Information week 2012_04_02


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Information week 2012_04_02

  1. 1. Next >> R Previous Next THE BUSINESS VALUE OF TECHNOLOGY APRIL 2, 2012 Previous Next Previous Next Previous Next Plus First look at a new FBI system >> How LTE changes mobile strategies >> Download SAS keys in on predictive analytics >> EMC tries big data collaboration >> Google critics protest too much >> Table of contents >> Subscribe When picking security software, step one is to ask users what they think >> By Michael A. Davis
  2. 2. Previous NextCONTENTS THE BUSINESS VALUE OF TECHNOLOGY April 2, 2012 Issue 1,329This all-digital issue of InformationWeek is part of our 10-year strategy to reduce the publication’s carbon footprint COVER STORY 10 Security Strategy Consider employee interaction, system performance, and IT management when choosing 4 endpoint protection software 3 Research And Connect InformationWeek’s in-depth reports, events, and more 19 Fast Track LTE has vast potential to increase 4 CIO Profiles speed and capacity, but IT still IBM chief’s customer-focused decisions made an impact must take steps to meet mobile on the CIO of Convergys performance expectations 5 Down To Business Google is vulnerable, but the end isn’t nearQUICKTAKES 9 Data Scientists Get Social8 Analytics Standout EMC brings collaboration and 7 Government TechnologistNew BI platform ties into SAS’s agile development to big data First look at the FBI’s new Sentinel systempredictive analytics portfolio CONTACTS 9 23 Editorial Contacts 24 Business April 2, 2012 2
  3. 3. Links Previous Next Table of Contents Resources to Research, Connect, Comment What you need to know. Now. INFORMATIONWEEK REPORTS Secure FOLLOW US ON TWITTER AND FACEBOOK 4 Steps To Better Cloud Service Database Download Our Free iPad App Follow our four-step process to ensure Access that cloud service providers live up to Role-based @informationweek their end of the deal. access control centered on least user privilege is an MORE INFORMATIONWEEK effective way to prevent database Be Part Of The InformationWeek 500 Security Via SOX Compliance compromise. Proper provisioning, Nominate your company for the 2012 InformationWeek Our best practices will help you meet however, is a growing challenge. 500, our annual ranking of the best business technology Sarbanes-Oxley security requirements. innovators. Deadline is April 27. SaaS Concerns Linger Create Your Own Certificate Authority Look for tension as software-as-a-service Innovative Government Find out how to address the security providers try to keep big customers Our 2012 Government IT Innovators program shines issues inherent in creating and managing happy while staying true to their multi- a spotlight on the most innovative government IT internal SSL certificate authorities. tenant model. organizations. Nominate yours by April 27. NEVER MISS A REPORT GET OUR NEW SUPPLEMENT Healthcare IT Priorities Just released ROI Of The Cloud What’s Next For Certificate Technology Just released The pay-as-you go nature Piston Cloud OpenStack Environment Just released of the cloud makes ROI The Mobile Payment Frontier Just released calculation seem easy. It’s How To Harden NoSQL Databases Coming April 9 not. This InformationWeek 2012 Salary Survey Coming April 23 supplement shows you how to nail down the numbers. Get our 800-plus reports at April 2, 2012 3
  4. 4. Previous Next Table of Contents CIOprofilesJAMES A. GOETZ have been better off just applying that inven- initiatives has metrics, including net presentCIO and General Manager tiveness at the company that employed me, value and ROI. Second, we focus on service. Weof Global Technology building on relationships I already had. Being use a balanced scorecard that includes serviceSolutions, Convergys independent has serious downsides as well as levels; external and internal customer service upsides. Creativity can and should be applied metrics; employee development and retentionDegrees: Wheaton in any IT job. I did, however, learn to use metrics; and expense, revenue, and capitalCollege, BA in math and startup approaches within large companies. expenditure commitments.economics; University ofChicago, MBA in finance ON THE JOB VISION Size of IT team: About 1,600 Lessons learned from the recession:Business leader I’d like Relearning that productivity must be im-to have lunch with: Top initiatives proved every year. Cost reduction is a perma-John Chambers of CAREER TRACK >> Improving customer service interactions nent challenge.Cisco—just a really fun How long at Convergys: Four years at this with real-time analytics.person to listen to provider of customer management and What the federal government’s top tech information management products. >> Deploying real-time tools for our team lead- priority should be: Reduce the patentBiggest business- ers, letting them coach their agents based on bureaucracy. We’re spending way too muchrelated pet peeve: Most important career influencer: Sam specific performance and behavior patterns. time and money trying to get patents andLack of accountability Palmisano, the chairman of IBM. The way he protect ourselves from patent trolls. made quick customer-focused decisions >> Expanding our global presence. We’ll doIf I weren’t a CIO, I’d because he actually talked to customers and this through a converged global network that One thing I’m looking to do better: Webe ... a software could judge what made the most sense for supports secure voice, video, and data. need to further simplify the user interface forcompany leader (I just everyone made a big impression on me. our software!) How I measure IT effectiveness: We do this in Decision I wish I could do over: At one point two ways. First, by paying close attention to Ranked No. 57 in the 2011 in my career, I began two startups. But I would adding value through tech projects. Each of April 2, 2012 4
