IT Conferences 2015

Datacenter disruption from a different angle

Post date: Nov 27, 2015 3:09:15 PM

Yesterday Safepark attended Computerworld's How To "Server/storage/visualization" at Wihlborg's Conference Center in Ballerup on the outskirts of Copenhagen towards the Northwest. This day could best be characterized, at Datacenter Disruption from a different angle. The opening talk was given by storage architect lead Beat Balbier from Oracle in Switzerland. The message of his talk was, that Oracle hardware engineers and software engineers works side by side to co-engineer the create increase performance in the solutions Oracle offers its customers. He mentioned, that increased the capacity and performance of their storage system more than 50X by using Hyper Columnar Compression (HCC). He also said, that usually the cost of storage is one third OPEX and two third CAPEX. At the end of the talk he mentioned Oracle's (Almost) Zero Data Loss Recovery Appliance. To us it appears, as if Oracle continues to benefit from the acquisition of Sun Microsystems some yeas ago.

The second talk by engineer Martin Plesner-Jacobsen from Veeam changed the focus from storage to the business benefits of it, by focusing on availability. Their technology which are based on the hypervisor under the virtual server allows them to take a snapshot backup of a server, and then start that server from the snapshot, and hence proving, that the backup can be used in a recovery situation. Currently their solutions support WMware and Hyper-V, but they have announced support also for linux. Veeam already provide a free backup solution for your Windows desktops and laptops, which you can read more about and download here.

The third talk of the morning was Tom Christensen from Hitachi. His main message was that Hitachi has been working on flash for some years, and they will have storage class flash available before the end of the decade. However, he also talked about their Unified Compute Platform (UCP), which is available in four different sizes from UCP 1000 to UCP 6000. However, the pictures of these different UCP's under the text UCP X000 were identical except for some scaling. I wonder if the size of the box is the only difference between the UCP offerings from Hitachi?

Following a coffee and networking break manager Kim Sneftrup from Proact started with the old story of IT and the business. His talked focused on standardization and automation of the IT processes by creating a portal towards the business from which the IT services could be brokered. This talk left me wondering: Who decides when a new application is needed by the business? What about automating the business processes rather than just IT processes? There are both open source tools, such as Bonita BPM from Bonitasoft, and commercial offerings, such as Blueworks Live from IBM. You may also want to take a look at the draft redbook "Process Discovery Best Practices Using IBM Blueworks Live", which is available here.

The morning session were rounded off by two flash storage appliance providers: Tintri and Nimble Storage. The message from engineer Ultich Slothuus from Tintri was clear and simple "newer again manage storage". Their largest installation worldwide is currently 1.8 PB at Autodesk. The system involve 8 datacentres and 25.000 virtual servers, and this storage solution requirer 1 hour per week of maintenance work. Just too bad their solution don't scale down to my current home use needs of just 4-5 TB storage. Engineer Steve D'Amore from Nimble Storage had taken along a very satisfied customer to his presentation. The customer was Forca, which is a small Danish company administering pension payments. Their message was you just plug-in the Nimble Storage box and it just works. Forca was rather dissatisfied with their former supplier of storage. The message from Nimble Storage was that their solution reduce data center rack space by 90% with equivalent savings on cooling and electricity. Their smallest unit, the CS201, is almost fit for home usage.

After a networking lunch the afternoon kicked-off with engineer Jens Melhede from Violin Memory explaining why you should choose them as flash storage provider. Their solutions scales from 5 TB to 70 TB per 3U box with a 99.999% uptime for a 2 PB stack. Management interface to the system is created in HTML5. Violin Memory is partly owned by Toshiba, who has the rights to many patents in area of flash storage. The only flash storage vendor not represented at the conference appears to be Pure Storage.

The idea behind Nutanix is simple: Bring the performance and simplicity of management that drives the huge data-centers of Google, Facebook and others - so-called web-scale engineering - to smaller companies as turnkey systems. Nutanix runs on either WMware, Hyper-V or Acropolis (a KVM fork). The idea is to eliminate service windows, i.e. reduce downtime to the level of Google Apps and Facebook. I you are building a new data center or consolidating old ones, the you should at least have a look at Nutanix. The Nutanix extreme compute platforms are essentially a data center in a box - so there are 3 data centers on the left. On the outside the 3 data centers may look the same, but the inside could be quite different.

Dell also sent an architect to talk about flash, and the fact, that based on capacity shiped Dell is a very large storage vendor indeed. At the end of talk there were questions about the impact of the recently announced merger of Dell and Emc. The merger is expected to be complete sometime in 2016.

The final presentation of the conference was from RanTek, a Danish company located in Randers in middle part of Jutland. RanTek is a 15 year old company with a focus on IT optimization and performance. They have partnered with Riverbed to provide Danish customers access to that company's branch office solutions using the Steelfusion Zero Branch IT solution. One of their customers Grundfos rounded off the day by outlining their journey from 92 data centers to just three in Denmark (Bjerringbro), Singapore and USA. The hardware consolidation is processing well and will be completed by mid next year a head of schedule. Application consolidation have turned out to be much more demanding, and they haven't started looking at the production platform IT. People attempting to do something similar should be aware of the emotional moment when IT is removed from a location, and the personnel issues with such a global project - especially the efforts going into employee motivation - cost cutting is not very motivating. Grundfos IT in numbers: 5.5 PB structured data, 0.6 PB unstructured data, 6500 managed mobile phones, 15000 PCs, 18500 network ports, 2750 servers - +95% virtualized and 600+ employees.

