www.itincanadaonline.ca
MARCH/APRIL 2014
CHALLENGES AND OPPORTUNITIES FOR RESELLERS PAGE 9 SPOTLIGHT ON SMB READY TECHNOLOGY: NETWORKING PAGE 12
CRITICAL INSIGHT FOR CHANNEL MANAGEMENT
NAVIGATING MOBILITY: PROFITING FROM COMPLEXITY
Publications agreement number 42169527. Canada Post please return undeliverable address blocks to 24-4 Vata Court, Aurora, ON, L4G 4B6
Do your sales reps spend more time looking for special pricing approvals than talking to customers? Is your purchasing team struggling to keep up with requests to validate pricing and discounts?
Is your sales team aware of all your customers’ upcoming maintenance, support and warranty renewals? Are your client entitlements lapsing, leaving your customers exposed and your accounts vulnerable to your competitors?
We Can Help
CONTENTS
14.01
FEATURED THIS ISSUE CASE STUDY: MICROSOFT AND EXPEDIA CRUISESHIPCENTERS The travel agency leveraged Office 365 for enhanced collaboration
TECHNOSPECTIVE ON MOBILITY Two analysts offer advice to resellers on making the most of mobility
SPOTLIGHT ON SMB-READY TECHNOLOGY: NETWORKING Cisco Canada’s new channel chief talks about its new partner strategy
TECHNOSPECTIVE ON SECURITY Rapid security assessments are the key to keeping businesses safe
TEST BED Amy Allen reviews the BlackBerry 10.2.1
March/April 2014
8 9
4 EDITOR’S NOTE 6 CHANNEL NEWS
Our roundup of channel news stories
18 DISTRACTIONS
Weird and wonderful tech news
12 14 17 | 3 | The Canadian Channel Standard
EDITOR’S NOTE INSIGHTS FOR TECHNOLOGY PROFESSIONALS EEDITORIAL MANAGING EDITOR: RACHEL LEVY SARFIN
rachel.sarfin@iticonline.ca
STAFF WRITERS: AMY ALLEN
amy.allen@iticonline.ca DANIELA FISHER
daniela.fisher@iticonline.ca
MOBILE DATA
CONTRIBUTOR: ERIC JACKSCH
ACCORDING TO CISCO’S 2013 global mobile data forecast, there are approximately seven billion mobile devices on the planet, whereas there are roughly eight billion people on Earth. The same report noted that the mobile data network in 2013 transmitted more information than the entire Internet in the year 2000. The proliferation of connected mobile devices presents a challenge for the enterprise. However, that same issue with which businesses grapple offers an enormous opportunity for resellers. Industry analysts Paul Edwards and Charles Brett discussed what partners to do to capitalize on the changes mobility is bringing to companies. This issue also contains a case study about a Canadian company who implemented one of Microsoft’s collaboration solutions. Office 365 allows their remote employees to connect with their colleagues and work more effectively, especially on mobile devices. The area of security is integrally related to mobility. Security columnist Eric Jacksch discusses rapid security assessments in order to better protect a firm’s digital assets. Mobile devices are a vulnerable target for criminal actors, and Jacksch provides practical advice as to how to defend against these threats. Amy Allen reviews the BlackBerry 10.2.1 in this issue. This mobile device is an enterprise-ready solution for companies that give them security and ease of collaboration. Our spotlight on small business technology is networking. Daniela Fisher interviewed Cisco Canada’s new director of channel programs. David De Abreu outlines his vision for Cisco’s reseller strategy in the True North, which includes working closely with partners to ensure their profitability. Mobility and networking each introduce an added layer of complexity to an already complicated IT landscape. Complexity isn’t a bad thing, though, especially for the reseller community. In fact, the very nature of the current IT landscape means that VARS can profit enormously, with the correct strategy and planning. So, don’t worry about removing complexity; it can’t be done. Instead, embrace it, and you’ll reap the benefits.