  5. 5. down to Business Previous Next Table of Contents from the editor Google In Decline? Critics Protest Too Much ROB PR ESTON A Google executive, James Whittaker, recently he’s “never been much on advertising.” Under ever, he doesn’t turn his nose up at advertising. left the company for his second tour at Mi- Schmidt, he pines, “ads were always in the back- “All of its focus should be on finding ways to crosoft, and in the aftermath he posted a blog ground. Google was run like an innovation fac- make ads on the Internet more valuable and on Microsoft’s site explaining why he left the tory, empowering employees to be entrepre- being the primary source for managing ad rev- search company. While promising “no drama” neurial through founder’s awards, peer bonuses, enue for everyone,” Enderle says. “Its winning and “no tell-all,” he nonetheless comes down and 20% time. Our advertising revenue gave us formula was monetizing the Web, which is ac- pretty hard on his former employer. The crux of the headroom to think, innovate, and create.” In tually a super set of ads, but it is clear, institu- his disenchantment? “The Google I was passion- other words, the grunts generated the ad rev- tionally, that Google is in denial about the real ate about was a technology company that em- enue, allowing the intellectuals to dream about source of its success.” powered its employees to innovate,” he writes. self-driven cars and Google Goggles. Page ru- I’m not so sure Google is in denial, though I “The Google I left was an advertising company ined things by rallying employees around social agree with Enderle and Whittaker that cus- with a single corporate-mandated focus.” and all that yucky advertising stuff. tomers aren’t clamoring for another social net-Why Companies Struggle That single focus? Facebook. As Whittaker de- But what Page astutely understands is that in- work. Where I disagree with them is on theWith Social Networks scribes it, since co-founder Larry Page took over novation for the sake of innovation doesn’t pay depth of Google’s problems. For all the con-Our report explores the problems from CEO Eric Schmidt a year ago, all company the bills or support a $209 billion market cap. cerns about its social awkwardness, it’s still wellcompanies face using social divisions have been on notice to put Google+ Writing on in a column headlined positioned in three of the biggest markets:networks for employee collabo-ration. It’s free with registration: and social networking front and center. Whit- “Is Google Facing The Beginning Of The End?” search, mobile, and Web 2.0 collaboration. taker writes: “Search had to be social. Android analyst Rob Enderle piles on Whittaker’s post. While all tech giants make big mistakes, theThis report includes data and had to be social. YouTube, once joyous in their In sizing up Google against the likes of smartest ones figure things out. Think Apple,analysis on: independence, had to be … well, you get the Netscape, Sun, and Yahoo (companies he says IBM, and Cisco rather than DEC and Kodak.> The poor success rate for in-house social networks point. Even worse was that innovation had to lost their way chasing rivals and never recov- Google has earned enough cred here, killing off> Social monitoring, staffing, be social. Ideas that failed to put Google+ at the ered) and Apple, IBM, and Microsoft (compa- high-profile products and projects (Wave, Buzz, vendors, and strategies center of the universe were a distraction.” nies he says lost their way but pulled things Gears, etc.) when they haven’t panned out. It’s unclear what Whittaker thinks Google back together), Enderle urges Google to move The Whittaker post is reminiscent of an op-ed Download should focus on instead. He acknowledges that past its Facebook envy. Unlike Whittaker, how- piece written two years ago by former Microsoft April 2, 2012 5
  6. 6. Previous Next Table of Contents down to Business exec Dick Brass, who contrasted Microsoft with innova- tion mavens such as Apple, Amazon … and Google. He lamented that Microsoft had become “a clumsy, un- competitive innovator,” despite having just reported record profits. His thesis: It was a company in decline. Now Microsoft is back (for now), having dedicated it- self to the cloud, rededicated itself to mobile, and put its Windows and Office cash cows on more solid foot- ing. Meanwhile, Google—despite the fact that its stock is trading near its 52-week high—is seen as the clumsy innovator staring at the “beginning of the end.” No question, Google is vulnerable. The prices it fetches per paid search click are down, and rival Face- book, as Whittaker suggests, “knows so much more” about its users than Google does. It’s still not clear how Google will monetize its Android franchise, es- pecially with its $12.5 billion acquisition of device maker Motorola Mobility. Evidence that Google is playing fast with users’ personal data has led to reg- ulatory probes in the U.S. and Europe. But the beginning of the end? Let’s give Google’s leaders a little more credit. Rob Preston is VP and editor in chief of InformationWeek. Share a digital version of this story or read others at robpreston. Write to Rob at
  7. 7. governmentTechnologist Previous Next Table of Contents First Look At The FBI’s New Sentinel System JOHN FOL E Y Six years and $450 million into the project, mark from a hard-to-please user base. vant to a case and find connections to others. the FBI’s Sentinel case management system To get to this point, the FBI had to upgrade Security, privacy, and governance measures are appears ready to deploy. Sentinel aims to re- Sentinel’s hardware, which crashed in a test last baked in. Agents can choose from a menu of le- place a hodgepodge of digital and paper fall. The agency bought three powerful Oracle gal considerations that may be relevant to a processes with purely digital workflows, help- Exadata systems, and Fulgham said performance case. They can collaborate on case files, track re- ing FBI agents collaborate and “connect the will no longer be an issue. In a 5,000-user stress visions, and co-sign documents. “It’s an elec- dots” on investigations. The question now is test, the Exadata-powered system used only tronic system of record with digital signatures how well the problem-plagued system will one-tenth of 1% of its processing capacity. that can go to court,” Fulgham said. meet expectations. A drop-down menu lets agents choose where FBI CIO Chad Fulgham, who will be leaving How It Works to send a file next. Routing is determined by the agency in April to return to the private sec- I watched as Fulgham signed on from his desk. roles-based permissions, ensuring that files are tor, demoed Sentinel for me at FBI headquar- The user