IT in Canada January/February 2015 by Promotive Communications

MICHELLE DE HERTOGH

ERIC JACKSCH

Reinventing the channel: Adapt or die trying p.20

Predictions for 2015 p.10

January/ February 2015 VOLUME 6 NUMBER 1

THE POWER OF PREDICTIVE SECURITY

Publication Mail Registration Number: 42169527

INSIGHTS FOR TECHNOLOGY PROFESSIONALS

www.itincanadaonline.ca

& s& bs ub e pu ve op tiiv to e ut et s cu s o ec o l xe l e c ex c

S RESTO

ES SUI T

e he th ot to st ns miin 2 2m

WAY ENS E U Q

dhin s be nly ting e o e as ft m e le nw ay!

Howntowocks aw d l wb A fe

THE

SURPRISING DOWNTOWN OTTAWA HOTEL YOU MIGHT HAVE MISSED.

377 O'CONNOR STREET, OTTAWA, ONTARIO

1-800-465-7275 WWW.VICTORIAPARK.COM

Really,

ReallyBig Hotel Suites.

The moment.You know it. It happens any time you stay at a new hotel, right after you swipe your room key. The moment before you open the door. Will the room be big, or small? Light, or dark? Nice, or not?

and feature real bedrooms, real kitchens and real living rooms. And they don’t cost any more than those of our competitors. Really, why would you stay any place else?

Here’s what you’ll find the moment you open your door at Albert at Bay—space, and lots of it. Our suites are the biggest in Ottawa

DOWNTOWN OTTAWA

435 ALBERT STREET

613.238.8858

RESERVATIONS 800.267.6644 ALBERTATBAY.COM

Contents

www.itincanadaonline.ca

Vol 6 No 1 January/February 2015

Features

8 The battle for data protection A new platform from Websense will help enterprises protect their data across the entire kill chain 10 Predictions for 2015 What security issues will affect the IT industry in 2015? Eric Jacksch looks into his crystal ball to find out 17 No time for downtime An EMC study shows that downtime caused by attacks is costing Canadian businesses billions 20 Reinventing the channel â&#x20AC;&#x201C; Part 1 In the first part of a three-part series, Michelle De Hertogh explains why the channel needs to adapt to the demands of customers 13 Cover Story: The power of predictive security FICOâ&#x20AC;&#x2122;s Dr. Andy Jennings discusses the importance of security measures, and how enterprises can use them to their advantage Departments 4 Editorial 6 News Our roundup of news stories 10

Online Extras: www.itincanadaonline.ca 20 Missed an issue? Misplaced an article? Visit www.itincanadaonline.ca for a full archive of past IT in Canada Online issues, as well as online extras from our many contributors. January/February 2015 IT in Canada Online / 3

EDITORIAL INSIGHT FOR TECHNOLOGY PROFESSIONALS

EDITORIAL ACTING EDITOR: MARK DAVID

905-727-4091x230 mark.david@iticonline.ca

CONTRIBUTING WRITERS: ERIC JACKSCH, MICHELLE DE HERTOGH SALES VP, BUSINESS MEDIA STRATEGY: MARCELLO SUKHDEO

905-727-4091 x224 marcello.sukhdeo@iticonline.ca

DIRECTOR, CONTENT MARKETING & DEMAND GEN.: LASKEY HART

905-503-1376 laskey.hart@iticonline.ca

ACCOUNT MANAGER: JOSE LABAO

905-727-4091 x231 jose.labao@iticonline.ca EVENTS

EVENTS MANAGER: SANDRA SERVICE

sandra.service@iticonline.ca

ART & PRODUCTION ART DIRECTOR: ELENA PANKOVA

circulation@iticonline.ca

SUBSCRIPTIONS AND ADDRESS CHANGES CIRCULATION DIRECTOR: JAMES WATSON

circulation@iticonline.ca

CIRCULATION COORDINATOR

circulation@iticonline.ca

GENERAL INQUIRIES

23-4 Vata Court, Aurora, ON, L4G 4B6 Phone 905-727 4091 Fax 905-727-4428 CORPORATE COO AND GROUP PUBLISHER: JOHN JONES

publisher@iticonline.ca www.itincanadaonline.ca

PUBLISHER’S MAIL AGREEMENT: 42169527 IT in Canada Online magazine is published six times per year. All opinions expressed herein are those of the contributors and do not necessarily reflect the views of the publisher or any person or organization associated with the magazine. Letters, submissions, comments and suggested topics are welcome, and should be sent to publisher@iticonline.ca

www.itincanadaonline.ca

Stepping up security Hacking scandals. Celebrity photo leaks. Entire websites forced offline with the click of a mouse. These were some of the top technology headlines in 2014, a year that many experts hold featured the highest concentration of security breaches in recent history. Despite the strongest efforts of prominent digital security firms to keep everything under control, the bad guys always seem to gain the upper hand. As a result, sensitive data fell into the wrong hands and was subsequently exposed to the public. The Sony email hack was a prominent example of this. Emails between Sony executives, film and television producers and celebrities found their way into the spotlight, causing mayhem in the process. The hackers may be smart, but they can’t be allowed to win the battle. Employing predictive security measures can help to head these bad actors off at the pass and keep classified corporate information under wraps. In our cover story, Dr. Andy Jennings, chief analytics officer for FICO discusses why predictive security is important, and how it can save enterprises millions. Check it out on page 13. In the battle for data protection, having a proper security platform is one of many ways to defend against the dark arts. On page 8, we talk to Websense’s Bob Hansmann about a new product release that will help businesses safeguard their data from theft and a litany of threats across the entire kill chain. Eric Jacksch takes a look into his crystal ball and outlines some of the security issues that the IT industry will face in 2015. Find out what he has to say on page 10. Downtime caused by security issues and denial-of-service attacks cost Canadian companies over $16.8 billion over the past few years, according to a recent study. As EMC’s Mike Sharun explains on page 17, there are a number of solutions that can resolve this problem. We hope our stories will give you some insight into how you can step up the security of your digital fortress and keep your data safe.

