Post on 27-Jan-2016
description
APRIL 2015 VOL. 13 ISS. 04 CYBERTREND.COM
WHY CHOOSEMANAGEDSERVICES?GAIN EXPERTISE,DON’T GIVE UP CONTROL
949.756.1111 | charter@stajets.com | www.stajets.com
CORPORATE TRAVEL? NEED A VACATION?
Let our #missionbird take you where you need to go.
Our diverse fleet of 22 aircraft offers a travel experience above the rest.
STAjets exclusive membership program allows our members to earn cash in addition to flying at an industry discount.
It requires no complicated contracts, deposits, hidden fees, or blackout dates.
We offer our exclusive members discounted flights while earning cash rewards on every flight.
IT’S THE LOWEST COST MEMBERSHIP PROGRAM IN THE INDUSTRYAND THE ONLY PROGRAM THAT PAYS BACK!
Ready when you are
8 COVER STORYmaking sense of your colocation service provider options
13 BUSINESSMicrosoft: facts about its history you might not know, and details about Windows 10
20 CLOUDof course there are risks associated with cloud computing, so it's essential to weigh those with the benefits particular to your organization
24 MOBILITYtackling mobile botnets, and improving your company's mobility efforts with the right management tools
30 DATAbusiness intelligence solutions are varied and plentiful, so choose carefully
34 ENERGYthe latest news and research into energy-conscious tech
36 ITthe dawn (and meaning) of the software-defined data center, and good practices for a successful IT reorganization
42 NETWORKINGyou can't afford an inefficient network, so take all steps possible to improve it
46 SECURITYunderstanding custom malware, and a look at new standards for retail payments
52 STORAGEhow solid-state drives can improve your systems' performance
54 WEBnew way to program for the Web, and tried and true ways to stay safe online
58 ELECTRONICSthe latest in premium consumer electronics
60 TIPSsmartphone, malware, laptop setup, and other tips for mobile professionals
CONTACT USP.O. Box 82545Lincoln, NE 68501
or
120 W. Harvest DriveLincoln, NE 68521
Advertising: (800) 247-4880Fax: (402) 479-2104
Circulation: (800) 334-7458Fax: (402) 479-2123www.cybertrend.comemail: feedback@cybertrend.com
© Copyright 2015 by Sandhills Publishing Company. CyberTrend TM is a trademark of Sandhills Publishing Company. All rights reserved. Reproduction of material appearing in CyberTrend TM is strictly prohibited without written permission.
Volume 13 : Issue 4 : April 2015
WHICH MANAGED SERVICES ARE RIGHTFOR YOUR ORGANIZATION?
8
MICROSOFT & ITS NEWEST OPERATING SYSTEM
13
Global Cybersecurity Index Deems U.S. Most Committed
❯ The United States has the highest com-
mitment to national cybersecurity based
on the final results of the GCI (Global
Cybersecurity Index), a collaborative
project between ABI Research and the
International Telecommunication Union.
ABI Research reports that Canada ranks
second, and third place honors go to
Australia, Malaysia, and Oman jointly.
The following five areas are taken into
consideration when determining how
countries stack up in what’s called the
“global ranking of cybersecurity readi-
ness”: legal measures, technical mea-
sures, organizational measures, capacity
building, and cooperation.
Our Appetite For Mobile Data Continues To Grow
❯ Improved stability for mobile uploads
and downloads, thanks in part to car-
rier aggregation solutions that reliably
accommodate faster uploads and down-
loads, will drive a continued rise in data
consumption, says ABI Research. ABI
reports that average monthly data con-
sumption per subscriber was 445MB
in 2014, and projects that the figure
will rise to 2,289MB within five years.
Looking at global figures, ABI expects
mobile data upload traffic to rise from
6,860 petabytes last year to more than
60,000 petabytes by 2019, with the big-
gest increases happening in Africa and
Latin America.
Worldwide Semiconductor Capital Spending To Slow
❯ After a strong 2014 for semiconductors,
marked by a 12.9% growth in spending,
Gartner expects worldwide semiconductor
capital spending to grow just 0.8% this year.
Capital equipment spending will grow 5.6%,
down from previous estimates of 11.3%
growth, as companies take a more conserva-
tive approach to investment strategies and
focus more on ramping up new capacity.
“As we get better visibility into individual
company spending plans for 2015, it is ap-
parent that caution is a prevailing sentiment,
with the exception of memory, where man-
ufacturers are adding capacity in response
to favorable market conditions,” says Bob
Johnson, research vice president at Gartner.
Gartner: Rethink How You Respond To Change
❯ Digital business is changing the world, and companies that succeed must
be willing to invent new business models and change the way they function,
according to research firm Gartner. Those business models and processes,
in many cases must be deliberately unstable and designed for change and
the ability to dynamically adjust to customer needs, the research firm notes.
Gartner offers several somewhat bold predictions for digital businesses:
Device Usage Can Reveal Credit Card History
❯ Let’s say an entity has possession of a sizable data-
base of anonymized credit card data—that is, detailed
credit card purchase history that is divorced from
personally identifiable information such as names
and addresses. Far from being a useless pile of data,
this information can be paired with other informa-
tion—say, from time-stamped social media posts or
a publicly available review—to “reidentify” who you
are, according to research published in the journal
Science. Researchers from MIT, Aarhus University,
and Rutgers studied the credit records of 1.1 million
people for three months and found they could “re-
identify” 90% of individuals by pairing the credit card
data to just four other points of public data. The re-
searchers say that while the data people generate using
their smartphones and other devices are an immense
help to scientists fighting diseases and other beneficial
research, the data can also be used for marketing pur-
poses or potentially exploited by criminals. The report
concludes that more research should be done to help
individuals and groups keep data private.
By 2017, 70% of successful digital business models will rely on deliberately unstable processes.
Insufficient business process management will be a major stumbling block, preventing 80% of businesses from achieving desired outcomes.
Just 30% of digital business transformation initia-tives will be successful. Those that are successful will be done by leaders who are willing to innovate rapidly.
4 April 2015 / www.cybertrend.com
As IoT Analytics Grows, Startups Tackle New Tech
❯ The IoT (Internet of Things) ana-
lytics market should reach $5.7 billion
by the end of the year, according to ABI
Research. ABI projects that in the next
five years, IoT analytics—including inte-
gration, storage, and data—will make up
a third of big data and analytics revenue.
According to Aapo Markkanen, ABI prin-
cipal analyst, “about 60% of this year’s
revenues come from three key areas: en-
ergy management, security management,
as well as monitoring and status applica-
tions.” The challenges that accompany
gathering IoT-related data from sensors
and machines, however, are driving inno-
vation in the startup market.
IT Hiring Will Continue To Be A Challenge This Year
❯ IT leaders hoping to have an easier time
finding qualified technical talent this year
will be disappointed: Challenges will re-
main this year, according to CompTIA’s
“IT Industry Outlook 2015.” In fact, 68%
of executives surveyed expect a challenging
or very challenging hiring environment this
year. The U.S. Bureau of Labor Statistics
notes that the unemployment rate for com-
puter and mathematical occupations is less
than half the national rate. About 43% of
U.S. IT companies have job openings, and
36% are fully staffed but want to hire to
support business growth; understaffing has
caused 20% of companies to postpone or
cancel projects, the report states.
Some Companies Share Data Better Than Others
❯ Big data analytics solutions can pro-
foundly improve decision-making capabili-
ties at multiple levels within an organization.
But to achieve such benefits, organizations
must share the information gleaned from
those solutions. According to a recent
Economist Intelligence Unit report spon-
sored by Teradata, companies are lagging in
this area. Of the executives surveyed for the
report, 65% agreed that “some departments
have much better access to data than others”
and 57% agreed that “some important busi-
ness data is not captured or disseminated.”
The report recommends hiring personnel
with the appropriate skills to help retrieve
and circulate usable data.
For CEOs, Company Change Requires Collaboration
❯ CEOs are embracing joint ventures to access both emerging technologies and new customers
equally, and it looks as though this type of collaboration will only continue to grow in 2015. A
2014 PricewaterhouseCoopers survey of global CEOs reveals that 51% of CEOs intend to en-
gage in new alliances and partnerships in the next year. In terms of partners, 66% say they are
currently engaged or considering collaboration with various suppliers. Second to this group is
customers, say 66% of CEOs. More than half of the same respondents cite business networks,
clusters, or trade organization; firms and other industries; competitors; and startups as partners
with whom they want to work. Here are some of the reasons why CEOs around the world work
with other industries in “joint ventures, strategic alliances, or informal collaboration”:
Gartner Predicts That The IoT Will Directly Impact IAM By 2016
❯ The IoT (Internet of Things) will con-
tinue be a driver for further advancements
in technology, specifically for new IAM
(identity and access management). Research
firm Gartner says the IoT will be respon-
sible for new “device and user relationship
requirements” in 20% of IAM implementa-
tions though the end of 2016. Gartner also
predicts that, in general, EMM (enterprise
mobility management) will be a significant
IAM requirement as organizations work to
maintain reliable and secure access to apps
on Web and native application architectures.
Moreover, by the year 2020, Gartner predicts
that two sweeping changes will occur: “60%
of organizations will use active social identity
proofing and let consumers bring in social
identities to access risk-appropriate applica-
tions” plus “new biometric methods will dis-
place passwords and fingerprints for access to
endpoint devices across 80% of the market.”
47% Access to new customers
47% Access to new/emerging technologies
42% Access to new geographic markets
40% Ability to strengthen our innovation capabilities
28% Ability to strengthen brand or reputation
26% Sharing of risks
26% Access to talent
15% Access to new industries
CyberTrend / April 2015 5
Smart Card Shipments Up, Saturation Nears
❯ Smart card vendors are shifting strate-
gies as they face lower prices as a result of
a potentially saturated market, according
to a report from ABI Research. Last year,
vendors shipped about 8.8 billion smart
cards for a year-over-year growth of
about 9%. More than 80% of those cards
shipped into the SIM or payment cards,
market, ABI notes. Smart card vendors
see potential in adding software and ser-
vices, making cards more suited to em-
bedded security, ABI reports, including
anti-counterfeiting, brand protection, and
securing data, certificates, and identities
on mobile and consumer electronics de-
vices, says Senior Analyst Phil Sealy.
Make Way For More Part-Tablet, Part-Phone “Phablets”
❯ Despite its strange-sounding port-
manteau of a name, the phablet (larger
than a phone, smaller than a tablet) is
poised to make it big, according to a
new forecast from Juniper Research.
Thanks to the popularity of smart-
phones with larger screens, which
manufacturers originally launched in
part to steal some of the limelight from
small tablets, smartphone-makers are
planning to give buyers more of what
they want: phablets with 5.5- to 6.9-inch
screens. Juniper predicts 400 million
phablets will ship worldwide in 2019,
compared with the 138 million phablets
it estimates will ship this year.
Larger Screens May Not Come With Higher Price Tags
❯ As smartphone companies prepare to pro-
duce larger-screen models in the coming
months, display manufacturers are encoun-
tering increased pressure to reduce prices, ac-
cording to a recent IHS report. Display prices
already dropped 14% in 2014 compared
with 2013, says IHS, which expects another
double-digit drop this year. Smartphone-
makers worldwide, particularly those in
China, will attempt to keep phone prices
low despite growing screen sizes. “China is
the major battlefield for 5-inch smartphone
displays,” says Terry Yu, analyst with IHS.
“Demand for these displays is very strong,
but they face strong competitive price pres-
sure in the set market.”
Vehicle Connectivity Technologies Accelerate
❯ The use of embedded con-
nectivity in vehicles will in-
crease from 13.4% in 2014 to
52% in 2020, according to ABI
Research. The research firm
also expects 2020 to be the
first year we’ll see widespread
availability of V2V (vehicle-
to-vehicle) systems. In terms
of wireless connectivity, 4G
LTE (Long Term Evolution)
cellular is playing a key role,
but consumers are slow to buy
into added services. “While penetration levels of embedded connectivity in vehicles
continue to grow steadily, it remains challenging for car OEMs to convince users to pay
for built-in connected car services,” says Dominique Bonte, vice president and practice
director for ABI. “While initiatives such as allowing adding connected car systems to
shared data plans by GM in the United States are definitely going to boost uptake, full
penetration is unlikely to be achieved solely through consumer-led drivers.” Looking
at V2V systems, ABI expects that over the next 10 years, with the arrival of 5G cellular,
data latencies will fall to as little as 1 millisecond, meaning that 5G could supplant the
dedicated V2V technology in use today.
Tablets & Smartphones Will Be Primary Devices For Online Use
❯ In the next four years, more than half of
mobile device users will turn to their smart-
phones and tablets first for online activities
such as communications and content con-
sumption, according to key mobility predic-
tions from Gartner. Van Baker, research vice
president with Gartner, says that according
to consumer use patterns, the smartphone
is emerging as the first-option device when
on the go, whereas the tablet is utilized for
longer sessions. PCs still have their place, he
says, but they’re used primarily for complex
tests. “As voice, gesture, and other modalities
grow in popularity with consumers, and as
content consumption tasks outweigh content
creation tasks, this will further move users
away from the PC,” Baker says. In terms of
enterprise mobility, Gartner projects that
40% of enterprises will rely on Wi-Fi as the
default for workplace connectivity, which
coincides with increased mobile demands.
6 April 2015 / www.cybertrend.com
Search & Real-Time Analytics Fuel Swiftype’s Growth
❯ Founded in 2012, Swiftype offers organi-
zations powerful search tools for their web-
sites. Swiftype customers are equipped with
tools and dashboards to customize search
functions and review analytical information
based on site usage, while websites using
Swiftype tools allow visitors to perform site
searches and advanced searches. Swiftype
also works with mobile devices. In March,
Swiftype announced it had raised $13 million
in Series B funding led by New Enterprise
Associates. In its blog post, Swiftype said the
company will use the new funds to hire more
search engineers, expand sales and mar-
keting, and “establish a stronger position of
leadership within the search industry.”
Blippar Blends Augmented Reality & Advertising, Gets $45M
❯ New York-based startup Blippar recently
raised $45 million in funding to further its
augmented reality and image-recognition
platform. The Blippar platform allows
manufacturers to transform products into
“blippable” objects. Consumers with the
Blippar app can point their smartphone
cameras at the objects to reveal 3D views,
provide further information, or unlock spe-
cial content. Blippar also has uses in the
education market. The company did not
disclose the identities of its recent investors,
but Ambarish Mitra, founder and CEO,
explained in a press release how Blippar in-
tends to use the funds. “This funding brings
us closer to our ultimate goal of creating a
new kind of cognitive behavior,” he said,
“one that enables us to instantaneously ac-
cess information and content directly from
any of the physical objects or collateral in
the world around us.”
Cylindo’s Visualization Tool Has The Furniture Industry’s Attention
❯ In most industries, demos have gone virtual. Three-dimensional product modeling is par-
ticularly helpful for manufacturers, designers, and salespeople, who can take out a tablet com-
puter and show off new products and features without hauling around the actual products and
prototypes. Cylindo, a startup based in Copenhagen with offices in San Francisco, offers a 3D
visualization platform
called 360 HD Viewer
for furniture manu-
facturers and retailers,
and counts Turnstone
and Steelcase among its
customers. In addition
to the viewer, Cylindo
offers furniture con-
struction and custom-
ization software called
Furniture Builder and
room design software
called Room Planner.
Cylindo recently raised
$1 million in new funding. “Our platform removes the friction retailers have when dealing with
products visualization,” said CEO Janus Jagd in a press release, “and we have seen conversion
rates increase at an average of 30% when our technology is utilized.”
Startup Offers Analytics Tools For Sales Reps, Managers & Ops
❯ “Read your prospect’s mind.” That’s the
ability San Francisco-based startup Tout
seeks to provide with its sales analytics tool
of the same name. Tout is a communications
enabler for sales, with email and calendar
functions to help salespeople easily track
conversations, compose emails without cut-
ting and pasting, remember follow-ups, and
book meetings that make sense. Recently,
ToutApp announced it had raised $15 mil-
lion in a Series B funding round. Scott Weiss
from Andreessen Horowitz, which led the
newest investment, will join ToutApp’s
board. ToutApp says it will use the new
funds to expand its sales, marketing, cus-
tomer service, and engineering operations.
Visually’s Brand Content Platform Brings In $3.3 Million
❯ Visually, a company that offers a platform
for creating brand content such as info-
graphics, presentations, and videos, claims
to have gained more than half a million users
since its 2011 launch. The San Francisco-
based startup raised $3.3 million in March,
bringing its total raised to $15.4 million. “As
brands struggle to keep pace, Visually serves
as a trusted partner, helping brands, pub-
lishers, and agencies scale in the short-term
or as an ongoing extension of their in-house
creative teams,” said CEO Matt Cooper in a
press release. Visually reports 80% growth in
average spend per client over the past year,
and plans to use the new funding to invest in
ever-newer tools to further that growth.
STARTUPS
CyberTrend / April 2015 7
Why Choose Managed Services? IT’S ALL ABOUT EXPERTISE, NOT NECESSARILY RELINQUISHING CONTROL
IT MAY SOUND counterintuitive, but
sometimes the most advantageous move
an organization can make is to give up.
This doesn’t mean getting out of busi-
ness altogether, but rather giving up in
the sense of delegating certain tasks to
a third party to perform instead of as-
signing them to internal personnel. Such
is the nature of hiring an MSP (man-
aged service provider). In exchange for
contracting with a MSP to take over the
real- and full-time management and
monitoring of any number of IT ser-
vices to whatever extent is possible or
reasonable, an organization can dedicate
its own staff to developing and growing
critical areas of the business.
What engaging with an MSP doesn’t
mean is turning over ownership and con-
trol of whatever service, equipment, ap-
plication, or other asset the MSP manages
or monitors. What it does mean is that
in many cases the company can realize
CAPEX and OPEX savings, as well as ac-
quire access, expertise, and insight into
operational areas, technologies, hardware,
and more that the MSP possesses but the
company didn’t otherwise have access to.
While many executives are generally
aware of the benefits an MSP makes pos-
sible, some are less aware of exactly what
types of managed services are available to
their organization or what these services
entail exactly. This article explores some
of the more common types of managed
services that MSPs offer and what to ex-
pect with each.
Range & Quality Managed service providers range from
being very small companies focused pri-
marily on serving companies in their
immediate city or region to extremely
large companies that offer services on a
global scale. Dan Kusnetzky, founder of
Kusnetzky Group and industry analyst,
says MSPs attempt to differentiate them-
selves through their customer service,
expertise in given vertical segments, per-
formance, reliability, and pricing. Those
KEY POINTS
• The managed services market includes a diverse array of pro-viders offering a broad spectrum of specialization in terms of service delivery and customer specialties.
• Organizations are focusing strongly on managed security and backup/recovery services due to data security concerns.
• Although some types of man-aged services are delivered onsite, many are delivered remotely and in an automated manner.
• Server management/monitoring and storage continue to be staples of many providers’ offerings, although certain aspects are be-coming more cloud-based.
8 April 2015 / www.cybertrend.com
that primarily focus on pricing, he says,
“often offer very limited levels of service.”
As of Q1 2015, says Charles Weaver,
CEO of the MSPAlliance, there were
more MSPs than ever in operation.
Weaver attributes this fact to how
modern companies have grown so re-
liant on technology. Another factor is
the ever-increasing number of risks to
company data that organizations are
now facing. Furthermore, companies
strongly desire to focus on their core
businesses rather than on meeting in-
ternal IT demands. For an upcoming
“state of the market” report, Weaver says
50% of companies surveyed reported
using managed services for this reason.
“They rely on IT, but they don’t want to
be bogged down with it. They want and
need to outsource it to someone else who
can do it better than they can,” he says.
Weaver describes the current MSP
market as delivering a robust array of
companies, providers, and services.
Residing somewhere between MSPs that
are “more general practitioners” and
those that take “a broad spectrum” ap-
proach are those covering “every imag-
inable area of specialty and expertise,”
Weaver says. “There are so many dif-
ferent types of MSPs doing so many
types of specialization, either specializa-
tion of the services they deliver or spe-
cialization with the expertise by servicing
a particular grouping of customers,” he
says. (Weaver, as well as many others,
consider cloud computing as a subset or
type of managed service.)
Wolfgang Benkel, Forrester Research
principal analyst, says the distinguishing
characteristic of a “managed service” is
that the MSP manages the service de-
livery. In other words, it’s responsible for
the “how.” The client, meanwhile, is fo-
cused on the outcome of the service, or
the what. Factors that differentiate man-
aged services from one another include
the type of service, the level of vendor re-
sponsibilities, and the scope of the service.
In terms of types, Benkel says, the
managed services spectrum includes ap-
plication, infrastructure, and network ser-
vices. Often, these are delivered remotely
and in automated fashion, although some
are essentially labor-based. Depending on
the client, Benkel says, the level at which
the vendor is responsible for managing
service delivery can vary from being an
entirely vendor-managed service environ-
ment down to a client’s predefined ser-
vice environment (processes, procedures,
tool, etc.). The company’s environment
can dramatically influence the benefits
and advantages it sees from the managed
service depending on how much it con-
strains the MSP, he says.
Generally, a managed service affords
the MSP a certain level of autonomy in
how it performs its work, with the MSP
using its own processes, tools, and assets.
“Higher accountability for service delivery
or continuous improvement are impor-
tant elements to participate on vendors’
expertise, cost reductions, and internal
investments and innovations for better
quality and efficiency,” Benkel says.
In terms of scope, managed services
vary greatly. A broad scope, for example,
could mean a managed workplace en-
tailing all activities around the workplace,
including desktop and desk-side man-
agement, service desk, email, and similar
functions. More narrowly defined ser-
vices might include a managed mailbox or
server or network monitoring. “Different
customers tend to favor varying levels of
granularity in their managed services,”
Benkel says.
Availability & Growth Weaver says among the bevy of man-
aged services available, security and
backup are categories that companies
are focusing on currently to address an
important core theme: data privacy and
security. These services “aren’t uniquely
different,” he says. “They’re intertwined.
They’re forever connected in my opinion.
The days of just making sure you have a
duplicate copy of something are over.”
CEOs and management teams today
are very cognizant of how important
data redundancy and availability are,
as well as the need to protect that data,
Weaver says. Although some companies
are addressing data privacy and secu-
rity concerns through separate compo-
nents—BYOD (bring your own device),
MDM (mobile device management),
etc.—delivered by different MSPs, these
components are being combined “to
focus on one core business objective: the
customer,” Weaver says.
Among MSPs, there is currently a great
deal of focus on offering colocation and
cloud services, particularly to companies
in regulated industries, Kusnetzky says.
Additionally, more focus is falling on da-
tabase-as-a-service and backup, and/or
Managed service providers that primarily focus on pricing “often offer very limited levels of service.”
DAN KUSNETZKYIndustry Analyst & Founder : Kusnetzky Group
MANAGED SECURITY SERVICES COVER CONSIDERABLE GROUND. FEATURES CAN INCLUDE FULL-TIME IDS (INTRUSION DETECTION SYSTEM) AND IPS (INTRUSION PROTECTION SYSTEM) MONITORING, VPN SERVICES, INSTANT NOTIFICATIONS OF INTERNAL AND EXTERNAL INCIDENTS COVERING THE NETWORK AND DEVICES, ENSURING VARIOUS COMPLIANCE REQUIREMENTS ARE MET, PROVIDING ONSITE SUPPORT, AND MUCH MORE.
CyberTrend / April 2015 9
disaster recovery-as-a-service offerings,
he says. “We’re hearing less about desktop
as a service, or VDI [virtual desktop infra-
structure] as a service,” he says.
In general, most managed services
being offered today across the applica-
tion, infrastructure, and network spec-
trum are pretty mature, Benkel says.
Broadly, Benkel says, the managed
service model is a trend that, to a de-
gree, is overlapping with the cloud ser-
vice model (such as private managed or
private hosted clouds), “although the
cloud model is normally interpreted as
a self-service model,” he says. “That said,
there are numerous opportunities for
managed services around cloud models,
and they’re growing rapidly.” Fueled by
growing client interest, managed services
are also expanding in areas of mobility
and big data, he says.
Common Managed Service Types Although MSPs have arguably paid
more attention to larger companies tra-
ditionally, today evidence suggests that
midsize organizations are becoming in-
creasingly attractive to MSPs. Overall,
while MSPs are continually working
toward providing new services that ap-
peal to their target audiences, there are
a group of common services that com-
panies have long leveraged, including
the following.
❯ Server management & server perfor-
mance monitoring. Managed services
in this segment can include configura-
tion assistance, management of virtual-
ized environments, operating system
patch monitoring, troubleshooting,
support, and more. Benkel says while a
considerable amount of server manage-
ment is performed via the traditional
outsourced model in which servers re-
side in the supplier’s data center, man-
agement can also be provided for the
customer on premises.
Historically, Weaver says, server
management and performance moni-
toring has been “the bread and butter of
what MSPs do,” and along with desktop
management it is one of the more com-
monly delivered managed services. “In
the cloud world, you see a lot of [server
management] work being put into con-
sulting and what I’ll call virtualization
types of projects where [MSPs] are vir-
tualizing and consolidating servers but
then still managing them,” he says.
❯ Network management. As with
many managed services, network man-
agement is one that’s generally deliv-
ered remotely. “It’s often bundled in
with broader outsourcing relation-
ships,” Benkel says. Essentially, network
management equates to the monitoring
and analysis of the customer’s network,
Weaver says, as “most MSPs don’t con-
trol the network. They can’t. That’s
something for the ISP [Internet ser-
vice provider] or bandwidth provider
to handle.” In addition to providing
network-specific expertise, managed
network services can entail providing
real-time notifications covering de-
vices, WLANs (wireless local-area net-
works), routers, switches, and other
components, as well as configuration
management, performance and be-
havior-related reports, identifying is-
sues, and coordinating support.
❯ Security. Managed security services
cover considerable ground. Features can
include full-time IDS (intrusion detec-
tion system) and IPS (intrusion protec-
tion system) monitoring, VPN services,
instant notifications of internal and ex-
ternal incidents covering the network
and devices, ensuring various compli-
ance requirements are met, providing
onsite support, and much more.