dashboard loosely resembles Microsoft only available to authorized personnel. ters. ”This isn’t just a case management system. Outlook, with a similar color scheme, navigation It’s too early to call Sentinel a success. It still It’s a great platform to grow on,” he said. The panel, and drop-down folders and menus. It in- must be rigorously tested. Official word from the agency plans to move other apps to Sentinel, cludes a “My Work” area, where agents can pull FBI is that it will become operational this sum- giving them a similar look and feel. up case files and create new ones. mer. But things could still go wrong. For the past 18 months, the FBI has been using The case file template has a variety of required Fulgham was hired by the FBI in 2008 to com- agile development to push the long-delayed fields, and a green check mark designates those plete the troubled project. He won’t be around project across the finish line. Fulgham said the that have been completed. If the user tries to ad- to flip the switch on Sentinel, but he expressed software is essentially done. vance to the next step without completing all confidence it will work as advertised—and The FBI recently tested the system with 300 fields, a red asterisk flags the missing informa- even come in under its $451 million budget. agents who were brought in for a crash tion. Other PC-like features include auto-popu- course, which included creating mock case lating text, notifications, and a comments field. John Foley is editor of InformationWeek Government. Read files. On a scale of 1 to 10, the testers rated the An indexing tool records key words and num- other stories by him at system 8.5, which Fulgham considers a high bers, enabling agents to search for terms rele- Write to him at April 2, 2012 7
  8. 8. Previous Next Quicktakes Table of Contents IN-MEMORY COMPUTING SAS Visual Analytics Platform’s Predictive Capabilities Stand Out SAS’s new analytics platform promises the is its ability to apply analytical computations to source. In addition to the LASR Analytic Server, speed-of-thought and data-analysis capabili- a massive pool of data held in memory. platform components include the SAS Visual ties of SAP Hana, the scalability of Hadoop, and “We’re not just exploring past activity, we’re Analytics Explorer data-visualization interface; the intuitive visual-analysis capabilities of supporting analyses that are predictive, so a designer for creating reports and dashboards; Tableau. But what makes SAS Visual Analytics people can see into the future of their business an admin interface for managing data, users, stand out is its tie to SAS’s extensive predictive performance,” says Jim Davis, SAS’s senior VP and security; and Visual Analytics Mobile, an analytics portfolio. and chief marketing officer. app for viewing reports as well as downloading Visual Analytics isn’t an in-memory database. Predictive marketing campaign-optimization visualizations and supporting data from the In fact, it frees customers (and SAS) from de- efforts that take eight to 10 hours in a conven- LASR server, available initially for the iPad. pendence on expensive third-party databases, tional SAS environment can be done in less than In a demo of Visual Analytics Explorer, a SASDid You MissOur Last Issue? because it holds data in memory on a rack of exec dragged 10 variables onto the tool’s palettePredictive IT analytics systems blades running the Hadoop Distributed File Sys- and used drag-and-drop filters, check boxes, and Visual Analytics frees customerswarn IT of infrastructure problems, tem. Customers won’t have to know anything sliders to narrow the data set. The tool suggestsproviding insight that can be about configuring or running Hadoop, SAS says, from dependence on expensive the most appropriate visualization, but users canvital if a private cloud is inyour future. Read this in our because all the deployment, provisioning, and third-party databases, because also manually choose from options includingMarch 5 issue. It’s free with administration will be handled by the platform’s bar, line, scatter plot, bubble, geographic, heatregistration. Also in this issue: it holds data in memory on a rack SAS LASR Analytic Server. The platform has been map, histogram, and box plot charts.> Windows 8 preview of blades running Hadoop. tested with more than 20,000 columns and 1 SAS intends to run virtually all of its vertical> Randy Mott named GM’s CIO billion rows of data, SAS says, and to scale out, industry and function-specific analytic applica-> Dell pushes into enterprise customers simply add more nodes. three minutes, Davis says, and 18-hour bank-risk tions on Visual Analytics, Davis says. It already data center SAS gave InformationWeek a preview of Visual calculations now can be done in 15 minutes. can run marketing automation and value- and> Oracle gets late start on in-memory analysis Analytics last month, describing it as a self-ser- SAS data-integration capabilities pull data risk-analysis apps for banking on the platform. vice business intelligence product. While it does into the Visual Analytics cluster from virtually Next up will be retail price-optimization apps. Download support fast query and reporting, its true power any relational database or application data —Doug Henschen ( April 2, 2012 8
  9. 9. QUICKFACT Previous Next Quicktakes Table of Contents 240,000 Number of developers using Pivotal Tracker PIVOTAL ACQUISITION EMC Brings Social Networking To Big Data EMC’s big data analytics platform, called ment framework with its acquisition of Spring- 240,000 developers. In addition to Chorus, Piv- Greenplum Chorus, brings social networking Source, the company behind the Spring open otal agile consultants can work with EMC cus- and collaboration to data analysts and scien- source code project. Spring had a large follow- tomers that are using the new platform. tists. EMC is also bringing agile methods to the ing among developers producing lighter- EMC also has tied Chorus to its VMware unit development of applications that use big data. by giving developers a “sandbox,” meaning an Both moves are tied to its recent acquisition of isolated, virtual environment in which they can agile development company Pivotal Labs. download a data set and work with it without Greenplum Chorus is “like a Facebook for