IT Events Blog 2013-2015
Disruption from a different angle
Safepark attended Computerworld's How To "Server/storage/visualization" at Wihlborg's Conference Center in Ballerup on the outskirts of Copenhagen, and this event was best characterized as Datacenter Disruption from a different angle. The opening talk was given by storage architect Beat Balbier from Oracle in Switzerland, and his message was, that Oracle hardware engineers and software engineers works side by side to co-engineer increased performance in the solutions Oracle offers its customers.
Oracle deliver increased capacity and performance with new technologies
Mr. Balbier mentioned increased capacity and performance of their storage system by more than 50X using Hyper Columnar Compression (HCC). He also said the cost of storage is usually one third OPEX and two thirds CAPEX. Towards the end Oracle's (Almost) Zero Data Loss Recovery Appliance was mentioned. Safepark believe, that Oracle continues to benefit from the acquisition of Sun Microsystems some yeas ago.
Veeam change focus from storage to availability
Martin Plesner-Jacobsen told us Veeam has changed the focus from storage to the business benefits of it, i.e. availability. Their technology which are based on the hypervisor under the virtual server allows them to take a snapshot backup of a server, and then start that server from the snapshot, and hence proving, that the backup can be used in a recovery situation. Currently their solutions support WMware and Hyper-V, but they have announced support also for linux. Veeam already provide a free backup solution for your Windows desktops and laptops, which you can read more about and download here.
Hitachi talked about new hardware offerings
Tom Christensen from Hitachi told us, that Hitachi has been working on flash for some years, and they will have storage class flash available before the end of the decade. He also talked about the Unified Compute Platform (UCP) available in four different sizes from UCP 1000 to UCP 6000. However, the pictures of these different UCP's under the text UCP X000 were identical except for some scaling. I wonder if the size of the box is the only difference between the UCP offerings from Hitachi?
Does Proact have the right focus?
Manager Kim Sneftrup from Proact started with the old story of IT and the business. His talked focused on standardization and automation of the IT processes by creating a portal towards the business from which the IT services could be brokered. This talk left me wondering: Who decides when a new application is needed by the business? What about automating the business processes rather than just IT processes? There are both open source tools, such as Bonita BPM from Bonitasoft, and commercial offerings, such as Blueworks Live from IBM. You may also want to take a look at the draft redbook "Process Discovery Best Practices Using IBM Blueworks Live", which is available here.
More talk about flash storage
The talk about flash storage continue by two flash storage appliance providers: Tintri and Nimble Storage. Engineer Ultich Slothuus from Tintri was clear and straightforward: "newer again manage storage". Tintri provde Autodesk with a 1.8 PB storage solution, which involve 8 datacentres and 25.000 virtual servers, and only requirer 1 hour of maintenance work per week. Just too bad their solution don't scale down to my current home use needs of just 4-5 TB storage.
Engineer Steve D'Amore from Nimble Storage had taken a very satisfied customer along to his presentation. The customer was Forca, which is a small Danish company administering pension payments. Their message was you just plug-in the Nimble Storage box and it just works. Forca was rather dissatisfied with their former supplier of storage. The message from Nimble Storage was that their solution reduce data center rack space by 90% with equivalent savings on cooling and electricity. Their smallest unit, the CS201, is almost fit for home usage.
A plug and play datacenter in a box
The idea behind Nutanix is simple: Bring the performance and simplicity of management that drives the huge data-centers of Google, Facebook and others - so-called web-scale engineering - to smaller companies as turnkey systems. Nutanix runs on either WMware, Hyper-V or Acropolis (a KVM fork). The idea is to eliminate service windows, i.e. reduce downtime to the level of Google Apps and Facebook. I you are building a new data center or consolidating old ones, the you should at least have a look at Nutanix. The Nutanix extreme compute platforms are essentially a data center in a box - so there are 3 data centers in the picture. On the outside the 3 data centers may look the same, but the inside could be quite different.
Engineer Jens Melhede came from yet another flash vendor: Violin Memory, he did a good job explaining why you should choose their solutions which scales from 5 TB to 70 TB per 3U box with a 99.999% uptime for a 2 PB stack. Management interface to thise units are created in HTML5. Violin Memory is partly owned by Toshiba, who has the rights to many patents in area of flash storage. The only flash storage vendor not represented at this conference appears to be Pure Storage.
Dell had sent their IT architect to talk about flash, and the fact, that based on capacity shiped Dell is a very large storage vendor indeed. At the end of talk there were questions about the impact of the recently announced merger of Dell and Emc. The merger is expected to be complete sometime in 2016.
A Danish company located in Randers in middle part of Jutland: RanTek rounded of the day. RanTek has 15 years experience with IT optimization and performance. They have partnered with Riverbed to provide Danish customers access to that company's branch office solutions using the Steelfusion Zero Branch IT solution. One of their customers Grundfos followed up by outlining their journey from 92 data centers to just three in Denmark (Bjerringbro), Singapore and USA. The hardware consolidation is progressing well and will be completed by mid next year a head of schedule. Application consolidation have turned out to be much more demanding, and they haven't started looking at the production platform IT. People attempting to do something similar should be aware of the emotional moment when IT is removed from a location, and the personnel issues with such a global project - especially the efforts going into employee motivation - cost cutting is not very motivating. Grundfos IT in numbers: 5.5 PB structured data, 0.6 PB unstructured data, 6500 managed mobile phones, 15000 PCs, 18500 network ports, 2750 servers - +95% virtualized and 600+ employees.
All in all a good conference with a spectacular user story to round things off and touching on some of the human sides of a disrupting consolidation project.
IDC Datacenter Disruption Conference
The IDC's Datacenter Disruption Conference wa at Hotel D'Angleterre in the center of Copenhagen. The venue was the atrium garden of the newly renovated old and elegant hotel close to Nyhavn. A good day with many excellent presentations.
But what does the conference title really mean? Some years ago we attended another conference at which a Dane working with strategy development for HP presented his view of the datacenter in 2020 or maybe more to the point the ability of the CIO five years from today. His scenario, was that of a CIO working for a car company and during the night news broke about problems with a competitors offering related to car performance. As soon as the CIO received the news he commission extensive simulation ressources from the cloud to perform simulations related to the problem and also started social media search related to the news story. All this happened form the phone at home while having breakfast. I think today conference although using the word "disruption" in the title was a bit more down to earth. Most people don't really look for disruptions in their life or work.
Is it really disruption or is it transformation?
Conference organizer Trine Børve welcomed everyone, and was followed by the standard presentation of IDC's concept of the so-called 3rd IT platform, which involve mobility, cloud, big data analytics and social business, then Carla Arend presented the IDC view on disruption. Carla Arend is a German, but works out of the IDC Copenhagen office and speaks excellent and fast English. Her presentation "Key IT decisions to take NOW to enable Digital Transformation" - not disruption. She introduced six technologies: Robotics, Natural Interfaces, 3D Printing, Internet of Things, Cognitive Systems and Next Gen Security, which she labelled as innovation accelerators, and continued to outline 5 areas of digital transformation or disruption in the coming years: leadership, omni experience, information, operating model and work source. In order to move to a situation, where IT and business are not separate, business need new skills in data analytics, and according to IDC's data only 2/3 of current businesses will make the transformation. Carla noted the year old conflict between IT and the business had to be put to rest once and for all.
