New Java 0-day Exploit Could be "Nightmare for IT"

Seculert, a threat-detection vendor, has published its analysis of a new Java 0-day exploit discovered in the wild.  The company says the very effective vulnerability is expected to cause "a nightmare for IT managers." You can read their report here:

James E. Powell
Editorial Director, ESJ

Posted on 08/29/2012 at 11:53 AM0 comments

Survey Asks: Whose Head Would Roll?

On Monday on the exhibit show floor at the VMworld conference in San Francisco, Symantec conducted a mini-survey asking over 130 respondents several interesting what-if questions -- who should take the blame if a virtual server failed, an enterprise didn’t comply with PCI, or a virtual backup’s failure resulted in missing merger and acquisition documents?

Who takes the fall? You can read the survey results here.

-- James E. Powell
Editorial Director, ESJ

Posted on 08/29/2012 at 11:53 AM0 comments

SSD Adoption in the Real World

Are SSDs just luxury items for your data center as many claim? Maybe not. Of the 136 VMworld attendees surveyed on Monday, 62 percent said they are using SSDs in their data center now, a third plan to add more in the next six months, and 29 percent expect to add more within a year.

Certainly this isn’t a scientifically controlled sample, but it still gives us a glimpse into what’s happening in enterprise data centers today.

Of course, many enterprises are still kicking SSDs’ tires. When asked what percent of their business-critical applications are supported by SSDs, 12 percent put the figure at 75 - 100 percent; 9 percent said half to three-quarters of their apps were supported by SSDs; and 56 percent said it was less than half of their applications.

Among the most compelling reasons to adopt SSDs: 60 percent said it was “higher IOPS and faster response time for business applications”; one-third (34 percent) cited “consistent higher performance for virtualized applications.” Only 5 percent chose “provide a competitive edge.”

Speed is critical. When asked if a survey participant had heard anyone at their company “complain that the response time for a database or enterprise application (such as e-mail) was too long,” 71 percent said “yes.” What, only 71 percent?

Respondents could give multiple answers when asked what’s going to generate the most demand for SSDs in the next year. Those included: databases (54 percent), server vitualization workloads (44 percent), performance in a smaller footprint (26 percent), and e-mail apps (4 percent).

The survey was conducted by STEC, Inc., a solid-state drive (SSD) solutions provider.

-- James E. Powell
Editorial Director, ESJ

Posted on 08/29/2012 at 11:53 AM1 comments

New Survey Shows Areas with Greatest IT Jobs Per Capita, a career network that claims to have over 26 million users who collectively apply for jobs 1.5 million times each month, has released a new report on “the pulse of employment in the U.S.”

The company has released two “infographics” -- one listing the top 10 metropolitan areas with the most jobs per capita available, and another showing locations with the highest per capital job candidates available. Among the top 10 locales with available jobs, 6 place IT among the top industries for the region. Among these six, the job titles most in demand are “Java developers, business analysts, and software engineers.”

In the top market, San Jose, the industries creating the most jobs per capita are IT, engineering and architecture, and sales and sales management. In its survey, Beyond says the average salary in San Jose is $57,000, but the cost of living is 52 percent above the national average. The report lists “Top Job Titles Employers Need to Fill” in San Jose as software engineers, project managers, and Java developers.

Other cities in the top 10 include Bloomington, Illinois; Manchester, New Hampshire; Cheyenne, Wyoming; Des Moines, Iowa; Columbus, Indiana; Springfield, Illinois; Casper, Wyoming (Wyoming again!); Billings, Montana; and Washington, D.C.

The report lists the next 40 locales to round out the list to 50; in this list are only two “big city” tech cities -- San Francisco and Denver. New York didn’t make the list, nor did Los Angeles, Chicago, Houston, Philadelphia, Atlanta, or Dallas.

Among all top-10 cities with the most job candidates available, the survey doesn’t list any IT jobs among the “easiest jobs to hire for.” Warehouse workers, yes, customer service reps, yes -- even Phlebotomists (in Winston-Salem, North Carolina) -- but no candidates with anything remotely resembling an IT job title.

You can see the complete infographic here.

-- James E. Powell
Editorial Director, ESJ

Posted on 08/27/2012 at 11:53 AM0 comments

Survey Sheds Light on Big Data Challenges, Practices

With data growing every day, how are IT managers coping? A survey conducted by RainStor from mid-July through mid-August acknowledged the importance of big data -- three-quarters (75.7 percent) of the mid- to senior-level managers responsible for big data infrastructure and analytics environments agree that “managing their big data and making it available across the enterprise was important to improve overall business value.”

