ANTHONY BARTOLO
How to: Reducing The Windows 10 Installation File Size Via DISM P17
LEN ROSENTHAL
5 Ways to stay within budget in upgrading to flash storage P.18
September/ October 2015 VOLUME 6 NUMBER 5
INSIGHT FOR TECHNOLOGY PROFESSIONALS
THE FUTURE
OF BIG DATA ANALYTICS
Publication Mail Registration Number: 42169527
A WHOLE NEW LEVEL OF BUSINESS GROWTH
www.itincanadaonline.ca
Stuck in traffic.
Ideas still moving for ward.
Your whiteboard, reinvented. Imagine you could see and write on the whiteboard when you’re not in the meeting room. With BrightLink Pro, you can. Collaborate in real-time, whether you’re in the room or across the world. Keep writing, without stopping to erase; just add digital pages. When the meeting’s done, share the notes instantly through email or a USB thumb drive, so nobody has to take a picture. BrightLink Pro turns any flat surface interactive; you don’t need a computer or software to use it. Just turn it on and see how easy it is to reinvent your whiteboard. Take a product tour now at epson.ca/movingforward. Or contact an Epson collaboration specialist about introductory offers including our 1st-Time Buyer program. 800-374-7300. EPSON is a registered trademark and EPSON Exceed Your Vision is a registered logomark of Seiko Epson Corporation. BrightLink is a registered trademark of Epson America, Inc. Copyright 2014 Epson America, Inc.
Contents
www.itincanadaonline.ca
Vol 6 No 5 September/October 2015
DEPARTMENTS
4 Editorial 6 News
Our roundup of news stories
10 Security Shelf
FEATURES
8 Big Data Analytics will bring a whole new level of business growth 14 A closer look at Ericsson Cloud Storage - Part 2 17
How To: Reducing The Windows 10 Installation File Size Via DISM
18 5 Ways to stay within budget in upgrading to flash storage 20 A Breeding Ground for Hackers 22 Who is real hero in storage ‘race to zero’? 23 Cloud adoption reaches a new stratosphere
8
COVER STORY: The Future of Big Data Analytics A whole new level of business growth
Online Extras: www.itincanadaonline.ca Missed an issue? Misplaced an article? Visit www.itincanadaonline.ca for a full archive of past IT in Canada Online issues, as well as online extras from our many contributors. September/October 2015 IT in Canada Online / 3
EDITORIAL INSIGHT FOR TECHNOLOGY PROFESSIONALS
EDITORIAL
The Technology Seasons
EDITOR-IN-CHIEF: J. RICHARD JONES
905-727-4091x227 publisher@iticonline.ca
VP CONTENT STRATEGY: MARCELLO SUKHDEO
905-727-4091 x224 marcello.sukhdeo@iticonline.ca
STAFF WRITER : JEFF MACKEY
905-727-4091 jeff.mackey@iticonline.ca
CONTRIBUTING WRITERS: ERIC JACKSCH, MIHA AHRONOVITZ, ANTHONY BARTOLO, LEN ROSENTHAL, SANDY BIRD, PETER LINDER SALES DIRECTOR, CONTENT MARKETING & DEMAND GEN.: LASKEY HART
905-503-1376 laskey.hart@iticonline.ca
DIRECTOR, CONTENT & BUSINESS DEVELOPMENT: JOSE LABAO
905-727-4091 x231 jose.labao@iticonline.ca ART & PRODUCTION
ART DIRECTOR: ELENA PANKOVA
circulation@iticonline.ca
SUBSCRIPTIONS AND ADDRESS CHANGES CIRCULATION DIRECTOR: MARY LABAO
circulation@iticonline.ca
CIRCULATION COORDINATOR
circulation@iticonline.ca
GENERAL INQUIRIES
23-4 Vata Court, Aurora, ON, L4G 4B6 Phone 905-727-4091 Fax 905-727-4428 CORPORATE COO AND GROUP PUBLISHER: J. RICHARD JONES
publisher@iticonline.ca www.itincanadaonline.ca
PUBLISHER’S MAIL AGREEMENT: 42169527 IT in Canada Online magazine is published six times per year. All opinions expressed herein are those of the contributors and do not necessarily reflect the views of the publisher or any person or organization associated with the magazine. Letters, submissions, comments and suggested topics are welcome, and should be sent to publisher@iticonline.ca
www.itincanadaonline.ca REPRINT INFORMATION
High quality reprints of articles and additional copies of the magazine are available through circulation@iticonline.ca or by phone: 905-727-4091 All rights reserved. No part of this publication may be reproduced without written consent. All inquiries should be addressed to circulation@iticonline.ca
The fall is a wonderful time to observe the seasons change. It is also a wonderful time to review changes that are going on in the technology world and to question the ROI that comes from technology investments. Will my productivity levels really be increased, what’s the pain of implementation and what’s the long term ROI? To name a few. In this issue of IT in Canada we have a strong focus on Big Data Analytics, or as I call it “BDA.” It’s no secret that more and more companies are investing into BDA in order to assist in creating new levels of business growth. Take a look at our interview with Ray Bariso, Vice President of Ericsson’s Business and Operations Solutions division in North America. He’s got some great insights into how new levels of business growth can be developed and leveraged across industries. My personal two reading favorites from this edition is Eric Jacksch’s article entitled “Life is short, secure your data,” and Jeff Mackey’s coverage of Apple’s new product announcements for 2015. On a personal note, I’ve been traveling quite a bit as of late and have come to the conclusion that it is time to update my tried-tested-but-nonetheless-aging iPhone. I think, I am two years overdue and am wrestling with the decision as to whether to continue on with my commitment to the Apple family of products which have been just great, or to consider some of the new players in the land of smartphones. Why the temptation? Well, the more I travel the more I have greater appreciation for battery life — as I’m sure many can relate. I’m hearing some really great feedback around productivity and security innovation in other smartphone brands, as well. All the vendors are doing some really cool things. Feel free to drop me a line and let me know what your experiences have been with different smartphone brands, I’m always happy to have reader insights. So, what does the fall hold in store for the IT in Canada media team? Besides the cold we are booked up with lots of shows and lots of travel. I’m attending a leadership technology show taking place November 18th in Ottawa courtesy of our media affiliate, Canadian Government Executive. This show is worth taking a look at. And although it’s aimed at public sector executive and public sector technology audiences primarily, this event may be worth attending even if you’re not within the public sector community thanks to its great tech-savvy line-up of featured speakers, including Donald Farmer from Qlick view. Now, I don’t usually attend public sector technology shows as a rule because in the past, they have been somewhat stale, in my opinion. But this show is different….It’s fresh. I think we are seeing a resurgence in show activity in both public sector and the private sector, and I think we’re seeing resurgence in show quality as events invest more in high quality