interfering with other analysts or corrupting data scientists” with a way to share data sets the original data. Data scientists can use Chorus for collaboration and further analysis, says EMC to comment on, modify, and share the results. president Pat Gelsinger. The Pivotal acquisition isn’t just about EMC EMC’s Greenplum division and Pivotal Labs’ wanting to make money on big data consulting agile methodology experts developed the engagements. It’s also geared to “teaching Chorus big data platform together prior to them to fish,” Gelsinger says, so customers can the acquisition. The all-cash deal for an undis- closed amount was announced last month. The acquisition illustrates how EMC is follow- [ Gelsinger: Teaching them to fish in big data launch big data projects on their own after the Pivotal team leaves. The wider use of big data by many companies fuels EMC’s core storage ing the example of its hard-driving VMware weight Java apps. Now EMC is hoping to pull and storage management business. virtualization software unit by leveraging ac- developers into its big data analytics platform Greenplum Chorus will become part of the cess to developers. by giving them a rapid development environ- Greenplum Unified Analytics Platform In today’s software market, developer in- ment that lets them collaborate. launched earlier this year, and EMC will make volvement is prized, and VMware scored a Pivotal is the creator of Pivotal Tracker, an it open source in the second half. coup when it acquired a leading Java develop- agile project management tool that’s used by —Charles Babcock ( April 2, 2012 9
  10. 10. Previous Next [COVER STORY] Table of Contents When picking security software, don’t obsess about malware detection rates. Instead, ask users what they think and spend your time testing the software’s performance and management. A s a security consultant I am frequently asked, “Which endpoint protection product detects the most mal- ware?” Invariably, the question that follows is “So I should buy that one, right?” Not necessarily. Software vendors will hate to hear this, but the malware-detec- tion capability of most products is good enough. At the consulting firm Savid, our endpoint protection reviews show that they all do fine when it comes to identifying malicious software. Other testing By Michael A. April 2, 2012 10
  11. 11. Previous Next SECURITY SOFTWARE [COVER STORY] Table of Contents also shows only moderate differences among products. For instance, the top 10 vendors blocked between 93.6% and 99.5% of malicious examples provided, according to a November report from AV-Comparatives, a testing company. That’s a relatively small gap in terms of detec- tion capability. The point here is that you shouldn’t focus your end- point protection requests for proposals or technical re- views on detection rates alone, nor is it necessary to spend a lot of time infecting PCs in your lab to watch how the various products fend for themselves. Instead, we believe you’ll have more success with end- point protection by analyzing three key areas: how will- ing employees are to interact with the software for alertsGet Three Reports and messages, how much the software slows PC per-On Endpoint Protection formance, and how manageable the product is in termsSecuring end user devices istricky business. We offer free of changing policies and other vital tasks.reports on three distinct facets:> How To Pick Endpoint Users Matter Most Security Analysis and insight IT pros love to get a bunch of products in a lab and on finding security software that makes sense to your users throw malware at them to see what happens. But we be-> Security: Get Users To Care lieve you’ll get better results if you focus on employees. Real-world advice and Here’s why. practical steps you can take Security software varies greatly in how much interac- to get employees to buy in to your security program tion is required from employees. It might show a simple> IT Pro Ranking: Antivirus/ icon on a Google search page to indicate potentially ma- Anti-Malware: Your IT peers licious sites. It can also be more complex, such as an on- rank nine products based on their experiences with the screen pop-up message that warns of possible dangers software if an executable or program runs. These messages
  12. 12. Previous Next SECURITY SOFTWARE [COVER STORY] Table of Contents require the user to make a decision to allow Ratings For Central Management And Reporting or deny an action. Customers rate central management and reporting functions of the antivirus and anti-malware software from these vendors The degree to which employees understand 1 Poor Excellent 5 (or care) about these interactions will affect the viability of an endpoint product. If users McAfee 4.0 (Mean average) accept this level of interaction given the sen- Kaspersky Lab sitive nature of the company’s work, a product 3.9 with lots of accept-or-deny options can work. Sophos 3.9 But if users feel like security software is block- ing them from doing work, they will demand Symantec 3.9 less-restrictive controls, or even the removal Trend Micro of certain security modules. 3.8 In our consulting engagements, we rou- AVG Technologies 3.7 tinely see network threat protection turned Microsoft off because of all the darn security messages 3.6 that appear when users browse the Web or Avast Software run various apps. We have even seen end- 3.5 point products that have been trained by Malwarebytes 3.2 users to always allow every executable and to Data: InformationWeek 2012 Antivirus and Anti-Malware Vendor Evaluation Survey of 386 business tech pros, December 2011 grant access to every website, which defeats the purpose of the software. Don’t underesti- threats to your users, and, most important of scenarios, such as “Go to site XYZ and down- mate employees’ ability to incapacitate your all, how your end users respond to warnings. load file ABC.” The site you select should cause endpoint security. You can record every user’s interactions using the endpoint product to alert or interact with Thus, our No. 1 rule for endpoint protection software such as CamStudio (which is free). the user in some way. We also recommend success: Test products with your end users. The output plays like a video, which lets you that you conduct tests involving events like Devise user-interaction scenarios for key mal- review and analyze people’s activity once the running a program in a sandbox or when the ware infection points, including Web brows- tests are concluded. This output can also be endpoint software can’t update its definitions. ing and email. See how the product reacts to used in employee training. Track how employees respond in each sce- threats, how the product presents those When designing user tests, create simple nario. If a number of users allow a April 2, 2012 12