REPRINT INFORMATION

High quality reprints of articles and additional copies of the magazine are available through circulation@iticonline.ca or by phone: 905-727-4091 ONE YEAR SUBSCRIPTION RATES

Canada: $50/year; USA $60/year; International $100/year. All rights reserved. No part of this publication may be reproduced without written consent. All inquiries should be addressed to circulation@iticonline.ca

4 / IT in Canada Online January/February 2015

Mark David Acting Editor

media:scape™

furniture and technology merged to help teams access and share information www.steelcase.com/cometogether

expect more

·media:scape™ creates a collaborative destination ·Everyone can share their digital information instantly ·Information is visible by all participants

POI Business Interiors has more than 50 years of experience in providing knowledge, products and services that help people work more effectively. We understand the issues facing organizations today. T 888 296 9967, F 905 479 6941 www.poi.ca info@poi.ca

IN THE NEWS

POWERing up

new partnership between two major developers in the technology space has the potential to be very POWERful. Avnet has announced that it has signed on to join the OpenPOWER foundation, an open development group based on IBM’s POWER microprocessor architecture. Joining this organization will enable Avnet’s roster of partners and customers to leverage IBM’s entire range of hardware and software stacks. The partnership will help Avnet’s client base to create customized server, networking and storage hardware devices that are in line with POWER’s high-performance architecture. “Working with the OpenPOWER Foundation complements Avnet’s long-standing relationship with IBM across the enterprise, from the component level to the data centre,”

6 / IT in Canada Online January/February 2015

Tony Madden, senior vice president of global supplier business executive for Avnet said in a press release. “With the accelerated pace of change in technology, membership in the OpenPOWER Foundation provides an excellent avenue for us to work alongside other market leaders to deploy open Power technology, providing customers and partners with the technology infrastructure they need to evolve and grow their businesses,” Madden added. Launched in 2013, IBM’s OpenPOWER Foundation is a technical membership organization that offers enterprises a comprehensive framework for open development for new hardware and software products. IBM’s POWER8 processor forms the foundation of the group’s projects, which supports open source technologies such as KVM, Linux and OpenStack.

IN THE NEWS The route to better connectivity As the world of connectivity continues to evolve, so do the devices that facilitate proper connections. Routers are no exception to this rule, and a new release from TP-LINK seeks to simplify and expedite connecting to the Internet. Designed to be 802.11ac-compliant and facilitate faster Internet connections, TP-LINK’s new Archer C9 AC1900 dual band gigabit wireless router provides users with connection speeds of up to 1.9Gbps. Key features of the device include a 1GHz dual-core processor, dual-band antennas and high-powered amplifiers. “The growing number of wireless devices found in homes today has created a demand for reliable Wi-Fi networks that achieve high bandwidth speeds,” said Lewis Wu, executive vice president of TP-LINK U.S, in a press release. “The Archer C9 helps high-end devices like gaming consoles and smart TVs reach their potential while ensuring other wireless devices in the home have access to a stable Internet connection.”

The Archer C9 features a Quality of Service (QoS) engine that prioritizes traffic and reduces delays when multiple mobile devices are using the same wireless network. In addition, the router’s integrated shield cover works to decrease signal interference from outside sources. As the demand for larger bandwidths increases within home-based networks, the Archer C9’s 2.4GHz band redirects lesser traffic away from a 5Ghz band engineered for high-bandwidth activity, such as HD video streaming or online gaming. The device can also be configured to operate within wired networks through the use of its gigabit WAN and LAN ports that can facilitate speeds of up to 1,000Mbps. Dual USB 2.0 and 3.0 ports also enable the Archer C9 to connect local printers, files and other devices within a home network.

Keys to the Vault

To unlock a vault, you must have a key or password. To store large amounts of data, including keys, passwords and other sensitive information, you must find a secure place in which to store and manage it. A new release from Microsoft will provide businesses with more options for secure cloud-based data storage. Microsoft’s new Azure Key Vault is designed to help enterprises keep this data properly secured by using cloud-based Hardware Security Modules (HSMs). The system is simple to configure, and does not require any deployment. “Azure Key Vault helps customers safeguard and control keys and secrets using HSMs

in the cloud, with ease and at cloud-scale,” Corey Sanders, director of program management for Microsoft Azure said in a press release. “Key Vault can be configured in minutes, without the need to deploy, wait for, or manage an HSM and has a single programming model across HSM-protected and softwareprotected keys,” Sanders added. “The service scales to meet your needs, and is available in multiple regions to enable application redundancy.” The product provides businesses with enhanced data protection and compliance through its ability to safely store multiple control keys and passwords through FIPS 140-2 level 2 and Common Criteria EAL4+ certification. Key Vault also allows users to easily provision new keys and vaults and control access to encrypted data through a central location. Additionally, it helps to enhance the performance of the cloud by scaling with the demand of the cloud system and providing HSM-protected key management. January/February 2015 IT in Canada Online / 7

TECHNOSPECTIVE TRITON APX 8.0.

By Mark David

The battle for

DATA PROTECTION

director of product marketing for Websense about how deploying this new platform can arm companies with the protection they need in the battle against hackers.

Q: What are the primary functions of the TRITON APX 8.0 platform?