content. And vendors are starting to notice. And let’s be clear, we need vendors to support our community with high quality events and we need them to support independent media providers like IT in Canada. Otherwise, everything is just PR spin, right? Not that there is anything wrong with PR, it’s a vital tool, but if you’re like me perhaps the PR meter has been just a little too high lately. I just yearn for more traditional media players with traditional practices around content and media coverage; perhaps it’s just me. But I digress, check out the link for more details: http://rightcrowdevents.com/events/cge/ summit/ and if you attend, let me know what you think. Over the next few months and into early 2016, you’re going to see more online surveys and polls from the team at IT in Canada and I hope you will participate. Your feedback helps us to shape our content and to shape our future events. So again, I hope you will continue to subscribe, support and engage with IT in Canada Media. We very much value your feedback and support. J. Richard Jones Editor-in-Chief
4 / IT in Canada Online September/October 2015
BALANCED SCORECARD
AWARDS
LESSONS LEARNED TECHNOLOGY
PROVEN
DIALOGUE
THOUGHT LEADERS AND INFORMATION SESSIONS
THE INSIGHTS YOU WANT CANADIAN MADE DONALD FARMER
JOHN SCHERER
LATEST THINKING
CANADIAN GOVERNMENT EXECUTIVE
ANNUAL SUMMIT A CANADIAN EVENT GREAT SPEAKERS
TECHNOLOGY
BIG DATA
A BRAND YOU CAN TRUST
EXECUTIVE LEADERSHIP
JOIN US NOVEMBER 18TH, 2015 WESTIN HOTEL, OTTAWA
BALANCED SCORECARD
PUBLIC SECTOR EXCELLENCE WE REACH PUBLIC SECTOR EXECUTIVES
JOHN SCHERER
WWW.RIGHTCROWDEVENTS.COM/EVENTS/CGE/SUMMIT/
DIALOGUE
LATEST THINKING
PUBLIC SECTOR EXECUTIVES
CANADIAN OWNED
LEADING FOR RESULTS
WE REACH PUBLIC SECTOR EXECUTIVES
LEADING FOR RESULTS
DONALD FARMER QUALITY AUDIENCE
JOHN SCHERER
A BRAND YOU CAN TRUST
DIALOGUE
PUBLIC SECTOR EXECUTIVES
2015
QUALITY AUDIENCE
PAUL NIVEN
CGE BRANDBRAND LATEST THINKING
A CANADIAN EVENT
PAUL NIVEN
JOHN SCHERER TECHNOLOGY
ROI
REGISTER
THE RIGHT EVENT
BIG DATA
GREAT SPEAKERS
LESSONS LEARNED
PAUL NIVEN
GREAT SPEAKERS DIALOGUE
DEPUTY MINISTERS DEPUTY MINISTERS PERFORMANCE MEASUREMENT & EVALUATION CGE BRANDBRAND CANADIAN GOVERNMENT EXECUTIVE – 20 YEAR OLD BRAND
LEADERSHIP
BUSINESS INTELLIGENCE
CANADIAN GOVERNMENT EXECUTIVE – 20 YEAR OLD BRAND
QUALITY AUDIENCE
PERFORMANCE MEASUREMENT & EVALUATION LATEST THINKING
IN THE NEWS suretap introduces reloadable prepaid card
S
uretap, a leading digital open wallet company recently announced a new way to make payments through the suretap prepaid MasterCard. This MasterCard is a secured and easy to use prepaid card that’s only available through the suretap wallet. It comes with a low fee structure that rivals most debit card fees and, for a limited time, will have no monthly fee attached. “We want suretap to meet the digital payment choices of all Canadians,” said Jeppe Dorff, President of suretap. “The use of prepaid cards is growing in Canada and worldwide, and now it’s part of the suretap wallet. It’s time that Canadian consumers get access to their funds in real time, irrespective of where they are and what they do. With mobile wallets there is an increased opportunity to free consumers so they can focus on what matter the most - now there’s no need to carry your wallet to the gym anymore.” According to a global study commissioned
6 / IT in Canada Online September/October 2015
by MasterCard Worldwide, the use of prepaid cards in Canada is expected to grow from just $2 billion in 2010 to about $19 billion by 2017. With this growth will come the benefits of convenience and security in making payments, ease of use in travel, the ability to control expenses, and an appropriate way to manage a budget for kids. Since the introduction of its new open wallet in June, suretap has received sizeable support from many of the leading Canadian wireless carriers, banks and retailers. This has allowed smartphone consumers to easily make secure mobile payments with virtual and encrypted credit cards, gift cards—and now suretap’s prepaid MasterCard. From the consumer side, more than 180,000 Canadians have suretap installed on their smartphones, and of that amount 80 per cent are using Android phones. Since its launch as well, suretap has seen an increase of 22 per cent on the average purchase value per transaction month over month, along
By Marcello Sukhdeo
with a 53 per cent increase in reload value per account. Today more than 30 Android and BlackBerry smartphones from Canada’s leading wireless carriers such as Bell, Rogers, TELUS, Koodo and Virgin Mobile are offering the suretap wallet and this number is expected to grow by the end of 2015. suretap has also formed a partnership with the Canadian Imperial Bank of Commerce (CIBC) in offering 38 credit card options through the suretap wallet. Retailers like SIR Corp, Cara Operations, Indigo, Cineplex, Forever 21, Groupon, and others have also signed up to participate in the multi-partner program as part of the suretap wallet. So what else can we expect from this open wallet digital company in the near future? According to the plan, suretap is looking to add debit cards, loyalty cards, digital coupons and deals in the near future. To learn more, visit: http://suretap.com/
IN THE NEWS
By Jeff Mackey
Apple announces new products On September 9th, Apple announced their new line up of products for 2015 but the only thing that seems to stay the same about Apple products is the fanfare their announcements garner in the media. Well, yet another slew of products were announced by the innovative company on Wednesday and all the Apple fanboys and girls out there were left with plenty to drool over. La plus ca change. First off was the announcement of the iPhone 6 and the iPhone 6S. These iterations will feature larger screens, 3D Touch and different metallic colours. They will be available on September 25 with pre-orders starting Sunday. Also announced was Apple’s largest ever tablet, the nearly 13-inch diagonal iPad Pro. This product is meant more for the corporate or business crowd but also seems like it would be fun as a secondary home computer or laptop replacement mainly for browsing the Internet or cruising social media… if one had that type of money.
The price ranges from $799-$1,000 and has an option $100 stylus and/or a $170 keyboard. But wait, there’s more. Also announced was a major update to Apple TV. This new version will take advantage of more voice controls and apps like Roku, Amazon Fire and Google Chromecast. It also has a revamped controller with more buttons in order to achieve enhanced universality. It will run you $150. In no doubt related news, Apple’s stock took a dip today down $1.20 to $111.10. Maybe media attention and contestant product updates aren’t enough to keep a company like Apple afloat amide such high expectations.
