Cloud & Telecom Security

Last week, Symantec(NASDAQ:SYMC) acquired the security businesses of VeriSign (excluding iDefense). There have been tons of news reports and comments by market observers and analysts.  In general, given that both negative and positive comments are valid, the below chart gave a different perspective to evaluate the acquisition strategy of Symantec.

It’s a 5 year stock price chart of Symantec, with comparison against that of CA(NASDAQ:CA), McAfee(NYSE:MFE), and Nasdaq.

The overall changes in 5 years are:

• Symantec down by: -35.14%
• CA down by: -30.60%
• McAfee up by: +21.87%
• while Nasdaq up by: +9.67% Read more…

下图取自ENISA关于云安全风险的白皮书，示意图阐述了云安全风险评估的两个维度，即影响和可能性。从两个维度出发，ENISA认为较为突出的几个风险点，它们是：

• 合规性
• 治理（监管）缺失
• 司法
• 事件响应
• 数据保护
• 电子取证分析和传票
• 等

大家可能注意到，和ENISA相关的帖子在这里逐渐多了起来。没错，ENISA的确引起了我的关注，如同CSA一样。ENISA与CSA目前合作非常紧密，有几个项目是双方一起发起并领导，当然也存在良性竞争关系。也推荐大家多关注一下ENISA及其业界活动。

This morning, you might have noticed that the blog title was changed to “Cloud & Telecom Security”. Yes, it’s true.

From one or two years ago, my interests and focus have changed to around cloud computing and telecom or ICT security, while P2P was touched very occasionally.  I believe the new title can reflect the new focus better and hope you like it.

2009年12月17日，云计算安全联盟发布了新版的《云安全指南》v2.1[1]，代表着云计算和安全业界对于云计算及其安全保护的认识的一次重要升级。

云安全联盟CSA是在2009年RSA大会上宣布成立的。自成立后，CSA迅速获得了业界的广泛认可。现在，CSA和ISACA、OWASP等业界组织建立了合作关系，很多国际知名公司成为其企业成员，绿盟科技也在上个月成为企业会员（似乎应该是亚太地区的第一个企业会员，使用Twitter的朋友请关注@nsfocus_update）。其发布的云安全指南及其开发成为云计算领域令人瞩目的安全活动。下面简要回顾一下云计算、云计算面临的安全威胁、新版云安全指南及其使用。 Read more…

By this acquisition, HP enters enterprise networking market with strong threat management product line from Tippingpoint.

The vulnerability and threats research of DVLabs will greatly improve HP’s capability and image at these areas, so that HP’s competition against IBM will become more effective.  X-Force of ISS is one of the critical advantages of IBM over HP, at overall one-stop IT arena.

Historically, after the acquisition of an independent security company, their selling model and focus will change to more aligned with major businesses.  As for HP’s scenario, their security product lines, including the IPS/UTM, focuses on their global enterprise customers and outsourcing partners.  The security department, mostly, will lose some momentum to find and obtain new customers, instead, they will be more interested at existing customers, bundled within other bigger IT/service orders. Read more…

Gartner, the leading marketing analysis and strategy firm, released its newly-brew TOP 10 technology list today. They are:

• 1 Cloud computing. Cloud has been the top buzz-term in the past months. Gartner raised it from No.2 at 2009 to TOP1 at 2010.  With no doubt, this statement will be quoted by tons of articles and vendor solutions in the following seasons.
• 2 Advanced analytic.  I would rather explain it as data correlation and data mining tech. This seems to be similar to “business intelligence” (No.9 at 2009).
• 3 Client computing. Mostly client computing is critical for the security impact to the whole Internet.
• 4 Greet IT. It was No.1 at 2008, and No.10 at 2009. Anyway, it’s a concept, containing a lot of technologies, customs, culture, etc.
• 5 Reshaping the data center, with new designs and approaches that include building out incrementally in pod-based approaches, adding only power, chillers and generators to support initial needs.
• 6 Social computing. It has been deeply involved into daily life. Facebook, Twitter, LinkedIn, etc.
• 7 Security activity mornitoring.  A variety of complimentary (and sometimes overlapping) monitoring and analysis tools help enterprises better detect and investigate suspicious activity – often with real-time alerting or transaction intervention. Personally,  I think this is similar to the No.2.
• 8 Flash memory. It’s a new face to TOP 10.
• 9 Virtualization for availability. While virtualization has been melted into cloud computing and other diverse areas, Gartner leaves “availability”.
• 10 Mobile applications. No comments at this moment. There have been a lot of developers and app stores you can find at the web. It reflects the hotness. Read more…