905-503-1376 laskey.hart@iticonline.ca
Rachel Levy Sarfin Managing Editor
SALES NATIONAL ACCOUNT MANAGER: PATRICIA BUSH
905-727-4091 x336 trish.bush@iticonline.ca
ACCOUNT MANAGER: LASKEY HART
EVENTS EVENTS MANAGER: SANDRA SERVICE
sandra.service@iticonline.ca ART & PRODUCTION
ART DIRECTOR: ELENA PANKOVA
circulation@iticonline.ca
SUBSCRIPTIONS AND ADDRESS CHANGES CIRCULATION DIRECTOR: JAMES WATSON
circulation@iticonline.ca
CIRCULATION COORDINATOR
circulation@iticonline.ca GENERAL INQUIRIES
24-4 Vata Court, Aurora, ON, L4G 4B6 Phone 905-727 4091 Fax 905-727-4428 CORPORATE COO AND GROUP PUBLISHER: JOHN JONES
publisher@iticonline.ca www.itincanadaonline.ca
PUBLISHER’S MAIL AGREEMENT: 42169527
The Channel Standard magazine is published six times per year. All opinions expressed herein are those of the contributors and do not necessarily reflect the views of the publisher or any person or organization associated with the magazine. Letters, submissions, comments and suggested topics are welcome, and should be sent to publisher@itincanadaonline.ca www.itincanadaonline.ca REPRINT INFORMATION
High quality reprints of articles and additional copies of the magazine are available through circulation@itincanadaonline.ca or by phone: 905-727-4091 ONE YEAR SUBSCRIPTION RATES
Canada: $50/year; USA $60/year; International $100/year. All rights reserved. No part of this publication may be reproduced without written consent. All inquiries should be addressed to circulatin@itincanadaonline.ca
March/April 2014
| 4 |
The Canadian Channel Standard
media:scape™
furniture and technology merged to help teams access and share information www.steelcase.com/cometogether
expect more
Contact us to learn more
·media:scape™ creates a collaborative destination ·Everyone can share their digital information instantly ·Information is visible by all participants
POI Business Interiors has more than 50 years of experience in providing knowledge, products and services that help people work more effectively. We understand the issues facing organizations today. T 888 296 9967, F 905 479 6941 www.poi.ca info@poi.ca
CHANNEL NEWS HP announces security partnership, supports women in IT security field
HP is showing it takes security seriously. At the RSA conference in March, it announced a new partner network that will use the power of collaboration to combat cyber threats. The HP Threat Central Partner Network will provide real-time intelligence about adversaries and their attack methods by encouraging the sharing of information between partners. The company has already welcomed partners such as Arbor Software, BlueCoat, InQuest, ThreatGRID, TrendMicro, and Wapack Labs into the fold. “We will be extending our ability to protect by partnering with big names in security,” said Rob Greer, VP and GM, HP Software, Network Security, HP. “This is a positive approach. We are coupling together with partners that are detecting unknown threats.” The company also announced the HP TippingPoint Advanced Threat Integration Program, a solution that blocks threats and provides access to the HP Threat Central network. It already includes partners such as BlueCoat, Damballa, Lastline, and Trend Micro. Among other upgrades to its security portfolio is HP Targeted Threat Intelligence, which analyzes data collected from sources such as social media and hacker forums to provide a more complete picture of an organization’s threat landscape, and enhancements to the company’s Managed Security Services. In addition to these enhancements, HP has announced that it will be granting $250,000 to its new Scholarship for Women Studying Information Security (SWIS) program. “The security industry has a pressing need for skilled security talent that can function fluidly in today’s environment,” said Art Gilliland, SVP and GM, Enterprise Security Products, HP, in a release. “With the new scholarship program for women in information security, as well as the expansion of HP’s academic program, HP will support security career growth and introduce new talent to the field.” Participating students will receive between $5,000 and $10,000 each year, up to a total of $20,000 over a two-year period. Scholarship winners will also have the option to intern at HP. So far, over 60 universities have signed up for the new program. These announcements come at a time when the Ponemon Institute is predicting a 40 per cent vacancy rate in the IT security jobs field in 2014. HP says more must be done to attract and retain top talent, and it believes the scholarship can help achieve that goal.
March/April 2014
| 6 |
OnX attains HP Platinum partner status OnX, an Ontario-based provider of data centre IT solutions, has been named HP’s first Canadian Platinum partner for its implementation of the HP Software Information Technology Operations Management (ITOM) and Application Delivery Management (ADM) suites. It also one of just a handful of companies to attain Platinum status in the U.S. “This is exciting news and a testament to the dedication and experience of the OnX team,” said Chad Coyes, director, Enterprise Software, OnX. “As an HP Platinum Software partner, we are well positioned to support our customers in identifying and implementing solutions that leverage the power of HP Software. We look forward to continuing to grow this business and expand further into HP Software’s emerging technologies including Security Management, Information Management, Service Management, and Change Management.” Several factors contributed to OnX’s success. In 2013, the company boosted sales by 45 per cent and received a number of certifications and authorizations for the ITOM and ADM suites. It also contributed to the transformation of IT delivery, management, and service capabilities. Ultimately, OnX’s clients will benefit from the buying power afforded by its elevation to Platinum status. They will now have better access to consultants, resources, and the latest technology, and HP itself has pledged to devote more executive attention to OnX clients, particularly in the form of technology briefings. “We are proud to be named an HP Platinum Software partner, after our strong performance in 2013,” said Mike Cox, CEO, OnX. “HP technologies are a key component of many of the custom solutions we offer, and this honor is a testimony to our team’s expertise.”
The Canadian Channel Standard
CHANNEL NEWS OpenText unites SharePoint and SAP in new solutions
OpenText introduced recently a new solution that links together OpenText, SAP, and Microsoft SharePoint content management platforms. The solution is officially called the OpenText Microsoft SharePoint Services (SPS) for Extended ECM for SAP Solutions, and OpenText says it will deliver organizations more effective governance and compliance capabilities. “It helps customers reduce the number of places where a person has to act to accomplish a goal or task they have,” said Piyush Patel, VP, worldwide partner strategy and marketing, OpenText. “It reduces inefficiency in storage, and reduces the number of mistakes made. It makes customers more compliant.” The solution provides a full view into systems through a single pane of glass, ensuring that SAP and SharePoint users are able to more effectively govern their content. It enables SAP and SharePoint users to work together on documents without subjecting them to an inefficient, multi-part process. SAP users will be able to see what SharePoint users are doing – and vice versa – in real-time. “Complementing OpenText Extended ECM for SAP Solutions, the SPS solution from OpenText enables enterprises to unite the worlds of ERP and ECM, helping to reduce the risks and costs of any records mismanagement, increasing information worker productivity, and enhancing a company’s ability to comply with regulations,” said Kevin Cochrane, CMO, OpenText, in a statement. The solution will be useful in most organizations, says OpenText, because SharePoint is one of the largest repositories on the planet and is in use in so many enterprises. It is also one of the few of its kind. “There are other connectors that will let you tie one repository into another, but this one, uniquely, combines three-way usage,” said Patel. “It’s the only one that is endorsed by all three vendors, so we have a power of three concept here.”