By Alexandra Sweny David Milette, President and Managing Director of SQALogic
Better support, from East to West
California’s IntelliCorp is partnering with Montreal-based SQALOGIC, bringing improved service to Canadian SAP Enterprise Customers. SQALOGIC, an Application Lifecycle Management and Software Quality Assurance service provider, will give IntelliCorp customers faster migrations, lower costs and reduced risks. “We are pleased to welcome SQALOGIC as a strategic partner,” said Jerry Klajbor, CEO of IntelliCorp. “The expertise of SQALOGIC when combined with IntelliCorp’s products and technol-
ogy will provide companies running SAP the capability to rapidly respond to the dynamic market need for change that exists in today’s modern business world.” The onset of new technologies like SAP HANA – a relational database management system – mean more and more companies are making the move to in-memory and column-oriented systems. To facilitate this migration, IntelliCorp will need SQALOGIC’s industry experience to maximize their intelligent software tools. “With the advent of new and exciting technologies comes new associated risks and challenges for SAP customers,” said David Milette, President and Managing Director of SQALogic. “[IntelliCorp’s] solutions are ideally suited to allow SAP customers to very efficiently determine the most effective ALM strategy by rapidly identifying the most at risk transactions and areas to tackle and eliminate risk.” With constant new industry developments, it’s certain two heads will prove better than one. September/October 2015 IT in Canada Online / 7
TECHNOSPECTIVE EMPLOYEE COMMUNITIES
BIG DATA ANALYTICS will bring a whole new
level of business growth
M
ore and more companies are buying into the fact that Big Data Analytics is a strong contributor to transforming their companies to new levels of business growth and has become an indispensable tool for operational efficiency and in enhancing customer experience. IT in Canada recently spoke with Ray Bariso, vice president of Ericsson’s Business and Operations Solutions business in North America. Ray also heads Ericsson’s OSS/BSS Global Engagement Practice Community. In this interview, Ray tells IT in Canada that the future of Big Data Analytics is going to be about achieving new levels of business growth across all industries to be able to leverage analytical insights to grow revenue more proactively and on demand. He also shared the two biggest challenges that are faced in the Big Data Analytics field today.
Q: Can you tell us a little about your history with Big Data and Big Data Analytics?
Ray Bariso: I’m responsible for Ericsson’s business and operations solutions business for North America. I took over this role in 2012, and in 2012 when we were looking at the market to see where the communications service provider and other enterprise industry trends were going, customer experience management and Big Data Analytics were two of the areas that were getting significant attention in the forward looking, five plus years in terms of growth trends. So as a result of that, we took a look at our organization 8 / IT in Canada Online September/October 2015
and built a new Big Data and Analytics & Customer Experience Management practice. We established, re-allocated and hired into this practice a group of people, including data scientists, network experts, social media experts, business intelligence experts, Big Data architects, etc. that worked closely with our software business unit, which had begun productizing our Big Data platform, Ericsson Expert Analytics from five years of R&D. The history goes back to understanding the market or the market trends at work, what our customers were spending money on, and putting together and investing in a team that was going to address that growth opportunity.
Q: What do you consider to be the
two biggest challenges in the Big Data Analytics field? RB: The first big challenge is an enterprise organizational challenge, I would say. That challenge stems from the fact that every organization has data throughout their enterprise – there’s marketing data, customer data, product data, network data, services and customer service information. Every enterprise has to become what we call a ‘data-driven enterprise.’ To be able to take all the data across the different organizational silos and horizontalize that and make it available across the company from an endto-end enterprise perspective. [That] is a big challenge for every company. I’ll give you an example…from a communications service provider perspective; you have the marketing guys who understand
the offerings, the rates, what resonates with the market and what doesn’t. From a customer care and billing perspective, you know your customers plans, devices, usage, how much they’re spending monthto-month, what they’re upgrading to, how long they’re keeping their phones before upgrading, etc. From understanding your customers’ point of view in a Service Operations Centre, you know who your customers are by various segments, the demographics of them, what devices they’re using where, what time of day they’re using them, when they’re using certain applications, when they’re not using applications, how video traffic is affecting usage from geographic location and time of day perspective. Then you have the network guys that understand where all the network endpoints are and how a voice call flow or an internet or video session is working end-to-end across the network. Taking all that information from all those different organizations, stringing them together horizontally to create and end-to-end view for an end customer is challenging, based on the organizational structure. This is a very important business challenge where Ericsson is focused on providing customer solutions for. The second big problem is finding the right combination of people and expertise that know how to decide which data to keep, track, store and utilize, and have the ability to use static data and data in motion together to make real time decisions. Whether there [are] operational decisions to reduce costs or optimize a process, or to formulate the next best offer for a customer
TECHNOSPECTIVE
EMPLOYEE COMMUNITIES
“THERE ARE STILL A LOT OF CHANGES IN THE MARKET, BUT YOU ALSO DON’T WANT TO WAIT FOR EVERYTHING IN THE MARKET TO SETTLE AND BECOME SOLID, BECAUSE THEN YOU’LL BE BEHIND YOUR COMPETITORS. ”
Ray Bariso, vice president of Ericsson’s Business and Operations Solutions business in North America
to monetize services better for your customer that they will appreciate. Being able to understand what those algorithms are, and finding people who know how to do that is a big problem, as there is a shortage in the market of skilled talent that have this crossfunctional expertise. It’s an organizational and cultural problem inside companies, number one, and number two is the access to and putting together the right resource base for putting algorithms and all the right information together.
Q: Is there a quick fix or something that can be done to resolve or mitigate these problems?
RB: Yes, I mean from an IT industry perspective, it would be the CIO [who should] take a look at this across all the lines of business, the business owners, customer care, marketing, network supply chain, etc., and start that industry shift. You need tools, a Big Data architecture, and you need to leverage the information you have now. You need to put a plan together that leverages the information you have, that’s not only data at rest in traditional data warehouses and reporting databases, but you also need to take advantage of new cloud technologies and Big Data streaming architectures, to be able to evolve for the future. You have to realize that it’s not like a revolution; you have to evolve to it over time. There are still a lot of changes in the market, but you also don’t want to wait for everything in the market to settle and
become solid, because then you’ll be behind your competitors. So there’s no quick fix, but there is a sense of clarity that has now come in the past few years that has moved us from the hype to reality phase, and there are some significant architectures being put together and invested in, and there are real use cases that you can learn from other industries like Amazon, Target, and other companies leading the way. It’s important for some of the traditional industries to look at this because the new digital, webscale companies have already made progress in this regard.
Q: Where do you think all this is going
to be the next five years, in terms of Big Data Analytics? RB: Ericsson’s vision is what we call the networked society. We believe every person and every industry is going to be empowered to reach their full potential. This networked society isn’t a vision for the future, it’s happening right now and we’re the major enabler of this. If you think about the communications industry, it took 100 years to connect to a million places. It took 25 years to connect five billion people. By 2020, we forecast 26 billion connected devices, which confirms we are well on the way to reaching the vision of 50 billion connected devices. As a result of connecting all of these things you hear from the Internet of Things or IOT and machine to machine or M2M, there’s going to be this exponential growth in the amount of data being generated by people, places and devices. These have to be managed and can be leveraged to enhance customer experiences, increased business efficiency and innovate new revenue streams enterprises. When we talk about this data-driven enterprise, the future is going to be about enhancing the customer experience using this data and achieving new levels of business growth in different and existing industries to be able to leverage these insights to grow revenue more proactively and on demand – kind
of like the Amazon.com, Apple, and other digital web-scale enterprises.
Q: What are your thoughts on Moore’s law as it may pertain to Big Data?
RB: I think Moore’s law will continue to reveal itself with respect to network, storage and computing power for cloud technologies that are being leveraged for Big Data architectures. So processing speed, networking, memory doubles every 18 months. I’ve read whitepapers that say it’s even accelerating because technology is moving so fast. If you apply the technology in Moore’s law to a business perspective, we also have the potential to leverage multiplicity and scale for operational efficiency, revenue generation and eventually the increase business metrics such as net promoter score, or NPS. So technology advancements are going to continue to accelerate and will be leveraged by business to enhance overall business performance faster and at scale in the future. Moore’s law will affect Big Data by having the ability to handle, processing and analyzing petabytes of data today, but exabytes, zettabytes and yottabytes in the future at a fraction of the time.