Of course, knowing it’s important to manage big data successfully doesn’t mean you’re doing so. Of particular interest, 10.8 percent of respondents didn’t know if big data helped their organization make better business decisions, and 8.1 percent it didn’t.

When RainStor asked 110 executives in specific industry sectors including banking, financial services, telecommunications and manufacturing about the biggest challenges of managing big data, 37 percent said it was in analyzing the data; 25 percent claimed it was the speed of data creation (the “velocity” aspect to the familiar “3 Vs of big data” -- volume, velocity, and variety).

What happens when big data gets too big? According to RainStor, “Surprisingly, almost 30 percent of respondents look to less expensive data warehouses when they reach capacity in their existing enterprise data warehouse.” Actually, that’s not so surprising, which RainStor admits in its report, pointing to limited IT budgets.

For more than a quarter of respondents (25.7 percent), when the data gets too much to handle, data is moved to tape. Despite a tendency for enterprises to store data indefinitely (especially after adopting a big data mindset), archiving is used out of necessity. Of course, this poses additional problems, such as not having the data available for immediate query to meet regulatory compliance inquiries. RainStor also points out that in the banking and financial services industries, regulations created from Dodd Frank legislation specifies that tape isn’t “an acceptable medium for data that must be stored for 10+ years.” The company says that 12.5 percent of respondents point out that it can take one to two weeks (sometimes more) to “reinstate the data for online query.” (The most popular response -- at 37.5 percent -- was “multiple days.”)

Hadoop is often mentioned in the same breath as big data, just as it is in this survey. Of respondents “seriously looking” at Hadoop, most are split right down the middle between “being considered as an augmentation to existing data warehouse/database environments versus a replacement strategy” (that is, as a standalone solution). If it’s so popular, what’s holding enterprises back? Over half of those surveyed claim they lack the required skilled resources or they can’t take on new technologies or projects.

I asked Deirdre Mahon, vice president of marketing at RainStor, if the survey results offered any surprises. “Although Hadoop and big data are almost synonymous today, we see that half are looking at it as an augmentation to their existing database and data warehouse environments. That makes a lot of sense, especially with the level of investment that has been poured in over the last few decades. What surprised us was the 25 plus percent of respondents that still put data on offline tape. It just seems so antiquated now. We do believe Hadoop as a platform will pretty much replace offline tape in the not so distant future. It just makes sense.”

Did Mahon see any trends from previous surveys? “It’s interesting that there have been a number of big data surveys conducted of late by other sponsors, and many of the findings point to the same trends. For example, using Hadoop as an augmentation strategy, such as for ETL or prototyping, and the fact that standard SQL as a query language is not going away any time soon. Our survey said 85 percent still rely upon it to run daily queries.”

-- James E. Powell
Editorial Director, ESJ

Posted on 08/24/2012 at 11:53 AM1 comments

Security Executives Admit They’re Poorly Prepared for Targeted Attacks

In its new Cyber-readiness Reality Check report, security specialist CounterTack points out what many organizations fear: they’re ill-prepared to detect and stop advanced, targeted attacks.

The independent survey of 100 information-security executives at large U.S. enterprises (those with $100 million or more in revenues) conducted in mid-June found that nearly half of respondents admitted that their enterprises were attacked in the past 12 months; a third of those “lack confidence in their organizations’ readiness to defend against further aggression.”

More worrisome is that 84 percent of respondents say their organizations are still “vulnerable to advanced persistent threats (APTs) targeting intellectual property or other critical organizational assets.” CounterTack also said 44 percent of respondents “admitted a lack of time and resources when it comes to dealing with such threats.”

Outmoded technology is another big problem. “Static, perimeter-centric tools such as firewalls remain the most relied upon security products,” and more than a third (36 percent) admitted that if an attacker breached their perimeter defenses and accessed their networks, “they would not be able to see or stop the attack.” [Emphasis added] Good grief.

Yes, 80 percent of security executives admit that their enterprise could benefit from “adopting a military-style approach to security learned from physical battlefields -- such as situational awareness and intelligence gathering,” but only 21 percent say they’ve taken such a “warrior” stance to protect their assets; 58 percent are taking a “protector” role in defending company assets.

The full report and a summary infographic are available at

-- James E. Powell
Editorial Director, ESJ

Posted on 08/13/2012 at 11:53 AM0 comments

Zscaler Researchers’ Report Reveals Who’s Doing What on the Web

We know the Web can be a dangerous place. A new report from Zscaler’s research group, ThreatLabZ, quantifies that danger.

