnight would be the end of new downloads.
Microsoft extended the deadline for Windows 7 beta from an earlier Jan. 24 cutoff to satisfy customer demand, it said over two weeks ago. However, the company has declined to say whether a 2.5 million cap it had once set had been reached or surpassed, nor would it specify how many copies it has provided users.
People who began to download the massive disk image file -- 2.44GB for the 32-bit version, 3.15GB for the 64-bit -- before Tuesday have until noon (EST) Thursday to complete the process, and activation keys will be available indefinitely, LeBlanc reiterated Monday.
The deadlines do not apply to subscribers to the TechNet and Microsoft Developer Network services. Those users, typically IT professionals and developers, will continue to have access to the beta. Microsoft has not said when it will offer an updated build of Windows 7 to the public, although the head of Windows development has announced that the company will move directly from the beta to a "release candidate" milestone. In the past, Microsoft has run through multiple public betas of its operating systems before taking the next step to release candidate.
Copies of the Windows 7 beta, and a leaked version of at least one post-beta build, were still available at file-sharing sites Tuesday. On the Pirate Bay BitTorrent tracking site, for example, traffic in Windows 7 remained brisk.
Windows 7 beta is set to expire Aug. 1, 2009, at which time users must either update to a newer version of the operating system, or reinstall an earlier edition of Windows, such as Vista or XP.
Computerworld is an InfoWorld affiliate.
________________________________
Six myths about movable media storage
February 10, 2009 at 1:01 pm
________________________________
Every few months, there's another horror story about lost tapes or stolen laptops, and we're left wondering if the information stored on the missing media will be put to some nefarious use, thereby adding personal injury to a public relations insult.
The importance of protecting these media has become a no-brainer. But managers are often hampered in their efforts because they buy into one or more of the following six myths of movable media:
[ Get the latest on storage developments with InfoWorld's Storage Adviser blog and Storage Report newsletter. ]
Myth 1: Tapes are obsolete.
The humble magnetic tape, a seeming relic of the mainframe and batch-processing era, has given way in some instances to disk-to-disk backups to remote sites over networks. But for rapid and efficient backup, archiving and restoration of large quantities of data, there's no beating tape.
Iron Mountain offers both data backup over a network connection and tape storage at its sites. "In a disaster scenario, when time is of the essence, there is nothing more efficient than putting a collection of tapes in a vehicle and driving it to a recovery site," says Ken Rubin, a senior vice president at the information protection and storage company. "And the bandwidth limitations on transporting terabytes or petabytes of data over the line make that impractical."
Still, some users want to move on. "We are trying to get out of the tape business because of the threat of physical loss," says Christopher Leach, chief information security officer at Affiliated Computer Services Inc. He says ACS is setting up a service to send encrypted data backups to clients via a Web browser if the files aren't too big.
Myth 2: Protecting tapes and laptops is a job for technical people.
The protection of information technology is, of course, a job for IT. But there is a big and often overlooked role for others in the organization as well.
New York state CIO Melodie Mayberry-Stewart draws on a 12-person legal team to research best security practices, especially in the financial industry. Some of those people specialize in areas such as encryption and telecommunications, she says. In addition, she has a separate team of technologists who specialize in security and risk management. Mayberry-Stewart says the lawyers negotiate "painstakingly detailed" contracts and "memoranda of understanding on service levels" with companies such as Iron Mountain that transport and store the state's tapes -- some 4,000 per month -- from four mainframe data centers.
At Sun Microsystems, tapes are created at seven datacenters around the world. While each center manages its own data-retention processes, "they don't get to make up all their own rules," says Leslie Lambert, Sun's chief information security officer. So where do the rules, policies and procedures come from? "We have a very vigilant legal team, a privacy team, a business conduct team, internal auditors, external auditors, and an information protection law group -- all working together," she says.
Leach says keeping up with state and federal regulations on data protection and retention demands human expertise, but it's such a daunting task that he gets automated help via risk and compliance management software from Relational Security.
Myth 3: Losing a tape is primarily a security problem.
It can be a security disaster, to be sure, and it will certainly be a PR nightmare if the public finds out. But there are other equally harmful, if less dramatic, possibilities.
"I don't think so much about losing employee information [such as Social Security numbers], although that is certainly important," says Brian Lurie, IT vice president at medical products maker Stryker Corp. "What keeps me up nights is the possibility of losing a tape and then having to produce data for the FDA for a lawsuit. I worry about liability to the company from losing information that we, by law, must retain."
While the law requires that some information be kept for seven years, Stryker must retain data on customers who have Stryker products in their bodies for as long as they live, Lurie says. Although the company mirrors its disks at a remote disaster recovery center, after a certain amount of time, some data will exist only on tape transported and stored remotely by Iron Mountain.
Lurie periodically sends auditors to Iron Mountain's facility to inventory Stryker's tapes. He says regular audits are part of a three-part tape-protection program that also includes carefully crafted contracts and working with a reputable tape-storage vendor.
Experts say thefts of tapes followed by illegal usage are so rare as to be almost a nonissue. Loss of tapes through simple human error, causing processing disruptions down the line, is by far the most common problem.
