News about Oracle's Solaris and Sun Hardware
System News
Jul 7th, 2013 — Jul 14th, 2013 Generate the Custom HTML Email for this Issue
System News System News for Sun Users
Volume 185, Issue 2 << Previous Issue | Next Issue >>
Sections in this issue:
click to jump to section


IT - CxO
x
3 Good Reasons You Should Re-Hire Someone You Fired
TLNT, July 3, 2013
"There is an unwritten HR law that needs to be addressed. This law states: 'If you fire an employee, at no time in the history of mankind should you hire back that employee to your organization.'

So it is said, so shall it be'

I was reading an article recently about ESPN's new CEO, John Skipper, when he was asked about bringing back former polarizing Sports Center anchor Keith Olbermann. Here's what Skipper had to say about the possibility of bringing back Olbermann:..."

    Centralization vs. decentralization: A CIO.s Dilemma
    InformationWeek, July 9, 2013
    "Many large organizations face the dilemma of centralization and decentralization of IT environment. Centralization brings standardization, consolidation, control and better management along with cost advantages, whereas decentralization can drive local empowerment and engagement. There is no 'the rule' but following thoughts can help us in making the correct decision for centralization vs decentralization debate:-..."
    Employees Motivated by Praise, Not Money
    CIO Insight, July 1, 2013
    "Seven of every 10 employees are not engaged, research shows. So why should CIOs and other tech managers care? Because employee engagement directly impacts company performance. Departments within the top half of their organization in employee engagement nearly double their odds of success, Gallup reports. Those in the top quarter of engagement experience 37 percent less absenteeism, 25 percent less turnover and 21 percent higher productivity than counterparts in the lowest quarter...:"

    • True Worth
    • Priceless Praise
    • Solo Performance
    • Peer Acknowledgement
    • Management Approval
    • A Happy Place
    • Amicable Arrangement
    • Development Plan

    Read on for details.

    Putting DevOps to Work in the Enterprise: 10 Tips for Success
    eWeek, July 2, 2013
    "DevOps - a term that describes a collaborative process between software development and IT operations - is a fast-growing software development method that stresses communication and integration between software developers and IT professionals. DevOps is a direct and organized response to the need for interdependence of software development and IT operations. It aims to help an organization rapidly produce software products and services that help break down organizational silos through cultural change and automation..."

    • Identify the Business Needs
    • Identify Areas Where Company Culture Needs to Evolve
    • Decide How You Will Measure the Success of a DevOps Initiative
    • Give Management a Copy of 'The Phoenix Project'
    • Start Small
    • Plan for Scale
    • Leverage the Cloud
    • Work With Your Existing Tools
    • Continuous Improvement
    • Don't Create New Silos
    • Enjoy More Sleep

    Read on for details.

    Why the CIO Isn't Cutting It Anymore
    TechRepublic, July 8, 2013
    "CIOs, at least as we know them, aren't cutting it anymore. Here's why and here's how to think about IT leadership going forward.

    In 1986, when BusinessWeek introduced 'Management's Newest Star,' inviting us to 'Meet the Chief Information Officer,' the idea of adding anyone else to the C-Suite was not only revolutionary, it was frightening. Business computing was still a burgeoning field. Typewriters and paper files, the status quo. A CIO wasn't just a new officer: a CIO was a new way of doing things. Everything..."

    Doing More Than Paying Risk Management Lip Service
    Dark Reading, July 5, 2013
    "While the majority of CISOs may profess a commitment to managing security based on risk management principles, the truth about how they execute on those principles may be a lot more imperfect. The unfortunate reality, say experts, is that many organizations simply pay risk management lip service, but aren't really making security decisions based on risk management metrics..."
    Oracle
    x
    Optimize Database Storage for Maximum Performance and Efficiency
    Learn about the challenges of database storage management
    Digital data is growing at an unprecedented rate. And that's creating new challenges: Database performance is slowing as data sets grow and storage can't keep up. Backup and recovery windows are shrinking. And storage management is becoming even more complex. So what's the solution?

    A Smart Strategy

    Start by reading this book. Inside, you'll learn about the challenges of database storage management and how to address them with Oracle's storage solutions. Get information to help you:

    • Navigate storage choices
    • Optimize storage in database environments
    • Implement cost-saving features
    • Better protect your data

    Get your copy today of Database Storage For Dummies.

    Database Insider
    July 2013 issue
    The July issue of the Database Insider newsletter is now available. (Full newsletter here)

    NEWS

    • Mark Hurd and Other Top Executives Dive into Oracle Database 12c
    • Announcing Oracle Database 12c: The World's First Database Designed for the Cloud
    • Oracle Data Masking Pack Delivers Three-Year Risk-Adjusted ROI of 242 Percent

    LAUNCH WEBCAST

    • Plug Into the Cloud with Oracle Database 12c

    VIDEOS

    • Customers Talk About Oracle Database 12c
    • Customers Talk About Consolidation
    • Customers Talk About Privilege Analysis

    PODCASTS

    • An Introduction to Oracle Multitenant
    • Rabobank Uses Oracle Database Vault for Privileged Access Control

    CUSTOMER BUZZ

    • Read What Customers Are Saying About Oracle Database 12c
    • Sabre Holdings Talks About Oracle Database 12c's Data Redaction
    • Aramark Talks About Oracle Database 12c

    Read on for details

    Features
    x
    Availability Best Practices - Avoiding Single Points of Failure
    By Jeff Savit
    Jeff has written a post that is one of a series of "best practices" notes for Oracle VM Server for SPARC (formerly named Logical Domains) Avoiding Single Points Of Failure (SPOF).