In recent years, managed security
services, including perimeter detec-
tion, have become popular offerings,
Benkel says. Managed security is also
becoming a more segmented area de-
pending on the customer in the ques-
tion, Weaver says. Enterprises, for
example, often seek vastly different se-
curity abilities than do SMBs (small to
midsize businesses). Beyond firewall
log management/monitoring, for ex-
ample, enterprises also want data and
analytics in terms the MSP combing
through firewalls to determine who is
probing the company. “They want to
find out where their vulnerabilities are.
What ports hackers are trying to hack
in from. They want data,” Weaver says.
SMBs, meanwhile, generally just want
the MSP to ensure the company isn’t
being hacked, he says.
Moving forward, Weaver expects
more specialization in managed security
services to occur, as well as more lay-
ering of additional security types, such
as SSO (single-sign-on), multi-factor
authentication, and password manage-
ment. “I think we’re starting to see the
beginning of a tidal wave of what many
in the enterprise have been accustomed
to seeing for maybe a decade or more—
a way to go beyond just usernames and
passwords,” Weaver says. “Take multi-
factor authentication, for example. We
have yet to see mainstream businesses
adopt that technology, but it’s going
to come, and it’s going to come chiefly
because of MSPs enabling its delivery as
a service.”
Another example of this movement
is MDM, Weaver says. Depending on
a customer’s size and needs and the
MSP’s capabil it ies, MDM services
differ, including in terms of specialty
features. “Some MSPs are only han-
dling device policies and pushing out
to the best of their ability which apps
can reside on mobile devices and how
“In the cloud world, you see a lot of [server management] work being put into consulting and what I’ll call virtualiza-tion types of projects where [MSPs] are virtualizing and consolidating servers but then still managing them.”
CHARLES WEAVERCEO : MSPAlliance
10 April 2015 / www.cybertrend.com
to authenticate users on those devices,”
Weaver says. Other MSPs, however, are
doing more sophisticated things, such
as managing desktop virtualization on
tablets. “It’s not new technology, but
we’re seeing proliferation of that tech-
nology now that cloud is coming into its
own,” Weaver says.
❯ Storage. Similar to servers, storage
is a big and important part of the MSP
marketplace. Benkel says managed
storage offerings are corresponding
with interesting occurrences now hap-
pening with managed hosting and man-
aged cloud-like models. Weaver says
his organization is “definitely seeing
a bifurcation of public cloud and pri-
vate or hybrid cloud storage needs and
providers. Thus, you have vendors and
their respective channel partners deliv-
ering both sides of those types of data
backup, and I don’t think there’s any-
thing really slowing that down.” Weaver
says that while actual storage of data is
becoming commoditized, what’s not is
the expertise in how to architect and
manage solutions. “That’s still very
much an in-demand offering,” he says.
Depending on the MSP, man-
aged storage services can cover SAN
(storage area network), NAS (network
attached storage), dedicated, and on-
demand cloud approaches. Services can
involve a company storing its data and
applications in-house or in the MSP’s
facility. Features can include capacity
and performance monitoring/manage-
ment, backup and restore management,
archiving abilities, local/remote data
copying, design and deployment of in-
frastructure services, alerts, support,
and more.
In terms of backup and disaster re-
covery, Benkel says, companies can
acquire these as discrete services or
bundled in with additional services,
such as IT infrastructure management.
Numerous sources point to backup and
recovery as a specific managed services
segment that midsize companies par-
ticularly are looking to handoff respon-
sibilities for to a third party, particularly
those offering cloud-based approaches.
❯ Communications. Managed services
in general have been a staple for com-
munication service providers for years,
Benkel says. With this segment, Weaver
says, “we’re talking mostly about VoIP.”
He adds that while this specialty seg-
ment of the market, which he describes
as “principally hardware resellers selling
the actual phone systems,” has focused
on the legacy VoIP and telephony space,
hosted cloud-based phone systems are
becoming a common theme on the
vendor and MSP sides.
Overal l , Weaver says , managed
communication services are primarily
about managing communications sys-
tems (provisioning or deprovisioning
users, for example) and not about tasks
such as boosting bandwidth. A survey
of various providers of managed UC
(unified communications) indicates fea-
tures including administration abilities;
proactive monitoring and management;
alerts; and oversight concerning de-
vices, servers, carrier links, and other
components. Features of cloud-based
approaches offer similar abilities in
terms of monitoring call volumes, usage
patterns and histories, and call quality
and availability tasks.
❯ Migration. Although there’s often
still a need for some type of human in-
tervention, much effort associated with
managed services for servers, applica-
tions, and database migration has been
automated, Benkel says. Weaver adds
that much of this segment concerns
“consolidation through virtualization—
taking 100 servers and turning them
into 10. There’s a whole project that’s
related to that, and the ongoing man-
agement of the technology that’s needed
to virtualize that type of server farm.”
Although many MSPs offer such ser-
vices, many are also moving this pro-
cess from a physical server to a hosted
service (“whether it’s called ‘cloud’
or by another name”), Weaver says.
Whether talking about the migration of
servers, PBX phone system, key appli-
cations, or backup drives, Weaver says,
“the general trend is moving that stuff
out of the office and into the cloud.”
❯ Helpdesk. Most MSPs have some
type of helpdesk or network opera-
tions function available. “Not a lot of
MSPs skip the helpdesk,” Weaver says.
“Most MSPs that interface with their
customers do so through the helpdesk.
So it’s a very common offering.” That
said, Benkel says, service desk offer-
ings are under siege due to a growing
interest in self-service support models,
particularly among younger users.
Nevertheless, helpdesk remains a key
category of managed services for both
applications and infrastructure re-
quirements, he says.
In general, managed helpdesk ser-
vices offer a good example of how an
organization can outsource functions
to a third party and simultaneously en-
able internal IT staff to focus on core
business objectives rather than tasks
such as hiring and training personnel,
operating trouble ticket systems, etc.
Most MSPs’ offerings in this segment
are ITIL (IT Infrastructure Library)-
based and include certified expertise
across various IT areas.
Services in this area generally cover
multiple operating systems and plat-
forms, desktops, notebooks, servers,
mobile devices, VoIP systems, cloud-
based services, security, virtualization,
and more.
“Higher accountability for service delivery or continuous improvement are important elements to participate on vendors’ expertise, cost reductions, and internal invest-ments and innovations for better quality and efficiency.”
WOLFGANG BENKELPrincipal Analyst : Forrester Research
CyberTrend / April 2015 11
You use CyberTrend
to keep tabs on the latest
business technology trends.
IT and data center leaders turn
to Processor to learn more about
the products and technologies
that impact organizations
at their core.
Help I.T. stay on pace with the SPEED OF CHANGE
Processor is a leading trade publication that provides the news, product information,
and technology advice that IT leaders and data center employees can trust.
Get the latest issue right now online at www.processor.comor on your iPad via the iTunes Store.
.COM
A Customer-Inspired Evolution MICROSOFT LISTENED TO FEEDBACK WHEN DESIGNING WINDOWS 10 & IT SHOWS
MICROSOFT IS KNOWN for quite a few
technological innovations in the com-
puter space, including both hardware and
software, but the company is perhaps best
known for its popular Windows oper-
ating system. The Windows OS has seen
many iterations over the past three de-
cades, some of which were well-received
and others that didn’t quite live up to
expectations. All of these past highs and
lows have ultimately led us to the where
we are now with the impending release
of Windows 10. We’ll get to the reasons
why Windows 10 could win back users
who were disappointed with Windows 8
and 8.1, but first, a brief history of how
Microsoft first started working on the
operating system and how the company
learned from its customers to get to where
it is today.
Early Vision & The Creation Of MS-DOS
Microsoft’s origin story is among
the most interesting in the tech world,
partly because it’s somewhat of an un-
derdog story. Two men, Bill Gates and
Paul Allen, decided to establish a startup
called Microsoft in 1975, and although
the company had humble beginnings, it
would quickly make its mark on the soft-
ware world. It all started with the vision
of its founders: to get as many computers
out into the public as possible, both for
consumers and business users.
Microsoft put its lofty ambitions on
the back burner somewhat in 1980 when
it was approached by IBM to work on
a project called Chess. In this partner-
ship, IBM would take care of the hard-
ware and Microsoft would focus on
creating the operating system. That’s
how MS-DOS (Microsoft Disk Operating
System) was born.
The job of MS-DOS was to help
manage the hardware itself and to run
programs in a more effective manner.
And because the operating system is
essentially the brain of the system that
helps programs get the resources they
KEY POINTS
• Microsoft’s first operating system was MS-DOS, but it didn’t take long for the company to em-brace windows, both as an inter-face design philosophy and as an operating system name.
• Windows 8 and Windows 8.1 were seen by many as stumbling blocks, which is why Windows 10 is important for Microsoft.
• Based on customer feedback, Microsoft brought back the tradi-tional Start screen in Windows 10.
• Windows 10 is a unified OS designed to work on PCs, tablets, and smartphones as well as on Microsoft’s new HoloLens and Surface Hub products.
PHOT
OGRA
PHS
COUR
TESY
OF
MIC
ROSO
FT
CyberTrend / April 2015 13
need from the hardware to run, MS-DOS
was absolutely crucial to IBM’s com-
puting platform. A year later, in 1981,
IBM shipped its first PCs with MS-DOS
installed. The operating system had an
immediate impact on the industry, even
though it was viewed as a bit compli-
cated for the general public due to the
complexity of certain commands.
What’s In A Name? Understanding that it would need
to simplify the user interface to make
t rue headway in
the marketp lace ,
M i c r o s o f t c o n -
tinued fine-tuning
its operating system
a n d e v e n t u a l l y
landed on some-
thing that looked
q u i t e d i f f e r e n t
f r o m M S - D O S .
In 1985, the first
true Windows op-
e r a t i n g s y s t e m ,
Windows 1.0, was
launched, and it’s
safe to say that this
revolutionary step
forward changed
everything people
knew about com-
puters. Instead of
using complicated
M S - D O S c o m -
mands, users were
now able to mouse
through different “windows” in order
to get to the data and programs they
needed. Windows 1.0 launched with nu-
merous programs, including Windows
Writer, Notepad, and Calculator as well
as a calendar, clock, and many others
that would serve as foundations for fu-
ture applications.
Over the next few years, Microsoft
continued to build on its operating
system with Windows 2.0, Windows
3.0, and Windows NT. Each new ver-
sion would come with new programs,
better performance, and improved vi-
suals. And as the platform continued to
mature and change, the popularity of
personal computers also began to grow,
which eventually led to Windows 95.
Windows 95 sold an astounding 7
million copies in its first 5 weeks, which
was unheard of at the time, and it had a
major marketing campaign behind it that
even included a Rolling Stones tune as
its theme song. Windows 95 was the first
of Microsoft’s operating systems to truly
take advantage of the Internet, and in
1995 Microsoft released the first version
of Internet Explorer. Windows 95 is also
notable because it marked the first time
the Start menu and many other classic
interface tweaks were put into place.
Over the next few years, Microsoft
would release Windows 98, Windows
Me, and Windows 2000, all of which
continued to make improvements on the
basic Windows formula. Windows 98 in-
cluded the ability to play DVDs as well as
connect USB devices. Windows Me intro-
duced Windows Media Player 7, which
made it much easier for users to manage
their digital media. And Windows 2000
Professional was designed for office
workers in mind, as it supported more
networking and USB device options than
previous Windows versions had.
Microsoft’s 14-Year Rollercoaster Ride
W h e r e a s m o s t o f M i c r o s o f t ’ s
Windows iterations were well-received
and seen as positive steps forward, that
wouldn’t always be the case. But before
consumer confidence wavered somewhat
in subsequent years, PC users would first
get access to what is widely considered to
be one of the best operating systems of
all time: Windows XP. Built to give con-
sumers quick access to their applications
without putting any clunky UI barriers
in the way, Windows XP was built with
the user in mind and was designed to be
as easy to use as possible.
Microsoft refined its Start menu,
Taskbar, and many other built-in
tools. Microsoft improved the inter-
face to make the windows themselves
look cleaner. And with Windows XP
Microsoft focused on customer sup-
port and security more than any other
Windows iteration before it. It was clear
that with XP, Microsoft was taking many
of its customers’ concerns into con-
sideration and answering every ques-
tion along the way. Windows XP also
gave consumers a choice, with Home,
With its newest operating system, Windows 10, Microsoft blends familiar elements such as the Start menu with the tile layout that dominated the screen in Windows 8’s Metro design. Developed with touchscreens in mind, the Metro layout had turned off many desktop PC users.
14 April 2015 / www.cybertrend.com
Professional, 64-bit, Media Center
Edition, and Tablet PC editions all re-
leased in the following months and years.
Windows Vista fol lowed XP in
2006, and while it sported many im-
provements, especially with security,
there were some issues that prevented
some users from making the upgrade.
Alternating with Windows Me, Vista
marked the beginning of Microsoft’s
rollercoaster of up and down releases
where seemingly every other Windows
version would be well-received. For
some, Vista’s user interface seemed like
a clunky amalgamation of new ideas
mixed with old ones, which lent the op-
erating system an awkward in-between
feel as if it were a half-step rather than a
full new release.
With Windows 7, released in 2009,
Microsoft righted many of the perceived
wrongs that Windows Vista possessed.
The interface once again had a fresh coat
of polish, with added features such as the
ability to pin favorite programs to the
Taskbar for quick access. Microsoft added
many other navigational features as well,
including the ability to roll the cursor
over a minimized program to see a pre-
view of what’s happening in that window.
Windows 7 was also the first Windows OS
to embrace touchscreen controls.
Whereas Windows 7 was widely
viewed as a return to form for Microsoft
and was seemingly well-received by
most, Windows 8, although certainly
revolutionary, might have taken touch-
screen controls a bit too far. Windows
8 introduced the tile-based Metro in-
terface where instead of relying on the
traditional Start menu arrangement or
shortcuts on the desktop, users would
see a colorful screen full of program
tiles they could either touch or click.
For many users, the major problem
with Windows 8 was that its interface
was difficult to navigate without a touch-
screen display. In essence, Microsoft was
trying to bring a tablet-style interface
to desktops and laptops but with mixed
results, which was jarring to users that
were comfortable with the traditional
Windows layout. With Windows 8.1,
Microsoft addressed some of these is-
sues and reintroduced the Start button,
making it easier to revert back to the
original Desktop layout complete with
shortcuts. But users still had to use the
tile-based interface in many instances,
and the Start button didn’t always
work as it had worked traditionally, so
Windows 8.1 was ultimately viewed as
a half-measure for users who wanted a
more familiar Windows experience.
It is precisely for this reason that
Windows 10, which is slated for release
this year, is so important not just for
consumers, but for Microsoft as well.
Windows 10 & The Importance Of Customer Feedback
Before we dig into the reasons why
Windows 10 is shaping up to be a re-
turn to form, it’s important to under-
stand that Microsoft’s penchant for
innovation and evolution has often been
at odds with the desires of its customer
base. Take the company’s Xbox One
gaming console, for example. When
Microsoft first announced the console
in early 2013, it came with not only a
hefty price tag of $500, but also a slew
of unpopular features.
One example that has many paral-
lels to the Windows rollercoaster is
the fact that the console came with a
Kinect motion-tracking camera with
built-in microphones that could be used
for voice commands. In fact, the entire
Xbox One interface was tile-based and
designed to be navigated much more
easily with voice and gesture commands
rather than with a traditional con-
troller. This may sound familiar to users
of Windows 8 and 8.1 that wanted the
option of navigating the interface in a
more traditional desktop-style fashion.
Fortunately for Xbox One fans,
Microsoft backtracked on many of its
unpopular features, including one that
required an always-on Internet con-
nection, even if users wanted to play
games offline. In the coming months,
Microsoft also listened to customer
feedback and not only readjusted its
user interface to be easier to navigate
with a controller, but also started of-
fering console SKUs without the Kinect.
This anecdote about Microsoft’s
gaming divisions is important be-
cause it directly relates to Windows
10. Although Windows 8 and 8.1 were
revolutionary in their introduction of a
more touch-oriented, tile-based layout,
it wasn’t the type of revolutionary
change that a large contingent of users
could appreciate. Because those users
were so vocal, Microsoft listened and
has redesigned its operating system in
the form of Windows 10, with the goal
of giving users the best of both worlds:
touch-friendly tiles that work well on
tablets, and more traditional interface
Microsoft responded to complaints about the original Xbox One game console by making adjustments to the tile-based interface and reducing the price. This move was similar to the way Microsoft is handling Windows 10 as a follow-up to Windows 8.
CyberTrend / April 2015 15
features that work well on full-sized
computers. The hope is that with this
newest iteration of Windows, users will
have more options for navigating the
interface and interacting with data and
applications.
More Refined & Easier To Navigate
For evidence that Microsoft clearly
listened to consumer feedback when
designing Windows 10, look no fur-
ther than the new desktop layout.
Instead of automatically booting to a
s i d e - s c r o l l i n g , t i l e -
based layout, you’ll find
the traditional Desktop
s e t u p t h a t w a s u s e d
in Windows vers ions
through Windows 7 .
There are, however, some
slight tweaks in Windows
10 to make navigation
even easier.
For example , when
y o u c l i c k t h e S t a r t
button, the menu pops
up like you remember,
with icons for frequently
used applications at the
ready. But when you
look to the right of those
apps, you’ll notice a tile-
based menu that looks
similar to the Windows
8 setup, with tiles seg-
mented into an email,
social media, and news
section; a Work section with Microsoft
Office programs and other productivity
apps; and an Entertainment section for
media streaming applications, games,
and more. There’s also a search bar just
below this menu, so you can type in
keywords and quickly find the applica-
tion you’re looking for.
As with earlier versions of the Start
menu, in Windows 10 you can use it
to pin frequently used applications
for quick access. This saves you from
having to use the search bar to find a
favorite program, or hoping a program
icon shows up in your recently used list.
Everything about Windows 10’s layout
indicates that Microsoft has taken user
criticism to heart without compromising
its forward-looking vision. Yes, you have
a traditional Start menu, but you still
have an application menu that is friendly
for touchscreen devices as well.
New Security & Management Features
In addition to productivity—new
versions of Office are scheduled to
debut at Windows 10’s launch and in
future updates—Microsoft has placed
major emphases on security and ease
of management for its newest operating
system. In terms of security, Microsoft
has integrated more enterprise-grade
security solutions than in any earlier
version of Windows. For example, there
are identity and information protection
tools in place designed to protect users
and their data from external threats,
and Microsoft has added features to
protect users from data theft and
phishing scams.
Perhaps the most significant im-
provement on the security side, and one
that enterprises will appreciate, is the
ability to protect data regardless of its
location. There have always been ways
to protect data on the desktop, but it’s
much more difficult to do so once the
data leaves that environment. Windows
10 includes tools to protect data
whether it resides on the desktop or
has been moved to a mobile device, sent
via email, transferred to a USB memory
stick, or migrated to the cloud. And to
help companies better manage mobile
devices and remote workers, Microsoft
has included more VPN (virtual private
network) features in Windows 10 for
secure and reliable network connections
regardless of location.
In terms of management, Windows
10 is easier to use than past versions. The
OS is simpler to install, and the process
of initiating updates is much smoother.
Users can even choose how often certain
devices are upgraded depending on the
circumstances. For example, if there is a
mission-critical system that can’t go down
for a full OS update, an administrator
can choose to push out only security up-
dates to ensure data is always protected.
Other systems, meanwhile, can be set up
to always receive the newest features and
productivity improvements available so
their users can stay up to speed and work
more efficiently.
Microsoft says its new Web browser, currently in development under the code name Project Spartan, will be much faster and more intuitive than Internet Explorer, and will allow users to annotate Web pages, among other features.
16 April 2015 / www.cybertrend.com
Another important Windows 10 ad-
dition is the newly refined app store.
Rather than having to purchase an ap-
plication for each individual device,
you can now essentially buy them
in bulk depending on how many in-
stances you need for
your workforce . You
also have more freedom
to redistribute applica-
tion licenses as you see
fit and transfer them to
different users or de-
vices. If your organiza-
tion prefers to curate its
application offerings,
you can set up a unique
Windows 10 app store
that only provides em-
ployees with access to
approved programs. You
can also offer applica-
tions your organization
has developed along-
side those in the curated
Windows 10 app store
space to ensure users al-
ways have access to the
tools they need.
Universal ApplicationsIn an effort to unify its desktop and
mobile iterations, Microsoft is intro-
ducing universal applications that are
designed to seamlessly transition from
one device to another. Whether it’s
your photos, videos, and music, or
messaging, email, and calendar appli-
cations, they will look and operate ex-
actly the same whether you’re on your
desktop or your tablet. And perhaps
the biggest new feature with universal
apps is that you can sync your infor-
mation via OneDrive and keep all of
your devices up-to-date with the most
current information.
This idea of universal apps also
applies to the newest versions of
Microsoft’s Office pro-
ductivity suite. For users
that prefer a touchscreen-
oriented setup, they’ l l
have a unified experi-
ence across their many
touch devices, whether
they’re using Outlook,
PowerPoint, Word, Excel,
or OneNote. These improved touch-
screen-friendly controls also make
it easier to add handwritten notes to
presentations or documents. For those
more interested in the traditional
desktop Office experience, Microsoft
will be making announcements in the
coming months about future versions
of the applications.
Improved InternetIn conjunction with its Windows
10 announcements, Microsoft indi-
cated it is preparing to release a new
Web browser, code-named Project
Spartan, as an Internet Explorer re-
placement. According to Microsoft,
the new browser will be much faster
and more intuitive, so users can surf
the Web more quickly and more reli-
ably. The browser will also provide the
ability to annotate with keyboard or
stylus as well as view articles in a read-
only mode both online and offline. As
with other new and updated Microsoft
products, this new Web browser is
designed to extend across multiple
Windows 10 devices and offer a consis-
tent experience regardless of platform.
Cortana Personal Assistant
Another significant
addition to Windows 10
is the Cortana personal
assistant, which was pre-
viously available only on
Windows smartphones
but will become avail-
able for PCs and tablets.
Named for a character
from the popular Halo
video game franchise,
Cortana is essential ly
Microsoft’s answer to
Apple’s Siri, but with a
few more tricks up its
sleeve. The digital per-
sonal assistant can not
only he lp users f ind
what they ’re looking
for more quickly, it can
also provide the weather
forecast, updated flight
information, and much more.
Cortana is also heavily integrated
into Microsoft’s new Project Spartan
Web browser (a code name, by the
way, that is another reference to the
company’s Halo franchise). When
using the browser to search for cer-
tain topics, Cortana will automatically
know how to provide any relevant in-
formation, including directions and re-
views. This feature is not only helpful
for consumers, but also business users
who want to quickly set up meeting
reminders and perform other tasks.
Rather than submersing users in a virtual reality experience, Microsoft’s HoloLens projects interactive high-definition 3D holograms into the world around them.
CyberTrend / April 2015 17
P a r t o f W i n d o w s
10, Cortana is in-
tegrated into more
a p p l i c a t i o n s t h a n
comparable digital
a s s i s t a n t s , w h i c h
makes it an inter-
e s t i n g f e a t u r e t o
watch for.
Windows As A Service
Microsoft is po-
sitioning Windows
1 0 a s a p l a t f o r m
rather than a static
operat ing sys tem.
Gone are the days
w h e n y o u ’ d h a v e
to wait for the next
major update—such
as f rom Windows
8 to 8.1—to get ac-
cess to new features
and improvements.
Microsoft sees Win-
dows as a service
now and is dedicated
to pushing out updates as often as pos-
sible to the OS. With this approach,
user feedback will be more impor-
tant than ever and Microsoft will have
the ability to add new functionality
to the platform as needed to address
customer concerns. It’s a wildly dif-
ferent approach than in the past and
a welcome change for consumers and
businesses that prefer to update to the
newest version of an OS as soon as it
comes out. With Windows 10, you’ll
always have access to the newest fea-
tures as soon as they’re available.
Whether it’s to make up for past
disappointments or just to make sure
that everyone can take advantage
of its new features, Microsoft is of-
fering Windows 10 as a free upgrade
to eligible Windows 7, Windows 8,
and Windows 8.1, as long as users up-
grade within the first year of the new
OS’s availability. Microsoft has offered
similar deals in the past, but it hasn’t
always extended the offer to cover so
many past Windows versions. The
main goal for Microsoft, it seems, is
to ensure that as many users as pos-
sible upgrade to Windows 10 and start
taking advantage of the new features
and consistent updates. Microsoft ul-
timately wants to unify the Windows
10 OS across desktops, laptops, smart-
phones, tablets, and wearables.
HoloLensSpeaking of wearables, hot on the
heels of the Windows 10 announce-
ment, Microsoft also revealed a new
headset called HoloLens. HoloLens is
similar to other AR (augmented re-
ality) and VR (virtual reality) headsets,
such as the Oculus Rift or Samsung
Gear VR, but it’s truly in a category of
its own. Rather than submersing users
in a VR experience, HoloLens projects
interactive holograms into the world
around them in high-definition.
These holograms are in 3D and can
be displayed on almost any surface. For
example, a demo video from Microsoft
shows a person using HoloLens and
projecting an application menu onto a
wall, which the person could interact
with. Another user was able to play a
build-your-own-world video game on
a table, the floor, or a couch. And yet
another user made a video call with
his father while working on a sink; he
was able to draw on his tablet’s screen
and show his daughter how to change a
pipe without being in the room. There
are also examples of HoloLens being
used for space exploration where a
rover or similar vehicle can take im-
ages of a planet and then a HoloLens
application creates a 3D representa-
tion that users can walk through and
interact with.
The device might sound like some-
thing out of a science fiction movie,
but it is indeed a reality and has
been successfully demonstrated by
Microsoft live on stage. While all of
the features we’ve discussed are inter-
esting, but perhaps the most impres-
sive thing about HoloLens is that it’s a
standalone device that doesn’t require
any cables, phones, or other physical
connections to work.
Designed with business users in mind, the Windows 10-powered Surface Hub is a large touchscreen display that can read up to 100 separate touch points simultaneously and includes a built-in computer.
18 April 2015 / www.cybertrend.com
PC-Doctor Service CenterSave 20% with code Cyber20
Reduce Down-Time. Reduce Waste. Go With The Best.PC-Doctor offers the industry’s #1 PC diagnostic repair toolkits—supporting all major brands, including tablets and ultrabooks.
