14-20 February 2012 | computerweekly.com

Does the government need 8,000 IT staff?

Computer Weekly investigates Whether the taxpayer gets value for money from the it departments running Central government page 4

Mobile security a prioritysurge in employees’ mobile deviCe usepushes seCurity up the agenda page 7

the week onlineHighlights from

premium content

Mobile devices set to become company policy

How do touchscreens work? Gadgets for business

Apple wins suspension of Motorola ban on iPad sales

Ofcom proposes BT cuts phone and broadband price

O2 apologises for data security breach

Cisco leaves Olympic legacy in 25 Network Academies

Does the government need 8,000 IT staff?

Cisco unveils product consolidation plan

CIOs warn of massive UK IT skills shortfall

Met Police exposes crime victims’ e-mail addresses

Get the latest it news via rSS feed computerweekly.com/rSSFeeds.htm

12345678910

moSt popular

> Overcoming the insight deficit: Big judgment in an era of big dataLearn how you can empower your employees to make the most of big data and data analytics in this guide from the Corporate Executive Board. Executives around the world are realising that we have entered a new era in decision making. Our abilities to store, access, and analyse vast amounts of information have grown exponentially across the past decade.

> Global Disaster Recovery Index 2012The Acronis Global Disaster Recovery Index 2012, produced in conjunction with the Ponemon Institute, is the industry’s largest backup and disaster recovery benchmark. Businesses can look to this report and understand what it takes to be a leader in disaster recovery. The index explores just how much has changed over the past 12 months.

> Buyer’s Guide: Customer relations management (CRM)Customer engagement is about acquiring a greater understanding of the customer, with which to make more informed decisions. Customer relationship management (CRM) activity captures much of this information. Online surveys help to understand what customers are thinking, while social networking sites have the potential to capture and track customer sentiment in real time.

video

> What CIOs need to know about IT consumerisationIn this video, Adrian Drury, practice leader for IT consumerisation at Ovum, talks to Computer Weekly’s Cliff Saran about device management when staff bring their own devices to work.

opinion bloGS

> Matt Scott: What objects can you use to operate your touchscreen?Following on from “How do touchscreens work”, we’ve started experimenting with different objects to see which of them work best, or at all, with touchscreen smartphones. I mean, who wants to spend their time making a homemade stylus when you could have something just as good right in front of you?

> Erica Driver: Debunking stereotypes in decision-makingErica Driver, strategist at QlikTech, argues that the creative right-brain way of thinking stereotypically associated with women can be an advantage in business: Have you ever been called a right-brain thinker? If so, creativity, innovation and the ability to view situations as a whole may be some of the skills you pride yourself on.

> Warwick Ashford: Infosec managers should learn from security attitudes of today’s youthYoung people treat their online safety far differently to their real world safety and this is likely to filter through to the workplace, says Tim Wilson, lead UK volunteer for the (ISC)2 Safe and Secure Online programme. Wilson, who is also assistant director ICT, NHS East London and City, says it is important for information security mangers to develop an understanding of attitudes.

> Adrian Bridgwater: OpenStack cloud pulls plug on Microsoft Hyper-VDespite Microsoft’s best efforts to “engineer compatibility” between its Hyper-V virtualisation software and the OpenStack open source cloud project since October 2010, it appears that may have run out for the Redmond software giant. Just last week Microsoft issued the statement: “Microsoft is committed to working with the community to resolve current issues with Hyper-V and OpenStack.”

video

> CW500: Marc Dowd talks about key technology trends for the yearIn this video, Marc Dowd, principal of the CIO group at analyst Forrester Research, talks to Computer Weekly editor in chief Bryan Glick about the key technology trends for the year.

> Computer Weekly & FT video debates - managing the cost of ITKate Craig-Wood, managing director at cloud computing company Memset, and Rene Batswood, CIO at coffee shop chain Eat, discuss the changing nature of IT spending.

> Reach out to children to secure tomorrow’s workplaceToday behaviour in the workplace is highly influenced by the proliferation of new, open mobile and social network-ing technologies, and the experts in this area are still in school— but not for long, writes Tim Wilson, lead volunteer (ISC)2 Safe and Secure Online programme and assistant director ICT, NHS East London and City.

> Rising to the information management challengeIn a world of increasingly devolved decision making, few would disagree with the importance of getting the right information to the right people at the right time. Equally, few would disagree that it is hard to make this happen. This was echoed when we asked financial services IT professionals about their IT priorities, challenges and successes.

2 | 14-20 FEBRUARY 2012 Daily news for IT professionals at ComputerWeekly.com

the week in IT

3 | 14-20 February 2012 Daily news for IT professionals at ComputerWeekly.com

cybersecurity

First reports of IPV6 DDoS attacks raise security fearsNetwork service providers are report-ing the first IPV6 distributed denial-of-service (DDoS) attacks, just a few months ahead of the new internet ad-dressing scheme’s official launch day on 6 June 2012. The discovery marks a significant point in the arms race between cyber attackers and defend-ers, according to Arbor Networks’ 7th Annual Worldwide Infrastructure Security Report.

Public sector it

Cabinet Office asks public for open standards definitionThe Cabinet Office is launching a consultation to provide a definition of open standards. The consultation, Open Standards: Open opportunities flexibility and efficiency in govern-ment IT, will be open to the public and focus on standards for software interoperability, data and document formats in government IT.

enterPrise software

Oracle buys SaaS supplier Taleo for £1.2bnOracle has bought human resources software-as-a-service (SaaS) supplier Taleo for $1.9bn (£1.2bn). The move follows rival SAP’s acquisition of SaaS supplier Success Factors for $3.4bn in December 2011. Late last year, Oracle also acquired customer relationship management SaaS com-pany RightNow for $1.5bn.

internet infrastructure

Internet services could drop out during the OlympicsBusinesses planning to use home working policies so staff can avoid transport chaos during the London Olympics are being warned that internet services could drop out during the Games. The warning, in the Cabinet Office’s official advice, Preparing your Business for the Games, said: “It is possible that internet services may be slower during the Games, or in very severe cases there may be drop-outs due to an increased number of people accessing the internet.”

communications infrastructure

Ofcom proposes broadband and phone price cuts by BT OpenreachTelecoms regulator Ofcom has told BT’s wholesale division Openreach to reduce the prices charged to service providers that use BT’s lines, such as TalkTalk. Ofcom wants BT to reduce the cost of a broadband and phone line from £91.50 a year to £87.41, and to reduce the cost of a broadband-only line from £14.70 a year to £11.92.

it jobs & recruitment

Study shows demand for IT staff is increasing in 2012Demand for permanent IT staff in-creased in January, with IT workers the second most in demand profes-sionals. A study into job vacancies in January 2012 by KPMG and the Recruitment and Employment Con-federation revealed IT skills are in short supply. The report suggested there was also a demand for tempo-rary IT workers, but more modestly than permanent.

financial results

Cisco back on acquisition trail after record quarterCisco Systems has reported record revenues of $11.5bn for its second fiscal quarter, ended 28 January 2012, up 11% on the same quarter last year, and profits of $2.6bn, up 27%. Cisco predicted that revenues will grow 5-7% year-on-year in the current quarter.