Fortinet expands SIEM partner ecosystem In response to customer requests for more choice, Fortinet announced that it is including AccelOps, IBM, and LogRhythm in its extended Security Incident and Event Manager (SIEM) ecosystem. The new additions to its ecosystem will ensure that Fortinet customers, be they large enterprises or managed security service providers (MSSPs), have a broad range of tools and solutions to choose from for their IT management needs. “AccelOps, IBM and LogRhythm expand upon and complement Fortinet’s existing hardware and software portfolio, which includes the John Maddison, VP, marketing, Fortinet high-performance, enterprise-grade FortiGate platform as well as supporting FortiManager and FortiAnalyzer platforms,” said John Maddison, VP, marketing, Fortinet. “Our customers have indicated they wish to use these partner products in their IT environments, and today’s announcement illustrates our ability to fulfill these customer requirements with a high level of integration and compatibility.” AccelOps brings customers capabilities that include SIEM, performance, and infrastructure availability monitoring. The platform functions on both private and public clouds, and in traditional data centre environments. The solution is scalable and spans server, storage, network, security user, and application domains across a user’s entire infrastructure. IBM’s contributions include the QRadar SIEM platform and IBM Security Intelligence X-Force Threat Intelligence, both of which can assist the user in prioritizing security incidents. Together, the solutions provide a near real-time window for threat detection, enabling more rapid and effective threat management. LogRhythm, a global provider of log management and event management solutions, brings its Security Intelligence Platform, which combines next-generation SIEM, log management, file integrity monitoring, and network forensics. Its solutions are currently in use in a number of Global 2000 organizations, government agencies, and mid-sized businesses.
March/April 2014
| 7 | The Canadian Channel Standard
CASE STUDY
Expedia CruiseShipCenters and Microsoft BY AMY ALLEN
About the Company
With its corporate office located in Vancouver, Expedia CruiseShipCenters is a full-service travel agency that specializes in marketing and selling cruise vacations. The company has a franchise network comprised of over 170 locations, and employs over 4,000 sales consultants – some of whom must work remotely, from locations such as cruise ships.
The Business Problem
The company’s existing technology was a combination of Unix and Exchange 2003. The solution was dated, which made it increasingly difficult for offices to communicate with their remote workers – and vice versa – and its email platform did not integrate with the company’s cruise desk booking technology. As a result, the company was using two separate platforms side by side, and it was a cumbersome solution. “We have a growing network of consultants and franchise partners, as well as our corporate offices. We needed new ways to communicate effectively across different levels, with mobile, in-centre, and at our corporate offices,” said Dan Wheeler, franchise development manager, Expedia CruiseShipCenters. The company shortlisted three potential solutions, but ultimately ended up turning to Microsoft Office 365.
fice 365 in the past, because they will have insight into how to build a solid migration plan for the technology. It’s also important to get support staff involved – they are the ones on the front lines and will be dealing with the technology day in and day out. “Have staff document what they do,” said Fowler, so that problems can be logged and dealt with to better meet employee needs and customer expectations. In terms of thinking outside the box, Fowler says businesses must “change the process to match the technology before [they] change the technology to match a process.”
The Solution
Benefits
The company chose Microsoft because it wanted to adopt a solution it could build on and which its employees could quickly learn to use. Andrew Fowler, manager, Partner Support, Expedia CruiseShipCenters, said the company asked itself two questions before choosing Office 365: “Who can we do business with that will be around in three to 10 years? What vendor is making the investment to help businesses leverage remote and mobile solutions?”
Implementation
The implementation process involved migrating 4,100 users operating in five different time zones onto the Office 365 platform. Although it was a dramatic change for the company, the migration was facilitated by the fact that its staff was already familiar with the Microsoft Outlook environment.