Myth 4: There are no technology solutions; it's all about tight controls.
Procedures and controls that are well thought out, automated where possible and tested are the best way to limit losses from wayward tapes and laptops, experts say. But technology can be a big help.
The primary tool remains data encryption. While the technology doesn't address Lurie's concerns about lawsuits over unrecoverable data, it's nice to be able to tell lawyers, reporters and the police that the bad guys can't do much with that laptop because the hard disk is encrypted, or with those tapes because they are unreadable.
All employee desktops and laptops at ACS are required to be "whole-disk encrypted," Leach says. "Once the disk is encrypted, we monitor it and track it, and if you try to decrypt your hard drive, we know it and we notify your manager."
ACS has more than 1 million tapes at its tape library in Dallas, and its standard practice is to encrypt their content. But, Leach says, some clients don't want to incur the cost and effort of decrypting the backup tapes they receive from ACS, so they request that the content be kept in the clear. "For those tapes, we have very strict packaging, signing and tracking at every step, almost like a chain of custody in a legal case," he says. "Tapes go into turtle boxes that are locked and unlocked at each end."
In addition, he says, "we insure them for a high amount, not because the tapes or CDs are worth a lot of money, but because that triggers tighter processes and closer scrutiny by the shipper."
Users report that they are studying new technologies to supplement or substitute for encryption. The state of New York is looking at thumbprint scans to protect laptops and tape cases. And ACS is examining prototypes of three magnetic devices that will erase the contents of tapes inside a locked case if it is broken open.
Iron Mountain says the best automated help of all may come from a tape inventory-control system to help eliminate the No. 1 cause of lost tapes -- human error inside the company.
Myth 5: Encryption is a silver bullet.
While encryption is often considered the best technical solution, it has drawbacks. For example, if you retrieve a tape but have lost the keys to decrypt it, you might be out of luck. Also, encrypting data before writing it to tape, a laptop hard drive or removable media can take copious computer resources. Finally, at many companies, encryption is optional or a requirement that can be circumvented.
For these reasons, Stryker doesn't encrypt laptop hard drives unless there's sensitive data on them. Sensitive information that remote users may need stays on protected servers, where it is accessed only when needed and not retained locally. Lurie acknowledges that this isn't perfect because it requires voluntary user compliance.
Lurie says his chores will be eased when Stryker moves to Windows Vista, because the operating system offers options for automatically encrypting data. "But it's a burden -- you need additional memory, and it slows down the machine," he adds.
Myth 6: If you protect your tapes and laptops, you can feel secure.
News stories have focused attention on lost tapes and laptops, but there are a number of other devices walking out your company's door every night. Lurie says mobile devices such as BlackBerrys are protected at Stryker. "I have the ability to remotely wipe them out," he explains. "If lost, we send a signal to it immediately to clear the memory."
But flash drives, CDs, and DVDs are more problematic, he says. Lurie's solution: "If it's not encrypted, we just discourage the downloading of sensitive information to them."
Lurie says he even worries about the humble cell phone. "We don't allow cameras in our building, but there are lots of people who have them on their phones," he says. "If someone takes a photo of someone or something and posts it on the Internet, we've got a potential liability. I'm not sure how to deal with that yet, but I've been giving it a lot of thought."
Computerworld is an InfoWorld affiliate.
________________________________
Scientists create faster, more energy-efficient microchip
February 10, 2009 at 12:38 pm
________________________________
Scientists from Singapore's Nanyang Technological University (NTU) and US-based Rice University have successfully created a microchip that uses 30 times less electricity while running seven times faster than today's technology.
In layman's terms, this means a mobile phone powered by the new proof-of-concept microchip will significantly improve the device's battery life to as much as two weeks without recharging.
[ Stay ahead of advances in hardware technology with InfoWorld's Ahead of the Curve blog and newsletter. ]
The technology, dubbed "probabilistic complementary metal-oxide semiconductor" (PCMOS) was invented by Professor Krishna Palem of Rice University and director of NTU's institute for sustainable nanoelectronics.
Team member Dr Natalie Kong Zhi Hui, teaching fellow, NTU, said: "Our technology is a significant contributor toward environmental-friendliness -- green computing, or probabilistic computing, with an extremely energy-aware attribute. This is due to the fact that, unlike conventional designs that view noise as a nuisance, our design concept embraces noise as a 'gem' -- this novel technology recycles noise."
Dealing with noise
While today's silicon transistors become increasingly "noisy" as they get smaller, engineers have historically dealt with this by boosting the operating voltage to overpower the noise to ensure accurate calculations, leading to higher energy consumption levels.
"With this PCMOS technology, noise/parameter variations are part of the overall design and are managed as a resource to achieve significant energy savings. The success of this project will go a long way in promoting the advent of a new generation of 'green' IT at lower costs to consumers," says Associate Professor Yeo Kiat Seng. He is NTU's head of division of circuits and systems, school of electrical and electronic engineering, college of engineering.