Q: So the future is still bright. RB: Oh, for sure. If you think about this notion of the networked society, every single enterprise and business is going to change as a result of mobility, broadband and cloud. And it’s all data that’s going to help transform the future and change how processes we know today are going to be significantly different in the future for every industry and business process. Think about the connected car, remote patient healthcare monitoring, wearables, the smart grid, transportation, supply chains, and smart cities – for every single one of these industries you can come up with a hundred use cases on how things can be better, faster, cheaper, and how data is the driver behind that. September/October 2015 IT in Canada Online / 9
SECURITY SHELF
By Eric Jacksch
LIFE IS SHORT, SECURE YOUR DATA
A
shley Madison compromise stories are everywhere. There have been articles on the hack itself, and analyses of data stolen and published by hackers. Noel Biderman, Chief Executive Officer of parent company Avid Life Media Inc. (ALM), stepped down late last week. So what can other businesses learn from the Ashley Madison breach? At the risk of stating the obvious, the Ashley Madison hack is receiving a lot of attention due to the nature of the business. The majority of large data compromises during the past few years have been payment card related. While it is certainly undesirable to have financial information compromised, it’s not nearly as scandalous as a massive data breach involving a business with the motto, “Life is short. Have an affair.” ALM was clearly the target of this attack. To date there have been no reports of payment card fraud, and credit card numbers were not included in the data dump released by the hackers. The criminals responsible could have attempted to extort money from ALM, but instead they demanded that the site be shut down or all data would be released. When it wasn’t shut down, they 10 / IT in Canada Online September/October 2015
followed through on their threat. The perpetrators could have easily profited by directly contacting members of the site. Even if one tenth of one per cent of the site’s reported thirty million users paid a $50 extortion, the hackers would have netted $1.5 million. But they didn’t. There are three likely attackers: A former employee with a score to settle, an unhappy customer, or a competitor. The Ashley Madison hackers complained that the company charged customers $20 to delete their profile, but the deletion was allegedly incomplete. According to Ars Technica, the site may have been, “raking in somewhere between $152,000 and $342,000 each month, just from the Full Delete option alone.” The very fact this issue was raised suggests that the hackers had intimate knowledge of the service. Based upon released data, the attack on Ashley Madison went far beyond a database compromise, and included credit card transaction information going back to 2008. Data included the name and address associated with each transaction, but only the last few digits of the credit card number. The database dumps suggest that the site stored all
information in a few MySQL databases with hashed passwords, but no other encryption. The dumps also suggest that the hackers compromised the SQL database server at the operating system level, as well as other corporate systems. Businesses that hold sensitive personal information can learn three important lessons from Ashley Madison: First, a major security breach can be fatal. Ashley Madison is pursuing a “business as usual” approach, but is unlikely to succeed due to loss of customer confidence. One might not expect Ashley Madison customers to identify themselves and take legal action, but class action suits have already commenced. Should this happen to an organization that holds personal information with less of a social stigma associated, such as medical records, litigation may be even more damaging. Second, databases do not provide sufficient security controls for personal information. If an application with read access to the database is compromised, credentials may be stolen. If the intruder is able to log on to the operating system of the database itself, taking a database dump is trivial. Encryption using keys not stored on the database server should be considered mandatory. Third, processing sensitive personal information requires stronger system and network-level security architectures. Controls such as two-factor authentication are required to protect critical assets such as databases. In most organizations, attacking a system administrator’s workstation with targeted malware will reveal passwords and ssh keys required to seize control of the organization’s Windows and Linux systems. Many companies don’t implement controls such encryption and two-factor authentication because of the cost, but, as the Ashley Madison hack demonstrates, those dealing with sensitive information can’t afford not to. Life is short. Secure your data.
R
A
D
I
O
Join us each week for a new podcast as we present the top stories from the IT industry. http://itincanadaonline.ca/index.php/wrlwnd-radio
Or Visit SoundCloud https://soundcloud.com/wrlwnd
SECURITY SHELF
By Eric Jacksch
Take metadata security seriously
Communications security is often more challenging than it seems. Security efforts have traditionally focused on protecting the content of communications, however it is critically important to consider the privacy and security implications of metadata.
12 / IT in Canada Online September/October 2015
S
ending a letter is a frequently used analogy. Content is sealed inside the envelope. The obvious metadata sender, recipient, postage stamp, and markings added by the post office - is on the outside of the envelope. Other metadata is available without opening the envelope: type, size, colour, scent, and weight of the envelope; the font or handwriting and colour of the ink. People quickly distinguish between greeting cards, expected bills, and junk mail based on this information. When mistakes occur, it is usually because an advertiser has intentionally disguised mail to avoid it being summarily discarded. The Internet is no different; many layers
of metadata exist. But security efforts usually focus on content. Almost everyone understands that it is desirable to protect emails and file attachments. Phil Zimmermann created Pretty Good Privacy (PGP) in 1991. The Internet Engineering Task Force (IETF) published the proposed Privacy Enhanced Mail (PEM) standard in 1993. The Secure/ Multipurpose Internet Mail Extensions (S/ MIME) standard was published in 1996. While PGP remains popular in the security community, none of these standards has been widely adopted, and none of them protect metadata. In response to email security concerns, several vendors offer hybrid solutions in
SECURITY SHELF which sensitive emails are directed to a HTTPS portal for retrieval by the intended recipient. Other efforts seek to protect email content and some metadata using TLS for email transport. Instant Messaging (IM) applications suffer from similar security issues. Many use TLS to protect messages, and an increasing number offer end-to-end encryption. However, many people use several different applications to keep in contact with colleagues, friends, and family on non-interoperable systems. Managing risk in this environment is a challenge. Web sites and web applications generally adopt HTTPS for content security. As discussed last week, HTTPS is a good first step, but several security issues must be addressed before it can be considered a strong security control. Metadata, on the other hand, has received comparatively little security attention. This is unfortunate because metadata is much more susceptible to automated, large-scale interception and analysis. For example, interpreting the content of every email a single individual sends and receives is complex and resource intensive. Content can be scanned for keywords and phrases, and artificial intelligence applied, but computers are not yet capable of understanding the complexity of human language, emotion, sentiment, and humour. Oral communication is even more difficult. Telephone calls (including VoIP) can be monitored, captured, and replayed, but as anyone who uses voice recognition software can attest, accuracy is still problematic. Metadata analysis is far easier to automate. Parsing email headers to extract the sender, recipients, date, time, and subject line is trivial. Mining that data to identify relationships and communication patterns is not difficult. Telephony is also rich in metadata: origin and destination telephone numbers, and the date, time, and length of the call. In addition, mobile phones provide locationbased information and VoIP provides IP addresses that can be correlated with other metadata. Internet use in general creates enormous volumes of metadata. Even if every site a person visits uses HTTPS, DNS lookups reveal the original domain names requested,
IN RESPONSE TO SECURITY CONCERNS, SOME IM SYSTEMS HAVE ELIMINATED SENDING MESSAGES THROUGH CENTRALIZED SERVERS BY ADOPTING A PEER-TO-PEER ARCHITECTURE WHILE IT MAY HELP PROTECT CONTENT, IT MAY ALSO INCREASE THE AMOUNT OF METADATA OBSERVABLE AT THE NETWORK LAYER.