866.289.7237 | PCDServiceCenter.com
The HoloLens is a lightweight
headset with a transparent lens that
can be adjusted to fit any head size,
which allows users to move around
the room freely and comfortably,
without having to be tethered to an-
other device. HoloLens is certainly
a technology to watch as it could
have many important use cases for
consumers and business users alike.
And it’s specifically designed to work
with Windows 10.
Surface HubWhile it may not be as futuristic
as HoloLens, Microsoft’s Surface
Hub is no less impressive. Imagine
taking a Microsoft surface tablet,
blowing it up to the size of an LED
television, and giving it even more
power, and you’ll have some idea of
what Surface Hub can do. Designed
with business users in mind, the
Surface Hub, which is powered by
Windows 10, is a touchscreen de-
vice that can read up to 100 separate
touch points at once and has a built-
in computer. The device ships with
Microsoft Office, including stan-
dards Word and Excel, as well as the
OneNote whiteboard and Skype For
Business applications.
The Surface Hub could change the
way companies orchestrate meetings,
with built-in features for drawing on
the screen and videoconferencing.
Surface Hub is also designed to
be customizable in order to meet
unique business needs. Buyers can
choose between 55-inch and 84-inch
4K models, and there are multiple
device installation and update op-
tions as well.
Products such as HoloLens and
the Surface Hub illustrate just how
dedicated Microsoft is to making
Windows 10 work on a wide range of
platforms, whether those platforms
be traditional or new and innovative.
This means the company is equally
dedicated to supporting the Windows
operating system and giving users
what they want. Imagine being able
to start a project on your desktop,
swing it over to your tablet to make a
few quick changes, and then sending
it to a Surface Hub for a presentation
or to the HoloLens headset to give
every individual a unique, interac-
tive experience. This is the promise of
Windows 10, and it will be interesting
to see how Microsoft delivers on it.
EVERYTHING ABOUT WINDOWS 10’S LAYOUT INDICATES THAT MICROSOFT HAS TAKEN USER CRITICISM TO HEART WITHOUT COMPROMISING ITS FORWARD-LOOKING VISION.
If quality time with the latest, fastest home computing technologies
is your idea of well-spent leisure time, CPU is the magazine for
you. Each month CPU serves up how-to articles, interviews with
tech industry leaders, news about cutting-edge research,
and reviews of the newest hardware and software.
GO DEEP
Check out the latest edition right now at www.computerpoweruser.com or on your iPad via the iTunes Store.
Facing Down Cloud Concerns BRACING FOR THE RISKS ASSOCIATED WITH USING CLOUD SERVICES
RESEARCH INDICATES organizations are
increasingly adopting cloud services. It
also shows executives still have reserva-
tions about embracing cloud services due
to perceived risks—security and a lack of
control over cloud environments being
examples. In short, for some executives
using cloud services is still equivalent to
cozying up to the enemy—the organiza-
tion might benefit from the relationship
but it also might get burned.
The reality about cloud services is that
there are benefits and risks to using the
services. Whether the benefits outweigh
the risks enough to adopt a service can
be a matter of separating the truth from
misconceptions, viewing cloud services in
the proper light, and mitigating real risks
as much as possible. The following offers
advice for doing so.
Then & NowA good starting place for gaining
perspective on cloud services is un-
derstanding how they compare with
traditional enterprise software/hardware
in practical terms. Like traditional infra-
structure, cloud services are essentially just
another technology or operating model
to leverage. “Organizations comparing
cloud services to traditional enterprise
software need to think about how tech-
nology supports their business, and like-
wise how their business adapts to take
advantage of cloud services,” says Ed
Anderson, Gartner research vice presi-
dent, cloud services.
Notably, Anderson says, cloud ser-
vices enable capabilities previously
difficult or impossible to support via tra-
ditional enterprise software. Examples
include self-service or on-demand in-
terfaces; metering, or monitoring, man-
aging, and optimizing services and
consumption; and elasticity and scal-
ability, or access to virtually unlimited
capacity delivered on a pay-per-use
model. Sharing or multi-tenancy, mean-
while, gives cloud services unprece-
dented efficiencies, Anderson says.
KEY POINTS
• Research shows organizations are increasingly shifting workloads to cloud services, indicating accep-tance of certain cloud-associated risks.
• Although misconceptions about cloud services exist, security remains a top concern among executives.
• Some experts believe the business benefits cloud services can enable, such as speeding up deployments of new business services, outweigh potential risks.
• Selecting the right cloud service and obtaining benefits from it relies on knowing what the organization’s desired outcomes are for using the service from the outset.
20 April 2015 / www.cybertrend.com
Also noteworthy is that cloud ser-
vices can be accessible using standard
Internet technologies. In other words,
no special software is required to use
a service, unlike the old client/server
model, Anderson says. Overall, if com-
panies can combine cloud technologies
and cloud operating models, he says,
they can unleash a new level of produc-
tivity, efficiency, and agility.
Organizations seem to be recognizing
such capabilities. Laurent Lachal, Ovum
senior analyst for infrastructure solu-
tions, says if equating “cloud services” to
public cloud services (SaaS [software as
a service], IaaS [infrastructure as a ser-
vice], and PaaS [platform as a service]),
they’re growing at a much faster pace
than on-premises hardware/software
products. He does note that compa-
nies are mixing cloud and on-premises
resources, such as operating both on-
and off-premises storage or mixing an
on-premises antivirus software with a
cloud-based malware database.
Elsewhere, a 2014 Frost & Sullivan
survey indicated that more than 70%
of executives polled had implemented
cloud services to cut hardware or soft-
ware maintenance. Karyn Price, Frost &
Sullivan cloud computing analyst, says
businesses are shifting workloads to the
cloud to replace hardware and tradi-
tional software licenses. “A full 75% also
noted they’re shifting some workloads
to SaaS services to reduce server and
network infrastructure costs associated
with deploying traditional software li-
censes,” she says.
While strategies vary, Lachal says, gen-
erally the younger the CIO or company
and the more competitive the industry,
the more likely it is that the organiza-
tion will turn to public cloud services.
“Startups don’t have any choice. No ven-
ture capitalist will provide money for
their own infrastructure,” he says. “They
have to start on a public cloud, and if and
when successful can then develop their
own private/hybrid infrastructure.”
Today, Anderson says, “cloud first”
initiatives and organizations’ declarations
to move all IT operations to some type of
cloud model are less common, including
because there’s growing realization that
some cloud services are ideal for some
scenarios but not others. Most organi-
zations are now indicating intentions
to implement hybrid cloud and hybrid
IT environments, thus leveraging the
best of different cloud and non-cloud
environments.
Pros & ConsFor some organizations, cloud ser-
vices represent the best path forward,
because their existing technology base is
ill-equipped to support their businesses,
Anderson says. For others, there are
various pros and cons concerning cloud
services relative to their existing environ-
ment to weigh first.
Arguably, no area about cloud ser-
vices concerns executives more than
security and unauthorized access to
company data. Anderson says security
always tops organizations’ list of rea-
sons not to use cloud services, despite
some security concerns being as much
psychological as real and options being
available to mitigate many real security
issues. Beyond security, executives see
reliance on the public Internet to access
applications as a con.
In terms of costs, while using cloud
services can translate into cost savings,
there’s a risk it won’t. For example,
particular applications running in the
cloud may not be well-suited to cloud
models, making them more expensive
to run there. Additionally, cloud of-
ferings may be priced to benefit pro-
viders, not consumers. Further, costs
associated with a cloud service—migra-
tion, integration, data management,
bandwidth, training, etc.—may out-
weigh the cost savings a service other-
wise provides.
Despite such factors, Price says, enter-
prises are increasingly using cloud com-
puting as a strategic IT initiative to deliver
efficient application access to remote or
mobile employees, ease the process of en-
tering new markets, and streamline man-
agement of routine IT tasks.
Among the possible advantages to
using cloud services, elasticity and scal-
ability are often cited as the most ben-
eficial. Lachal says cloud services enable
users to provision and release IT re-
sources and ecosystem services quickly
and automatically as needed. “The risk is
over-consumption, or keeping resources
running when they’re no longer needed,”
he says. Anderson notes that agility is the
top benefit CIOs identify for using cloud
services by a wide margin. Agility occurs
when organizations use cloud services in
conjunction with a cloud-oriented oper-
ating model, he says.
Another benefit to using cloud services
includes the on-demand, self-service
nature of the cloud, which Lachal says
equates to fast, convenient IT resources
and provisioning—though, without sys-
tems/processes in place, there’s the risk
of a lack of control in who provisions
what. Another positive is the straightfor-
ward access the cloud enables to services
via GUIs (graphical user interfaces) for
users and open, published, and docu-
mented APIs (application programming
interfaces) for software applications. “The
benefit here is being able to access func-
tionality easily without much training or
investments,” Lachal says.
Innovation and evolution are addi-
tional benefits worth noting. “Much of
the new innovation in software is now
directed toward cloud services first, tra-
ditional offerings second,” Anderson
says. Lachal says because providers use
“Organizations comparing cloud services to traditional enterprise software need to think about how technology supports their business, and likewise how their business adapts to take advantage of cloud services”
ED ANDERSONResearch Vice President : Gartner
CyberTrend / April 2015 21
customer feedback and actual user be-
havior to iteratively and continuously
evolve and expand their resources and
services, they’re more closely aligned
with customers’ needs.
Weighing Risks Vs. RewardsIt isn’t surprising that executives view
cloud services with a decidedly risk-re-
ward mind set. This isn’t unique to cloud
services. “It’s a factor in every IT deci-
sion,” Anderson says. The problem is that
many misconceptions regarding cloud
services’ benefits and risks exist, he says.
Many within business departments, for
example, believe public cloud services al-
ways lead to cost savings. The truth is that
cost savings isn’t always the best reason to
use cloud services.
Key is noting that cloud service adop-
tion “deserves the same thorough treat-
ment as any technology initiative,”
Anderson says. Being clear on desired out-
comes—whether cost, agility, innovation,
etc.—will provide a much better chance
to select the right IT services to obtain the
desired outcome. Balancing the outcomes
with a realistic assessment of the associ-
ated risks is vital, Anderson says.
Also vital is recognizing that cloud
services come in many types beyond
IaaS, PaaS, SaaS, private, public, and hy-
brid. Lachal points out there’s public-
private hybrid clouds, connected public
clouds, shared private clouds, virtual
private clouds, shared virtual private
clouds, managed private clouds, man-
aged public clouds, hosted private
clouds, and hosted and managed private
clouds. Each has a specific balance of
risks and benefits. “The more options,
the more likely a company is to find one
that fits their requirements,” he says.
Overall, Price says, the increased
cloud adoption of 2014 that’s expected to
continue in coming years indicates IT is
finding ways to mitigate common risks
associated with cloud adoption. Further,
the potential business benefits—making
IT more service-centric, deploying new
business services faster, and entering new
markets quicker and easier—outweigh the
potential risks, she says.
In terms of mitigating risks, MSAs
(master service agreements) and SLAs
(service-level agreements) provide one
means to do so. MSAs typically pertain
to general terms and provide an umbrella
agreement outlining the provider-con-
sumer relationship, Anderson says. SLAs
are assigned to specific services, outlining
how services are expected to perform.
SLAs should also detail penalties in
the event the service does not perform as
promised. Anderson says a well-written
SLA can mitigate risks if it outlines penal-
ties that truly compensate the organiza-
tion for losses. “That said, most cloud
service SLAs don’t come anywhere near
that level,” Anderson says. Most out-
line basic terms of service performance
and “generally very weak penalties for
non-performance,” making cloud service
adoption riskier for consumers because
“there’s very little recourse if the service
doesn’t perform,” he says.
Anderson believes this is true currently
because most providers aren’t entirely
sure of the risks themselves. Thus, they
hedge on penalties while the market con-
tinues to expand. “As the market matures
and as competition increases, SLAs are
likely to get better and used by providers
as a differentiating ‘feature,’” he says.
Until then, consumers bear most of the
risk of using the service.
Lachal sees MSAs as defining SLAs.
Currently, he says, there’s too much focus
on negotiating contracts and not enough
on ensuring providers and consumers
manage their relationships for the long-
term and adapt to evolving technology
and market conditions to ensure the
cloud service can meet ongoing enter-
prise requirements.
Changing The Mindset Overall, it does appear executives’ fears
concerning using cloud services are less-
ening in certain respects. Price points to
Frost & Sullivan’s research concerning
adoption of IaaS in 2014. At the time of
the survey, 50% of businesses stated they
used public cloud infrastructure while
30% intended to adopt IaaS in the fu-
ture. That’s up from 2013 when there was
15% usage and 15% anticipated adoption.
Price says the sharp increase “evidently
demonstrates that either IT is finding
ways to mitigate risk of cloud deployment
or executives are recognizing the benefits
of cloud computing, which in turn over-
shadows any fear of potential threats.”
Lachal says in any IT context, in-
cluding public clouds, security (making
using IT secure), security compliance
(showing IT is secure), and regulatory
compliance (showing IT complies with
regulations) have always been top con-
cerns. Such concerns are leading vendors
to react at various levels, he says. Most
enterprises, he says, acknowledge that
public cloud security, security compli-
ance, and regulatory compliance “is at
least as good as their own, if not more,”
he says.
As the cloud industry and organi-
zations continue to mature, Anderson,
believes misperceptions about cloud ser-
vices will continue to fade. Many cloud
offerings are climbing the “slope of en-
lightenment” to the “plateau of produc-
tivity,” he says, indicating “the reality
of cloud service capabilities are finally
sinking in with consumers.” Even if con-
cerns are misguided, he says, it’s impor-
tant organizations thoroughly examine
any cloud service under consideration
to ensure it meets their needs without
exposing them to too much risk.
The sharp increase in cloud services use and adoption “evidently demonstrates that either IT is finding ways to mitigate risk of cloud deployment or executives are recognizing the benefits of cloud computing, which in turn overshadows any fear of potential threats.”
KARYN PRICECloud Computing Analyst : Frost & Sullivan
22 April 2015 / www.cybertrend.com
Enterprise Mobility GET DEVICES & APPLICATIONS UNDER CONTROL WITH ENTERPRISE MOBILITY MANAGEMENT
THE LIST OF TOOLS and concepts for
managing various aspects of mobility
in the workplace is littered with enough
acronyms to make even the steadiest
executive dizzy. Beyond strategies and
tools for BYOD (bring your own de-
vice), there are also MAM (mobile
application management) and MDM
(mobile device management) categories,
and depending on whom you ask, the
list can include MBM (behavior), MCM
(content or collaboration), MEM (ex-
pense), and MADP (mobile application
development platform) entries.
Go ahead and add EMM (enterprise
mobile management) to the list. Unlike
individual tools, however, EMM is a
comprehensive approach to mobility
management, combining multiple tools
that address devices, applications, data
security, and other areas. “Increasingly,
enterprises are managing multiple dif-
ferent mobile populations with varying
needs,” says Chris Silva, research director
at Gartner. “In an organization with
corporate-owned devices and some per-
sonally owned devices, device-level con-
trols may be possible for some but not all
devices, leaving IT in need of full-device
controls for some users [and] app-level
controls for others.” EMM suites enable
using a single console to manage multiple
policies and enforcement methods, some-
thing essential to managing mobility on a
large scale, Silva says.
Some experts believe as mobility
continues to transition into a main IT
concern, EMM solutions will be key.
The following explores EMM as a
concept, problems it can address, im-
provements it enables, and features
and tools an all-encompassing solution
may contain.
EMM UnwrappedIn a paper exploring MDM’s future,
Forrester Research recently reported
that although enterprises commonly use
MDM technologies to enable workforces
to gain the proper access on mobile
KEY POINTS
• EMM solutions bring together mul-tiple management tools for devices, applications, security, data security, costs, and other mobility concerns into one solution.
• Cloud-based EMM solutions are generally quicker to implement and more flexible price-wise, and they eliminate tasks related to applying product updates.
• In terms of security, EMM solutions provide enterprises with greater vis-ibility and control over the mobile de-vices using their networks and data.
• EMM solutions typically include MDM and MAM elements to address device and application control and then add two or more other manage-ment pieces.
24 April 2015 / www.cybertrend.com
devices, early MDM solutions only met
basic security and management needs
surrounding mobility. As mobile strat-
egies mature, management needs ex-
tend beyond those concerning the
device. Forrester believes MDM solu-
tions will evolve into EMM solutions,
enhancing legacy MDM solutions in
the primary areas of security, support,
and experience.
Essentially, EMM provides a broader
toolkit than MDM or MAM tools do
alone, says Christian Kane, Forrester
Research analyst. “EMM is really the
evolution of MDM,” says Kane, who
depicts EMM as an equation: EMM =
MDM + MAM + MCM (collaboration
options and data security) + Secure
Network Gateway. Most solutions con-
tain MDM and MAM and pieces of the
other two, he says. Silva says compared
with MDM, “an increasingly legacy
term” that really only focuses on man-
aging devices, EMM combines device
and MAM with management of enter-
prise content used on mobile devices.
Richard Absalom, a senior analyst at
Ovum, says a complete EMM solution
includes “deep cross-platform” abili-
ties spanning MDM (to manage and
secure everything on a device), MAM
(to deploy, manage, and secure the
apps workers need), MADP (to enable
building custom apps meeting particular
organizational needs), NAC (network
access control; to govern access to data
over corporate networks), IAM (iden-
tity and access management; to set poli-
cies based on individual user profiles),
and TEM (telecommunications expense
management; to monitor and manage
telecommunications spending). A typical
solution might incorporate two to four
of these components, typically MDM,
MAM, and certain NAC elements, he
says. Leading solutions come close to
providing all components, but no single
vendor “covers every aspect of every
component well,” Absalom explains.
Peter Crocker, principal analyst and
founder of Smith’s Point Analytics,
says the core of EMM is securing valu-
able enterprise data on mobile devices,
including by controlling applications,
data, and the device. Enterprises that
don’t use an EMM solution, Crocker
says, risk compromising the security of
their data.
Silva says enterprises are rolling out
EMM to view where and how their
data is accessed and stored. “It’s not
uncommon for breaches of data usage
policy or simply fair use policies to be
untraceable in the absence of a formal
management tool,” Silva says. There is
potential, though, to bottleneck produc-
tivity if workers can’t tie their personal
devices into enterprise systems due to
security concerns, he notes.
Silva says leading EMM providers
have either built out or included deep
integration with enterprise file syncing/
sharing or a mobile variant. They’re also
including controls aimed at the man-
agement of internally developed mobile
apps or customizing third-party apps
that the solution manages to allow for
flexibility in policy. “Vendors accom-
plish this through offering some develop-
ment components to develop apps with
or customize public apps,” Silva says.
“Some have a curated collection of pre-
configured versions of popular apps.”
Elsewhere, EMM can benefit orga-
nizations seeking to view and control
what devices are accessing the corporate
network, prioritize network traffic, and
improve certain business processes by
mobilizing different line-of-business
applications, Absalom says. Further,
they can address spiraling mobile costs,
user support challenges, misuse of cor-
porate assets, and productivity leakage
(or “tele-shirking”), says Rob Bamforth,
principal analyst with Quocirca.
Enter The Fray Why consider an all-encompassing
EMM solution vs. simply using indi-
vidual tools? EMM solutions evolved
out of MDM “in most cases because
customers needed more,” Kane says.
Although organizations might not nec-
essarily need some deeper security tools
that some EMM solutions provide,
many organizations will look at EMM
tools eventually, because their mobile
strategies will mature, Kane explains.
In terms of vision and control, an
EMM solution provides users one lo-
cation where they can go to manage
all aspects of mobile strategy, from
development and deployment of apps
to managing costs of call/data plans.
Absalom says leading EMM vendors
have mostly positioned themselves by
specializing in one or two areas of EMM
and building out their offerings via
acquisitions or internal development.
“MADP is one component often left
out,” he says. Absalom explains that
some vendors prefer to keep it this
way, because they believe EMM should
be platform-agnostic around MADP
and work with whatever platform the
customer chooses. They have a point,
he says, but for enterprises that want
one vendor to meet all mobility needs,
MADP capability is crucial.
Bamforth says an EMM solution
should be better integrated than indi-
vidual tools. However, because many
EMM solutions come about via acquisi-
tions, solutions may be at various stages
“Increasingly, enterprises are managing multiple dif-ferent mobile populations with varying needs. In an organization with corporate-owned devices and some personally owned devices, device-level controls may be possible for some but not all devices, leaving IT in need of full-device controls for some users [and] app-level controls for others.”
CHRIS SILVAResearch Director : Gartner
CyberTrend / April 2015 25
in the integration process. “There may
also be a watering down of some ca-
pabilities—security tightness in some
areas, for example—in order to make
the entire suite more functional and
coherent,” Bamforth says. In these cases
and where there are strong specific re-
quirements, an organization may be
better off considering more specialized
tools, he says.
A key consideration in adopting
EMM is whether to do so via an internal
or cloud-based offering. Cloud options
are quicker to implement and more
cost-effective for SMBs, Crocker says.
Similarly, Absalom says cloud offerings
generally have more flexible pricing.
Also, they are quicker to scale up and
get updated regularly. For enterprises
responsible for storing highly sensi-
tive data, however, cloud EMM solu-
tions present the same data security and
leakage risks as other cloud services,
Absalom says. Bamforth notes there
may also be international concerns in
terms of where the cloud provider is
incorporated and stores data.
Overall, preference for cloud-based
EMM consoles is growing, Silva says.
Due to the rapid rate at which device
OSes and abilities within solutions
change, he says, opting for a SaaS EMM
deployment “eschews the overhead of
having to ensure the console is con-
stantly up-to-date. We’ve seen as many
as 30 product updates in a single year
for some EMM tools, which equates to a
lot of operational overhead to keep up.”
In general, organizations can ex-
pect to see certain improvements after
adoption, even if they aren’t experi-
encing specific mobility problems. For
example, by addressing mobile applica-
tion and security needs, EMM may help
accelerate mobile application deploy-
ment, Kane says. Bamforth says many
controls used for mobility can be readily
applied to other devices/assets, and “be-
cause most organizational boundaries
are essentially porous now and many
will work ever closer with external third
parties, this is a good thing to look at.”
The increased visibility into usage
that EMM enables can also introduce
better cost controls, something Silva
sees as a chief benefit. Beyond intro-
ducing a lower overall risk profile via
controls for protecting devices and en-
terprise data, EMM can protect users
in terms of tracking down lost or stolen
personal phones or tablets, he says.
Ultimately, enterprises should strive
to transform their business processes
through employee use of mobile de-
vices, Absalom says. “That means
giving access to the right apps on the
right devices that they need to do their
job[s],” he says. Thus, if certain em-
ployees use PCs, tablets, and smart-
phones, typically they should have
access to all their tools and apps on
each device, whether it’s corporate or
personally owned. “EMM helps to en-
able and secure this multi-screen way
of working,” Absalom adds.
Tomorrow’s EMM As mobile OSes mature, more ad-
ministrative control features are being
incorporated into the software, some-
thing Silva says will shift the evolution
of EMM solutions to focusing more on
app- and data-level controls. Although
a truly platform-agnostic future in the
management of mobile devices is not
close at hand, Silva says, “as EMMs
evolve and provide controls that are
far more flexible than the ‘locked-
down device’ model many users chafe
against today, more users can benefit
from having mobile access to informa-
tion.” That information could prove
more useful, too, he says, because app-
level controls and policies mean users
are seeing the right data and apps de-
pending on who those users are and the
context in which they’re using the de-
vice. “EMM will mature to be as much
about intelligent service delivery as se-
curity,” Silva says.
Gradually, Absalom says, EMM
is becoming more integrated with
broader IT service management abili-
ties. Organizations desire the ability to
manage all their endpoints and appli-
cations from one place, “from servers
down to smartphones,” he says. Thus,
mobile–specific features are becoming
more aligned with more traditional end-
points, he adds.
Kane believes EMM solutions will
ultimately sit alongside their coun-
terparts for PC management in a
“Workspace Management” type solu-
tion. “Employees use a wide range of
devices increasingly, but they’re trying
to do similar things at a high level,”
Kane says. “You need applications ac-
cess and data access regardless of the
device you’re using at that moment. So
companies will look to manage things
like access, policy, and security across
all of these things in a much more con-
sistent way.”
EMM solutions evolved out of mobile device man-agement, “in most cases because customers needed more.”
CHRISTIAN KANEResearch Analyst : Forrester Research
Many controls used for mobility can be readily applied to other devices/assets, and “because most organizational boundaries are essentially porous now and many will work ever closer with external third parties, this is a good thing to look at.”
ROB BAMFORTHPrincipal Analyst : Quocirca
26 April 2015 / www.cybertrend.com
AS EACH GENERATION OF smartphones
and tablets continues to become more
powerful, cybercriminals are begin-
ning to target these devices with more
sophisticated attacks. Gartner reports
that roughly 1.36 billion smartphones
will ship globally in 2015 while PC ship-
ments for the same period are expected
to be a meager 316 million units. You
don’t have to be a security expert to see
the writing on the wall; any malware
type that’s a proven money maker in the
PC world can—and will—make the leap
to the mobile world. Lots of malicious
code has already done just that. Alcatel-
Lucent’s Motive Security Labs estimates
that there were 20% more infections in
2013 than in the previous year and 25%
more in 2014. The firm estimates that
there are about 16 million malware-in-
fected mobile devices currently in use.
But one of the few malware types that
has yet to really dig its teeth into our
portable devices is the botnet. According
to analysts, that’s about to change.
Mobile Botnets THE NEXT BIG THREAT TO TAKE AIM AT SMARTPHONES & TABLETS
Botnets Hit The RoadThe term "botnet" refers to a series of
computers, or smartphones and tables
in the case of mobile bots, that have
been infected with a self-replicating
backdoor Trojan that lets cybercrimi-
nals force the network to perform un-
authorized commands, en masse. Once
infected with such malware, a computer
or mobile device becomes a single node
in the botnet, referred to as a zombie or
bot. The strength of the botnet is in the
numbers. Cybercriminals use a system
known as a command-and-control com-
puter to issue commands and distribute
the malware.