  13. 13. Previous Next SECURITY SOFTWARE [COVER STORY] Table of Contents program to run despite a pop-up warning, Ratings For Endpoint Performance then you know they ignored it or the message Customers rate endpoint performance of the antivirus and anti-malware software from these vendors wasn’t informative enough. Once the scenarios are complete, interview 1 Poor Excellent 5 all participants about their decisions. This will Microsoft 4.1 (Mean average) give insights into ways you may have to adjust your endpoint policy to better match em- Avast Software 4.0 ployee expectations. It may also guide what’s Kaspersky Lab needed in the employee training program. 4.0 User tests shouldn’t be the sole determining Malwarebytes factor in your buying decision, but we recom- 3.9 mend you give the results significant weight. Sophos 3.8 Remember Help Desk Support AVG Technologies 3.6 When employees start to pay attention to Trend Micro the security software, you can expect more 3.5 calls to the help desk, either alerting IT to the McAfee presence of potentially malicious software or 3.4 asking for ways to safely get a file or visit a Symantec website. 3.4 This is a good thing—it means the security Data: InformationWeek 2012 Antivirus and Anti-Malware Vendor Evaluation Survey of 386 business tech pros, December April 2, 2012 13
  14. 14. Previous Next SECURITY SOFTWARE [COVER STORY] Table of Contents software is working and that users are paying attention. Ensure that your support staff is prepared. Additional help desk calls may seem like a bother, but they’re preferable to infection. Note that it’s possible to configure endpoint security software in a default-deny setting that doesn’t allow for any user interaction; the software will make all the deci- Laptop Data Survival Story: sions. We don’t recommend this approach. While a default- deny setting will certainly block malicious activity, it may Back from the Abyss also stop harmless actions, such as software updates. That will frustrate users, who will then find ways around the se- An airport. A stolen laptop. A panicked call to IT. And an IT manager who recovers all the data, untouched, in an hour. curity software, which makes them even more vulnerable in the long run. It’s more productive to educate people on This “Nice Save” brought to you by EVault® Endpoint Protection—the all-in-one backup, recovery, and data security solution that controls corporate data across proper behavior than to try to take away their control. your mobile workforce. Nice Saves don’t just happen. With EVault Endpoint Protection: Slow PCs Invite Workarounds In addition to user testing, IT should test how much an • The corporation locks down endpoint data—with encryption, port access control, endpoint security product slows computer performance. device tracing, and remote data deletion. • End users get worry-free backup—with automatic, continuous, transparent And it will have an effect. For example, instead of Internet operation—plus self-service restores. Explorer being able to simply load a page and display it, • IT manages all endpoints centrally—with granular, policy-based controls—for more the endpoint protection gets in the middle of this process oversight with less overhead. to analyze the page before it’s displayed, which adds CPU Create a Few Nice Saves All Your Own cycles. We always test performance because if endpoint Visit the EVault Endpoint Protection home page to watch a live-action “survival protection significantly slows down an employee’s ma- story,” get the product specs, contact a sales rep—or, better yet, sign up for a chine, you’ll get support calls. Even worse, you’ll get peo- 30-Day Free Trial. I I ple trying to turn off or uninstall the software. 1.877.901.DATA (3282) There are wide gaps between products when it comes to performance. We’ve seen threat-protection software decrease network throughput by as much as 48%,
  15. 15. Previous Next SECURITY SOFTWARE [COVER STORY] Table of Contents your users will notice (and hate). Under Attack When setting up your test lab, use your stan- Which types of security breaches or espionage have occurred in your company in the past year? dard laptop and desktop builds, so that the 2011 2010 test machines reflect those of real employees. Malware (i.e., viruses, worms, botnets) Don’t use virtual machines; while they’re easy 78% to spin up and play with, they’ll skew your 86% performance results because of the caching Phishing and hardware they use. 46% In addition, before you test, make sure the 58% product you’re testing matches the operating Operating system vulnerabilities attacked system type. Use the 64-bit version of the 31% client if your machines run a 64-bit OS. We 31% have seen significant performance differences Theft of computers or storage devices when running 32-bit endpoint protection on 30% a 64-bit OS. 33% The two most common performance tests Web or software applications exploited to run are on the network and the file system. 28% 35% We recommend you test network communi- cations using a tool such as Iperf. Iperf runs on Data: InformationWeek Strategic Security Survey of 219 business tech and security pros in March 2011 and 229 in April 2010 experiencing a security breach within the past year Windows and Linux and lets you test perform- ance using small packets, big packets, and dif- use machines that don’t have the endpoint and Linux. IOzone creates files ranging from 5 ferent window sizes. protection software installed. This will provide MB to 512 MB and reads them from disk. Like Set up an Iperf machine (either a server or a baseline performance number. Then install the network testing, do this before and after PC) on your LAN, install Iperf on your test the software and configure its policies as you endpoint protection is installed and compare client machines, and then have each client would for a real user, then retest. You should the results. Note that you can’t use typical disk connect to the Iperf machine. There are many also monitor CPU usage as you test. Tools such speed tools to test endpoint protection be- Iperf tutorials on the Internet if you need help. S as Microsoft’s Process Monitor are useful here. cause the disk speed tools usually bypass the After you execute Iperf, you’ll get back a To test file system performance we recom- file system drivers within the OS and access throughput number. The first time you test, mend IOzone, which also works on Windows the hard drive directly. This means they April 2, 2012 15