For example, you’d best surf at your own risk, because one out of five URLs is likely to be malicious. The company analyzed results from Zulu, its free, real-time service introduced this year that evaluates security risk and site-reputation information, rating a URL as benign, suspicious, or malicious depending on an analysis of a page’s content and hosting and DNS information. The researchers found that one fifth of 30,156 URLs evaluated were rated as “highest risk.”

Google search results are another part of the problem. The researchers point to a rise in “fake” Google search engine results; users are increasingly redirected to FakeAV malware or fraud sites.

Even the sites you think you can trust are being compromised with hosting injections and malicious content. According to the report, many top Alexa sites were compromised, as were top-rated Google SafeBrowsing sites.

Where are users browsing? Based on its customers’ use, Facebook remains the most popular Web app for enterprise and mobile (consumer and enterprise) users, though it’s mostly been on the decline since the first quarter of 2011. Next in popularity: Gmail, a melting-pot “other” category, YouTube, ad Twitter (where though the percent of use is small, use continues to grow).

Zscaler lets its customers set their own policies about what Web resources are accessible, including setting policies on social network pages. “Two categories of policy decisions make up about 84 percent of the Zscaler blocks enforced for the quarter: Web site category blocks and rate-limiting blocks,” the researchers point out.

IT may also want to pay closer attention to keeping browser running with the latest versions of add-ins. Zscaler scans its customers’ browsers looking for out of date add-ins, a favorite target of exploit kits. It found that, as a percent of the installed base for each add-in, Adobe Acrobat was the most outdated plug-in, with over 60 percent of installations not running the most recent release. Adobe Shockwave was second, at more than 35 percent of installed versions behind the times.

The other results were a mixed bag -- mostly few surprises. One fifth of all Web transactions are initiated by applications, not browsers. More than half (52 percent in June) of its customers are using Internet Explorer on the desktop (Firefox and Safari come in at 22 percent each), with version 7 of IE the most popular, used by nearly 58 percent of IE users. More than half of mobile users are working with iOS and roughly a third with Android browsers.

An infographic summarizing some of the results can be downloaded here, though a short registration is required.

Posted on 08/06/2012 at 11:53 AM0 comments

Mobile Developers Strongly Favor iOS

Apple has taken the lead over Google’s Android in the mobile OS wars, as far as Appcelerator Titanium developers are concerned. In the third quarter of last year, the two operating systems were virtually tied when developers were asked which OS was “best positioned to win in the enterprise long term.” This year, it’s 53.2 percent for iOS and 37.3 percent for Android.

The report, Q2 2012 Mobile Developer Report, notes that the figures are relatively equal whether you’re talking to those developing apps for business or those working on consumer products.

The report by Appcelerator and IDC is based on a survey of 3,632 Appcelerator Titanium developers about their plans and priorities; it was conducted in the middle of May. The report attributes Apple’s lead to

...the growing strength of Apple in the enterprise, especially considering several factors: the popularity of the iPad; frequent reports of Android malware; enterprise challenges in dealing with Android fragmentation; and the resultant anecdotal reports of enterprises re-evaluating widespread Android deployment outside of particular business vertical implementations like M2M.

Google shouldn’t be discouraged, however. The “noticeable erosion” of developer interest in Android has slowed. That’s probably due to the “huge growth in Android device shipments.”

There’s a bit good news for another vendor -- Microsoft. The report says a third (33.3 percent) of developers are very interested in Windows 8 tablets, though the report authors categorize this as “cautious optimism.” There’s less enthusiasm for its cloud offering: developers show interest in Apple’s iCloud and Amazon’s cloud platform but only “tepid interest” in Microsoft’s Azure.

Windows Phone 7 doesn’t fare any better; interest dropped from “very interested” according to 37 percent in the first quarter of this year to 25 percent in the latest report (for the second quarter of 2012).

The report predicts that “As Microsoft Windows 8-based tablets begin to be introduced to the market in the second half of 2012 and the first half of 2013, there is the potential to dramatically change the current trajectories of mobile OSes in the enterprise.”

Unless, of course, the tablet flops. For Microsoft, hope springs eternal.

The report, which also explores app porting from ARM- to x86-based devices, top cloud service features, and app stores, can be downloaded at no cost here (a short registration is required).

-- James E. Powell
Editorial Director, ESJ

Posted on 07/25/2012 at 11:53 AM0 comments