Lessons Learned and Best Practices
The key to a successful implementation, said Fowler, is to establish a good relationship with one’s partner. He added that it’s a good idea to seek out others who have implemented OfMarch/April 2014
| 8 |
As a result of the implementation, Expedia CruiseShipCenters now operate on a single collaborative platform. Employees have a shared, universal address book and can now communicate with their clients and other consultants regardless of where they are located, be it on a cruise ship or a beach. “The franchise partner can create a shareable calendar for its employees and…remote consultants, who don’t come into the store very often,” said Wheeler. “Anyone can open it up anytime, anywhere, and see what night we have a presentation, what night we have a cruise training representative in, who’s taking holidays, who’s got a desk booked for any given day. The calendar features are amazing, and those that have learned it and use it are really loving it.” With a low barrier for entry, Expedia is able to provide a greater number of tools to its franchise partners and consultants, meaning employees can now perform more efficiently in their roles. It also has the benefit of freeing up staff resources for more profitable tasks. “We don’t have to tie-up capital at building or maintaining collaborative software,” said Fowler. “We can move IT staff onto other projects and tasks that have greater ROI.” The Canadian Channel Standard
MOBILITY
TURNING CHALLENGES
INTO
A
merican president Harry Truman once said, “A pessimist is one who makes difficulties of his opportunities and an optimist is one who makes opportunities of his difficulties.” While the president did not realize it, his saying could be applied to the mobility space today. There are certainly challenges for the enterprise. However, there is also a world of possibilities open to resellers, if only they are willing to seize it. Paul Edwards, director, infrastructure channel, IDC, and Charles Brett, principal analyst, Freeform Dynamics, shared their thoughts on how mobility will shape the enterprise in the short and medium term. Edwards cited IDC research that points to the enormous impact mobility is having on the enterprise. “Mobility is one component of what IDC calls the 3rd Platform (including cloud, mobile, social, big data/ analytics), and the 3rd Platform will dominate market growth, driving 29% of 2014 IT spending, and 89% of growth,” he said. This is welcome news for resellers. “Clearly the biggest development in mobile is the market growth and market opportunity, including devices, but more importantly solutions that include devices, i.e. in the latter case there’s a
OPPORTUNITIES FOR RESELLERS
higher revenue and profitability ratio for channel partners, not to mention higher customer retention,” Edwards remarked. The IDC analyst added, “The 3rd Platform (and mobile as a part of that) is a major sales disruptor for infrastructure channels because of its extension into applications, industries, and higher level customer decision-makers.” These higher level customer decision-makers include departments in companies other than IT, such as marketing, customer service, and sales groups. Edwards noted
Charles Brett, principal analyst, Freeform Dynamics
March/April 2014
that IT spending by groups outside of IT departments is forecast to grow at 6% annually, which is two and a half times what the average IT department spends. Moreover, by 2016, 80% of new IT investments will have the direct involvement of line-of-business executives. This year, 40 – 50% of 3rd Platform growth will come at the expense of what IDC terms the “2nd Platform,” PCs. Brett sees other important developments in the mobility space. “Devices are of less and less interest per se,” he said. “What businesses do with them is more important.” In
“Increasingly, large enterprise mobility management solutions (including app development and lifecycle, content security, etc.) will become the ‘possession’ (or at least target) for traditional big vendor sales teams, which may have knock-on effects for resellers.”
| 9 | The Canadian Channel Standard
MOBILITY
Paul Edwards, director, infrastructure channel, IDC
addition, Brett believes that machineto-machine (M2M) technology will have a significant impact on mobility. There is a difference between M2M technology in the consumer and enterprise spheres, though. The Freeform Dynamics analyst commented that enterprise M2M is more established than its consumer counterpart, which he described as “chaotic and ill-thought through as of yet.” Something else that will affect mobility is the consolidation of mobility management solutions vendors. According to Brett, the consolidation of mobility management solutions vendors will be of great interest to the reseller community. “Even the ‘big guns’ need resellers to sell management services to SMBs,” he stated. Brett also believes that other aspects of mobility management will become paramount to larger, established vendors. “Increasingly, large enterprise mobility management solutions (including app development and lifecycle, content security, etc.) will become the ‘possession’ (or at least target) for traditional big vendor sales teams, which may have knock-on effects for resellers,” he noted. Edwards has another perspective on what developments in the mobility space will affect resellers. He predicts smart mobile devices (SMDs) such as smart phones and tablets represent a lucrative opportunity for VARS. “SMDs will experience high growth in 2014, in stark contrast to servers and PCs, which will be relatively flat,” he remarked. In order to recoup their losses from stagnant PC and server sales, resellers will turn
“SMDs can become a stopgap for those partners still negotiating the fundamental changes in the IT market (i.e., the 3rd platform), and end-customer buying behavior that demands partners develop new approaches to selling, delivery, and support.”
towards SMDs as a way to boost profits. “Many of these partners will accelerate SMD resale and the development of mobile practices that take advantage of existing in-house skill sets to drive services revenue and margin,” Edwards commented. The IDC analyst provided a new paradigm to illustrate his point. “One example that supports this perspective is the capabilities of infrastructure partners in enabling the back-office integration of these devices and in deploying a wide array of mobile solutions,” Edwards stated. SMDs also represent another way to maximize profits, thanks to the issues surrounding BYOD. “SMDs are tied to the bring-yourown-device (BYOD) trend, which further extends partner capabilities into areas such as security (e.g., mobile device management),” he explained. Mobile devices can also offer VARS a chance to boost revenue as they figure out their business strategy in a changing field. “SMDs can become a stopgap for those partners still negotiating the fundamental changes in the IT market (i.e., the 3rd platform), and end-customer buying behavior that demands partners develop new approaches to selling, delivery, and support,” Edwards said. “In this context, SMDs buy partners’ time with much-needed resale revenue as they develop and execute on business strategy.” Both analysts had advice on how resellers can derive the maximum benefit from these developments within the field of mobility. Edwards sees the key to resellers’
March/April 2014
| 10 |
success in the realm of skill-building. “For partners to succeed in current and future markets requires a check-list of capabilities that vendors also need to be attuned to both in identifying relevant new partners and in helping develop the skills of current partners,” he commented. These proficiencies include being a primary influencer of IT and line-of-business departments, as well as a referee between the two groups; formulating a proactive business-aligned sales process; possessing a holistic solutions focus; providing industry-level value; being driven by a professional services or consulting strategy; offering a choice of deployment models; and possessing competencies in business process and applications. Brett also believes that providing professional services and consulting for mobility management offers an excellent opportunity for VARS. He recommended partnering with a major vendor in this space and targeting SMBs, and he urged distributors to focus on this market segment in the long term. Brett weighed in on the positive value of collaboration as well. “When existing enterprise accounts are threatened by big vendors, get in early and work out how to help the big vendor while keeping some share of the pie,” he urged resellers. “The alternative may be to lose the account.” Mobility will continue to change and sometimes confound the enterprise. However, savvy VARS will turn the confusion to their advantage and profit. Otherwise, they might find themselves engaged in a struggle for their survival.