  16. 16. Previous Next SECURITY SOFTWARE [COVER STORY] Table of Contents pass the endpoint protection product’s filters. creation capabilities. Deploy a few policies shouldn’t ignore it. And IT also might need to Tools such as HD Tach, HD Tune, or Crystal- and rank the ease of use of the management justify why it would choose a product that has DiskMark won’t work for this type of testing. console. How difficult is it to create file or slightly lower rates of malware detection. To The two methods just described don’t test folder exceptions on target devices? To that end, we believe it’s important that IT un- every area of an endpoint protection’s file sys- whitelist an application? To enable or disable derstand just how malware infects PCs and tem and network scanning, but they do test a security feature? Policies aren’t very exciting, laptops. the on-demand scanning portion, which is but they are a critical component of your se- Most infections are caused via a browser or the most used. curity posture, so you want an interface that email. Endpoint protection software analyzes makes policy creation and adjustment as all the memory for these and other applica- IT Needs To Like The Software, Too painless as possible. tions running on the PC. It looks for known ex- Users aren’t the only ones interacting with Be sure to include the IT help desk team in ploit codes as well as indicators that software the security software. Administrators will your management testing, because team mem- is not following a standard set of programming spend significant time on management tasks, bers will be using the management console. functions. For example, if Internet Explorer al- so the management interface is another area Have the help desk team walk through various ways reads an image and then calls a function worth testing. Load the central management scenarios within the administrative interface of to print it to the screen, it would seem odd if IE software and then execute management the product and then rank their experience. suddenly reads an image, creates a network tasks that you’d actually use in your environ- connection, executes a program, and then dis- ment. For instance, how easy is it to find files Understand How Malware Works plays the image. This behavior is a good indi- that have been quarantined? Can you re- We emphasize that IT should downplay mal- cator of a compromised browser. motely upgrade an agent? ware detection capabilities when evaluating Once the malware executes, it usually kicks Spend some time with the product’s policy- endpoint protection software, but IT also off a number of processes that deal with April 2, 2012 16
  17. 17. Previous Next SECURITY SOFTWARE [COVER STORY] Table of Contents ing and writing files on the hard drive, typically Reasons To Switch in temporary locations or in the Windows di- What would it take to replace your existing client-based antivirus or anti-malware vendor with another? rectory. Endpoint protection software exam- Substantial performance gains ines the file system and analyzes these reads 62% and writes to find matches to known malicious Substantial operational cost savings bytes of data. It also looks for functions that 57% match the behavior of suspicious software. For Substantial capital cost savings example, if a file written to the C:Windows di- 56% rectory contains a set of functions that use FTP Clear technology advantage compared with current vendor to reach an IP address, download a file, and run 56% the file, it may be flagged as suspicious. Bad experience with current vendor While the malware is reading and writing 32% files to the hard drive, it’s also creating vari- Clearly superior vision compared with current vendor 26% ous events and objects within the OS to in- teract with the rest of the system. Malware Data: InformationWeek 2012 Antivirus and Anti-Malware Vendor Evaluation Survey of 209 business tech pros not considering replacing or adding a vendor, December 2011 commonly uses objects such as mutexes (which enable multiple threads to run simul- registry and use the network that the computer endpoint and gateway-based protection, which taneously without interfering with one an- is connected to in order to download additional increases a company’s opportunity to screen other), events, and user interface component malicious components. This means the mal- out malware or detect malicious activity. hooks. Endpoint products analyze the cre- ware needs to access servers and domains Understanding how malware works—and ation and deletion of these objects and across the Internet, which endpoint protection how it can be detected—is important when events and look for commonly used object will analyze. Koobface reaches out to it’s time to choose protection software. But names and object access patterns. For exam-, a domain name that has been don’t let those details distract from what ple, the well-known Koobface malware cre- known to serve malware. These DNS entries makes the biggest difference in endpoint pro- ates a mutex named “44455345g43545”; if an change all the time, which is why you need to tection working properly for your company. If endpoint protection product sees this mutex keep your endpoint protection definitions up the user experience, system performance, and plus a set of files with malicious functions, it’s to date. Endpoint protection analyzes these IT management capabilities work well for a good indication the executable is malicious. DNS lookups and can deny access. It’s also a re- your organization, you will see fewer attempts Malware will also often access the computer’s minder that companies should deploy both by employees to get around security April 2, 2012 17
