News about Oracle's Solaris and Sun Hardware
System News
Feb 18th, 2013 — Feb 24th, 2013 Generate the Custom HTML Email for this Issue
System News System News for Sun Users
Volume 180, Issue 3 << Previous Issue | Next Issue >>
Sections in this issue:
click to jump to section

SPARC T4 Digest and Crypto Optimizations in Solaris 11.1
RSA, DSA, and DES-3 Crypto Algorithms Added
In his post "SPARC T4 Digest and Crypto Optimizations in Solaris 11.1" Dan Anderson discusses the T4 optimization for SHA-2, SHA-1, and MD5 digest algorithms. In addition he notes the inclusion in Solaris 11.1 of T4 optimization for RSA, DSA, and DES-3 crypto algorithms. He points out that the AES optimizations were introduced in Solaris 11 in 2011, while the SHA-1, SHA-256, SHA-384, SHA512, and MD5 optimizations are available in Solaris 11 SRU2 and Solaris 11.1. The RSA, DSA, and SHA-224 optimizations are available in Solaris 11.1. He includes links in his post to downloads of both Oracle Solaris source code and object code.
Provisioning Oracle Exalogic: What's Involved
Life Made Easier for the SysAdmin

Provisioning Exalogic, designed as a multi-tenant environment in which many applications and user communities operate in secure isolation while running on a shared compute infrastructure, is simply a case of re-configuring existing shared resources, Jules Lane writes in the Oracle white paper "Managing Oracle Engineered Systems -- Exalogic (Physical): Administration Tasks and Tools,". Rick Ramsey reviews the steps that are typically part of provisioning Exalogic as they involve storage, compute nodes, and network -- all done without physical cabling and with network configuration defined at the software level in a matter of hours.

Five Perspectives on Virtual Networks
Several Aspects of Virtual Network Creation

Rick Ramsey has gathered five posts on virtual networks by various hands with the intent of making it easier for users to decide which type of virtual network to create. The posts are:

  • "How Networking Works in Virtual Box" by the Fat Bloke

  • "Evaluating Oracle Solaris 11 from Inside Oracle VM Virtual Box" by Yuli Vasiliev

  • "Looking Under the Hood at Networking in Oracle VM Server for x86" by Greg King and Suzanne Zorn

  • "Which Tool Should I Use to Manage Which Virtualization Technology?" by Ginny Henningsen

Oracle Secure Global Desktop Helps Airbus Reduce Length of Flight Testing Program
Single Sign-on Gives 100 Users Simultaneous Access to Test Data
Airbus connects its 52,000 employees in France, Germany, the U.K., and Spain, with 1,500 suppliers in 30 countries worldwide using Oracle Secure Global Desktop 4.6. Monica Kumar posts that the secure, real-time access to test results during flight trials frees technical teams from the need to travel to the company’s center in Toulouse, and gives experts the ability to evaluate results immediately. Oracle Secure Global Desktop enables approximately 100 end-users to simultaneously access test data from server-based and server-hosted environments with secure, single sign-on technology, reducing test-flight program length and enabling engineers to request retesting while aircraft are still in the air.
IT - Storage
Dealing With the Copy Data Explosion
Storage Switzerland Feb 22, 2013
"For many years now, IT storage professionals have had to cope with the seemingly unfettered growth of data across the business environment. The lion’s share of data growth by far, however, is not caused by ordinary, day-to-day business activity, but rather in the way data is copied, moved and shared across the enterprise.

In fact, the ratio of copies of data to the actual primary copy of data itself is roughly 20-1. Examples of copy data include file system snapshot copies, clones of databases to support test and development work, copies of production data to feed business analytic systems, copies produced to support daily backup and data replication routines, etc. In short, all of the redundancy of copy data is responsible for better than 90% of overall data growth..."

End of the Line for 3.5-Inch Drives?
IT Web Feb 22, 2013
"The larger, more bulky, 3.5-inch hard drive could be going the way of the floppy disc as form factors shift to smaller drives that have more capacity and fewer moving parts. The hard drive sector was hard hit by a flood in Thailand towards the end of 2011, resulting in shortages, and prices climbing, as some factories were underwater. The flooding, according to Google, was the worst in the past 50 years and resulted in more than two-thirds of the country being swamped.

However, while manufacturers are up and running again, the price of 3.5-inch hard drives has not returned to pre-flood levels, and the sector as a whole is coming under increasing pressure from solid state drives (SSDs), which benefited from higher demand – leading to lower prices – during the hard drive shortage..."

Sound Waves Used to Increase Disk Drive Capacity
Computerworld Feb 14, 2013
"Researchers at Oregon State University (OSU) said today that they have found a way to use high-frequency sound waves to improve magnetic data storage techniques. The breakthrough could allow greater amounts of data to be stored on both hard disk drives and NAND flash-based solid-state drives (SSDs)..."

"We're near the peak of what we can do with the technology we now use for magnetic storage," said Pallavi Dhagat, an associate professor in the OSU School of Electrical Engineering and Computer Science. "There's always a need for approaches that could store even more information in a smaller space, cost less and use less power."

"The technology is called acoustic-assisted magnetic recording..."

55% of Mid-Market Enterprises Experience Business Disruption Due to Storage Upgrades Feb 18, 2013
"Gridstore, Inc., in software defined storage solutions, announced findings from a study on the top IT pain points impacting today's mid-market enterprises.

The study revealed that managing the storage lifecycle due to staggering data growth is a significant challenge for IT administrators. Organizations are faced with the need to both overcome storage limitations and the resulting complexity and expense of storage upgrades and over-provisioning storage to accommodate for this growth..."