This morning Twitter seems to be in trouble of performance issue.  Actually, this is not first time to get the below screen:

Read more…

几个月前，读到尼古拉斯·卡尔的《IT不再重要-互联网大转换的制高点-云计算》（中信出版社 2008.10）,其中提到了未来数据中心的场景 – 一栋灰色的大仓库，厚重的铁门，冷峻的门卫等等。IBM在美国的支柱数据中心设在科罗拉多州州的Boulder(巨石城)，我猜那里的电和成本都比纽约和罗利Raleigh要低一些。后面也看到新闻讲Google和微软都在美国西部某条大河的水电站附近建立了新的大规模数据中心以支撑云计算战略。电费等基础设施开销成为互联网云计算的很大一块成本，在绿色IT的大旗下，Hi-Tech的云计算服务器群正在进行一场轰轰烈烈的上山下乡运动。

请看下面一则新闻。IBM的新数据中心建到了东营…. Read more…

After Google released its new Sidewiki service yesterday, it’s very interesting to imagine what would be Google’s next step.  You know, it’s not a new service to let users share comments for specific web pages. Digg, Slashdot, Reddit, delicious, and other peers have been providing this for a few years.  From the release note, the key point of Sidewiki is “direct”, ie. users don’t need to submit to somewhere else to share their comments. Sidewiki allows users share comments “directly”. Doesn’t “directly” mean shortcut to other page sharing providers? Read more…

Sept.23, 2009  今天上午Google宣布推出迷你快速评论服务 – SideWiki，该服务允许每个读者可以随时评论所正在浏览的网站。这种快速迷你评论系统将会很大地影响在线书签、Digg、Slashdot、Delicious、Reddit等共享服务，而强化Google ID账号的核心作用，进一步地将用户留在Google的服务上。

SideWiki通过Google工具条实现，在网页的侧栏允许用户评论并浏览其他人的评论，与其共享书签、阅读器、邮件系统、Google Docs等的集成和数据共享相信很快也显现出来。 Read more…

It’s reported that the U.S. Department of Homeland Security was looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid. It’s an inspiring finding from unique viewpoint. A slight bite by injection into the grid might lead to an overwhelming avalanche. Isn’t it horrible?

However, what I am thinking is that Internet cloud services have many similarity to those of power grid, ie. these threats and potential attacks are very possibly valid to Internet clouds.  What and how Internet clouds respond/react to these potential similar attacks to those against power grid? Yes, those dominant cloud service providers have very robust and strong infrastructure all over the world, how large the bandwidth, how many the servers, how many square feet the data centers, blah blah. Further, there are automatic load balancing and distribution system among those distributed data centers.  Once one set of servers and/or circuits, the services would be transfered to other servers and circuits automatically. Your services WILL be there, keeping the same, or NOT? Read more…

转帖一篇程苓峰先生的文章，很欣赏作者辐射出的热情和感染力，PC的普及、互联网的普及、云服务的萌芽和迅速成长的确给了很多个人、公司、组织、地区等很多机遇。 Read more…

Nowadays, many companies spent a lot of resources to build and improve their branding impage at Internet. The Internet has transfered the control from trational media and PR company to bloggers and users. Jeff Jarvis told an interesting story at his book “What Would Google Do?” which introduced how Dell succeded in recovering its customer satisfaction and image through new strategy tuned for Internet – from overlooking Internet voices to listening to bloggers, fully leveraging Internet and transfering complainers into advocates.

Inspired by Jeff’s book, I start to do some simple research on this topic of Internet branding and complainers, i.e. “sucks” speakers, trying to find something interesting. Don’t you want to know how many customers were saying your company sucks? Read more…

Information is the new currency of business – a critical corporate asset whose value rises and falls at different times, and in different ways, depending on when, how, where and by whom it is placed into circulation as a medium of exchange.
Therein lie the risks. And the opportunities.

“Safeguarding the new currency of business”, Findings from the 2008 Global State of Information Security Study®, PWC