Dan Riehl, a veteran System iNEWS tech editor of 21 years, recently made a major career and gave us his IBM i-focused take on security trends and challenges, SSO, and PCI. You can read the complete interview online [2].
System iNEWS: Tell us about the big change in your work life.
Riehl: I made the decision that I was going to leave Help/Systems [3], and at that point in time, my emphasis was that I was going to do security services for my customers and also provide training through my training website, 400school.com [4]. I started a new company called the IT Security and Compliance Group [5].
I reviewed all the security products I could. I was most impressed by the software put out by a French company named Cilasoft [6]. The methodology built into Cilasoft's products is different from any other vendor's and uses a clever design to accomplish the same ends as the other vendors' products but with a better result and a more intelligent interface. So as I was speaking to the people at Cilasoft, we decided that since they didn't have a presence in the U.S., I would become their head of U.S. operations to provide sales and support and management of the product line in the U.S. Since I would be recommending their products to my customers anyway, it made sense to make a full-fledged commitment to Cilasoft.
In addition to Cilasoft, I have reseller or referral agreements with Help/Systems to recommend PowerTech [7] products, Patrick Townsend Security Solutions [8] to recommend their encryption products, and SkyView Partners [9] to resell their Policy Minder product. Cilasoft doesn't have everything customers need, so in those cases, I recommend what I consider to be the best products to meet customer needs.
System iNEWS: What trends do you see in the security software industry that will affect our readers?
Riehl: Probably the biggest thing is consolidation: Consolidation in the vendor community through acquisitions, and consolidation of the IBM i servers throughout the community. Last year, obviously, we saw Help/Systems parent Audax [10] acquire both Bytware [11] and PowerTech, and that took Robot/SECURITY and Bytware StandGuard Anti-Virus and the PowerTech suite and put them all together in one company. And that will have some effect on those customers. It remains to be seen which of those products will be sunsetted and which will continue to be supported.
Some of the things I'm hearing include the possibility of increased maintenance prices or vendors changing the pricing schemes because pricing by processor group doesn't work anymore.
With the consolidation, what have been smaller companies are motivated to gear up to kind of take on the big boys, like in the area of HA. Now we see Maximum Availability's [12] *noMAX popping up, and Bug Busters [13] has its solution out there too. If people don't want to pay the fees of the big players, they can go with these lower-priced offerings. The same thing is true on the security side.
System iNEWS: What is the biggest challenge facing IBM i shops in the security area?
Riehl: The biggest problem I see is the edicts that they receive from their external auditors that come in to do SOX audits, mostly. The auditors are coming from a nontechnical background and are working off of a checklist, as I talk about in my security audit checklist article [14] appearing in the October System iNEWS. Many times, IT folks are under the gun to provide information or make certain changes to their system that really have little or no value from the standpoint of actually securing the system. Now, there are some places where the auditors are right on. I see a lot of my customers now being challenged to track and audit traffic through ODBC. It surprises me that the auditors don't ask for the same info or controls on DDM, DRDA, FTP, or remote command.
The other big problem that these shops have is when it comes to security, they do not have a dedicated resource. Especially with this economy, it's difficult to justify a full-time security resource. Companies will invest in Windows people to keep their network secure, but at the same time, the family jewels are sitting on their i, and they have not stepped up to have a dedicated resource for security on that platform.
System iNEWS: What's the status of Single Sign-On these days?
Riehl: At one point in time, there were one or two software companies that were providing assistance with SSO between Windows and the i. IBM's implementation uses Kerberos and EIM as the underlying technology to implement SSO. SSO works; it's not really difficult to set up. I don't know why more companies don't use it, because it would certainly save time at the help desk for people who forget their user ID and password.
System iNEWS: What's up with PCI?
Riehl: I'm seeing a lot of action with people needing to be PCI compliant—people who in the past didn't think they would need to be compliant are now being told by the PCI that they do need to be PCI compliant. And the PCI Data Security Standard is pretty well documented at the PCI website [15]. With PCI, we're seeing a lot of need for data encryption, so there is a lot of encryption software being sold to meet the PCI requirements.
—Linda Harty, Executive Editor
IBM has teamed up with Metropolitan Community College (MCC) in Omaha, Nebraska, to develop a first-of-its-kind green data center management degree [16] using IBM hardware, software, and online skills training resources. IBM says the two-year associate's degree includes courses to help students gain technical and business skills to prepare them for careers in the design and management of energy efficient data centers—including IBM i.
As part of the new MCC degree, IBM says students have the opportunity to learn virtualization and server consolidation, energy efficiency, business resiliency, and security and compliance skills through a new, real-world enterprise data center on campus that's centered on Power Systems servers running AIX, IBM i, and Linux. MCC developed the curriculum with the IBM Academic Initiative [17].