    He says, "Highly available systems are configured without Single Points Of Failure (SPOF) to ensure that individual component failures do not result in loss of service. The general method to avoid SPOFs is to provide redundant components for each necessary resource, so service can continue if a component fails. In this article we will discuss resources to make resilient in Oracle VM Server for SPARC environments. This primarily consists of configuring redundant network and disk I/O. Subsequent articles will drill down into each resource type and provide comprehensive illustrations."

    Topics include:

    • Network availability
    • Disk availability
    • Service Domain Availability Using Multiple Service Domains

    In summary, Jeff writes, "Oracle VM Server for SPARC lets you configure resilient virtual network and disk I/O services, and provide resiliency for the service and I/O domains that provision them. Following articles will show exactly how to configure such domains for highly available guest I/O."

    SPARC
    x
    Oracle SPARC Software on Silicon
    See the Public CPU roadmap
    Recently Oracle ISV Engineering participated in the Oracle Technology Day, one of the largest IT event in Israel with over 1,000 participants. During the event Oracle showed the latest technology including the Oracle Database 12c and the new SPARC T5 CPU.

    Angelo Rajadurai presented the new SPARC T5 CPU and covered the latest features of this technology.

    The topics that Angelo presented were:...

    Virtualization
    x
    Oracle VM Receives an A+ in Recent Testing Benchmark
    By Francisco Munoz Alvarez
    Monica Kumar reports on a benchmark by Francisco Munoz Alvarez: "It's always nice to start off the new fiscal year with some good news and this year it comes at the hands of Francisco Munoz Alvarez, a seasoned expert, and Oracle ACE Director, in the Oracle community. With the help from his employer Revera Limited, a provider of utility computing infrastructure and enterprise data management solutions, Francisco recently compared the performance of Oracle Database workloads running in a bare metal environment versus a virtualized environment (Oracle VM and others). The results were quite telling!

    Here's what they found:

    • Oracle VM is the better virtualization technology to run Oracle Databases
    • Oracle VM makes a better use of all available resources
    • Oracle VM is more scalable and stable for Oracle Databases
    • Oracle VM allows better consolidation of loads in a virtual environment
    • Oracle VM uses less CPU than non-Oracle virtualization technologies

    Francisco and his team also found that without Oracle VM, organizations can have a full physical server (bare metal) with underutilized resources. However, by using Oracle VM organizations will be able to virtualize it to host many Oracle Databases, without sacrificing performance and can make better use of all available database licenses. They also noted a few bonus results including the fact that Oracle VM allows extra high availability and is fully certified and supported by Oracle..."

    IT - Storage
    x
    Server Side Caching vs. Raid Controller Caching
    Storage-Switzerland, July 8, 2013
    "Caching is an ideal way to maximize an investment in solid state disk (SSD), especially in virtual environments where massively random I/O patterns are the norm. Caching provides an automated way to make sure that the most active data is being serviced from the fastest possible storage device. As a result, several caching techniques have appeared on the market that may confuse organizations looking to invest in a cached SSD tier to improve virtual machine (VM) response time. In this article, Storage Switzerland will compare two of these techniques: Server Side Caching and RAID controller caching..."
    Java Technology
    x
    New Java Tutorials
    Available on the Oracle Learning Library
    Yolande Poirier says that, "Three new tutorials are now available on the Oracle Learning Library:"

    • New Java EE 7 tutorials and videos show how to create an application that uses the WebSocket API for real-time communication between a client and a server.
    • Java SE tutorial on how the built-in Java™ security features protect you from malevolent programs
    • Securing ADF Applications to Oracle Cloud by Using JDeveloper Webcast - Tom McGinn

    "The Oracle Learning Library (OLL) is a repository of free online learning content covering Java technologies. The content ranges from videos, tutorials, articles, demos, step-by-step instructions to accomplish a specific task to in-depth, self-paced interactive learning modules. The content is developed by Oracle developers as well as trusted community members. New content is uploaded daily..."

    IT - Technology
    x
    Of Touching, Fingers and Screens: Different Touchscreen Terms Today
    Business 2 Community, July 9, 2013
    "Touchscreens are the future. Scarcely six years ago, smartphones with touchscreens were niche products. Fast-forward a couple of years and you can hardly find any non-touchscreen device nowadays. The reason, besides operating systems, is of course the ease of using touchscreens and the ridiculously big screen sizes that come with them.

    Anyway, you were probably served a great deal of geek vocabulary as you were reading interesting stuff about touchscreens and the latest phones. Lost? Don't worry; here are some of the most used touchscreen terms that you'll see in tech blogs and news articles today..."