All in all a good conference with some interesting appliance vendors, and a spectacular user story to round things off and touching on some of the human sides of a disrupting consolidation project.

Datacenter Disruption

Post date: Nov 12, 2015 8:58:09 PM

Today Safepark attended IDC's Datacenter Disruption Conference at Hotel D'Angleterre in the center of Copenhagen. The venue was the atrium garden of the newly renovated old and elegant hotel close to Nyhavn. It was a good day with really many excellent presentations.

But what does the conference title really mean? Some years ago we attended another conference at which a Dane working with strategy development for HP presented his view of the datacenter in 2020 or maybe more to the point the ability of the CIO five years from today. His senario, whas that of a CIO working for a car company and during the night a news broke about problems with a competitors offering related to car performance. As soon as the CIO received the news he commission extensive simulation resource from cloud to perform simulations related to the problem and also started social media searches related to the news story. All this happened form the CIO phone at home while having breakfast. I think today conference although using the word "disruption" in the title was a bit more down to earth. Most people don't really look for disruptions in their tife or work.

After the welcome by the conference organizer Trine Børve and the almost standard presentation of IDC's concept of the so-called 3rd IT platform, which involve mobility, cloud, big data analytics and social business,she gave the word to the first speaker: Carla Arend. Carla Arend is a German, who works out of the IDC Copenhagen office and speaks excellent and fast English. She also speaks Danish. The title of her presentation was "Key IT decisions to take NOW to enable Digital Transformation". She introduced six technologies: Robotics, Natural Interfaces, 3D Printing, Internet of Things, Cognitive Systems and Next Gen Security, which she labelled as innovation accelerators. She continued to outline 5 areas of digital transformation or disruption in the coming years: leadership, omni experience, information, operating model and work source. In order to move to a situation, where IT and business are not separate, business need new skills in data analytics, and according to IDC's data only 2/3 of current businesses will make the transformation. Carla also mentioned that the year old conflict between IT and the business had to be put to rest once and for all.

Displayed next to the speakers podium was a new IDC banner with the text "IDC Analyze the Future", and I could not help wondering what predictive technology IDC was using to get the necessary data about the future to perform this task.

The 2nd speaker was Hans Zai, who is currently cloud advisor at IBM. He started by stating, that all companies were using the cloud, even if they had no formal cloud programs. IBM have found almost 1000 hidden cloud services in European companies. Examples of companies mentioned by Hans Zai were Airbus, who had reduced aircraft turnaround time for airplanes to just 25 minutes by a focus on providing people with access to information on mobile devices. Another, was Delhaize - a US retailer, who used weather data to predict buying patterns. Also mentioned was Citi Bank, which had engaged mobile developer communities to develop more than 700 apps. The Nordic bank Nordea have done something similar using a hackaton at the approach to mobile development.

The 3rd speaker was Ulrich Slothuus from Tintri, a company which I had not heard about before today. They provide hyporvisor aware storage appliances in both pure flash and hybrid versions. Too large for the needs here at Safepark.

After the first three presentations there were workshops. Workshops are IDC's word for parallel sessions. We attended an excellent session by Victor Engelbrecht Dohlmann from Veeam. He focused on the question of why we make backups and how long a restore should take in order to maximize business availablity and minimize business interruption. However, the message was somewhat spoiled by using too many slides with statistical information from which passed by almost quicker than you could read the slide title. That made the audience confused about the purpose of the talk, which clearly was not just to talk about the company's product, but in my view rather to have the audience reflect on the purpose of making a backup and how that could most effectively be done. Veeam use a technology based on images, which allow them to demonstrate to auditors and others to that a backup image can indeed restore the busines in less than 5 minutes. I believe, that Veeam's technology is similar to what is provided by the default file system in the newest version of openSUSE called Leap 42.1 released last week. During the talk Victor Dohlmann also mentioned, that Veeam would soon support Linux systems. However, no time frame or distros were mentioned.

After lunch we heard three user cases. The first were by Karsten Rosgaard, who is risk & compliance officer at Coop. He mentioned among other things, that IT at Coop Bank is completely separate from Coop Danmark, due to the different regulatory environment for banks. He also hinted, that the bank, was not a huge success, properly because of its limited service offerings. The second was by Martin Wiesener, who is director of IT core services at Falck. Falck has ground tremendously of the past 10 years both w.r.t. revenue and number of employees. Among other things Martin mentioned, that is the third largest provider of ambulance service in USA. The third was by Esben Vsikum, who is VP CIT Technology & Security at the LEGO Group. He outlines their enterprise systems, and their idea of an engagement systems. The LEGO Group expect to double the number of children they are in contact with by 2022, and again by 2032. The focus is on expanding LEGO global presence and leverage digitalization.

Towards the end of the day there were also room for a legal view point from Peter Lind Nielsen, who is a lawyer with Bird & Bird. He clearly stated, that cloud services is just another form of outsourcing, and the same rules apply.

All in all Datacenter Disruption 2015 provided excellent user case stories from 3 very different Danish companies, and I am sure I will remember the day for them. Although we were also inspired by IDC, IBM and Veeam.

Soft Information Security Conference

Post date: Sep 12, 2015 2:01:44 PM

On Thursday September 10th Safepark attended SISCON's Information Security Conference, which they marketed as the largest "soft" information safety conference in Denmark with more than 100 participants. "Soft" in this connection does not necessarily mean easy. Soft has do with the all the issue you have to deal with in information safety, which has nothing to do with buying software or hardware, such as convincing the board that information safety is important and something they need to be involved in or understanding EU's new data protection regulation likely to be a really in 2018. The conference venue was Bella Center on Amager, which is now also know as the Comwell Conference Center Copenhagen.