Pc hardware

UK business PC sales plummet as CIOs cut backThe UK PC market saw its worst decline in five years in the last quarter of 2011, according to data from Gartner. PC shipments in the professional segment declined 13.5% in the period. With IT budgets in decline, CIOs have put off upgrading PCs and migration to Windows 7, said Gartner.

Public sector it

More than half of government projects behind scheduleMore than half of major government projects are behind schedule, ac-cording to the head of Whitehall’s Major Projects Authority (MPA). The agency has identified 206 major government projects, worth a total £480bn in lifetime costs. David Pitchford, executive direc-tor of the MPA, said all the projects under review could be classed as IT projects, with technology acting as a key enabler.

web software

HMRC sees record number of online tax returnsA record 7.65 million people submitted their tax returns online this year, accounting for 81% of the total number of tax returns filed, according to HM Revenue & Customs (HMRC). HMRC received nearly 445,000 online returns on 31 January – the day of the tax return deadline. The rush hour occurred between 4pm and 5pm on 31 January, when 37,460 returns – more than one every six seconds – were received.

CSC’s £2.9bn NHS contract under scrutiny by US fraud investigatorsCSC’s controversial contract with the NHS National Programme for IT is to be examined as part of a US fraud investigation into accounting irregularities at the supplier. CSC made the admission in a quarterly financial statement in which it also revealed it had written off nearly £1bn from its £2.9bn NHS IT contract.

The US Securities and Exchange Commission (SEC) began investigating accounting irregularities in CSC’s Nordic business a year ago, and since unearthed similar problems in Australia and the Americas. CSC said both SEC investigators and its own Audit Committee had discovered accounting irregularities in its troubled NHS contract. The UK government has been trying to renegotiate its contract with the CSC for more than two years after CSC failed to meet its obligations to deliver IT systems for the NHS IT.

“I’m not necessarily a fan of the wall-to-wall, let’s-give-it-all-to-someone-else approach”

Rob Fraser, IT director, Sainsbury’s

cio interview

thin

ks

toc

k

How investing in broadband can boost economies

Source: IntellectNote: The vertical axis is the percentage-point rise in economic growth per 10-percentage-point rise in penetration

news analysis

Central government in-house IT staff numbers 8,000 despite outsourcing

4 | 14-20 february 2012 Daily news for IT professionals at ComputerWeekly.com

Freedom of Information requests reveal the extent of government's IT staff costs for the first time, writes Kathleen Hall

Despite the government out-sourcing most of its IT, re-search by Computer Week-ly reveals Whitehall still

has 8,000 in-house IT staff. With pub-lic sector IT spending under growing scrutiny, does the taxpayer get value for money from the IT departments running central government?

Consider a few facts to put the gov-ernment’s 8,000-strong in-house IT workforce into perspective:l Facebook, which supports 800 million users worldwide, employs just 3,200 people – less than half the number of IT professionals employed by all of Whitehall;l Central government has outsourced approximately 70% of its IT roles, ac-cording to Whitehall sources; l Surprisingly, this is believed to be the first time an IT staffing figure has been calculated for central govern-ment – the Cabinet Office has never measured the number of staff work-ing on client-side IT;l The Ministry of Defence alone has 2,746 staff working on IT;l The IT staff numbers could be even higher as not all 23 departments sent Freedom of Information requests by Computer Weekly included IT pro-fessionals working for associated gov-ernment agencies in their response.

Outsourcing vs in-house skillsThe staffing figures raise a number of questions: why does the govern-ment have such a poor reputation for technology innovation despite hav-ing a large IT workforce; are IT staff-ing resources being used effectively; and will it need to maintain so many client-side IT staff as it moves toward a commodity, cloud-based approach?

Government sources estimate total average employment costs per IT worker – including pensions, bene-fits and workplace accommodation – is around £60,000 per year. This means Whitehall could be spending around £500m on IT staffing costs every year. If this figure is extrapolat-ed across the whole of the public sec-tor, total staffing costs for IT could be as high as £6bn.

Although government has a large IT workforce, it has been heavily crit-icised for lacking the in-house skills

“The Cabinet Office and NHS don’t

seem to know the total number of IT

staff they have”

John Serle, Socitm director

government & public sector

to effectively implement IT.According to a Public Administra-

tion Select Committee (PASC) report last year, Government and IT – a reci-pe for rip-offs, the weakness in the way government exploits IT was highlighted as a key factor for the “obscene” amount of money it has wasted on IT.

The PASC analysis noted govern-ment has outsourced thinking about IT along with the delivery of IT. The report asked how the government could cut costs if it doesn’t know what it is spending in the first place.

But as large system integrators come under increasing attack for their dominance in public sector IT and the scale of project failures, measuring the value of government IT staff could create an opportunity to regain control of how Whitehall uses technology – not to mention im-proving recognition of the value those IT professionals provide. »

Government IT staff by departmentDepartment IT staffBusiness, Innovation and Skills 33Cabinet Office 40Communities and Local Government 21Department of Health 466Department for the Environment and Climate Change 7Deparment for the Environment, Food and Rural Affairs 24Department for International Development 100Department of Education 166Department for Work and Pensions 1742Foreign and Commonwealth Office 150Her Majesty’s Treasury 30Her Majesty’s Revenue and Customs 1086Department for Transport 452Ministry of Defence 2746Ministry of Justice 576The Home Office 260Office of Fair Trading 13Department for Culture, Media and Sports 9Total 7921

Source: Computer Weekly Freedom of Information requests

news analysis

“Government outsources far too much, and in-house development is a far better way of delivering value”

5 | 14-20 february 2012 Daily news for IT professionals at ComputerWeekly.com

Philip Virgo, chair of information alliance group EURIM, said 8,000 IT staff should provide critical mass to enable the government to get good value from developing IT in-house.

“I am a firm believer that govern-ment outsources far too much, and in-house development is a far better way of delivering value,” he said.

“If we were to retrain those indi-viduals in handling open source soft-ware with the latest rapid develop-ment techniques, we should be able to get a really good set of operations going, because we’ve got the numbers there. That’s something we could do in parallel with the transition of sys-tems on to the G-Cloud and cross-fer-tilise expertise to get extra value.”

Virgo’s views are supported by comparison with areas of local gov-ernment. According to Computer Weekly’s research, most Whitehall departments have about 2% of their total workforce employed in IT func-tions. That is a high figure when compared with a large authority, such as Essex County Council, which has around 1.5% of its workforce em-ployed in IT roles but uses an almost entirely in-house IT model.

The government acknowledges that, to adopt the new approaches and technologies set out in the gov-ernment ICT strategy, it must im-prove the capability of its IT staff.

“There is a knowledge deficiency across government which needs to be addressed. This is one of the key drivers behind the ICT Capability Strategy published in October 2011,” said a Cabinet Office spokesman.

Failure to assess valueJohn Serle, director at public sector IT professionals body Socitm, has been conducting research into the number of IT staff in local govern-ment for 20 years. He believes central

»

more online› Public sector IT staff sees largest cut in 25 years

› Central government staff lacks IT skills, finds survey

› Government needs more specialist IT staff, says advisor

Some Whitehall departments are spending up to three times more than others for the use of near-identical software, a Computer Weekly investigation into IT spending across government has revealed.