      IT - Cloud
      x
      Are Consumer Cloud Services or a BYOD Mindset a Bigger Security Threat?
      The ServerSide, July 1, 2013
      "If chief security officers are worried about the proliferation of the bring your own device (BYOD) trend, they should be hysterical over the inevitable data breaches that will occur as a result of employees bringing their own cloud computing software into the workplace.

      "When we talk about consumer cloud services like Dropbox, we find people bringing them in and inadvertently creating security holes," said Matt Richards, ownCloud vice president of products, when interviewed at the 2013 Red Hat Summit. "The result is potentially sensitive data sitting out in the cloud beyond the control of IT."

      BYOA: Challenges and Caveats for Controlling the Flood of Personal Apps
      Search Cloud Applications, July 1, 2013
      "In a recent SearchCloudApplications opinion column, Jan Stafford noted that software developers and users alike have reason to cheer the "unstoppable wave of 'bring your own applications' (BYOA) and 'bring your own cloud' (BYOC)." As Stafford puts it, the "woo-hoo factor" for both trends is their strong emphasis on innovation.

      But Stafford, who is this site's executive editor, also acknowledged the many enterprise-IT headaches that accompany BYOA and BYOC. So we turned to three of our expert contributors for advice on reaping the benefits of both movements while avoiding as many headaches as possible. Their insights follow..."

        Four Tips for Finding the Right Cloud Testing Tools
        Search Software Quality, July 8, 2013
        "Cloud-based testing tools have taken the software development industry by storm, offering advantages such as mobility, scalability and flexible pricing models. Test groups are also jumping on the bandwagon (or riding the jet plane?), but before investing in cloud testing tools, here are four tips to take into consideration..."
          How IT Can Learn To Stop Worrying and Love the Cloud
          InfoWorld, July 11, 2013
          "I always enjoy talking to my longtime colleague Sacha Labourey. Sacha is a fellow member of the so-called JBoss Mafia and is now founder/CEO of CloudBees, a public PaaS provider. (Full disclosure: My company just announced a partnership with CloudBees.) Sacha always thinks ahead and sums up elegantly what you have on the tip of your tongue, but can't quite find the words to say..."
          Selecting a Cloud Provider Starts with Exit Planning
          HelpNet Security, July 9, 2013
          "Let's begin with a story: The first day of the new week started very ordinarily and nothing indicated this was going to be a very long and tiring day for Sarah, a CIO of a large HR agency 'Jobs Are Us'. After she finished her breakfast, she headed to the office to attend the CEO staff meeting at 9am. Such meetings have been stifling, almost bordering on boring, but that was not going to repeat itself today..."
          Ten Questions to Ask When Writing a Cloud Security Policy
          IT Business Edge, July 10, 2013
          "Cloud security seems to baffle people, and it is not surprising why. It seems like no one is quite sure who is in charge of security in the cloud. Is it the company who owns the data stored there or is it the cloud provider? Or should it be some kind of combination of the two?..."

          • What do we want to put in the cloud - data, applications or both?
          • Do we have a good data classification policy and procedure
          • What existing policy does our company have that also applies to what we want to do in the cloud?
          • What have others in our industry done and what can we borrow?
          • Who within our organization is allowed to enter into agreements with cloud providers?
          • Where can my data or application be physically located?
          • What is our exit strategy and policy for removing data or applications from this cloud provider?
          • If we choose to put sensitive or protected data in the cloud, how well does the cloud provider’s security policies and procedures align with our organizations?
          • For applications in the cloud, who within our organization is allowed to modify settings on the cloud that affect performance?
          • How should we manage administrative privileges to the cloud provider?

          Read on for details.

          The Cloud Privacy Wars Are Coming
          InfoWorld, July 9, 2013
          "Germany's interior minister, Hans-Peter Friedrich -- the country's top security official -- cautioned privacy-conscious residents and organizations to steer clear of U.S.-based service companies, according to the Associated Press. As InfoWorld's Ted Samson has reported, "Friedrich is by no means the first E.U. politician to issue this type of warning, and as details continue to emerge about the U.S. government's widespread surveillance programs, such warnings are certain to garner greater attention."

          The blowback in Europe around NSA surveillance is no surprise. Privacy has always been a huge issue in Europe, as demonstrated by confrontations with Google, among others..."

          What Is PaaS? Experts Explain Growing Role In 'As A Service' Family
          Search Cloud Applications, July 8, 2013
          "Like the youngest child in just about any family, Platform as a Service (PaaS) is getting plenty of attention today -- but experts say it's still got a way to go before it catches up with its older siblings, Infrastructure as a Service (IaaS) and Software as a Service (SaaS).

          And although PaaS is steadily becoming more popular, if you ask five cloud-computing professionals "What is PaaS?" you're still likely to get five different answers..."

          Why the Public Cloud Is Driving IT Pros Crazy
          Baseline, May 30, 2013
          "IT professionals are getting anxious about cloud sprawl, according to a recent survey from PMG. So what exactly is that? PMG defines cloud sprawl as "a situation created by the rapidly increasing use of public cloud services and applications, such as file-sharing services, by employees or business units within a company, often without permission from the IT department." Such practices are leading to concerns about security, compliance and other operations-impacting areas, and technology professionals and managers say they're now willing to pull the plug on various unauthorized activities once they discover them..."