    The Cloud Storage Provisioning Roadblock
    Storage Switzerland Feb 22, 2013
    "Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) are faced with a unique storage challenge that many other organizations don't have to deal with; large scale provisioning of storage resources. Thanks to server virtualization, these organizations provision and manage data center wide server resources but they struggle, at least data center wide, to do the same with their storage resources. As a result storage is either massively over provisioned, wasting money or intensely and manually monitored wasting time and personnel while slowing down the deployment of new servers or applications..."
      Thought Leaders Offer Bold Predictions
      eWeek Feb 14, 2013
      All IT sectors have changed so much in the last few years that it is difficult to fathom how the pace of all this can continue. But count on it: This will continue. Data storage, which used to be a relatively simple-to-run component inside IT environments when it was directly attached to servers, has morphed completely in this era of virtualized everything... Some brave prognosticators discussed their views for the next 12 to 18 months with eWEEK. Here's what they had to say..."

      • Storage: Enterprise Systems Become More, Not Less, Confusing
      • Storage: Flash Will Fundamentally Upset the Status Quo
      • Hybrid Clouds Will Soon Be a Leading IT Deployment
      • Security: The Signature Era Is Ending
      • Security: Malware Will Jump Platforms
      • Mobile: BYOD Will Prove a Windfall for Windows 8, VDI Adoption
      • Multiple Devices Force VDI Adoption
      • IT Administration: Flat IT Budgets Tip the ROI scale for VDI
      • Software Development: Open Source Will Win Infrastructure Deals
      • Data Center: Focus Shifts From Construction to Running Them Efficiently

      Read on for details.

      4 Ways $50K Of Flash Can Boost Performance
      InformationWeek Feb 21, 2013
      "Almost every IT professional I talk to wants to use solid state drives (SSDs) in some way to solve performance problems. The most common culprit is the random I/O caused by server or desktop virtualization. At the same time, this same group has to stick to a budget, so they are looking for the most cost-effective way to deploy SSDs..."

      • SSD Appliances.
      • Network Caching Appliances.
      • Server-Side PCIe Solid-State Devices.
      • Server-Side SSD.

      Read on for details.

      MySQL 5.6 Replication: New Resources for Database Scaling and HA
      More Replication Enhancements than in any Previous Release
      MySQL 5.6 features the "largest set of enhancements to replication ever delivered in a single release," posts Mat Keep. These include 5x higher performance to improve consistency across a cluster and reduce the risks of data loss; self-healing clusters with automatic failover and recovery from outages or planned maintenance; assured data integrity with checksums implemented across the replication workflow; and DevOps automation. He also announces two new guides:

      "MySQL Replication: An Introduction"

      "MySQL Replication Tutorial: Configuration, Provisioning and Management"

      Keep alerts users to an upcoming live webinar in March on what's new in MySQL 5.6 replication.

      MySQL Workbench 5.2.46 GA Released
      Includes MySQL Utilities 1.2.0
      The MySQL Workbench Tool is now available in version 5.2.46, Alfredo Kojima posts, adding that MySQL Utilities 1.2.0 have been included on the distro. Kojima provides a convenient link to the release notes. He includes a download link as well to MySQL Workbench, noting its availability for Windows, Mac OS X and Linux. And he provides links to the documentation for both Workbench and Utilities.
      Cloud Computing
      In Touch (February 2013): Spotlight on Cloud
      Survey of Oracle's Partner Cloud Program
      In the February 2013 issue of Oracle EMEA Partner News Julien Haye surveys the five programs comprised in Oracle's Partner Cloud Program, " ... the most comprehensive in the industry," according to Christian von Stengel, Senior Director Application & SaaS Strategy & Sales, Oracle EMEA Alliances & Channels, enabling partners to decide how they engage, the ability to increase competitiveness, and the opportunity to deliver Cloud solutions designed to meet customers’ needs, von Stengel adds. The elements of the program are:

      • Referral Cloud Program

      • Resell Cloud Program
      • Rapid Start Program

      • Cloud Builder Specialization

      • Platform as a Service Program
      Oracle and Linux Foundation Partnership Growing Stronger
      Podcasts Feature Jim Zemlin, Linux Foundation Executive Director with Monica Kumar
      In a pair of podcasts, Monica Kumar, Senior Director Product Marketing at Oracle, and Jim Zemlin, Executive Director of the Linux Foundation, discuss the collaboration between Oracle and the Linux Foundation. As one of the largest users of Linux, Oracle contributes to a variety of ongoing projects, conducting hundreds of hours of testing activity directed to Linux modifications. When Oracle introduces a product, Zemlin comments, it simultaneously submits any changes to the kernel to the community. Oracle has always been supportive of the role the foundation plays as a neutral enabler of a community dedicated to the improvement of Linux, he reports.
      IT - Cloud
      Two Factor Authentication on the Cloud
      InformationWeek Feb 18, 2013
      "Extending two-factor authentication creates a layered security labyrinth in the otherwise elusive cloud, without sacrificing employee convenience..."

      "Applications that reside in the cloud afford enterprises previously unavailable levels of agility, productivity and vital flexibility – all at a crucially lower cost than ever before. What was once heralded as the 'brave new world' has practically become commonplace, but more and more organizations are still falling short of sufficiently extending their 'best practice' security policy to encompass their now sprawling corporate network. Deploying increased amounts of resources and operations into consolidated virtual environments must never come at the cost of security..."

      What is Private Cloud?
      Datamation Feb 12, 2013
      "A private cloud is a software-defined data center that combines essential hardware and other computing resources into a unified virtualized unit. A private cloud’s layer of hardware and networking abstraction – again, provided by software – enables enterprises to scale and provision resources more dynamically than is possible with traditional hardware-centric computing environments..."
        DIY Cloud: Choosing Your Own Virtual Machine Image Sizes
        NetworkWorld Feb 15, 2013
        "Amazon Web Services, seen by many as the market-leading infrastructure cloud computing provider, has a pretty full shelf of virtual machine (VM) image sizes for customers to spin up in its cloud -- 17 separate instance VM sizes are listed on the company's website, in fact.