"We're seeing a dramatic increase in demand here in Nebraska for specialists who understand how to help companies reduce the costs associated with running an energy-intensive data center," says Tom Pensabene, dean of Information Technology for MCC. "Now, our students are getting exposure to leading edge IBM technologies, increasing their chances of being hired for jobs in this growing area."
MCC has often ranked in the top 20 community colleges nationwide for number of IT graduates, and the college's computer classes are the mainstay of its offerings. One reason for their success, IBM notes, is that Omaha is one of only a few U.S. cities that sits at the intersection of both east-west and north-south fiber optic networks, which attracts communications and information services companies, which in turn generates demand for IT data center jobs.
Students can enroll in the new "Associate Degree in Information Technology—Data Center Management" degree and take 36 credit hours of courses including:
Hardware, Disaster Recovery, & Troubleshooting—Designed to teach students how to identify and follow best practices when working with hardware components and systems found in an enterprise environment. Focus is on the hardware and software used to create a fault-tolerant, redundant configuration that meets the requirements of a company's Disaster Recovery (DRP) or Business Continuity Plan (BCP).
Introduction to Data Center Management—The student learns about data center design, support, management, and maintenance while working in a server environment. Topics also include daily operations of a data center, such as monitoring power requirements and safety regulations.
Virtualization, Remote Access, & Monitoring—Introduces students to both hardware and software methods used to implement virtualization and the server specifications required to implement it. Multiple vendor solutions are explored.
Data Center Racks & Cabling—Introduces students to the basics of rack and cabling infrastructure in a data center. Topics include cabling installation practices, management strategies, maintenance practices, and certification.
Building a Secure Environment—Students explore methods to mitigate vulnerabilities of Internet/Intranet applications while maintaining web servers and workstations based on installation. Discussion centers on best practices and a variety of methods to build, test, and defend all computers in the enterprise environment.
Applied Data Center Management—Students define project requirements, researches issues, and designs a data center project that meets the goals. Projects include all aspects of the Data Center such as facilities, infrastructure, servers and security.
Networking Security—Provides students with the knowledge of network security and the skills necessary to install, configure, manage, monitor, and troubleshoot security services/servers on multiple platforms in an enterprise environment. Security areas include DNS, Web servers, Encryption, IPSec, PKS, VPNs, and Network Address Translation (NAT).
Data Center Internship—Provides students with the opportunity to apply his/her knowledge, learn new techniques, and get hands-on experience managing a data center. Students work in the Information Technology Data Center on campus and access the data center remotely.
MCC's data center is funded through a three year $1.8 million grant that MCC received from the U.S. Department of Labor with the goal of increasing the number of students in IT education.
—Chris Maxcer, News Editor
In IBM's Q209 conference call with Wall Street analysts and investors, Mark Loughridge, IBM senior vice president and chief financial officer, led with the prettiest numbers: In the second quarter of 2009, IBM delivered $2.32 of earnings per share, up 18 percent year to year. IBM generated more than $4 billion of cash from operations, ended the quarter with $12.5 billion in the bank, and returned $2.4 billion to shareholders with $700 million in dividends and $1.7 billion of share repurchases. IBM expected to generate at least $9.70 of earnings per share, up 50 cents from the company's previous estimates. "This is the result of the strategic transformation of our business," Loughridge said.
To nutshell IBM's major efforts, the company is working to provide high margin services and software through a nimble globalized workforce. "Margins are fueling our profit growth," Loughridge noted. "This quarter, our strategic outsourcing signings were up 38 percent at constant currency, and our key branded middleware revenue, now 58 percent of software, grew 5 percent at constant currency."
IBM's TransformationLoughridge framed much of the conference call with explanations of IBM's transformation to a company with a high-value, high-margin focus.
"If you go back to the 90s, our gross margin was declining, with increasing pressure from commoditizing products. This was a massive headwind for us, which impacted our ability to reinvest in the business," he explained.
"From 2000 to 2008, the profit from software and services combined almost doubled," Loughridge noted. "In 2009, we're continuing to drive solid profit growth in software and services. In fact, we expect both software and services PTI to grow double-digits this year."
Services and Software Segments"Our combined services business did a tremendous job driving profitability and margin expansion this quarter. In what continues to be a challenging economic environment, total pre-tax profit was up 23 percent on revenue that was down 12 percent as reported and 4 percent at constant currency," Loughridge reported.
While IBM's software revenue was down 7 percent year to year on revenue of $5.3 billion for the quarter, the apparent dip was hardly bad. Loughridge reported that WebSphere products grew 8 percent, Lotus software declined 14 percent, and Rational dipped 2 percent.