          • Bad Karma
          • Cloud Usages Causing Concern
          • Concerns About Unauthorized Cloud Apps
          • Executive Action
          • Cloud Services IT Limits or Prevents
          • Viable Alternative
          • Why IT Prefers the Hybrid Cloud
          • Purchase Plan
          • Moving Forward
          • Which TV Character Best Represents IT Qualities?

          Read on for details.

          IT - DR
          x
          Five Baseline Strategies for Data Center Business Continuity
          Continuity Central, July 11. 2013
          "Business continuity planning (BCP) should cover an organization's ability to avoid major business disruption from a disaster while addressing the principal concerns of business risk mitigation, and protecting and preventing lost data. Business transactions delivered from the data center / centre pose major challenges to business continuity.

          Data center infrastructure and the networks that support it play a prominent role in automating business processes and communication across the organization, customers, partners, suppliers and regulators to ensure the organization continues to run during a disaster..."

          IT - Networks
          x
          10 Biggest Home Networking Mistakes (and How to Fix Them)
          Network World, July 1, 2013
          The chances are pretty good that you have a wireless" home network, or you've been asked by friends, family or co-workers to help install one in their home... We've asked a bunch of home networking companies and other experts to provide us with a bunch of scenarios where they're seeing a majority of customer service requests, along with how you can quickly fix these 'mistakes'. We've ordered the list from the mistakes made at the beginning of the setup process, to mistakes made during configuration and post-network setup:"

          • Failing to determine a network's needs before buying a router.
          • Not recording older router settings before upgrading
          • Poor router placement
          • Connecting a new wireless router to an existing home network without powering down the broadband router
          • Plugging the Ethernet cable from the modem to the router into a LAN port instead of the WAN/Internet port
          • Leaving everything to default mode
          • Not enabling device sharing options, or setting a 'public' policy when attaching a new device to the network.
          • Having older Wi-Fi devices on the network that bring down the new router's performance
          • Not checking the router regularly for firmware updates
          • Jumping too soon to the 'hard reset' option

          Read on for details.

          One In Five Enterprises Use Software-Defined Networks: Survey
          zdNet July 9, 2013
          "Around one in five enterprises are currently using software-defined networks (SDNs), according to research carried out by Brocade.

          According to the company - one of the many SDN providers on the market - the 'we have no plans to evaluate SDNs' slice of the survey pie holds just one percentage point more than the "we are using them at present" segment. And yet it's almost exactly the same figure using alternative fabric-based networks..."

          12 Tips for SDN IT Buyers
          Network World, June 28, 2013
          "Software defined networking (SDN) offers significant opportunities and challenges for enterprise IT professionals. SDN has the potential to make networks more flexible, reduce the time to provision the network, improve quality of service, reduce operational costs and make networks more secure.

          The challenge for IT professionals is to select the right SDN offering for the right technology use case at the right time:"

          • Have a clear vision about how SDN technology will benefit your shop
          • It is very early days for SDN -- the market, standards and technology will evolve
          • Evaluate the impact of SDN on your IT organization
          • Think about SDN implementation challenges.
          • Identify a specific initial use case for SDN
          • Think about the potential impact of SDN on your operational costs
          • Support for legacy networks
          • Think about SDN in business value terms
          • Security
          • Standards support
          • Layer 4-7 support
          • Application ecosystem

          Read on for details.

          IT - Operations
          x
          IT Can Make Your Doctor Wash His Hands
          InformationWeek, July 6, 2013
          "Fact: Many doctors don't wash their hands between patients. This may be partly responsible for nearly 100,000 deaths per year due to infections contracted in hospitals.

          Fact: CIOs can fix this. Sure, it doesn't seem immediately like their job to do so, but given the life-or-death situation, someone should step up.

          There are a number of vendors offering products designed to enforce hand washing policies. Many of these solutions depend on hardware such as motion sensors and wash room cameras. One of the more innovative solutions however, is AgileTrac from GE Healthcare..."

          The Modern Data Center's Hidden Risks: 2 Key Lessons
          InfoWorld, July 8, 2013
          "As powerful as modern infrastructure technology has become, there's no denying it's grown more complex and interdependent. As much as these new technologies have made life in IT easier and more efficient, they also have created a new class of difficult-to-sort-out failures -- some that can sit dormant for months or years before they're detected.

          In the past, a typical enterprise data center might have consisted of many servers, some top-of-rack and end-of-rack network switching gear, and a few large storage arrays. Dependencies in that sort of environment are clear. The servers rely on the availability of the network and the storage they're addressing. The network and storage (and its associated network) don't depend on much beyond themselves..."

          The Security Threat Lurking in your End-Of-Use Equipment
          Business 2 Community, July 8, 2012
          "ITAD is an important process for companies of all sizes and in all industries to properly plan for. If you use equipment that stores data of any kind, you need to have a solid data security policy and program in place to not only address security issues while the equipment is in use, but also to manage those assets when you're ready to upgrade or replace them. If you need evidence on why this is so important, just take a look at these real-world examples!.."
          CIOs Need to Up Their Outsourcing Vendor Management Game
          CIO, June 28, 2013
          "As the IT outsourcing industry is undergoing some fundamental changes, CIOs will need to take their vendor management game to a new level. Forrester vice president and principal analyst John C. McCarthy discusses how CIOs can move from outsourcing procurement to true vendor management.