More targeted malware may allow
a cybercriminal to access your pass-
words, sensitive data, and your fi-
nancial accounts, but with botnets at
their disposal, cybercriminals can col-
lect valuable data from hundreds or
thousands of infected devices, gen-
erate spam and initiate phishing scams
using massive combined contact lists,
use the IP addresses of the infected de-
vices to obfuscate the source of mal-
ware or a given attack, launch DDoS
(Distributed Denial of Service) attacks
to take down websites, force the devices
to run background processes to perform
ad-click fraud, mine cryptocurrencies,
and more.
According to Pierluigi Paganini,
Security Affairs founder, one of the
primary ways mobile botnets are a
different animal compared with tra-
ditional botnets is due to the fact that
current mobile platforms are largely
unsecured. Windows users, for the
most part, have been conditioned to
mistrust links in unexpected emails,
they run antivirus software, and they
generally know to avoid visiting suspi-
cious websites. That same user, how-
ever, is rarely so cautious when using
his smartphone or tablet.
As a result, the ever increasing BYOD
trend is posing new and real threats to
businesses. According to Paganini,
CyberTrend / April 2015 27
“Mobile devices today are a mobile ap-
pendage of company infrastructure, com-
promising a mobile device could offer a
validated opportunity to infiltrate internal
networks.” Gartner recently predicted
that by 2018, a quarter of all corporate
data traffic would pass between mobile
devices and the cloud, thereby bypassing
traditional perimeter security measures.
Mobile Botnet ActivityAlthough they have yet to re-
ally ramp up, you don’t have to look
far to find examples of recent mobile
botnet attacks. Paganini points to the
November 2014 report from mobile
security app-maker Lookout, which de-
scribes the NotCompatible.C malware
that targets Android-based devices as
‘the most advanced mobile botnet ever.’
The malware can piggyback on com-
promised mobile devices to gain access
to secure enterprise networks. After the
malware has a foot in the door, it relies
on a peer-to-peer control scheme that
makes it dangerous, unpredictable, and
difficult to detect and remove.
Apple devices aren’t immune to
infection either. For example, in late
2014, Palo Alto Networks discovered
WireLurker malware that targeted
Apple iPhones and iPads. The mali-
cious software makes its way onto a
device when the user attempted to in-
stall pirated versions of popular Mac
apps. Once activated, it downloads and
installs enterprise-signed apps to the
device without the user knowing. If the
malware gets onto a jailbroken Apple
device, it can perform a few more nasty
tricks, including modifying system soft-
ware, and copying address book con-
tents and Apple IDs from iMessages.
In March 2014, cyber intelligence
firm SenceCy found a variant of the
Zorenium Bot that had recently added
iOS to the list of susceptible device op-
erating systems, which had previously
included Windows and Linux. At last
check, the malware was capable of
avoiding detection by antivirus apps and
let cybercriminals use infected phones to
stage DDoS attacks and perform other
illegal activities, such as form grabbing
(nabbing authorization and log-in cre-
dentials from Web forms), acting as a
banking Trojan, and mining for crypto-
currency.
Apple and Android are the most
popular mobile platforms, but they’re
not the only ones that are vulnerable to
zombification from smartphone- and
tablet-centric malware. According to
Paganini, “Every platform and every
device is a potential target.”
Is Your Device Infected?If you suspect that your mobile de-
vice may be running some malicious
software or has become an unwilling
party in a botnet’s nefarious activities,
Paganini suggests that there are few
ways you can tell. For those with data
caps and talk-time limits, keep an eye
on your bill and usage. Any unexpected
spike in one or the other may be an
indicator of an infection. “Pay attention
to dropped calls or strange disruptions
and interference during a conversa-
tion and data transfer,” he adds. Other
signs include quicker than typical
battery drain and a significant reduc-
tion in the performance of the device,
which can indicate numerous unwanted
background processes consuming
CPU cycles.
How To Avoid Becoming A BotAs Paganini first pointed out, being
proactive can go a long way toward
keeping your device from becoming
a bot. This means installing and run-
ning security software on your smart-
phone and tablet, making sure to keep
it up-to-date, and scanning for infec-
tions periodically. Other suggestions
include avoiding opening unsolicited
emails and attachments, staying away
from untrusted websites, refraining
from installing applications from third-
party app stores, and only downloading
apps that are necessary. Paganini sug-
gests that unnecessary apps effectively
give cybercriminals more opportuni-
ties to get to your device. If you use an
Apple device, don’t jailbreak it; most
of the iOS-specific malware available
gets on the device via apps installed
from sources outside the Apple App
Store. And finally, if you use removable
storage on one device that may have
been infected, don’t move it to another
device before verifying that it is not
going to transmit the malware.
The Year Of The Mobile BotnetAlthough there are examples of mo-
bile botnets in the wild, they aren’t nearly
as prevalent as they are in the PC space.
That being said, Motive Security Labs is
calling 2015 the year of the mobile botnet.
Your mobile devices are as susceptible as
PCs and notebooks to malware in all its
various incarnations. To effectively pro-
tect yourself and your organization, you
need to take proactive steps, use common
sense, and stay informed on the latest se-
curity developments.
“Mobile devices today are a mobile appendage of compa-ny infrastructure, compromising a mobile device could of-fer a validated opportunity to infiltrate internal networks.”
PIERLUIGI PAGANINI Founder : Security Affairs
BEING PROACTIVE CAN GO A LONG WAY TOWARD KEEPING YOUR DEVICE FROM BECOMING A BOT. THIS MEANS INSTALLING AND RUNNING SECURITY SOFTWARE ON YOUR SMARTPHONE AND TABLET, MAKING SURE TO KEEP IT UP-TO-DATE, AND SCANNING FOR INFECTIONS PERIODICALLY.
28 April 2015 / www.cybertrend.com
Business Intelligence Solutions WHAT ENTERPRISES CAN REALISTICALLY EXPECT FROM THEIR INVESTMENT
IN A RECENT REPORT, Michael Lock,
Aberdeen Group vice president and
principal analyst, writes that while ex-
ecutives traditionally have greatly, if not
completely, based key business deci-
sions on their experience and first-hand
knowledge, utilizing analytical tools and
processes would enhance that experi-
ence with data-driven insights.
Organizations that base decisions
on experience and intuition over data,
says Howard Dresner, author and chief
research officer at Dresner Advisory
Services, place themselves at a strategic
disadvantage by not having their finger
on the pulse of their business, market,
or customers. While the notions and
myths some organizations hold about
BI (business intelligence) software and
analytics are changing, especially as
newer workers climb the ranks, more
education is still needed, he says.
Positively, Lock writes, “even the
stodgiest, slowest moving organiza-
tions” are waking up to the power of
data-driven decision-making. Today, he
states, analytics is entering the C-suite,
reaching senior managers seeking to
extract maximum value from data, pro-
vide employees with analytical capa-
bilities, and deliver repeatable business
results. For these executives and others,
the following explores what BI software
is; what results it can provide; and how
to choose tools, avoid mistakes, and
measure results.
The Purpose BI software helps companies or-
ganize, extract, and analyze internal
and external data gathered from busi-
ness departments; social media efforts;
retail, marketing, and digital initia-
tives; and other sources. The aim is
unearthing patterns and insights that
would otherwise be difficult to rec-
ognize. Using tools such as historical
and predictive analysis, OLAP (online
analytical processing), text and data
mining, dashboards, data visualization,
KEY POINTS
• Before selecting BI software and tools, map out a clear BI strategy and goals in order to best fit your organization’s needs.
• BI software offers numerous possible benefits, but making data-driven decisions isn’t possible if cul-tural and human roadblocks exist.
• Companies already with BI software in place may find it dif-ficult to convert users who are comfortable with the current solu-tion to the new one.
• Avoid the influence of marketing or following other companies’ leads and instead match a solution to your business’s use cases and problems.
30 April 2015 / www.cybertrend.com
and reporting, BI software can identify
a company’s strengths and weakness
and help its leaders make better and
faster decisions concerning business
opportunities, strategic plans, ineffi-
cient processes, past missteps, cost sav-
ings, and more.
Although “BI software” and “busi-
ness analytics” are commonly used as
if they’re interchangeable, some argue
there are distinctions between the two.
Cindi Howson, Gartner vice president,
views “business analytics” as the ap-
plication of BI software. Some vendors,
she explains, “say BI is just reporting—
I disagree—whereas BA includes re-
porting and prescriptive analytics.”
Similarly, Lyndsay Wise, president of
Wise Analytics, says while there are
differences, “the marketplace is ripe
with semantics.” Essentially, she says,
the goal of BI and BA is gaining value
from data and attaining broader busi-
ness visibility to support better deci-
sion-making and strategic success.
Whatever they’re called, says Daniel
Ko, Info-Tech Research Group ana-
lyst and manager, what’s important is
finding a tool that suits the organiza-
tion’s needs. Ko describes BI software
as a “spectrum of tools” he views as
“last mile” tools delivering and pro-
visioning data to end users. At one
end are reporting tools. At the other
are predictive analytics suites. “BI
and business analytics tools are in be-
tween,” he says.
Used properly , BI software can
solve “typical” and “atypical” prob-
lems , Ko says . Typica l problems
arise when running operations, such
as “how many products we sold last
week” or “how year-to-date activities
compare to those last year.” Atypical
problems represent strategic BI and
are basically “open” questions arising
from business curiosity and start with
a hypothesis and/or observation. A
market ing manager , for example ,
might propose that placing diapers
alongside beer may boost the sales
of both. “BI can be the platform to
gather data to prove and disprove the
hypothesis,” Ko says.
Generally, Ko views low-end tools
as doing static reporting with little or
no user interaction, answering typical
questions, and pushing information to
users. High-end tools let users explore
data on their own to derive insight.
The Abilities Dresner believes most organizations
have a sizable amount of low-hanging
fruit that BI software can help grab.
“Things they simply didn’t know about
their business that they should have
known,” he says. Finance, accounting,
sales, manufacturing and logistics,
human resources, and other departments
all have quantitative aspects to analyze if
enough good data exists, says Nik Rouda,
Enterprise Strategy Group senior ana-
lyst. While BI doesn’t necessarily track
qualitative information, “even this is im-
proving with more nuanced analytics of
text and social,” he says.
Howson cites BI software as poten-
tially improving revenues and customer
service, increasing operating efficien-
cies, exploring new opportunities, and
predicting future outcomes. At a min-
imum, it should help businesses know
what’s happening “based on facts, not
gut feel,” she says. Jeff Cotrupe, Frost
& Sullivan big data and analytics in-
dustry director, meanwhile, says ac-
cessing, processing, and querying big
data for analytic insights can help solve
problems in virtually any business area.
Companies in every vertical are using
tools to determine who their best cus-
tomers really are, where improvements
in production and other processes are
needed, how to optimize customer ex-
perience, and more, he says.
What BI software can’t do is solve
problems when “cultural and human
nature” obstacles prevent a company
from being data-driven, Howson says.
Further, BI software can’t “magically
solve data-quality issues” and provide
answers/insight without good data,
Ko says. “A lot of people are trying
to introduce BI to a culture that isn’t
data-centric,” he says. “These imple-
mentations will fail because the de-
mand for BI “simply isn’t there.”
Make A Match Notably, Cotrupe says, while there
are numerous vendors in the BI soft-
ware space, none has “al l the an-
swers or all the solutions.” Often, the
smallest providers offer the most in-
novative solutions, he says. Arguably
the best starting point to deciphering
which BI software is most appropriate
is defining the company’s overall goals,
use cases, and applicable users.
Wise recommends fu l l eva lua-
tion of the business pains the com-
pany is experiencing and what the
business and technical requirements
are . Speci f ica l ly , determine what
data sources are required and how
to acquire, store, and manage them.
Further, identify where calculations/
processing will occur and how the
company will interact with the infor-
mation. “Unfortunately, some busi-
nesses overlook the importance of data
management and its role in broader BI
initiatives,” Wise says.
Also critical is allowing for enough
flexibility to integrate software with
all current and future data sources,
Rouda says. Thus, choose software
that can be used by anyone likely to
be asking questions about the business
and that offers enough performance to
satisfy users and workloads, can scale
to handle data volumes, and provides
as much security and governance as
possible. More subtle features can in-
clude an ability to work with data/users
“Look at [a BI tool] like a portfolio. Some stocks you want to hold on to for a long time, and others you might get rid of and pick up others.”
HOWARD DRESNERAuthor & Chief Research Officer : Dresner Advisory Services
CyberTrend / April 2015 31
in disparate locations, work on mobile
devices, and foster collaboration.
Ko says selecting the most suitable
BI platform is an art, as it requires bal-
ancing IT and business needs, which
often conflict because IT wants a plat-
form that’s easy to develop, test, and
manage while the business wants some-
thing that’s easy to use, interactive, and
collaborative. Decisions should involve
both groups. Ko recommends an “ap-
prove and vote” strategy in which IT
provides several options the business
votes on to help ensure the platform is
IT-sound but one that business users
will adopt and use.
Traditionally, IT has managed BI
software post-implementation. As usage
matures, however, business analysts
may manage report creation or access,
Wise says. “With the advent of self ser-
vice and data discovery, organizations
are looking more at user group manage-
ment or having the business manage
BI,” she says. That said, with data gov-
ernance becoming more challenging in
terms of ensuring the data being ac-
cessed/analyzed is valid and reliable as
more users have increasing freedom to
access it, IT will become more respon-
sible again, she says.
Both Ko and Dresner suggest consid-
ering establishing a BICC (BI compe-
tency center), which Dresner describes
sitting between IT and users, essentially
providing an advocate for users but
simultaneously upholding some cor-
porate standards. Dresner says his re-
search shows that organizations that are
strategically successful with BI always
have a functioning BICC.
Avoid MistakesAmong missteps possible when pur-
chasing BI software is selecting the
wrong tools for the wrong users and
use cases. One tool, for example, may
be appropriate for user-assembled
dashboards and discovery-style appli-
cations but not for large scale finan-
cial reporting on transactional data,
Howson says.
Another mistake is following this
line of thought: “We’ve always used
vendor X, so why change?” Rouda ex-
plains, “There’s a lot of stickiness in
the markets, and while traditional ap-
proaches may have been successful at
meeting traditional requirements, the
needs are changing rapidly.” Big data,
for example, brings a lot of new possi-
bilities, he says, “and a BI tool is often
the front end of that technology stack.”
E l sewhere , some organizat ions
make decisions based on marketing
campaigns or what others have done
instead of matching solutions to busi-
ness problems, requirements, and tech-
nical specifications. Others overspend,
under-spend, and fail to “land and ex-
pand,” Ko says. Marketing, confusing
pricing models, and politics can cause
buying more than is needed. Other or-
ganizations under-spend by buying a
specialized tool that can’t scale up and
out. “Land and expand” pertains to
buying a suitable platform at the right
cost but believing the project is done
after implementation. “The project
isn’t done,” Ko says. “[Organizations]
fail to grow with the BI tool, leaving a
number of functions unused.”
Some people , meanwhi le , v iew
buying BI tools from one vendor a mis-
take, while others view buying various
tools from multiple vendors the same.
Rouda says while there’s an argument
that buying more integrated solutions
from fewer vendors offers support-
ability, deployment, and administration
benefits, most people he speaks with are
more interested in best meeting their
requirements than in choosing a spe-
cific provider. Wise says a “one-stop
shop” approach can make sense if a
company is already heavily invested in
a particular vendor, but a piecemeal ap-
proach can favor companies that desire
collecting best-of-breed tools or that
want to start with just one tool.
Dresner advises against a “one size
fits all” approach or taking the “get the
hammer and then we can build what-
ever we need” approach. Instead, he
advises narrowing prospective tools to
a subset that meets the organization’s
needs. “Look at it like a portfolio.
Some stocks you want to hold on to for
a long time, and others you might get
rid of and pick up others,” he says.
Ko says using multiple tools is fine
if there’s a business case for each. An
organization that already has a tradi-
tional BI tool, for example, may want
to add a data visualization tool to com-
plement it and enable certain abilities.
Conversely, buying from one vendor
may provide integration, bundled dis-
counts, and easier vendor manage-
ment advantages. The risk is getting
locked into one vendor’s architecture,
poor client services, and increases in
licensing fees.
Measuring ResultsObviously, a company that purchases
BI software will want to see results.
The question is, how do you measure
them? “Very carefully,” Rouda answers.
“Sorting out the impact of good insights
vs. other macro and micro environ-
mental factors can be difficult. ‘Did we
sell more because of the economy or be-
cause we knew who to target?’ ‘Did we
“With the advent of self service and data discovery, orga-nizations are looking more at user group management or having the business manage BI.”
LYNDSAY WISEPresident : Wise Analytics
TRADITIONALLY, IT HAS MANAGED BI SOFTWARE POST-IMPLEMENTATION. AS USAGE MATURES, HOWEVER, BUSINESS ANALYSTS MAY MANAGE REPORT CREATION OR ACCESS, WISE SAYS.
32 April 2015 / www.cybertrend.com
make the right decision because we’re re-
ally smart or because the software told us
something we didn’t know?’” This aside,
Rouda cites cost and business process
improvements as good indicators.
Very few companies use ROI to mea-
sure the impact of a BI solution, says
Howson, who wishes more did. While
soft benefits (user adoption, for example)
are often used to measure impact, she
recommends seeking out hard benefits
and anecdotal stories that demonstrate
success. For example, “We saved $3
million in supply chain costs by better
analyzing our data.” Revenue growth
through better targeting markets isn’t
the way businesses are measuring re-
sults, Cotrupe says. Companies are also
improving their one-call, or one-on-
line-interaction resolution, increasing
production without impacting human
resources, and seeing CAPEX and OPEX
savings using predictive analytics to help
accurately forecast future needs.
Ko recommends using a simple BI
adoption x BI consumption formula,
where adoption equals the number
of people using BI, and consumption
measures how much BI is consumed
and how frequently. The product of
both provides a diagnosis of the health
of overall BI, he says. Ko stresses this is
only an overall diagnosis. Companies
still need specialized lenses to iden-
tify areas to target. Example include
BI governance, people, processes ,
data, and technology. Deficiencies in
these areas will cause BI health to dip.
Further, companies should speak with
end users and stakeholders for addi-
tional context.
Ultimately, Wise says, measuring
results means ensuring the BI tools a
company has adopted are addressing
the business challenges that necessitated
their use to begin with. “The reality for
many organizations is that it becomes
challenging to identify success beyond
time saved, which becomes difficult to
validate over time if broader benefits
aren’t being realized,” she says.
Dresner, meanwhile, believes BI’s
success or failure has little to do with
technology and “everything to do with
human beings. It comes down to in-
ertia. Comfort level. Fear. Politics.”
Often, organizations don’t want to
know about problems because knowing
means having to do something about
them, he says. “BI is about changing
behavior, and humans don’t like to
change because it’s uncomfortable.”
Failing, however, means “it’s just a
matter of time before that organization
evaporates,” he says.
Call It QuitsA difficult question some companies
will face is knowing when it’s time to
disentangle from one BI solution or
switch to a different one. Further com-
plicating matters is how to go about
it. While change is disruptive, Rouda
says, the alternative is staying relatively
uninformed and under- informed,
which isn’t worth avoiding the effort
involved in switching.
Triggers that cause a company to
rethink its current situation include
BI strategy reviews, an underlying
business model changing, declining
BI adoption and consumption, tools
not adapting to new analytics tech-
nologies and data sources, and new BI
technologies emerging. How difficult a
transition is “depends on how deep the
roots are,” Dresner says. If data is cur-
rently in a structure segregated from
the actual BI solution, it may be easier.
“But all these solutions have their own
semantic layers. It is difficult,” he says.
Also diff icult is converting and
training users for a new solution when
they’re comfortable, allied, and still
getting results from the current one.
“People get emotional about that,”
Dresner says. “Hopefully [the new so-
lution] is better than what you have. If
not, you have a bigger problem on your
hands.” Ultimately, the new vendor
may provide resources to help with
the money, resources, and consultants
possibly required in migrating to a new
solution, he says.
Scalability, licensing, and capabili-
ties are challenges Wise cites as accom-
panying a switch to a new solution. In
terms of scalability, organizations must
consider whether perceived problems
really have to do with the BI solution
or with the data warehouse/infrastruc-
ture. “After all, the solution will only
perform as well as its infrastructure, so
if a database isn’t optimized it becomes
a challenge to get results quickly,” she
says. Elsewhere, organizations some-
times deploy a solution at a depart-
mental level, but it doesn’t scale in
terms of use, Wise says. For example,
licensing may become astronomical, or
the solution might not meet the needs
of other users, for reasons that can in-
clude a deficiency in ease of use.
In terms of capabilities, use cases
and organizational needs change over
time. “Not all vendors’ products are
created equally,” Wise says. Using pre-
dictive analytics, for example, requires
specific capabilities not all solutions
provide easily.
If desiring to change products, Wise
advises a full evaluation first, asking
why the original solution was selected,
why it’s no longer valid, what went
wrong, who desires the change and
why, and what benefits and challenges
are involved. Challenges should touch
upon the current infrastructure’s read-
iness to implement the new solution.
Sometimes, Wise says, organizations
become too eager to consider changing
BI strategy due to a new CIO’s or IT
director’s previous experience with the
current BI solution. “Those types of
reasons aren’t valid for a rip and re-
place,” Wise says.
“A lot of people are trying to introduce BI to a culture that isn’t data-centric. These implementations will fail because the demand for BI “simply isn’t there.”
DANIEL KOAnalyst & Manager : Info-Tech Research Group
CyberTrend / April 2015 33
GreenovationsThe technologiesthat make our lives easier also produce some unwanted side effects on the environment. Fortunately, many researchers, manufacturers, and businesses are working to create solutions that will keep us productive while reducing energy demands to less-en our impact on the environment. Here, we exam-ine some of the newest “green” initiatives.
Adding A Graphene Layer To Black Phosphorus May Lead To Faster Next-Generation Communications Devices
❯ Researchers at the University of Minnesota Department of Electrical and Computer
Engineering have demonstrated it may be possible to create devices for high-speed optical
data communications based on a material called black phosphorus. The 2D substance, a
crystallized form of phosphorus, can be used as both a photo (light) detector and a semi
conductor, so researchers have been experimenting with it as a material in next-gener-
ation optical circuits. The team at the University of Minnesota found it could combine
layers of the material to vary its photo detection properties. They discovered that adding a
one-atom-thick layer of graphene to the black phosphorus layers protects and strengthens
the overall structure. The team built an optical circuit with the layered materials and was
able to transfer data at rates up to 3 billion bits per second. At that rate, downloading a
typical HD movie would take about 30 seconds.
AMD Says Upcoming Carrizo Line Of APUs Will Offer Double-Digit Performance Increases While Cutting Power Requirements 40%
❯ Chip-maker AMD says its next line of APUs (accelerated processing units), code-
named "Carrizo," will offer significant power and performance benefits over its current
Kaveri line. Carrizo will pack about 29% more transistors (nearly 3.1 billion total) in
roughly the same size die as its predecessor and feature new cores under the name
"Excavator" that increase the number of instructions per clock cycle while decreasing
power requirements nearly 40%. Carrizo also provides increased support for HD dis-
plays including true 4K resolutions. The new power technology that AMD is rolling
out in Carrizo is called AVFS (adaptive voltage and frequency scaling). AMD says
AVFS checks for "droops," or transient drops in voltage, every few nanoseconds and
cuts power usage in the GPU by up to 10% and in the CPU up to 19% without af-
fecting performance.
ENERGY-CONSCIOUS TECH
Black phosphorus material (represented by red layers) combined with a sheet of graphene one atom thick (in black) may hold the key to speeding up communications in future electronic devices.
PHOT
O CO
URTE
SY: U
NIVE
RSIT
Y OF
MIN
NESO
TA C
OLLE
GEOF
SCI
ENCE
& E
NGIN
EERI
NG
34 April 2015 / www.cybertrend.com
Eiffel Tower Goes Green With Two Wind Turbine Installations
❯ The Eiffel Tower, one of the world's
most recognizable architectural struc-
tures, has a new set of wind turbines from
the Urban Green Energy company. The
two turbines, installed 400 feet above
ground, were painted to match the tower's
famous iron struts so they would blend
into the structure. They are expected
to produce about 10,000kWh of power
annually. The installation was part of a
project that included adding solar panels
to a visitor pavilion and installing new
heat pumps and a rainwater recovery
system, all in an effort to reduce the eco-
logical footprint of the tower as part of the
overall city of Paris Climate Plan.
Apple Commits $848 Million In Largest Commercial Solar Deal
❯ Apple has agreed to a 25-year arrange-
ment to purchase solar power from First
Solar's California Flats solar project.
The $848 million investment will pro-
vide Apple with 130MW (megawatts) of
power from the 280MW facility, with the
remaining 150MW to be sold to Pacific
Gas & Electric. First Solar said the Apple
purchase represents the largest agreement
to date in the solar industry to sell solar
power to a commercial entity.
The Shape Of Things To Come: Using Funnels To Capture Solar Energy Increases The Absorption Efficiency Of Solar Collectors
❯ Solar energy researchers the world over are continuing their push to improve
the effectiveness of solar power cells, and some are finding inspiration in unusual
areas. Researchers at the Max Planck Institute for the Science of Light examined
the funnel-like shape of concentrated cone cells in mammalian retinas and then
replicated the shape in a silicon substrate to see whether it would help increase
the effectiveness of solar power collectors. Professor Silke Christiansen and her re-
search team at MPL found that a layer of these "light funnels" was able to improve
the efficiency of light absorption by about 65% over other types of silicon collec-
tors. The initial results were so encouraging, researchers are now studying how to
economically create the funnel structures for larger solar cells. The team created
the funnels using the same sorts of manufacturing processes semiconductor com-
panies use, which should make it easier to commercialize the new technology.
Company Proposes Constructing Tidal Pools That Would Provide Renewable Power To The U.K.
❯ Tidal Lagoon Power has submitted a plan to authorities in the U.K. to build a
series of tidal pools that would generate eco-friendly power using tidal forces. The
company would first construct giant breakwater walls miles long to enclose a sec-
tion of water. In one part of the wall, they would install huge turbines and sluice
gates. The gates would be closed when tides begin, so that water outside the pool
would be higher than inside the pool. At a certain point, the sluice gates would
open, and the water rushing into the tidal pool would generate electrical power
via the turbines. When the water inside and outside the pool equalized, the sluice
gates would shut. As the tides ebbed, the water inside the pool would become
higher than the surrounding sea. Eventually the sluice gates would open again,
only this time the water would rush out from the pool back into the ocean, again
generating power via the turbines. The company says this arrangement means the
turbines would generate power four times daily, in a regular and dependable pat-
tern, with each pool generating hundreds of megawatts of energy. Authorities are
reviewing the plan now and if they approve, construction will begin this year.