Hansmann: The actual foundation architecture of TRITON is not terribly new. It’s been around for a while, and we’ve had a number of analysts support our direction for integrating Web and email (protection), particularly because today, there is no such thing as an email or Web threat. There are threats, and they tend to use both (channels). If you’ve got both solutions on the Web and email channel, having it not integrated is making increasingly less sense as time goes on. The TRITON architecture was designed to unify Web and email security, but also to unify inbound and outbound so it can correlate events. We even integrate with security information management (SIM) solutions because sometimes you want this data combined with what you’re seeing with

n old adage from the sporting world states that the best offense is a great defence. The same holds true with protecting corporate data, and a new release from Websense is designed to aid that process. Designed to provide protection while leveraging the latest technologies and working 8 / IT in Canada Online January/February 2015

practices, version 8.0 of Websense’s TRITON APX platform provides businesses with an improved defence against threats and data theft across the entire kill chain. The platform also delivers feedback to users in real time, and enables them to head future hazards off at the pass. IT in Canada spoke with Bob Hansmann,

Bob Hansmann, director of product marketing for Websense

TECHNOSPECTIVE TRITON APX 8.0.

the firewall, the IPS and other solutions we don’t provide. But for the solutions we do provide, we have built-in security information and event management (SIEM) solutions with SIM capabilities of correlating data and being able to provide a broader perspective for analysis.

Q: Why is now the time to introduce a product like this?

BH: Part of it is the fact that we’ve had tremendous success with our TRITON product line. It’s been the fastest-growing (product) in the last three years, year-over-year. Customers are rapidly moving to a more integrated platform, but one of the concerns they’ve had is that they can’t do it all at once. They want to buy (the solution) in pieces. With this release, the architecture has been broken up into a more modular, componentlike set of skews. They can purchase what they need and deploy it over time. The key benefit we’re seeing here is a lot of customers have a security issue that they’re trying to deal with that’s on keeping AP threats out. They will buy our Web security solution, AP-WEB piece and the File Sandbox because that’s what they’ve budgeted for.

Q: How has the platform been able to stay up-to-date with cloud-reliant programs and software?

BH: The attack surface has grown dramatically because of the cloud. This has long been a focus for us. We have been securing (companies) like Salesforce.com and other specialized business applications and environments in the cloud for quite some time. We also recently added Office 365, Box Enterprise, and the iCloud. As the options grow within any of these environments, especially within the enterprise segment, we are continuing to add support (for them). When you think of cloud use, we’re talking about mobile users who are taking their laptops and working from anywhere because we share files in the cloud. But how do you secure data, particularly when you’re dealing with endpoints that are Macs? Hardly anyone today provides endpoint data loss prevention (DLP) for Macs, but we’ve been doing it for

“THE KEY BENEFIT WE’RE SEEING HERE IS A LOT OF CUSTOMERS HAVE A SECURITY ISSUE THAT THEY’RE TRYING TO DEAL WITH THAT’S ON KEEPING AP THREATS OUT. ” over a year now. We tend to watch those trends and monitor them very closely. As we are adding support for new threats, we’re also continuing that support for new platforms. For us, supporting new technology so that businesses can grow, as well as being able to support the new landscape are equal focuses.

Q: Despite widespread adoption of the cloud, why is there a deficit in cloud security skills and personnel?

BH: A lot of it has to do with the growing focus on just malware. No one will ever be 100 per cent effective at catching malware. But why aren’t (enterprises) spending time on other aspects of an APP? There are several opportunities to prevent this, but all of the skills tend to be focused around how malware works, how a sandbox works, and how the malware can be caught and identified. We think the focus simply isn’t balanced enough. It requires network expertise. Are they configured properly to be able to identify a botnet? A lot of people have the tools, but they might not even work properly because the network is not architected to support them, or the network may simply be too open.

Properly configured networks and firewalls are still listed as some of the top reasons for breaches (as a result). We think that the expertise problem is a broad topic, and too many people are considering themselves as “specialized.”

Q: Why is it important for businesses to have kill chain management in place?

BH: In today’s environment, no one security solution is ever going to be 100 per cent effective. Once we admit that to ourselves, we start to (add) multiple layers of defence. If you identify a multi-stage kill chain, you need to break it into multiple stages and take a look at your defences. If you have all of them on one or two stages, it’s probably time to consider shifting that funding to catch it elsewhere. The (hackers) can craft some pretty advanced (malware). They can design it to specifically invade all of the common solutions out there. It’s a lot of work to do that at every stage of the attack, so if you’ve got coverage throughout the kill chain, you are more likely to identify that part. No matter how well-crafted the malware is, you will catch the email that gets you to download the malware. January/February 2015 IT in Canada Online / 9

SECURITY SHELF

By Eric Jacksch

2015 2015 promises to be an interesting year in cybersecurity. Iâ&#x20AC;&#x2122;d like to offer some predictions.

10 / IT in Canada Online January/February 2015

Global surveillance and privacy New revelations about global surveillance will continue to generate debate in 2015. The vast number of documents provided by Snowden will keep journalists busy for some time to come. So far the material has focused on the U.S. and U.K. governments, although it is likely that we will be hearing more about Australian, Canadian and New Zealand involvement this year. While some governments have been victims, most appear to embrace the Internet as a mass surveillance platform and are only likely to object when significant national interests are threatened. Law enforcement

and intelligence agencies will continue to press for additional powers and to legitimize their current surveillance operations. Governments will focus on protecting their more sensitive agencies and economically important corporations while the rest will be left to fend for themselves. Personal privacy will continue to erode. Privacy concerns will not achieve a critical mass in Canada during 2015. The upcoming federal election, either in the spring or autumn, will occupy the political agenda in Canada for most of the year. The conflict between the law and order agenda and personal privacy rages on in Canada. Politi-

01001001 01100110 00100000 01111001 01101111 01110101 00100000 01100011 01100001 01101110 00100000 01110010 01100101 01100001 01100100 00100000 01110100 01101000 01101001 01110011 00101100 00100000 01101111 01110101 01110010 00100000 01100011 01101100 01101001 01100101 01101110 01110100 01110011 00100000 01100001 01110010 01100101 00100000 01110011 01100101 01100001 01110010 01100011 01101000 01101001 01101110 01100111 00100000 01100110 01101111 01110010 00100000 01111001 01101111 01110101 00101110 If you can’t read this, we’ll connect you to the people who can.