          There's no question that the IT outsourcing industry is undergoing some fundamental changes. IT leaders are looking for more innovation from their partners. Business users are bypassing IT to procure their own technology services and products. And outsourcing providers are struggling to understand the shifting dynamics of their deals and relationships..."

          The Modern Data Center's Hidden Risks: 2 Key Lessons
          InfoWorld, July 8, 2013
          "As powerful as modern infrastructure technology has become, there's no denying it's grown more complex and interdependent. As much as these new technologies have made life in IT easier and more efficient, they also have created a new class of difficult-to-sort-out failures -- some that can sit dormant for months or years before they're detected..."
          IT - Security
          x
          Researchers Mimic Board Game to Bolster Computer Security
          CSO, July 2, 2013
          "University researchers have built a program that mimics the way people play the memory game Concentration, opening the possibility of improving computer security by distinguishing human behavior from bots.

          The study, conducted by North Carolina State University researchers, sets the groundwork for one day being able to integrate within software highly accurate bot-detection programs to prevent computer fraud.

          Bots are software applications that run automated tasks over the Internet. While having legitimate purposes, such as fetching information from websites for search queries, bots are also used by scalpers to buy large quantities of tickets from ticketing sites and to infiltrate online in-game economies to amass virtual currency..."

          Identity and Access Management Tips for Proactive Compliance
          HelpNet Security, July 9, 2013
          "N8 Identity announced eight tips for proactive compliance through identity and access management (IAM) best practices. These tips offer advice to organizations seeking to achieve continuous compliance and measurable business benefits through a streamlined and proactive approach to IAM.

          Make IAM a cross-business goal: Too many organizations push responsibility for IAM over to the IT department. Business processes that include all departments will make sure nothing falls through the cracks..."

          Alert! Study Finds Internet Users Heed Browser Warnings
          ComputerWorld, July 10, 2013
          "Security warnings displayed by Web browsers are far more effective at deterring risky Internet behavior than was previously believed, according to a new study.

          The study looked at how users reacted to warnings displayed by Mozilla's Firefox and Google's Chrome browsers, which warn of phishing attempts, malware attacks and invalid SSL (Secure Sockets Layer) certificates..."

          Ignore Physical Security At Your Peril
          IT Web, July 8, 2012
          "As has been demonstrated recently, physical security cannot be ignored. The theft of around $2 million worth of jewellery at the Cannes Film Festival, and the R1 million in cash stolen from FNB Stadium following the Justin Bieber concert, are prime examples of the best-laid security plans gone wrong.

          This physical security is paramount for organisations dealing with sensitive customer information, and is becoming a reality for companies subject to new laws that require greater data responsibility. The Consumer Protection Act and the imminent Protection of Personal Information Act are two examples of wide-reaching legislation that place a greater onus on organisations to ensure they take precautions against data loss..."

          In His Own Words: Confessions of a Cyber Warrior
          InfoWorld, July 9, 2013
          "Much of the world is just learning that every major industrialized nation has a state-sponsored cyber army -- though many of the groups, including team USA, have been around for decades.

          I've met a few cyber warriors. As you might imagine, they can't talk much about their duties. But if you work shoulder to shoulder with them long enough, certain patterns emerge. For starters, there are a lot of them. They are well armed with cyber weaponry, and they're allowed to experiment and hack in ways that, as we all now know, might be considered illegal in some circles..."

            Machine-Learning Project Sifts Through Big Security Data
            Dark Reading, June 28, 2013
            "As an information-security consultant, Alexandre Pinto spent 12 years helping companies set up difficult-to-configure systems to cull security intelligence from logs and security events.

            Yet configuring the systems required months of work and even then needed constant maintenance to enable them to detect the latest threats and pinpoint likely malicious traffic. He realized that while companies may want to monitor their networks for threats, they typically have too few security people to work through data from far too many logs -- a problem that will only get worse as companies seek to sift through more operational data to detect threats. Big data could be the downfall of security if companies don't find better ways of dealing with the growing volumes, he says..."

            Seven Steps to Building an Effective Incident Response Program
            Search CIO, July 10, 2013
            "Forrester Research has referred to 2011 and 2012 as the 'golden age of hacking' and now, just one-quarter through 2013, this golden age is undoubtedly continuing. In the first three months of the year, Apple, Bit9, Facebook, Microsoft, The New York Times, The Wall Street Journal, and Twitter made the security breach headlines..."

            • Be self-aware
            • Understand technology benefits and limitations
            • Establish realistic reporting and metrics
            • Make the program scalable
            • Collaborate internally and externally
            • Engage executives
            • Operate with autonomy

            Read on for details.