IT costs on enterprise resource planning (ERP) systems has seen wildly inconsistent figures paid across government, according to Freedom of Information requests sent to 20 departments.

Computer Weekly’s research found:l The Treasury spends £60 per user on ERP licences, the Department for International Development pays £127 per user, but the Department for Communities and Local Government pays just £38 per user;l The Department for Work and Pensions has ERP software licensed for 130,000 users, despite only employing 120,000 people;l Departments are paying huge sums in maintenance and support costs. For example, of the £1.2m annual spend on the Department for Environment, Food and Rural Affairs ERP system, £755,873 goes on support.

ERP systems are used across Whitehall for finance, accounting and HR functions. They use broadly the same features of the software, regardless of department.

Bernard Jenkin, MP and chairman of the Public Administration Select Committee, which has itself examined public sector IT contracts, told Computer Weekly the sizeable discrepancies in ERP spend across government are “inexcusable”.

“It’s seemingly inexcusable to pay top prices for software where they are buying thousands [of licences]. The Cabinet Office ought to be able to block deals so if they want a piece of software they go and buy it at a special government discount rate,” he said.

The Department for Work and Pensions (DWP) paid an initial licence fee of £14.3m for 130,000 licences, despite having total full-time staff of 120,000. The department also pays an additional £2.4m in annual support and maintenance costs.

The DWP’s spending takes into account the fact that both the Department for Education (DoE) and the Cabinet Office also pay yearly support costs to the DWP for using its ERP system. The DoE pays £3.3m, which

includes service and licence costs to Oracle; and the Cabinet Office pays total yearly costs of £1.8m.

However, it would be highly unusual for a private sector firm to purchase ERP licences for every employee of an organisation, instead of just the smaller number of users requiring regular access.

Cabinet Office points to SAP and OracleJenkin said breaking up the dominance of large system integrators in IT tendering would bring greater consis-tency to IT spend across government.

“We are appalled by the size of IT contracts that create these kinds of lock-in,” he said.

“Commodity products need to be centralised so departments get the benefit of buying in scale. And departments themselves need to be intelligent in their procurement and employ people with the right expertise. We cannot outsource our procurement, otherwise government will be taken for a ride. In the case of complex systems and equipment there is no substitute for expertise within a department.”

In a statement to Computer Weekly, The Cabinet Office acknowledged the inconsistencies in pricing, citing Oracle and SAP as the worst culprits.

The government IT strategy aims to increase the number of IT suppliers and reduce the size of contracts to give smaller firms more opportunities to win business.

“We welcome the IT strategy as far as it goes, but we need to move further and faster. In particular that means bringing in more SMEs,” said Jenkin.

“The IT sector is a dynamic and fast-moving sector, with most of the innovation taking place in small companies. Open source software, open data systems and agile procurement will in the end prove inimical to the traditional very large system integrators.”

Despite the Cabinet Office’s commitment to transpar-ency and opening up spending information, only 14 departments have so far responded to Computer Weekly’s request for details of their ERP costs. Three departments are yet to reply and three said they were unable to provide the information on the grounds that it could damage commercial interests.

“Inexcusable” inconsistency on ERP costs

government has systematically failed to measure staff numbers and the value derived from outsourcing roles.

“Speaking to the Cabinet Office and NHS, they don’t seem to know the total number of IT staff they have. In the same way, when giving evi-dence to the select committee, they didn’t know how much was spent on IT, the measurement of IT staff also doesn’t seem to be very important to them,” he said.

Central government has a tendency to work in silos, which has led to the duplication of IT roles, said Serle.

“There are far too many IT people employed in the services side of the business. It has been a people-inten-sive business for a long time and is absolutely crying out for further auto-mation. We have been saying for some time that there are far too many IT staff,” he said.

Many IT chiefs in government are serious about changing the way IT is procured from an outsourced model managed by a handful of system inte-grators, to a plug-and-play commodi-ty approach through mechanisms such as the G-Cloud framework.

Home Office IT director Denise McDonagh recently told Computer Weekly: “I can never see big contracts with system integrators, where they deliver a whole host of services, hap-pening again.” If such an approach were adopted across government, it would fundamentally disrupt tradi-tional IT practices and arguably re-

sult in fewer IT staff managing clun-ky bespoke services.

However, such a move will also ac-celerate the need for new types of skills, meaning the government’s IT workforce could be retrained and re-deployed in new roles.

Calculating the value derived from its IT functions – both in-house and outsourced – is a step the govern-ment must take if it is to cut IT costs.

A pan-government review of IT roles led by the Cabinet Office could benchmark the percentage of IT out-sourced and in-house across depart-ments and lead to cost-cutting through shared services, as well as becoming a starting point to plan for desperately-needed new IT skills.

In such a cash-strapped environ-ment as the public sector, opting to remain ignorant of its own IT roles is not a choice the government can af-ford to make any longer. ■

www.ftconferences.com/cio

news analysis

Surge in workers’ mobile device use pushes security up the 2012 agenda

7 | 14-20 february 2012 Daily news for IT professionals at ComputerWeekly.com

Employees using their own devices are sweeping CIOs along into adopting mobile device policies, writes Karl Flinders

about 30% of UK IT depart-ments are incorporating smartphone and tablet initiatives in their strategies

for 2012 as workers increasingly use the devices for work purposes.

A Computer Weekly and TechTar-get survey of over 2,500 IT profes-sionals worldwide revealed 28.9% plan to introduce initiatives to use smartphones in business, while 30.3% will enable tablet PCs.

The results suggest 2012 promises to be a big year in the maturity of mo-bile technology in business.

The year of BYODDemand from workers to use the same technology at work and at home is driving the take-up of schemes in business to make this possible. “Bring your own device” (BYOD) programmes formalise the use of smartphones and tablets at work and enable businesses to reap the benefits while retaining control.

One of the benefits of schemes to enable staff to use their own devices is reduced costs. In September 2008,

Many employees are not waiting for IT managers to formulate mobile device policy

risk management

more online› UK IT security survey reveals changing priorities in 2012

› iPads lead charge as 2012 proves the year of the business tablet

› Virtualisation, cloud and compliance top priorities for 2012

Citrix introduced a “bring your own computer” scheme and made it ini-tially available to 10% of its total workforce of over 5,000. The scheme, under which the company pays for the device the worker chooses, is now available to all staff and has been taken up by 20% of the compa-

ny’s employees worldwide. Citrix said it compared the cost of a

provided laptop with the cost of run-ning the scheme and found that over a three-year period the saving has been about 20%.

Staff loyalty bonusBut it is not just about cost savings. Giving staff the technology they want can help attract and retain talent.

In its “Future of Work” initiative, IT services supplier Cognizant said this “millennial mindset” will change how people communicate in work and with customers. Businesses must cater for this or risk losing staff to competitors that can offer the tech-nology they want to work.

Even if the perceived benefits are not enough to convince businesses to try out BYOD schemes, they are being forced to manage multiple de-vices as mob rule dictates.