4fmv.ca

The right candidates. The right opportunities.

TECHNOSPECTIVE SECURITY SHELF

THE RECENT MASSIVE SECURITY BREACH AT SONY SHOULD SERVE AS A WARNING TO OTHER CORPORATIONS. ATTACKS OF THIS MAGNITUDE WILL BECOME MORE FREQUENT, BUT PERHAPS NOT AS PUBLIC. cians will avoid issues such as privacy and global surveillance until after the election. What we will definitely see this year is the launch of several new surveillanceresistant technologies and services, some of which started development in 2014. What remains to be seen is how rapidly they will be adopted and how governments will respond. It is unlikely that they will become mainstream in 2015.

Major security breaches The tidal wave of payment card breaches will continue to sweep across the retail landscape. While the retail sector has undoubt-

12 / IT in Canada Online January/February 2015

edly learned from the massive breaches of 2013 and 2014, the significant changes required to combat this type of crime have not yet occurred. Large retailers have tremendous tasks ahead, including re-architecting their networks, deploying more secure point of sale systems, hiring more security professionals, and empowering them to get the job done. Applying point solutions may help in the short term, but as long as criminals are able to profit from stealing payment card information a highly motivated threat will remain. Protecting their information systems requires major investments that many retailers are not yet prepared to make. The recent massive security breach at Sony should serve as a warning to other corporations. Attacks of this magnitude will become more frequent, but perhaps not as public. Intellectual property theft will be a strong motive as well as disrupting companies for financial or ideological reasons.

Advanced threats In the past year there has been much finger pointing over high-profile hacks such as the current situation at Sony. Some blame North Korea, while some believe another actor is to blame. Exposed in 2014 was that

criminals and governments generally use the same tradecraft for computer and network exploitation. In 2015 it will become increasingly difficult to differentiate state-sponsored attacks from those perpetrated by resourceful criminals. From a defensive security perspective they look the same. Email and web browsers will continue to be the major attack vectors in 2015 because they work. However, as defences to these vectors improve, others like hardware and software supply chain attacks will become more prevalent. Traditional anti-virus software provides little meaningful protection from advanced threats, and in 2015 the security value these products provide will continue to decline. Corporations will slowly shift spending away from anti-virus subscriptions, opting instead for free alternatives such as Windows Defender in Windows 8. Products that detect advanced malware by executing samples in virtual environments were heralded as the forefront of advanced threat protection in 2013 and 2014. They will decline in value this year as targeted malware authors refine techniques to evade them. An arms race will result and the cost of operating this class of product will increase while the security value provided decreases. Products that bring strong policy-based execution control to the endpoint â&#x20AC;&#x201D;in other words advanced whitelisting â&#x20AC;&#x201D;will become more popular in 2015. This approach will prove much more effective than traditional antivirus or automated systems that attempt to detect malware. Adoption will take some time because implementing this type of solution requires IT organizations to adopt more disciplined approaches to software and patch management. Finally, most organizations will come to the realization that it is extremely difficult to prevent all intrusions and that they must prepare for that eventuality. Evolving products that use big data techniques to perform security behaviour analytics and detect suspicious behaviour will make a strong showing in 2015.

By Mark David

COVER STORY THE POWER OF PREDICTIVE SECURITY

The power of

PREDICTIVE SECURITY It almost goes without saying that 2014 was the year of the security breach. A number of hacking scandals made international headlines, including the Sony email leaks and the controversy involving photos of several prominent celebrities. These issues had many people wondering whether or not it was possible to prevent this from reoccurring.

January/February 2015 IT in Canada Online / 13

COVER STORY THE POWER OF PREDICTIVE SECURITY

Dr. Andy Jennings, chief analytics officer for FICO

PREDICTIVE SECURITY PRACTICES, IF DEPLOYED PROPERLY, CAN HELP TO THWART THE ACTIONS OF HACKERS. AS THESE PRACTICES CONTINUE TO PROGRESS, THEY WILL ALLOW ENTERPRISES TO TAKE AN AUTOMATED APPROACH TO BREACH PREVENTION. The answer comes in the form of predictive security measures. These practices can help anyone from regular people to major corporations protect sensitive data, information and images from falling into the wrong hands. As bad actors become more sophisticated, numerous improvements have been made to security apps, programs and software to thwart their nefarious attempts. Despite that, the hackers sometimes manage to gain the upper hand. News travels fast and businesses around the world are paying close attention to the scandals and adopting predictive security measures to prevent themselves from making tomorrow’s headlines. As one expert explains, there are two key reasons why predictive security is on the rise. “The first and most obvious (reason) is the way that companies are going about 14 / IT in Canada Online January/February 2015

this today just isn’t working,” explains Dr. Andy Jennings, chief analytics officer for FICO. “We read a lot about increasing number of data breaches and increasing magnitudes of data breaches. It’s not just the number of them; it’s the time lag between when a compromise might occur, and when it actually gets discovered.” The second reason, says Jennings, revolves around the evolution of the technology and analytics that assist with breach prevention and network traffic analysis. “Technology is now advanced such that the analytic technology exists to be able to look at network traffic in close to real time, understand where anomalies are occurring and have models that can adapt in real time to changing patterns that are occurring within a network,” he says. Jennings likens this to credit card fraud,

another area that FICO has explored over the years. “What we’re doing at FICO is basically extending the idea that those ideas that we created over the years with credit card and transaction fraud detection are very similar,” he says. “You’ve got lots of transactions coming in, and you’re trying to figure out which one amongst millions in aggregate or any one for a particular consumer might be a problem. If you extend that analogy to network traffic, you’ve got lots of computers that are communicating with one another inside or outside of the network, and you can model that to see if any one of them looks to be anomalous.” Predictive security practices, if deployed properly, can help to thwart the actions of hackers. As these practices continue to progress, they will allow enterprises to take an automated approach to breach prevention. “It will enable companies to automate the response to the breach,” says Jennings. “If you think about it today, companies write rules in order to try and figure out if there is something anomalous (on their network). They’re thinking of moving the rules to not try and decide what’s anomalous, but using the rules to then try and bring back some remediation.” Analytics and big data have become crucial components of predictive security techniques. They help businesses get to the heart of the matter quickly so that the problems can be resolved in due course. To illustrate this, Jennings likened these elements to the ways in which vehicular engines stream usage data. “They promote efficiency, faster discov-

http://www.itincanadaonline.ca

ARE YOU MISSING OUT? Please supply us the following information to allow us to provide another year of Free Subscriptions to IT in Canada Online.