            Twenty Critical Security Controls for Effective Cyber Defense
            SANS.org, July 11, 2013
            "Over the years, many security standards and requirements frameworks have been developed in attempts to address risks to enterprise systems and the critical data in them. However, most of these efforts have essentially become exercises in reporting on compliance and have actually diverted security program resources from the constantly evolving attacks that must be addressed. In 2008, this was recognized as a serious problem by the U.S. National Security Agency (NSA), and they began an effort that took an "offense must inform defense" approach to prioritizing a list of the controls that would have the greatest impact in improving risk posture against real-world threats. A consortium of U.S. and international agencies quickly grew, and was joined by experts from private industry and around the globe. Ultimately, recommendations for what became the Critical Security Controls (CSCs) were coordinated through the SANS Institute..."
            With Carberp Source Code's Release, Security Pros Expect the Worst
            CSO, June 27, 2013
            "With the previously $40,000 Carberp Trojan's source code now freely available, experts expect exceptionally destructive variants of the malware to flow onto the Internet.

            Carberp-based malware is expected to take advantage of the bootkit module packaged with the code, making the variants unusually difficult to remove. When an infected computer is turned on, the bootkit driver is the first to load, giving the criminals behind the malware control over any other software..."

              IT - Careers
              x
              Good Employee, Selfish Employee
              InformationWeek June 28, 2013
              "I'm in the middle of reading marketing guru Peter Shankman's new book, 'Nice Companies Finish First: Why Cutthroat Management Is Over--and Collaboration Is In.' It's an important topic. I've written frequently about why bully bosses lose and why nice bosses don't always win, and Shankman's book adds valuable new insights to the discussion.

              In addition to his main takeaways, a side trip in an early chapter makes an important point that deserves highlighting: Being selfish at work is good..."

              The Worst -- and Best -- IT Job Interview Questions
              InfoWorld, July 9, 2013
              "You've probably seen them making the rounds on social media: the brain-busting, stutter-inducing questions asked in job interviews at places like Google (How many cows in Canada?), Apple (What are five ways to put a hole in a sheet of metal?), Dell (What songs best describe your work ethic?) and Novell (How would people communicate in a perfect world?).

              Less likely to be discussed is whether such interview questions actually help employers find the right IT pros..."

              Servers
              x
              University Gives High Grades to Oracle Exadata Database Machine
              Stephen F. Austin State University
              Stephen F. Austin State University (SFA), an independent public university serving 13,000 undergraduate and graduate students in Nacogdoches, Texas, implemented Oracle Exadata Database Machine to be able to improve registration and student system reliability, while staying current on hardware support.

              With an Oracle Exadata quarter rack supporting SFA's enterprise resource planning (ERP) and student information applications, the university can now support up to 2,000 concurrent users, an up to 8X capacity increase over its legacy system, with response times between three and 10 seconds - enabling students to register for classes more quickly with virtually no system bottlenecks or downtime.

              SFA also deployed a quarter rack to support a new disaster recovery data center - helping to ensure that the university's ERP and student data is always available.

              Due to vastly improved system reliability and scalability, SFA's systems and database administration team has been able to reduce staff overtime by eliminating the need to work nights and weekends to address performance issues.

              IT - Email
              x
              Ferrari Tells Workers to Slam the Brakes on Email
              IT World Canada, July 5, 2013
              "From now on, each Ferrari employee will only be able to send the same email to three people in-house Italian sports car maker Ferrari S.p.A. has ordered its employees to throttle back on their workplace emailing and resort to old fashion talking instead.

              Management's message to employees could be summarized as: Talk to each other more and write less..."

              Note To All Internet Users: Trust No One
              InfoWorld, July 9, 2013
              "Customers should assume that American multinational telecom companies are providing the U.S. government access to their personal data, according to whistleblower Edward Snowden. In an interview with Der Spiegel conducted before he went public about the NSA's surveillance programs, the former NSA contractor also said that punishing companies who collaborate with the agency should be 'the highest priority of all computer users who believe in the freedom of thought.'..."
                Patent for Self-Destructing Email Could Be a Real 'Boom' for Security
                Search CIO, July 5, 2013
                "It's Independence Day weekend: Get ready too ooh and ahh over some awesome explosions. OK, nothing will literally explode, there will be no bright colors or big booms, but this is something post-NSA-leak Americans are sure to love more than apple pie: self-destructing email. Let's pause a moment to savor those words..."
                  Security Manager's Journal: Auto-Forwarded Emails Could Be a Huge Problem
                  ComputerWorld, July 8, 2013
                  "Recently, a bounce-back message from one of my company's internal email distribution lists led to a startling discovery: People are automatically forwarding their company email offsite to Gmail and other personal webmail services.

                  It all started when our marketing group set up a meeting using the marketing email distribution list in Outlook. One person then replied to all that she wouldn't be able to attend. She then received the bounce-back message -- from an outside email address. Because she assumed that the error meant there was a problem with our email system, she opened a help desk ticket..."

                    Storage
                    x
                    Golf Channel Selects Oracle's Pillar Axiom Storage System
                    Accessing More than 100,000 Hours of Programming
                    Oracle's SAN Storage Delivers Substantial Performance Improvement over Legacy Environment Accessing More than 100,000 Hours of Programming

                    Golf Channel, one of the fastest growing networks on television, is using Oracle's Pillar Axiom 600 storage system to support more than 100,000 hours of content, as well as rapid growth and new reality programming.