Displayed next to the speakers podium was a new IDC banner with the text "IDC Analyze the Future", and I could not help wondering what predictive technology IDC was using to get the necessary data about the future to perform this task.
1000 cloud servoces at European companies with involvement of IT
Hans Zai, cloud advisor at IBM, started by stating, that all companies were using the cloud, even if they had no formal cloud programs. IBM have found almost 1000 hidden cloud services in European companies. Examples of companies mentioned by Hans Zai were Airbus, who had reduced aircraft turnaround time for airplanes to just 25 minutes by a focus on providing people with access to information on mobile devices. Another, was Delhaize - a US retailer, who used weather data to predict buying patterns. Also mentioned was Citi Bank, which had engaged mobile developer communities to develop more than 700 apps. The Nordic bank Nordea have done something similar using a hackaton as the approach to mobile development.
Ulrich Slothuus from Tintri, a hardware company, which provide hyporvisor aware storage appliances in both pure flash and hybrid versions. Too large for the needs of Safepark.
Backup and restore - but how quickly?
Workshops are IDC's word for parallel sessions. Safepark attended a led by Victor Engelbrecht Dohlmann from Veeam, who focused on the question of why we make backups and how long a restore should take in order to maximize business availablity and minimize business interruption. However, the message was somewhat spoiled by using too many slides with statistical information from which passed by quicker than one could read the title. That made the audience confused about the purpose, which clearly was not just to talk about the company's product, but in my view rather to have the audience reflect on the purpose of making a backup and how that could most effectively be done. Veeam use a technology based on images, which allow them to demonstrate to auditors and others to that a backup image can indeed restore the busines in less than 5 minutes. I believe, that Veeam's technology is similar to what is provided by the default file system in the newest version of openSUSE called Leap 42.1 released last week. During the talk Victor Dohlmann also mentioned, that Veeam would soon support Linux systems. However, no time frame or distros were mentioned.
Then we switched from vendors to user. cases. The first by Karsten Rosgaard, who is risk & compliance officer at Coop. He mentioned among other things, that IT at Coop Bank is completely separate from Coop Danmark, due to the different regulatory environment for banks. He also hinted, that the bank, was not a huge success, properly because of its limited service offerings. The second was Martin Wiesener, who is director of IT core services at Falck. Falck has groun tremendously of the past 10 years both wrt. revenue and number of employees. Among other things Martin mentioned, that they are the third largest provider of ambulance service in USA. The third was Esben Vsikum, who is VP CIT Technology & Security at the LEGO Group. He outlined their enterprise systems, and their idea of engagement systems. The LEGO Group expect to double the number of children they are in contact with by 2022, and again by 2032. The focus is on expanding LEGO global presence and leverage digitalization.
At the end of the day Peter Lind Nielsen, who is lawyer with Bird & Bird, clearly stated, that cloud services is just another form of outsourcing, and the same rules apply. Safepark agree. IDC Datacenter Disruption 2015 provided excellent user case stories from 3 very different Danish companies, and I am sure I will remember the day for them. Although also inspired by IDC, IBM and Veeam provided good information.
Soft Information Security Conference
Safepark attended SISCON's Information Security Conference, which was marketed as the largest "soft" information safety conference in Denmark with more than 100 participants. "Soft" in this connection does not mean easy. Soft has do with all the issues you have to deal with in information safety, which has nothing to do with buying software or hardware, such as convincing the board that information safety is important and something they need to be involved in or understanding EU's new data protection regulation likely to be a reality in 2018. The conference venue was Bella Center on Amager, which is now also known as the Comwell Conference Center Copenhagen.
SISCON is a small Danish IT company located a bit North of Copenhagen. They have single product CONTROL MANAGER, which is an information security management system. This ISMS is developed with an eye to ISO 27001, but also other relevant advisories about information security. It will tell you keep track of your IT assets - hardware and software - and all the task necessary to keep your compliance up to date with respect to both internal and external reporting. SISCON has 10 employees: 6 taking care of marketing and consultation in Denmark, and 4 taking care of development in Ukraine.
Why the board need to understand information security
The opening keynote "Information security on the board agenda" was given by Peter Nordgaard, CFO at Berlingske and also a board member there. He started by stating, that the board is foremost concerned with business development and there customers. Then adressed the questions: What is our responsibility? Towards whom are we responsible? and What are our tasks? The answer to the second question was: customers, employees and suppliers. He strongly recommended watching the video "Pirate Bay AFK" on YouTube. AFK stands for "Away From Keyboard". The Pirate Bay was at the start of the century the worlds largest file sharing site. Informations security involve data collection, data handling and data archiving. The question the board has to adress is: What data are we collecting? Why are we collecting these data? How are we handling these data? How are we archiving the data and for how long? The rules of the business must define, and that is definitely a board responsibility.
Personal data regulation in the EU
Michael Hopp, a lawyer with the Plesner Group, started by stating the purpose of the personal data regulation within EU was to replicate the success of the competition regulation. That is why they propose very high fines for violations, e.g. 5% of company revenue. A good place to start he told us would be ISO 29100. Key words would be privacy by design and privacy by default. According to the current drafts - there are three - larger corporations have to create the position of data protection officer. Mr. Hopp, mentioned that LEGO recently hired one of his employees for that position. So companies are already preparing from the new regulation.
Certain companies are excempt if they don't handle personal data and have less than 250 employees - again according to the draft regulation. At the end of Michael Hoop's presentation a representative from Bane Danmark asked why EU are so focused on cash help for lawyers, and not benefits to society.
But what is Control Manger?
From the customer presentations at this and one other meeting Safepark have attended about Control Manager it is rather difficult to get an understanding of the structure of Control Manager. One benefit appear to documentation in connection with internal and external audits and reporting to directors. This conference had short customer presentations from EUC Nord, an educational institution in North Jutland, Willis, an insurance broker. EUC Nord noted, that Control Manager was not God's gift to the people. There is a steep learning curve with Control Manager.
Torben Jørgensen, who is VP of Information Security at Vestas, gave us some thoughts about perception. How do my boss perceive me? How would you perceive me if I showed up in shorts and t-shirt? How can I change that perception? Align with management. During the past years Vestas had to make some hard decisions, like treating a heart stoppage before a broken leg.
One issue that came up during the final presentation from SISCON was the talk about IT and the business. This is an issue, which we at Safepark have great difficulty with. IT is as much a part of the business as accounting or marketing. But why do IT people always talk about IT and the business?
Visualize your world 2015
- if you know what it consist of!
The 2015 Visualize Your World event by Qlik Denmark was at IDA Conference in central Copenhagen on the Kalvebod Brygge waterfront, was kicked off with a very informative customer presentation by the Danish e-bookshop SAXO.com, who since 2010 has been a Qlik user, and now have live displays on business performance in their Copenhagen office. Safepark asked about distribution of traffic across the day, and the answer was that pick time is around lunch hour and in the evening dinner time - usually 5-7 PM in Denmark. So the 24 hour availability don't appear to be extremely important for an e-business directed towards a mostly local market. On the weekly view the low point is Saturday, and there appear to be more traffic on cloudy days than on sunny ones. Qlik is one of the leading providers of business intelligence (BI) software in the world, and was founded in Lund, Sweden in 1993, but has since moved to Radmor in Pennsylvania, USA. The company has 2000 employees and more than 35000 customers in over 100 countries. Our first encounter with Qlik View was at a How-To-event by Computerworld. Computerworld started using Qlik View in their budgetting process in the 1990's and the IT-department got involved years later as the use expaned.