Images from a scanning electron microscrope show how researchers at MPL (Max Planck Institute for the Science of Light) were able to create uniform funnel shapes in a silicon substrate using existing technologies.
The two turbines installed 400 feet up in the Eiffel Tower in Paris were painted to match the rest of the structure.
PHOT
O CO
URTE
SY: U
GE
PHO
TO C
OURT
ESY:
S. S
CHM
IDT
/ MPL
CyberTrend / April 2015 35
Keys To A Successful IT Reorganization HOW TO ACHIEVE YOUR GOALS WITHOUT ALIENATING YOUR WORKFORCE
ENTERPRISES UNDERGO staffing changes
on a near-constant basis, but there are
some unique instances where a complete
overhaul or reorganization is necessary to
ensure future success. Why do companies
go through reorganizations? What is that
process like? How can you make sure a
reorganization goes as smoothly as pos-
sible for the business and its employees? It
can be complicated and sometimes messy,
but if you plan well and keep lines of
communication open, you’ll have a much
higher chance for success.
Why Do Companies Reorganize? There are a variety of reasons why com-
panies decide to reorganize their work-
forces, whether that is one department
or the entire company. Reorganizations
are broken down into different types,
making it easier to understand why they
occur and how they impact business.
Andy Woyzbun, executive advisor at Info-
Tech Research Group, refers to the two
main types of reorganization: remodeling
and reconstruction. How you navigate
the process will all depend on which type
you choose.
Remodeling, Woyzbun says, is typi-
cally triggered because an employee left
the company, and you have to decide
“whether it makes sense to replace that in-
dividual, define a new job, or not fill that
position at all.” In that same vein, there
may be a situation where an employee
simply isn’t working out in his current
position and you have to decide whether
you want to let him go or move him to
another department. While both of these
scenarios are relatively small events in the
grand scheme of things for many larger
enterprises, they can have a ripple effect
that spreads through the entire company.
Reconstruction is a little bit different
from remodeling because it usually origi-
nates at the top of the organization rather
than at the employee level. There are mul-
tiple reasons why a company many deem
reconstruction is necessary, a few of which
include financial issues or pressure to
KEY POINTS
• Determine why you’re embarking on a reorganization and make sure the reason is something employees will understand.
• Avoid rumors by planning well ahead of time and not announcing plans until the right time.
• Understand that this process will affect every employee differently and that you’ll need a plan for com-municating with individuals that stay with the company.
• Make sure you have a way to measure success and determine whether you met your goals. This can be through measuring cost savings or by tracking employee productivity and behavior.
36 April 2015 / www.cybertrend.com
downsize. Another reason might be due
to a recent merger or acquisition and the
company needing to combine or consoli-
date workforces.
The third common driver for reorga-
nizations, according to Woyzbun, focuses
primarily on IT and “tends to be a per-
ception that the current organizational
structure is not suiting [the company]
well and it could be because technology
has changed.” This could be because the
company is moving to a more cloud-ori-
ented approach and is outsourcing certain
responsibilities or because the enterprise
needs to hire new employees that are “fa-
miliar with mobile technology as opposed
to the in-house stuff you’ve been doing
for years,” Woyzbun explains.
Ensure You Reorganize For The Right Reasons
An easy way to alienate your work-
force and completely crush employee
morale is to reorganize your business
just for the sake of shaking things up.
For example, Lily Mok, research vice
president at Gartner, says that when a
new CIO or head of IT comes into an or-
ganization he sometimes has the propen-
sity to make sure he leaves a legacy on
the company by making staffing changes
from the outset. While this is certainly
a way to make a lasting first impression,
some employees may become scared of
the new leadership or feel less loyal to
the company if they’re afraid their jobs
are in constant jeopardy.
For that reason, says Diane Berry, re-
search vice president at Gartner, it’s
important to take a softer approach to
this process. “We tell them to take a step
back,” she says. “Any significant reorga-
nization can have a profound impact on
your organization, so tread lightly. One
of the first questions I ask on any of these
organizational design calls is ‘Why are you
doing this?’ It’s a validation. Hopefully
they’re not doing it for politics or just to
do it.”
What are some of the right reasons
for going through a reorganization? It
ultimately depends on what your busi-
ness goals are and where you want to go
in the future. Mok says most companies
reorganize in response to a “strategic
directional change” as the company moves
forward with new technologies and pro-
cedures. For example, if your company is
going to embrace the cloud, you’ll want
employees that know how to manage SLAs
(service-level agreements) and understand
how that infrastructure works. “Improving
IT’s overall performance, efficiency, and
effectiveness will be the drivers behind ren-
ovating or overhauling the IT infrastruc-
ture,” Mok says. And you’ll need people
with the skill sets to operate and manage
that new infrastructure.
How To Perform A Successful Reorganization
Once you decide which reorganization
type best fits your needs—and determine
that it’s for the right reasons—you’ll need
to create a plan for educating employees,
one that also walks them through the ac-
tual restructuring process. You’ll want to
start with the actual reorganization and
figure out which worker will go where.
“The first thing is the thoroughness of
the planning process and recognition
of people’s strengths and weaknesses,”
says Woyzbun. “It’s one thing to decide
to move Joe to a new role and a dif-
ferent thing to know that Joe is going to
do a reasonable job or needs additional
training. There’s a comprehensiveness
you need to go through before you fi-
nalize the desired end state.”
From the business perspective, in terms
of keeping employees educated and up-
to-date, make sure you keep everything
secret until you pin down a specific plan.
Woyzbun says that the most destructive
force to following reorganization protocol
is rumor and innuendo. If you don’t stay
ahead of the rumors and let them build,
you could eventually have a frenzy on
your hands that leads to a drop in produc-
tivity as well as overall employee morale.
“We had an experience that I saw in an
organization [recently] where there was a
particular business unit whose head was
being moved from that particular unit to
a different role in the organization,” says
Woyzbun. “He mentioned to a group of
people who were not the employees of that
business unit that he was moving into this
particular role. Well, of course, word got
back to his employees who were dazed
Some people are going to be upset or disappointed and you need to be able to pick them out one by one and either have the top dog or their manager figure out ‘do I need to worry about this particular individual and spend more time with them or do I just assume this person is OK and move on?’”
ANDY WOYZBUNExecutive Advisor : Info-Tech Research Group
“Renovating is sometimes adding roles, and not necessar-ily tearing it down to the base and starting from scratch. Reorganizations could be various levels. In some cases improving efficiency could be to redefine the process oriented skill set required for people working in various functional silos so that they have the end-to-end account-ability for service level agreements. “
LILY MOKResearch Vice President : Gartner
CyberTrend / April 2015 37
and confused as to ‘what’s going to happen
to me?’ You have to keep this quiet and
secret, and then when you do announce it,
make sure that the information delay is as
assured as possible.”
The key is to understand that when
you plan to terminate people, every em-
ployee is going to react in a different way.
You have to gauge the potential reaction
of each affected individual and prepare
for “personalized hand holding” that may
need to occur, says Woyzbun. This is also
important for ensuring success after the
reorganization. “What you want, espe-
cially after a reorganization, is that people
feel reengaged,” he says. “Chances are if
you reorganize and don’t let people feel
that they’ve been communicated with or
they’re unclear about what they’re going
to be doing tomorrow, then the engage-
ment goes down and the performance goes
down. What you don’t want to do is create
any significant shock like that.”
Mok agrees that these are all key con-
cepts for performing a successful reorga-
nization and stresses just how important
communication is throughout the process.
“The communication of why we are doing
it, the change management strategy, and
how we transition from the current state
to the future state all need to be part of
the planning process,” she says. You can’t
constantly be in damage control mode and
try to fix issues after the fact. You have to
have a strong process in place for how you
keep employees in the loop about how the
reorganization will affect them.
“Communicate as quickly and with
as much transparency as you can,” says
Berry. “I’m a big advocate of the big bang
theory, as it makes sense to do it as swiftly
as possible, which means engaging HR, no
matter what level of maturity they are, up
front. They’ll play a very good tactical role.
I tell leaders to be very mindful of making
changes to job titles. I’m not saying
you don’t need to do that, but be very
mindful of the importance and impact of
that. People care about their job titles and
they really care about who they report to.
However you communicate each of those
types of changes, do it with sensitivity.”
Important Tasks For After The Reorganization
Even after the reorganization takes
place, there are still more jobs to be done.
In fact, Woyzbun says that “dealing with
people you’ve decided to terminate” is ac-
tually “the easy part” and “pretty straight-
forward” when compared with how you
handle the people who are still there. For
example, if you downsized your work-
force and built a smaller team, but the
same workload still exists, your employees
may question whether they can actually
get their work done on time in the same
way they did before.
There are also situations where a man-
ager is let go or moved to a different area
and her previous department is left in
limbo. This can be distressing for em-
ployees, because they aren’t sure to whom
they need to report to or go to for help.
You have to manage those relationships
carefully following a reorganization and
make sure that no employee feels ne-
glected or unsure of his new role in the
organization. “Those are things that need
to be thought through and planned,” says
Woyzbun. “You have to tell people what
this means to them in terms of a new
role and what some of the changes are
that might impact them, [such as] people
disappearing or people being added. You
have to be able to communicate that
clearly to every one of the employees.”
How To Measure SuccessOnce the reorganization is complete,
you’ll want to start watching for when
you reach the goals you set forth when
you decided to reorganize your company.
This means figuring out how to measure
results. In some situations, this is a rela-
tively simple task, especially if your only
goal was to save money, because you can
compare financials from before the reor-
ganization. Where Woyzbun says metrics
are actually needed is in the case of mea-
suring IT productivity after the reorga-
nization. He says it’s important to make
sure that the ability for IT to do its job
was not impaired by the changes, espe-
cially in “situations of significant down-
sizing.” An example would be reducing
the amount of people working your help
desk. After the reorganization, are you
still able to field the same number of calls
and solve issues in a timely manner?
Another key thing to track, in addition
to financials and productivity, is employee
behavior. “When you change people’s
roles, they need to acquire different knowl-
edge and skill sets,” says Mok. “Are they
acquiring these skills at the expected rate?
How quickly will they be up to speed to be
proficient in those new roles? Those will be
measured at the individual level. Certainly
productivity, performance, and overall en-
gagement level are key measures at the
organizational level to see whether we’re
maintaining or improving our operational
efficiencies and performance goals that
we’ve set out. It’s important to perform
a current state assessment and establish
a baseline before you implement a new
model, so that you can compare.”
“Make sure you look for areas of vulnerability when going through this process and find the people you really don’t want to lose. . . . Don’t assume that Suzy and Joe and all of those great people know [the company has] a place for them. Have those important conversations. . . . the longer you dilly dally with this kind of stuff, the longer it will impact the morale and productivity no matter how much you communicate. You just want to keep it as minimal as you can.”
DIANE BERRYResearch Vice President : Gartner
38 April 2015 / www.cybertrend.com
MOST EXECUTIVES HAVE HEARD of
SDDC (software-defined data center) and
know it’s touted as the data center’s fu-
ture. Many know the enhanced flexibility,
agility, and scalability a SDDC can offer
over a traditional data center promises to
translate into all types of business-specific
positives. What many executives don’t
know, however, is exactly what a SDDC
entails in terms of core components and
functionality. That’s partially due to con-
fusion, disagreement, and vendor hype
surrounding SDDC. The following aims
to provide a clearer picture.
The ElementsOne roadblock to arriving at a uni-
versal definition of SDDC is that vendors
with an interest in SDDCs tend to attach
unique descriptions to the term. Tony
Lock, Freeform Dynamics distinguished
analyst, says this includes nicely fitting
definitions to their existing or planned
products. Similar to many others, Lock
views a SDDC as IT infrastructure in
Step Into Tomorrow’s Data Center THE CORE COMPONENTS OF A SOFTWARE-DEFINED DATA CENTER
which servers, storage, and network con-
nectivity can be altered dynamically ac-
cording to changing requirements and
business service levels. Notably, these
changes occur “without having to get out
and move things by hand,” he says.
Conceptually, SDDC is often presented
as physical IT infrastructure that’s vir-
tualized and offered as a service. Rather
than manually provisioning components,
moving servers, changing cables, etc.,
configuration and control occurs through
policy-based automation via software.
Thus, a SDDC offers the ability to easily
change resources allocated to services/
applications based on what’s needed pres-
ently. “It’s about making things far more
flexible,” Lock says.
Greg Schulz, Server and StorageIO
founder, says the different benefits of
virtualizing “are sort of the core tenets
around software-defined aspects.” While
many people see “software-defined” as
being about consolidating and stacking
virtual machines, he says, it’s also about
redefining hardware and software such
that there’s an ability to move applica-
tions around more flexibly, make service
delivery more responsive, and respond to
new requests faster and with more capa-
bility. “You still need hardware, but how
much you need and how you use it, that
equation starts to change,” he says.
John Sloan, Info-Tech Research Group
director, says that technically SDDC
concerns the logical abstraction and or-
chestration of physical infrastructure
components. What this really means is
“standardization and commodification of
the hardware is finally reaching an end
game,” he says. This started with virtual-
ization of industry-standard x86 proces-
sors, but similar abstraction of network
and storage resources is “about to drop,”
Sloan says. “The fundamental principal is
that management of the data center ser-
vices, servers, network addresses, storage
volumes is done as a logical abstrac-
tion,” he says. “In the SDDC, hardware is
not physically differentiated. Hardware is
CyberTrend / April 2015 39
capacity. By adding more disks or proces-
sors or switches, you add more capacity to
the pool.”
The BenefitsThe general theory is that a SDDC
enables delivering greater flexibility and
better service quality to more services
with fewer physical resources, thus pro-
viding a cost benefit. Speed is another
noteworthy benefit, particularly from
a business perspective. Years ago, says
Donna Scott, Gartner vice president and
distinguished analyst, provisioning IT in-
frastructure for new projects could take
months. Enterprises with virtualization
and some standardization in place can
now do this much quicker, but “there’s
still a problem in terms of bringing it
down to the minute or hour”—something
CEOs will increasingly demand in the
future to drive new business initiatives,
Scott says. “The data center has just been
too static in the past,” she adds.
Beyond speed, SDDC promises to
provide IT more time to spend on the
business. “The typical infrastructure and
operations group does a lot of manual
things,” Scott says. “What they’re really
trying to get to is ‘How can I do every-
thing in an automated and policy-based
way so that I can give more time to my
CEO and lines of businesses to grow the
business?’” Thus, SDDC is also about im-
proving internal processes to free up time
and resources.
For Lock, SDDC’s core benefit is the
potential to flexibly respond to changing
workloads without having to greatly over-
provision upfront the physical resources
each service uses. Instead, an organiza-
tion could configure a SDDC to operate
in an automatic fashion where physical
IT resources (CPU cycles, storage, and
networking) are allocated without physi-
cally reconnecting anything. Lock points
out this does require that security, data
protection, disaster recovery, and other
associated services all work in tandem
more fluidly than previously.
Both Lock and Schulz stress that SDDC
depends on strong management tools.
Schulz says any customer speaking with
a vendor about SDDC should specifically
ask the vendor what it’s doing, what it’s
enabling in terms of management, and
what its capabilities are.
The automation aspect of a SDDC,
meanwhile, necessitates a SDDC has effec-
tive policies implemented through which
resource allocation occurs, Lock says, be-
cause it’s highly unlikely any SDDC will
have limitless resources on hand, even
if connecting to a public cloud outside
the data center. To date, Lock says it’s
clear that an idealized SDDC of this na-
ture hasn’t been realized, “especially if we
look at the huge variety of services being
run today in data centers and the range of
hardware solutions already deployed.”
The Big Picture A noteworthy challenge that Roy
Illsley, Ovum principal analyst, cites
concerning SDDC is that rather than in-
volving just one technology, it entails sev-
eral coming together, with each currently
residing at different maturity levels. Illsley
sees the management tying these technol-
ogies together as the final piece of SDDC
that technology vendors are now working
on. As various SDDC components are
at different degrees of production-readi-
ness, CIOs should ensure any move to a
software-defined approach incorporates
the right technology and vendors and is
executed for appropriate use cases.
Lock says there are numerous steps
involved in transitioning to a SDDC,
including from the underlying hard-
ware platforms, the virtualization, and
management tools on through to sig-
nificant modifications to data center
operational processes. “Other matters
must also be modified, including poten-
tially how data centers are budgeted and
how resource contention conflicts are
handled. These are business decisions,
not choices made by IT,” he says.
Transitioning to an SDDC may also
pose employee-related challenges for
organizations, including jobs changing.
Thus, Scott says, enterprises must re-
member the SDDC movement is about
meeting business-growth requirements
and how to use employees’ skills at a
higher value to the organization. “It’s not
like there’s a desire to cut out that net-
work guy’s job. The desire is to put what
he knows in policy so it can just run,”
she says. “So that smart guy who works
for the company that knows the business
and can help grow the business can be
put to better use. That’s why this move-
ment exists.”
From a training perspective, Sloan says
the main challenges with SDDC are the
same as those for convergence in gen-
eral. “With increased automation and or-
chestration comes less need for touching
the hardware. There’s also less need for
silo specialty—storage administrators,
network administrators, etc.—and more
need to be able to manage end-to-end ser-
vices,” he says. “One of the impediments
to greater software-defined networking
adoption has been resistance from tradi-
tional network admins,” he says.
"In the SDDC, hardware is not physically differentiated. Hardware is capacity. By adding more disks or processors or switches, you add more capacity to the pool."
JOHN SLOANDirector : Info-Tech Research Group
“Other matters must also be modified, including potentially how data centers are budgeted and how resource contention conflicts are handled. These are business decisions, not choices made by IT.”
TONY LOCKDistinguished Analyst : Freeform Dynamics
40 April 2015 / www.cybertrend.com
WHOLE CHICKENTecumseh Farms Smart Chicken® is truly the most natural chicken in the United States. All Tecumseh Farms products are raised without the use of animal by-products, antibiotics, or hormones, are 100% all-natural, and are processed using purified cold air instead of adding non-potable water—that’s the air-chilled difference.
WWW.SMARTCHICKEN.COM
You Can’t Afford A Bad NetworkDEMANDS WILL ONLY CONTINUE TO GROW, SO MAKE SURE YOU START PREPARING NOW
MOST COMPANIES THESE days have
strong and capable WANs (wide-
area networks) in place to handle the
day-to-day rigors of a bustling office
environment. But when it comes to in-
troducing technologies such as hybrid
cloud computing, or when simply con-
sidering the sheer number of network-
enabled devices out there fighting for
bandwidth, you might find that your
network is bumping up against max-
imum capacity much more quickly
than you imagined.
As companies move an increasing
number of workloads offsite and as
hardware and software solutions de-
mand larger quantities of bandwidth
and network resources, this problem
is only going to grow. For that reason,
you need to start preparing now for
where you want your network to be in
the future, otherwise you could end
up in the troubling position of playing
catch-up with the needs of your cus-
tomers and employees.
Spot The Signs Of An Overtaxed Network
Before you can start deciding how
much capacity you’ll need in the fu-
ture, you need to first understand
what your limitations are right now.
Network issues can manifest themselves
in a number of ways, but one of the
most common issues comes from ap-
plications performing poorly. Andrew
Lerner, research director at Gartner,
says that application performance is-
sues often arise in remote offices, espe-
cially when they are international. For
example, a SaaS (software as a service)
application perform perfectly in your
Dallas and San Francisco offices, but
just chug along in Singapore. “That’s
just the nature of increased latency,”
Lerner says.
Lerner says that newer technolo-
gies, including cloud computing, can
also cause problems for networks and
overall performance. “Traditionally, ap-
plications are run out of the data center
KEY POINTS
• Make sure you’re able to spot the tell-tale signs that your network is overtaxed and be proactive in ad-dressing networking issues.
• Keep your users and applications in mind when designing your net-work and don’t work in a vacuum or you could end up running into preventable issues in the future.
• Consider building a hybrid WAN so you can have multiple network connections in play depending on the use case.
• WAN orchestration tools can help you better manage your network and granularly decide which ap-plications run on which connections for the best possible performance.
42 April 2015 / www.cybertrend.com
and then the WAN is designed to de-
liver traffic from a remote branch to a
data center,” he says. “Now, when you
move the application out of the data
center into a cloud provider, it changes
the equation. In networking, you cannot
overcome the speed of light, so if you
add hundreds or thousands of miles be-
tween users and their applications, you
can have poor performance as a result.”
In addition to finding specific issues
in your network infrastructure, you can
also get a feeling of just how well or
poorly your network is performing by
talking to your users. Andre Kindness,
principal analyst at Forrester Research,
says the key to determining the state
of your network and figuring out how
to fix it is to speak to customers and
employees. “You have to base it on the
employee experience and the way you
can do that is with the amount of tickets
coming in for it, or set up metrics,” he
says. “But it fundamentally goes back to
the customer or employee experience.
That should be No. 1, and it should be
the first place people go to.”
Be More Proactive In How You Solve Networking Issues
Another concept network administra-
tors need to embrace is being proactive,
in general but also just in terms of re-
sponding to and solving network issues.
This is where network monitoring tools
come into play, which are solutions com-
panies don’t focus on enough, according
to Kindness. “Typically, your fallback po-
sition is if you are having a lot of tickets
coming in or if the business is com-
plaining, then you start using monitoring
and testing tools,” he says. “The problem
is that people always do it afterward, but
monitoring money should be spent equal
to what you spend on infrastructure or
other things. You need to have a lot of
good information about what goes on so
you can solve the problems.”
Kindness offers up the example of a
university that developed a unique ap-
plication that not only offers information
about the school, but also gives users a
conduit from which they can send tech-
nical service tickets directly to networking
teams. If a user is experiencing a spotty
connection or poor performance, he can
report it. At that time, the app sends the
information directly to the networking
department and monitoring is automati-
cally increased in that specific area. Using
the app, network administrators can
gather data about what the user was doing
at the time of the incident and where they
were in the facility. Imagine being able to
pinpoint dead zones in your office or your
data center using a similar application.
It could drastically reduce the amount of
time it takes to solve networking issues
and give users the support they need.
Be Mindful When Upgrading Or Reconfiguring Your Network
Something else you need to consider
once you actually start retooling your
network is how important it is not to
design in a vacuum. Lerner says no
matter how much it seems like common
sense, network administrators don’t pay
enough attention to where applications
and users are when designing the net-
work. But if you keep those facts in mind
throughout the process, you can plan out
your capacity and coverage accordingly
to avoid potential issues in the future.
“We like to call it right-sizing,” says
Lerner. “The first step to right-sizing is
figuring out where your users and ap-
plication are. Don’t just upgrade your
MPLS [Multiprotocol Label Switching]
network to add bandwidth to it. Take
a step back. Maybe you don’t need to
add bandwidth to your MPLS network;
maybe you need to deploy Internet to
your branches. It’s really grassroots. Start
with your user community and the ap-
plications you’re running and take out
a map. That’s step one. It sounds like
common sense, but you’d be surprised
how many people don’t do it.”
Prepare Your Network Now For Future Growth
In the same way you need to be pro-
active when handling network per-
formance issues, you also need to be
proactive when designing and planning
out your network. The key to doing this
successfully, according to Kindness, is to
get networking people involved early in
the process whenever a new technology
is implemented. He says that networking
people assume they are involved on proj-
ects from the start 89% of the time, when
in fact, app developers only tend to in-
volve them in the process from the very
beginning 50% of the time. This creates a
major disconnect between teams and can
lead to poor planning and execution.
“What we recommend is that net-
working people get out in front of it and
market themselves,” says Kindness. “You
have to have a mind set that you under-
stand and are embedded in the busi-
ness. It’s more than just a network. It’s
understanding what customers do at a
retail site as a networking professional.
“The way to orchestrate that today is using scripting, manual CLI [command line interface]-based configura-tions, which is not that easy and is difficult to scale. You have a bunch of players out there that are focused on WAN orchestration to make that much easier to do to . . . . Instead of . . . IPs, ports, and CLI, they basically give you a GUI so you can drag and drop YouTube. It’s a combina-tion of workflow, centralized intelligence and visibility, and automated changes to keep up with the application requirements. That’s where orchestration would fit in.”
ANDREW LERNERResearch Director : Gartner
CyberTrend / April 2015 43
You have to work with the GM at the site
and the developers creating an app for
the retail store. Part of the networking
job is being part of that business team
out there, and helping set the overall
strategy or direction of IT, and not come
in afterward. Engaging and working with
the end user is typically not done, but it
should be done in today’s world.”
When it comes to actually imple-
menting new networking approaches to
be able to meet capacity requirements
and user demand, Lerner recommends
looking into hybrid WAN layouts.
Hybrid WAN is a combination of an
MPLS connection, which is usually the
primary network for a data center and
business-critical applications, and the
Internet, which is used for almost every-
thing else. With hybrid WAN, you can
decide whether an MPLS connection or
regular Internet connection is a better fit
for a specific site and make sure perfor-
mance will always on par.
Hybrid WANs are important to con-
sider also because they can help you
save money. “People are building hybrid
networks and optimizing the speed, la-
tency, and bandwidth out to their SaaS
applications and IaaS (infrastructure as
a service) cloud locations as well as to
their corporate data center,” says Lerner.
“That’s not just for application perfor-
mance, because it’s cost optimization as
well. In North America, a T1 connec-
tion is $250 to $300 a month vs. getting
residential broadband at 50Mbps for $70
a month. That’s a hard conversation to
have with your CEO, CFO, or CIO to
justify the existence of MPLS, because
the price per megabyte is just so much
higher than consumer Internet. People
need a way to bridge those two together
and hybrid WAN is the current trend.”