                    Golf Channel, a member of the NBC Sports Group, launched in January 1995 and was the first fully digital production facility in the United States. In its first year, Golf Channel offered a limited tournament schedule to less than 5 million homes in the United States. Today, the network televises more than 150 events each year from all the world's top tours, as well as quality original productions to more than 120 million homes worldwide.

                    In the past two years, the company has more than doubled the amount of content that it creates, driving up storage requirements significantly.

                    Seeking a cost-effective storage solution with the reliability to handle large file sizes and deliver content nearly at a moment's notice, the Golf Channel deployed the Pillar Axiom 600 storage system.

                    IT - Backup
                    x
                    Big Data Demands Big Changes to Legacy Backup Licensing
                    Storage-Switzerland, July 11, 2013
                    "It is no surprise that backup related expenditures represent a major cost center for most data center environments. As data grows, so grows the need to increase the hardware and software resources for protecting this information. Denser disk and tape hardware architectures combined with technologies like compression and data deduplication have helped bring some reductions to the costs of backup hardware, however, there hasn't been any corresponding 'relief' in terms of how backup software is licensed or consumed..."
                    IT - Big Data
                    x
                    How Big Data Security Analytics is Set to Transform The Security Landscape
                    InformationWeek, July 10, 2013
                    "Disgraced cyclist Lance Armstrong made headlines last week when he told French newspaper Le Monde that he couldn't have won the Tour de France without doping. But velodrome cyclist and entrepreneur Sky Christopherson, speaking Thursday at the Hadoop Summit in San Jose, Calif., offered a more hopeful perspective: Racers can win with big data analysis instead of performance-enhancing drugs..."
                    Big Data, Bad Analytics
                    Search CIO, July 10, 2013
                    "Big data is not about the data, it's about the analytics, according to Harvard University professor Gary King -- and, boy, are there some really bad analytics out there. One of his favorite recent examples concerns a big data project that set out to use Twitter feeds and other social media to predict the U.S. unemployment rate. The researchers devised a category of many words that pertained to unemployment, including: jobs, unemployment and classifieds. They culled tweets and other social media that contained these words then looked for correlations between the total number of words per month in this category and the monthly unemployment rate. This is known as sentiment analysis by word count, and it's a common analytics approach, King said..."
                    5 Ways Big Data Can Improve Your Car
                    InformationWeek, July 11, 2013
                    "With all the talk about the benefits of Big Data at work and at home, it's easy to overlook the one area where most of us spend far too much time: our cars. The connected auto is quickly moving from concept to reality, one that promises safer roads and other nifty benefits, provided we're willing to sacrifice a bit more personal info.

                    But what steps should automakers take to bring this data-driven paradise to their vehicle fleets? According to Dave Ferrick, CEO of Agero, a Medford, Mass.-based provider of connected vehicle services, the trick is to offer enhancements that appeal to both drivers and passengers, but without sacrificing vehicle safety and user privacy..."

                    Big Data Jumps to the Cloud
                    Network World, July 8, 2013
                    "Kevin Walker's sales team was buried under information. Internal records, news reports, third-party data sources.

                    Take a simple question like 'Which customer should I call first?' The sales team might want to reach out to a customer who has just hired a hundred new employees, or the one whose equipment is ready to be replaced - but that requires going through all those information sources and then prioritizing.

                    The information is coming in fast, at high volumes, in a variety of formats. It's too much for human beings to handle - it's a job for Big Data analytics..."

                    Can Big Data Trump Doping In Sports?
                    InformationWeek, July 1, 2013
                    "Disgraced cyclist Lance Armstrong made headlines last week when he told French newspaper Le Monde that he couldn't have won the Tour de France without doping. But velodrome cyclist and entrepreneur Sky Christopherson, speaking Thursday at the Hadoop Summit in San Jose, Calif., offered a more hopeful perspective: Racers can win with big data analysis instead of performance-enhancing drugs..."
                    IT - BYOD
                    x
                    5 BYOD Pitfalls and How You Can Avoid Them
                    CIO, June 19, 2013
                    "Are you blacklisting rogue or time-wasting apps? Are you tracking voice, data and roaming usage? Have you stamped out jail-broken phones?

                    If you're not doing these and other Bring Your Own Device (BYOD) related tasks, then you're setting yourself up for a fall that can threaten your network security, reduce worker productivity and take a bite out of your budget:"

                    • Pitfall 1: An 'Open Door' Attitude Toward Apps
                    • Pitfall 2: Playing the Role of Big Brother
                    • Pitfall 3: Ignoring Usage Tracking
                    • Pitfall 4: Allowing Rogue BYOD Phones and Tablets
                    • Pitfall 5: Giving BYOD Policies Short Shrift

                    Read on for details.

                    BYOD Breeds Distrust: Aruba Networks
                    Datamation, July 8, 2013
                    "Many workers don't trust their employers not to take peek at their personal mobile data, according to a new report from Aruba Networks (PDF). Not only is this distrust undermining "bring your own device" (BYOD) initiatives, it's putting business data at risk.