The team hopes to realise a new generation of probabilistic-based nanoelectronics with diverse applications in media, biomedical and consumer electronics. The team envisions that PCMOS technology will enter the consumer computing market in as little as four years and may present itself as a parallel to mainstream CMOS technology in the near future.
MIS Asia is an InfoWorld affiliate.
________________________________
Microsoft to upgrade SharePoint when Office 14 ships
February 10, 2009 at 12:00 pm
________________________________
Microsoft said Tuesday that it plans to formally integrate enterprise search technology from its $1.2 billion acquisition of Fast Search and Transfer (FAST) a year ago into its popular SharePoint content management platform.
However, the long-anticipated new product, called FAST Search for SharePoint, won't ship until the next version of Microsoft Office, code-named Office 14, does, said Jared Andersen, a senior product manager for enterprise search at Microsoft.
[ Keep up with app dev issues and trends with InfoWorld's Fatal Exception and Strategic Developer blogs. ]
Andersen declined to say when Office 14 would ship. Some experts expect Office 14 to ship next year.
FAST Search for SharePoint will be aimed at enterprises and designed to work "out of the box" with large SharePoint document repositories, said Andersen.
Scalability is one of the FAST software's strongest traits. When Microsoft bought Oslo, Norway-based FAST last January, it bragged that it would become the only vendor to offer a unified enterprise search platform capable of sorting and searching through billions of documents.
By comparison, the existing search features in Microsoft Office SharePoint Server (MOSS) have trouble handling repositories with more than 50 million documents, Ovum analyst Madan Sheina wrote last month.
The new FAST Search for SharePoint will also bring "more advanced linguistic capabilities" and "more powerful processing" of both structured and unstructured content, Microsoft's Andersen said.
Betas for FAST Search will arrive "very much in line with Office 14's betas," he said. Customers will need to buy SharePoint Enterprise Client Access Licenses (CALs) in order to get the software.
In the meantime, customers who want such features now can license another new product, ESP for SharePoint.
ESP is based on FAST technology but is not specially-rewritten for SharePoint, Andersen said. Customers who buy ESP today will be able to upgrade to FAST Search for SharePoint.
Microsoft made the announcement during its FASTforward enterprise search conference, which is taking place through Wednesday in Las Vegas.
John Lervik, corporate vice-president of Microsoft Enterprise Search and former CEO of FAST, left Microsoft last month.
Also last month, two Microsoft competitors merged when Autonomy bought Interwoven for $775 million.
Microsoft will continue to separately develop the search platform in MOSS, Andersen said.
That platform serves as the foundation for two broader enterprise search products: Search Server and Search Server Express.
Search Server will become Microsoft's mid-tier, paid enterprise search software, while Search Server Express remains its low-end, free version.
Released a year ago, Search Server Express 2008 has been downloaded 100,000 times, said Andersen. He declined to say when the next versions of those products would be available, or what features would be in them.
Microsoft doesn't expect to make FAST the underlying platform for its entire enterprise search software lineup until about 2013, or when the version of Office after this one ships. "That's certainly what we're working towards," Andersen said. He disagreed with the suggestion that this was too slow and leaving customers dissatisfied. "We've made tremendous progress. Customers are very interested in our roadmap, and we are being as transparent as we can," he said. Microsoft also plans to introduce another version, FAST Search for Internet Business. That will be targeted at companies running public Web sites, and will compete with products such as Google's Site Search. A beta of FAST Search for Internet Business will be available in the second half of this year.
Computerworld is an InfoWorld affiliate.
________________________________
How to avoid 5 common storage mishaps
February 10, 2009 at 11:22 am
________________________________
Think you can guess the No. 1 threat to the security of your stored data? If you said hackers, or even trouble-making insiders, you'd be wrong. While malicious threats are an ongoing concern, it's your well-meaning employees who are more likely to unknowingly expose your company's stored data through, say, a file-sharing network or a misplaced laptop.
In fact, a recent Ponemon Institute study found that negligent insiders are by far the biggest threat to data security, accounting for 78 percent of all breaches.
[ Frustrated by your PC support? You're not alone. Get answers from Christina Tynan-Wood in InfoWorld's Gripe Line blog and newsletter. ]
In this special report, you'll learn the latest techniques for protecting stored data within company walls as well as stored data that flows freely in and out of your organization on laptops, tapes and other movable media.
And don't forget to take the Storage Networking Industry Association's storage security self-assessment quiz and test how well your stored data is protected. Plus, brush up on storage terms with SNIA's online glossary and resource guide.
Data breaches, unfortunately, have become a way of life for corporate America. According to the Identity Theft Resource Center (ITRC), 2008 saw a 47 percent increase in documented data breaches from the year before. And those are just the ones that made the news, says Craig Muller, an identity theft expert and founder of Identity Doctor in Irvine, Calif. "I get e-mails constantly telling me of breaches," he says.
The public is definitely feeling the pain. In a 2008 study by the Ponemon Institute in Traverse City, Mich., over half (55 percent) of 1,795 adult respondents across the United States said they'd been notified of two or more data breaches in the previous 24 months, and 8 percent said that they'd received four or more notifications.