        But a growing trend among some smaller cloud providers allows customers to create their own virtual machine sizes, specified by however much RAM, CPU and memory they want. In an increasingly busy market, vendors, particularly smaller ones, are looking to differentiate themselves from the mega-players -- like the Amazons, Googles and HPs of the world -- and this is one way to do it..."

        How to Successfully Partner With a Cloud Service Provider
        Internet Evolution Feb 15, 2013
        "No matter the objective or the division behind the decision, more IT departments today are partnering with service providers as organizations increasingly adopt cloud to improve agility, increase flexibility, cut costs, or see any of the other widely touted benefits this approach provides.

        Sixty-six percent of 1,300 respondents purchased cloud professional services for cloud deployment decisions in the United States, according to Technology Business Research's 2012 Cloud Professional Services Study, released today. In a similar survey of 921 executives in 2010, 59 percent turned to external partners, TBR found. This year, 60 percent of enterprise customers expect to increase their spending on cloud professional services, the research firm found..."

          Interop Preview: Expert Advice on Building Private Cloud
          InformationWeek Feb 20, 2013
          "The private cloud computing model isn't a slapped together virtualization environment, with a few management bells and whistles thrown in on top. Instead, it's a standardized set of pooled data center resources that allow end users to self-provision virtual servers, which run in a highly automated fashion.

          If you don't plan for such an architecture, you won't get to real cloud computing, warns Dave Roberts, a frequent writer on the private cloud topic..."

          Organizations Facing Bumpy Cloud Transition
          CIO Insight Feb 20, 2013
          "In theory, the cloud promises to help organizations cut operational expenses while paving the way for more agile business operations. However, the road to mass cloud adoption is paved with a number of transitional bumps, according to a recent survey from KPMG International..."

          • Budget Minded
          • Passing Grade
          • Painful Transition
          • IT Execs’ Other Top Cloud Objectives
          • Alignment Adjustment
          • Big Breach
          • Handing Off
          • Disjointed Parties
          • Small Hurdle
          • Top Business Functions Using Cloud Services

          Read on for details.

            10 Tools to Prevent Cloud Vendor Lock-in
            InformationWeek Feb 21, 2013
            "In enterprise computing, vendor lock-in is too often a fait accompli. Vendor lock-in happens when, for example, a particular company -- such as IBM, Microsoft or Cisco Systems -- becomes the dominant vendor behind a particular technology and develops products that capture the advance with proprietary elements...Keeping choice in the hands of the IT manager is an important part of cloud computing. Here are 10 tools that can help you avoid lock-in and keep your enterprise moving forward:"

            • Enstratus
            • BMC
            • Abiquo
            • ServiceMesh
            • RightScale
            • Scalr
            • Gravitant
            • Kaavo
            • VMTurbo
            • CA Technologies

            Read on for details ...

            IT - CxO
            Caught in the Crossfire
            CIO Insight Feb 19, 2013
            "As line of business teams increasingly fund everything from CRM systems to social media apps, CIOS are caught between competing business units..."

            "As is often the case, CFOs will rightly insist that ERP applications are the official systems of record. But from a practical perspective much of daily business is now being managed via CRM and social media applications. The CEO and the board of directors, of course, wants all these systems reconciled, which unfairly puts CIOs squarely in the crossfire between different business leaders that often have conflicting business priorities and objectives..."

              Whistleblower Suits: Contractors Beware
              Wachington Technology Feb 19, 2013
              "Even before the assistant U.S. Attorney for eastern Virginia spoke at the Fairfax County, Va., Chamber of Commerce event Tuesday morning, the news was sobering for contractors.

              Gerard Mene is the coordinator of the Affirmative Civil Enforcement program in the U.S. Attorney’s office that covers half of Virginia, including Northern Virginia, Richmond and Norfolk. It goes without saying that he sees a lot of cases involving contractors and False Claims Act allegations.

              He offered insights into how the act is working, and into the rise of Qui Tam cases, a.k.a. whistleblower cases, as part of a panel on compliance trends at the chamber’s annual government contractor symposium..."

                Federal CIO Outlines Next Steps
                InformationWeek Feb 21, 2013
                "The Obama administration's second term has gotten off to a fast start for federal CIO Steven VanRoekel. In the past few weeks, he's been quizzed by lawmakers on the need for additional IT reform and the Department of Energy has been hit by a sophisticated cyber attack. Now the threat of budget cuts triggered by sequestration looms.

                In an interview with InformationWeek Government at his White House office, VanRoekel acknowledged that federal IT teams continue to face technical, operational and funding challenges. Yet he cited 'incredible progress' on efforts to improve the performance and efficiency of federal IT, and he has a plan for next steps..."

                Eight Things Your CEO Is Thinking About Now
                Baseline Feb 21, 2013
                "They acknowledge that they're struggling with talent shortages, and they believe the U.S. government needs to get more involved with helping out. They also acknowledge that they could be doing more to support diversity among their leadership teams. And they are concerned that ever-fickle customer sentiments could derail their strategic growth plans. Who are they? They are the CEOs of America..."

                • Nurturing Instinct
                • Help Wanted
                • Talent Gap
                • Engaged Audience
                • Diverse Interests
                • Power Shift
                • Out of Service
                • Big Voice

                Read on for details.

                  Gartner to CIOs: Don't Trust Your IT Supply Chain
                  Internet Evolution Jan 31st, 2013
                  "The term 'supply chain' typically evokes a string of parts that are progressively integrated into a final result -- a consumer product -- such as an automobile or computer.

                  Lately, however, the term has entered the CIO lexicon. IT executives are starting to talk about the 'IT supply chain,' meaning the combination of hardware, software, data, and even service providers such as public clouds -- all of which have their own supply chains as well -- that result in today’s sophisticated enterprise IT implementations..."