The Canadian Channel Standard
http://www.itincanadaonline.ca/
ARE YOU MISSING OUT? Please supply us the following information to allow us to provide another year of Free Subscriptions to The Channel Standard.
SUBSCRIBE
NOW!
Fax: 905-727-4428 Mail: 24-4 Vata Court, Aurora, ON, L4G 4B6 Email: circulation@iticonline.ca
NAME:
TITLE:
ORGANIZATION:
ADDRESS:
CITY:
COUNTRY:
PROVINCE:
POSTAL CODE:
E-MAIL ADDRESS:
PHONE:
WHICH FORMAT WOULD YOU LIKE TO RECEIVE YOUR COPIES?
SUBSCRIBE TO FREE WEEKLY E-NEWSLETTER?
Privacy Policy: we do not share or sell our mailing list
YES, PLEASE
DIGITAL
NO, THANKS
ON LOCATION BY DANIELA FISHER
CISCO puts
the focus on partners
A new leader is said to have 100 days to make a real difference in their organization.
F
or David De Abreu, who stepped into the role of Canada’s channel chief in July 2013, those first hundred days may have gone by rather quickly, but they were instrumental in defining his priorities for the channel going forward. In those first 100 days as vice president of Partner and Solutions Organizations (the company’s de facto channel chief position), De Abreu travelled across Canada, meeting with partners and customers to determine what was top of mind for partners, as well as what Cisco needed to change. “I stated from day one on the job, we want to do more listening than
talking to our partners about what they need from us and how we can enable them to be better and help grow our business and their business,” said De Abreu. The Canada channel chief visited a number of cities to receive feedback from partners. “It was really good,” said De Abreu. “I got a different flavour for all the partners both big and small across the country.” As a result of the meetings, he developed five key priorities for the channel. They focus on creating opportunities for partners to better drive revenue and serve their end customers, as well as preparing them for the future.
March/April 2014
| 12 |
Cisco channel priorities
First off the list is making sure Cisco and its partners are aligning to new customer-centric consumption models. There’s a growing customer demand for consumption models like cloud and managed services. Partners need to adopt new business models that support managed services and cloud, as well as the Internet of Everything. In that regard, Cisco is examining what models best work for partners, and how they can enable them going forward. The second priority for De Abreu is better integrating Cisco’s offerings. He and his team are turning their attention to better integrating architectures, solutions and verticals, to provide more opportunities for partners. This includes creating a new partner ecosystem, one that blends the old with the new. The new being partners coming to work with Cisco in different verticals and segments such as healthcare, oil and gas, as well as utilities. “What we’d like to do is tie those new partners to some traditional partners, so that they can both benefit from the dynamic changes in the future and create this new ecosystem working with them,” said De Abreu. The third strategy is raising partner profitability. For Cisco, this means focusing on delivers what the end customer wants for their business, but also enabling the partners to add a value scenario for themselves that allows them to increase their profitability. Fourth is strengthening Cisco’s midmarket execution through its distributors. “We think the distribution partners have a great value add that we at Cisco have not done a great job of working with originally,” says De Abreu. “We will spend a lot of time trying to work with them to drive their business, and have them add a
The Canadian Channel Standard
ON LOCATION
David De Abreu, channel chief of Canada, Cisco
value scenario that’s different from what they have in the past. And that’s up to us to figure out what that is with them.” Cisco has already rolled out a service for intensifying its midmarket position, with its recently launched configure-to-order (CTO) reseller program for the Business Edition 6000 telephony system. The fifth and final strategy looks at making it easier to do business with Cisco and customers, by making everything as simple and optimized as possible. For De Abreu, this means always looking at this concept from the partner and the end customer perspective, instead of focusing internally on what the Cisco wants to achieve.
Helping partners stay ahead of the game
From his cross-Canada trip, De Abreu found that top of mind for partners was how to maintain or increase profitability, while bringing more value to end customers. Partners want to know which business models to adapt, and where to invest their resources. Going forward, De Abreu predicts, the hardware products pie is not viable. Instead, managed services and the cloud are the future revenueearners. “One of the big things is cloud,
how is everybody playing in the cloud, how do we make money in cloud, what are the things that we can do,” said De Abreu. “It’s not new, the questions probably started last year, but now it’s at its peak when it comes to a lot of that.” As ever, in a world where the rate of innovation is constantly accelerating, partners want to make sure that they’re staying ahead of the trends. This includes a focus on providing services and an infrastructure for new vertical segments. “I think there’s going to be more and more requirements to be vertically specific, whether that’s healthcare focused, whether that’s oil and gas focused, manufacturing focus, the Internet of Everything, the cloud side of the business, all those pieces you’re looking at,” said De Abreu. “You still have to have the capabilities of creating a backbone infrastructure that can run that, can enable that.”