NOW!

Fax: 905-727-4428 Mail: 24-4 Vata Court, Aurora, ON, L4G 4B6 Email: circulation@iticonline.ca

NAME:

TITLE:

ORGANIZATION:

ADDRESS:

CITY:

COUNTRY:

PROVINCE:

POSTAL CODE:

E-MAIL ADDRESS:

PHONE:

WHICH FORMAT WOULD YOU LIKE TO RECEIVE YOUR COPIES?

SUBSCRIBE TO FREE WEEKLY E-NEWSLETTER?

YES, PLEASE

DIGITAL

NO, THANKS

COVER STORY

THE POWER OF PREDICTIVE SECURITY

“WE’RE GOING TO SEE MORE AND MORE PREDICTIVE APPLIED (BY COMPANIES). HACKING IS A GOOD, ORGANIZED BUSINESS AND PEOPLE MAKE MONEY FROM IT, SO IT’S NOT SUDDENLY GOING TO STOP, WE NEED MORE EFFECTIVE WAYS OF COMBATING DATA BREACHES, AND PREDICTIVE ANALYTICS WOULD APPEAR TO BE WAY IN WHICH THE INDUSTRY NEEDS TO MOVE FORWARD.

16 / IT in Canada Online January/February 2015

ery and faster remediation of situations,” he says. “If you think about jet engines, for example, they are streaming data to the ground all the time (while in flight). The engine in your car has the potential to stream data about its functions. In that sort of context, one can be much more efficient and observe what’s going on in the moment as opposed to waiting for after the event (occurs).” Unstructured data, which includes social media posts, emails and phone conversations are another area of focus for hackers. This data type was exploited in the many hacking scandals that occurred in 2014, most notably the Sony email breach. As a result, Jennings believes that now is the time to implement a proper analysis of this type of data and shift it to a more structured format. “Unstructured data has been around for a long time, and the majority of data in the world is unstructured,” he explains. “It’s not as easy to manipulate and the technology has now gotten to the point where we can process that information quickly enough to be able to structure it. “The trick is that unstructured data generally needs to be structured in order for it to be put into models or to be able to report on it and create dashboards,” continues Jennings. “The technology has now

progressed to the point where we can do that quickly enough so that the information that is locked up in the unstructured data can add enough value to what we know from the structured world that we’re used to living in.” Going forward, it’s expected that more enterprises will adopt predictive security practices to keep their sensitive material under wraps. The hackers of today may be smart and sophisticated with their methods –but it’s still very possible for businesses to stay two steps ahead of their digital adversaries. “We’re going to see more and more predictive applied (by companies). Hacking is a good, organized business and people make money from it, so it’s not suddenly going to stop,” Jennings says. “We need more effective ways of combating data breaches, and predictive analytics would appear to be way in which the industry needs to move forward. “What we’re also going to see is more of a convergence of security and detection,” he adds. “The techniques that have been applied to the detection world are going to migrate into the security world, and the types of platforms, software tools, analytics and techniques that companies deploy are going to merge over the coming years.”

NETWORK SPOTLIGHT

By Mark David

NO TIME FOR DOWNTIME

here is an old adage that states that “time waits for no man.” In the technology industry, timing is everything, and downtime incurred by data-related disasters can potentially cripple the progress of enterprises, according to the results of a new study. The EMC-conducted global data protection study shows that extended periods of downtime have cost Canadian companies over $16.8 billion per year, a hefty price to pay for failing to properly secure sensitive data.

Collectively, businesses lost 400 per cent more data on average over the last two years, which is the equivalent of 24 million emails each. In addition, the study found that post-disaster, 57 per cent of IT professionals lack confidence in their data recovery abilities, while 36 per cent of organizations do not have a proper disaster recovery plan in place for today’s emerging workloads. “I think the reason why (data loss) has been on the uptick is because there is more data that is very important to organiza-

tions,” says Mike Sharun, country manager for EMC Canada. “Data has become a core value and a core part of every company’s strategy, so they’re more aware of data loss than they were in the past. That, together with digitization and all the other trends that we have in IT have elevated our awareness of what’s going on.” When it comes to pilfering data from major companies, hackers tend to target anything that has the potential to make a big splash in the news. “They do want something that the public January/February 2015 IT in Canada Online / 17

NETWORK SPOTLIGHT

“DATA LOSS AND COST (INCREASE) IF YOU HAVE MORE THAN ONE VENDOR INVOLVED, WHEN YOU HAVE A STANDARDIZED STRATEGY TO DO DATA RECOVERY, BACKUPS, RESTORES AND BUSINESS CONTINUITY, THE AMOUNT OF DATA THAT YOU LOSE GOES DOWN DRAMATICALLY, AS DO THE COSTS AROUND THAT.” Mike Sharun, country manager for EMC Canada