Keynote talk streamed in!
Rarely is technology used at these IT events, but todays keynote was streamed from somewhere-else. This keynoteby Qlik's CMO Rick Jackson, who preached to the converted, and recommended to those, who still had to see the light, that they talk to Qlik customers. We wonder if this means that Qlik don't have in-house visualization evangelists? The big news from Qlik was the release of Qlik Sense 2.0 that very day. Among new features in this version are the use of external data providers integrated with you own data. Examples shown in the live demo was currency exchange rates and weather data. The license for access to external data sources appeared to be 8 USD per seat per year per data source. Even though CMO Rick Jackson advocated that decision makers in a company should have access to Qlik View and/or Qlik Sense, we think that both products are complex and require skilled knowledge workers for proper usage, and avoid the "garbage in --> garbage out" problem. Other participants agreed with the viewpoint.
Eight Qlik Partners present
Climber, Innofactor, Inspari, Itelligence, NNIT, QIS and Scubed, are some of the partners focusing on Qlik, while others has it as an add-on to their main focus. During the breaks we noticed that at the Inspari stand there were continuously crowded, and we wonder whether that was because of their visualization kit or their contest? Nonetheless Inspari learned us to look at the purpose of each pixel. We believe that more than 90% of charts and dashboards, have pixels, which can be removed without loss of information content.
The half day event ended with another streamed presentation titled "The Gray Area: Humans, Machines & Decision Points" by Qlik's Bussiness Analytics Strategist James Richardson, who appear to sit relaxed at a lake somewhere talking to us. His main point was, that you have to deal with impermanence and uncertainty in your data and the environment, and that the purpose of the visualization efforts was to create debate among humans.
Qlik's Visualize Your World 2015 was not a bad event to attend on a grey Wednesday morning in Copenhagen and get updated on one of the world leading BI tools. You can download the personal edition of QlikView or the desktop version of Qlik Sense from Qlik's homepage here. One limitation is that you do require a Windows based computer, but as far as I recall a license is needed, when your creations are no longer "for your eyes only". Excellent for consultants, who want to gain experience with Qlik's products before promoting them to their customers.
If you are looking for an open source business intelligence tools, then you may want to read Paul Rubens "5 Open Source Business Intelligence Tools" from December of last year. Paul Rubens mentions Jaspersoft Community Edition, Pentaho Community Edition, BIRT, RapidMiner and SpagoBI. The later appear quite popular in the Paris area.The title of this announcement is an indication, that you can acquire excellent visualzation tools such as Qlik View, Qlik Sense or one of the open source BI tools mentioned. They will all help you with the visualization part. However, the hard work is finding out what to visualize and why. When you have done that, then you know what your world consist of, and the rest is a piece of cake.
Update on ERP
and new trends in training simulators in just one day!
Satepark was updated on trends in ERP - not Electronic Road Pricing, but Enterprise Resource Planning - and tendencies within training simulators. The ERP update was hosted by Computerworld at the Pfizer Conference Center in Ballerup. This started with a keynote by Herbert Nathan from Herbert Nathan & Co on current trends in ERP. He told us, that in Denmark Microsoft for historic reasons is the absolute dominating vendor of ERP systems with offerings from Dynamics C5 over Dynamics NAV to Dynamics AX. Like other vendors, such as Sugar, Microsoft offers a free trial of Dynamics C5. Microsoft Dynamics NAV is the current version of Navision, which Microsoft bought from the Danish company Damgaard Data some years ago. This historic link explains the dominance of Microsoft on the Danish ERP market, since many customers kept using Navision after its acquisition by Microsoft.
Saving by looking at vendors like Sugar
One of the key features of the ERP market - especially in the past - is that switching from one vendor to another is not plug and play, especially because many ERP systems over the years become heavily customized. However, Herbert Nathan pointed out, that customers are increasingly demanding standardized, but flexible ERP systems. According to Herbert Nathan the annual license cost per user is around 20.000 DKK. This should be compared to the per user cost of a system like SUGAR CRM, which range from 3200 DDK for the professional version over 5200 DKK for the enterprise version to almost 12000 DKK for the ultimate version. So there appear to be savings in annual license cost of between 40% and 75% by looking at vendors other than Microsoft, and support for SUGAR is available in many countries including Denmark. The difference between ERP and CRM is the focus: ERP - Enterprise Ressource Planning - focus inwards in the company, while CRM - Customer Relationship Management - focus outwards towards the customer. Nathans presentation was a fresh wind, at these quite Microsoft focuesed events.
Microsoft partners naturally promote Microsoft products
Two Microsoft partners followed up. First Sune Lohse from Abakion, who talked about a paradigm shift in ERP systems, and that Abikion, who is focusing on Dynamics NAV and cloud (read: Azure) based system within two vertical areas: lawyers and supply chains. The other Microsoft partner was Agidon, who also focus on Dynamics NAV, but talked about their 4 step agile implementation approach involving:
- Identify your requirements.
- Challenge the needs that underlie the requirements.
- From need is to processes in standard Microsoft Dynamics NAV.
- Result is visible energy for employees and business. (Sounds like a sales pitch?)
- From need is to processes in standard Microsoft Dynamics NAV.
- Challenge the needs that underlie the requirements.
The narrow focus on Microsoft Dynamics products painted a incorrect picture of ERP in Denmark. For example Gaarsmand IT in Odense and TDC Hosting both offer SUGAR CRM solutions. The later as part of a start package.
Shipsimulator was the focus of the afternoon event
For the trends in training simulators the venue was changed to the offices of The Danish Shipowners Association in Amaliegade in the center of Copenhagen only two minutes walk from Amalienborg Palace. The afternoon started with a presentation by Klaus Æ Mogensen from Copenhagen Institute for Future Studies on Simulation. He mentioned Eve Online. Rome Reborn (Unfortunately the presenter was not updated about the legal situation around the material, and that it therefore no longer is available through Google Earth) and had focus on virtual reality but without smell.
Virtual reality training of ship operators
Force Technology presented a case study of a collaboration with ConocoPhilips and a US based game creator to create a game-like simulator for training human factor aspects of interactions on a bridge of ship during critical periods, such as during entering or leaving a harbor. Finally Force Technology talked about a Virtual Naval Undersea Warfare Center created by the Naval Sea System Command in Second Life. If you think Second Life simulator is something for your training needs, then we suggest you read Bill Brandon's two part discussion about creating virtual worlds before you create your own.
Training of operator in the process industry using virtual reality tools is however nothing new. Invensys, which is now Schneider Electric, demonstrated the technology at the 2009 Client Conference, which was reported in ControlGlobal.com, and some pictures can be seen here.