A recent survey of 200 enterprise CIOs, carried out by CIO Connect, re-vealed 67% of CIOs believe IT users are now one of the most powerful drivers of change.

According to research commis-sioned by Cisco and carried out by Redshift Research, 48% of 1,500 IT managers in Europe and North Amer-ica surveyed said their businesses would never authorise employees’ own devices. But it also revealed 57% believed workers used their own devices without permission.

Mobile device managementThe Computer Weekly/TechTarget re-search revealed how IT departments are reacting to this. A total of 21.1% of IT professionals are planning to carry out mobile device management initiatives this year. A total of 26.1% said they are planning mobile secu-rity projects.

Sean Harley, director of technology operations at information services provider Sky IQ, said the company supports staff using their own devic-es because of the cost savings and productivity benefits they bring.

The firm is currently going through a proof of concept for a mobile device management system and is working with a supplier to provide two-factor authentication on iPads.

“If people are bringing devices in and connecting to corporate applica-tions, there is a security risk if the de-vice is lost,” he said. ■

Only 28.4% of IT professionals polled by Computer Weekly at 200 UK organisations plan to implement mobile security initiatives in 2012, writes Warwick Ashford.

While this appears low, the actual figures of adoption throughout enterprises of smart mobile endpoints remain dwarfed by traditional IT deployments.

Most information security professionals are adopting mobile technology in a slow and controlled manner, as the technology is not readily understood by traditional IT support service models, said Mark Brown, chief information security officer at brewer SAB Miller.

“That many enterprises are adopting mobile technology in an uncontrolled manner may actually mean that the 28% figure means this is a battle that has been lost before it starts, as the consumer has

surpassed IT in the provision and does not seek to be weighed down by slow-moving response to the issue.”

Another reason mobile device security implementa-tions are relatively low – despite IT security managers ranking mobile device security as a top pain point – is that security solutions have not caught up with the problem, according to Daniel Kennedy, research director at 451 Research, a division of The 451 Group.

“Providers have put offerings out there allowing the IT manager some managerial control over the mobile devices in his or her environment, but no-one seems to provide something to match the comfort level that same manager had when he or she could roll out a Black-Berry Enterprise Server and BlackBerrys to a few executives. Those days appear in the rear-view mirror.”

CIOs go slow on mobile device security

interview

SAP UK pushes mobility and Hana in-memory databases

8 | 14-20 February 2012 Daily news for IT professionals at ComputerWeekly.com

Steve Walker, the new managing director of SAP UK, speaks to Cliff Saran about how the UK business is growing thanks to in-memory databases and mobile applications

While Oracle is linking hardware to software, SAP is pushing the benefits of Hana, the

in-memory database and mobile data management software it acquired with Sybase in 2010.

SAP is proclaiming its best year in its 40-year history. The news comes just a month after the company announced plans to acquire software-as-a-service (SaaS) provider Success-Factors, which makes human capital management software.

Steve Winter, UK managing director of SAP UK and Ireland, has only been in the role for five months. His mood is upbeat because software sales in the UK and Ireland grew 22% year on year, with SAP UK reporting its sixth consecutive quarter of double-digit growth. “We have been strong in all sectors, including manufacturing, consumer, pharmaceuticals and finan-cial services,” he says.

SAP is regarded as the market leader in off-the-shelf banking soft-

ware, where it is organically replac-ing legacy banking platforms.

Winter says enterprise resource planning (ERP) sales have been con-sistent across large and small busi-nesses. Business ByDesign, the com-pany’s cloud offering for SMEs, has

1,000 new customers and is being sold to large businesses. Those with smaller subsidiaries can combine on-premise and on-demand software.

The Sybase acquisition gave SAP a foothold in the mobility mar-ket, where mobile data access is becoming increasingly important, as businesses take advantage of the power of smartphones to access enterprise systems.

Database independenceHana, the in-memory database, is the powerhouse SAP positions as the way forward for enterprise data management. Given its rivalry with Oracle, SAP needs a viable database engine. Oracle is selling its Exadata platform as a high-end database appliance, which uses a multi-core architecture to perform database queries. It uses a flash memory cache and a smart query engine that pre-calculates which rows of data to fetch from the database, to reduce I/O bandwidth.

Hana is SAP’s answer. In the Forrester paper, SAP shows progress on its cloud, mobile, and in-memory innovation agenda, analysts Paul Hamerman and China Marten note that Hana is SAP’s vehicle to dis-tance itself from Oracle, which hap-pens to be the database platform of choice for SAP customers.

In-memory computing, which does

not require a relational data store, is one more route to database inde-pendence. In addition, SAP has announced that its Business Suite will run on SAP’s Sybase Adaptive Server Enterprise (ASE).

Gartner says in-memory database management systems and in-memory data grid technologies are well-known and largely mature technologies.

In a research note looking at SAP’s strategy, Gartner analysts Massimo Pezzini and Daniel Sholler wrote: “SaaS providers, such as Workday, have demonstrated that an in-mem-ory database of records approach can support large-scale business-critical applications. The validation of this notion by a powerful and influential vendor like SAP will force other vendors to respond by coming out with in-memory com-puting visions within the next 12 to 18 months.” ■

business software

Linking mobiles to SAP ERPOne of the companies benefiting from SAP’s mobile strategy is Barloworld, a firm specialising in materials-handling equipment and the UK dealer for Hyster fork-lift trucks.

Barloworld is using SAP’s Mobile Asset Management application to centralise 26 locations to six. The software links to the company’s SAP ERP, enabling technicians to access inventory via mobile devices.

As a result, the company has raised its level of customer service, increased data accuracy and reduced back-office over-heads.

As a revenue boost, techni-cians can communicate sales opportunities via mobile devices, so a salesperson can follow up immediately, resulting in an unprecedented 60% conversion rate for these leads, SAP said.

A business case for SAPSAP hopes that by designing Hana to simplify IT operations, its applications customers will more easily be able to construct a business case for moving away from Oracle databases, writes Warwick Ashford.

The enterprise software maker has previously said it plans to roll out support for the ERP module of the SAP Business Suite on the Hana in-memory database platform.

Vishal Sikka, SAP executive board member and technology chief, has indicated the move is set for the fourth quarter of 2012.

The software maker is also conducting around 50 proof-of-concept pilots with large corporate customers and claimed that in some cases Hana is 10,000 times faster than Oracle.

At the Sapphire Now customer and partner conference in Madrid in November 2011, SAP made it clear that the firm is betting on Hana to develop into a new and important revenue stream for the company.

Co-chief executive Jim Hagemann Snabe said Hana was ready for a second phase in which SAP will roll it out at volume and help customers cut costs and improve efficiencies by using it to replace traditional business data warehouses.

In the longer term, SAP plans to build more applications for the Hana platform on an industry-by-industry basis, targeting sector-specific problems where rapid data analysis will make the most impact.

Ultimately, SAP plans to integrate in-memory computing into all products, with Snabe saying the Hana architecture of in-memory and column-based data may well become a de-facto standard.

“We have been strong in all sectors”

Steve Winter, SAP

more online› What is SAP High-Performance Analytic Appliance (Hana)?