Lerner also envisions a future where
companies don’t have to centralize
all of their network traffic at the data
center, but can actually just focus on
connecting the home office or remote
sites directly to the colocation facility
that hosts a given SaaS application. He
says there are somewhere between 50
and 200 shared-location data centers
out there that many major SaaS vendors
use to host their applications, so in the
future you might be able to connect di-
rectly to that facility for the lowest pos-
sible latency. “That’s a very early-stage
trend and not many people are doing
that, probably less than one-tenth of
1%, but it’s an early indicator of the way
people might start to think about their
WANs in the future,” Lerner says.
Take Advantage Of WAN Orchestration Technologies
Once you have all of these net-
working pipelines in place, you need a
way to manage them and route traffic
for specific applications. That’s where
WAN orchestration solutions come
into play. Using the hybrid WAN
model as a baseline, for example, you
can decide that you want your CRM
system to run on MPLS while appli-
cations such as YouTube run on the
Internet connection. Then, if the MPLS
fails, you want the CRM system to
move over to the Internet and take pre-
cedence over YouTube.
Lerner says that “granular policies”
like these were much more difficult in
the past, but are more manageable now
because of WAN orchestration. And
the great thing about WAN orchestra-
tion solutions is that they are coming
from startups and newer vendors as well
as well-established “incumbents,” says
Lerner, so you should have plenty of op-
tions to choose from.
The interesting thing about hybrid
WAN and the idea of a two-lane net-
work highway is that most companies
already have those MPLS and Internet
connections in place, but use one as a
backup in case the other fails. Kindness
says that in a perfect world, companies
with this setup are wasting 50% of their
potential capacity, but in the real world,
companies are already underutilizing
their network connections so much that
they may only be using as much as 11%
of their primary network connection,
let alone the backup lane sitting there
entirely unused.
“At any one time, you’re not using all
of the capacity,” says Kindness. “You’re
only using about 11%, which is ridicu-
lous. You can actually make both pipes
smaller. If you have the ability to flip
back and forth, you can optimize both
of them and make the links smaller, be-
cause combined together, both links are
for my worst-case scenario. But indi-
vidually,” he adds, “they can be smaller
than what I have today and I can le-
verage both of them.”
Once you start looking at those pipe-
lines as two active connections rather
than one active and one backup, you
can take advantage of WAN orches-
tration and other helpful tools. In es-
sence, you can pick and choose which
applications run on which networks to
find perfect matches, such as putting
YouTube or SaaS-based application
on the Internet rather than the MPLS.
“Those examples right there could save
a lot of money and improve the user
experience,” says Kindness. “If you
don’t have recreational traffic on the
link going back to the data center, then
you’re freeing up more bandwidth for
the critical business apps.”
“Typically, your fallback position is if you are having a lot of tickets coming in or the business complaining, then you start using monitoring and testing tools. The problem is that people always do it afterward, but monitoring money should be spent equal to what you spend on infrastructure or other things. You need to have a lot of good information about what goes on so you can solve the problems.”
ANDRE KINDNESSPrincipal Analyst : Forrester Research
44 April 2015 / www.cybertrend.com
STAY AHEAD OF THE CURVE
Missing CyberTrend when
you’re on the go? View or
download the digital edition at
www.cybertrend.com to get up
to speed on the latest technol-
ogy news and information about
products for your company.
Understand Custom Malware HOW TO AVOID PAINTING A TARGET ON YOUR BACK
THOSE OF US WHO consider ourselves
fairly tech savvy don’t typically ascribe
much intelligence to the malware du
jour making headlines and fattening cy-
bercriminals’ wallets. We tell ourselves
that common sense and a sound secu-
rity strategy are all that is necessary to
keep us and our organizations from be-
coming the low-hanging fruit that mal-
ware is so adept at plucking. But smart
malware that favors a methodical and
selective approach over casting a wide
net using click-here-for-nude-photos
phishing tactics not only exist, but it’s
getting smarter everyday. Custom mal-
ware is the laser-guided missile of the
malicious software universe; most ev-
erything else is just carpet bombing.
This relatively new weapon is ca-
pable of infiltrating secure systems and
phoning home camera feeds, activity
logs, key strokes, and screenshots that
enable dedicated cybercriminals to suss
out the chinks in any organization’s
armor. Such deep-cover malware is
tailor made for the long con and a big
score, and it has already shown just how
effective it can be at fleecing some of
the most secure financial institutions in
the world.
Custom malware is a broad term for
a kind of malicious software that is de-
signed to lock in on a limited number
of target systems and open a backdoor
communication channel between ad-
ministrative systems and the hackers,
all without arousing suspicion or setting
off any alarms. These attacks typically
become evident only after the crooks
have made a clean getaway, and by
then, the breached institutions are often
looking at lost funds, destroyed equip-
ment, and priceless sensitive informa-
tion gone.
A Foot In The DoorDodi Glenn, ThreatTrack Security
senior director of security intelligence
states, “Oftentimes, you’l l see the
hacker use a ‘regular’ piece of malware
KEY POINTS
• Custom malware attacks are a more targeted form of hack that has the potential to do a signifi-cant amount of damage.
• Although a relatively new type of threat, custom malware at-tacks typically use traditional phishing techniques.
• Sometimes custom malware attacks are engineered or aided by a disgruntled current or former employee or client, but this is not always the case.
• Be proactive by educating your employees about how to avoid threats and performing network penetration testing.
46 April 2015 / www.cybertrend.com
to get a foothold into the organization.
For example, they’ll get someone to in-
stall a backdoor on their work machine.
From there, they bounce around using
the victim’s username and password.”
The email recipients or infected web-
site visitors are usually people in sensi-
tive positions at the target company,
often those with administrative rights
and access to other key systems. Glenn
elaborates, “Once [cybercriminals] get
access, they start looking for additional
pieces of information that will lead to
a better and longer attack. What they
learn can lead to helping them con-
struct custom malware to exploit spe-
cific systems or access/steal data while
avoiding detection.”
Custom malware attacks often em-
ploy social engineering tactics, which
rely on human-to-human interaction to
obtain key details about the target and
security systems. One example of a so-
cial engineering attack might involve a
cybercriminal calling a network admin-
istrator for a large corporation, claiming
to be an executive on the road in des-
perate need of immediate access to a
secure internal system. By appealing to
the victim’s natural desire to be helpful
or by offering a promotion or an im-
mediate pay raise in return for agreeing
to bend the rules, the cybercriminal can
subvert numerous security measures in
very short order.
The HeistsOne recent custom malware at-
tack reported by Symantec referenced
a large banking institution’s recent
breach. Instead of attacking the finan-
cial institution directly, scammers man-
aged to spoof an email from a golf club
that many of the firm’s executives fre-
quent. When the executives opened the
PDF file detailing some upcoming golf
tournaments, more than a dozen dif-
ferent bits of malware were installed
on their systems. Without violating a
single security policy, those executives
exposed the company to some very
nasty new customers.
The cybersecurity firm Kaspersky
Lab recently detailed a two-year-long
breach involving more than 100 banks
in 30 countries, and the estimated take
was more than $300 million. Because
not all financial institutions that were
hacked are reporting the amounts of
the losses, some experts believe that
the figure could be as high as $1 bil-
lion. It was a simple email phishing
scam that installed the malware, which,
Kaspersky has dubbed Carbanak, on
the key systems. From there, the cy-
bercriminals observed the day-to-day
activities of the employees who handle
account transfers and perform book-
keeping; and obtained video footage
and sti l l images that helped them
plan how, when, and where to strike.
Based on the data they gathered, the
thieves knew that account balances
were checked at specific times of the
day, and by artificially inflating and
then transferring the excess amounts
from accounts between those balance
checks, they were able to make it look
like the numbers changed very little if
at all. The criminals also managed to
get ATMs to dispense cash at specific
times and places. One banking client
reported that $7.3 million was nabbed
this way.
The U.S. health care insurer Anthem
recently reported that 80 mil l ion
current and former customer and
employee records went missing, in-
cluding names, birth dates, and Social
Security numbers. The cybersecurity
firm brought in to manage the crisis
said that the cybercriminals who per-
petrated the breach used a form of
custom malware.
Other high-profile corporations that
have been victimized by custom mal-
ware in recent months include Home
Depot, JPMorgan Chase, Sony Pictures,
and Target. But cold hard cash and data
that can be sold on the black market
aren’t the only objectives for cyber-
criminals wielding custom malware,
some are using the unique malware to
perpetrate various kinds of espionage.
The Associated Press reports that the
State Department’s unclassified email
system came under a custom malware
attack late last year.
Custom Malware’s ForerunnerOne of the earliest examples of
a highly specialize malware designed
to perform lasers-precise at tacks
was Stuxnet, which was blamed for
“Oftentimes, you’ll see the hacker use a ‘regular’ piece of malware to get a foothold into the organiza-tion . . . . Once [cybercriminals] get access, they start looking for additional pieces of information that will lead to a better and longer attack. What they learn can lead to helping them construct custom malware to exploit specific systems or access/steal data while avoiding detection.”
DODI GLENNSenior Director Of Security Intelligence : ThreatTrack Security
CUSTOM MALWARE ATTACKS OFTEN EMPLOY SOCIAL ENGINEERING TACTICS, WHICH RELY ON HUMAN-TO-HUMAN INTERACTION TO OBTAIN KEY DETAILS ABOUT THE TARGET AND SECURITY SYSTEMS.
CyberTrend / April 2015 47
wreaking havoc on Iran’s nuclear en-
richment plans in mid-2010. A multi-
part attack originally delivered via an
infected USB drive, Stuxnet consisted
of a worm that was capable of hijacking
industrial systems, a link file that issued
commands to the copies of the worm,
and a rootkit designed to mask the mal-
ware’s behavior and keep it hidden for
as long as possible.
Stuxnet, like the forms of custom
malware we’re hearing so much about
lately, was designed to remain dor-
mant on the infected systems that
didn’t meet certain prerequisites. On
the other hand, the malicious soft-
ware became active on any system that
was running a Microsoft Windows
operating system and also featured
Siemens Step7 software, which was
used to manage the programmable
logic controllers of Iran’s nuclear cen-
trifuges. Whenever a dormant system
suddenly met Stuxnet’s attack criteria,
the malware would wake up and begin
causing trouble.
Although Stuxnet started out as a cy-
berattack targeting Iran’s nuclear pro-
gram, it has since turned up all over
the world. Some experts believe that it
has been reverse engineered to become
active under different circumstances.
Furthermore, the strategies it used to
propagate and cause damage have been
used to attack other targets, including
some that may have been friendly to the
interests of the group behind the devel-
opment of Stuxnet.
Tracking Down The HackersOne of the reasons custom malware
has such a sneaky reputation is due
to the fact that many attacks benefit
from insider information, either from a
former or current employee or a client
who knows intimate details about the
organization’s security operations.
Oftentimes an organization that has
been hit in all the right (or wrong)
places at just the right (or wrong)
times will be inclined to assume that
an insider is indeed responsible, which
subsequently shortens the list of poten-
tial culprits.
According to Glenn, however, it’s
important not to put too much stock
in the “inside job” theory before you
have hard evidence that this is the case.
“[The presence of custom malware] in-
dicates that the person(s) behind the
attack know something specific to the
company they are targeting.” And that
information is just as likely to come
to the crooks via the backdoor com-
munication channel established by
the hack as it is to have come from a
current or former employee or client.
Furthermore, cybercriminals using
such sophisticated attacks are no doubt
happy to misdirect a subsequent inves-
tigation by making the attack look like
it originated from within the enterprise.
Hack YourselfGlenn suggests that penetration
testing can be an excellent proactive
measure. “Simple [penetration] testing
could reveal a lot about a company.”
This entails hiring security experts that
are familiar with cybercriminal tactics
to stage an attack on the network in an
attempt to expose security holes.
Because custom malware needs to
get that initial foot in the door using
traditional malware, training employees
how to avoid exposing the organiza-
tion is key. Glenn suggests that edu-
cation is the best way to “prevent the
employees from being the gateway
into the company.” This includes de-
scribing common social engineering
techniques and how to recognize suspi-
cious emails, websites and URLs. “Keep
machines on the network updated, an-
tivirus signatures updated, and ensure
that best practice security measures are
followed. It is also important that firm-
ware updates are applied to appliances,
such as hardware-based firewalls.”
In addition to using penetration
testing to audit systems, Glenn high-
l ights the importance of audit ing
employees, as well, “by doing staged
phishing/targeted attacks.” Although
custom malware sounds like a night-
mare for any organization, it is pos-
sible to fight back, and doing so can
effectively prevent virtually all types of
malware attacks.
BECAUSE CUSTOM MALWARE NEEDS TO GET THAT INITIAL FOOT IN THE DOOR USING TRADITIONAL MALWARE, TRAINING EMPLOYEES HOW TO AVOID EXPOSING THE ORGANIZATION IS KEY.
Custom malware attacks often begin with a typical phishing scam.
48 April 2015 / www.cybertrend.com
IF YOUR BUSINESS WORKS with payment
cards, you are undoubtedly familiar with
PCI (Payment Card Industry) DSS (Data
Security Standard), a set of information se-
curity requirements enforced by major credit
card merchants such as American Express,
Discover, MasterCard, and Visa. By fol-
lowing PCI DSS, your business is sure to
exercise the recommended practices and
security controls and thereby reduce the
chance of credit card exposure. In late 2013,
the PCI Security Standards Council pub-
lished PCI DSS 3.0, which would be active
Jan. 1, 2014 through Dec. 31, 2017; version
2.0 remained active through the end of 2014.
If your business only recently made
the transition to the newer standard, you
likely noticed some new business processes
and practices. If your organization was
caught off guard by the change, you might
be surprised by the new mandatory prac-
tices. “Significant changes to the definition
of scope and certain security controls in
the new standard mean some businesses
have more heavy lifting to do than in
New Payment Security Standard WHAT YOU NEED TO KNOW ABOUT PCI DSS 3.0
years past,” says Michael Aminzade, vice
president of global compliance and risk ser-
vices at Trustwave. Here, we explore what
you can expect with PCI DSS 3.0.
From 2.0 To 3.0Part of the focus with PCI DSS 3.0 is to
help organizations make payment security a
part of everyday work. Laura Johnson, com-
munications manager for the PCI Security
Standards Council, says “PCI DSS 3.0 helps
organizations focus on security, not compli-
ance, by making payment security business-
as-usual.” PCI DSS 3.0 also sets clearer goals,
and more detailed terms help ensure busi-
nesses know what exactly constitutes compli-
ance. “The updates are based on feedback
from the market on what they’d like to see in
the standard, as well as in response to what
we see in breach reports,” says Johnson.
PCI DSS is based on 12 core require-
ments and fundamental principles. With
PCI DSS 3.0, the PCI Security Standards
Council added new sub-requirements to
reinforce the key areas of focus. Some key
examples include: “Requirement 8.4 covers
password education for users and require-
ment 9.9 comprises training and education
around POS security.” The raised sub re-
quirements help businesses monitor effec-
tiveness and maintain compliance.
There are also some critical changes
to note. “To help strengthen security
among third-party service providers, the
PCI DSS 3.0 requires all providers clearly
articulate which PCI DSS controls they
will address and which are left to the mer-
chant,” says Aminzade. “The change pro-
vides more transparency for merchants
so that they can make educated decisions
when working with an external partner.”
Another new requirement involving third-
party service providers are unique pass-
words for each merchant that remotely
connects to the business, with PCI DSS 3.0
calling for two-factor authentication.
PCI DSS 3.0 also has provisions to im-
prove security. James McCloskey, Info-
Tech Research Group director, advisory
services for security and risk, says “New
CyberTrend / April 2015 49
requirements under section 1.1 clarify
what a network diagram must include, and
then, add the requirement for a cardholder
data to the flow diagram.” The new re-
quirement helps to reduce the risk of PCI-
relevant and network components going
under the radar. “By meeting the require-
ment, organizations can work to imple-
ment appropriate controls for each and
every in-scope element of their network,”
McCloskey adds.
Data Breach PreventionPerforming risk assessment, of course,
is an important step in data breach secu-
rity. With PCI DSS 3.0, penetration testing
requirements are more stringent. “When
conducting penetration tests, merchants
or whoever is performing the test, will
have to follow an industry framework,”
says Aminzade. “The standard also man-
dates tester independence meaning the
person who tests the system cannot be the
same individual person who manages or
administers the system.”
Many of the sub-requirements we men-
tioned previously will also help protect
customer data. Johnson says, “Breach re-
ports over and over have pointed to lack of
education and awareness, weak passwords
and authentication challenges, third-party
security challenges, slow self-detection in
response to malware and other threats as
leading causes for compromise.” Echoing
those thought, Aminzade says, “The
bottom line is that businesses need to un-
derstand security first, so that they inher-
ently are in compliance with the PCI DSS.”
Small-Business ImpactThe additional guidance for PCI DSS 3.0
requirements is ideal for small businesses.
“It helps organizations that perhaps don’t
have an established security department to
understand the security objectives behind
the requirements,” says Johnson. “We are
looking to provide additional guidance to
help small merchants understand where to
begin to secure their payment card data,”
she adds. The PCI Security Standards
Council will soon launch a task force to
address small-business security concerns,
as well.
Aminzade provides an example of the
type of improved transparency you’ll see
in PCI DSS 3.0. “The standard includes
more stringent legal contract requirements
aimed at third-party providers,” he says. “It
requires all providers to clearly articulate
which PCI 3.0 controls they will address
and which are left to the business.” When
working with a third party, you can ref-
erence the legal contract requirements to
make more educated decisions.
Big BusinessesEnterprises and large organizations must
often use a multilayered approach to secu-
rity, because doing so localizes the impact
if one security element becomes compro-
mised. “PCI Standards provide layers
of defense to ensure businesses can prevent,
defend, and detect attacks on their systems,”
says Johnson. Any extra security layers will
also face extra scrutiny. Aminzade says “If
a merchant uses segmentation to reduce the
scope of their cardholder data environment,
it must now penetration test the segmenta-
tion boundaries to prove isolation from the
card data environment.”
Large enterprises will also want to talk
with key personnel about using strong
passwords and avoiding phishing links,
and cover why they should never share
company information on social or public
platforms. “A daily coordinated focus on
maintaining these controls provides a
strong defense against data compromise,”
says Johnson. Besides personnel, PCI DSS
3.0 recommends that you regularly check
the security of your hardware. “POS de-
vices will now need to be inspected on
a periodic basis to make sure they have
not been infected or had skimming device
fitted to capture payment card details,”
Aminzade explains.
Focus On Security, Not Compliance
“The changes in PCI DSS 3.0 are a
step in that security-first direction,” says
Aminzade. “They all will help strengthen
organizations’ security programs; however,
businesses cannot look at compliance as the
end-goal for data protection.” PCI DSS 3.0
does cover a lot of ground, though, in terms
of organization security. For example, topics
for requirements include risk assessment,
continuous vulnerability scanning, testing
incident response, and proper management
of security programs, just to name a few.
With such a variety of security categories,
you might need help from a third-party
expert to meet the requirements. “If busi-
nesses struggle with a lack of manpower
and resources in-house to make sure their
security controls and services are working
properly, they should augment their staff
and partner with a third-party team of ex-
perts whose sole responsibility is to protect
their information,” says Aminzade.
Johnson also wants us to remember that
compliance isn’t about just passing the an-
nual audio. “It’s about ongoing vigilance
and multiple layers that address people, pro-
cess, and technology,” she says, “We have
to shift from a compliance mind set to a
prioritized risk-based approach that’s built
into the organizational DNA.” PCI DSS 3.0
is the foundation on which you’ll build the
risk-based security posture.
The PCI Security Standards Council indicates that education and policy enforcement can help to prevent attacks.
“The updates are based on feedback from the market on what they’d like to see in the standard, as well as in response to what we see in breach reports.”
LAURA JOHNSONCommunications Manager : PCI Security Standards Council
50 April 2015 / www.cybertrend.com
Certified Piedmontese® beef tastes great: lean and tender, juicy and delicious.
But there’s more to it than just flavor. Certified Piedmontese is also low in fat
and calories. At the same time, it’s protein-rich with robust flavor and premium
tenderness. Incredibly lean, unbelievably tender: It’s the best of both worlds.
piedmontese.com
TECHNOLOGY IS OFTEN a double-edged
sword. While its advancement means
the tasks enabled by it can be completed
in less time, in more places, and at less
of a cost, those benefits usually come
with a different sort of cost. Consider, for
instance every time the Wi-Fi specifica-
tion is updated. To enjoy the significant
boost in throughput that a new Wi-Fi
spec typically delivers, you'll need a new
router and wireless adapters for your in-
dividual devices.
With SSDs (solid state drives), how-
ever, these costs are lower than you
might expect. Also, the inherent ben-
efits aren't limited to just a few special
circumstances. The short answer to the
question, "Are SSDs worthwhile?" is
"Yes, they are." In this article we'll ex-
plain why.
The Waiting GameDue to the large investment involved,
we understand that organizations large
and small need to carefully weigh the
Solid Advice On Solid State Drives DUMP YOUR HARD DRIVES & ACCELERATE YOUR BUSINESS WITH SOLID STATE DRIVES
pros and cons of upgrading any com-
ponent across a fleet of machines. SSDs
are fairly unique in that, typically, all
you need to do is install the SSD in
place of a PC's or laptop’s current HDD
(hard disk drive). As long as the PC or
laptop in question is no more than five
or so years old, the upgrade really can
be that easy. For this reason, you don’t
need to put off SSD upgrades until your
next major system refresh.
Part of what makes the upgrade so
simple is the data and power connec-
tions that SSDs use are identical to the
ones that modern HDDs use. The Serial
ATA 3.0 connector over which data
travels is a compact yet high-speed in-
terface that enables throughputs that
approach 6Gbps (gigabits per second),
which is why it’s sometimes referred to
as SATA 6Gbps. Despite supporting the
same interface, HDDs have never been
capable of delivering data fast enough to
approach that speed. SSDs, on the other
hand, were built for speed.
Inside SSDs & HDDsHDDs consist of one or more mag-
netic metallic discs (called platters) that
revolve at a rate of thousands of times
per minute (5,400rpm, 7,200rpm, and
10,000rpm are common HDD spin
speeds) as an actuator arm with dedi-
cated read/write heads for each platter
move across the surface. For a file to be
read or written, the actuator arm must
move to the proper position, the disc
must spin to align the head with the
proper location, and then the file must be
transmitted. The 6Gbps throughput only
impacts the final step in this process, the
spindle speed and actuator movement
add a great deal of latency to the HDD’s
access time.
The big advantage for HDDs is their
relative low cost, as we went to press,
you could spend between 5 and 10 cents
per Gigabyte of HDD storage capacity.
These devices also tend to have higher
total capacities, up to 8TB (terabytes)
and good reliability. If your primary
52 April 2015 / www.cybertrend.com
concerns are capacity and price, then
you should consider sticking with your
existing HDDs.
SSDs consist of NAND flash mem-
ory, the same technology found inside
USB thumb drives, and a controller
chip, which is designed to perform
the essential functions of the device,
such as error-correction, preventing
any memory blocks from wearing out
the device prematurely, finding and
disabling bad blocks, caching read and
write commands, and encrypting data.
Another one of the controller’s tasks is
garbage collection, which is the series
of data-shuffling operations that en-
sures there’s space for new data to be
written. When an SSD receives a call
for data, it electronically locates the
corresponding row and column to
address the memory chip, which can
occur incredibly quickly.
In the early days of SSD manufac-
turing, SSDs garnered a reputation for
being unreliable and failing prema-
turely. Unlike the magnetic platters
in HDDs, the flash chips in SSDs very
gradually degrade the more they’re
written to. Since those early days, new
memory chips have been developed
that can handle significantly more
reads and writes, and modern control-
lers can further minimize the problem.
The practice of overprovisioning, or
setting aside a portion of the SSD’s
capacity for various SSD lifespan-
boosting commands, is another way
in which SSD manufacturers have im-
proved drive reliability. SSDs today are
every bit as reliable as HDDs.
Pricing for SSDs is sti l l signifi-
cantly higher than for HDDs, typi-
cally around $0.45 per gigabyte for
consumer-grade devices. Capacities of
SSDs top out at 2TB, but the highest
capacity drives are rare and very ex-
pensive. The most common capacities
today (available at $0.45 per gigabyte)
are between 240GB and 512GB.
Some applications wil l hammer
an SSD with frequent read/write op-
erations, such as using them in high-
traffic servers. However, enterprise-
grade SSDs, which tend to cost more,
can even perform just as reliably as
HDDs in these environments. For or-
ganizations that use hundreds of drives,
the MTBF (mean time between failure)
rating, can be a useful way to calculate
life spans compared to the HDDs cur-
rently in use.
Speed ComparisonThe number of instances per second a
storage device can perform a data read or
write command is called its IOPS (input/
output operations per second). This is
generally how we gauge the speed of
SSDs compared with HDDs.
Benchmark tests show that a stan-
dard consumer-grade 7,200rpm hard
drive typically doesn’t achieve more
than 200 IOPS and very expensive en-
terprise-grade 15,000rpm hard drives
can only manage between 450 and 300
IOPS. A standard consumer-targeted
SSD, on the other hand, has IOPS in
the neighborhood of 8,000 or more.
This is a fairly involved way of
saying that SSDs aren’t just a little bit
faster than traditional hard drives,
they’re a lot faster. And that speed can
translate directly into more produc-
tive employees, dramatically improved
server and workstation performance,
and better ROI for your organization.
For mission-critical applications,
where high-speed, low latency perfor-
mance is the ultimate goal, SSDs are
the most viable option. But the benefits
of SSDs apply across the board.
Cool & CompactSSDs can generally withstand higher
temperatures than HDDs, and their
form factors start at 2.5 inches, which
is the size of a common laptop HDD.
SSDs tend to consume about 50% to
66% of the power that HDDs do, so if
you use a lot of devices in a very con-
fined space, these power savings can
add up quickly.
Superior StorageModern SSDs have what it takes to
make it in the business world. Better
yet, they significantly outperform HDDs
in terms of energy consumption, read/
write speeds, and shock resistance. Even
in terms of reliability, SSDs are very
competitive. The lone advantage HDDs
have, price per gigabyte, is continuing
its free fall. If you’ve been on the fence
about upgrading, now is the time to give
SSDs a spin.
HDDs (hard disk drives) currently offer higher capacity per dollar ratios than SSDs (solid state drives), but they lose to SSDs in virtually every other way.