  18. 18. Previous Next SECURITY SOFTWARE [COVER STORY] Table of Contents ware, and lower rates of infection. Understand characteristics. Instead, find the product that Michael A. Davis is CEO of Savid Technologies, a technology the software’s performance, but stop obsess- actually makes sense to your employees. and security consulting firm based in Chicago. Write to us ing about detection rates and deep technical That’s the key to success. at April 2, 2012 18
  19. 19. Previous Next [LTE AND MOBILITY] LTE Table of Contents How Changes Mobility Long Term Evolution is fast, global, and laden with features IT cares about. It also faces T he mobile broadband industry is including incorporating small cells such as becoming a victim of its own suc- significant obstacles. femtocells and picocells. And it must have the cess as an unprecedented number capability to off-load data onto Wi-Fi, aGet This AndAll Our Reports of bytes flow across the airwaves. By Peter Rysavy process we discuss in more depth in our re-Our full report on LTE is free with Yet efforts to free up additional spectrum are cent report on 3G/4G and Wi-Fi convergence.registration. This report includes going nowhere fast, putting carriers between ers carefully. Among respondents to our latest Second, keep bandwidth limitations in mind14 pages of action-oriented an extremely slow-moving government and InformationWeek Mobile Device Management when considering your organization’s mobil-analysis, packed with 7 charts. enterprise and consumer customers who and Security Survey, Verizon (68%) and AT&T ity initiatives. For example, 68% of respon-What you’ll find: want their apps and data—now. (58%) are the top choices, but neither offers dents to our MDM survey say they use or plan> A rundown of eight important LTE features LTE, by making more efficient use of spec- an unlimited data plan for new customers. to deploy virtual desktop technologies on> Discussion of global LTE and trum and offering impressive features to in- Whichever carrier your organization selects tablets. Fifty-nine percent say they have en- tips for IT teams charged with crease capacity, promises to help operators must have a strategy to blend technology abled or will enable access to cloud services supporting overseas users meet demand. By itself, though, it won’t be such as LTE and eventually LTE-Advanced with via mobile devices. enough, so enterprise IT teams need to shore efforts to obtain more spectrum. It must also All that requires a lot of bandwidth. Download up two areas: First, choose your mobile carri- have a plan to increase its number of cell sites, Fortunately, LTE can help address not April 2, 2012 19
  20. 20. Previous Next [LTE AND MOBILITY] Table of Contents capacity concerns, but also quality of service, Cloud In Your Hands Eventually, it adds up and effectively over- voice over IP, and fragmented radio bands. Is your company enabling access to cloud services or comes fragmentation of the airwaves. AT&T, SaaS via mobile devices? How? First, it’s blazing fast—much faster for example, will use aggregation to boost LTE than any previous wide area wireless technol- Don’t know Yes performance via spectrum it acquired from ogy. Following the “underpromise and 9% 25% Qualcomm. overdeliver” business plan—and anticipating LTE-A allows aggregation of up to 100 MHz slowdowns as their networks become satu- of spectrum. Even with only 20 MHz, however, rated—operators quote more modest rates; No, and LTE-A, combined with 8-by-8 MIMO, can de- we have Verizon, for example, promises an average of no plans 32% liver a blistering 1.2 Gbps of theoretical 5 Mbps to 12 Mbps on the downlink and 2 to do so throughput. We do have to emphasize the Mbps to 5 Mbps on the uplink. But the reality 34% word “theoretical,” since it will be a long time Not yet, is often much better. Signals Research Group but we before you see rates like that in the real world. measured an average downlink speed of 23.6 plan to Still, speeds will keep increasing. Mbps and uplink speed of 15.2 Mbps on Data: InformationWeek 2011 Mobile Device Management and Security Latency (delay) is also lessened, with packet Survey of 323 business technology professionals, August 2011 AT&T’s network in Houston. Metrico Wireless round-trip times measured in tens of millisec- reported an average downlink speed of 13 works, notably higher-order Multiple In - onds instead of hundreds. A sophisticated Mbps on AT&T’s LTE network and 10 Mbps on put/Multiple Output radio systems, which rely QoS architecture can control throughput, Verizon’s LTE network. R on multiple simultaneous transmissions on delay, and reliability on an application-flow In the future, speeds will go even higher. the same frequency. Current networks use 2- basis. And with LTE-A, different applications That’s because current networks use either by-2 MIMO on the downlink (two transmit an- will be able to go through specific net- 5-MHz or 10-MHz radio channels. However, tennas at the base station, two receive anten- works—say, general browsing through Wi-Fi LTE supports 20-MHz radio channels. Opera- nas at the mobile device); 4-by-2 MIMO will but operator VoIP through LTE—adding flex- tors would love to deploy in such a wide ra- further increase throughput. ibility for IT. dio channel because it not only boosts per- Probably the biggest gain, however, will Moreover, LTE handles all traffic in the IP formance, it also doubles capacity for the come through the next major release of LTE, domain, which will eventually lead to much same amount of network infrastructure. The called LTE-Advanced, to be deployed starting better integration among voice, multimedia, problem is, they just don’t have enough next year. LTE-A permits aggregation of radio and data applications. And support for het- spectrum. channels, making it possible for operators to erogeneous networks in LTE with improved Speed-boosting innovations are also in the piece together 10 MHz here, 10 MHz there. support in LTE-A sets the stage for large April 2, 2012 20