Data security and supply security
conference at the Danish Parliament "Christiansborg"
Yesterday Safepark attended a one day conference on data security and supply security in the second chamber of the Danish Parliament. The conference was arranged by CheckPoint, and was a nice change form the usual one day IT conferences around Copenhagen. Our host in the Parliament building was co-chairman of the Danish Parliament Mr. Bertil Haarder. Mr. Haarder welcomed us to Christiansborg Palace, and pointed to the new modern paintings in this rather old building as well as the upcoming celebration of the 100th anniversary of the time women got to vote in elections in Denmark before turning to the topic of the day. Mr Haarder mentioned among other things, that he believe paramedics should have access to patient information as the site of an accident in order to expedite the treatment. That suggestion created quite a stir in the Health Committee of the Parliament a few years ago.
IT security for children and EU's new regulation proposal
The focus of the first part of the conference was data security and safety on the internet. Unfortunately the announced keynote by Kim Aarenstrup from the National Cybercrime Center was was cancelled due to the election. In our view Rasmus Theede, who stepped in delivered a message had heard earlier this year. But worth mentioning is that KMD are developing teaching material for children about data security to be released this summer. The second speaker was Len Andersen from Datatilsynet, and she was a pleasant change. She focused on her views of a proposed EU regulation for the protection of personal data, and highlighted some of the problems with the current proposal in the light of the large diferences among European countries in areas such as CCTV surveillance, where Denmark is rather restrictive compared e.g. with United Kingdom and Luxembourg.
From reactive to pro-active
The real keynote of the day: "Staying One Step Ahead" by Amnon Bar-Lev, President of CheckPoint. The message was, that we need to move from a reactive approach to a pro-active approach, such as e.g. document encryption at the time of creation as well as CPU level threat protection. Wait! CheckPoint is not a chip maker, so how can they talk about CPU level protection? We never found out. This excellent keynote was followed by a rather dull talk by Jacob Sharf, the former chief of PET. By the way the spelling error in his English slides to his Danish talk was "less unlikely" --> "less likely" about a current security threat.
Case studies on supply security and data security
The second part of the conference focused on supply security and data security going hand in hand. First with a case from DANVA by direktor Carl-Emil Larsen. DANVA - Danish Association of Water Works on how attacks from cyperspace threatens the security of the water supply. DANVA after a wake-up experience based on a message from Anomymous in November 2012, has now on Swedish experience created a handbook for IT-security in the supply services. It can be freely downloaded from DANVA's homepage. Kristian Sandberg from CheckPoint rounded of the day talking on attacks on process industry facilities, e.g. the complete destruction of a steel furnace in Germany recently, and the 2500 unprotected SCADA installations in Norway. And that VPN plus a terminal server is not the solution to the security problem.
Political Panel Discussion
A a panel discussion with four politicians: One from Socialdemokraterne, one from Venstre, one from Socialistisk Folkeparti and one from Alternativet round off the day. The later representative wanted to solve all problems by using open source software everywhere, i.e. a different approach to one size fits all. Unfortunately these politicians don't see the problems, which their laws create for companies and citizens. They have limited personal life experience - unfortunately.
Wrong time to talk about X-ray passport
So I considered it a lost cause to attempt to explain to them the benefit of estimating and/or calculating the cummulative X-ray dose any person in the country has received.
We already record whenever they get an X-ray performed (except for at the dentist). So it should be rather simple to extend the data with the number of pictures and the estimated dose per picture in mSi. Then as the accumulated does increase the patient and doctor could way the benefit of another x-ray much better. I did however ask for a consolidation of our three main public systems: the correspondance system e-boks, the tax system, and the health system. The tax system is clearly the most professionally and user friendly of the three.
The take away from the day: We need to be pro-active with data security! The process industry and the utilties are finally waking up here more than 5 years after Stuxnet.
edgemo summit DILEMMA
edgemo is a Danish IT-consulting house focused on the delivery of IT-hardware to municipalities, public service institutions and smaller enterprises. There head office is in Hinnerup in Jutland, but they also have an office in a suburb of Copenhagen, Denmark. Safepark attended their annual summit near their new Copenhagen offices. We were attracted by the presentations: 1) "Windows 10" by Peter Bing Simmons from Microsoft, and 2) "Is it your legal responsibility" by Kristian Storgaard from Kromann-Reumert.
Safepark is not interested in server & storage hardware or unified communication, and was already updated on Citrix Infrastructure. But hardware did catch our attention. At Lenovo it was the super slim Lenovo X1 available either with i5 or i7 processor and without or with touch screen in a price range from 11.000 DKK to 19.000 DKK. Quite hard to justify a server price for a laptop. Until you realize, that you get a server hidden in laptop. Touch screen cost about 3.000 DKK extra, and the i7 processor about 6.000 DKK. At Samsung we instantly feel in love with the 34" Ultra Wide Curved Screen Monitor. Unfortunately the price is 6700 DKK, while the equivalent 27" unit may be had for 2400 DKK.
Microsoft will upgrade your Windows 7 or Windows 8 to Windows 10
The Microsoft presentation lived completely up to our expectation. First the philosophy behind Windows 10: The person, and what you have to do and what you want to do. Windows 10 use the same kernel across all platforms. This apparently makes it much easier to develop cross platform apps - we believe that! Windows 10 will arrive at your Windows 7, Windows 8 or Windows 8.1 desktop/laptop this summer as a notification through Windows Update. About 25 years ago during a visit to the Danish company FLS Automation the managing director presented a vision of holographic models of the plant in the middle of the control room with measurements from the instrumentation system superimposed on the model. With Microsoft Halolens this can become a reality.
Responsibility cannot be outsourced
The other presentation, which brought us to this years edgemo summit was "Is it your legal responsibility?". The answer is YES! Under Danish and European law you can outsource many things to other countries (rather easy) or to other continents (somewhat more difficult), but you cannot outsource your responsibility. That remains with you. Among other things European law put restriction on were a company can put data, which relate to a specific physical person. Apparently this also applies to encrypted data. Some years ago we worked for a local church council, which had a single computer hosting all correspondence since about the start of the century. Some of that correspondence naturally contained personal data. However, we choose nonetheless to use a backup service from a zero-knowledge provider on another continent. The zero-knowledge means, that groups of files at encrypted on your in-house computer using a passcode, which you just have to remember, and sent to the providers server as a stream of random ones and zeroes. Kristian Storgaard also explained, that as far as the cloud is concerned, that is just a new delivery form. It changes nothing with respect to responsibility.
At the end of the day we heard about Dell's Wyse Device Manager, which is available as a free version, which can be used for up to 10.000 clients, and has some functionality turned off. However, if you just want to learn the technology using a limited number of clients this is an excellent starting point. Earlier in the day we also managed to hear about a county in Denmark was deploying Citrix to about 30000 users within the county and used AppSense for user profiles. Conclusion: Too much sales talk!
Cisco Connect 2015
Super efficient registretion at Bella Center, thanks to thinking ahead. Home printed tickets, 4-5 people scanning the printed tickets and another group handing out holders, secured a continuous flow of people at the entrance. Absolutely NO line up! The wonders of QR-codes! This is something for international technical conference to learn from, and I will propose an experiment for next years Loss Prevention Symposium in Freiburg, Germany.