is going to be aware of and that the media is going to bring attention to,” Sharun explains. “Any time that you start looking at something about a person and something about them that’s very private, that is obviously going to be a target for them, from a headline side. They look at personal information on day-to-day activities that people don’t really think twice about. And all of a sudden, it’s hacked, and that becomes news.” Downtime can be very costly for businesses, often causing them significant financial losses. In order to reduce those costs and the amount of data lost, Sharun believes companies should consider adopting a standardized strategy that involves the use of a single data protection vendor. “Data loss and cost (increase) if you have more than one vendor involved,” he says. “When you have a standardized strategy to do data recovery, backups, restores and business continuity, the amount of data that you lose goes down dramatically, as do the costs around that.” From a Canadian standpoint, if enterprises “have three or more data protection vendors, on average, they lost 7.2 terabytes of data per year,” says Sharun. “If you had one data protection vendor, you only lost 0.3 terabytes, which is less than 5 per cent of the data you lost if you had three or more.” It’s one thing to have a reliable data loss prevention strategy in place, but it’s another to ensure that strategy actually works 18 / IT in Canada Online January/February 2015

as advertised. Sharun highlights some best practices that can rescue business from data loss woes and the ensuing downtime. “A chain is only as strong as its weakest link. You need to make sure that all parts of your infrastructure, all the way out to your user is very strong and resilient,” he says. “You need to have it consistent and in line with the business’s backup principles and policies. Also, you should have policies around restoring data, (such as) where it’s located.” One trend that has been on the rise recently is the use of multiple data centres to store data. This can be beneficial to business, as if issues occur in one data centre, the other can continue to run. “We see more and more of our customers starting to move towards active data centres, where they can run on either data centre the applications that they have,” says Sharun. “There’s technology there, and a lot of customers use EMC to provide them with the ability to move that data and have it in more than one location. If something happens in one place, the business remains running and is unaffected in the other (data centre).”

As bad actors and other unsavoury, data-stealing characters find new ways to compromise the digital security fortresses set up by large corporations, the need to have better protection and establish a comprehensive disaster recovery plan becomes increasingly important. Sharun indicates that technology is no longer as limited in what it can do for businesses, thus creating more opportunities for them to fight these threats. “I think that as we continue to move forward here, technology is at a level now where it is no longer limited. Before, it was very limiting in terms of doing what you needed to do to protect your data. You couldn’t move data very quickly, and there were limitations on the speed to move from one data centre to another,” he says. “I would say that from a recoverability and integrity perspective, those issues have gone away,” adds Sharun. “Technology has developed and evolved so that you can have multiple data centres and store data in different places, and you can have applications running seamlessly in multiple locations so your business isn’t at risk.” Data management and encryption methods have also evolved, giving enterprises the ability to arm themselves for battle against hackers. “From a security perspective, the technology is there today to easily have you manage your data, even though it’s encrypted both at rest and in flight,” Sharun says. “The encryption across multiple sites and the idea of encrypting that data as it moves so no one can actually read that information is available today. Even if you go out into a cloud environment, you can keep the keys to that encryption so that no one else can get at it, other than yourself.”

RESELLER CHANNEL SHOWCASE GUIDE

Promote Your Sales Literature Cost-Effectively This showcase is an excellent opportunity to cost-effectively feature new products, literature and more. • Reach more than 10,000 resellers, distributors and systems builders who authorize, specify or approve the purchase of products and services. • Showcase your most current brochure or product sheet • Increase your sales with this high volume, cost-effective marketing tool.

2015 Product Showcase Rate

ReselleR Channel

ShowcaSe Guide

Promote Your Sales Literature Cost-Effectively

Ut lorperat praesed

Gait vel ut alit er sumeld SRos nulla feuip et nullaore min henit ulla feugiatet dolenis erat, conse vendiam dipit, quatinim incipit ea consecte faciliq uamcorperit wisl ilis adionummy nibh exeriur eriusci llaore magna ad tetummodiam venis nullan exer sustin vero od miniamcor susto odolore tet diam aliquat lor sum vullaore feugait prate elit at. Ed molortincil dolore tincipit luptat adipsuscilis aliquip eraestrud er sum in ullaoreet lore vendit exer se doloreet, quipisi. Cumsandipit utpat nim nonummy nostio elisseq uisisse quatet eugiamet dolorer Am dui blaorper aci eui eniamco mmolor sisi.Loreraesto commod magniate magna feui blan utpat nim nonsed tem quat adiam et ad et am niam, quismolum nim nullaorem in utpat. Xero od min utate volenibh ea am, sectem inisi tincillam ipisism olortie velit nis exer ilis et dip enim velisi ectet, sisit ipit ad diatetuerit aci ea faccumsan vel euis enit, voloreet ad dolore feum quis nos adipit ut lore feugiat, quat nulla facidunt at. Ming eEm velissit num dolorem dolobortie velit vercip euis nim ing eugiatu msandre modit nullum et vel essi. Tat. Illa autem inibh eu facilla orerci te feuguer iliquis nim nullutem il ut at prat. To er sed doloreet, sim alit, velit, quat. Lum zzriusto erostrud exer sisi blaore ming ercili erciliquat ulput wissi. Gait vel in velis elis autpat venit diatummy nons nostrud dui tat augait, si. Sequat, susto dion utpat, ver alismolenim zzri zzriuscilla facipisi blaortincing euisit, quamcommy niam zzrilit acing ercil digna feugiamet illam venim eugue modions ectet, commy num iliquamet, commod tet, quam, consequat autpatum dit do dolorem ipit vendipsummy nullandreet, consenim dipsumm olorer sim quat iniam, veliscip essequis doloboreros am in utat eu feugue conse estrud ming enim ing et pratum venim dolorerci blamet augiamc onsequamet lor irilit aliquat autpat lan et aliquis ea facilit praessit ut velis nonulla conulpu conulputate magna faccum zzriliq uiscin vent in vel ing ex