  21. 21. Previous Next [LTE AND MOBILITY] Table of Contents pacity gains by integrating conventional will be able to keep up. Absent new spec- Mbps. With video streaming at rates between macrocells with picocells (city-block size) trum, which isn’t materializing nearly fast 200 Kbps and 5 Mbps, depending on resolu- and femtocells (building size). enough (see ”Spectrum Doomsday Looms”), tion and quality, it takes only a few people Carriers get some goodies, too. For exam- the result will be networks running at capac- watching Game Of Thrones on their iPads to ple, they can deploy LTE to operate on a ity. The upshot: congestion that can grind grind things to a standstill. That’s one reason time-division duplex basis and use the tech- productivity to a crawl and costs that remain Verizon just announced that, without new nology for base station-to-core network stubbornly high. spectrum, it will hit LTE capacity limits in some backhaul connections. While these capabili- Then there’s the fact that a handful of users markets by next year. ties mainly matter to carriers, they do help in a coverage area can hog the entire capacity. Modern wireless technologies, especially ensure that LTE will remain the wireless WAN Let’s look at some numbers from my report LTE, are designed to exploit the highest in- technology of this decade, so IT teams can on the mobile broadband explosion. LTE as stantaneous spectral efficiency based on the confidently plan their mobility initiatives currently deployed has a downlink spectral ef- quality of the radio signal. What that means is, around it. ficiency of 1.4 bps/Hz. Typical deployments by users close to the base station—and espe- Still, while LTE will bring improved data AT&T and Verizon use 10-MHz radio channels cially with a line of sight—will get much throughput, be realistic. Use of video on wire- for downlink, meaning the aggregate capacity higher throughput than those at the edge of less networks is growing tremendously, for in a coverage area that might span three city the cell or deep inside a building. Thus, aver- example, and it’s unclear how long operators blocks shared by multiple users is just 14 age speeds may be good, but there’s uneven distribution. So while LTE will deliver excellent What Carriers Did Your IT Department Choose? performance most of the time, IT organiza- Verizon 68% tions must plan for as much as a 10-to-1 dif- AT&T ference between lowest and highest values. 58% Sprint No Moore’s Law Here 27% Because users invariably consume every T-Mobile drop of network capacity, operators have re- 15% sponded with tiered pricing plans that aver- U.S. Cellular age about $10 per gigabyte. AT&T, for exam- 2% ple, has a smartphone plan that provides 3 GB Data: InformationWeek 2011 Mobile Device Management and Security Survey of 188 business technology professionals at companies with standardized mobile platforms and IT-driven device and carrier selection, August 2011 for $30 and then $10 per gigabyte over April 2, 2012 21
  22. 22. Previous Next [LTE AND MOBILITY] Table of Contents amount. Streaming 720p-quality video at 1.5 For IT teams designing mobile apps, make Mbps consumes 0.675 GB per hour. Few peo- sure they work well enough at throughput ple will want to watch video at $6.75 per hour. On the other hand, a video-based training ses- sion or videoconference at 480p using 0.5 Mbps would cost $2.25 per hour. IT and busi- 6 LTE Challenges FOR ALL LTE’S BENEFITS, THESE AREAS MUST BE WATCHED Throughput: LTE is fast but vulnerable to network congestion. Blame the increasing rates lower than those advertised, especially if they require constant connectivity. Excit- ing as it may be to have a Windows 7 desk- top appear on an iPad, that kind of applica- ness managers must decide what’s reason- popularity of mobile broadband. tion is vulnerable to congestion and latency. able for a given operation. More conventional client-server applica- Pricing: At about $10 per gigabyte, high- As for whether prices will go down, histori- throughput activities like videoconferencing tions—say, an Outlook email client commu- cally they have. But with carriers now using can get expensive in a hurry. nicating with an Exchange server—are less price as a tool to depress demand, we don’t Roaming: With different countries using affected by fluctuating throughput. Back- recommend betting your budget on less-ex- various radio bands for LTE, global travelers ground cloud synchronization is also rela- pensive plans. AT&T stated on its January will, at best, fall back to 3G. tively immune. earnings call that in the absence of new spec- Voice: Implemented as VoIP, it’s an all-new What about mobile apps that absolutely trum, the company would have to increase approach for cellular networks. Hiccups may must have fast connectivity? Use enterprise prices and impose data-use restrictions. occur, though. Wi-Fi connections when they’re available. We recommend that IT organizations plan QoS Control: LTE has quality-of-service Public Wi-Fi suffers from congestion just as based on current prices, look into how much options, but it will take time for operators to much as cellular does. Also, look for options figure out their business models. data various applications actually consume, users can select to minimize bandwidth. For and selectively off-load onto Wi-Fi. instance, a videoconferencing application Battery life is another challenge. LTE devices So, should IT teams ramping up mobility ini- might have an easy way to fall back to voice- consume 5% to 20% more juice than previ- tiatives be encouraged or discouraged by the only mode—Skype provides a simple button ous-generation phones, depending on the complexities we’ve discussed? Our stance is to turn off video. It also dynamically adjusts application in use. Multiple factors contribute cautiously optimistic. LTE really does work as video quality to available bandwidth. to this power drain: cutting-edge displays, advertised. The biggest threat is congestion, high data consumption, immature chipset de- but operators realize that poor performance Peter Rysavy is president of wireless consulting company signs, and MIMO. Ensure that any smart- will discourage use—and lower revenue—so Rysavy Research and the executive director of the nonprofit phones and tablets you buy for a specific we expect they’ll do everything they can to Portable Computer and Communications Association. Write business scenario have sufficient battery life. provide reasonable performance. to us at April 2, 2012 22