› SAP reports bumper results

› Looking into SAP Hana? Do your homework first

community

Look to children to secure tomorrow’s workplace

CIOs in vendor deadlock over cloud uptake

9 | 14-20 february 2012 Daily news for IT professionals at ComputerWeekly.com

a broad recognition that in-creasing levels of vulnera-bility begin with the user is fuelling the development of

corporate awareness programmes on information security. To get the most from their investment, organisations should understand how behaviour is changing in the workplace. Today this is highly influenced by mobile and social networking technologies – and the experts are still in school. But not for long.

Behaviour among the young re-veals characteristics of the workforce of the not-too-distant future. The con-duct of kids today suggest how they will behave in the workforce later.

Information security mangers must understand developing attitudes and the measures to correct them where necessary. For instance, youngsters today are uninhibited in giving out personal information – a sign that children treat online security differ-ently to physical security. They have no qualms about circumventing par-ent and school authorisations to ac-cess social networking sites. And they will likely take this mindset to the work environment later. Similar to flouting parental control,

As a lead volunteer with the (ISC)2 Safe and Secure Online programme, an internet security awareness pro-gramme aimed at 10-14 year olds, I

have been tracking these behavioural instincts of students for three years.

My findings indicate that, for ex-ample, youngsters will habitually have difficulty separating the use of social networking for work from pri-vate use. Further, children who easily make callous, ill-judged personal comments about their school mates today online may demonstrate simi-lar poor judgement about the com-ments they make about their employ-ers. It all portrays an evolving risk landscape that information security managers could be doing more to prepare for today.

One way to prepare for the evolv-

“Youngsters find it difficult to separate social networking for work from private use”

BrYan Glick leader Tim Wilson opinion

ing risk landscape is to communicate about what our kids are doing today, in the workplace – perhaps adding a personal touch to information securi-ty awareness training. After all, many employees are parents and family members too. Ensuring their aware-ness of the perils of a careless attitude to online security among youngsters will make them think about their own behaviour and encourage a more conscientious attitude towards what is going on at home.

Such a cognitive approach can be more effective in getting people to lis-ten who may otherwise flout alterna-tive approaches to awareness train-ing. Companies that have adopted this approach conclude that it brings the issues closer to home and is more likely to motivate behavioural change, than generic messages. These programmes equip them to teach children how to stay in control of their image, respect other people’s privacy, report bullying and unhesi-tatingly block contacts who appear dubious. The behaviour asked of the employees is the same.

Further, they complement the en-forcement of the existing industry standards in the workplace to ensure appropriate behaviour by staff such as – ISO 27001: 2005 – A.8.1.2 per-taining to employment and recruit-ment; ISO27001:2005 – A.7.1 & A.10.8 for data protection and ISO27001:2005 - A.5.1.1 for informa-tion security. These standards are im-portant tools to help the security manager address the blurring bound-aries between the personal and work environments. More effort is required to ensure they are understood and ac-tively managed by those tasked with enforcing them.

Young people treat their online safety far differently to their real world safety and there is no reason not to believe that this behaviour will filter through to the workplace. Or-ganisations will require approved and robust information security poli-cies and processes to mitigate these vulnerabilities. But there is a real op-portunity to motivate change in the workplace by helping employees today spearhead change at home. ■

Tim Wilson is lead volunteer (ISC)2 Safe and Secure Online programme and assistant director ICT, NHS east London and City

It is pretty much impossible to put a bunch of IT leaders in a room these days without the conversation coming round to cloud computing at some point –

who’s doing what, what’s your experience, what works, what doesn’t.

Those conversations reflect Computer Weekly research into technology purchasing intentions for this year. Our survey of 2,500 IT decision-makers worldwide confirmed cloud as the number two item on the list of initia-tives to look at this year, but was a high prior-ity for only 30%. When asked which initia-tives are actually being adopted this year, cloud didn’t make the top 10.

So, cloud is of great interest, but few are actually planning to do anything this year. If you talk to a few IT leaders, you quickly find out why. The biggest single hurdle prevent-ing them from adopting cloud is the tradi-tional “big IT” software licensing model.

This column has said before that cloud is now a commercial and risk discussion for IT leaders, not a technology issue. The conven-tional software suppliers have become the biggest obstacle to their customers adopting the technology they have marketed and hyped for the last three years.

It’s been instructive to notice how vendor marketing and the analyst/research firms who rely on vendor funding are changing their tune to say, “Cloud isn’t about cutting costs.” That’s quite a change from the mes-sages being pushed out in previous years.

Of course, this is an opportunity for new entrants in the market – the big players might just disrupt themselves out of existence if they don’t wise up fast – but even the best SMe cloud supplier isn’t going take over a big corporate IT service any time soon.

So we reach an impasse. big IT says go cloud, but big IT won’t change its safe, low-risk, proven licencing models because it can’t – its business models wouldn’t work. IT leaders want cloud, but their big IT suppliers won’t offer the flexible, pay-as-you-go, risk-transferred service those same suppliers told them would be the big benefit of cloud. Something has to break. ■

editor’s blogcomputerweekly.com/editor

Have a look atwww.ScanSnapit.com/cw2

All names, manufacturer names, brand and product designations are subject to special trademark rights and are manufacturer‘s trademarks and/or registered brands of their respective owners. All indications are non-binding. Technical data is subject to change without prior notifi cation. Apple, iPad, iPhone, iPod touch, and iTunes are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.

Mobile documents made easy.

When you are out of the office, work doesn‘t stop. Taking your work on the road is easy with today’s lightweight and powerful laptops, multitasking smartphones and tablet devices… but what about all those files and the paperwork on your desk? With Fujitsu‘s ScanSnap Scanner solutions you can easily scan all your documents and have access to them wherever you are and on any device; Office PC, notebook, and now on your iPad® or iPhone® thanks to the ScanSnap Connect App and in the cloud with Google Docs, SalesForce CRM, SugarSync, Evernote and more. Make your documents as mobile as you are – with just the press of one button!

SS_Blackboard_CompWeekly_31012012.indd 1 18.01.12 14:19

buyer’s guide

11 | 14-20 February 2012 Daily news for IT professionals at ComputerWeekly.com

For years, network topology was defined by the physical connections between net-work devices. If you wanted

two servers to be in the same network domain, they had to be on the same switch. Today, network hardware is being completely transformed into virtual hardware that exists only within the realm of Linux KVM, Mi-crosoft Hyper-V, or VMware. 

Cisco, for example, has released the Nexus 1000v, a virtual Cisco switch that runs within VMware en-vironments, but is managed by tradi-tional Cisco management tools.

Virtual network infrastructure per-forms the same job as its physical counterpart, except that all network traffic remains inside the virtual serv-er environment until it needs to talk to something in the “real” world. Vir-tualised network traffic moves be-tween virtual servers at memory speeds, since there are no physical limitations such as 100Mbps copper networks. And because the infra-structure is virtual, new gear and vir-tual wiring can be created instantly.