Connecting to the Internet of Everything
Cisco defines the Internet of Everything (IoE) as bringing together people, process, data, and things to make networked connections more relevant and valuable than ever before. “It’s an unbelievably big opportunity for us to look at,” says De Abreu. As people’s lives become more integrated with technology, the IT industry is shifting to meet their demands. And as Cisco seeks to connect increasingly large numbers of people, processes, data and things, it’s making sure that partners have a prime spot in this ecosystem. “There are dynamic shifts outside of our traditional business,” says De Abreu. “There are more and more requirements out there for intelligent devices and that’s the Internet of Everything, intelligent devices where we connect people, processes, data and things. Over the next five years we’re very excited about that side of the business, and how we work with our partners on that driving it forward.”
March/April 2014
What can partners expect from Cisco this year
For De Abreu, the focus will be on integrating Cisco’s offerings with the partner model, and expanding the partner ecosystem. “We’ll continue to try to integrate the architectures, the solutions and the partner model, to add more value to our partners, and also to ensure that we bring an innovation mentality to our partners,” says De Abreu. As Cisco expands its reach in the Internet of Everything space, De Abreu is looking to integrate new partners from the IoE into Cisco’s ecosystem. “We believe this Internet of Everything will have a different set of partners,” says De Abreu. “We want to link those two sets of partners together, the new partners who are going to do things on the Internet of Everything – and some of them are traditional, some of them are new – how do we link them together with that ecosystem that we’ve built over the last 22 years.” In the future, for Cisco Canada, De Abreu says it will continue to work with its end customers and partners, and take input from them on what needs to change. Areas of focus for Cisco will include the Internet of Everything, the cloud, its R&D capabilities, and its corporate social responsibility. As well, the company will focus on the data centre side of the business, and what its plans are for partners with that. “There’s a lot of things that are on our plate, but it’s just such a dynamic environment right now, you have to be able to innovate and be flexible and push the envelope a little bit and ask some good questions,” says De Abreu. “You’ve got to make some quick decisions and move ahead with some of the ideas you have. And that’s really the mentality we’re taking as a Canadian leadership team. We want to do more, we want to break some glass, we want to ask a lot of questions, and we want to make sure that we’re at the leading edge of some of these ideas.”
| 13 | The Canadian Channel Standard
INDUSTRY ISSUES
Rapid cybersecurity RISK assessments:
A primer
BY ERIC JACKSCH
B
usinesses and governments alike are struggling to effectively protect information systems from cyber-attack. The theory appears sound: We conduct risks assessment, identify areas of risk that exceed our risk tolerance, and apply controls to mitigate them. We monitor the controls, adjust them over time, and update our assessments. However, as evidenced by regular reports of large-scale data breaches, we need a much better approach. Security risk assessments allow us to make reasoned decisions about security budget allocations. We’re not always right, but that shouldn’t stop us from exercising due diligence by determining our current level of risk and what to do about it. Unfortunately most risk assessment methodologies are complex and take days or weeks to execute. They’re too slow and too expensive. Managing risk in today’s rapidly-evolving cybersecurity landscape requires a more agile approach. When we put aside the details of a security risk assessment methodology like the Canadian Harmonized Threat and Risk Assessment (HTRA), at its very root we have assets, threats, and vulnerabilities. Assets are the things we March/April 2014
| 14 |
The Canadian Channel Standard
01001001 01100110 00100000 01111001 01101111 01110101 00100000 01100011 01100001 01101110 00100000 01110010 01100101 01100001 01100100 00100000 01110100 01101000 01101001 01110011 00101100 00100000 01101111 01110101 01110010 00100000 01100011 01101100 01101001 01100101 01101110 01110100 01110011 00100000 01100001 01110010 01100101 00100000 01110011 01100101 01100001 01110010 01100011 01101000 01101001 01101110 01100111 00100000 01100110 01101111 01110010 00100000 01111001 01101111 01110101 00101110 If you can’t read this, we’ll connect you to the people who can.
4fmv.ca
The right candidates. The right opportunities.