and information about each HTTPS connection including the site, web server certificate, volume of data transferred, and time spent connected provides information about the user. In addition, cookies used by advertising networks allow individuals to be tracked across many sites, even without monitoring at the network layer. In response to security concerns, some IM systems have eliminated sending messages through centralized servers by adopting a peer-to-peer architecture. While it may help protect content, it may also increase the amount of metadata observable at the network layer. Virtual Private Networks (VPN) and anonymization networks, such as Tor, protect some types of metadata. However, traffic analysis techniques can still derive some information by monitoring packet sizes and timing. For example, VoIP, IM, and HTTP over a VPN have different observable characteristics. Metrics as simple as data volumes versus time, date, or day of week provide insight into operational hours. Applied to an individual, time zone and sleepwake cycles can be determined. Metadata has the potential to reveal sensitive information and deserves the same legal protections as content. The Office of the Privacy Commissioner of Canada observed in a 2014 research paper, “We continue to see notable individuals and various organizations taking the view that metadata is to
be distinguished from actual communications content, and is therefore less worthy of privacy protection.” Among the “various organizations” is the Harper Government, which has adopted the absurd position that metadata collection by government agencies is legal despite the fact that that collecting the content of the same communications would violate criminal and constitutional law. In the absence of appropriate legal protection, the only practical approach to communication security is to develop and implement better technical security controls. Developers must strive to minimize metadata exposure and focus on protecting all aspects of communications. One shining example is Open Whisper Systems, the developer of open-source secure IM and VoIP clients for Android and iOS. Not only do their apps seek to minimize metadata exposure, but they openly discuss issues and limitations. While still in development, draft specifications by the Dark Mail Alliance demonstrate the desire to significantly reduce email metadata exposure as well as protect content. It is imperative that security and IT professionals effectively address communication security issues. When assessing risks and selecting appropriate controls, all aspects of the communication must be considered. As metadata and content are part of every communication, it is time to take metadata security seriously. September/October 2015 IT in Canada Online / 13
CHANNEL CORNER
ACCOMMODATING BIG DATA
A closer look at Ericsson
By Miha Ahronovitz
CLOUDPart STORAGE 2
S
o, what is Storage? In computer engineering, we take this word for granted. In Big Data, storage means an object store. But we continue to call it “storage” as most people are familiar with the word. In this blog, let’s have a look at the engineering rationale and the human experience related to the word “storage”.
TECHNICAL BIG DATA STORAGE Meenakshi Kaul-Basu, the Leader of Data Storage in PDU Cloud System at Ericsson, suggested this reference: How an object store differs from file and block storage. You can read it in detail, but here are some essential extracts:
WHAT IS FILE STORAGE? We know a file is typically structured in a file system, which is nothing more than a hierarchical way of organizing files so that an individual file can be located by describing the path to that file. We know that certain attributes — information that might describe a file and its contents, such as its owner, who can access the file and its size — are conveniently stored as metadata in a file system. We also know that network-attached storage (NAS) is the best way to share files securely among users on a network. It works great locally on a LAN but not so well if the 14 / IT in Canada Online September/October 2015
ACCOMMODATING BIG DATA users are across a WAN. And managing a single (or a small number) of NAS boxes is trivial, but managing hundreds of them is a nightmare. The file system is responsible for the placement of data on the NAS box, as well as implementing file sharing by locking and unlocking files as needed. And lastly, file systems work well with hundreds of thousands, and perhaps millions, of files but are not designed to handle billions of files. These limitations were not well understood because many IT shops had not tested those high levels — until recently.
WHAT IS BLOCK STORAGE? We know a block is a chunk of data, and when appropriate blocks are combined, it creates a file. A block has an address, and the application retrieves a block by making a SCSI call to that address. It is a very microscopic way of controlling storage. Unlike in the case of NAS, the application decides where to place the data and how to organize the storage. How the blocks are combined or accessed is left up to the application. There is no storage-side metadata associated with the block, except for the address, and even that, arguably, is not metadata about the block. In other words, the block is simply a chunk of data that has no description, no association and no owner. It only takes on meaning when the application controlling it combines it with other blocks. Under the right circumstances, granting this level of granular control to the application allows it to extract the best performance from a given storage array. This is the reason why block storage has been king of the hill for performance-centric applications, mostly transactional and database-oriented. Adding distance between the application and storage kills this performance advantage due to latency, so most block storage is used locally instead.
WHAT IS OBJECT STORAGE? Armed with this knowledge of file and block storage, this is what an Object Storage is: … An object is defined as data (typically a file) along with all its metadata, all bundled up as an object. This object is given an ID that is typically calculated from the content of that object (both file and metadata) itself. An object is always retrieved by an applica-
tion by presenting the object ID to object storage. Unlike files and file systems, objects are stored in a flat structure. You have a pool of objects, and you simply ask for a given object by presenting its object ID. Objects may be local or geographically separated, but because they are in a flat address space, they are retrieved exactly the same way. An
CHANNEL CORNER
object is not limited to any type or amount of metadata. If you choose to, you can assign metadata such as the type of application the object is associated with; the importance of an application; the level of data protection you want to assign to an object; if you want this object replicated to another site or sites; when to move this object to a different
HIDE SEEK OR
TRACK, PURSUE AND NEUTRALIZE THREATS.
The longer threats remain undetected, the more damaging they become. Take control of your information and fight threats on your terms. It’s time to start advancing security. Take the next step at www.symantec.com.
ADVANCING SECURITY.
Copyright © 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 09/15
September/October 2015 IT in Canada Online / 15
CHANNEL CORNER
ACCOMMODATING BIG DATA
“A MUCH MORE DATA CENTRIC VIEW OF THE WORLD MEANS WE CAN ACTUALLY GET TO THE POINT WHERE “NORMAL” PEOPLE (MEANING YOU AND ME AND EVERYBODY ELSE) ARE ABLE TO LOCATE AND READ THE DATA FROM SOMEWHERE. A LOT OF VERY INTERESTING THINGS CAN HAPPEN AS A RESULT”. tier of storage or to a different geography; and when to delete this object. This type of metadata goes way beyond the access control lists used in file systems. The fact that object storage allows users flexibility to define metadata as they wish is unique to object storage. You can start to see how this opens up vast opportunities for analytics that one could never dream of performing before. Given the nature of objects, as described above, performance is not necessarily a hallmark of object storage. But if you want a simple way to manage storage and a service that spans geographies and provides rich (and user-definable) metadata, object storage is the way to go.
WHAT KIND OF BIG STORAGE DO WE NEED? Whereas being somewhat informed about big data technologies is a big plus, it does not help the average person in a company to make a decision based on the explanation above. We need a different angle. We asked Ericsson’s Cloud CTO, Jason Hoffman, what is his view. Here are excerpts from our conversation.
PEOPLE CARE ABOUT DATA, NOT STORAGE “We sell cloud storage. Yet no one cares about storage. People care about their data. They want a data centric view of the space. An example: when you look at metadata about things – associations, connections, graphs of things, startup files, data generated from events or activities, provisional files and so on – just a whole list of things. We look at a list of things that are not meant for easy usage in a corporate environment. One cannot see (easily) how important data is and what people currently want to do with it.”