                  The CIO Big Super High-Impact IT List for 2013
                  ITBusinessEdge Feb 18, 2013
                  "End-user technology expectations are increasingly more demanding and management is looking for innovation to differentiate the business. These mounting pressures have forced IT leaders to move, to transform. The risks of change are high, but the rewards are even higher.

                  ServiceNow has created the CIO Big Super High-impact IT List for 2013 to help burn down that IT doghouse. IT is quickly becoming one of the most strategic roles in the enterprise. The list is comprised of seven tips intended to help the CIO do better in 2013..."

                  • Clean up your own IT mess
                  • Replace IT Thumbs with service engineers
                  • Think AND act globally
                  • Market like your career depends on it
                  • Advance your expectations of the cloud
                  • Modernize your interface to the business
                  • Be the chief innovation officer

                  Read on for details.

                  Undercover CIO: What You Don't Know They Won't Tell You
                  The Higher ED CIO Feb 16, 2013
                  "Undercover CIO is an idea I hope each of you will consider. Actually, undercover CIO is more than an idea, it’s a management approach for CIO’s to use in their daily routine to increase their visibility into their IT organizations. It's a little bit of a twist on the tried and true approach of trust but verify aimed at getting to the real IT organization your staff is keeping you from seeing.

                  Let's face it, people are just not inclined to tell their boss or their bosses boss the truth unless it serves their own purposes – and maybe not even then..."

                  11 Blogging Best Practices for IT Teams
                  CIO Insight Feb 22, 2013
                  "Thanks to blogs and the ubiquitous nature of social media these days, everybody is a writer, right? And that also extends to your IT department staffers as they seek to impart their wisdom about technologies and industry trends to existing and new audiences ... the guidelines try to steer them in the direction of posting content that advances your organization's mission, as opposed to distracting from or damaging it. These best practices are part of an extensive report from Janco titled CIO IT Infrastructure Policy Bundle:"

                  • Full Disclosure
                  • Seeking Clearance
                  • Keep the Customer Happy
                  • Single Voice
                  • Faulty Forecasting
                  • Quick Fix
                  • Don’t Criticize Rivals
                  • Brand Visibility
                  • Personal Conduct
                  • Thou Shalt Not Steal
                  • Good Karma Rules

                  Read on for details.

                  Is It Now Crazy To Offshore IT to China?
                  Computerworld Feb 22, 2013
                  "China has for years been developing an IT outsourcing industry aimed at bringing in business from the U.S. and Europe. It has succeeded, but then again it hasn't thrived and now may face more barriers.

                  China's IT and business process outsourcing (BPO) market today is in the range of $4 billion to $5 billion.

                  The total outsourcing revenue there is about half that generated by just one of India's largest IT companies, Tata Consultancy Services, said Jimit Arora, a vice president at Everest Group, a consulting and research firm..."

                  IT Growth Outlooks and Trends in 2013
                  CIO Insight Feb 18, 2013
                  "The biggest disrupters for tech today—cloud computing, mobility, social media and big data--will continue to, well, disrupt in 2013. That’s why CIOs must stay on top of the latest trends if they are going to help their companies stay competitive. It's a tall order, given that by the time you read this sentence there may well be two or three new IT developments that could make or break your odds of success."

                  • Innovation's Mass Appeal
                  • Faster, Larger and Easier
                  • Openness Trumps All
                  • The Distributed Economy
                  • Sitting at the Corporate Table
                  • Learning to Love
                  • Less Worries
                  • Unstructured Data Abounds
                  • Specialists Win
                  • Buying Gets Easier

                  Read on for details.

                  IT - PM
                  10 Portfolio Management Practices to Avoid
                  AITS Feb 19, 2013
                  "Sometimes our portfolio management practices and the practices of others are enough to make us sick. Simple mistakes lead to big problems time and time again. What if there was a way to prevent this? Think of it in terms of the cold season. If there was a list of tips available to prevent getting sick, you would follow them, wouldn't you? An article by Ian Carroll details such a list in which we find out what portfolio management practices should really be avoided:.."
                  IT - Networks
                  What can L2TP do for your network?
                  NetworkWorld Feb 8, 2013
                  "The Layer 2 Tunneling Protocol (L2TP) is a standard protocol for tunneling L2 traffic over an IP network. Its ability to carry almost any L2 data format over IP or other L3 networks makes it particularly useful. But L2TP remains little-known outside of certain niches, perhaps because early versions of the specification were limited to carrying PPP -- a limitation that is now removed..."
                    Server-Class Networking Bandwidth to Increase Five-Fold in Five Years
           Feb 19th, 2013
                    "According to Crehan Research Inc.'s latest Server-class Adapter & LAN-on-Motherboard (LOM) Long-Range Forecast Report, server-class networking bandwidth will see a five-fold increase by 2017, exceeding 900Tbs in that year as datacenters continue to increase network capacity to keep up with traffic demands.

                    Impending transitions such as upgrades from 1GbE to 10GbE, from 8Gb FC to 16Gb FC, and - now well underway - from QDR IB to FDR IB will drive significant bandwidth increases. These increases are needed to handle the exponential growth in network devices, ubiquitous connectivity, and richer applications that are driving more and more traffic over server networking connections..."

                      Drones Still Face Major Communications Challenges Getting Onto US Airspace
                      NetworkWorld Feb 19, 2013
                      "Communications and effective system control are still big challenges unmanned aircraft developers are facing if they want unfettered access to US airspace.

                      Those were just a couple of the conclusions described in a recent Government Accountability Office report on the status of unmanned aircraft and the national airspace. The bottom line for now seems to be that while research and development efforts are under way to mitigate obstacles to safe and routine integration of unmanned aircraft into the national airspace, these efforts cannot be completed and validated without safety, reliability, and performance standards, which have not yet been developed because of data limitations, the GAO concluded..."