Big Declines for HardwareSystems & Technology revenue of $3.9 billion was down 26 percent year to year, which was 22 percent at constant currency. "We believe this performance is in line with the industry," Loughridge said, noting that IBM gained some market share over its competitors, particularly in the converged System p brand.
"We gained share in the UNIX market for the fifth consecutive quarter. Share gains have been the most pronounced in the midrange and high end of our product line, where our success in driving consolidation and virtualization has delivered proven results," Loughridge said. IBM said it displaced well over a 100 Unix competitors in the quarter and more than doubled the number of Sun takeouts from the first quarter.
Still, converged System p declined 13 percent year to year, but gross profit margin improved 2 points year to year "through solid cost management" Loughridge said.
System x revenue declined 22 percent and IBM's storage products declined 20 percent, but x gained a bit of market share and and storage held market share, respectively. System z revenue declined 39 percent year to year—but that's compared to stellar performance from 2008. Blades were down 6 percent year to year.
Loughridge did say that IBM expects to improve revenue performance in the Systems & Technology Group starting in the third quarter—and deliver year to year profit growth in the fourth quarter.
—Chris Maxcer, News Editor
IBM reported that analyst firm Gartner has ranked IBM as the worldwide leader in the application development software space, while Evans Data Corp. found that app dev users were most pleased with IBM in its "Users' Choice: 2009 Software Development Platform" survey.
More specifically, Gartner named IBM the worldwide market share leader in application development based on total software revenue in 2008. This is the eighth consecutive year that IBM continues to lead in this space, IBM says. According to the independent Gartner report, IBM leads the industry with 27.1 percent share in 2008, growing 7.9 percent as compared to the overall segment's growth of 4 percent. Gartner reports the total worldwide market for application development in 2008 was $7.3 billion.
IBM Rational tools also achieved "top honors" in the annual Evans Data Corp. Software Development Platform User Satisfaction survey, IBM reports. Rational was ranked higher than development tool offerings from several competitors, including Microsoft, Oracle, and Sun. The survey was conducted last spring and polled 1,200 worldwide developers. For the first time in four years, Evans Data Corp. expanded the scope of its user satisfaction survey beyond an Integrated Development Environment (IDE) study to instead rate a broader array of development tools, IBM says.
—Chris Maxcer, News Editor
IBM has released its new free EGL Community Edition, which is an Eclipse-based tool that simplifies development of JavaScript-based web applications. Basically, developers who traditionally code in PHP, Ruby on Rails, Groovy, JavaScript, and HTML can now download free EGL tools to code, test, and debug rich Web 2.0 applications in one simplified language.
JavaScript development can be complex, but is the core of all dynamic web applications being built today.
EGL CE supports development of rich, JavaScript-based user interfaces without writing any JavaScript, and Java-based services without writing any Java code. IBM says this lets developers to create complex Web applications that users demand without coding in multiple different languages and patching pieces together for the end product. Plus, EGL CE gives developers the ability to test and debug applications without deploying to a server.
EGL CE is now available for download [18] at no cost.
—Chris Maxcer, News Editor
IDC has ranked [19] IBM as the top worldwide IT consulting vendor in terms of revenue, IBM boasts. The ranking covers 10 consulting vendors for the year 2008, and this is the second consecutive year that IBM has ranked first in this category.
In addition to the traditional IT consulting offerings such as IT performance analysis, governance and SOA, IBM says it's offering a variety of more non-traditional IT solutions in emerging areas such as Software as a Service (SaaS) and cloud computing.
—Chris Maxcer, News Editor
Links:
[1] http://systeminetwork.com/author/system-inews-staff
[2] http://blogs.systeminetwork.com/isnblogs/industrybits/2009/09/security_sage_dan_riehl_busts_1.html
[3] http://www.helpsystems.com/
[4] http://400school.com/
[5] http://securemyi.com/
[6] http://www.cilasoft.com/qjrn400/en/index.asp
[7] http://www.powertech.com/
[8] http://www.patownsend.com/
[9] http://www.skyviewpartners.com/
[10] http://www.audaxgroup.com/
[11] http://www.bytware.com
[12] http://www.maximumavailability.com/
[13] http://www.bugbusters.net/
[14] http://systeminetwork.com/article/security-checklist-your-ibm-i-compliance-audits
[15] https://www.pcisecuritystandards.org/
[16] http://staffshare.mccneb.edu/mccadc/
[17] http://www.ibm.com/academicinitiative
[18] http://www.ibm.com/software/rational/cafe/community/egl/ce
[19] http://www.idc.com/getdoc.jsp?containerId=219254