The summit started slow with a welcome from CEO Niels Münster-Hansen of Cisco Denmark and an uninspring panel discussion among gold partners on the next steps in digitization of Denmark. Journalist Thomas Larsen's questions never got this discussion never got off the ground. But things changes speed with the keynote "Connect the Unconnected" by Director Internet of Everything Bas Boorsma and Security Evangelist Christian Heinel. During 45 minutes they covered both ethical and security issues when you tie everything together.
Breakout session on topics such as networks, security, collaboration and data centers made the event great. We were introduced to new software based tools for implementing policies. It seemed to take the headache out of getting such policies from English language to the language of routers - especially Cisco routers. However, my knowledge of routers was too sallow to appreciate this new technology.
Collaboration with people far away or on the move around town
Later we changed to collaboration, and heard about the latest offerings from Cisco, such as dual 60" screens with dual cameras for the small meeting room and the large wall size systems with three screens. Cisco Cameras have the ability of detecting movement in the room, and when that happens they will zoom out from focusing on the person speaking to giving a view of the whole room. At collaboration demo island I discovered, that Cisco also had a model with a single screen and a single camera - just the thing I need at home to keep in contact with friends and family far away. The amazing thing is that all this technology can be used from an app on your iPad. You can get an overview of the apps, which Cisco provide for both Android and iOS here. However, some things appeared as old wine on new bottles, such as streaming two different streams to the same screen. That I saw demonstrated live at the Warpstock Europe Ecomstation and OS/2 conference in Stralsund in November 2009. At that event two different video streams were shown on the same screen with sound on both - not something I consider were usefull. But watching a movie while you are waiting for a soccer game to start on another channel is rather useful.In a business setting this could be watching a news cast or a training video while people gathered at the remote site.
The day ended by a keynote on motivation by Tom Kristensen, who toke us from the no data no monitoring situation during his first Le Mans, to the data and monitoring provided by the Audi R19 Ultra during the latest Le Mans. A fascinating and very inspiring way to end a good day.
The exhibition area appeared more busy than previous years. However, it is difficult to understand why breakfast is first served during the first break and not when you arrive at the start of the day. This takes away time from visiting the exhibitors.
Also given the technology, which Cisco are promoting at these events, why not stream the sessions to the internet using the company's WebEx tool? When openSUSE could stream live video from their recent conference in Delft, then this should also be possible for Cisco. This would allow people from Fyn and Jylland to stay home, and participate from their desktop.
Computerworld Summit 2015
Computerworld Summit started with a fantastic keynote on the Future of Mobility by entrepreneur Dietmar Dahmen presenting us with almost real use cases of Android or Apple watch. Imagine your are travelling on train at night, and want to wake up about 50 kilometers before arrival. Then you can apparently just set your watch to wake you up based on geolocation. I said "almost real" because given the right app I am certain, that your Android or iPhone can perform the same task. Dietmar Dahman provided 45 very dynamic minutes. We don't think Computerworld could have gotten a better opening keynote speaker.
Most of the rest of the day the conference offered two tracks: Security and IT-trends. We chose the former. It started with "No more technical gizmos: Higher security awareness and better prioritization of management resources" by Niels Peter Knudsen from Siscon. The essence of this, was that you need to perform a risk assessment and that needs management involvement. During the second part of the talk one of Siscon's customers talked about their experience with the process. Rather convincing. The following talk "Take the temperature on your level of security with Secure Dashboard" was a disappointment, and did not enlighten us about what the security dashboard is or how to use it.
Don't forget, that your organisation needs new blood
Søren Bronnée Sørensen from Devoteam talked about the need for new blood on the IT team in order deal with the needs of the business in the future, but focused on the different needs of modern ERP-systems. Henrik Blas Simonsen from Telia Danmark learned us that part of their business is not about phones.
Something for the home user in the works
Bo Skeel from Bitdefenders talk "What comes after traditional antivirus?", as Bitdefender agree with Symantec, that traditional signature based antivirus is dead. Today Bitdefender have bussiness solution based on cloud technology with a 20 ms response time. Talking to the people at the Bitdefender stand in the exhibition area, I learned that some kind of appliance is in the works to protect your home network without having to install anything on individual devices. With four grown children, and potentially more than 20 devices using my internet connection device based systems is a maintenance nightmare. So it looks like IT security companies are finally beginning to see, that the complexity of the modern home with family and friends moving ind and out, is not that different from the modern company with customers, consultants and employees moving in and out.
The old culture of IT and the business still lives
We switched to the IT-trend track, and heard Henrik Sølvsteen from Optimero talk about "How IT can become more business-oriented?". I have attended events Computerworld Summit for more than 10 years, and through all those years of the the most used sentences have been "IT and the business". We don't talk about "R&D and the business" or "HR and the business" or "Accounting and the business". Why? I think IT needs to grow-up and become a part of the business both in their own minds and in the minds of their colleagues.
Finally we heard "EU Data Protection Directive reformed - what does this mean for your business?". If your are a major company, then you have to appoint a data protection officer. I think the focus of the directive is on personal data - properly not the largest chunk of data generated every day. With the new regulation EU will also attempt to say, that their rules apply wherever data about European citizen's are stored. This will certainly be challenged, so we will have to wait and see how this pans out.
Do you need a real challenge?
The event ended with Casper Wakefield on "The will to win", and his experiences in preparing for the Yukon Artic Ultra and participating in that event. The event is a run from Whitehorse to Dawson City in the Yukon province of Canada. Dawson City is also known as the gold rush town. The Yokun Artic Ultra is 700 km run through in the month of February through snow and temperatures, which can drop to less than -35 Centigrades. In his day job Casper is a director with insurance broker Willis. For those who want to challenge themselve, and can get the family along on the idea, go for the Ultra.
This years Computerworld Summit was a good event. We left it inspired, and with new things to try out. We learned about new companies, such as SIMPL which allows you to use a single sim card across the world for data and voice based on their network of agreements and with savings on data roaming above 90%, blancco, which erase you old devices so they are certified not to have data on them, Passler, who monitors your network connections, and Telia and Optimero, who are both involved in business process management.
IDC Mobility 2015
Good updates on the latest trends in the area of mobility
...and how to secure your mobile devices and your mobile communication.
Safepark attended the annual IDC Mobility Conference in Copenhagen at the newly renovated Hotel d'Angleterre at Kongens Nytorv in the center of Copenhagen. IDC Conference - at least here in Denmark - follow a rather fixed format with 6 presentation with network opportunities in between, and later smaller groups to hear longer presentations, and then rounding off with a number of case studies.
Prioritation of Mobile Development, but remember IoT
Also as usual an IDC analyst opens the show. Jason Anderson, who talked about "Mobile first Strategies in the Nordics", with the clear message, that without Internet of Things companies really don't know how customers are using their products. In the world of Internet of Things companies can not only alert the customer about her new purchase needing service, but they will also have the opportunity to interact with the customer if e.g a new bicycle is standing unused for a number of weeks. Maybe the purchase was a mistake? Maybe something else happened? This post purchase interaction between supplier and customer has the potential to create a much better customer experience than today, where all the company can do is follow what is being said about it on the social media. Jason also presented an IDC maturity model: Ad-hoc, Opportunistic, Repeatable, Managed and Optimized. I think IDC applies this model to all areas of IT.