But companies are still not sure how to protect themselves. In a Ponemon survey released last month, only 16 percent of the 577 security professionals who responded said that they were confident or very confident that current security practices could prevent the loss or theft of customer or employee data.
One way to gain confidence is to examine actual breaches and learn from them. Here's a look at five common types of breaches, with advice about how to avoid similar mishaps.
1. Stolen equipment
In May 2006, personal data on 26.5 million veterans was compromised when a laptop and a storage disk were stolen from the home of a subcontractor working for the U.S. Department of Veterans Affairs. Both items were recovered, and arrests were made. The FBI claimed that no data had been stolen, but the incident prompted sweeping reform at the VA. However, in January 2007, another breach occurred when a laptop was stolen from an Alabama medical facility, exposing personal data on 535,000 veterans and more than 1.3 million physicians.
Costs: By June 2006, the VA was burning through $200,000 a day to operate a call center to answer questions about the breach. It also spent $1 million to print and mail notification letters. It was given permission to reallocate up to $25 million to pay for those costs. Class-action lawsuits were also filed, including one demanding $1,000 in damages for each person affected. After the 2007 breach, the VA set aside an additional $20 million for breach-related costs. And the department recently agreed to pay $20 million to current and former military personnel to settle a class-action lawsuit.
Blinders: Lost or stolen equipment accounts for the largest portion of breaches -- about 20 percent in 2008, says the ITRC. According to Bart Lazar, a partner in the Chicago office of law firm Seyfarth Shaw, incidents involving lost or stolen laptops make up the majority of data-breach cases he works on.
Eye-openers: Lazar recommends restricting the placement of personal identifying information on laptops. For instance, don't tie customer or employee names to other identifiers, such as Social Security or credit card numbers; alternatively, you can truncate those numbers. Also, consider creating your own unique identifiers by, for example, combining letters from an individual's last name with the last four digits of his Social Security number.
Second, require personal information on laptops to be encrypted, despite the potential cost ($50 to $100 per laptop) and performance hit that involves, says Lazar. This needs to be accompanied by consciousness-raising, says Blair Semple, storage security evangelist at NetApp Inc. and vice chairman at the Storage Networking Industry Association's Storage Security Industry Forum. "I've seen situations where people had the capability to encrypt but didn't," he says. "Scrambling the bits is the easy part; it's the management and deployment that's hard."
Third, Lazar recommends policies requiring very strong passwords to protect data on stolen devices.
2. Insider theft
In November 2007, a senior database administrator at Certegy Check Services, a subsidiary of Fidelity National Information Services, used his privileged access to steal records belonging to more than 8.5 million customers. He then sold the data to a broker for $500,000, and the broker resold it to direct marketers. The employee was sentenced to over four years in jail and fined $3.2 million. According to company officials, no identity theft occurred, although affected consumers received marketing solicitations from the companies that bought the data.
In another high-profile case, a 10-year veteran scientist at DuPont downloaded trade secrets valued at $400 million before leaving the company in late 2005 to join a competitor in Asia. According to court records, he used his privileged access to download about 22,000 document abstracts and view about 16,700 full-text PDF files. The documents covered most of DuPont's major product lines, including some emerging technologies. The scientist did this while in discussions with the competitor and for two months after accepting the job. He was sentenced to 18 months in federal prison, fined $30,000 and ordered to pay $14,500 in restitution.
Costs: In DuPont's case, the estimated value of the trade secrets was more than $400 million, although the government pegged the company's loss at about $180,500 in out-of-pocket expenses. There was no evidence that the confidential information was transferred to the competitor, which cooperated in the case.
According to Semple, theft of customer information is nearly always more costly than theft of intellectual property. In Certegy's case, a 2008 settlement provided compensation of up to $20,000 for certain unreimbursed identity theft losses for all class-action plaintiffs whose personal or financial information was stolen.
Blinders: Nearly 16 percent of documented breaches in 2008 were attributed to insiders, says the ITRC; that's double the rate of the year before. One reason for this increase is that employees are being recruited by outsiders with ties to crime -- a trend that accounts for half the insider crimes committed between 1996 and 2007, according to the CERT Coordination Center at Carnegie Mellon University.
Insiders commit crimes for two reasons, CERT says: financial gain (as in the Certegy case) and business advantage (as in the DuPont case). In the latter, criminal activities usually start when the employee resigns, CERT says, but the thefts typically occur after they depart, having left secret access paths to the data they want.
Insider threats are among the hardest to manage, Semple says, especially when the workers use privileged access.
Eye-openers: A good precaution is to monitor database and network access for unusual activity and set thresholds representing acceptable use for different users, CERT says. That makes it easier to detect when an employee with a particular job designation does something beyond his normal duties. For instance, DuPont discovered the illegal activity because of the scientist's unusually heavy usage of its electronic data library server.
If you suspect that a breach has occurred, CERT says it's important to act quickly in order to minimize the chance of information being disseminated and to give law enforcement agencies a chance to start investigating the case.