Companies such as Cisco, Citrix and F5 offer a number of network-resident products that offload tasks from servers or optimise network traffic. Instead of offloading just one task, these products typically consol-idate a broad array of capabilities that can include connection request han-dling, caching, SSL encryption co-processing, compression, and packet flow control. In addition to decreas-ing application response times, net-work performance virtualisation re-duces the amount of infrastructure required to deliver an application and can support consolidation/cen-tralisation initiatives by saving on server and bandwidth resources.

Network equipment suppliers have had to rethink their architecture to adapt to shifts such as scale-out computing and composite applica-tions that use web services to speak to each other. These trends are driv-ing the need for a network that can scale to very large numbers of ports while adapting to the increase in ap-plication-to-application (also called east-west) traffic that runs counter to

ture where to place data. Like most storage virtualisation today, out-of-band technologies are focused on improving utilisation, migration and management.

Virtual appliances have seen new interest because they provide an effi-cient way to rapidly start up a pre-configured server environment

Virtual servers from suppliers such as Citrix, Microsoft and VMware store their files on virtual disks. In re-ality, these virtual disks are simply large files that contain the image of an entire server. These virtual disks evolved into more sophisticated ap-pliances based on standards such as Open Virtualisation Format (OVF) that are capable of bundling multiple virtual machines along with informa-tion such as their network configura-tion and start-up sequences. 

Software suppliers have noticed that virtual disks allow them to ship their products in a fully configured and tested virtual machine. This is similar to a physical appliance in that you, the customer, don’t have to do anything but start it up. As cloud computing has gained acceptance, virtual appliances have seen new in-terest because they provide an effi-cient way to rapidly start up a pre-configured server environment.

Cloud managementWhile virtual machine (VM) man-agement is necessary for day-to-day server operations, virtualised envi-ronments have expanded the use of

Virtual servers mean network rethinkGalen Schreck looks at the evolution of virtualisation and how it is affecting the IT department's technology choices

policy-based intelligence that can balance workloads or respond to failures. 

Forrester previously labelled these capabilities as “VM automation”, which was focused on optimising a relatively simple virtual server envi-ronment. But as cloud computing has emerged, these same capabilities have expanded to include important cloud capabilities such as managing resources across multiple pools, opti-mising cost and service level agree-ments (SLAs) using public and pri-vate resources, and offering self-service interfaces and virtualised resource models that simplify man-agement and provide multi-tenancy.

Even firms that don’t plan to de-ploy a private cloud should consider making use of basic cloud manage-ment capabilities such as automated workload management.

VM hypervisorsHypervisors are the core technology in server virtualisation, although the concept of virtual machines dates back to the mainframe and later Unix-based systems from HP, IBM and Oracle/Sun. Hypervisors from companies such as Citrix, Microsoft and VMware are critical because they are now bringing the same benefits to commodity x86 servers running Win-dows and Linux. 

As virtualisation specialists such as VMware have reduced the size of the hypervisor, major server suppli-ers are shipping new x86 systems that have a hypervisor already loaded in flash memory. 

Virtualisation managementAs hypervisors mature, more and more emphasis is being placed on the software that controls them. Virtuali-sation management tools govern the basic provisioning, movement and performance of virtual servers, net-works and storage.

The growth in server virtualisa-tion adoption and the increasing number of virtualisation options from the likes of Citrix, Microsoft, Oracle, Red Hat and VMware has created a need for tools that offer heterogeneous management for virtual infrastructure. ■

This article is based on Forrester’s TechRadar for enterprise architecture professionals infrastructure virtualization, Q2 2011 report (May, 2011) by Galen Schreck, vice-president and principal analyst at Forrester.

traditional designs that favour client-to-server communications (or north-south traffic). 

Chassis virtualisation allows firms to build networks that are simpler and more predictable by reducing the number of tiers required to aggregate traffic into a small number of core switches. In addition, management is greatly simplified because switches behave as if they are part of a much larger virtual switch. Being part of a single virtual switch also permits a group of switches to make decisions collectively, rather as independent nodes that lack the complete picture.

Security has been deployed at the network perimeter for many years, but changing business and application re-quirements have made pervasive se-curity a requirement. This shift forced operations to deal with a highly dis-tributed network of security tools that still needed to be inserted into the net-work at the right control points. Net-work security virtualisation is chang-ing that by making security available as a service on your network, so you don’t have to purchase and install an-other box every time you need to fire-wall a new application server or pro-vide secure remote access.

Storage virtualisationStorage virtualisation based on out-of-band technologies such as EMC’s Invista does not sit in the data flow. Rather, the virtualisation intelligence lives in a network-resident controller that instructs the storage infrastruc-

CW Buyer’s guidevirtualisation

part 3 of 3

Virtualised network traffic moves between virtual servers at memory speeds

ab

leS

Toc

k

skills

Combine study and training to push your IT career in the right direction

12 | 14-20 february 2012 Daily news for IT professionals at ComputerWeekly.com

IT support professional Ian Kelly tells Cliff Saran how he used initiative and the Open University to realise his ambitions

Ian Kelly, a 34-year-old IT special-ist, is preparing to take the next step in his career. He originally took an HND in computing as a

mature student at the University of Plymouth and held a variety of posts as a sound engineer at gigs around the country. He says: “I gave that up, did some travelling and reassessed what I wanted to do.”

He came to London and got a job on the Olympics in HR. From there he moved to City Hall before landing a job at Lehman Brothers, just as the investment bank went bust.

In 2009, the UK was in recession and Kelly faced a year off work: “I wasn’t sure what to look for, but had always wanted to work in IT.”

Kelly faced the problem of lack of experience, as most jobs required it: “I was looking for anything to get some experience.”

Kelly finally got an opportunity working for the Thomas Poplington Trust. He started working as a recruit-er for volunteers, but while he was there he also managed the IT at the Trust’s resource centre in Balham, which had six computers.

“Once a month I maintained the computers and began gaining a bit of experience,” he says.

He got a part-time technician job at Joseph Clarke School, working 15

Kelly: “Now I want to sign up to a Cisco Network Professional training course”

IT educaTIon & TraInIng

more online› Read more on Computer Weekly’s IT Works blog

› How to stay on top of IT training and development

› 2012 training courses: BI, data management & data warehousing

Much of the focus on the skills shortage in IT has concentrated on getting people into the sector. It is sometimes easy to forget that the first step on the ladder should be the first of many and developing entry-level IT professionals to become senior decision-makers and leaders in their departments or organisa-tions is vital to retaining talented people in the sector.

business analystThe business analyst is accountable for identifying business needs, capturing requirements and deter-mining solutions to business problems.

Development managerResponsible for ensuring that systems development (programming, coding, systems integrations etc) taking place in, or on behalf of, an organisation is aligned to the strategic goals of the organisation.

enterprise architectWorks with stakeholders, both leadership and subject matter experts, to build a holistic view of the organisa-tion’s strategy, processes, information and information technology assets. They then use this knowledge to ensure the business and IT are in alignment.

Programme/senior project managerOversees and controls delivery of several related projects. At the senior level this could involve managing a portfolio of projects or programmes.

Service level managerA service level manager is responsible for the monitor-ing, reporting and ongoing improvement of a set of services and the associated service level agreements

Source: Kevin Streater, Open University

IT career progression

hours a week to support 150 users.At the end of 2010, he decided he

needed training: “I wanted to do a Cisco Network Associate (CCNA), but the two-week training courses are very expensive, and there is probably a steep learning curve in a two-week course. So I chose the Open Universi-ty’s CCNA course, through the Cisco academy. That lasted seven months.”

Supplementing studyKelly could not take time off for courses, but spent weekends and eve-nings studying. He used online mate-rial, Flash movies and online quizzes to support the training.

The Open University use the quiz-zes in its assignments. Kelly says: “You also get access to a tool called PacketTrainer, which simulates net-

works on a PC, so you can configure and practice setting up a network.”

He took this one step further and bought a Cisco 2950 24-port switch on eBay: “For a couple of hundred quid you can pick up some used kit, log into it and get some hands-on ex-perience, such as putting three rout-ers, one on top of the other and figur-ing out how to wire them up.”

Through the Open University, Kelly gained access to a networks lab at Kingston University with real rout-ers and switches, where teams of stu-dents worked to plug in the routers and configure the test networks.

Passing the CCNA means main-taining an average of 83% in assess-ments. Kelly admits this is high, but the course has equipped him with skills he is now applying at work. For instance, he is using the CCNA skills at Joseph Clarke School to upgrade the network to gigabit Ethernet.

The training has also helped him secure another job: “My brother told me the Media Trust was advertising for an IT post in August 2011, while I was finishing off my CCNA. This was my break to get into an organisation with decent technology like Ex-change Server.”

He is now supporting 90 staff, who are heavy users of IT. And if some-thing does need changing, rather than having to follow step-by-step instruc-tions, he has the knowledge to under-stand how to fix certain issues, such as re-hashing the access list on a Cisco router.

Kelly is keen to expand his train-ing. He says: “I want to sign up to a Cisco Network Professional. It is kind of degree level, which goes beyond the CCNA foundation.” ■

security

13 | 14-20 february 2012 Daily news for IT professionals at ComputerWeekly.com

Internet infrastructure services firm VeriSign has admitted it was the victim of numerous data breaches in 2010, demonstrating

just how vulnerable IT systems are to so-called trusted third parties.

Earlier this month VeriSign con-firmed several security breaches after US reports drew attention to refer-ence to the attacks in a report filed with the Securities and Exchange Commission (SEC) in October 2011.

VeriSign said it had faced several successful attacks against its corpo-rate network, which gained access to information on its computers and servers. VeriSign is a trusted third-party for issuing certificates.

SSL certificates are deployed on servers and web browsers, to enable authentication and provide encryp-tion. The SSL certificate tells the browser user that the server’s certifi-cate can be trusted. Computer sys-tems use authentication based on X.509 trusted certificates, issued by a

authentication certificates. The cryptographic certificate issued for authentication of check-in terminals had expired, preventing the termi-nals from communicating with key systems at the airline.

In a similar incident, online retail-er Target.com’s website was blocked, due to its SSL certificate expiring. In its X.509 Certificate Management re-port, Gartner notes: “Expired X.509 certificates result in a number of sys-tem maladies, ranging from a simple error message on a screen to an abrupt termination of service. This can lead to abandoned e-commerce transactions or the loss of trust in a company’s web presence.”

The report’s authors, Eric Ouellet and Vic Wheatman, note that compa-nies with unplanned certificate expi-ry typically focus on other IT issues first, such as hardware or software crashes, long before they consider an expired X.509 certificate as the source of troubles. This typically re-

How to manage certificate risksAs VeriSign admits to data breaches, Warwick Ashford and Cliff Saran consider the risks of compromised certificates

sults in significant delays in identify-ing and resolving the root cause of a system outage, says Gartner.

Encryption keysEncryption keys are formed of two parts: a private key is used to encrypt data, while the recipient can access the sender’s public key to decrypt the message. Private keys can unlock confidential data, so should be stored securely. But Hudson has seen cases where system administrators have walked out of companies with the private keys, or stored them on an intranet, which could be targeted by external hackers.

In a survey of 471 senior managers by Venafi in 2011, 54% of respond-ents admitted their organisations had experienced either stolen or unac-counted-for encryption keys.

“The private key is widely de-ployed to system administrators who can easily take it out of the organisa-tion. I have also seen people put their

certification authority such as Veri-Sign, to enable secure data transfer.

Over the last 16 years, certificate use has exploded. Certificates are not only used externally. Systems use certificates internally such as with routers and software. To maintain se-curity and trust, the certificates have a limited lifespan, normally a year.

However some experts point out that certificates are often managed in silos, using spreadsheets, which makes any compromise difficult to isolate: “When they expire they need to be renewed. There are hundreds of millions of certificates, all of which are managed manually, using spread-sheets,” says Jeff Hudson, CEO of Ve-nafi, a company specialising in certif-icate management.

Systems grind to a haltFour years ago, a major computer outage at Japanese airline Nippon Airways occurred due to a relatively minor problem related to security »

securityprivate keys on an internal website. This is a bit like installing a really se-cure front door and leaving the key under the doormat,” says Hudson.

Clone certificatesIf a certificate authority (CA) is com-promised, IT managers may find server certificates are no longer valid, or worse, the hacker has cloned their certificates to launch man-in-the-middle attacks on their customers.

“Last year, three separate CAs were compromised. Hackers created and issued phoney certificates, which meant they could intercept the traffic coming to a website,” says Hudson.

In such cases, certificates previous-ly issued by compromised certificate authorities must be revoked. Know-ing the provenance of each cer-tificate is critical to the timely re-issue of cer-tificates to mini-mise downtime. Gartner recom-mends organi-sations be-ware the potential for impact on their op-erations, should they be associated with such an incident.

VeriSign is the main operator for web addresses suf-fixed .com and .net. It did not reveal when the 2010 attacks took place or what data was compromised, but said management had been informed of the breaches months later, in Sep-tember 2011.

“Clearly something went very wrong inside VeriSign if the powers that be were not informed of the breaches,” says Graham Cluley, con-sultant at security firm Sophos.

Disclosure and transparencyThe fact that administrators respond-ed to the attacks but did not inform management until 2011 shows just how important comprehensive disclosure legislation is, says Paul Vlissidis, technical director at NGS Secure.

“As it becomes more normal for or-ganisations to be transparent and honest about data breaches, stigma will be lessened and, crucially, those organisations will be able to take swift, responsive action,” he says.

VeriSign said in the filing it was unaware of any incidents in

which information ex-tracted in the hacks

was used. But the company admits:

“Given the nature of such attacks,

we cannot as-sure that our reme-dial ac-

tions will be sufficient to thwart

future attacks or pre-vent the future loss of

information”.

Domain name system attackA successful attack on the company’s domain name system (DNS), which converts web addresses into IP ad-dresses, could allow cyber criminals to redirect users attempting to visit popular sites and infect surfers with malware and intercept communica-tions, according to Cluley.

But a statement issued by the com-pany this week said: “After a thor-ough analysis of the attacks, VeriSign stated in 2011 – and reaffirms – that we do not believe the operational in-tegrity of the domain name system was compromised.”

In 2005, VeriSign claimed to have implemented real-time validation systems to detect and mitigate inter-nal and external attacks attempting to

compromise the integrity of the DNS.“All DNS zone files were and are

protected by a series of integrity checks, including real-time monitor-ing and validation. VeriSign places the highest priority on security and the reliable operation of the DNS,” the company says.

Flawed authenticationThere’s a yawning gap in the internet authentication industry, because there are no security or quality standards sitting over the 1,500-plus certificate authorities, and this needs to change, says Paul Vlissidis of NGS Secure. That these organisations are breached despite taking extraordi-nary measures to protect themselves means that businesses should recog-nise that these kinds of breaches will continue, adds Hudson.

“These targets are all trusted third-party providers of certificates, servic-es, or secure tokens – technologies that are used to authenticate and cre-ate trusted relationships on the inter-net and in organisations worldwide.”

Organisations should have recov-ery plans in place to replace any cer-tificate or service that has been compro-mised and get it done in hours, not days or weeks, he says.

This can be achieved with multiple third-party provid-ers, so that if one is com-promised, or-ganisations can switch quickly to another.

Certificate managementClearly, it is important for an organi-sation to identify the certificates it uses, if their certification authority is compromised, or simply to ensure that certificates are renewed to pre-vent avoidable and frustrating down-time due to expired certificates.

Director 6 from Venafi, is one the specialised products designed to manage X.509 certificates. The Venafi product discovers certificates on the network, and looks inside key stores to report on encryption strength and expiration date.

Hudson says Director 6 automati-cally renews certificates and installs them. Trustwave CLM is another product offering X.509 certificate dis-covery. Gartner says the prod-uct will renew certifi-cates originally issued by any certificate authority. ■

14 | 14-20 february 2012 Daily news for IT professionals at ComputerWeekly.com

»

more online› VeriSign admits security breach of corporate network

› How trusted SSL certificates and forged SSL certificates work

› Web security certificate breach widens after GlobalSign hack

When a certificates expires, very often the first anyone know of it is when the website or server goes down. Sometimes it proves extremely difficult for the IT department to figure out what is going on.

Businesses frequently do not know how many certificates are in their organisations and where they are. This makes it difficult to manage. A number of organisa-tions specify secure encryption standards, defining the

key length. IT security chiefs often cannot determine the strength of the encryption key - whether they are 1,024 or 2,048 bits long.

SSH keys allow users to log onto Unix and Linux systems by remote access. A number of internal auditing organisations are looking at the risks of SSH.

Source: Jeff Hudson, CeO, Venafi

Why certificate security is a problem

X.509

15 | 14-20 february 2012 Daily news for IT professionals at ComputerWeekly.com

Fast food may be worse for your health than you thinkTakeaways can be worse for your health than you think

As if the saturated fat, salt and additives weren’t enough to worry about, in the US you also have to consider the threat of 50,000 volts before you opt for fast food.

A 37-year-old woman from North Carolina was tasered after cutting into a McDonalds Drive-Thru line and refusing to move after she was denied service.

Just how desperate for a Big Mac do you need to be to think it’s worth taking a sharp burst of electrical cur-rent in your side?

Downtime’s advice is to order takeaways online wherever possible. You’d be surprised at how easy it is

and it significantly reduces the risk of electrocution, unless you spill your coffee on your laptop of course.

Platform as a service: Is Gartner taking the Paas?Last month, just as hard-working IT people were firing up their PCs fol-lowing the Christmas break, Gartner sneaked out a piece of “research” which, across six pages, introduces a dictionary of more acronyms for

platform as a service – or Paas – than Downtime has had hot dinners.

So they have aPaas, as in applica-tion platform as a service, dbPaas, for database platform as a service, iPaas for middleware platform as a service (eh?) and on, and on, and on.

So how about a drive Paas, when you cut through all the traffic; the under Paas that drivers on the Ham-mersmith flyover wished they didn’t have to use and the fabled, mountain-ous Khyber Paas?

Politicians note: the abbreviation NSFW was created for a reasonThree Indian BJP ministers, who were caught watching adult material on a mobile phone during an assem-bly in Karnataka, have resigned.

Krishna Palemar, minister for ports, science and technology, alleg-edly supplied the blue movie to min-ister for cooperation, Laxman Savadi, and minister for women and child development, C C Patil.

The CCTV footage which captured the incident prompted calls from the party for their resignations, which have now been met.

Downtime says it’s one thing to sneakily play Angry Birds under the table at a meeting but fiddling around with other things never ends well.

Princess Diana adds voice to SNP campaign from beyond the graveShe did landmines and child poverty but, in a bizarre paranormal incident, Diana, Princess of Wales, has now

appeared in a Scottish church to add her considerable PR influence to the campaign for Scottish independence.

Chinese tourists took a film inside the church which, when watched later, revealed a ghostly figure resem-bling Diana in one of the windows

SNP leader Alex Salmond is said to have resorted to the Ouija board for help – and now, to the amazement of onlookers, Diana has given Westmin-ster a sign. See for yourself here. ■

Heard something amusing or exasperating on the industry grapevine? e-mail cw-downtime@computerweekly.com

Gaming is bad for your humanityComputer games cheapen life and gamers risk becoming inured to violence and its consequences through repeated exposure to it in the virtual world, say critics.

Downtime is inclined to agree, following the death of a Taiwanese man who was playing World of Warcraft in an internet café, which went unno-ticed for 13 hours.

Chen Jung-yu, had purchased 23 hours of World of Warcraft time, but died of unspecified causes about 10 hours into his gaming session.

Thirteen hours later, a member of staff at the internet cafe went to remind Chen that his time was up, only to discover that Chen himself had expired, according to the Taipei Times.

The staff member said Chen’s face was blackened and he was sitting rigidly in his chair, prompting him to call the police. A crime scene photo shows Chen’s hands were locked as if still on the keyboard.

Only when police began forensic investigations, did the other ten players in the cafe become aware that anything was amiss, but most kept on gaming, reports said.

downtime

Computer Weekly/ComputerWeekly.comMarble Arch Tower, 55 Bryanston Street, London W1H 7AA

General enquiries 020 7868 4282

editorial

Editor in chief: Bryan Glick 020 7868 4256 bglick@techtarget.com

Managing editor (technology): Cliff Saran 020 7868 4283 csaran@techtarget.com

Services editor: Karl Flinders 020 7868 4281 kflinders@techtarget.com

Head of premium content: Bill Goodwin 020 7868 4279 wgoodwin@techtarget.com

Content editor: Faisal Alani 020 7868 4257 falani@techtarget.com

Chief reporter: Warwick Ashford 020 7868 4287 washford@techtarget.com

Senior reporter: Kathleen Hall 020 7868 4258 khall@techtarget.com

Editorial & marketing assistant: Matt Scott 020 7868 4288 mscott@techtarget.com

Production editor: Claire Cormack 020 7868 4264 ccormack@techtarget.com

Senior sub-editor: Jason Foster 020 7868 4263 jfoster@techtarget.com

disPlaY adVertisinG

Sales director: Brent Boswell 07584 311889 bboswell@techtarget.com

Group events manager: Chris Hepple 07826 511161 chepple@techtarget.com

contacts