                      IT - Operations
                      A Formula for Getting the Customer Experience Right
                      IT World Canada Feb 20, 2013
                      "IT departments are awash with performance statistics, but numbers don’t always tell the truth about whether customers are getting good online service.

                      But a mathematical formula might.

                      At least that’s what Tony Davis, a vice-president and senior consulting fellow at CA Technologies believes..."

                      IT - Security
                      10 Commandments of Application Security
                      Dark Reading Feb 19, 2013
                      "While application security cascades into just about every facet of IT security today, many enterprises have a difficult time implementing sustainable application security programs that offer measurable benefits to the business. A general disconnect between security goals and the profit motives of development teams can cause insurmountable conflict between infosec teams and developers, with line of business leaders all too ready to side with money-making dev teams nine times out of 10..."

                      • Thou Shall Execute App Security At The Speed Of Business
                      • Thou Shall Not Architect Security
                      • Thou Shall Evolve Your Testing Methodologies
                      • Thou Shall Not Surprise Dev Teams
                      • Thou Shall Test Apps In Production
                      • Thou Shall Not Let Frameworks Replace Common Sense
                      • Thou Shall Put Vulnerabilities In Proper Context
                      • Thou Shall Not Give Developers Rampant Access To Live Customer Data
                      • Thou Shall Use A WAF With A Plan
                      • Thou Shall Not Blame The Developers

                      Read on for details.

                      Cyber Threats Require a Risk Management Approach
                      Continuity Central Feb 15, 2013
                      "The recent report by Harvard Business Review Analytic Services has further reinforced a commonly held view that too many organizations are leaving cyber security to chance. 'Meeting the cyber risk challenge', which polled more than 150 risk management professionals across Europe, found that just 16 percent of companies had a chief information security officer in place to manage cyber risk and privacy.

                      However, as an escalating number of companies face dealing with the aftermath of reported data breaches, it is clear that cybercrime knows no boundaries and no organization is immune..."

                      Reducing Insider Security Risks, Data Loss: 10 Best Practices
                      eWeek Feb 7, 2013
                      "It's not uncommon for large enterprises to spend millions of dollars on IT tools to defend against security threats. Yet they continue to experience security compromises and data breaches. These threats to massive quantities of highly sensitive data are increasing in both volume and sophistication. However, one significant cause that is also extremely challenging to mitigate is employee risk. According to research by the Ponemon Institute, insider negligence is still the No. 1 data security risk; more than three-quarters of IT professionals report that their organizations have experienced a data breach due to insider risk, whether it was malicious or negligent..."

                      • Conduct a Comprehensive Risk Analysis
                      • Proactively Address Weaknesses
                      • Create Actionable Policies and Procedures
                      • Avoid Counterintuitive Policies
                      • Include BYOD Policies
                      • Create Consequences
                      • Adapt Education and Awareness Activities
                      • Evolve Beyond Basic Tools
                      • Deploy Mobile-Device Management
                      • Create Ironclad Personal Device Agreements

                      Read on for details.

                      Identity Fraud in US Reaches Highest Level in Three Years
                      CIO Feb 20, 2013
                      "U.S. consumers experienced the highest level of identity theft in three years in 2012, although much of the fraud losses were absorbed by banks and merchants, according to a new survey.

                      Incidents of identity fraud affected 5.26 percent of U.S. adults last year, according to a survey of 5,249 people by Javelin Strategy and Research. That's up from 4.9 percent in 2011 and 4.35 percent in 2010. The company put the total number of identity victims in 2012 at 12.6 million..."

                        13 of the Biggest Security Myths Busted
                        InfoWorld Feb 23, 2013
                        "Some oft-repeated notions about security may be only assumptions and not necessarily true. We asked security experts for what they consider security 'myths,' and heres what they said..."

                        • Anti-virus is protecting you
                        • Governments create the most powerful cyberattacks
                        • All our accounts are in Active Directory and under control
                        • Risk management techniques are needed in IT security
                        • There are 'best practices' for application security
                        • Zero-day exploits are a fact of life
                        • The U.S. electric grid is well-protected
                        • I am compliant therefore I am secure
                        • Security is the CISO's problem
                        • You're safer on your mobile device than on a computer
                        • You can be '100% secure'
                        • Point-in-time security is all you need to stop malware
                        • With the right protection, attackers can be kept out

                        Read on for details.

                        Certificate Authorities Band Together To Boost Security
                        NetworkWorld Feb 15, 2013
                        "Members of the Certificate Authority Security Council, announced Thursday, include Comodo, Trend Micro, Symantec, GMO GlobalSign, Entrust, DigiCert and Go Daddy. Some of the companies have recently suffered compromises of their CA systems.

                        Until now, the CAs has participated in other industry groups, such as the Certification Authority/Browser Forum. The council will be the first group in which the companies can speak with a 'unified CA voice,' councilmember Robin Alden, chief technology officer of Comodo, said in a blog post.

                        The group is not a standards-setting organization. Instead, it plans to supplement such groups by providing education, research and advocacy on best practices and the use of Secure Sockets Layer (SSL), a protocol for encrypting information over the Internet. The certificate authority infrastructure supports SSL..."

                        How Colorado's CISO Is Revamping the State's Information Security -- On a $6,000 Budget
                        CSO Feb 21, 2013
                        "Before Jonathan Trull took over as Chief Information Security Office for the state of Colorado in 2012, he had already been working in the Colorado Office of the State Auditor for a decade. As the Deputy State Auditor, he was responsible for overseeing annual audits of the state's systems.

                        It was during that time that Trull said he became concerned with what he observed as repeated mistakes and violations that were not addressed, and even took part in a penetration test on state systems with results he says were 'horrifying.'

                        Trull recently spoke with CSO about his new role, and how he hopes to create effective change in Colorado's security infrastructure—even on a miniscule budget..."'