ON LOCATION Governments, organized crime, and sophisticated individual hackers use the same attack methodologies, and the same controls are therefore required to thwart them. need to protect. Threats are possible danger. Vulnerabilities are the characteristics of a system that could allow a threat to act on the asset. Risk is the product of asset value, threat magnitude, and vulnerability severity. The HTRA methodology provides a solid framework for conducting detailed, thorough risk assessments. In some situations – for example if you’re designing financial transaction software -- that makes sense. However, by streamlining each of the three major components (assets, risk, and vulnerabilities) we can derive a rapid cybersecurity risk assessment methodology. Traditional risk assessments place a lot of emphasis on identifying, categorizing, and valuing assets. The reality in most IT environments is that while information assets vary greatly in value, the porous boundaries between them make it a moot point. Our SQL database server may contain two dozen different types of information, but if our DBA’s workstation is compromised by advanced malware the data is essentially all in the same bucket. From an intruder’s perspective low sensitivity systems may be bonus data, collateral damage, or useful hoppingoff points within your network. Since our goal is to protect our most sensitive assets, we can streamline our assessment by identifying the smallest number of assets necessary to conduct the analysis. If at all possible, consider all information and IT systems within the scope of the assessment to be a single asset and value it accordingly. At this point you may be contemplating your investment in firewalls, VLANs, and DMZs. If your architecture is designed to restrict communication between related systems — for example by restricting which ports on the database server are accessible from application servers — consider it all within the scope of the same assessment. Far too many organizations have conducted a separate risk assessment on each individual server and determined the risk to be acceptable only to find out that there are holes in the overall system large enough to drive a proverbial truck through. On the other hand, if you have isolated separate systems to the point that a total compromise of one is highly unlikely to impact another, conduct separate risk assessments on each isolated system. In a detailed risk assessment it’s easy to identify dozens or even hundreds of threats. However, unless your March/April 2014
| 16 |
organization is very specialized, the threats you face are far from unique. Intellectual property is targeted by foreign governments and competitors. Payment card transactions attract organized criminals. Intelligence agencies and identity thieves want personal information. Add opportunistic hackers, disgruntled insiders, accidents by authorized users, and natural disasters and your cybersecurity threat landscape emerges. Governments, organized crime, and sophisticated individual hackers use the same attack methodologies, and the same controls are therefore required to thwart them. Similarly, attacks by insiders and natural disasters require disaster recovery and business continuity plans. As a result cybersecurity threats can usually be summarized into four categories: external adversaries; malicious insiders; accidents; and natural disasters. In our search for efficiency it’s also worth considering that the same threat profile likely applies to all of the organization’s information assets. While it is possible that an adversary may direct their efforts at a high-value asset with surgical precision, it is also likely that they may, to use a physical analogy, kick in every door and rifle through every drawer until they find enough stuff, run out of time, or get caught. From a practical perspective, we need to reduce the amount of time spent considering assets and threats. If you process payment cards, your asset value is high, as are the threats from external adversaries and malicious insiders. It need not be more difficult than that. Vulnerabilities are where cyber rubber hits the virtual road. Risk mitigation recommendations address vulnerabilities. The challenge is that we don’t always discover the vulnerabilities first, and assessing vulnerabilities has traditionally depended primarily upon the skill and experience of the analyst. Different analysts looking at the same system often come to radically different conclusions about the level of risk and rolling multiple risk assessments into an enterprise-level view has been difficult at best. Governments have been struggling with this problem and have started to place more emphasis on controls. NIST Special Publication 800-53A Revision 1 includes a long list of security controls, and profiles suggest which controls should be applied based upon the sensitivity level of the assets. Communication Security Establishment Canada (CSEC) has followed suit with ITSG-33. Adopting a more controls-centric approach to assessing cybersecurity risk makes sense because they’re the primary tools we have to reduce the risk to operational systems. We usually can’t modify software to make it more secure, we can’t change the value of the assets, and direct threat mitigation is generally not an option. What we can do is develop a standard set of controls for our organization and use them as a barometer in the vulnerability component of our risk assessments. We need to conduct cybersecurity risk assessments in a few hours and spend more of our time and budgets addressing risks. The Canadian Channel Standard
TEST BED BY AMY ALLEN
BlackBerry Is it all it’s 10.2.1: cracked up to be? BlackBerry released version 10.2.1 of its BlackBerry 10 operating system last month, and many of its new features are sure to appeal to enterprises. BlackBerry supplied IT in Canada with a Q10 so we could review the new features.
T
he device itself is a touchscreen/keyboard hybrid. The Q10 strikes a nice balance between the two; it’s easy to type, but it’s also easy to navigate the menus by touch. BlackBerry has added some new features the interface to bring it up to date with other smartphones on the market. You can now swipe to accept or reject incoming calls, or tap an icon to mute the ringer. The software responds quickly, meaning you won’t have to stab at the screen repeatedly with your finger to carry out actions. One of the more innovative features is the picture password feature. In a world populated by devices offering pattern and PIN unlocking mechanisms, the picture password is an unusual but effective capability. When setting up the picture password, the device asks you to select a number. After you’ve done so, it asks you to select an image. For example, you can choose an image showing buttons of different sizes, shapes, and colours, and the phone will then instruct you to drag your chosen number onto one part of the image. On the lock screen, the device lays out grid of random numbers on top of the image. You then have to move the grid around until your chosen number is centered on the part of the image you selected in the setup menu. Such a feature might strike some as annoying, but the security it provides can’t be denied. Thanks to the grid of random numbers, anyone looking over your shoulder would be unable to figure out the solution to the puzzle. The best new feature for enterprises, however, is the pinch filter in BlackBerry Hub. Some people regularly receive dozens or hundreds of emails per day, across a number of accounts, which greatly amplifies the possibility that some messages will get lost in the shuffle. Thankfully, the Hub is perfect for helping professionals manage large volumes of messages in a simple way.