Companies should also implement role-based access-control tools to maintain a high level of accountability over who is accessing valuable assets, Lazar says. Databases containing customer or employee information should allow very limited access. "How many people, on a daily basis, need to review Social Security numbers and addresses without permission?" he says. "Personal information should be protected at the same level as trade secrets."
Muller recommends using data loss prevention tools to restrict personal data from being e-mailed, printed, or copied onto laptops or external storage devices. Some of these tools provide alerts that inform administrators when someone tries to copy personal data and create a log file of such an event. "In a lot of cases, companies don't have proper audit trails in place," he says.
It's also important to strengthen internal controls and audit measures by, for example, implementing iterative checks on network and database activity logs, Semple says. It's not enough to keep detailed logs; you also need audit measures in place to see if anyone has modified a log or illegally accessed it. "Unless there's some way to verify the log information wasn't tampered with, it's hard to know it's of value," he says.
But in the end, technology isn't enough. "You need to find a way to ensure users you trust are worthy of that trust," Semple says.
3. External intrusion
In January 2007, retailer The TJX Companies reported that its customer transaction systems had been hacked. The intrusions -- which occurred between 2003 and December 2006 -- gave hackers access to 94 million customer accounts. Stolen information was found to have been used in an $8 million gift-card scheme and in a counterfeit credit card scheme. In the summer of 2008, 11 people were indicted on charges related to the incident, which was the largest hacking and identity theft case the U.S. Department of Justice has ever prosecuted.
Costs: TJX has estimated the cost of the breach at $256 million. That includes the cost of fixing computer systems and dealing with litigation, investigations, fines and more. It also includes payments to Visa ($41 million) and MasterCard ($24 million) for losses they incurred. The Federal Trade Commission has mandated that the company undergo independent third-party security audits every other year for the next 20 years.
However, others expect that costs may rise to $1 billion, which would include the costs of legal settlements and lost customers. According to an April 2008 Ponemon study, 31 percent of a company's customer base and revenue source terminates its relationship with an organization following a data breach. And in its recently released annual "Cost of a Data Breach" study, Ponemon found that breaches cost companies $202 per compromised customer record last year, compared with $197 in 2007. Costs associated with lost business opportunities represented the most significant component of the increase. The average cost of a data breach in 2008 was $6.6 million, compared with $6.3 million in 2007.
Blinders: According to a 2008 Ponemon study, data breaches by hackers rank a distant fifth in terms of security threats. Indeed, about 14 percent of documented breaches in 2008 involved hacking, according to the ITRC. That doesn't mean companies shouldn't be wary, however. In TJX's case, hackers infiltrated the system by "war driving" and hacking into the company's wireless network. TJX was using subpar encryption, and it had failed to install firewalls and data encryption on computers using the wireless network. This enabled the thieves to install software on the network to access older customer data stored on the system and intercept data streaming between handheld price-checking devices, cash registers and the store's computers.
Eye-openers: According to Muller, the WEP encryption that TJX used on its wireless network was insufficient -- weaker even than what many home users have. "If from the parking lot you can gain access to the database, you need a higher level of data security and data encryption," he says. TJX had also stored old account information instead of permanently deleting it, Muller says.
4. Negligent employees
The spouse of a telecommuting Pfizer employee installed unauthorized file-sharing software on the worker's company laptop, enabling outsiders to gain access to files containing the names, Social Security numbers, addresses and bonus information of about 17,000 current and former Pfizer employees. An investigation revealed that about 15,700 people had their data accessed and copied by people on a peer-to-peer network, and another 1,250 may have had their data exposed. Because the system was being used to access the Internet from outside of Pfizer's network, no other data was compromised. (Read about how to teach your employees, by job function, to guard against attacks.)
Costs: Pfizer contracted for a "support and protection" package from a credit-reporting agency, which includes a year's worth of free credit-monitoring service for those affected and a $25,000 insurance policy covering costs that individuals might incur as a result of the breach.
Blinders: Careless insiders -- not malicious ones -- are the No. 1 threat to data security, according to a recent Ponemon study, in which IT professionals said 88 percent of all breaches involved negligent insiders. "If there were more employee awareness about security, the number of breaches would come way down," Muller says. In Pfizer's case, the employee's spouse had configured the software so that other users of the file-sharing network could access files the spouse had stored on the laptop, but that gave people access to Pfizer files, too.
Combine negligent users and file-sharing software, and you've got a dangerous mix. Although most companies have outlawed P2P file sharing on their corporate networks, according to a 2007 study by Dartmouth College, many employees install it on their remote and home PCs. The study found, for example, that employees at 30 U.S. banks were sharing music and other files on peer-to-peer systems and inadvertently exposing bank account data to potential criminals on the network. Once business data is exposed, it can spread to dozens of computers around the world.
Eye-openers: First off, IT needs to either ban P2P software entirely or set policies for P2P usage and implement tools to enforce those policies. "[Pfizer] should have done a better audit of their systems to stop employees from loading any software," Muller says. "You can take away their admin rights so they can't install anything." Also important is training, he says, so users understand the dangers of P2P, what makes a good password and other standard security practices.
"There's a huge need for education so employees understand we're not trying to make things difficult but that bad things could happen," Semple notes. "It's having them understand, 'I can't do this, and here's why.' "
5. Subcontractor breaches
In November 2008, the Arizona Department of Economic Security had to notify families of about 40,000 children that their personal data may have been compromised following the theft of several hard drives from a commercial storage facility. The drives were password-protected but not encrypted. The agency says no information was used to commit fraud.
Costs: Subcontractor breaches are more costly than internal incidents, averaging $231 per record compared with $171, according to Ponemon.
Blinders: According to Ponemon's annual cost study, breaches by outsourcers, contractors, consultants and business partners are on the rise, accounting for 44 percent of all cases reported by respondents last year. That's up from 40 percent in 2007. In the ITRC study, 10 percent of breaches were associated with subcontractors in 2008.
Eye-openers: Companies need to create service-level agreements that are airtight and specific, and then ensure that subcontractors are in compliance and penalize them if they aren't. In cases that involve the use of backup tapes or disks, Semple says, insist on encryption and password protection.
Mary Brandel is a Computerworld contributing writer. You can contact her at marybrandel@verizon.net. Computerworld is an InfoWorld affiliate.
________________________________
Update: Intel to invest $7 billion in U.S. plants
February 10, 2009 at 10:55 am
________________________________
Intel will spend $7 billion over the next two years to revamp three U.S. manufacturing plants, and the company's CEO called on other U.S. companies to also invest in the future as a way to combat an economic recession.
Intel will update manufacturing plants in Arizona, New Mexico, and Oregon to build new 32-nanometer processor chips, Paul Otellini, the company's president and CEO announced Tuesday.
[ How severe is the impact of the economy on IT? Find out in "Is tech in more trouble than we think?" | Also learn the "Five top spending priorities for hard times." ]
Intel sees the tough economic times as an opportunity for investment in the future, Otellini told the Economic Club of Washington, D.C. "Tough as these times are, we are not blinking," he said. "Today, I am pleased to announce our intention to stamp the words 'made in America' on even more Intel products in the months and years to come."
He called on other U.S. companies to join Intel, even as dozens of companies are laying off workers. "A secure future requires investment in areas that will give rise to new industries and new ideas," he said. "We can't look to government to do this."
The three U.S. plants will support about 7,000 Intel employees and "multiple thousands" of contractors, Otellini said.
Otellini acknowledged a role for government as well, saying he supports parts of the more than $800 billion economic stimulus package pushed by U.S. President Barack Obama. The U.S. Senate may vote on the package Tuesday, and the House of Representatives passed it Jan. 29.
Obama called Otellini late Monday to congratulate Intel for its new investments, Otellini said. Otellini told the president he supported parts of the stimulus package, including money for health IT, more funding for the National Science Foundation, and money to repair schools.
Those elements of the package will help the United States compete on a global scale in the future, Otellini said.
However, without private investment, the package alone isn't enough to keep the United States competitive in the future, he added. "This year, we are going to see an unprecedented level of public investment in schools, bridges, roads, and health care," he said. "It's important. It will make a difference. It's long overdue.
"But let me be clear," he added. "All that investment is not sufficient. While it may help lift us out of our current crisis, it will not secure our future. By itself, it won't help stimulate the next generation of ideas."
Intel's improved manufacturing plants in the United States will build a line of processors, code-named Westmere, for desktop and mobile systems, Intel said. The Westmere processors will combine micro-architecture with graphics ability integrated into the processor.
Asked if Intel would have to borrow money to pay for the improvements, Otellini said the company's plan is to use part of its $15 billion in cash reserves to fund the projects.
Intel sees the current economic crisis as a time to "not only build back, but to build better," he added. "In the current crisis, I believe that America's goal should not be just to survive, but rather to become better than ever."
________________________________
HP netbooks likely will run 3 versions of Windows 7
February 10, 2009 at 10:22 am
________________________________
In a vote of confidence for Windows 7's suitability for use on netbook PCs, Hewlett-Packard says it likely will offer at least three different editions of the upcoming operating system on future models of its Mini netbooks.
That includes the Professional and Home Premium editions, which Microsoft last week said will be the two primary versions of Windows 7, and the low-end Starter edition, which will limit users to running three applications at a time.
[ Get the analysis and insights that only Randall C. Kennedy can provide on PC tech in InfoWorld's Enterprise Desktop blog | Download our free Windows performance-monitoring tool | Check out InfoWorld's special report: Early looks at Windows 7. ]
Kyle Thornton, category manager for business notebook PCs at HP, said in an interview late last week that the vendor also has been testing the beta version of Windows 7 Ultimate -- an edition aimed at gamers and PC enthusiasts -- on the Mini netbook line.
Windows 7 is being built on the same code base as Windows Vista, prompting some fears that the new operating system may prove to be too bulky to run well on modestly powered netbooks. But despite such concerns, "we see it running very well on the [Minis], even with Aero turned on," Thornton said, referring to the compute-intensive graphical user interface offered in both Vista and Windows 7.
While Microsoft will focus its marketing of Windows 7 on the Professional edition for corporate users and Home Premium for consumers, it will continue to offer a total of six flavors -- the same as with Vista. That, the company said, is necessary to meet the needs of PC makers as well as users.
As part of last week's announcement, Microsoft confirmed that there will be no special "netbook SKU" of Windows 7. Instead, PC makers will be allowed to install the Starter edition, formerly consigned to developing countries only, on netbooks and other low-end PCs for sale in markets worldwide. Microsoft officials expect, though, that the majority of netbooks will actually ship with Windows 7 Home Premium.
HP is even more ambitious. Besides the three editions of Windows 7 that it plans to support, the vendor hopes that it will be able to continue to pre-install both Windows XP Professional and Vista Business on its business-oriented netbooks even after the new operating system ships, Thornton said. (Vista Business is the product-line equivalent of the planned Windows 7 Professional edition.)
In the Mini 2140 system that it introduced last month, HP offers three operating systems for business users: XP Pro, Vista Business, and Novell's Suse Enterprise Linux. No other netbook maker "supports business operating systems because, frankly, they are not being supported by Intel or Microsoft at all," Thornton claimed. "We went out on a limb to put XP Pro and Vista Business on the 2140 and make sure it runs fine."
HP is the largest notebook PC vendor worldwide on an overall basis. But in the netbook category, it's a distant third behind the top two vendors, Acer and Asustek Computer, according to market-research figures released in December by DisplaySearch.
HP's largest netbook customer, the Fresno Unified School District in California, bought 7,000 of its original 2133 Mini-Note machines last year. But despite "quite a bit of interest from the business sector," HP has yet to make any large corporate sales, Thornton said.
HP is betting that will change with the Mini 2140. Featuring battery life of up to 8 hours, a hard drive with anti-drop data protection capabilities, and a sleek-yet-professional aluminum casing, the 2140 is being explicitly targeted at the Fortune 500.
"We're not peddling some cheap, plastic-y toy," Thornton said. "I believe that we've got the one of the first, if not only, viable business netbooks out there." He added that a number of Fortune 200 companies are already testing the 2140.
However, both Acer and Asus, as Asustek is known, are also bringing out business-friendly netbooks to compete with the 2140. And Thornton conceded that because of the economy, many corporations have slashed the capital-equipment budgets that they normally reserve for PC purchases, among other things.
But Thornton contends that the 2140's relatively low price tag (the machine lists for between $499 and $650), combined with HP's formidable corporate sales force, will result in numerous sales of relatively small quantities to business users who can buy the system without having to tap into capital-equipment funds.
"Everyone is looking for less-costly alternatives," he said. "If a sales vice president wants to get 20 $600 netbooks at a time, that is well within the signature authority of many executives."
Thornton also argued that the 2140 won't necessarily cannibalize sales of HP's bigger and more expensive laptops. "For a salesperson," he said, "a netbook can actually be a good companion to a 15-inch notebook PC."
Computerworld is an InfoWorld affiliate.
________________________________
VoIP goes corporate -- and saves users plenty
February 10, 2009 at 9:52 am
________________________________
With clients already skittish over the downturn in the financial markets, Benefit Consultants Group wanted to make sure its agents and brokers could be reached anytime without long waits. That included during a recent fire drill, when everyone had to leave the building.
From the parking lot, staffers using VoIP phones were able to reprogram calls coming into the switchboard to go directly to their VoIP phones. As a result, during that half-hour, BCG employees continued to answer calls and clients were none the wiser.
[ Frustrated by your PC support? You're not alone. Get answers from Christina Tynan-Wood in InfoWorld's Gripe Line blog and newsletter. ]
BCG is amid a raft of new enterprise VoIP customers. In early February, the Social Security Administration's core VoIP network was completed. The new system is expected to become one of the largest enterprise VoIP deployments in the world, and is already supporting more than 125 offices and more than 33,500 calls daily.
VoIP technology is certainly not new, but it has matured to the point that there are more applications to help reap significant cost benefits and efficiencies. "This is not about 'here's a new way to make a phone call,' but a new way to communicate," observes Bob Hafner, a managing vice president at Gartner. "I'm telling customers they have to move forward with IP technology" since companies that unify communications with business processes over the long term -- merging voice with data, in other words -- will "absolutely" see costs go down.
Not that businesses will soon have much of a choice. Hafner says there isn't one voice vendor that is still doing research and development on TDM (time-division multiplex), the analog technology found inside traditional PBXs.
For its part, BCG also had loftier goals. Officials wanted the ability to monitor calls to determine whether questions were being answered correctly about investment products and that customers were being spoken to in an appropriate manner. But the retirement plan and consulting firm knew it couldn't get such information from its traditional phone system. And company officials had grown weary of the long response times and mediocre service they experienced when their phone system needed repair.
"We were pretty upset with our [former] phone system in that there was a lot of downtime and the time it took to get someone to repair it and bring it back up was getting longer," says BCG CEO Robert Paglione. "Someone had to come here to fix [the system] and when they'd come they'd point fingers at someone else and ... there was a lot of going back and forth. In our business we can't have down time."
So the Delran, N.J.-based BCG opted to completely do away with regular phone lines and instead has switched over to VoIP phones. BCG is using hosted VoIP software from BroadWorks, which gives it the ability to capture real-time data and generate reports as well as seamlessly transfer calls anywhere an employee is located.
Paglione says the cost savings with VoIP phones has been significant. Using the hosted model, BCG saved more than $9,000 in phone bills last year and over $80,000 in hardware costs than if the company had gone with an on-premise VoIP system.
But making the move to IP can be a fairly expensive proposition. In many cases, companies will have to make physical upgrades to the WAN, as well as add air-conditioning systems and Ethernet switches.
Gartner's Hafner explains why additional cooling is sometimes required. "People want to upgrade to IP phones, but IP phones need power. So they power the phones using Power over Ethernet," he says. So that means they generally need to install more power in workgroup closets on each floor. "This can be a lot of power in a small room and often requires air conditioning to cool the room." This can even be worse if the users' expectation is that the phones work when building power is lost; that means users need to put batteries (UPS) in the workgroup closet too. This too generates some heat.
Nevertheless, some 82 percent of companies have VoIP deployed somewhere in their organization right now, while 10 percent have VoIP deployed across their entire enterprise, according to research firm Yankee Group Research.
"There's no doubt in my mind that a number of years from now ... almost every call we make will be over IP because of the simplicity it brings," says Zeus Kerravala, an analyst at Yankee Group.
No more call waiting
WebiMax.com, a provider of online lead-generation marketing services, wasn't daunted by the initial costs to set up a VoIP phone system, which President Ken Wisnefski acknowledged were "expensive" -- some $40,000, which includes wiring, call-tracking software and faxing features from each phone in addition to the phone system itself. Wisnefski says the system paid for itself in just "a couple of months," although he saw the benefits to workers "almost immediately." He estimates they save between $500 and $1,000 monthly in long-distance calls alone, and WebiMax has experienced better quality of service in terms of scalability and flexibility.
"We have times where salespeople or others work remotely; they can plug the IP phones into their routers wherever they are, and it's as if they were in the office," says Wisnefski. The company also has a couple of employees who are completely remote workers and with the VoIP system, WebiMax doesn't have to pay for separate landlines. No special training was required, he says.
There are other benefits to the VoIP system. The phones can forward calls to a cell phone. If a salesperson doesn't pick up a call, the system sends an e-mail to their BlackBerry and also leaves a message on their office phone. "It centralizes all your work messages in one place," he says.
WebiMax works with two ISPs to ensure no lapse in service. Wisnefski says with VoIP phones, "fewer things fall through the cracks, and it's a better process. We won't ever go back" to traditional landlines.
Mobility in a crisis
Municipalities are also witnessing the benefits that VoIP phones bring to the table. Oklahoma City maintains some 3,900 phones, and of those, 2,400 are now VoIP and are mainly used in the police department, public works department, and 911 call center.
Today, a police officer can sit down anywhere with a VoIP phone and log into the system and it becomes his phone, says Mark Meier, director of IT. "In a crisis situation, it allows complete mobility,'' Meier says.
And it saves the city plenty. A cell phone costs an average of $32 per month, while the cost of a VoIP phone is about $6 per month.
"It was about dollars and cents and new capabilities," says Meier. IT built in unified messaging capabilities so that people can reach individual police officers or their voice mail, and the system will send them an e-mail if they miss a call.
Meier says they are easy to use because they typically have an LCD screen displaying whatever type of information an individual wants -- instructions, the ability to scroll through message call logs, and, if customized, even the Internet and local applications. Employees can also log into reference information such as police or fire records, all of which they didn't have with their analog phone system. Another function is the ability to place a series of phone numbers that a person commonly uses onto the phone -- sort of like a dynamic phone book that presents different numbers based on the person's role, he says. "It eases performance and makes it more consistent," says Meier.
BCG's Paglione says their system is very programmable and salespeople on the road can have calls routed to their hotel phone, cell phone, or home phone. Besides reliability, scalability is also a priority. Paglione says as they add employees, all they have to do is purchase another phone, plug it in and all features are there.
The company has pulled reports on how employees talk to clients -- how they describe a product or their technique on the phone. Paglione says if management doesn't like what it hears, additional training can be provided.
"One neat feature is we can search keywords so if we wanted to analyze what was going on, we'd tell system to look for words like 'sue' or 'cheated'; even curse words or anything negative, so you could see what took place in that recording," Paglione says.
Likewise, in Oklahoma City, IT can build reports and allow management to see such data as the number of calls coming in during a particular time frame, who is receiving them and what the lag time is before someone answers the phone.
In an event such as an ice storm, Meier says the system enables public works to be proactive and double or triple its call center manpower for a period of time. "With VoIP, information that was only ava
สมัครสมาชิก:
ส่งความคิดเห็น (Atom)
ไม่มีความคิดเห็น:
แสดงความคิดเห็น