Nonsequat. Ut acilit eniamconse conullute dip er secte dolobor acil ulputat doluptatie do con el et accumsan henit iriusto consequam velit veliquat at. Sit wismod mod doluptat. Suscin hendiam, sumsandio odolum quisis atisi. Bor sum dui etue min ulla faccum zzrilis nulla feugait vel utpat iliquipsum num verat. Quis exero consed esequis adit verit nim veliscin ex euis aliquatio del el erat estrud do odiamet alismodiam zzriurem eumsan henim quissenis erat. Enibh et, quipit alit nulla auguera esecte coreet ipisl eummod magniat. Dui blandit alit, qui tio euis autpat in eriurem acilla am, sum adit volent vulpute tummod te vullaore minisse quatuer acipit del ut do commodolore volut nis nonsed ea feu feum essequi tet at numsan ut wiscin henisim zzriuscil ese faccum quat. Velesenim iliquatis nisit landre dolore vullum veliquat esecte faciduis del ulput nibh eros nit il exerat lor sit atuer susci tat augueraessis augue feuiscin vel dolortie feugiat, veliquat, sequat. Ut lamet velenim niam, sequam eu feugue velis dolestrud mod tatuer ing euguero odolore tatin ute modo dolorem eugait lute dignim acil ipsum iusto ea feu facil iuscidui elent augiam veraestis aliquis cipismo dipsum dunt alit aliquat, vel ute consed tionsed dolorpe rcilit esto euguer sim et la facilla facilismod tet ipissi. Gait at, coreetummy nullum dolutem alis nos nim vulla consecte mod dolobor periusc iduipit lut veniatetum doloboreet vero conullamet autpate dolutpat. Tat nit alissim eui tin er iriusci tie del ulputem etue veriure ver si.

Product

 1x – $1,200  3x – $1,100  6x – $1,000

Showcase

Gait vel ut alit er sumeld

Closing date:

Space

Material

Spring

Mar 11

Mar 18

Summer

May 6

May 13

Fall

Aug 12

Aug 19

Winter

Oct 7

Oct 14

SRos nulla feuip et nullaore min henit ulla feugiatet dolenis erat, conse vendiam dipit, quatinim incipit ea consecte faciliq uamcorperit wisl ilis adionummy nibh exeriur eriusci llaore magna ad tetummodiam venis nullan exer sustin vero od miniamcor susto odolore tet diam aliquat lor sum vullaore feugait prate elit at. Ed molortincil dolore tincipit luptat adipsuscilis aliquip eraestrud er sum in ullaoreet lore vendit exer se doloreet, quipisi. Cumsandipit utpat nim nonummy nostio elisseq uisisse quatet eugiamet dolorer Am dui blaorper aci eui eniamco mmolor sisi.Loreraesto commod magniate magna feui blan utpat nim nonsed tem quat adiam et ad et am niam, quismolum nim nullaorem in utpat. Xero od min utate volenibh ea am, sectem inisi tincillam ipisism olortie velit nis exer ilis et dip enim velisi ectet, sisit ipit ad diatetuerit aci ea faccumsan vel euis enit, voloreet ad dolore feum quis nos adipit ut lore feugiat, quat nulla facidunt at. Ming e

SRos nulla feuip et nullaore min henit ulla feugiatet dolenis erat, conse vendiam dipit, quatinim incipit ea consecte faciliq uamcorperit wisl ilis adionummy nibh exeriur eriusci llaore magna ad tetummodiam venis nullan exer sustin vero od miniamcor susto odolore tet diam aliquat lor sum vullaore feugait prate elit at. Ed molortincil dolore tincipit luptat adipsuscilis aliquip eraestrud er sum in ullaoreet lore vendit exer se doloreet, quipisi. Illan et atet alit, sim zzrit autpat. Min ulla cor am quat, vel exerostionse elit digna facilit alis aliquate min vel incin utpat. Nos er acip eu feugait alit il ulput landreet landio er sis augait laor augiamcons nisim quisseniam zzrilis molenisl ullutpat. Ut luptat vendre core dions niat wismodi gnissed et wisim in esenisi. Elit illuptat. Duisi tincinci blam vel ulluptat lorperil et, sissequi tatet acidui blam velit, quatio commy nummod magniam dignibh erat. Ut ipis adipsus ciliquis nim eum ver

Blaorting eum adigna facidunt velent SRos nulla feuip et nullaore min henit ulla feugiatet dolenis erat, conse vendiam dipit, quatinim incipit ea consecte faciliq uamcorperit wisl ilis adionummy nibh exeriur eriusci llaore magna ad tetummodiam venis nullan exer sustin vero od miniamcor susto odolore tet diam aliquat lor sum vullaore feugait prate elit at. Ed molortincil dolore tincipit luptat adipsuscilis aliquip eraestrud er sum in ullaoreet lore vendit exer se doloreet, quipisi. Metuercidunt ipsustionsed tatin velisi blamet, susto conullan utpat dio odolum quate magnim il eu feugait endrer sum

con ulputatum vullaoreet lum SRos nulla feuip et nullaore min henit ulla feugiatet dolenis erat, conse vendiam dipit, quatinim incipit ea consecte faciliq uamcorperit wisl ilis adionummy nibh exeriur eriusci llaore magna ad tetummodiam venis nullan exer sustin vero od miniamcor susto odolore tet diam aliquat lor sum vullaore feugait prate elit at. Ed molortincil dolore tincipit luptat adipsuscilis aliquip eraestrud er sum in ullaoreet lore vendit exer se doloreet, quipisi. Cumsandipit utpat nim nonummy nostio con utatem ing ent velis amcommy nos niam illa feuguer irit exer se ming exer ad elisseq uisisse quatet eugiamet dolorer seniamet dunt ulputat.

Blaorting eum adigna facidunt velent

ut lorperat praesed SRos nulla feuip et nullaore min henit ulla feugiatet dolenis erat, conse vendiam dipit, quatinim incipit ea consecte faciliq uamcorperit wisl ilis adionummy nibh exeriur eriusci llaore magna ad tetummodiam venis nullan exer sustin vero od miniamcor susto odolore tet diam aliquat lor sum vullaore feugait prate elit at. Ed molortincil dolore tincipit luptat adipsuscilis aliquip eraestrud er sum in ullaoreet lore vendit exer se doloreet, quipisi.