                    A global survey of 3,014 employees, conducted by Shape The Future, revealed that 45 percent of Americans, 25 percent of Europeans and 31 percent of Middle Easterners had concerns about their employers accessing non-work data on their personal mobile devices. These fears can have a damaging effect on employee morale..."

                    Top10
                    x
                    Top Ten Articles for last few Issues
                    Vol 185 Issue 1; Vol 184 Issues 1, 2, 3, 4; Vol 183 Issues 3, 4 and 5
                    We track how frequently each article is viewed on the web site to determine which the readers consider the most important. For last week, the top 10 articles were:

                    • Microsoft and Oracle Enterprise Partnership
                    • IBM "per core" comparisons for SPECjEnterprise2010
                    • The Sun ZFS Storage Appliance
                    • Availability Best Practices on Oracle VM Server for SPARC
                    • Oracle SDN (Software Defined Networking)
                    • Blazing Performance: SPARC Microprocessors
                    • Oracle VM VirtualBox 4.2.16
                    • Java Spotlight Episode 139: Mark Heckler and Jose Pereda on JES based Energy Monitoring
                    • Oracle SuperCluster T5-8
                    • Virtual Developer Day: MySQL - July 31st

                    The longer version of this article has list of top ten articles for the last 8 weeks.

                      IT - Encryption
                      x
                      Encryption Practices Vary Widely In the Cloud, Survey Finds
                      Network World, June 28, 2013
                      "A survey by Ponemon Institute of 4,205 business and IT managers around the world found that more than half now transfer sensitive or confidential data to the cloud, while taking various approaches to encrypting that data.

                      Another 31% said they expected to transfer sensitive data to the cloud within the next 24 months, while 16% said they did not.

                      However, only 35% of U.S.-based respondents indicated they knew what steps are being taken by the cloud provider to protect this sensitive data, which was not much different than the response from other parts of the world, including the United Kingdom, France, Australia, Japan and Brazil. .."

                        IT - Server
                        x
                        Serious Flaws Found in IPMI Server Management Protocol
                        InfoWorld, July 8, 2013
                        "Security experts are warning companies to segregate and closely monitor network traffic to a highly vulnerable protocol used in remotely monitoring and managing servers.

                        Independent security consultant Dan Farmer identified serious flaws in the Intelligent Platform Management Interface (IPMI) protocol that talks to the server's Baseboard Management Controller, a microcontroller embedded in the motherboard..."

                        IT - Tape
                        x
                        Pros and Cons Of Backup Tape Encryption
                        Search Data Backup, July 1, 2013
                        "IT security is arguably more important than it has ever been. As such, administrators have been conditioned to encrypt data whenever possible. Even so, the 'encrypt everything' plan might not always be the best course of action, especially when it comes to your backups.

                        Before I begin debating the advantages and disadvantages of backup encryption, it is important to point out that there are many different forms of backup encryption. Backup encryption could refer to disk-based storage encryption, encrypted backup tapes, network transport encryption, or a number of other encryption types. For the purposes of this article, I will focus on encrypting backup tapes..."

                        Developer
                        x
                        What's New in EMCLI
                        Oracle Enterprise Manager 12c Release 3

                        Adeesh Fulay writes, "If you have been using the classic Oracle Enterprise Manager Command Line interface ( EMCLI ), you are in for a treat. Oracle Enterprise Manager 12c R3 comes with a new EMCLI kit called 'EMCLI with Scripting Option'. Not my favorite name, as I would have preferred to call this EMSHELL since it truly provides a shell similar to bash or cshell. Unlike the classic EMCLI, this new kit provides a Jython-based scripting environment along with the large collection of verbs to use. This scripting environment enables users to use established programming language constructs like loops (for, or while), conditional statements (if-else), etc in both interactive and scripting mode..."

                        NetBeans
                        x
                        JDeveloper 12c
                        Yet Another NetBeans Platform Application
                        Geertjan Wielenga writes, "There's a lot to recognize in the recently released Oracle JDeveloper 12c. Definitely time to add it to the NetBeans Platform Showcase, since JDev 12c is now visibly a NetBeans Platform application, along with hundreds of other applications, such as Microchip MPLAB X, Lua Glider, DbWrench, VisualVM, and jMonkeyEngine SDK, to name just a few of at least hundreds (that we know of, though I suspect thousands) of others..."
                        Security
                        x
                        National Security, the "two man rule" and Solaris
                        Built in to Solaris Since Solaris 10 (2005)
                        Jim Laurent, an Oracle Sales consultant, writes, "Solaris 10 and 11 have all the tools to assist in creating a "two man rule." In fact, we published a paper on the topic in 2005. Its comprehensive role and profile based collection of authorizations ensure that only user with the proper authorizations are allowed access to administrative tools. Solaris can be configured so that one user has the role of "Security Admin" while another user has the role of "System Admin." The security admin has privileges to add users and give (or remove) authorizations from those users but does not have all the other traditional capabilities of "root." In other words, the security admin cannot accidentally "rm -rf /" to corrupt the system. The system admin has authorizations to perform traditional system administration functions such as create file systems, manage services but cannot create new users or give himself additional privileges..."
                        Trending in
                        Vol 232, Issue 2
                        Trending IT Articles