                        Password Hashing Competition Aims To Beef up Security
                        TechWorld Feb 18, 2013
                        "Passwords are the most widely used security mechanism on the Web, so beefing up hashing algorithms, utilised to protect them, is important

                        Organisers of the Password Hashing Competition have set up a website for submissions, which are due by 31 January, 2014. The group has also posted technical guidelines and an explanation of how entries will be evaluated. No prizes are planned. The National Institute of Standards and Technology is a key body in the setting of standards for encryption and hash algorithms..."

                        Lessons Learned From a Decade of Vulnerabilities
                        Dark Reading Feb 19, 2013
                        "In 2012, the number of publicly reported software vulnerabilities jumped by 26 percent, the biggest increase in security issues in five years.

                        Bad news? Not necessarily. While the past decade of vulnerability disclosures saw the reversal of a five-year decline, it also marked a reduction in the number of easily exploitable, critical severity flaws. Two reports -- one released earlier this month and another scheduled for release next week -- analyzed the trends over the past decade or more and noted both positive and negative trends in software security..."

                        IT - Careers
                        Ten Ways to Instantly Boost Your Creative IQ
                        Baseline Feb 15, 2013
                        "When you're in the middle of a creative challenge, do you often find yourself staring blankly at an empty computer screen? Or leaping to take part in something—anything—that distracts you from the perplexing task at hand? If so, don't beat yourself up over it. Hitting a creative wall on a project is very common for professionals. Fortunately, there are ways to rediscover your inner genius to overcome these mental barriers..."

                        • Embrace Brainstorming
                        • Paint a Picture
                        • Get Help
                        • Check Out the Competition
                        • Ask Questions
                        • Take the Untaken Path
                        • Move It
                        • Stay Inspired
                        • Change Your Geography
                        • Sleep on It

                        Read on for details.

                          Looking for A New Tech Job? Brush Up on Your Linux Skills
                          WallSteet and Technology Feb 20, 2013
                          "A new survey has shown that recruiters are aggressively seeking Linux professionals to fill positions, with 93% of hiring managers saying they will hire a Linux pro in the next six months.

                          The study, conducted by Dice and the Linux Foundation, also revealed that salaries for Linux talent is growing at nearly double of other tech professionals, while more than a third of Linux pros are planning to switch employers in the year ahead..."

                          7 Frustrating Things about Being a Programmer
                          IT World Feb 13, 2013
                          "No doubt that most of you people who aren't programmers, or have never been programmers, look at those of us who are or were programmers and think, 'Boy, that’s gotta be a great job. Exciting, fast paced, highly compensated, well respected and, above all, extremely sexy. What’s not to love about being a programmer? I wish I was one.' Those are understandable assumptions. But, really, it’s not always all wine, roses and hanging out with George Clooney at his Italian villa..."
                            12 Networking Tips for Shy and Anti-Social IT Pros
                            CIO Feb 19, 2013
                            "If you're a naturally introverted person, getting close and sharing with people can feel unnatural and difficult, but it's not impossible. The first thing you have to realize is that you are not alone. Many of your peers, celebrities, dignitaries and people from all walks of life are introverts and yet they manage to overcome it, and so can you..."
                            • Rejection Happens, Get Over It
                            • Remember That Networking Is a Two-Way Street
                            • Play Off Your Strengths to Start?
                            • Keep It Simple
                            • Build a Networking Strategy
                            • Join Online Groups and Communities
                            • Do What You Say You Are Going to Do
                            • Attend Actual Groups and Join Communities
                            • Start a Blog
                            • Create and Refine Your Elevator Speech
                            • Keep Your Business Cards With You
                            • De-stress Yourself Before or After Stressful Situations

                            Read on for details...

                              Ten Ways to Reduce Stress in the Workplace
                              Baseline Feb 14, 2013
                              "We all know that a certain amount of stress comes with the territory, but an excess will cause a range of mental and physical ailments, according to experts. These illnesses can include headaches, body aches, breathing difficulty, exhaustion, dramatic weight gain or loss, and depression and anxiety. Stress also has been linked to heart attacks, high blood pressure and other serious conditions... Here are Ten Ways to Reduce Stress in the Workplace:'

                              • Accept Imperfections
                              • Unplug
                              • Ease Up on Caffeine
                              • Connect
                              • Work It Out
                              • Self-Massage Therapy
                              • Laugh
                              • Make a List
                              • Don't Compare
                              • Change the Scenery

                              Read on for details.

                                IT - Social Media
                                Social Networks Not Major Carrier of Malware, Study Finds
                                CRN Feb 21, 2013
                                "Malware communicating with command and control servers is more commonly associated with custom applications and not social networks, according to an analysis conducted by Palo Alto Networks.

                                The firm said custom and unknown traffic accounts for 55 percent of malware logs, yet they typically use less than 2 percent of network bandwidth. Most attacks are moving from email as the primary source to custom Web applications, driven by the Black Hole automated attack toolkit, said Wade Williamson, security analyst at Palo Alto Networks..."

                                Use of Social Networking Sites Can Increase the Likelihood of a Successful APT
                                informationWeek Feb 15, 2013
                                "A global cybersecurity survey of more than 1,500 security professionals found that more than one in five respondents said their enterprise has experienced an advanced persistent threat (APT) attack. According to the study by global IT association ISACA, 94 percent say APTs represent a credible threat to national security and economic stability, yet most enterprises are employing ineffective technologies to protect themselves..."
                                IT - Virtualization
                                3 Reasons SMB Virtualization Projects Fail
                                informationWeek Feb 18, 2013
                                "Virtualization ranks among the top IT priorities for the majority of small and midsize businesses (SMBs), according to new Techaisle data, but those projects often come with some pain. Seventy-two percent of SMBs included in the research listed virtualization as relevant to their business, second only to backup and disaster recovery in appeal. Yet more than half (56%) said virtualization is one of the toughest technologies for them to understand, ranking ahead of business intelligence, big data, data centers and mobility in complexity..."
                                IT - Compliance
                                PCI DSS: Is the Cure Worse Than the Disease?
                                IT World Feb 15, 2013
                                "Complying with the Payment Card Industry Data Security Standard (PCI DSS) is prohibitively expensive, and the cost of compliance bears very little relation to the cost of a breach, according to Dave Birch, director of IT consultancy Consult Hyperion.