32 / CRN Canada December 2010

Specifications: Headline: cannot exceed 40 characters Copy: Cannot exceed 150 words. Advertiser are responsible for writing copy, IT in Canada reserves the right to edit copy. Illustrations: Advertisers must submit high resolution electronic files.

For Advertising Inquiries Contact: Marcello Sukhdeo VP Business Media Strategy 905-727-4091, x224 marcello.sukhdeo@iticonline.ca

CHANNEL CORNER

By Michelle De Hertogh

REINVENTING THE CHANNEL Adapt or die trying

hese days, could you accurately describe the role of a VAR or a system integrator? I bet you can’t. And that’s because there is no longer a clearly defined business model for each anymore. For years, tech companies have operated through silos of channel partners, each type with their own way of selling products: VARS resold technology “to” their customers, sys20 / IT in Canada Online January/February 2015

tems integrators sold their services “with” technology companies, or outsourcers bought technology directly “from” technology companies to run systems for their customers. But with the broad adoption of major market disruptors like big data and cloud computing combined with social media, the partner community has been picked up, tossed about and thrown in the corner to reinvent itself.

Technologies have changed. Customers have changed. And now so must the partner and technology industry as well.

Farewell point products The advent of near ubiquitous cloud computing and the Internet of Everything has nearly buried the practice of buying and selling individual point products at the lowest possible price.

  

TECHNOSPECTIVE

Do your sales reps spend more time looking for special pricing approvals than talking to customers? Is your purchasing team struggling to keep up with requests to validate pricing and discounts?

 Is your sales team aware of all your customers’ upcoming maintenance, support and warranty renewals? Are your client entitlements lapsing, leaving your customers exposed and your accounts vulnerable to your competitors?

We Can Help                  

January/February 2015 IT in Canada Online / 21 

CHANNEL CORNER The social engagement changes how partner sales join the conversation. Instead of the traditional methods of direct mail, advertising and cold calling, partners must now join the discussion to demonstrate their thoughtleadership and promote their successes. The advantage to the customer in this new model is that the technology provider must speak to their real knowledge of the problem and solution vs. a catchy ad and price point. This either lends credibility to the provider or exposes their weaknesses.

Sales vs. marketing at the table

Customers prefer their solutions to be end to end, from the technology solutions to the relationships between partners and their customers. They require broad solutions that are unique to their needs. As a consequence, partners are retiring the single-solution cookie-cutter business model, in exchange for a long-term symbiotic relationship. In order to deploy a cloud, for example, resellers are partnering with service providers, combining a “pull-through” and “sell-with” approach to keep and maintain the business. System integrators are reselling products, which three years ago would have been unspeakable.

Help me, help you In the process, customers are seeking “trusted advisors” who can offer and execute the best end-to-end deployment of a variety of products, instead of dialing for dollars for the cheapest part. They need someone in their corner throughout the entire process – planning, deployment, measurement and support. 22 / IT in Canada Online January/February 2015

The need for an advisor is further driven by technology trends that drive risk and uncertainty in the customer’s environment. Beyond the staples like network and data security, trends like BYOD or even BYOC (cloud) erode their sense of control. If they can find one vendor that can bring calm and manageability, they’ll prioritize on the bigger picture and less on the product and price.

The educated customer The average IT customer is better informed and more connected than ever, thanks in large part to social media. Now, 60 percent of today’s buyers are familiar with the technology before ever engaging with a partner sales representative. Beyond who tweeted whom, social media is driving discussions around IT challenges, products and solutions. The resulting community - both online and in person – is driving conversations around best practices and the people behind them. Oddly, the conversations even take place between competing IT professionals.

What might be the most controversial change in this evolving landscape involves who engages with the customer – sales or marketing. In the traditional setting, sales lead the engagement with marketing providing support through lead generation. But now with the need for solution-based products and social media discussion, marketing is beginning to run parallel to sales. And in the future, marketing just might flank sales during the process. Now, instead of just focusing on developing a funnel of leads for sales to use, marketing is engaging directly with the customer to capture and understand their needs. This information is used to create marketing programs that address those needs as a solution. Especially as social media becomes more of the customer landscape, marketing has to jump in and lead the conversations to establish market leadership. This change has become even more important as the age and demographics of the traditional IT professional evolve from the suit and tie executive to the khakis and tennis shoes professional, and from the boardroom to the public forums and blogs. To be successful with this new breed of customer, the partner community must adapt or die. They have to provide solutions that are unique and transcend across the barriers of their traditional product packaging, marketing, distribution and pricing. In the next installment of this three-part series, we’ll talk more about the changing partner landscape and provide examples of how partners are changing the way they do business. Michelle De Hertogh is vice president of business EMC development for alliances, development and marketing.

C4ISR

REVERSE MARK YOUR CALENDAR INDUSTRY DAY FORUM

and Beyond

www.c4israndbeyond.com Date: Spring 2015 Location: Ottawa

Coming this spring: C4ISR and Beyond 2015 As the demand for information in the battle space grows, so does the need for networked systems able to deliver vital data in a meaningful way. Vanguard brings together stakeholders from across the Canadian Armed Forces and defence industry to discuss the challenges and opportunities to deliver future C4ISR capabilities. The format focuses on dialogue between key suppliers and the Forces. Discussions will be around trends and technologies as well as Canada requirements and how to best leverage emerging capability.

C4ISR C4 ISR For more information or to register, contact: Sandra Service, Event Manager 905-727-4091 Ext.228 or sandras@netgov.ca

Media Sponsor:

For more Information on Sponsorship, please contact: Marcello Sukhdeo, National Account Manager 905-727-4091 Ext. 224 or marcellos@netgov.ca

Partner: