December 9, 2011 by amritw
“I am not a number, I am a free man”
IDC reported that we generated and replicated 1.8 zettabytes – that’s 1.8 trillion gigabytes – of data in 2011. To give you an example of scale you would need to stack CDs from Earth to the Moon and Back again – twice – to represent that amount of data and its expected to grow 50x by 2020. Interesting factoid: Through April of 2011 the Library of Congress had stored 235TBs of data. In 2011 15 out of 17 sectors in the US have more data per company than the US Library of Congress, much of that data is about you.
Facebook is preparing to raise $100 billion, yes a hundred billion, in a highly anticipated IPO next spring. Twitter is valued at $10 billion, and social media companies are pulling massive valuations. In terms of data, roughly 4 billion pieces of content are shared on Facebook every day, and Twitter registered 177 million tweets per day in March of 2011. The success of these companies, and many others, is trade in human commodity. There is an inherent value to your tweet, your wall post, becoming mayor at some DC cafe or posting your location to wherever people post those things, but the real value is simply in your existence as a number in a sea of other 1 and 0′s.
We are entering a world where every aspect of our lives, short of those thoughts we hold deep, will be processed, indexed, analyzed and archived forever. What we search for, our online activity, where and how we drive, what we buy; when and how often, our health, financial, and personal records digitized for quick sale to the highest bidder. Never before have we had the ability to implement systems to handle massive volumes of disparate data, at a velocity that can only be described as break-neck and with this ability comes the inevitable misuse.
The commercial implications to companies having access to this depth and breadth of customer intelligence is clear, but this same information federated with the analysis of unstructured video, picture, voice and text data in the hands of our government or one that meant us harm is truly frightening.
Social media is an interesting experiment in applying a large scale operant condition chamber to a mass population, the law of effect is a retweet, a friending, being listed on a top x most influential list, or whatever else elicits the desired response. We leap head first off the cliff of technology and only concern ourselves with the implications when they become a problem for us.
The irony is that in our search for identity and individuality in an increasingly digital world we have willingly surrendered that which we used to hold so dear – our privacy.
May future generations forgive us.
Posted in Analytics, BigData, Hadoop, Security, Technology | Tagged big data, Economics, facebook, Google, internet security, Microsoft, network security, privacy, Quantivo, social media, twitter, Yahoo | 1 Comment »
December 8, 2011 by amritw
On December 1, 2011 a Class-action lawsuit was filed in United States District Court Northern District of California against Hewlett-Packard, alleging violations of The California Consumer Legal Remedies Act for Injunctive Relief and the California Unfair Competition Law based on non-disclosure of a known security vulnerability (read the filing here)
Nature of the Action
l. Plaintiff brings this action individually and as a class action against Hewlett-Packard Company (“Hewlett-Packard” or “HP” or “Defendant”) on behalf of all others who purchased a Hewlett-Packard printer (the “HP Printers”).
2. The HP Printer’s suffer from a design defect in the software (which is also sometimes referred to as “firmware” ) that is resident on the HP Printers, which allow computer hackers to gain access to the network on which the HP Printers are connected, steal sensitive information, and even flood the HP Printers, themselves, with commands that are able to control the HP Printers and even cause physical damage to the BP Printers themselves.
3. Despite Defendant’s knowledge of the design defect in the software of the HP Printers. Defendant has failed to disclose the existence of the defect to consumers
4. As a result of the facts alleged herein, Defendant has violated California laws governing consumer protection.
Continue Reading »
Posted in Security | Tagged HP, Security, Vulnerability disclosure | 1 Comment »
November 3, 2011 by amritw
<Warning: This post has nothing to do with technology, information security, or anything else I normally blog about>
This post is dedicated to the memory of Stephanie Renee Fong
When I was in my early 20s I met a young women named Stephanie, we quickly grew very close. Stephanie was special to me in many ways, but most of all she always seemed to provide me so much warmth and comfort.
One winter she had bought me this really cool warm coat, she ended up wearing the coat most of the time to the point that the coat smelled like her…which always brought a smile to my face.
Stephanie was allergic to legumes and also suffered from Asthma, which required her to use a special prescription inhaler. I never realized the extent that allergies can impact us until one day in August 1994. Continue Reading »
Posted in Family | Tagged Warm Coat, World Impact | 7 Comments »
September 21, 2011 by amritw
I love data, I love the benefits that data analysis offers, and I love the concept of large amounts of data being massaged, queried, and providing insights through a whole new set of technical innovations – and there are many in data right now. In fact I believe that this year has probably been the largest year for VC investments in database technologies in a really, really long time (Recent VC investment in NoSQL companies; Neotech $10.6m, Datastax $11m, 10Gen $20m, Couchbase $14m + all the $ in big data, BI and analytics)
Continue Reading »
Posted in Analytics, BigData | Tagged Analytics, business intelligence, data-driven | 2 Comments »
September 21, 2011 by amritw
We have entered a new era of information technology, an era where the clouds are moist, the data is obese and incontinent, and the threats are advanced, persistent, and the biggest ever. Of course with all the paradigm-shifting, next generation, FUD vs. ROI marketing, its important to remember that sometimes we need to balance innovation against misunderstood expectations, vendor double-speak, and relentless enterprise sales guys.
Because contrary to the barrage of marketing, these technologies won’t make you rich, teach you how to invest in real-estate, help you lose weight or grow a full head of hair, it won’t make you attractive to the opposite sex, nor will it solve all your problems, in some cases they can improve the efficiency and effectiveness of your operating environment but it requires proper planning, expectation setting and careful deployment…and on that note, I give you the top 10 most overhyped technology terms over the last decade.
Continue Reading »
Posted in Analytics, BigData, Hadoop, Rants, Security, Silliness, Technology, Virtualization | Tagged advanced persistent threats, apt, big data, cloud computing, cyberwar, data leak prevention, Desktop Virtualization, DLP, facebook, foursquare, Hadoop, mobile malware, NAC, Network Access Control, operant conditioning, social media, twitter, Virtualization, VMWare | 5 Comments »
September 10, 2011 by amritw
So recently I posted some thoughts on big data and the increasing usage of Hadoop, the general theme was data management != data analysis…this caused confusion with some folks, as evidenced by the twitter exchange (tweets haven’t been altered but some extraneous ‘noise’ removed to maximize your reading pleasure)
@Beaker @amrittsering I’m confused by your last blog. Is your point that people are spending $$$ on data aggregation hoping it leads to analytics?
@
Beaker @
amrittsering I read/re-read your posts & it’s almost like u r suggesting majority of co’s deploying Hadoop (e.g) are clueless WRT why?
Posted in Analytics, BigData, Hadoop, Rants, Silliness, Technology | Tagged @beaker, big data, FAIL, failure, Hadoop, twitter | 1 Comment »
September 10, 2011 by amritw
Big data is a scorching hot topic, currently capturing a lions share of the markets available stock of hyperbole and for good reason, data is growing at a meteoric rate.
As we continue to innovate, as business accelerates technology adoption, as the line bleeds between corporate and personal computing and as we interact more in digital mediums we are creating mountains of data. Much of this data is garbage, but some of it is gold (big-data-are-you-creating-a-garbage-dump-or-mountains-of-gold).
Unfortunately with all overly hyped technologies there is a lot of misinformation, failed expectations and the inevitable trough of disillusionment, but that doesn’t mean you have to spend months or years curled up in a fetal position, disillusioned and wondering what went so wrong. With a thoughtful approach you can venture through the murky swamp of your big data and find the insights that provide your company a significant competitive and market advantage.
Continue Reading »
Posted in Analytics, BigData, Hadoop, Technology | Tagged big data, Cloudera, column store, data lakes, data swamps, EMC, Hadoop, IBM, OLAP, Oracle, Quantivo, relational database | 2 Comments »
September 4, 2011 by amritw
You’re not really sure how it happened, but some time between last year and the summer of 2011 you were suddenly facing a big data problem, or you were being told you were facing a big data problem, or more accurately you were being told that you needed a big data solution.
Funny thing was that you hadn’t really done anything drastic over the last couple of years that would seem to indicate a tsunami of data was about to breach your storage floodgates, but then again it wasn’t like you watched yourself going bald either.
Continue Reading »
Posted in Analytics, BigData, Hadoop, Rants, Television | Tagged big data, CMDB, CRM, EMC, ERP, Gartner, Hadoop, Hortonworks, IBM, PKI, Quantivo, Teradata | 1 Comment »
September 1, 2011 by amritw
It is the foundation for the free market system and capitalism and it is every entrepreneurs dream; build a great technology, execute and achieve excellence in GTM, deliver fantastic value to customers and take great pride in watching your passion grow – fast.
Then it happens; the exit, the liquidation event, the ‘golden ticket’ and in a blip of your time on this tiny little rock your life changes.
Last year, after spending almost four years as the CTO of BigFix, we were acquired by IT industry behemoth IBM (IBM to acquire BigFix) for what was the largest acquisition of a private software company in 2010 (second was CA’s acquisition of Nimsoft at around $380m) and my life changed…
Continue Reading »
Posted in Family, Rants, Silliness, Technology, Travel | Tagged BigFix, CA, IBM, McAfee, Network Associates, Nimsoft | 2 Comments »
So it appears the Internet went down, or so many claimed when they were presented with 404 errors when attempting to watch “Georgia Hillbilly Massacre 17: The return of the Banjo Man” on Netflix - Since Netflix is selective on what you can stream they certainly weren’t queuing up the latest and greatest new releases, but that is a totally different rant – or attempting to declare themselves the Mayor of “who gives a rats ass where you are right now” on Foursquare.
Last time this happened some started to claim that it rocked the very foundation of confidence in cloud-computing (here), yet they failed to juxtapose Amazon’s operational failures against the universe of enterprise operational failures, security compromises and general administrative stupidity that plagues nearly 99.98% of every organization on Earth (minus the DPRK’s website, really not more you can do to fudge that one up)
Continue Reading »
Posted in Analytics, BigData, Security, Technology | Tagged Amazon, availability, AWS, cloud computing, EC2, operational failure | Leave a Comment »
“Information is not knowledge” – Albert Einstein
I recently read a couple of posts about BigData from my friend Chris Hoff - “Infosec Fail: The Problem With BigData is Little Data” and “More on Security and BigData…Where Data Analytics and Security Collide”
In these posts Hoff posits that the mass centralization of information will benefit the industry and that monitoring tools will experience a boon, especially those that leverage a cloud-computing architecture…
This will bring about a resurgence of DLP and monitoring tools using a variety of deployment methodologies via virtualization and cloud that was at first seen as a hinderance but will now be an incredible boon.
As Big Data and the databases/datastores it lives in interact with then proliferation of PaaS and SaaS offers, we have an opportunity to explore better ways of dealing with these problems — this is the benefit of mass centralization of information.
Hoff then goes on to describe how new data warehousing and analytics technologies, such as Hadoop, would positively impact the industry…
Even when we do start to be able to integrate and correlate event, configuration, vulnerability or logging data, it’s very IT-centric. It’s very INFRASTRUCTURE-centric. It doesn’t really include much value about the actual information in use/transit or the implication of how it’s being consumed or related to.
This is where using Big Data and collective pools of sourced “puddles” as part of a larger data “lake” and then mining it using toolsets such as Hadoop come into play…
Continue Reading »
Posted in Analytics, BigData, Hadoop, Security | Tagged Amazon, Analytics, BigData, Chris Hoff, database, datawarehouse, Gartner, Hadoop, IDC, OLAP, RDBMS | 8 Comments »
November 16, 2010 by amritw
There is a dull hum permeating the industry of late – security is dead some say, others think it to be too costly to maintain, others still believe that what is needed is a change of perspective, perhaps a radical shift in how we approach the problem. What underlies all of these positions is a belief that the status quo is woefully ineffective and the industry is slated for self-destruction or, as a whole, we will succumb to a digital catastrophe that would have been avoided if only we had just…well, just done something different from whatever it is we are doing at the time something bad happens.
As we go round and round on the never ending hamster wheels provided as best practice guidelines and securty frameworks by security vendors, consultants, and pundits, we find ourselves trapped in an OODA loop that will forever deny us victory against malicious actors because we will never become faster, or more agile than our opponents. But to believe one can win, implies that there is an end that can be obtained, a victory that can be held high as a guiding light for all those trapped in eternal security darkness. We are as secure as we need to be at any given moment, until we are no longer so – when that happens, regardless of what you may believe, is outside of of our control.
One of the biggest trends in security over the past 5-6 years has been its movement into mainstream IT. Traditionally IT security has been seen as outside of normal business processes. Organizations tended to react driven by a security incident or compromise, an audit or compliance event, or due to perceived changes in the threat landscape. For the most part security has been and still is an afterthought.
Continue Reading »
Posted in Security | Tagged 2011 predictions, BigFix, Information Security | 23 Comments »
August 31, 2010 by amritw
Someone sent me this quote in an attempt to convince me that we should focus on vulnerabilities and not threats…I don’t think they are mutually exclusive, but here nor there…
Our data tells us that focusing on vulnerabilities is more effective in reducing risk than focusing on threats. In fact, of nine specific types of threats we examined in our survey, none proved to be statistically significantly related to increased risk, although many vulnerabilities were. The enterprise can do little at best to control threats, especially external ones, but it can do a lot to control vulnerabilities. Focusing on vulnerabilities reduces an enterprise’s tendency to react to what is apparently most urgent – such as the threat reported in yesterday’s newspaper – and helps the enterprise act instead to reduce vulnerabilities that might be exploited by any number of threats. No nation can control the level of the sea, but a nation can build dikes to reduce the vulnerabilities of its lands to high waters; no enterprise can control a sea of external hackers, but an enterprise can plug the holes in its network dike that hackers might otherwise exploit.
In short, vulnerabilities, not threats, are the root cause for high risk exposure, and it’s best to focus on the root cause.
- IT Risk: Turning Business Threats into Competitive Advantage by George Westerman, Richard Hunter, page 126
My response: If you live in the Ghetto, what contributes to your high risk exposure, your lack of steel doors and bullet proof glass or the shitty neighborhood you live in that is full of gangs, thugs, crack whores, and meth addicts?
Posted in Security | 18 Comments »
I will post more later but given all the blood, sweat, and tears we have poured into BigFix we are extremely excited about this move.
IBM and BigFix are a great fit. The product portfolios are very complementary (data center to the endpoint), the strategy and vision are well-aligned (automated service management and convergence) and the companies respective values and focus will drive greater innovation to the market
Product and market synergies
- BigFix offers best in class endpoint management (PCs, laptops, and distributed servers) that extends the IBM portfolio enabling their smarter computing vision from the data center to endpoints anywhere in the world
- Our product portfolios are very complementary, as demonstrated by the many joint customers we successfully serve today
Strategy and vision:
- We share a common vision for delivering automated service management and security and operational convergence to our customers worldwide
- IBM intends to continue to evolve the rich capabilities of the BigFix platform and to innovate, integrate, and expand the combined solutions to address a broader set of market requirements than ever before
Company values and market focus
- We share similar ideals and value around integrity and innovation
- We both have a workforce that is provisioned and dedicated to solving the problems of the largest and most sophisticated enterprise environments in the world.