Dell is stil selling stuff
Dell had sent the president of their 2 B$ software business to Copenhagen to talk about "Connect your workforce - for better productivity and performance". The message properly should have been, that with mobile connection to every employee one get better productivity and performance. But I missed all that, because during his presentation John Swainson said: "Dell sells stuff!", and immediately thought: "Anybody can sell stuff!". However, after the presentation I had a look at some of the sleek new products, which Dell had on display.
Other presentation included Check Point, Telenor, Citrix and CA. You may ask, who is CA? They are the former Computer Associates. Later Safepark had the opportunity to hear more about what CA is doing from Flemming Steensgaard - a long time Novell employee - in a presentation titled "The user's premises, your strategy - or your problem" in which he among many other things talked about how an API could be turned into a business opportunity. Steensgaard sent the clear message, that from a security point of view there is really no difference between the smartphone, the tablet and the laptop.
As usual Flemming Steensgaard gave an information filled and funny talk. During the talk he also revealed his respect for the IT department and their work, and gave hints on how to work with them.After the last networking opportunity we heard 3 case studies. The first was Danske Bank's very successful MobilePay app, which has 2 million users in country with less than 6 million persons including babies, children and grandparents. It is easy to use and quick to set up, and gives the user the experience of handing over cash. Their traffic peak on Friday and Saturday evenings. The second case study was a rather boring presentation about mobility at the Danish State Railways - DSB. The day ended with the case about e-boks - a document and secure communications solution, which every Dane is forced to use, and how they have changed to a mobile first strategy over the past two years, and even used a community code camp to create a prototype of a Windows Phone app for e-boks.
So at the end of the day I need to find about more about CA's API approach, and I look forward to new mobile apps from e-boks at the end of the year. And maybe I should give Check Point's Capsule another try.
GovCERT showed two relevant videos at opening presentation
Mr. Ebbe B. Pedersen from GovCERT at Center for Cyber Security under Danish Defense Intelligence Service (DDIS) opened the event by showing two vidoes. The first was a video on advanced persistent treaths (APT) available on YouTube here. The second was a CNN video on a staged attack on a generator. The video showed the generator self-destruct due to operating beyond its safe parameters (I was not able to play this vidoe from the CNN web-page about this Aurora experiment). It appears the video was inspired by the Stuxnet (link will download a pdf-file from Symantic) malware, which destroyed centrifuges at an Iranian nuclear facility some years ago, and the exploit kit based on this technology is currently available on the internet. Mr. Pedersen also compared the use of USB-sticks to having unsafe sex.
CheckPoint showed security for Android / iOS smartphones
Nordic SE manager Jan Johannsen from CheckPoint drew everybody's attention to their ZoneAlarm Capsule available for Android at play.google.com. One can test the app for free for a time, but after that it will cost you US$ 25 per year. Safepark have downloaded the app for testing. Mr. Johannsen otherwise focused on good IT security practices, and shared experiences from the public sector, the retail sector and the finance sector, and before pointing to 4 key areas: zero second exploits, mobile, embedded code, and critical infrastructure.
After the plenary lectures the conference had a choice of three tracks: internal threats, security as a service and cyber threats. Safepark focused on the last track. This featured information on last weeks ransom-ware attack at 6 to 8 Danish municipalities. First PwC's manager of security and technology Mads N. Madsen talked about the importance of getting business management concerned about security. In the area of process safety this did not happen until after the 2005 explosion and fire at BP's Texas City Refinery and the Baker Report (link will download a pdf-file with the report from the Canadian organisation ABSA). Mr. Johannsen said you can spend 3 kinds of money on security:
- Good money before an event,
- Panic money during an event, and
- Frustration money during restoration of normal operations.
He also told us, that the average cost of a cyber security incident is 2.7 M$, and with more than 42 million events in 2014, then the annual cost to industry is more than 100 M$. PwC also talked about PwC's involvement in the response to last weeks ransom-ware attack on several Danish municipalities. The attack PwC was involved in turned out to just involve a single infected computer. However, even with just one computer infected the ransom-ware managed to encrypt more than 35,000 files, which this computer had access to. PwC recommended, that the municipality informed the media about the event. This generated an enormous interest from journalist across the country over the following days, which the municipality had not anticipated.
Are IT companies attempting to scare you to subscribe?
Later Peter Schjøtt, who is cyber security specialist and evangelist with Symantec also talked about last weeks worldwide ransom-ware attack, which hit especially hard in Australia and appeared to involve a dozen coordinated groups. During and after the attack Symantec have detected more than 1000 variants of this malware. Mr. Schjøtt also told us, that a survey they performed found that 60% of organisations experience more than 25 incidents per months, and that the average time to discovery was 8 months. 90-95% of the cases the ransom-ware arrive as spam and in 5-10% of cases the ransom-ware arrive through browsing. A ransom is payed in 1-1½% of incidents - without any garantee of getting the files decrypted. Also on the cyber threats track global enterprise sales manger Nikolaj Holm Vang of SMS Passcode described their 3rd generation authentication system, and industry analyst Marcelo Pereira from Secunia talked about business enablement versus security, and how the security model has changed from a hard shell (firewall) with a soft core to a soft shell with a hard core. He also showed the trend in zeo-day events over the last six years, and hinted, that the data for 2014 were not good.
Finally a group of four persons from CSIS under the leadership their CTO Jan Kaastrup to create a demo of a zero-day flash exploit to shows us how hackers use social media to find the easiest way to the person the wanted to attack inside the targeted organization. After sending an e-mail to the person, and the person clicking on the link in the e-mail they showed us how they "hacker" now had full control of the computer, including the ability to turn on/off the build-in webcam and microphone, and naturally download any on the system. After such a demo one become much more careful about clicking on any link in an e-mail with first inspecting it, by hovering the mouse pointer above it and making sure, that the link points to a known location.
At conference such as this one your welcome package usually include a number of advertisements from the sponsors of the event. Todays conference was no different. However, sometimes I wonder wath the line of thinking in the marketing department was when creating these. See for example the picture on the left from a flyer about a service from Deloitte. When I see this picture of large antennas my thoughts immediately turns to the worldwide surveillance by the NSA and other goverment entities.
Another example is the picture on the right from a flyer from SMS Passcode, which provide intelligent 3.rd generation authentication tools. This drawing makes me thing about Dark Vader from Star Wars. What are your thoughts, when seeing these pictures in material aimed at data protection?
Qlik Visualize Your World 2014
Safepark attended Qlik's Visualize Your World at the Tivoli Hotel & Congress Center in Copenhagen, which featured an introduction of Qlikview Sense to the Danish market. Qlikview Sense was introduced after the opening keynote on the future of visualization.
Qlikview Sense take in our view BI to a new level. It features drag-and-drop data import, as well as drag-and-drop chart creation.
And to get you started you can download a desktop version for your Windows 7 or 8 computer from www.clik.com. We have done so already, and report on our experience with Qlikview Sense in the near future. The introduction of Qlikview Sense featured a live demo of the capabilities of the server version of Qlikview Sense. Envision you are given a presentation to your board using a presentation automatically created form your Qlikview Sense app, and suddenly a board members ask you a question. Normally you would have to acknowledge the question, and get back to the board member after the meeting. With Qlikview Sense server version you can go right from your presentation back to the original Qlikview Sense app on the server, highlight the chart in question and add data needed to answer the board members question. Thus the question is resolve effectively here and now, and you avoid the sending of e-mailing all board members about the question after the meeting.