March/April 2014
Here’s how: You can set filters in the settings menu and select whether you want the Hub to display only unread, flagged, or priority messages, which can then be activated in the Hub with a pinch motion. Other smartphones just don’t have anything as efficient as the BlackBerry Hub. Android, for example, has a pulldown notification window, but there is no real way to customize how messages are displayed. Moreover, the user can’t keep the messages in the notification window once they’ve been read. As for security, the reality is that anyone could look over the shoulder of an Android user and memorize the PIN or security pattern at first glance. With 10.2.1’s picture lock feature, the solution isn’t quite so obvious. So is the new version of BlackBerry 10 good for enterprises? The answer is, unequivocally, yes.
| 17 | The Canadian Channel Standard
TRACKER NETWORKS BY CHANNEL STANDARD STAFF
DISTRACTIONS Start-up launches speed-reading app
In our fast-pased world, reading for leisure can sometimes seem like an unattainable luxury. But Spritz, a start-up based in the United States, is looking to solve that problem – it has come up with a new application that can let you read a book in as little as 90 minutes. According to Spritz, it takes us so long to read because we have to move our eyes from word to word and sentence to sentence – and then our brains need to expend more energy to put it all together in a way that makes sense. Its new app, also called Spritz, relieves the brain of at least part of that burden. It centres each word on a common point so the meaning can be absorbed without the need for eye movement. The app offers speeds as low as 250 words per minute up to 1,000 words per minute. Users can adjust the speed according to their comfort level. Critics, meanwhile, are skeptical that readers can properly absorb what they’re reading when the words are flying by so quickly, but they do admit that it could be a boon for students who need to get through hundreds of pages of course material every week.
Target knew of malware, and did nothing
According to a report from the New York Times, Target knew there was something fishy going on with its point-of-sale terminals, but decided not to do anything about it. Prior to the attack, Target had installed FireEye’s security software on its terminals. The software sent out several alerts that malware was being uploaded to Target’s systems as the breach was being carried out. But, as Target spokesperson Molly Snyder put it, the security team decided, after evaluation of the alerts, that “it did not warrant immediate follow-up.” As a result of the breach, the credit and debit information of 40 million customers was stolen, along with the personal data – such as mailing addresses – of another 70 million customers. Beth M. Jacob, former CIO and EVP for technology services, has since resigned from the company.
March/April 2014
| 18 |
A jealous toaster? It’s not so far-fetched
Wired magazine reported in March that Italian designer Simone Rebaudengo has invented an Internet-connected toaster that can tell when you’re not using it enough, and will go out of its way to alert you of the fact. The toaster, named Brad, is part of a scenario conceived by Rebaudengo in which the Internet of Things has led to a world of gadgets that are envious and vindictive in addition to being smart. Rebaudengo wired Brad and four other toasters up with sensors and ethernet so that the each toaster could monitor how often the others were being used. If one toaster found that the others were being used more frequently, it tried to get the attention of its owner by flapping its handle; if attention was withheld, it could send out an alert to a network of people who had applied to be “host” to the toaster so that it could find a more attentive home. All of which begs the question: What will our relationship with the gadgets of tomorrow be like?
Slyce creates Shazam-like app for, well, everything
Ever saw a stranger walk by wearing a shirt you liked, and regretted never asking where they found it? Slyce, a Toronto-based start-up, has been working on an app that lets you take a picture of an item, then matches it with either the exact item or an item similar to it in a store’s inventory. That said, Slyce as of yet has no plans to release the app to the general public. It is currently working with six of the largest retailers in the U.S. so that the technology can eventually be built into their websites and mobile apps. The technology can be used by consumers to create wish lists or wedding registries. Businesses, meanwhile, can use it to collect data on what people are photographing to determine their interests and build more personalized marketing campaigns. The technology is in its early stages now, with Slyce still building databases out of its partners’ inventories, but businesses see its potential to transform the consumer experience in coming years.
The Canadian Channel Standard
o to et se os lo c cl
& s& bs ub p pu
S RESTO
R
e ve tiiv ut cu ec xe e ex
ES SUI T
S
e he th ot to st ns miin 2 2m
WAY ENS E U Q
Q
dhin s be nly ting e o e as ft m e le nw ay!
Howntowocks aw d l wb A fe
THE
SURPRISING DOWNTOWN OTTAWA HOTEL YOU MIGHT HAVE MISSED.
377 O'CONNOR STREET, OTTAWA, ONTARIO
1-800-465-7275 WWW.VICTORIAPARK.COM
Really,
ReallyBig Hotel Suites.
The moment.You know it. It happens any time you stay at a new hotel, right after you swipe your room key. The moment before you open the door. Will the room be big, or small? Light, or dark? Nice, or not?
and feature real bedrooms, real kitchens and real living rooms. And they don’t cost any more than those of our competitors. Really, why would you stay any place else?
Here’s what you’ll find the moment you open your door at Albert at Bay—space, and lots of it. Our suites are the biggest in Ottawa
DOWNTOWN OTTAWA
435 ALBERT STREET
613.238.8858
RESERVATIONS 800.267.6644 ALBERTATBAY.COM
IM Solutions made simple. Your organization’s information management program is overwhelmed, under-resourced, in disarray and putting you at risk. Turn to Canada’s leading IM practice firm, Cogniva. With our proven approach and innovative toolset we have helped dozens of departments, agencies and international organizations tackle their information
Cogniva takes the guess work out of IM
management issues in an effective and sustainable manner since 2004.
Cogniva Information Solutions 283 Alexandre-Taché, F-3050 Gatineau, Québec, Canada J9A 1L8 Phone Fax
1 819 776 2666 1 819 771 7209
info@cognivasolutions.com
www.cognivasolutions.com Proud supporter of ARMA