Continue Reading »
Posted in Security, Technology | Tagged acquisition, BigFix, data center, IBM, it automation, service delivery, systems and security management, Tivoli | 4 Comments »
Recently I wrote a guest editorial for Virtual Strategy Magazine, although I have to admit I wasn’t made aware of my goofy picture – look away I’m hideous – until the article was published. You can find the full contents at Virtual Strategy Magazine
Continue Reading »
Posted in Security, Virtualization | Tagged BigFix, citrix, Desktop Virtualization, Microsoft, PC Hypervisors, Server Virtualization, VDI, Virtualization, VMWare | 1 Comment »
I wouldn’t normally read Rolling Stone but strolling through the airport I noticed “The Biggest Cyber Crime in History – Sex, Drugs & Hackers Gone Wild” on the cover and like passing a train wreck you can’t help but stare at I had to buy a copy, that and it appears that Russel Brands armpit was positioned ever so strategically against the reference as well – very apropos I might add.
Continue Reading »
Posted in News, Rants, Security | Tagged Albert Gonzalez, cybercrime, Dave and Busters, Department of Justice, Heartland payment systems, Rolling Stone, TJ Maxx | 8 Comments »
Michal Zalewski, a security researcher at Google, recently wrote a guest editorial for ZDNet entitled “Security Engineering: Broken Promises”. The article lays out a series of issues with the security industry, specifically looking at an inability to provide any suitable frameworks for software assurance or code security.
We have in essence completely failed to come up with even the most rudimentary, usable frameworks for understanding and assessing the security of modern software; and spare for several brilliant treatises and limited-scale experiments, we do not even have any real-world success stories to share. The focus is almost exclusively on reactive, secondary security measures: vulnerability management, malware and attack detection, sandboxing, and so forth; and perhaps on selectively pointing out flaws in somebody else’s code. The frustrating, jealously guarded secret is that when it comes to actually enabling others to develop secure systems, we deliver far less value than could be expected.
Continue Reading »
Posted in Security | Tagged Adam Shostack, Adobe, Faith, Google, Michael Howard, Michal Zalewski, Microsoft, Ryan Naraine, SDL, Software Assurance, ZDnet | 2 Comments »
Back
to
Basics:
What
is a Client Hosted Virtual Desktop (CHVD)?
Client
hosted virtual desktops
refer
to
the
combination
of
a
management
system
and
a
hypervisor
on
a
client
PC,
utilizing
the
local
resources
to
execute
the
operating
system.
Figure 1. different desktop virtualization models segmented by central vs. distributed computing environment support and reliance on operating system
Posted in Security, Technology | Tagged BigFix, citrix, Desktone, Desktop Virtualization, Installfree, Mokafive, Neocleus, ringcube, Symantec, virtual computer, Virtualization, VMWare, VMWare view, Xenclient, XenDesktop | 2 Comments »
The rising tide of mobile computing, driven by the introduction of consumer devices such as the iPhone and iPad, is crashing against the shores of many an IT shop. Most IT organizations have lived on a diet of corporate policy restrictions and liberal use of the word “No!”, unfortunately their time has come. Continue Reading »
Posted in Security, Technology | Tagged Apple, BigFix, consumerization of IT, enterprise management, Information Security, iPad, iPhone, Microsoft, mobile computing, Windows | 1 Comment »
Beijing, China – April 1, 2010 – The Chinese government announced that effective immediately all US based technology firms and associated products and services will be banned from all Chinese government and state-run agency IT environments. The ban is expected to include critical infrastructure, such as military, finance, utilities, and healthcare as well as education, retail and manufacturing companies. Continue Reading »
Posted in Security, Silliness, Technology | Tagged Apri Fools, China, Economic super power, Google, HP, Hu Jintao, IBM, India, Intel, Microsoft | 2 Comments »
Older Posts »