DATA DIVERSITY “If you look at the whole data space, now
16 / IT in Canada Online September/October 2015
we have more data diversity. For example the Hadoop space… we get a new type of data…. But in addition to the great data diversity, we have a big diversity of “whys”. Why we keep this specific data? Why we don’t keep that other data?”
WHAT IS THE FINAL GOAL? “A much more data centric view of the world means we can actually get to the point where “normal” people (meaning you and me and everybody else) are able to locate and read the data from somewhere. A lot of very interesting things can happen as a result”. “Because for now storage solutions are intended for storage experts who run around trying to figure out how to make a suitable storage solution for a given application, but perhaps we should approach it by looking at what people are doing with this data and how much they care about it. These decisions can be made by mainstream people, no need for them to understand the differences between block storage and an object, or an “append”.
IMPORTANT QUESTIONS “What data do you generate for the company?” “What data you get sent to you from other people?” “What data do you keep?” “Why do you keep it?” “For the data that you keep, what do you do with it?” “What value does it provide to you?” “What applications generated all these data?” “How do you consume this data?”
COMPANIES WHERE DATA MATTERS VERSUS COMPANIES WHERE IT DOESN’T “Consider the companies in the world for whom data matters, versus the companies for whom it doesn’t. Historically the companies that did care became the Googles or Amazons of the world. Our hypothesis is that in an average company, people don’t pay attention enough
about extracting value from their data. People in manufacturing, and of course we have plenty of examples in Telecom, they care. We know that Oil and Gas companies care about their data sets, mining companies care too. But what about the diversity of things that people don’t consider important? What data do they need? What data is sensitive? How is that sensitive data generated? Why keep some of it? Why not keep all of it? If they do keep it, how important is the data location to them? What value are they deriving from their current data? Why can’t we make it easier for them to keep their data? Maybe we can give them a way to more confidently secure their data, and why not make it simpler to question that data? I believe that there are many more companies like the Googles of the world, where data should matter. There are at least half a dozen industries where data also should matter, though they currently don’t derive any value from it. There are reasons why they don’t. We have to address these reasons why. I call this storage solution “Empathic Storage” – storage with empathy.” Johan Carlsson, Hans Haenlein, Miha Ahronovitz Accessibility Group – Cloud Product Team.
POST SCRIPTUM Jason Hoffman, Ericsson Cloud CTO ideas inspired this blog. Geoff Hollingworth, Head of Cloud Marketing who supported in our team from day 1, seeded key ideas. We received insights from Seamus Keane. Many thanks to Deirdre Straughan and Stacie Pham the Evolution blog editors. And last, but not least, to the meaningful conversations with Noam Zomerfeld, the capable student intern in Accessibility team. Miha Ahronovitz is the senior evangelist for Ericsson’s Cloud Product Team.
TECHNOSPECTIVE PREPARING FOR WINDOWS 10
By Anthony Bartolo
HOW TO:
Reducing The Windows 10 Installation File Size Via DISM
Amidst the recent Windows 10 launch, Microsoft has released numerous versions of its latest client offering. These versions include: • Windows 10 Home • Windows 10 Pro • Windows 10 Enterprise • Windows 10 Features On Demand
2 Run command prompt with administrator privileges 3 Type and run the following command: Dism /Get-ImageInfo /ImageFile:C:\<Insert Installed ADK directory here>\install.wim NOTE: This provides confirmation of the .wim file to be modified 4 Mount the offline Windows image by running the following command: Dism /Mount-Image /ImageFile:C:\<Insert Installed ADK directory here>\install.wim /Name:”Base Windows Image” /MountDir:C:\test\ offline 5 Enter the following command to list all of the features available: Dism /Image:C:\test\offline /Get-Features
Windows 10 Features on Demand has received much interest as many have not had the chance to test out the offering first made available in Windows 8 and 8.1. The features on demand offering provides additional options which can be pre-configure or remove existing options from within Windows 10 installation software prior to deployment. Organizations can also install features from local media or remove features on designated machines after the initial installation is completed. Reducing the size of the Windows 10 installation file has it merits as it reduces the footprint to which an attacker can attempt to gain access to. The smaller installation file size also addresses the need to install Windows 10 on hardware with less storage capacity.
CASE IN POINT:
Step 2: Removing Windows 10 Features and Payload from the installation file 1 Enter the following command in the command prompt to remove unwanted features as listed in Step 1.5 above: Dism / Image:C:\test\offline /Disable-Feature /FeatureName:<enter unwanted feature name here> /Remove 2 Repeat the previous step to remove all unwanted features
Step 1: Mounting and Viewing Attributes of an Offline Image File 1 Download and install the Windows ADK for Windows 10
3 Once all unwanted features have been removed, enter the following command to commit the changes and unmount the image Dism /Unmount-Image /MountDir:C:\test\offline /Commit Once completed, simply install the reduced Windows 10 Installation file on the desired device. September/October 2015 IT in Canada Online / 17
NETWORK SPOTLIGHT MAXIMIZING STORAGE
5 WAYS
to stay within budget in upgrading to flash storage
Flash and hybrid storage are the latest nirvana technologies, as they promise to relieve all storage performance problems. Determining which applications justify the need for flash and exactly how much flash storage to deploy remains the biggest questions. The answers usually revolve around understanding application workload performance requirements and having the data for a realistic cost/benefit analysis for solid-state deployment. Here are five ways to help you stay within budget as you evaluate upgrading to flash storage.
1
Understand the workload I/O profile of your production applications. Storage architects need to gather intelligence about the unique characteristics of their application workloads in a given environment. The concept is to extract and analyze statistics on production workloads from the storage infrastructure to establish an I/O baseline profile. From there, you can project I/O growth trends. By capturing all of the attributes of the production environment, highly accurate workload models can be created which enable storage infrastructure managers to stress test storage product 18 / IT in Canada Online September/October 2015
offerings using THEIR specific workloads.
2
Create workload models based on the workload I/O profiles. Workload models represent storage traffic as it enters the storage array. The profile will represent random vs. sequential data, reads vs. writes, distributions of blocks sizes, distributions of files sizes, queue depths, data content types, access patterns, and other key metrics that comprise the storage traffic.
3
The workload models can then be combined with a load generation appliance and used to generate workloads against any potential storage system or configuration. Once these workloads are executed against the storage system(s), you can determine the I/O performance characteristics and limitations of any given storage platform. This allows storage planners to size their deployments without over or under provisioning. It also enables the projection of when more resources, like network bandwidth, storage IOPs, etc., will be needed to maintain SLAs and whether or how much flash storage will be cost-effective.
By Len Rosenthal
4
Flash storage offers very high performance, but it is most costeffective when used with inline deduplication and compression, which dramatically lowers the cost per GB. Unfortunately, these technologies impact application performance – in some cases by a factor of 2X or more. You need to fully understand their performance impact before making the purchase decision. Every storage vendor has a different implementation and uses different algorithms. Accurately measuring the performance of deduplication and compression depends on generating data content patterns sufficient to stress a storage array. Ensure your load generation appliance can generate compressed and deduped content.