SISCON is a small IT company located in Allerød a bit North of Copenhagen. They have single product CONTROL MANAGER, which is an information security management system. This ISMS is developed with an eye to ISO 27001, but also other relevant advisories about information security. It will hell you keep track of your IT assets - hardware and software - and all the task necessary to keep your compliance up to date with respect to both internal and external reporting. SISCON has 10 employees: 6 taking care of marketing and consultation from Allerød, and 4 taking care of development in Ukraine.

The opening keynote was titled "Information security on the board agenda", and was given by Peter Nordgaard, who is CFO at Berlingske and also a board member there. He started by stating, that the board is foremost concerned with business development and there customers. The he adressed the questions: What is our responsibility? Towards whom are we responsible? and What are our tasks? The answer to the second question was: customers, employees and suppliers.He strongly recommended washing the video "Pirate Bay AFK" on YouTube. AFK stands for "Away From Keyboard". The Pirate Bay was at the start of the century the worlds largest file sharing site. Informations security involve data collection, data handling and data archiving. The question the board has to adress are: What data are we collecting? Why are we collecting these data? How are we handling these data? How are we archiving the data and for how long? The rules of the business must be define, and that is definitely a board responsibility.

Michael Hopp, who is a lawyer with the Plesner Group, started by stating the purpose of the personal data regulation within EU was to replicate the success of the competition regulation. That is why they propose very high fines for violations, e.g. 5% of company revenue. A good place to start he told us would be ISO 29100. Key words would be privacy by design and privacy by default. According to the current drafts - there are three - larger corporations have to create the position of data protection officer. Mr. Hopp, mentioned that LEGO recently hired one of his employees for that position. So companies are already preparing from the arrival of the new regulation. Certain companies are excempt if they don't handle personal data and have less than 250 employees - again according to the draft regulation. At the end of Michael Hoop's presentation a representative from Bane Danmark asked why EU are so focused on cash help for lawyers, and not benefits to society.

From the customer presentations at this and one other meeting Safepark have attended about Control Manager it is rather difficult to get an understanding of the structure of Control Manager. One benefit appear to documentation in connection with internal and external audits and reporting to directors. This conference had short customer presentations from EUC Nord, an educational institution in North Jutland, Willis, an insurance broker. EUC Nord noted, that Control Manager was not God's gift to the people. There is a steep learning curve with Control Manager.

Torben Jørgensen, who is VP of Information Security at Vestas, gave us some thoughts about perception. How do my boss perceive me? How would you perceive me if I showed up in shorts and t-shirt? How can I change that perception? Align with management. During the past years Vestas had to make some har decisions, like treating a heart stoppage before a broken leg.

One issue that came up during the final presentation from SISCON was the talk about IT and the business. This is an issue, which we at Safepark have great difficulty with. IT is as much a part of the business as accounting or marketing. But why do IT people always talk about IT and the business?

Visualize your world

- if you know what it consist of!

Post date: Jun 25, 2015 9:31:54 AM

Yesterday Safepark attended the 2015 Visualize Your World event by Qlik Denmark at the IDA Conference Center in central Copenhagen on the Kalvebod Brygge waterfront.The event kicked off with a very informative customer presentation by the Danish e-bookshop SAXO.com, who has used Qlik since 2010, and now have live displays on how their business is doing around their Copenhagen office. We asked about the distribution of traffic across the day, and was informed that the pick time is around lunch hour and in the evening af dinner time - usually 5-7 PM in Denmark. So the 24 hour availability don't appear to be extremely important for an e-business directed towards a mostly local market. On the weekly view the low point is Saturday, and there appear to be more traffic on cloudy days than on sunny ones.Qlik is one of the leading providers of business intelligence (BI) software in the world, and was founded in Lund, Sweden in 1993, but has since moved to Radmor in Pennsylvania, USA. Today the company have 2000 employees and more than 35000 customers distributed over 100 countries. Our first knowledge about Qlik View came from a presentation by Computerworld at one of their How To-events in the Copenhagen area. Computerworld started using Qlik View in their budgetting process in the 1990's and the IT-department got involved years later as the use expaned.

The big surprise was that the morning keynote was streamed from somewhere-else. This keynote was by Qlik's CMO Rick Jackson, who in our view preached to the converted, and recommended to those, who still had to see the light, that they talk to Qlik customers. We wonder if this means that Qlik don't have in-house visualization evangelists? The news from Qlik was the release of Qlik Sense 2.0 later in the day. Among the new features in this version are the use of external data providers integrated with you own data. Examples shown in the live demo was currency exchange rates and weather data. The license for access to external data sources appeared to be 8 USD per seat per year per data source. Even though CMO Rick Jackson advocated that decision makers in a company should have access to Qlik View and/or Qlik Sense, we think that both products are quite complex and require skilled knowledge workers to use them properly, and avoid the "garbage in --> garbage out" problem. This viewpoint was confirmed during lunch discussions with other participants.

Present at the event was eight partners: Climber, Innofactor, Inspari, Itelligence, NNIT, QIS and Scubed. Some of these focus on Qlik, while others has Qlik as an added product to their main focus. During the breaks we noticed that at the Inspari stand there were continuously crowded, and we wonder whether that was because of their visualization kit or their contest? Nonetheless Inspari is the company which has learned us to look at the purpose of each pixel on a chart or dashboard. We guess that more than 90% of charts and dashboards, have pixels, which can be removed without any loss of information content. We also learned a new word "pharmacovigilance", apparently this is the name of the science behind drug safety.

The half day event ended with another streamed presentation titled "The Gray Area: Humans, Machines & Decision Points" by Qlik's Bussiness Analytics Strategist James Richardson, who appear to sit relaxed at a lake somewhere talking to us. The main points of his presentation was, that you have to deal with impermanence and uncertainty in your data and the environment, and that the purpose of the visualization efforts was to create debate among humans.Qlik's Visualize Your World 2015 was not a bad event to attend on a grey Wednesday morning in Copenhagen and get updated on one of the world leading BI tools. You can download the personal edition of QlikView or the desktop version of Qlik Sense from Qlik's homepage here. One limitation is that you do require a Windows based computer, but as far as I recall a license is needed, when what your creations are no longer "for your eyes only". Excellent for consultants, who want to gain experience with Qlik's products before promoting them to their customers.

If you are looking for an open source business intelligence tools, then you may want to read Paul Rubens "5 Open Source Business Intelligence Tools" from December of last year. Paul Rubens mentions Jaspersoft Community Edition, Pentaho Community Edition, BIRT, RapidMiner and SpagoBI. The later appear quite popular in the Paris area.The title of this announcement is an indication, that you can acquire excellent visualzation tools such as Qlik View, Qlik Sense or one of the open source BI tools mentioned. They will all help you with the visualization part. However, the hard work is finding out what to visualize and why. When you have done that, then you know what your world consist of, and the rest is a piece of cake.

Update on ERP

and new trends in training simulators in just one day!

Post date: Jun 19, 2015 12:30:47 PM

Wednesday Satepark used to get updated on trends in ERP - not Electronic Road Pricing, but Enterprise Resource Planning - and tendencies within training simulators. The update on ERP was a half day seminar hosted by Computerworld at the Pfizer Conference Center in Ballerup - a suburb of Copenhagen. The seminar opened with a keynote by Herbert Nathan from Herbert Nathan & Co on current trends in ERP. In Denmark Microsoft for historic reasons is the absolute dominating vendor of ERP systems with offerings from Dynamics C5 over Dynamics NAV to Dynamics AX. Like other vendors, such as Sugar, Microsoft offers a free trial of Dynamics C5. Microsoft Dynamics NAV is the current version of Navision, which Microsoft bought from the Danish company Damgaard Data some years ago. This historic link explains the dominance of Microsoft on the Danish ERP market, since many customers kept using Navision after the acquisition by Microsoft. One of the key features of the ERP market - especially in the past - is that switching from one vendor to another is not plug and play, especially because many ERP systems over the years become heavily customized. However, Herbert Nathan pointed out, that customers are increasingly demanding standardized, but flexible ERP systems. According to Herbert Nathan the annual license cost per user is around 20.000 DKK. This should be compared to the per user cost of a system like SUGAR CRM, which range from 3200 DDK for the professional version over 5200 DKK for the enterprise version to almost 12000 DKK for the ultimate version. So there appear to be savings in annual license cost of between 40% and 75% by looking at vendors other than Microsoft, and support for SUGAR is available in many countries including Denmark. The difference between ERP and CRM is the focus: ERP - Enterprise Ressource Planning - focus inwards in the company, while CRM - Customer Relationship Management - focus outwards towards the customer.

Herbert Nathans presentation was followed by presentations from two Microsoft partners. The first was from Sune Lohse from Abakion, who told us, that a paradigm shift was taking place in ERP systems, and that Abikion, who is focusing on Dynamics NAV and cloud (read: Azure) based system within two vertical areas: lawyers and supply chains. The other Microsoft partner was Agidon, who also focus on Dynamics NAV, but talked about their 4 step agile implementation approach involving:

  1. Identify your requirements.
  2. Challenge the needs that underlie the requirements.
  3. From need is to processes in standard Microsoft Dynamics NAV.
  4. Result is visible energy for employees and business. (Sounds like a sales pitch?)

We were not really impressed, think the narrow focus on Microsoft Dynamics products painted a basis picture of ERP in Denmark.For example Gaarsmand IT in Odensen and TDC Hosting both offer SUGAR CRM solutions. The later as part of a start package.

For the afternoons update on trends in training simulators the venue was changed from a suburb of Copenhagen to the offices of The Danish Shipowners Association in Amaliegade in the center of Copenhagen only two minutes walk from Amalienborg Palace. The afternoon started with a presentation by Klaus Æ Mogensen from Copenhagen Institute for Future Studies on Simulation in the Future, in which he mentioned Eve Online. Rome Reborn (Unfortunately the presenter was not updated about the legal situation around the material, and that it therefore no longer is available through Google Earth) and had focus on virtual reality but without smell. The second presentation was from Force Technology, who had collaborated with ConocoPhilips and a US based game creator to create a game-like simulator for training human factor aspects of interactions on a bridge of ship during critical periods, such as during entering or leaving a harbor. The third presentation was also from Force Technology about a Virtual Naval Undersea Warfare Center created by the Naval Sea System Command in Second Life. If you think Second Life simulator is something for your training needs, then we suggest you read Bill Brandon's two part discussion about creating virtual worlds before you create your own.


Training of operator in the process industry using virtual reality tools is however nothing new. Invensys, which is now Schneider Electric, demonstrated the technology at the 2009 Client Conference, which was reported in ControlGlobal.com, and some pictures can be seen here.

Conference on data security and supply security

hosted in the Danish Parliament "Christiansborg"

Post date: Jun 3, 2015 7:43:37 PM

Yesterday Safepark attended a one day conference on data security and supply security in the second chamber of the Danish Parliament. The conference was arranged by CheckPoint, and was a nice change form the usual one day IT conferences around Copenhagen. Our host in the Parliament building was co-chairman of the Danish Parliament Mr. Bertil Haarder. Mr. Haarder welcomed us to Christiansborg Palace, and pointed to the new modern paintings in this rather old building as well as the upcoming celebration of the 100th anniversary of the time women got to vote in elections in Denmark before turning to the topic of the day. Mr Haarder mentioned among other things, that he believe paramedics should have access to patient information as the site of an accident in order to expedite the treatment. That suggestion created quite a stir in the Health Committee of the Parliament a few years ago.

The focus of the talks during the morning was data security and safety on the internet. Mr. Kim Aarenstrup from the National Cybercrime Center was to have given the morning keynote, but his talk was cancelled due to the ongoing election. In stead we listened to Rasmus Theede from one of the larger Danish IT companies, KMD. His message has not changed much from one he delivered at another conference we attended earlier this year. Worth mentioning is that KMD are developing teaching material for children about data security. This is to be released later this summer.The second speaker was Len Andersen from the Danish Data Protection Agency (Datatilsynet), and what a pleasant change. She focused on hear views of a proposed EU regulation for the protection of personal data, and highlighted some of the problems with the current proposal in the light of the large diferences among European countries in areas such as CCTV surveillance, where Denmark is rather restrictive compared e.g. with United Kingdom and Luxembourg.

The third talk of the morning was the real keynote of the day: "Staying One Step Ahead" by Amnon Bar-Lev, the President of CheckPoint. The message of this talk was, that we need to move a reactive approach to a pro-active approach, such as e.g. document encryption at the time of creation as well as CPU level threat protection. Wait! CheckPoint is not a chip maker, so how can they talk about CPU level protection? We never found out. This keynote was followed by a rather dull talk by Jacob Sharf, the former chief of PET. By the way the spelling error in his English slides to his Danish talk was "less unlikely" --> "less likely" about a current security threat.

The focus of the afternoon was that supply security and data security goes hand in hand. The afternoon started by a short case by the Direktor Carl-Emil Larsen of DANVA - Danish Association of Water Works on how attacks from cyperspace threatens the security of the water supply. DANVA after a wake-up experience based on a message from Anomymous in November 2012, has now based on a Swedish equivalent created a handbook for IT-security in the supply services. It can be freely downloaded from DANVA's homepage. The final talk of the day was by Kristian Sandberg from CheckPoint, who demonstrated and talked about attacks on process industry facilities, e.g. the complete destruction of a steel furnace in Germany recently, and the 2500 unprotected SCADA installations in Norway. And that VPN plus a terminal server is not the solution to the security problem.

The day finished by a panel discussion with four politicians. One from the Socialdemokraterne, one from Venstre, one from Socialistisk Folkeparti and one from Alternativet. The later representative wanted to solve all problems by using open source software everywhere, i.e. a different approach to one size fits all. Unfortunately these politicians don't see the every problems, which their laws create for companies and citizens. They have limited personal life experience - unfortunately. So I considered it a lost cause to attempt to explain to them the benefit of estimating and/or calculating the cummulative X-ray dose any person in the country has received. We already record whenever they get an X-ray performed (except for at the dentist). So it should be rather simple to extend the data with the number of pictures and the estimated dose per picture in mSi. Then as the accumulated does increase the patient and doctor could way the benefit of another x-ray much better. I did however ask for a consolidation of our three main public systems: the correspondance system e-boks, the tax system, and the health system. The tax system is clearly the most professionally and user friendly of the three.

The take away from the day: We need to be pro-active with data security! The process industry and the utilties are finally waking up here more than 5 years after Stuxnet.

edgemo summit DILEMMA

Post date: May 22, 2015 5:01:29 PM

edgemo is a Danish IT-consulting house focused on the delivery of IT-hardware to municipalities, public service institutions and smaller enterprises. They were founded in Hinnerup in Jutland, but today also have a office in Albertslund - a suburb west of Copenhagen, Denmark. Yesterday Safepark attended their annual summit close to their new Copenhagen offices. Two presentations made us decide to participate: 1) A presentation by Peter Bing Simmons from Microsoft on Windows 10, and 2) A presentation by Kristian Storgaard from Kromann-Reumert titled "Is it your legal responsibility?".

Safepark was not interested in server & storage hardware or unified communication. Citrix Infrastructure we got updated on at Cisco Connect earlier in the month. But some devices did catch our attention. At Lenovo we did have a look at the super slim Lenovo X1, which available either with i5 or i7 processor and without or with touch screen in a price range from about 11.500 DKK to about 18750 DKK. Quite hard to justify a server price for a laptop. Until you realize, that you actually get a server hidden in laptop. Touch screen cost about 2750 DKK extra, and the i7 processor about 5400 DKK, if choose both you det a discount of 900 DKK. All prices are Lenovo list prices, and dealers may sell for less. At Samsung we instantly feel in love with the 34" Ultra Wide Curved Screen Monitor. Unfortunately the price is 6700 DKK, while the equivalent 27" unit may be had for 2400 DKK. We will properly wait a bit.

The Microsoft presentation lived completely up to our expectation. First the philosophy behind Windows 10: The person, and what you have to do and what you want to do. Windows 10 use the same kernel across all platforms. This apparently makes it much easier to develop cross platform apps - we believe that! Windows 10 will arrive at your Windows 7, Windows 8 or Windows 8.1 desktop/laptop this summer as a notification through Windows Update. About 25 years ago during a visit to the Danish company FLS Automation the managing director presented a vision of holographic models of the plant in the middle of the control room with measurements from the instrumentation system superimposed on the model. With Microsoft Halolens this can become a reality.

The other presentation, which brought us to this years edgemo summit was "Is it your legal responsibility?". The answer is YES! Under Danish and European law you can outsource many things to other countries (rather easy) or to other continents (somewhat more difficult), but you cannot outsource your responsibility. That remains with you. Among other things European law put restriction on were a company can put data, which relate to a specific physical person. Apparently this also applies to encrypted data. Some years ago we worked for a local church council, which had a single computer hosting all correspondence since about the start of the century. Some of that correspondence naturally contained personal data. However, we choose nonetheless to use a backup service from a zero-knowledge provider on another continent. The zero-knowledge means, that groups of files at encrypted on your in-house computer using a passcode, which you just have to remember, and sent to the providers server as a stream of random ones and zeroes. Kristian Storgaard also explained, that as far as the cloud is concerned, that is just a new delivery form. It changes nothing with respect to responsibility.

At the end of the day we heard about Dell's Wyse Device Manager, which is available as a free version, which can be used for up to 10.000 clients, and has some functionality turned off. However, if you just want to learn the technology using a limited number of clients this is an excellent starting point. Earlier in the day we also managed to hear about a county in Denmark was deploying Citrix to about 30000 users within the county and used AppSense for user profiles.

Cisco Connect 2015

Post date: May 8, 2015 6:37:57 PM

This year was our third participation in the annual Cisco Connect gathering at the Bella Center in Copenhagen. This year the usual line-up at registration was completely absent. This was because Cisco Denmark had asked us to print tickets with QR codes at home, and these were scanned as you walked by the registration area. This is something for international technical conference to learn from, and I will propose an experiment for next years Loss Prevention Symposium in Freiburg, Germany.

The day started rather slow with a welcome by the CEO Niels Münster-Hansen of Cisco Denmark and a panel discussion between representatives of three gold partners about the next steps in the digitization of Denmark. Journalist Thomas Larsen was there to ask the leading questions. I my view this discussion never got off the ground. But things changes speed with the keynote titled "Connect the Unconnected" by Bas Boorsma and Christian Heinel. Bas has the title of Director Internet of Everything, while is security evangelist. During 45 minutes they covered both ethical and security issues when you tie everything together.

Before and after lunch there were breakout session on topics such as networks, security, collaboration and data centers. Before lunch I learned about some new software based tools for implementing policies. It seemed to take the headache out of getting such policies from English language to the language of routers - especially Cisco routers. However, my knowledge of routers was too sallow to appreciate this new technology. Hence after lunch I switched to collaboration. Here I heard about the latest offerings from Cisco, such as dual 60" screens with dual cameras for the small meeting room and the large wall size systems with three screens. Cisco Cameras have the ability of detecting movement in the room, and when that happens they will zoom out from focusing on the person speaking to giving a view of the whole room. At collaboration demo island I discovered, that Cisco also had a model with a single screen and a single camera - just the thing I need at home to keep in contact with friends and family far away. The amazing thing is that all this technology can be used from an app on your iPad. You can get an overview of the apps, which Cisco provide for both Android and iOS here. However, some things appeared as old wine on new bottles, such as streaming two different streams to the same screen. That I saw demonstrated live at the Warpstock Europe Ecomstation and OS/2 conference in Stralsund in November 2009. At that event two different video streams were shown on the same screen with sound on both - not something I consider were usefull. But watching a movie while you are waiting for a soccer game to start on another channel is rather useful.In a business setting this could be watching a news cast or a training video while people gathered at the remote site.

The day ended by a keynote on motivation by Tom Kristensen, who toke us from the no data no monitoring situation during his first Le Mans, to the data and monitoring provided by the Audi R19 Ultra during the latest Le Mans. A fascinating and very inspiring way to end a good day.

The exhibition area appeared more busy than previous years. However, it is difficult to understand why breakfast is first served during the first break and not when you arrive at the start of the day. This takes away time from visiting the exhibitors. Also given the technology, which Cisco are promoting at these events, why not stream the sessions to the internet using the company's WebEx tool? When openSUSE could stream live video from their recent conference in Delft, then this should also be possible for Cisco. This would allow people from Fyn and Jylland to stay home, and participate from their desktop.

Computerworld Summit 2015

Post date: Apr 15, 2015 1:09:08 PM

This years Computerworld Summit in Copenhagen started with a fantastic keynote on the Future of Mobility by entrepreneur Dietmar Dahmen, in which he among other things presented me with the almost real use cage for an Android or Apple watch. Imagine your are travelling on train at night, and want to wake up about 50 kilometers before arrival. Then you can apparently just set your watch to wake you up based on geolocation. I said "almost real" because given the right app I am certain, that your Android or iPhone can perform the same task. This was the first time I had a change to listen to Dietmar Dahman, and if was 45 very dynamic minutes. I don't think Computerworld could have gotten a better key not speaker to open this years conference.Most of the rest of the day the conference offered two tracks: Security and IT-trends. I chose to mainly follow the former. It started started with a talk titled "No more technical gizmos: Higher security awareness and better prioritization of management resources" by Niels Peter Knudsen from Siscon. The essence of talk, was that you need to perform a risk assessment and that needs management involvement. During the second half of the talk one of Siscon's customers talked about their experience with the process. Rather convincing. This was followed by a talk titled "Take the temperature on your level of security with Secure Dashboard", which did not enlighten me about what the security dashboard is or how to use it.

Back in plenum Søren Bronnée Sørensen from Devoteam talked about the need for new blood on the IT team in order deal with the needs of the business in the future. The talk focused on the different needs of modern ERP-systems. Thus before lunch Henrik Blas Simonsen from Telia Danmark talked about the part of their business, which is not about phones.

After lunch Bo Skeel from Bitdefender talked about "What comes after traditional antivirus?", since Bitdefender agree with Symantec, that traditional signature based antivirus is dead. Today Bitdefender have bussiness solution based on cloud technology and with a 20 ms response time. Talking to the people at the Bitdefender stand in the exhibition area, I learned that some kind of appliance is in the works to protect your home network without having to install anything on individual devices. With four grown children, and potentially more than 20 devices using my internet connection device based systems is a maintenance nightmare. So it looks like IT security companies are finally beginning to see, that the complexity of the modern home with family and friends moving ind and out, is not that different from the modern company with customers, consultants and employees moving in and out.

At this point I switched to the IT-trend track. Here I heard Henrik Sølvsteen from Optimero talk about "How IT can become more business-oriented?". I have attended events Computerworld Summit for more than 10 years, and through all those years of the the most used sentences have been "IT and the business". We don't talk about "R&D and the business" or "HR and the business" or "Accounting and the business". Why? I think IT needs to grow-up and become a part of the business both in their own minds and in the minds of their colleagues. The final talk on the IT-trend track was "EU Data Protection Directive reformed - what does this mean for your business?". If your are a major company, then you have to appoint a data protection officer. I think the focus of the directive is on personal data - properly not the largest chunk of data generated every day. With the new regulation EU will also attempt to say, that their rules apply wherever data about European citizen's are stored. This will certainly be challenged, so we will have to wait and see how this pans out.The day finished with Casper Wakefield talking about "The will to win", and his experiences in preparing for the Yukon Artic Ultra and participating in this event. The event is a run from Whitehorse to Dawson City in the Yukon province of Canada. Dawson City is also known as the gold rush town. The Yokun Artic Ultra is 700 km run through in the month of February through snow and temperatures, which can drop to less than -35 Centigrades. In his day job Casper is a director with insurance broker Willis. For those who want to challenge themselve, and can get the family along on the idea, go for the Ultra.

At the end of the day Paoul Thorlacius-Ussing talked about Denmarks new and first cyber strategy, and the threats, which Danish companies are currently exposed to. Just one word: Scary!

This years Computerworld Summit was a really good event. We left it inspired, and with new things to try out. We learned about new companies, such as SIMPL which allows you to use a single sim card across the world for data and voice based on their network of agreements and with savings on data roaming above 90%, blancco, which erase you old devices so they are certified not to have data on them, Passler, who monitors your network connections, and Telia and Optimero, who are both involved in business process management.

IDC Mobility 2015

Good updates on the latest trends in the area of mobility!

Post date: Mar 26, 2015 9:05:27 PM

...and how to secure your mobile devices and your mobile communication.

Today Safepark attended the annual IDC Mobility Conference in Copenhagen. The venue for this years conference was the newly renovated Hotel d'Angleterre at Kongens Nytorv in the center of Copenhagen. IDC Conference - at least here in Denmark - follow a rather fixed format. During the morning there are 6 presentation with network opportunities in between. After lunch we break into smaller groups to hear a somewhat longer presentation, and after another networking opportunity the day is rounded off by a number of case studies.Jason Anderson, the head of research and consulting at IDC Nordic, started the day with a talk titled "Mobile first Strategies in the Nordics", and one of his messages was, that without Internet of Things companies really don't know how customers are using their products. In the world of Internet of Things companies can not only alert the customer about her new purchase needing service, but they will also have the opportunity to interact with the customer if e.g a new bicycle is standing unused for a number of weeks. Maybe the purchase was a mistake? Maybe something else happened? This post purchase interaction between supplier and customer has the potential to create a much better customer experience than today, where also the company can do is follow what is being said about it on the social media. Jason also presented the IDC maturity model: Ad-hoc, Opportunistic, Repeatable, Managed and Optimized. I think IDC applies this model to all areas of IT.

Dell had sent the president of their 2 B$ software business to Copenhagen to talk about "Connect your workforce - for better productivity and performance". The message properly should have been, that with mobile connection to every employee one get better productivity and performance. But I missed all that, because during his presentation John Swainson said: "Dell sells stuff!", and immediately thought: "Anybody can sell stuff!". However, after the presentation I had a look at some of the sleek new products, which Dell had on display.Before lunch there were also presentation form Check Point, Telenor, Citrix and CA. You may ask, who is CA? They are the former Computer Associates. After lunch I had the opportunity to hear more about what CA is doing from Flemming Steensgaard - a long time Novell employee - in a presentation titled "The user's premises, your strategy - or your problem" in which he among many other things talked about how an API could be turned into a business opportunity. Steensgaard sent the clear message, that from a security point of view there is really no difference between the smartphone, the tablet and the laptop.

As usual Flemming Steensgaard gave an information filled and funny talk. During the talk he also revealed his respect for the IT department and their work, and gave hints on how to work with them.After the last networking opportunity we heard 3 case studies. The first was Danske Bank's very successful MobilePay app, which has 2 million users in country with less than 6 million persons including babies, children and grandparents. It is easy to use and quick to set up, and gives the user the experience of handing over cash. Their traffic peak on Friday and Saturday evenings. The second case study was a rather boring presentation about mobility at the Danish State Railways - DSB. The day ended with the case about e-boks - a document and secure communications solution, which every Dane is forced to use, and how they have changed to a mobile first strategy over the past two years, and even used a community code camp to create a prototype of a Windows Phone app for e-boks.

So at the end of the day I need to find about more about CA's API approach, and I look forward to new mobile apps from e-boks at the end of the year. And maybe I should give Check Point's Capsule another try.

Data Security Conference

New flash zero-day exploit demonstrated by CSIS

Post date: Jan 29, 2015 8:58:34 PM

Today Safepark attended the 3rd annual Data Security Conference in Copenhagen arranged by Computerworld. This year conference passed 200 attendees at the Park Inn by Radisson venue.The conference was opened by the leader of GovCERT at Center for Cyber Security under Danish Defense Intelligence Service (DDIS). Mr. Ebbe B. Pedersen during his talk showed two interesting videos. The first was a video on advanced persistent treaths (APT) available on YouTube here. The second was a CNN video on a staged attack on a generator. The video showed the generator self-destruct due to operating beyond its safe parameters (I was not able to play this vidoe from the CNN web-page about this Aurora experiment). It appears the video was inspired by the Stuxnet (link will download a pdf-file from Symantic) malware, which destroyed centrifuges at an Iranian nuclear facility some years ago, and the exploit kit based on this technology currently available on the internet. During the presentation the use of USB-stick was also compared to having unsafe sex.

The second talk was by the Nordic SE manager Jan Johannsen from CheckPoint, started by drawing everybody's attention to their ZoneAlarm Capsule available for Android at play.google.com. One can test the app for free for a time, but after that it will cost you US$ 25 per year. I have downloaded this app, an will test it over the next week or so. Mr. Johannsen's talk was focused on good IT security practices, and he shared experiences from the public sector, the retail sector and the finance sector, and finished by pointing to 4 key areas: zero second exploits, mobile, embedded code, and critical infrastructure.

After these two plenary lectures we had a choice of three tracks: internal threats, security as a service and cyber threats. Safepark attended the last track. A focus was last weeks ransom-ware attack, which hit 6 to 8 Danish municipalities. First PwC's manager of security and technology Mads N. Madsen talked about the importance of getting business management concerned about security. In the area of process safety this happened after the 2005 explosion and fire at BP's Texas City Refinery and the Baker Report (link will download a pdf-file with the report from the Canadian organisation ABSA) about that. Mr. Johannsen said you can spend 3 kinds of money on security: Good money before an event, Panic money during an event, and Frustration money during restoration of normal operations. He also told us, that the average cost of a cyber security incident is 2.7 M$, and with more than 42 million events in 2014, then the annual cost to industry is more than 100 M$. PwC also talked about PwC's involvement in the response to last weeks ransom-ware attack on several Danish municipalities. The attack PwC was involved in turned out to just involve a single infected computer. However, even with just one computer infected the ransom-ware managed to encrypt more than 35,000 files, which this computer had access to. PwC recommended, that the municipality informed the media about the event. This generated an enormous interest from journalist across the country over the following days, which the municipality had not anticipated. Later Peter Schjøtt, who is cyber security specialist and evangelist with Symantec also talked about last weeks worldwide ransom-ware attack, which hit especially hard in Australia and appeared to involve a dozen coordinated groups. During and after the attack Symantec have detected more than 1000 variants of this malware. Mr. Schjøtt also told us, that a survey they performed found that 60% of organisations experience more than 25 incidents per months, and that the average time to discovery was 8 months. 90-95% of the cases the ransom-ware arrive as spam and in 5-10% of cases the ransom-ware arrive through browsing. A ransom is payed in 1-1½% of incidents - without any garantee of getting the files decrypted. Also on the cyber threats track global enterprise sales manger Nikolaj Holm Vang of SMS Passcode described their 3rd generation authentication system, and industry analyst Marcelo Pereira from Secunia talked about business enablement versus security, and how the security model has changed from a hard shell (firewall) with a soft core to a soft shell with a hard core. He also showed the trend in zeo-day events over the last six years, and hinted, that the data for 2014 were not good.

Finally a group of four persons from CSIS under the leadership their CTO Jan Kaastrup to create a demo of a zero-day flash exploit to shows us how hackers use social media to find the easiest way to the person the wanted to attack inside the targeted organization. After sending an e-mail to the person, and the person clicking on the link in the e-mail they showed us how they "hacker" now had full control of the computer, including the ability to turn on/off the build-in webcam and microphone, and naturally download any on the system. After such a demo one become much more careful about clicking on any link in an e-mail with first inspecting it, by hovering the mouse pointer above it and making sure, that the link points to a known location.

At conference such as this one your welcome package usually include a number of advertisements from the sponsors of the event. Todays conference was no different. However, sometimes I wonder wath the line of thinking in the marketing department was when creating these. See for example the picture on the left from a flyer about a service from Deloitte. When I see this picture of large antennas my thoughts immediately turns to the worldwide surveillance by the NSA and other goverment entities.

Another example is the picture on the right from a flyer from SMS Passcode, which provide intelligent 3.rd generation authentication tools. This drawing makes me thing about Dark Vader from Star Wars. What are your thoughts, when seeing these pictures in material aimed at data protection?