Furthermore Qlikview Sense implements many of the visualization guidelines, which Stephen Few for years have been advocating in his books, and which Inspari have introduced to anyone in Denmark, who cared to listen. It features color schemes which avoid problems with color blind people. Inspari at the meeting today distributed a short guide to visualization that anyone making presentations involving data should get their hands on - unfortunately I only have a Danish version.
After the morning keynote the day continued with 3 parallel sessions. We attended a really good session featuring different demos of Qlikview solutions some in-house from Qlik and some available on the internet. One of the ones shown briefly at todays meeting was the Shift Project Data Portal, which you can access at www.tsp-data-portal.org/ and explore some of the features of Qlikview. Another is the Choke Point Index for water in California - try to google this. Another positive experience was Inspari's presentation on visualization guidelines, as well as S-Cubed presentation on using Qlikview in connection with data from clinical trials, which have special requirements on who can watch what and when, as well as the issue of data security both from the patient perspective and from the company perspective.
A Futurologish Viewpoint
The day was rounded off by Swedish Futurologist Magnus Lindkvist showing us the different between horizontal development - selling more of the same in other areas - and vertical development - going from selling candles for reading to selling LED light-bulbs. Magnus Lindkivst also told us, that salespeople are good of the former, while engineers excels at the latter. During Magnus Lindkivst's talk we also learned the difference between sports and business, which is that in sports the rules usually don't change during the game. We also learned, that R & D could be interpreted in a new way: Ripoff & Duplicate, and new word: IKEAficaton.
All in all Qlik's Visualize Your World was time well spent, although some sessions could benefit from a clearer focus.
IBM Business Connect 2014
an update on security and mobility
Yesterday Safepark participated in IBM BusinessConnect 2014 at Bella Center in Copenhagen, and we where updated on the current security threats in both conventional computing and mobile devises in the light of both the international response to the NSA surveillance and to the local case of a trusted IBM employee leaking information about credit card transactions of well known people, such as Crown Prince Frederik, to the media.
One speaker reviled how his Linux server at home within minutes of the publication of a bash shell security problem was bombarded with attempts to take over the server by exploiting this bash shell vulnerability. Luckily the server was configured not to execute bash shell scripts based on incoming requests.
Panel debate about security of personal information
Security of personal information, such as medical records, in light of the needs to use the aggregated records to develop new drugs and in general improve health services was the focus of a panel debate. Google told us, that very few people use the tools they have to look at the activity on their Google accounts. Unfortunately we fall in the trap, but that will change shortly.
Red Bull racing improve performance using data
A keynote focused on data in formula 1 racing, and we learned from Infinity Red Bull Racing, how their pit stop was reduced from an average of 4 seconds two years ago to less than 2 seconds this year.
At one of the talks Safepark attended the presenter told us, that one client wanted to do a trial of BYOD for about 500 employees. When the management platform was installed it discovered, that almost 3500 devices were accessing the corporate mail system. Company employees had just used a standard feature of all exchange servers to login to their company e-mail accounts from their smartphones.
This event features a large number of parallel sessions, and hence it is only possible to attend less than 10% of presentations. This meant, that this year we did not get update on Watson or the public sector. The latter partly because the details of this track was not in the printed event guide.
Windows XP Funeral
at edgemo in Farum, Denmark
On the very day on which Microsoft finally pulled the plug on what has properly been its most successfull OS to date Safepark Consultancy attended a funeral event at edgemo, which a local IT consultant and hardware facilitater with a focus on Microsoft and Citrix.
After a welcome by the CEO in a Danish pastors outfit Claus from Microsoft Denmark talked about the consequences of Windows XP EOL. In his presentation he mentioned a number of Microsoft tools, which could help getting to a newer and more modern platform. The first is the Application Compatibility Toolkit (ACT), which is free and the current version 5.6 also runs on Windows XP provided you have Service Pack 3 installed and also .NET Framework version 3.5. Claus also spoke for the update to Windows 8.1, which re-introduce a feature to bypass the modern GUI, and go back to the well known desktop with start menu - in a very configurable edition. The next big Microsoft EOL will be Windows Server 2003 in July 2015. Currently the number of 2003 servers in Denmark are counted in thousands, and for those wanted a planned migration to a newer platform the advice was: Start the process now!
Progressing through the generations of Windows
Since I got access to my first personal computer at DTU in the early 90's we have seen quite a number of windows edtions: Windows 3.1, Windows 3.11, Windows 95, Windows 98, Windows Me - all GUI's based on DOS - and they have been put to rest some time ago. This Windows XP EOL is part of a series, which started with Windows NT 3.1 around the time of Windows 3.1. Version of Windows after the start of the new millenium are all based on NT: Windows 2000 (Februar 2000), Windows XP (October 2001), Windows Vista (November 2006), Windows 7 (July 2009) and Windows 8 (October 2012). If one look at this time-line, then it is somewhat surprising to hear, that we can expect to see Windows 9 within the next 12 months.
If you haven't allready migrated away from Windows XP, then you can improve your protection by tools such as AppSense Application Manager, which appear similar to Apparmor from openSUSE, or AppDNA, which will become a part of XenApp from Citrix. The half day funeral event ended with lunch and funeral-beer - a Danish custom to drink beer at any occasion.
Alternatives to Windows
An alternative to migrating from Windows XP to Windows 8, which runs but barely on our Lenovo ideaPad S-10-2, could be a migration to openSUSE 13.1, which is a free download from www.opensuse.org, and comes with a new KDE GUI aimed at small screens and the latest version of LibreOffice - my favorite tool for opening old textprocessing files, such as WordPerfect and WordPro. Unfortunately old Lotus 1-2-3 files are not handled as well, but then Gnemeric, which is also part of openSUSE, stands ready to fill the gap.
10th IDC Mobility Conference 2014
Safepark participated in the 10th IDC Mobility Conference in Copenhagen. Mobility is part of what IDC calls the 3rd IT Platform. The first platform from the mid 60's was mainframes with terminals attached. Then in the 80's the 2nd platform involved client/server systems with local area networks - called LANs. And at the end of the first decade of this millennium the 3rd platform involving mobility, cloud, big data and social started to arrive.
IBM goes on in on mobility
Our interest in mobility is the movement from web-presence to mobile presence, which started two or three years ago. Todays conference gave the chance to attended a workshop on gaining business advantages with mobile innovation, at which Lars-Olof Allerhed from IBM explained how the company have started its mobile journey, which means that many of its employees over the next years will move form using smartsphones and notebooks will move to using smartphones and tablets to perform ALL their work. The transformation will involve the development of about 140 in-house mobile apps, and the typical technical employee would use around 30-40 of these. Safepark expect to see a similar development within the process safety area. IBM has a mobile development platform called MobileFirst, which allows the development of a single source for delivery to four different platforms including Android, IOS and Windows Phone. This development environment is freely available at IBM DeveloperWorks. First when you want to deploy the apps do you need a paid license.