5
Use flash performance validation solutions that have easy to use reporting and analysis tools. This means being able to easily understand and compare IOPS, latency and throughput across a variety of your specific application workloads. The ability to automate the testing and report generation process, without any custom scripting, is critical. Performance validation appliances enable infrastructure planners to bring more automation into the storage performance planning and validation process. These purpose-built appliances can be used to help organizations pre-determine if flash storage is truly justified and test all configurations prior to making production deployment decisions. Len Rosenthal joined storage performance validation leader Load DynamiX in July 2013 and is responsible for worldwide marketing. Prior to Load DynamiX, he held executive positions at Virtual Instruments, Panasas and QLogic and held senior marketing management roles at Inktomi, SGI, and HP. Len earned an MBA from UC Berkeley’s Haas Business School, a BSEE from the University of Pennsylvania and a BS Econ from Penn’s Wharton Business School. For more information about Load DynamiX, please visit www.LoadDynamiX.com
http://www.itincanadaonline.ca
Are you missing out? Please supply us the following information to allow us to provide another year of Free subscriptions to IT in Canada Online.
subscribe
now!
Fax: 905-727-4428 mail: 23-4 vata Court, aurora, ON, l4g 4B6 email: circulation@iticonline.ca
Name:
TiTle:
OrgaNizaTiON:
address:
CiTy:
COuNTry:
PrOviNCe:
POsTal COde:
e-mail address:
PhONe:
suBsCriBe TO Free digiTal magaziNe:
yes, Please
NO, ThaNks
suBsCriBe TO Free weekly e-NewsleTTer:
yes, Please
NO, ThaNks
Privacy Policy: we do not share or sell our mailing list
CHANNEL CORNER
ACCOMMODATING BIG DATA
A BREEDING GROUND FOR HACKERS: Secrets behind the Dark Web
S
ecurity is imperative for a company to succeed in the long haul – there’s never been a doubt on this in the IT industry. But lately, this truth has garnered even greater attention with global headlines showcasing the profound impact security has over the health and safety of companies, government and the general public. Reality hit Canadians hard this year, with multiple breaches taking a toll across the nation and the world. Take for instance the recent case of Ashley Madison – the worldwide scandal based in Toronto, where nearly 40 million accounts were outed for using its service, and as a result, faced with detrimental consequences in their professional and personal lives. As time goes by, we’re learning that a security breach is not just an IT hoax, but an issue that delivers very serious consequences in society. That’s why the industry and society as a whole should collectively work towards better understanding the ins and outs of the cyberspace, including the Dark Web, the side of the Internet behind the typical web browsers consumers use every day. While the majority of global consumers may not often find themselves on the Dark Web, it’s fairly easy to access and put companies at risk on a daily basis. “The Onion Router” (Tor for short) is a network that connects directly to the Dark Web, and enables anonymous communications by letting users jump through relay nodes via multiple IP addresses. This anonymous communication is incredibly valuable for worthy causes such as: journalists uncovering stories, government officials exchanging intelligence, or even law enforcement officials trying to track predators. However, it also opens doors to stealthy hackers looking to launch a cyber-attack or share details with other cybercriminals. 20 / IT in Canada Online September/October 2015
In fact, the 3Q 2015 IBM X-Force Threat Intelligence Quarterly Report released in August, showed the growing dangers of cyber-attacks originating from the Dark Web through the use of the Tor network/ browser. The report found that so far in 2015 more than 600,000 malicious events originated from Tor around the world. The United States lead with more than 150,000 malicious events, while countries including Romania, France, and Luxembourg, have each seen more than 50,000 malicious events originating from Tor thus far in 2015. The growing popularity of Tor represents a troubling problem for enterprises. Employees may be tempted to download the Tor browser to find out what they can discover on the Dark Web – even for non-malicious reasons. However, if an employee activates a Tor browser on an enterprise network, it not only puts the company at risk for a malicious attack that can compromise confidential corporate data, but in some instances the organization can be held legally liable for data or illicit or malicious content that comes through that Tor node. Companies need to understand that the Dark Web is easier to find than they assume. In order to help protect themselves from potential threats and liability concerns, organizations should: • Develop a comprehensive corporate policy for the acceptable use of networks such as Tor. If your industry requires the use of Tor-like networks – journalists, law enforcement, cybersecurity professionals – make sure that there is a complete corporate policy in place so employees understand how and when they can access these networks. Not every employee in the company will need this access, so having a policy in place with limited approvals can lower the risk of
By Sandy Bird
threat and make it easier to track activity. • Configure corporate networks to deny access to anonymous proxies or anonymization services such as Tor. There are only a few business-centric instances that may require access to the Dark Web. Therefore, most organizations should be set up to deny any access to networks. • Warn all employees that accessing prohibited websites could result in disciplinary action. It’s important that all employees understand the threats that come with connecting to the Dark Web through networks like Tor. They should also understand the consequences that may occur if they access a stealth network on a corporate device. By doing so, employees are educated about the dangers and are less likely to put their company as well as their role inside an organization at risk. The recent Ashley Madison hack isn’t the first incident to come out of the Dark Web. In the past, it’s been associated with classified media websites and illegal marketplace operations. The Dark Web is easy to find if someone is interested in exploring. Furthermore, whether the reasons leveraging it are noble or not, it’s important to understand the dangers of what can occur while using Tor. As technology continues to evolve, companies – and others as well – must adapt and ensure proper security measures are in place to avoid the very real and damaging affects of a cyber-attack. Sandy Bird was the co-founder and CTO of Q1 Labs, now part of IBM. Today, he’s the CTO for IBM Security and is responsible for the company’s strategic technology direction. Sandy has extensive technology experience specializing in database design and development for web applications. Prior to IBM and Q1 Labs, he held a variety of technical positions at the University of New Brunswick in support, development and administration. Sandy studied Electrical Engineering at the University of New Brunswick and was named an IBM Fellow in 2014.
Technology cook-off
2016
coming This winTer
What is the best combo dish for SMB?
But wait a minute...
It’s Mobile solution & CRM
Where can SMB go to learn about this combo? Where can you get the impartial story about trials and tribulations of professionals? How do small business owners make sense of the morass of content, uninformed opinions and biased vendor self-promotion? Who provides the depth of real knowledge and insights? CoMe to Technology cook off 2016 and let tHe CHefS preSent tHeir BeSt platterS. over the next few months it in Canada will build communities for 3 hardware with 3 software platforms that can be most helpful to sales professionals. each community will work towards developing the “Secret Sauce” that shows that their solution is the best in the market. on the day of the event each team will be posed with 5 challenges to solve which will push each solution to the max. they then will be judged and winners selected. Vendors will have the chance to display their solutions as well. this is an opportunity for vendors to have a cook off with each other to determine the best sauce for the SMB combo. the overall objective of this event is to provide profound insight into what is lacking in the market and to help customers discover their own solutions. instant leads helps customers who cannot wait to connect with sponsors throughout the process.