                                Speaking at a Westminster eForum on the future of digital payments, Birch said that, while data driven identity fraud accounts for the overwhelming majority UK fraud, PCI DSS may not be the best solution in the long term..."

                                IT - Big Data
                                6 Big Data Risks You're Ignoring in Your Business
                                Business 2 Community Feb 21, 2013
                                "Imagine heading into a rainstorm with a broken umbrella full of holes: It's kind of pointless, right? Many business owners have a data security policy akin to a hole-ridden umbrella and spend little thought on patching the leaks in their small business security. What they don’t realize is that after something disastrous happens it's that much harder to rectify the problems caused by ignoring internal and external threats.

                                Here are 6 major business data protection errors – and what your business should do to beef up your protection...

                                • Your People Have the Power . . . To Compromise Your Data
                                • Your Business Bug-Out Bag Is Lacking
                                • BYOD Is Not Bring Your Own Donuts
                                • You Believe Secure Passwords Are for Sissies
                                • Skimp on Toilet Paper, Not Software
                                • Spam Is No Longer Delicious, But Your Corporate Data Is

                                Read on for details ...

                                Are You Looking at Long Data?
                                Information Management Feb 20, 2013
                                "I guess I shouldn't be surprised that Samuel Arbesman, author of 'Stop Hyping Big Data and Start Paying Attention to 'Long Data,'' is a fellow at the Institute for Quantitative Social Science at Harvard. I’ve mentioned the IQSS as a breeding ground for data scientists a dozen times in my IM blogs over the years.

                                Arbesman's thesis is that while big data is a powerful lens into the workings of human behavior, most such analyses are limited by being just a snapshot in time. What's missing is the time dimension..."

                                Big Data Myths Persist
                                InformationWeek Feb 21, 2013
                                "The rush to put a 'big data' label on every new use of data risks diluting the meaning of the phrase and, worse, may lead some organizations down a disappointing road, say two seasoned IT executives.

                                "I noticed our customers doing what a lot of people would consider to be 'big data' will often say, "We don't call it big data,'" Chris Taylor of Tibco Software told InformationWeek in a phone interview. Taylor leads product marketing for business event and in-memory computing products at Tibco.

                                These customers didn't want their work associated with "needle in a haystack" efforts, and felt such a description was far too limiting, he said."

                                Big Data of Tomorrow Will Be About Images, Audio, and Sensor Data
                                InformationWeek Feb 18, 2013
                                "A well-known visionary in the storage industry, and CTO of Hitachi Data Systems, Hubert Yoshida, is counted as one of the most influential industry leaders in the storage industry. Responsible for defining the technical direction of Hitachi Data Systems, Yoshida has been instrumental in evangelizing his company’s approach to storage-related technologies. In a detailed discussion with Srikanth RP from InformationWeek, Yoshida tells us about his unique challenges as a CTO, the true value of Big Data, some common myths about Big Data, and his perspective on some exciting technologies that would impact the future of storage.

                                Some edited excerpts:..."

                                Big Data Success Depends on Better Risk Management Practices like FAIR, Say Conference Panelists
                                ZDNet Feb 15, 2013
                                "This BriefingsDirect thought leadership panel discussion comes to you in conjunction with The Open Group Conference held recently in Newport Beach, California. The conference focused on 'big data -- the transformation we need to embrace today.'

                                The panel of experts explores new trends and solutions in the area of risk management and analysis. Learn now how large enterprises are delivering better risk assessments and risk analysis, and discover how big data can be both an area to protect, but also used as a tool for better understanding and mitigating risks..."

                                Big Value in Big Data: Quality, Not Quantity
                                CMO Feb 22, 2013
                                "'Big data' has become one of the most used buzzwords in digital marketing. There is no doubt that the accessibility and volume of data have both increased dramatically. Yet, instead of easing the marketing decision-making process, in many cases data is actually complicating it, forcing marketers to wade through an overwhelming amount of available information.

                                In a recent study by Web data monitoring company Cannote, 44 percent of advertisers indicated there is 'too much information to effectively measure for business.' So how can marketers get the most out of the data available?"

                                IT - Mobile
                                How to Gauge Mobile Users' Behavior without Stalking Them
                                NetworkWorld Feb 19, 2013
                                "It can be pretty difficult guessing how consumers will use a mobile app without being able to see it firsthand..."

                                "Personas are nothing new in software development. Before you can build an application, you have to have a sense of who you are building it for. Usually, personas are derived by a group pounding back Dr. Pepper and scribbling pictures on a whiteboard of who they believe will use their product. Often there are multiple personas involved, depending on the functionality. We give them clever names and try to pigeonhole their personalities into iconic worker-bee positions:..."

                                  Mobile Network Infections Increase By 67%
                                  Help Net Security Feb 15, 2013
                                  "Kindsight released a new report that reveals security threats to home and mobile networks, including a small decline in home network infections and an increase in mobile network infections... 'It's clear after publishing these metrics for a year that malware continues to be a problem for home and mobile networks,' said Kevin McNamee, security architect and director, Kindsight Security Labs..."
                                  PCI Council Offers Clarity on Cloud, Mobile Issues
                                  Dark Reading Feb 21, 2013
                                  "The PCI Council recently provided merchants with more detailed guidance on two topics most commonly confusing merchants in their pursuit to protect cardholder data and comply with PCI Data Security Standards: cloud storage and mobile payments. Led by merchants, banks, and payment processors participating in the council's community-driven special interest groups, the effort to clear up some of the confusion came to fruition with the publication of two separate documents this month..."
                                  Wearable Device Market Set To Explode
                                  IT Web Feb 22, 2013
                                  "A new research report suggests wearable computing could become the norm for consumers within the next five years. This comes amid rumours of smart watch devices from Apple and Samsung, while Google Glass also edges closer to mainstream release. ABI Research forecasts that by 2015, 485 million wearable computing devices will be shipped annually..."
                                  IT - BYOD
                                  4 Big BYOD Trends For 2013
                                  InformationWeek Feb 21, 2013
                                  "Last year, research firm Gartner heralded the bring-your-own-device, or BYOD, phenomenon as the 'most radical shift in enterprise client computing since the introduction of the PC.' Such headlines often smack of hyperbole but so far, BYOD has lived up to expectations.

                                  From executives who wanted corporate email access on their iPads to employees who lobbied IT to allow Android smartphones in place of BlackBerrys, consumers have driven the trend. But BYOD isn't just about getting what employees getting what they want. It's also about the army of tablets that have entered the enterprise and how those tablets have changed the way employees work..."

                                  10 Ways to Reduce Security Headaches in a BYOD World
                                  TechRepulic Feb 11, 2013
                                  "You're about to officially allow Bring Your Own Device (BYOD) in your organization. Understandably, you’re concerned with the security of your network and data. With all those unknown variables entering the mix, how will you safeguard your company and keep sensitive data from falling into the wrong hands?"
                                  Cloud, BYOD Are Not Without Risks
                                  ITBusinessEdge Feb 15, 2013
                                  "Two of the most common rallying cries when it comes to reducing cost and increasing efficiency would probably be the use of cloud and BYOD. In fact, I have recently recommended that SMBs leverage the cloud in order to trim their IT budgets.

                                  However, implementing cloud services and BYOD is not without its own set of risks, too, as highlighted by recent incidents..."

                                  A Tiered Approach to BYOD Control
                                  Continuity Central Feb 12, 2013
                                  "While research varies, most organizations are only aware of 70-80 percent of the devices on their networks. Enterprise mobility presents new IT challenges and security threats with regards to managing endpoints, safeguarding network resources and protecting sensitive data. You can’t ignore the iPad here, the Android smartphone over there, a consultant with a tethered laptop or the occasional personal WiFi access point blip – it’s the tip of the IT consumerization iceberg..."
                                  Top Ten Articles for last few Issues
                                  Vol 180 Issue 1, 2; Vol 179 Issues 1, 2, 3, 4 and 5; Vol 178 Issue 4
                                  We track how frequently each article is viewed on the web site to determine which the readers consider the most important. For last week, the top 10 articles were:

                                  • Rick Hetherington on the SPARC T5
                                  • Oracle Solaris 10 1/13 -- What's New
                                  • Time for Change: Optimizing Datacenter Infrastructure with Technology Refresh
                                  • Network Virtualization and Network Resource Management
                                  • Big Data Appliance X3-2 Updates
                                  • Oracle Launches ZFS Backup for Oracle Engineered Systems Expert Center
                                  • Examining Oracle Solaris 10 1/13 Secure Copy Performance for High Latency Networks
                                  • Oracle Delivers Unique Value with Oracle Solaris: IDC White Paper
                                  • Evaluating and Comparing Oracle Database Appliance Performance
                                  • Oracle IaaS with Capacity on Demand Enables Users to Pay for Capacity as Needed

                                  The longer version of this article has list of top ten articles for the last 8 weeks.

                                    The Document Foundation Announces LibreOffice 4.0
                                    Immediate Download Is Available
                                    LibreOffice is now available in version 4.0, to which, The Document Foundation reports, " ... several million lines of code have been added and removed, by adding new features, solving bugs and regressions, adopting state of the art C++ constructs, replacing tools, getting rid of deprecated methods and obsoleted libraries, and translating twenty five thousand lines of comments from German to English." Overall excellent backwards compatibility is retained for legacy extensions, but moving forward TDF is committed to a more pro-active approach to evolving the UNO APIs, with more functionality to be deprecated and eventually dropped. LibreOffice 4.0 is available for immediate download.
                                    NetBeans IDE 7.3 now in GA
                                    Offers Improved Support for the Java Platform
                                    NetBeans IDE 7.3, featuring advanced HTML5, JavaScript and CSS development capabilities, is now in GA. Oracle's press release reports 7.3 improves support for the Java platform with feature enhancements including hints and refactorings in the editor and improved support for editing FXML layout files in JavaFX projects. Among the other improvements in NetBans IDE 7.3 are Code completion support for jQuery; support for responsive Web design-based applications; CSS Styling support and code completion for new CSS3 rules; live code and Web page synchronization facilitated by deep bi-directional integration with Google Chrome and the internal WebKit-based browser; and JavaScript client generation from existing Java REST services.
                                    BAE Systems Maritime  Submarines Division Implements Oracle Enterprise Single Sign-On
                                    Achieves Secure Access, Regulatory Compliance with Oracle Solution
                                    BAE Systems Maritime – Submarines division implemented Oracle Enterprise Single Sign-On Suite to enable secure, simplified access for its 93,500 employees who require access for designing and building submarines over a 20-year lifecycle. The implementation allowed BAE Systems to secure user access to critical systems and enforce segregation of duties, Tanu Sood reports. Improved user efficiency resulted as did reduced service-desk requests by eliminating the need for employees to remember 20 to 30 passwords. The company was able to better manage regulatory issues by requiring a single source of truth to determine user access. Sood provides a link to a case study of the implementation.
                                    Trending in
                                    Vol 235, Issue 2
                                    Trending IT Articles