Charlotte Thygesen Poulsen mentioned som of the topics at the first mobility conference in her opening remarks: management of people working from their home. Latter in the day Lars Baun from Dell explained the freedom he enjoyed in an earlier employment at a time when no one had dreamed about the cellphone or the smartphone.
Jason Andersson from IDC Nordic showed us, that in mobile development in Denmark there is a higher focus on end user experience, than is seen in other European countries. Another presenter stated, that ROI or return-on-investment in mobile development is not always measured in dollars, pounds or kroner, but in some cases are measured in reduced CO2 emissions. Mobility does not mean that we don't need paper, as shown in the video "Paper has a great Future".
An interesting aspect of the conference was, that the security people appear to continue their focus on device security, i.e. encryption of all data on a device and the ability ot eras data remotely if a devices is lost. Which happens about 90.000 times a year in San Francisco. Safepark believe, that the focus should move to document security. If documents were secured (i.e. encrypted) then it really did not mater if a private Drop Box is used as a temporary storage. Safepark is extensively using cloud storage, and using this approach as needed to limit the risk of storing documents in the cloud.
This mobility event also featured wearables in a talk by Rikke Koch from the Alaxandra Institute. She talked about arm bands measuring your exercise, Google glass and even wearable built into clothes. Safepark is also getting in wearables by supporting the Kickstarter project the Dash. More about this device when we get our hands on it early next year.
IT2Trust Security Summit
at Brøndby Stadium
Safepark attended the IT2Trust Security Summit at Brøndby Stadium hosted in the Klub Europa Lounge and feature good presentations in three tracks. Hence it was not possible to attend everything. The summit title was "IT-security from a higher perspective". Late speakers delayed the start of the event. But cutting back on opening word got us back on track.
Kaspersky Labs on social aspects of security and how to exploit them
The first presentation was by David Jacoby - a security researcher at Kaspersky Labs - about the social aspect of security. He first showed a funny series of pictures about how IT security normally works - everyone seemed to agree with that message. Then he shared with us the results of two experiments he had performed in his native Sweden. The first experiments involved pretending to be a business man, who had lost his papers, but was fortunate enough to have copies on a USB stik. In this experiment David visited 3 hotels, 6 government / municipal institutions and 2 private companies asking if they could print him copies of his papers from the USB stik. The USB stik only contained David CV as a pdf-file, but you properly know about the many exploits using weaknesses in Adobes widely used reader.
At 2 of the 3 hotels the reception actually refused to help. The same happened at 2 of the government / municipal institutions and at 1 of the private companies. The third hotel, two of the government / municipal institutions and the other private company would print the file if David just e-mailed it to them. One just hope their AV and security is up-to-date. In the second experiment David teamed up with Outpost24, and got permission from the IT manager at an important government institution to attempt to break their security. Within 3 minutes he was in the building by walking through the door with his phone to the ear saying loudly "Yes, I just got in. I will be with you in a minute" when someone else walked out of the building. After 10 minutes David had installed a Raspberry Pi as a backdoor on an unprotected router in a 1. floor printer room. After 30 minutes he had AD access thanks to a friendly employee, who clearly wanted to help this guy from IT, who was attempting to fix a network problem. How helpful are your employees to people asking for a little help? Unfortunately David did not exploit process plant or nuclear power plant facilities. I just wonder how much more secure they would be?
Encryption appear to be part of the solution
Later I heard SafeNet talk about their ProtectV hardware encryption in your physical or virtual data-center or in the cloud. Apparently their system works by have your encryption keys located physically in your data-center, but storing your encrypted data anywhere. This sound much like the SpiderOak solution, where data are encrypted on your computer with your key which never leaves your computer, and then pushed to SpiderOak servers. However, I couldn't help thinking about storage historical data from process plants. In stead storing data older than a week, which would properly not be needed in any incident investigation, then such older data could be stored encrypted indefinitely on e.g. the Amazon EC2. This would make it easier to share such data with analyst in the business department, engineers in the project department or even university researcher. It would require zero access to the DCS. I have heard that the hardware provided by Honeywell for storing such data is not cheap.
Authentication with 4 digit pin extracted from 10 digit random number
Safepark also heard Swivel Secure talk about strong authentication. This involved a four digit pin code, just like you have for your bank card and/or credit card, and a 10 digit one time random number from which you extracted the one time key. The 10 digit number can be sent to your mobile phone or your login screen, since without your pin it is useless. If your pin is e.g. 1234, then you one time token is the 1st, 2nd, 3rd and 4th digit of the 10 digit number - which is only used once. If you insist, then the 10 digit number can be generated by a token. To me the PINsafe solution from Swivel Secure appeared much easier to use than the current two factor authentication systems. The last presentation of the day was from Bit9, which is a next generation security software provider - I hesitate to write AV-provider. The solution from Bit9 especially if deployed with FireEye will automatically stop completely new and to the AV unknown malware. Among the reference of Bit9 was ExxonMobil. However, earlier this year KrebsonSecurity reported that Bit9 had been hacked. So even their solution apparently has its limitations.
IDC Cloud Computing 2013
Safepark makes extensive use of the cloud services provided by Google. We are quite pleased with the many services provided by Google and how they support a small new company. However, today we attended IDC's one day conference in Copenhagen titled "Modernizing the Organization with Cloud and Converged Services" to learn how others are using the cloud to provide services.
Overall the presentations sounded much like the presentations on outsourcing, which we have heard over past years, except that the word "cloud" was used in stead of the word "outsourcing". Cloud is a tool to quickly pursue new business opportunities and to ease of deployment of new services using e.g. the IBM SmartCloud, which you can try for free here.
Anders Elbak from IDC Nordic set the stage by using the NIST definition of cloud computing available here. Nick Hyner from Dell talked about a famous drink from Denmark, and the PocketCloud technology, which Dell acquired by buying Wise. You can get your own PocketCloud with 2 GB storage for free. NetApp talked about the importance of tying together the different types of clouds in a transparent way.
From taxi driver to company owner
The biggest impression was Tim Waldron's story about a taxi driver in Munich. Some years ago the CEO of NetApp was in Munich and due to purring rain needed a cab to drive him just 200 meters from the hotel to a meeting location. The driver did this with great courtesy in a rather old car. Once back in the office the CEO told his secretary, that the company should use this drivers services as much as possible. Today more than five years later the taxi driver is a successful owner of a company with 8 Mercedes S-class cars and 44 employees. It all started by providing courteous service to a CEO. It is a small an wonderful world!
Rob McMahon explained the seven steps to become a successful cloud service broker: strategic plan, types of services, automate processes, SLA management, protection of services, assets management and risk assessment. Another speaker mentioned that the Danish company NNIT had successfully deployed a cloud in Denmark aimed at the pharmaceutical industry, and another that major international players appear interested in establishing facilities in Denmark. The conference was rounded off by two Danish companies explaining how they successfully deployed Microsofts Office365. As always in such cases I wonder why alternatives, such as Google Apps were not considered? After all the Danish media company Berlingske have successfully implemented Google Apps, and are currently exploiting ways to increase revenue from their internet services.
At Safepark Consultancy we just like Verizon take a pragmatic approach to cloud services. Exactly what this means will become apparent throughout the rest of the year.