for more information please contact Jose Labao at 905-727-4091 ext.231 or josel@netgov.ca Visit us at www.itincanadaonline.ca
CHANNEL CORNER
ACCOMMODATING BIG DATA
By Peter Linder
NOOOOOOOOOOOO Who is real hero in storage ‘race to zero’? T
he “Race to Zero” is a concept with multiple interpretations. One is reducing the amount of garbage that ends up as landfill to zero. Another is the elimination of carbon dioxide emissions. And more recently we have had a vision of free storage without volume caps. The race towards free non-realtime accessible storage is on. We all have access to free picture storage, though capped at certain volumes. Parts of the cloud industry are now working towards a gradual transition from this model to free storage, their own “race to zero.” This future will be one of basic storage capabilities offered free without any volume caps. Yet the cost of providing storage is not free. The cost of the actual storage hardware is low and falling quickly in line with Moore’s Law. But hardware is just a relatively small component of the total storage costs. The majority is in the all the surrounding cost to operate the storage hardware. The total cost for storage is not approaching zero, and the rationale for a zero price therefore need to be found elsewhere. Business model transformation Free storage is more a game about business model transformation. Something with a significant cost (storage) is offered free up front. Then 22 / IT in Canada Online September/October 2015
something with no/low cost (software and services) is sold later as value-added services. This minimizes the number of players able to operate in the market, by increasing the barriers to entry. It also has the potential to create a strong lock-in effect, with customers getting the initial part of the offering for free, then paying premium prices for supplementary services once the lock-in effect has been achieved. Zero-charged storage is provided from centralized data centers and is great for nonrealtime no-frills storage needs. It assumes networking is free from the storage site to the user. However, it is unlikely we will see free storage provided from high-performance distributed data centers this decade even though it would reduce overall networking costs significantly. In order to understand the implications of this, we can use an analogy to the massive rainfall in Texas during May 2015. The storms could in theory have helped address the world’s freshwater needs. The amount of rain that fell that month in Texas is sufficient to global drinking water needs for a few years. The only problem is that distribution is not free. Creating a free storage market with supplementary charges for value-added services assumes that a similar business model is pos-
sible for the required networking. But current network neutrality regulations prevent such models from being realized. So it remains to be seen how zero-rated storage will be used. It makes sense for businesses and consumers to discuss a few strategic questions on why and when free storage could make sense: • Which value-added services will be required to address my complete storage needs? • What are my costs for the associated lockin effects with zero-rated storage? • What changes in my networking needs will zero-rated storage drive? • How will the real-time requirements of video change my needs for zero-rated storage? • What are the TCO savings I can gain by leveraging zero-rated storage? Peter Linder is a Networked Society evangelist at Ericsson. He describes himself as a versatile visualizer, alliteration aficionado, movie maker and kinetic keynoter. His contributions focus on seven fields of market development: #SocietyShaping, #IndustryInnovations, #DeviceDiversification, #UnlockingUsers, #VersatileVideo, #NetworkNovelties and #BoldBusinessmodels. Peter joined Ericsson in 1991 and is currently based in Dallas, Texas.
TECHNOSPECTIVE CLOUD ADOPTION
By Marcello Sukhdeo
A CLOUD ADOPTION REACHES A NEW STRATOSPHERE
recent global study released by CISCO indicates that cloud technology is moving into its second level of adoption. With this new level, companies are looking to cloud as a platform to power innovation, growth and disruption–rather than using it for just efficiency and cost reduction, as was done previously. This study was conducted by compiling the opinions of IT decision-makers in 3,400 organizations in 17 countries that have successfully implemented private, public and hybrid clouds. Findings revealed that 53 per cent of companies surveyed expect cloud to drive increased revenue over the next two years. This, however, would be difficult as only 1 per cent of those surveyed have optimized cloud strategies currently while 32 per cent have no cloud plan in place. Nick Earle, Senior Vice President at Global Cloud and Managed Services Sales for Cisco said in a press release that, “as we talk with customers interested in moving to the second wave of cloud, they are far more focused on private and hybrid cloud.” He went on further to highlight that this focus was because, “private and hybrid offer the security, performance, price, control and data protection organizations are looking for during their expanded efforts.” This insight was the strategic factor used to drive the study, which was sponsored by Cisco and developed by the International Data Corporation (IDC). It shows that 44 per cent of companies are either currently using or have plans to implement private cloud while 64 per cent are contemplating hybrid cloud implementation. Private cloud provides better resource use, greater scale, and faster time in responding to requests while adopting hybrid cloud can be more complex but offers workload portability, security, and policy enablement. In the monetary benefit area, organizations surveyed are gaining an average of $1.6 million in additional revenue per application deployed on private or public cloud while at the same time realizing $1.2 million in cost reduction. The factors that contributed to increased revenue were largely based on sales of new products and services, acquiring new customers, and selling into new markets. Revenue increases were also attributed to better innovation stemming from the move of IT resources from one that is outdated to newer and more strategic innovative initiatives. Further cost reductions resulted from operating on a more scalable, reliable, and higher-performing environment resulting in improved agility, increased employee productivity, risk mitigation, infrastructure cost savings and open source benefits. As can be seen, the benefits of adopting cloud are numerous for any company but yet there are many companies that are still way behind in adopting this initiative. Does your company have a successful cloud policy and strategy? Are you unsure as to what to look for in adopting cloud? Not sure what to make of these findings? Fortunately, Cisco is assisting companies explain the findings of this study in two formats: a simple, survey-based tool and a more in-depth workshop. For more on how to access the tool and additional information, visit www.cisco. com/go/bca. September/October 2015 IT in Canada Online / 23
LEADERSHIP SUMMIT 2015 L E A D I N G FO R R E S U LTS
MARK YOUR CALENDAR Date: November 18, 2015 Time: 8:30 a.m. – 4:30 p.m. Place: Westin Hotel, Ottawa
LEADERSHIP PaRTiCiPaTE aS a PaRTNER To REaCH THiS UNiQUE aUDiENCE
SUMMIT 2015
The 2015 Summit brings together innovative thought leaders and executives from the public and LEADING FOR RESULTS private sectors to interact with public sector executives, managers and their teams in a unique format designed to deliver a world-class learning exchange and networking experience.
Don’t MISS tHIS LeaDerSHIp SUMMIt anD aWarDS Summit program includes sessions on Linking Leadership and Engagement, Learning to Lean, Driving Employee Engagement through a Revitalized Strategy and Balanced Scorecard, Leadership Sustainability, Big Data/Business Discovery.
CONTACT US FOR MORE DETAILS
Keynote SpeaKerS:
LEADERSHIP
SUMMIT 2015
REgiSTRaTioN FEE
LEADING FOR RESULTS
Early Bird - Register by September 1, 2015 $600.00 plus HST Regular rate for this one-day event is
$750.00 plus HST Two or more registrants from the same organization pay
$500 each plus HST
Donald Farmer
Donald is the VP Innovation and Design, working with customers and partners to establish Qlik as the leading solution for Business Discovery. Donald has over twenty years’ experience in analytics and data management. In that time he has worked as a consultant, in startups and as a leader of Microsoft’s BI product teams.
John J. Scherer
As a former Combat Officer on a US Navy Destroyer, Lutheran Chaplain at Cornell University, Gestalt and Family Systems Therapist, Graduate School co-creator, author, successful consultant and entrepreneur, John brings a unique perspective to his life and work. Business and community leaders from 23 nations have graduated from his Executive and Leadership Development Intensives.
For more information please contact Marcello Sukhdeo: 905-727-4091, x224 or Jose Labao: 905-727-4091, x231 Visit us at rightcrowdevents.com/events/cge/summit/
Paul Niven
A noted speaker and writer on the subjects of Strategy, the Balanced Scorecard, and Performance Management. He has delivered keynote addresses at conference events around the world and has published in a number of noted journals.