SOLID STATE DRIVES ARE FAIRLY UNIQUE IN THAT, TYPICALLY, ALL YOU NEED TO DO IS INSTALL THE SSD IN PLACE OF A PC'S OR LAPTOP’S CURRENT HARD DISK DRIVE. . . . THE UPGRADE CAN REALLY BE THAT EASY.
CyberTrend / April 2015 53
PROTECTING YOUR digital identity is just
as important as locking the front door to
your home; refraining from leaving valu-
ables in the car; and keeping track of
your credit cards, debit cards, driver’s li-
cense, and other identifying documents.
Passwords (and the associated usernames)
are often the only things standing between
cybercriminals and our precious data. We
spoke to several experts and collected a
laundry list of dos and don’ts to help you
choose the best passwords and keep them
strong for as long as you need them.
Our Bad Habits RevealedEvery year, various security vendors
and research institutions post lists of the
most common passwords users continue
to use. According to Alan Tang, director
of research at Info-Tech Research Group,
one of the worst things we can do when
choosing a password is make it too easy
to guess. “Passwords that are too simple
or too common often fall victim to dic-
tionary attacks. Examples are 123456,
P@55w0rd$ DeC0ded EXPERTS WEIGH IN ON WHAT TRULY MAKES A STRONG PASSWORD
password, LetMeIn, abcdef, incorrect,
abc123, new2day, princess, dragon, Base-
ball, Football, Monkey, [and] ILoveYou.”
Other password-picking bad habits Tang
highlights include using one password for
all or multiple logins, sharing passwords
with others, and using passwords that con-
sist of personal information, such as names
of children or pets and birth dates.
Ant Allen, a Gartner research vice pres-
ident, says we should avoid making our
passwords too complex. “The fundamental
problem is that we are trying to shore up an
authentication method which is extremely
weak anyway, with many vulnerabilities,”
he says. “The focus of a lot of the regula-
tions and a lot of what organizations are
trying to do anyway, even if they’re not
subject to regulations, is to make pass-
words long and complex. And that creates a
burden on users.”
Barbara Kraus, Parks Associates director
of research, echoes much of what Allen and
Tang warn against, but she reminds us to be
mindful that a person’s choice of username
can introduce vulnerabilities, as well. “If you
use your email address as your user ID and
one of those [most common passwords] as
your password, you’re very much opening
yourself up to have that hacked.”
What Makes A Strong Password?The analysts we spoke with also gave
advice for how to strengthen our online
identities. Although most websites and
online service providers institute rules
regarding the types of characters that a
person must use in his password, Allen
believes that “difficult to guess” does not
have to equal “difficult to remember.” He
levels a finger at password requirements
that force users to use uppercase and low-
ercase characters, numbers, and symbols.
He argues, “You can get the same kind
of password that is difficult to guess from
using a long simple password, but that
is a lot easier to remember.” Allen la-
ments that not every system can accept
long passwords and many legacy systems
don’t support them. Although there are
54 April 2015 / www.cybertrend.com
things we can do to make our passwords
resistant to breach, Allen suggests that a
more systemic solution to the problem
may be necessary. “If you can’t use it uni-
versally in an organization,” he says, “then
you can’t use it at all.”
Until all systems allow the longer easy-
to-remember passwords, Kraus advocates
creating passwords that have uppercase and
lowercase letters, a number, and a special
character. Tang proposes that organizations
make strong password creation part of a
periodic training curriculum and require
passwords be a minimum of eight charac-
ters. He also suggests leveraging tools, such
as password managers.
Using Different Passwords Is KeySome experts recommend using dif-
ferent passwords for different accounts.
Your financial accounts, for example,
shouldn’t have the same password as your
online shopping accounts. If you have mul-
tiple financial accounts, maybe one with a
bank and another with a brokerage, then
you need different passwords for each one.
According to Tang, “Some organiza-
tions don’t change the default password
that come[s] with the devices from ven-
dors, such as network devices.” He says
that using different passwords for every
login “reduces the risks of [exposing] all
your systems/data if a single password has
been comprised.”
Passwords Go BadNo matter how secure your password is,
it’s a good idea to periodically change it to
stay ahead of cybercriminals, especially be-
cause some breaches can go undiscovered
or unreported. Although being forced to
change your passwords can be frustrating,
it can save you a lot of future headaches.
When choosing new passwords, Krause
advises against reusing passwords you
changed recently. “Our general rule is:
Don’t use the last three,” she says. Tang
suggests that you avoid using your last
four passwords. Regarding how often you
should change passwords, Kraus recom-
mends doing so at least every 180 days.
“And that’s for every password. If you have
10 different passwords, you want to change
them all every six months.”
For regulated organizations, Tang rec-
ommends checking compliance require-
ments to determine how often they should
change passwords. “For instance, PCI-DSS
[PCI Data Security Standard] requires
changing user passwords at least every
90 days,” he says. Many of the organiza-
tions Tang encounters require a password
change every 30 or 45 days.
Allen reports that a lot of organizations
set passwords to expire between 60 and 90
days, but he sympathizes with users who
are frustrated with frequent forced pass-
word changes. “The traditional justification
for that periodic change was to limit the
window of opportunity for the attacker,
but even with a 60-day period, that means,
on average, that attacker’s still got 30 days
use out of it, which is plenty of time to do
damage—establish back doors so you’re no
longer reliant on passwords. So it’s a very
weak control.”
Whom To Trust?When it comes to your sensitive data
and the passwords you choose, you
shouldn’t trust anyone. A friend or loved
one may be unlikely to steal your informa-
tion or sell it to data thieves, but they may
not be as careful as is necessary with the
info you supplied them.
Kraus suggests that you be aware of your
surroundings and the hardware you’re
using as you input passwords and log into
your accounts. “Nobody should be looking
over your shoulder when entering your
passwords. You shouldn’t enter passwords
on computers you don’t control. . . . If
there’s any malware on that computer, it
can steal your passwords. The same with
unsecured Wi-Fi; it’s easy to hack for pass-
words and data.”
Allen says, “Even if you make your pass-
word difficult to guess, that doesn’t mitigate
phishing attacks, spyware attacks, and so-
cial engineering attacks. If an attacker waits
until you’ve logged in [to launch] the attack,
then no type of authentication can prevent
the breach.” In short, if you’re using a com-
puter you don’t trust or a network with
other users you don’t trust, don’t use either
to access sensitive personal data.
“The fundamental problem is that we are trying to shore up an authentication method which is extremely weak anyway, with many vulnerabilities.”
ANT ALLENResearch Vice President : Gartner
“Passwords that are too simple or too common often fall victim to dictionary attacks. Examples are 123456, password, LetMeIn, abcdef, incorrect, abc123, new2day, princess, dragon, Baseball, Football, Monkey, [and] ILoveYou.”
ALAN TANGDirector Of Research : Info-Tech Research Group
“If you use your email address as your user ID and one of those [most common passwords] as your password, you’re very much opening yourself up to have that hacked.”
BARBARA KRAUSDirector Of Research : Parks Associates
CyberTrend / April 2015 55
THE WEB AS WE KNOW IT was not built
from the ground up to be the globally acces-
sible and culturally transformational tech-
nology that it has become. Instead, it started
as a fairly simple means for exchanging
small bits of information between remote
locations. Because it evolved organically
over time, there’s no single computer lan-
guage that Web developers rely on to create
the kinds of interactive applications we have
come to associate as synonymous with the
modern Web. The collection of languages
used today has significantly complicated the
task of programming Web applications and
created an environment that is replete with
security vulnerabilities. And the demand for
coherent, safe, and high-performance Web
applications is only growing.
Ur/Web is a relatively new functional
programming language designed to make
sense of it all by letting programmers write
script that uses a variety of modern Web
Ur/Web Seeks To Simplify Web Development MIT STREAMLINES ALL YOUR FAVORITE LANGUAGES UNDER ONE UMBRELLA
technologies without having to program in
each respective language. According to the
code’s author Adam Chlipala, a computer
science assistant professor at MIT, “I've de-
signed Ur/Web to be the language in which
I most want to use to develop Web applica-
tions.” Ur/Web is very much a working
developer’s development language, built to
perform similarly to ML and Haskell, but
with added features designed to support
more rules, functions, and modules.
The project page (www.impredicative
.com/ur/) describes Ur/Web as a form of
statically typed metaprogramming based
on row types. It is composed of two in-
terdependent components: the Ur, or the
language itself, and the special standard
library plus a collection of parsing and op-
timization rules. As we went to press, Ur/
Web had begun to outgrow its status as a
research language and was gathering trac-
tion as a highly functional, easy-to-use, and
significantly more secure alternative, espe-
cially among, in Chlipala’s words, “serious
fans of typed functional programming.”
From Chaos To CoherencyIf you were to dissect any Web page
today, you’d come across sections of code
written in HTML (Hypertext Markup
Language), XML (Extensible Markup
Language), CSS (Cascading Style Sheets),
JavaScript, and more for defining the Web
page’s core formatting, handling data that
is both human and machine readable, de-
scribing the user interface, running client-
and server-side scripts for user interactivity,
and countless other purposes. The problem
with this approach is that this patchwork
of code is very often expensive to generate
from scratch on a per-page basis, buggy,
and vulnerable to attacks.
Ur/Web bridges the gap between dispa-
rate code in a way that’s strict but logical.
56 April 2015 / www.cybertrend.com
Chlipala describes three distinguishing
characteristics of Ur/Web: “compile-time
checking of sanity properties of whole
applications, new approaches to modu-
larity where key parts of Web apps can be
strongly encapsulated inside of modules,
and a simple concurrency model.”
The Upside Of Ur/WebUr/Web-based Web sites are designed
to always remain stable during page gen-
eration functions. They also resist a variety
of common problems Web programmers
encounter, including any type of code-in-
jection attacks, pages with invalid HTML,
dead intra-application links, mismatched
HTML forms and fields, faulty client-side
code that references AJAX-style services,
invalid SQL query attempts, and
improper state recording in the
code base during SQL databases,
browser, or Web server com-
munication.
Type safety, or the ability
to prevent type errors (that is,
errors in program behavior re-
sulting from constant, variable,
and function discrepancies oc-
curring between differing data
types), is paramount to Ur/Web.
Other Web applications written
and compiled in Ur/Web return
server code, browser client code,
and SQL code that is designed to
work with the associated data-
base back end.
A Guard At Every DoorPart of what makes Ur/Web so resilient
to code-injection attacks are its strict rules
for how each page element is generated.
This “strongly typed” format lets the pro-
grammer use a preset data type for each
variable and function. As a result, no page
elements can attempt any form of unin-
tended interaction with any other page
element, which is why any attacker who at-
tempts to send maliciously formatted data
through a Web form will get nowhere fast.
Furthermore, Ur/Web supports variable
scoping, or the ability to limit where a vari-
able can be called within a program, to give
developers even more ways to protect their
applications and Web pages.
One example Chlipala uses to describe
this compartmentalization is a Web page
that features both a dynamically updating
calendar widget from a known library and
an adjacent advertisement widget that gets
its code from a third party. Using more
traditional programming languages, it’s
possible for hijacked advertisement code to
infect the calendar widget and change what
it displays or how it works. With Ur/Web,
this code-to-code interaction is impossible
unless the programmer enables it.
Other specific threats thwarted by Ur/
Web include buffer overflow attacks, auto-
matic run-time interpretation of strings as
code vulnerabilities, and cross-site request
forgery attempts in which an intruder tries
to access the site as a trusted user.
Ur/Web UsersAs we went to press, the current ver-
sion of the Ur/Web source code, Release
20150103, was out of beta. Chlipala
states that programmers should feel
confident in turning to Ur/Web when
building their next application. Outside
of hobbyists, academia, and some busi-
ness applications created by enthusiastic
developers, Ur/Web has yet to reach a
wider audience.
With so much attention on Web de-
velopment right now, it’s not surprising
that many developers are taking a “wait
and see” approach. But Chlipala is fully
cognizant of Ur/Web’s uphill battle,
saying that he suspects the current lack
of examples of relatively conventional
Web-app functionality implemented in
Ur/Web is the reason more developers
are remaining on the sidelines. “I'm
working now on fixing that problem," he
says. "For instance, I've built an app to
manage our annual visit weekend for the
people we've admitted into my depart-
ment's Ph.D. program. I plan to release
these examples, and the framework that
they use, soon as open source.”
In The WildThere are several examples of websites
and applications that rely on Ur/Web and
illustrate what the functional program-
ming language is capable of. Vladimir
Shabanov used Haskell and Ur/Web to
create a commercial RSS reader
called BazQux Reader, which
supports thousands of paying
subscribers. The Bitcoin Merge
Mining Pool is another ex-
ample. New Zealand-based
Extensibl is a software develop-
ment services and consulting
firm aimed at startups, and
Ecosrv, primarily used as a da-
tabase for network routers up-
grading their firmware, is one
application of Ur/Web that
Chlipala did not foresee. “That
wasn't my idea of the canonical
user of a Web application!”
Chlipala is still actively de-
veloping Ur/Web, focusing his
efforts on creating examples
of common Web applications designed
to support various applications that are
useful within MIT. “I'm continuing to
develop it as a practical platform, ad-
dressing bug reports and feature requests
from users, applying it to some local
MIT Web apps, and doing a bit of re-
search on useful additions, like new opti-
mizations in the compiler.”
As we went to press, Chlipala ex-
pressed his intention to keep Ur/Web
available as an open source project for the
foreseeable future. Although he didn’t feel
up to the task of predicting how Ur/Web
will grow over time, he was confident that
Web application programmers who tried
it would find it a joy to work with.
Techempower.com reports that Ur/Web is one of the top ten performing frameworks.
CyberTrend / April 2015 57
THE LATEST PREMIUM ELECTRONICS
Power, Speed & Panache For Serious GamersWWW.MSI.COM
If you are a gamer, or if you know one who deserves an exceptional gift, check out the GS70 2QE Stealth Pro ($1,999.99 base price). Designed and manufactured by MSI, which is prized for making computers imbued with powerful components and stylish exteriors, the GS70 features an Intel Core i7 processor, up to 16GB memory, plenty of storage capacity (more than 1TB, depending on the configura-tion), and the fastest connectivity options around: Gigabit LAN, 802.11ac Wi-Fi, Bluetooth 4.0, and USB 3.0 (four ports). The GS70 weighs a shade under 6 pounds (with battery) and measures less than 1-inch thick, making it incredibly thin and light for a laptop with a 17-inch Full HD (1,920 x 1,080) anti-glare LCD. In support of active gamers, the GS70 comes with an Nvidia GeForce GTX 970M graphics card, XSplit Gamecaster (for recording, broadcasting, and sharing), two fans for thermal cooling, and Matrix Display support for extending the view to as many as three displays. The system also features a backlit keyboard and Dynaudio Tech Speakers with subwoofer. The GS70 runs Windows 8.1 and is available in various styles, including the Pro Red Edition pictured above.
58 April 2015 / www.cybertrend.com
High Capacity & Lightning QuickWWW.PNY.COM
Whether you're a photography enthusiast or a professional photographer, you'll ap-preciate PNY's Elite Performance SDXC Class 10 Memory Card for its incredibly fast data transfer rates: up to 95MBps (megabytes per second). This read performance is perfect for continuous shooting, action shots, and high-definition video, as well. The card uses the SDXC standard for reliable performance, so make sure your camera is SDXC-compatible. The card is available in 64GB ($49.99), 128GB ($79.99), and 256GB ($169.99) capacities. According to PNY, the card is magnet proof, waterproof when submerged up to 1 meter in salt water, shock proof up to 1,500Gs, and capable of withstanding temperatures ranging from -13 to 185 degrees Fahrenheit.
Better For Notes, Stunning For VideoWWW.GIGABYTE.COM
The Gigabyte Tegra Note 7 offers accuracy for note-taking and includes a chisel-tip stylus for handwriting and drawing, but the tablet truly shines when it comes to video, audio, and gaming. The tablet runs the Android 4.3 (Jelly Bean) operating system and features a 7-inch high-definition screen with an LED backlight and an ambient light sensor for high visibility. Powered by a quad-core 1.8GHz CPU and a 72-core Nvidia GeForce graphics processor, the Tegra Note 7 also includes front-facing stereo speakers, HDMI and USB 2.0 ports, 16GB on-board storage (with a Micro SD slot for up to 32GB more), Wi-Fi, Bluetooth, GPS, and a battery that powers up to eight hours of video playback per charge. The Tegra Note 7 is distributed through EVGA and sells for around $200 through online retailers.
CyberTrend / April 2015 59
Smartphone Tips A ROUNDUP OF HANDY ADVICE
Use Foreign Language Keyboards
❯ Windows Phone 8 supports more than
40 languages with separate on-screen
keyboards for each. Of those, Windows
Phone 8 provides automatic text sugges-
tions while you type for more than 30
languages. By default, Windows Phone
8 smartphones sold in the U.S. market
will come with the U.S. English key-
board active and ready to use. If you
add one or more foreign language key-
board, a language button will be added
to the keyboard, allowing you to switch
quickly between keyboards for dif-
ferent languages. To add a keyboard,
access Settings, tap Keyboard, tap Add
Keyboard, select each keyboard you
would like to add, and tap the Add
button. To remove a keyboard, follow the
same steps but tap Remove at the end.
Move iTunes Music To Your Windows Phone
❯ If you have a Windows Phone 8 smartphone and store your music in iTunes
on a PC running Windows 7/8, you can download Microsoft’s Windows Phone
App For Desktop to move iTunes content to your phone. This is ideal for those
who have used an iPhone or iPod and now wish to play media mainly on a
Windows phone. Install and download the program, launch it, click Settings,
and (under Sync Music, Videos, And More From) select iTunes. Tweak other
settings to control what media is transferred to your phone and whether or not
it transfers automatically.
Set Up Global Roaming
❯ If your Windows Phone smartphone and wireless carrier support it, you can
start setting up global roaming by accessing Settings and tapping System and
then Cellular. For the Data Connection option, tap to turn service on; for Data
Roaming Options, tap to enable mobile data roaming and choose the type of
service; and for Voice Roaming Options, tap to enable and choose the type of
service. The Activate Network option displays which network your smartphone
is connected to.
WINDOWS PHONE
Imag
es, c
lock
wise
from
top
left,
cou
rtesy
of A
pple
(1),
Sam
sung
(2),
Sony
(3),
Micr
osof
t (4,
5),
and
Blac
kBer
ry (6
)
60 April 2015 / www.cybertrend.com
Reset The Swype Dictionary
❯ Android devices with the Swype on-
screen keyboard let you glide your finger
from one letter to the next to spell a word
without having to press each letter sep-
arately. As with any small-screen key-
board, the results can sometimes differ
from what you intended to type, either
because you touched a few wrong keys or
because the keyboard’s auto-correct fea-
ture incorrectly assumed you were trying
to type a different word. After you enter
a word that Swype doesn’t recognize, it
is added to the Swype dictionary. If at
some point you would like to clear your
added words from the Swype dictionary,
access Settings; tap My Device, Language
& Input, Preferences, and Reset Swype’s
Dictionary; tap the pop-up box option to
confirm that you want to take this action.
Adjust Your Phone Lock Wait Time
❯ Once you set up Android’s built-in
locking system, you must enter a pass-
word, PIN, or pattern to gain access to your
phone. This is a great security feature, espe-
cially for absent-minded mobile individuals
who occasionally lose track of their phone.
But it can also be a nuisance, especially if
you use your phone often. Being required to
enter a passcode every time you want to use
your phone can quickly get old.
Some Android phones offer the option
to set a timeout period that must elapse
before the phone lock feature kicks in.
This can be an acceptable compromise be-
tween locking right away and not locking
at all. To set the phone lock timeout, go
to Settings, Security, Lock Phone. If your
phone has this feature, you will see an op-
tion for setting the lockout time period.
Select a time period that will let you use
the phone freely, but will lock the phone
before someone can pick it up and use it
should you accidentally leave it behind.
Try 5 minutes to start, and then adjust the
time if that’s too short or too long.
Change Your Primary Shortcuts
❯ The primary shortcuts on a current Android smartphone are the persistent but-
tons at the bottom of the screen for Phone, Contacts, Apps, Messaging, and Internet.
You can remove any of these except for the Apps shortcut, and add shortcuts
to the apps you’d rather have quick
access to. Press the Home button
so that you’re looking at the Home
screen, and then press and hold the
primary shortcut you wish to replace,
and drag it to an empty spot on the
Home screen. Repeat this to remove
other icons from this area, if you like.
Then, press and hold the icon for any
app you want to add to the primary
shortcut area and simply drag the icon
to the desired spot.
Check Battery Level & Optimize Battery Life
❯ For most smartphones, the de-
fault battery indicator doesn’t pro-
vide much more information than
a general idea of how much life the
smartphone has left. But for those who
would like to see a little more battery
data or even analyze just how much
battery life individual applications are
eating up, Android provides a way. Go
to Settings, Device, and then Battery.
This menu will not only show you how
much battery life remains, but also the amount of battery life each app is consuming.
This information should give you a solid foundation for where to cut down on
power hogging apps.
For instance, if you leave your Bluetooth or GPS features turned on 100% of
the time, it’s going to drain your battery much faster than if you only turn them
on when you need them. You should also consider connecting to a Wi-Fi network
when possible, but not leaving the feature turned on when you’re out of Wi-Fi
range. Make sure you don’t leave apps running unnecessarily in the background and
try dimming the brightness of your display. All of these small changes can often lead
up to big improvements in overall battery life.
Snap Photos While Capturing Video
❯ Your particular phone may not support this feature, but Android has the ability
to perform dual image captures. When you’re using your phone to record video,
you can tap the screen and a hi-res still image will be shot at the same time, without
pausing the video recording. Android will save the still image to your photo gallery.
ANDROID
Primary shortcuts are those that appear at the bottom of every Home screen on an Android smartphone, such as the HTC Droid Incredible shown here. You can edit the primary shortcuts if you like.
CyberTrend / April 2015 61
Know Your Wireless Connection Options
❯ BlackBerry 10 displays one or more
cellular data connection icons de-
pending on the type of service your
BlackBerry is connected to at the time.
In addition to the familiar “bars” and
Wi-Fi indicator, there are numerous
cellular icons, including:
• 1X - 1XRTT data (slow)
• 1x - limited 1XRTT (slow)
• 2G - 2nd generation cellular (slow)
• 2g - limited 2G (slow)
• 3G - 3rd generation cellular
• (medium)
• 3g - limited 3G (medium)
• 4G - 4th generation cellular (fast)
• 4g - limited 4G (fast)
• 4GLTE - 4G LTE (Long Term
Evolution) (fast)
• E - EDGE (Enhanced Data Rates
for GSM Evolution) cellular data
(medium)
• e - limited EDGE (medium)
• G - GPRS (General Packet Radio
Service) cellular data
• (medium-slow)
• g - limited GPRS (medium-slow)
• H - HSDPA/HSUPA (High-Speed
Downlink/Uplink Packet Access)
cellular data (medium-fast)
• h - limited HSDPA/HSUPA (me-
dium-fast)
• H+ - HSDPA+ cellular data (fast)
• h+ - limited HSDPA+ (fast)
• X - no mobile network coverage
Can’t Save Images & Videos?
❯ If you are unable to save new image
or video files to your BlackBerry 10
smartphone, try using the File Manager
app to delete older media files to gain
more space on the device’s media card,
or insert a new media card. When you
insert an empty media card, access the
File Manager app, navigate to find the
media card, and create a folder named
Camera if there isn’t one already there.
Add Contacts To Your Home Screen
❯ Since the introduction of BlackBerry 6 and through to BlackBerry 10, the
BlackBerry Home screen has been able to contain icons for things other than apps,
including Web pages and documents. One often-overlooked use for this capability is
to add one of your contacts to the home screen. Launch the Contacts app and high-
light the contact you wish to have on your home screen. Press the Menu key and
select Add to Home Screen. A dialog box will appear, with an icon for the contact
and the contact’s name. You can change either by tapping on it. When you’re done,
tap the Add button.
Forget Auto-Correct, Create Your Own Text Shortcuts
❯ All right, don’t actually forget auto-
correct. Despite its often-documented
failings, auto-correct (known as “word
substitution” in the BlackBerry uni-
verse) is arguably more helpful than
not when it comes to typing on a
smartphone touchscreen. However, if
you’re using a BlackBerry 10 smart-
phone, you can create your own text
shortcuts to speed up your typing. If,
for example, there’s a certain unusual
word, or even an entire phrase, that
you use fairly often, you can establish
a shortcut using an abbreviation or a
nonsense word that, when you type it,
uses word substitution to replace what
you typed with the full word or phrase.
To do this, access Settings, and then tap
Language And Input, Prediction And
Correction, Word Substitution, and the
Add (plus sign) icon, then enter the ab-
breviated and full text when prompted.
Zoom, Even When The Screen Doesn’t Allow It
❯ Every touchscreen user probably knows by now what it means to “pinch to
zoom,” in which two fingers are used to zoom in or zoom out on a screen’s text and
images. As you’ve likely noticed, however, there are many apps and browser pages
on which this is possible, and many others on which this isn’t possible. Don’t let
that stop you, however. If you have a touchscreen BlackBerry 10 smartphone, access
Settings, tap Accessibility, and switch on the Magnifying Mode feature. Doing this
magnifies the screen a little bit right away. You can adjust the level of magnification
by sliding two fingers apart on the screen (to zoom in) or by pinching two fingers to-
gether (to zoom out). To toggle Magnify Mode on and off without having to go into
settings, use two fingers to swipe down from the top of the screen.
BLACKBERRY
Within the Language And Input settings, tap Word Substi-tution on the Prediction And Correction screen to alter the ways in which your BlackBerry smartphone substitutes typed text with other text.
62 April 2015 / www.cybertrend.com
Prevent Data Tracking
❯ To protect the privacy of your data
usage, you’ll need to disallow the moni-
toring of your iPhone. On iOS 8, you
can do this by tapping Settings, Privacy,
Location Services, and Systems Services.
Find the Diagnostics & Usage switch and
turn it off.
It’s also wise to switch off Location-
Based iAds because leaving it on makes
your real-time location visible and ef-
fectively informs Apple and its partners
that they can use your information to
customize your advertising experience.
Limit Ads
❯ While you’re changing settings to pre-
vent tracking, the Advertising setting is
also worth changing. To do so, access
Settings, tap Privacy, tap Advertising, and
switch on Limit Ad Tracking—but keep
in mind that this only prevents tracking
and interest-based advertising, it does not
necessarily decrease the number of ads
appearing on your iPhone.
Hide A New Email Message To View Another
❯ With every version of iOS prior to
iOS 8, composing a new email mes-
sage with the Mail app meant that your
new email message occupied the full
screen. If you needed to view a previous
email message, you would have to close
your new message, tap to save it as a
draft, and then, when it came time to
return to it, tap Mailboxes, scroll down
to Drafts, and find the message there.
With iOS 8, a new email you’re com-
posing doesn’t take up the full screen.
Instead, there’s a gap at the top, so if
you need to look at an earlier message
you can minimize the email you’re
writing by dragging New Message to the
bottom of the screen. To return to your
email, simply tap New Message.
Make The Most Of Reminders
❯ The Reminders app, which is native in (or built into) Apple iOS 6 and later, can
help you keep track of day-to-day to-do items as well as tasks associated with proj-
ects you are managing or tracking through Microsoft Outlook.
Works With Outlook
❯ If your iPhone is set up to work
wi th Microsof t Exchange , the
Reminders app will automatically
sync with Outlook’s Tasks feature.
You can view Outlook tasks (along
with all of their associated details)
in the Reminders app, and likewise
you can see tasks you add to the
Reminders app on-the-fly when you
return to your computer’s Outlook
program. The Tasks list is the default
list in the Remembers app; you can
create additional lists, which will au-
tomatically sync with Outlook as well.
Establish Sync Preferences
❯ Access your iPhone’s settings,
scroll down, and tap Reminders.
Here you will see the period of time
the Reminders app will cover when
syncing with Exchange. Tap Sync if
you would like to change the time
period. Options are 2 weeks back, 1
month back, 3 months back, 6 months
back, or all reminders; tap one of these
options, tap the Reminders button to
go back, and tap the Settings button to return to the main settings screen.
Add, Modify & Delete Reminders
❯ To add a reminder, open the app, tap the Add icon (plus sign), and type the
reminder text. Tap Done or, if you have another reminder to add, tap Return and
enter the text for the next reminder. Tap any reminder in any list to modify it (set
a reminder notification or due date, set the reminder to repeat, etc.) or delete it
(swiping to the right and tapping Delete also works).
Quick Keyboarding Tips
❯ Having to enter a submenu just to access the apostrophe really muddles typing
words with apostrophes, such as the conjunctions it’s, we’ll, we’re, and they’re.
Oftentimes, your iPhone automatically suggests the appropriate word. When auto
suggest utterly fails to read your mind, however, you can type certain words a cer-
tain way to get auto suggest to display the word you want. To type it’s, we’ll, we’re,
or they’re, just type itss, welll, weree, and theyrr, respectively, followed by a space.
IOS
The Reminders app is part of iOS and integrates with your Microsoft Outlook Tasks.
CyberTrend / April 2015 63
YOU’RE READY TO give your presenta-
tion, but until that first slide appears on
the big screen, you can never be sure
that your equipment has got your back.
We can’t tell you not to worry, but these
handy tips should help bail you out if
your presentation goes south.
Hardware & Cable Connections
It can be difficult to track down the
source of problems that occur when
you are connecting a notebook and
projector. Following are some things to
watch for.
Video. Turn off all equipment and
connect your notebook’s video out port
to the projector. The usual connection
choices for a notebook are VGA (Video
Graphics Array), DVI (Digital Visual In-
terface), HDMI (HD Multimedia Inter-
face), and DisplayPort. Many projectors
have VGA and one or more digital con-
nections. If possible, use a digital connec-
tion for high quality.
Laptop-Projector Setup Problems TROUBLESHOOT COMMON ISSUES WITH THESE HANDY TIPS
Sound. Some HDMI and Display-
Port digital video connections can carry
audio through the same port, but both
notebook and projector must support
audio over the digital video connection.
Traditionally, audio is connected using
the notebook’s audio out jacks and the
projector’s audio in ports; both of these
are often RCA or 3.5mm. If you’re not
using the projector’s built-in speakers,
make sure you connect your notebook’s
audio out to the sound system you in-
tend to use and turn the volume down
on the projector’s speakers.
Mouse. If you are using a mouse, or a
remote mouse controller, make sure the
controller/mouse is connected, usually
through the notebook’s USB port. If you
are using a wireless device, make sure the
notebook has the appropriate wireless
connection enabled. This is typically Blue-
tooth or a USB port wireless dongle.
Network ConnectionMany venues supply network pro-
jectors, which are made available as a
shared resource. Making a connection to
a network projector is as easy as plugging
MANY VENUES SUPPLY NETWORK PROJECTORS, WHICH ARE MADE AVAILABLE AS A SHARED RESOURCE. MAKING A CONNECTION TO A NETWORK PROJECTOR IS AS EASY AS PLUGGING YOUR NOTEBOOK INTO THE CORPORATE NETWORK VIA WIRED OR WIRELESS ETHERNET.
64 April 2015 / www.cybertrend.com
your notebook into the corporate net-
work via wired or wireless Ethernet.
Check with the company’s IT staff for
specifics. Once connected, use the net-
work connection wizard in Windows 7 to
find the projector you wish to use:
• Click Start (the Windows button
in the bottom-left corner of the
screen).
• Click All Programs.
• Click Accessories.
• Click Connect To A Network
Projector.
• The network connection wizard
may inform you that your note-
book’s firewall is blocking the
ability to connect with the pro-
jector. Click to establish the net-
work connection.
• Either have the wizard search for
available network projectors or
enter the projector’s address manu-
ally if it is available.
Once the device is connected, a
Network Presentation window will mini-
mize to your Taskbar. When you’re ready
to make your presentation, open the
Network Presentation window and select
Resume. Your notebook will treat the net-
work projector like an external monitor.
No VideoIn many cases, your notebook will
detect that you have a projector plugged
into one of its video outputs and will
automatically turn on the port. Not all
notebooks do this, however; and even
those that can still have missing video
if the notebook isn’t set to duplicate the
Desktop or extend it to the secondary
monitor (the projector). Many note-
books use a function key combination
to toggle the projector port on or off
and set how you can use the display. We
recommend using the control panels
in Win7:
• Right-click a blank area on the
Desktop.
• Select Screen Resolution.
• Select the second display from the
drop-down menu.
• Select Extend These Displays from
the Multiple Displays drop-down
menu. Your Desktop background
should now appear on the projector.
Win7 also has a pop-up display for
selecting the content that is sent to the
projector. Press the Windows-P keys
to bring up the four possible selections:
• Disconnect Projector (turns the
projector display off)
• Duplicate (mirrors your computer’s
Desktop on the projector)
• Extend (uses the projector as an ex-
tension of your Desktop)
• Projector Only (turns off your
notebook’s display and uses the
projector as the main display)
Video Is Out Of RangeWhen the projector can’t reconcile a
video signal from a notebook with its
preset resolution, it displays an out-of-
range message. To solve this in Win7:
• Right-click a blank area on the
Desktop.
• Select Screen Resolution.
• Select the display associated with the
projector.
• Use the resolution drop-down menu
to adjust the resolution to the cor-
rect value. Try 800 x 600 or 1,024
x 768 as these are resolutions that
many projectors can handle.
Display Turns OffIf the projector’s display turns off
during your presentation, you'll want
to check your notebook’s power man-
agement feature, especially if you’re
running the notebook off of its bat-
tery. Whenever possible, use your AC
adapter to run your notebook.
Video Won’t Display OrIs Choppy
Your slide presentation works fine,
but when you try to show a video, all
you see is a blank window or a choppy
rendition of the video. Trying to dis-
play a video on two monitors can be too
much for a video card that has marginal
graphics capabilities. If video isn’t dis-
playing correctly, change the Display
settings to make the projector the pri-
mary display.
NOTEBOOK-PROJECTOR TROUBLESHOOTING TIPS
• Turn off all equipment before connecting the notebook to the projector.
• If possible, use a digital connection to ensure a high-quality presentation.
• If you’re not using the projec-tor’s built-in speakers, turn them down and connect the notebook’s audio out to the sound system.
• If you’re using a wireless mouse or controller, make sure you can establish the wireless connection.
• Use the straightforward net-work connection feature in Windows 7 to connect to a network projector.
• If there is no video, check all the ports and then check Windows’ Screen Resolution settings.
• Adjusting the screen resolu-tion can resolve out-of-range messages.
• When a projected image isn’t proportionally correct, try re-positioning the projector and/or changing the projector’s keystone setting.
• If a display turns off during a presentation, check the note-book’s power management settings.
• If video isn’t displaying cor-rectly, change the Display set-tings to make the projector the primary display.
CyberTrend / April 2015 65
EXCEL SPREADSHEETS are useful for
tracking finances, storing important fig-
ures, or even creating databases of informa-
tion. But the only way to take full advantage
of Excel is to use functions and formulas.
Whether you simply want to find the sum
total of a column of numbers or calculate
compound interest, formulas are the best
way to transform your data. Here are exam-
ples of formulas that might save you time.
Calculate Compound Interest❯ Because Excel doesn’t have a built-in
function for calculating compound interest,
Microsoft provides a formula that will get
you the results you need using
present value (PV), interest rate
(R), and the number of invest-
ment periods (N). So, if you
make an investment of $100 and
Excel FormulasMAKE THEM WORK FOR YOU
want to see how much money you’ll have
in 10 years with a 4% interest rate, you can
plug those numbers into the =PV*(1+R)^N
formula. In our example, your formula
would be 100*(1+.04)^10. Note that you
need to change the 4% figure into a dec-
imal number, otherwise you might expect a
larger than life return on your investment.
Calculate the formula and you’ll see that
over 10 years your initial $100 investment
will grow to $148.02.
Calculate Percentages❯ You can calculate percentages in a va-
riety of ways using Excel, depending on
the information you already know. For
instance, you can use a simple division
formula to find a comparison between
two numbers. For instance, if you shipped
25 products and only one of them was
returned, you can simply enter =24/25
(or use cell coordinates) to get a figure
of .96 or 96%. If you want to calculate
change between numbers (200 to 250, for
example), you can use the formula =(250-
200)/ABS(200) to get a growth rate of .25
or 25%.
Sum Of Totals Across Multiple Worksheets❯ Let’s say you keep track of sales figures
over the years using the same Excel docu-
ment. Not only do you want a record of
your current year’s sales, but you also want
your sales figure from the previous year
at the top of each sheet. This will require
the use of the SUM function as well as
some cross-sheet calculation. Using the
SUM function, =SUM(Sheet1!A1:A6) for
instance, you can take numbers from the
Excel doesn’t have a built-in compound interest function, but
you can use this relatively simple function to get the same result.
66 April 2015 / www.cybertrend.com
first sheet, add them together, and display
them in a cell on the second sheet.
MATCH Function❯ Excel’s MATCH function makes
it easier to find the location of a specific
figure relative to its order in a column.
For instance, if you are searching
for the number 780 in a column of
30 cells, you can type the formula
=MATCH(780,B1:B30,0) to find your
exact match. If the information is located
in the 15th cell, for instance, you’ll receive
the result of 15 from the formula. You can
also use a 1 or -1 modifier in place of the 0
to find the number that is greater than or
less than your desired figure.
Round Up Or Down❯ If you work with figures that have mul-
tiple decimal numbers and need to round
up or down to a specific decimal place,
then Excel has two easy functions you
can use to get the job done: ROUNDUP
and ROUNDDOWN. For example, take
a number you want to round up, such
as 12,345.678 and decide what decimal
place you want to round to. Then, use the
function =ROUNDUP(12,345.678, 2) and
Excel will automatically round it up to
12,345.68.
WORKDAY Function❯ WORKDAY lets you take a start date
and a number of days to determine what
your end date will be with weekends and
holidays taken into account. For example,
you need to enter the DATE formula,
we’ll use =DATE(2015,4,1) into the A1
cell, and a specific number of days in the
A2 cell, we’ll use 18, you can use the for-
mula =WORKDAY(A1,A2) to find your
end date, which in this case is April 27,
2015. You can also add holidays to the
formula by entering the dates into cells
and adding them to the end of the formula
=WORKDAY(A1,A2,A3:A9), which will
change the end date.
Display Current Date & Time❯ Excel’s NOW function is a quick and
easy way to display the current date and
time in your spreadsheet. Type =NOW()
into a field and the date and time will ap-
pear. This information doesn’t update
automatically, but rather every time you
make a calculation within the spreadsheet
as well as every time you open that par-
ticular Excel document.
REPT Function❯ Typing the same thing over and over
can quickly get repetitive, especially if
you need 32,767 instances of the same in-
formation. If you think that number is
oddly specific, you’re right. It’s the max-
imum number of times you can use the
REPT function, according to Microsoft.
To use the REPT function,
simply take a word, number,
or other entry (“Repeat,”
in this instance) and tell
Excel how many times you
want it repeated by typing
=REPT(“Repeat”,5) into a
cell. You can also use this
function to better visualize
data. For instance, you can
use symbols to represent
sales figures or your amount
of customers and watch your
growth over time.
Cross-sheet calculation makes it possible to link formulas across multiple sheets in the same workbook,
so you don’t have to copy and paste information or calculate figures outside of Excel.
The MATCH function is helpful if you want to find a specific figure in a long column of numbers. It shows you where your query is located in relation to the array you provide in the formula.
CyberTrend / April 2015 67
AN UNFORTUNATE FACT about using
an Internet-connected computer these
days, whether it is a personal or com-
pany-issued notebook, is the constant
threat of malware infection. Even when
taking preemptive action to combat
malware attacks, there’s a fair chance
one will eventually hit your notebook
anyway, if for no other reason than
the sheer volume of malware that at-
tackers introduce daily. Frighteningly,
a leading security software maker re-
portedly gathered 15 million new mal-
ware samples between April and June
2014 alone. Of this number, Trojan
horses accounted for 58.2% of all newly
detected malware threats and were re-
sponsible for 62.8% of all global com-
puter infections.
What’s startling is that these attacks
included zero-day threats in which, as
the name suggests, zero days expire
between when a given vulnerability is
discovered and when attackers release
malware targeting the vulnerability.
Isolate Malware HOW TO COMBAT ATTACKS
With malware being so prevalent and
persistent, a large part of combatting
it is being able to recognize signs that
a system may be infected and then
knowing how to troubleshoot the
problem. Also important is what secu-
rity tools are available to detect, protect
against, and remove malware. The fol-
lowing details these issues and others
for notebook business users.
The Warning SignsAlthough new malware variants are
constantly being developed and re-
leased, malware is generally catego-
rized into several common groups,
including viruses, worms, rootkits,
spyware, Trojans, keyloggers, adware,
and ransomware. What these groups
have in common is an aim to infect
a user’s notebook to steal personal
or company information, hijack the
system outright, or cause other types
of damage. Malware infections can
transpire in numerous ways, including
when you visit an infected website, in-
stall software or an app with malware
hiding inside, click links or open at-
tachments in email, or insert an in-
fected USB thumb drive.
Though warning signs that malware
may be present can differ depending
on the malware type, there are some
primary indicators to look for. Michela
Menting, ABI Research practice di-
rector, says the most common include
applications and programs running no-
ticeably more slowly, slower Internet
performance, and data or files that
are unexpectedly deleted or altered.
A notebook running more slowly, for
example, could indicate malware is
stealing computing resources to fuel
whatever activity the malware was de-
signed to execute, such as hijacking
the system to help generate and spread
spam to other systems.
Some specific examples of changes
in notebook performance to watch out
for include programs, files, and folders
68 April 2015 / www.cybertrend.com
that take longer to open or that don’t
open at all and the notebook taking
exceedingly long to shut down or not
shut down at all. Menting says an easy
way to check for system performance
issues on Windows notebooks is to
look at the processes running in the
Task Manager and pay particular at-
tention to memory or CPU resources.
“If users regularly check the Task
Manager, they may be able to more
easily spot when something looks dif-
ferent from normal,” she says.
Other odd or strange system-related
occurrences that can signal possible
malware activity include the note-
book’s battery draining more quickly
than normal, beeps or alarms sounding
u n e x p e c t e d l y , a n d i n t e r n a l f a n s
speeding up for no obvious reason.
Elsewhere, the sudden and constant
appearance of error messages can be
a clue that malware is present, as can
a Web browser’s home page changing
or new toolbars appearing in the
browser without the user’s involve-
ment. Additionally, an inability to ac-
cess various system tools; messages
that report that administrator rights
have been denied; and a sudden disap-
pearance or appearance of unfamiliar
icons, shortcuts, folders, photos, and
file types are all other possible malware
warning signs.
Pop-up messages, including those
that appear out of the blue when a
Web browser isn’t even open, are an-
other indication that malware (par-
ticularly adware and Trojans) may
be present. An especially cruel type
of malware-related pop-up is one that
warns a user of security vulnerabili-
ties on his notebook and recommends
that he download or buy the suggested
security software (which happen to be
fake). Another indicator to watch for
includes phony social network posts
that the user appears to initiate and
share with his contacts.
Immediate ResponseWhen you suspect malware has
infected your notebook, Menting
advises turning off its Internet con-
nection. “Most malware will use the
Internet connection to send informa-
tion back or infect other computers
on a network,” she says. “Isolate the
laptop and then run an antivirus scan.”
Additionally, ensure that antivirus
software on the notebook is up-to-date
with the latest malware signatures.
“If not, then copy a free AV program
onto a USB thumb drive and use it to
install [the software] on the discon-
nected infected PC,” she says. More
sophisticated malware, Menting says,
“may be able to obfuscate its presence,
and others, such as zero-days, have
simply not yet been uncovered by secu-
rity firms and, therefore, an antivirus
[program] will not help.” In such cases,
Menting says the best option may be to
wipe the hard drive clean and reinstall
the operating system.
Means Of PreventionAs a means of prevention, Menting
says, at the least, you should ensure
that a firewall is running and working
properly. Generally, she says, most op-
erating systems have built-in security
features that users should activate.
Addit ional ly , numerous programs
(including PDF and document-creation
programs) provide options to pass-
word-protect files. “These are really
useful for protecting sensitive docu-
ments,” she says. “On browsers, there
are a number of security features that
can also be activated or increased.”
Malware Removal ToolsBeyond built-in tools, numerous
malware-removal tools are free for
download and use, as are numerous
useful and easy-to-use program-based,
on-the-fly encryption tools and anti-
theft products. Menting says, “Users
should definitely consider protecting
their data as well as their devices.” She
says specific features and abilities to
seek out in such tools included an-
tivirus, antispam, antiphishing, and
antispyware; firewall and intrusion
prevention systems; email, browser,
chat/instant messaging, and appli-
cation protection; privacy, ID, and
online transaction protection; en-
cryption and password management;
ant i theft and remote locate/ lock/
wipe; and cloud-based services and
backup platforms.
Usage-wise, routinely run antivirus
scans and avoid opening email and
attachments or clicking links within
messages from senders you don’t rec-
ognize; don’t reply to suspicious email;
avoid visiting suspicious or unknown
websites; don’t click pop-ups that ap-
pear suspicious and consider using a
pop-up blocker; and don’t download
and instal l software from suspect
sources. Additionally, keep software,
including Web browsers and security
programs, updated; back up data regu-
larly; and report suspicious activity to
your company’s IT department.
“Most malware will use the Internet connection to send information back or infect other computers on a network. Isolate the laptop and then run an antivirus scan.”
MICHELA MENTINGPractice Director : ABI Research
WITH MALWARE BEING SO PREVALENT AND PERSISTENT, A LARGE PART OF COMBATTING IT IS BEING ABLE TO RECOGNIZE SIGNS THAT A SYSTEM MAY BE INFECTED AND KNOWING HOW TO TROUBLESHOOT THE PROBLEM.
CyberTrend / April 2015 69
IF YOU HAVE USED a computer for any
amount of time, then you know that PC
problems can often occur with little
warning. Maybe you are having trouble
connecting to a Wi-Fi hotspot, or you
can’t get your mouse to work. We ex-
plore how to troubleshoot these and other
common PC problems so you can get back
to work quickly.
Hotspot TroubleshootingOrdinarily, when you carry your
laptop into an airline lounge, it will auto-
matically connect to the available Wi-Fi
hotspot. But what if that doesn’t happen?
First, check that your notebook’s Wi-Fi
adapter is turned on. Often, you’ll see a
backlit Wi-Fi icon near the keyboard. If
the icon isn’t illuminated, look for a
physical switch that you can flip to en-
able the adapter. Sometimes, the state of
your network connection is easily deter-
mined by an icon in the notification area
of the Taskbar. For instance, a red X on
the network icon indicates the adapter
PC Problems On The Road? HERE ARE SOME QUICK FIXES
is disabled while an asterisk means the
adapter is in the process of detecting the
available networks. You can right-click
the network icon in Windows 7 or Win8
and select Troubleshoot Problems. When
the Windows Network Diagnostics utility
opens, it will reset your connection, disable
the wireless adapter, and then enable the
adapter again.
The utility will display descriptions
of the problems it detects along with
some recommended solutions. In most
instances the utility will repair the con-
nection and report the issue as “Fixed.”
To enable a disabled adapter, right-click
the Network Connections icon, click
Open Network And Sharing Center, se-
lect Change Adapter Settings, and then
right-click the name of the wireless
adapter. In the resulting menu, you can
choose to disable or enable the adapter,
connect to or disconnect a network, and
diagnose problems, among other op-
tions. Click Properties to access detailed
options that may help you troubleshoot
the problem.
When your adapter is working prop-
erly, Windows may display a message in-
dicating there are several available wireless
networks. Select the message and choose
a network SSID (service set identifier, or
name) from the list. (You may need to
input a security password.) To display a list
of available networks in Win 8, go to the
Settings option in the charm bar and click
the Available Networks icon. If the adapter
is working and your system appears to be
connected, but you still can’t access the
THE WINDOWS NETWORK DIAGNOSTICS UTILITY . . . WILL RESET YOUR CONNECTION, DISABLE THE WIRELESS ADAPTER, AND THEN ENABLE THE ADAPTER AGAIN.
70 April 2015 / www.cybertrend.com
Internet check for a browser-based splash
screen and/or a Terms Of Use statement
to agree to. Launch a fresh browser session
and click the Home icon to redirect.
Fix Broken Outlook PST & OST Files
The PST (personal storage table) file
and the offline OST (Outlook Data File) is
where Outlook stores messages, calendar
events, and notes specific to your email ac-
count. If this file becomes corrupted, you
may find yourself ousted from Outlook.
There are a few things, however, that you
can do to get a foot in the door.
Scanpst.exe (Outlook 97-2003, 2007,
2010, and 2013), Microsoft’s Inbox Re-
pair tool, lets you solve busted PST/OST
problems quickly. To access the tool, close
Outlook and navigate to C:\Program
Files\Microsoft Office\OFFICE12. (This
last folder may have a different number;
for instance, our version of Office 2013
stores the utility in the \OFFICE15 folder.)
Double-click Scanpst.exe. By default,
the address for our OST file was already
listed, but if the field is blank, look in the
C:\Users\USERNAME\AppData\Local
\Microsoft\Outlook\ folder. Click the
Options button to access Replace, Ap-
pend, or No Log functions and click OK.
Click Start to begin the scanning process.
Windows will inform you of any errors
and prompt you to perform a repair when
the scan is complete. Before clicking the
Repair button, make note of the scanned
file’s backup location. Click Repair and
OK when you see the Repair Complete
message. Launch Outlook to see if this
fixes the problem.
If the file structure was corrupted be-
yond repair, Scanpst.exe resets your file
structure and rebuilds the headers. The
Recovered Personal Folders item in your
Outlook folders list, if it appears, will con-
tain all the data that is recovered. You can
then drag the data to your new PST file and
delete the Recovered Personal Folders item
from Outlook.
A Touchy TouchpadIf you use your laptop on a dock (and
use an external mouse and keyboard),
you can go weeks or months with a de-
activated touchpad and never realize it
until you hit the road. If you find your-
self in this situation, you can activate
the touchpad by pressing the Fn (func-
tion) key simultaneously with the F
number key associated with the laptop’s
touchpad (often labeled with an image
of a touchpad). Using this key combi-
nation will either automatically activate
the touchpad or display a device settings
dialog box that gives you the option to
enable your touchpad. Alternatively,
you can check the notification area in
the lower-right corner of the screen for
a touchpad icon. Click the icon and the
touchpad control panel appears where
you can enable or disable an input device.
An Unresponsive Keyboard Or Mouse
If your programs and applications
don’t respond to keyboard commands,
use your mouse to shut down the com-
puter by clicking Start, then Shut Down
(in Win7) or tap the Power Button and
tap Shut Down (in Win8). Unplug the
keyboard from your PC and then re-
connect it. Restart your PC to deter-
mine whether this process corrected the
problem. (If both input devices are un-
responsive, you can press and hold the
Power Button on the tower to manually
shut down your system.)
If your mouse isn’t responding, but
your keyboard is, press the Windows key
in Win7 to open the Start menu, use the
Right-Arrow key to select Shut Down,
and then press ENTER. In Win8, press
CTRL-ALT-DELETE, press the Tab key
until the power icon is highlighted, and
then press ENTER. Unplug your mouse
and then reconnect it. (If necessary, you
can press and hold the Power button to
shut down the PC.) Then restart your
computer to see if these instructions fix
your problem.
If you’re using a wireless keyboard and
mouse, ensure that the peripherals are
synced and in range of the wireless re-
ceiver. You may also need to install new
batteries. If these steps don’t enable pe-
ripheral communication with the PC, try
reinstalling device drivers. You can often
download these from the mouse and key-
board manufacturer websites.
The Microsoft Outlook Inbox Repair Tool (Scanpst.exe) lets you quickly recover corrupted Outlook PST and OST files.
THE PST FILE AND THE OFFLINE OST IS WHERE OUTLOOK STORES MESSAGES, CALENDAR EVENTS, AND NOTES SPECIFIC TO YOUR EMAIL ACCOUNT. IF THIS FILE BECOMES CORRUPTED, YOU MAY FIND YOURSELF OUSTED FROM OUTLOOK.
CyberTrend / April 2015 71