Indian tech tries to retain top workers

At a time when most IT companies are reducing employee numbers to cut costs, tech majors such as Wipro, TCS and Infosys are rechanellizing their manpower. Sabbaticals are more common and people on the bench are being asked to undergo longer and more rigorous training programs.

Wipro has asked some of its non-billable and skilled employees to move to subsidiary Wipro Infotech on the same pay package as earlier; but they will continue to be on the payrolls of Wipro Technologies.

"These are not under performers, but talented people we don't want to lose. The move to Infotech is currently for a year, and this will give them a chance to be productive," said Pratik Kumar, Wipro executive vice president of human resources. This will also help the company in sustaining high utilization rates.

The other option given to employees, who have been on the bench for over six months, is a special program which allows them to come to work for 10 days a month, at half their salary. "This allows them to take up certification programs, work on innovation projects and help in creating question banks for domain specific internal tests," said Kumar. "Once we see an opening for them on a project, we will transfer them immediately."

TCS has also put its benched employees on high-end training programs in areas such as enterprise resource planning, business intelligence and analytics. "We are building a larger skill set as we would like to be ready when the demand picks up," said a TCS spokesperson. The IT company has also invited its employees to write research papers on technology that can be used by the company.

Reducing employee numbers for saving costs is a short-term solution, said Nandita Gurjar, head of global HR at Infosys. "When demand picks up, we'll be hiring skill pools at a higher cost; there will also be the cost of extra training. Weed out non-performers, but retain talent even if they are not being utilized currently."

While Infosys has said that 50 employees, at any given point of time, can take a year off and work for an NGO at half their salaries, its peer Wipro has introduced project rejuvenate where employees, across all levels, can take a year-long sabbatical and pursue their hobbies.

This is not restricted to those on the bench, but also for those working on projects. Even though these people are asked to take a pay cut, it does not matter.

"As long as you get to keep your job and do fun things to de-stress, a pay cut doesn't matter," said a Wipro employee.
READ MORE - Indian tech tries to retain top workers

Asian firms get help on innovation

SINGAPORE--Accenture has opened a center designed to help clients in the region develop innovative strategies, focused on maximizing opportunities and minimizing risks in the rapidly-changing economic and business environment.

Consulting teams at the Accenture Management Consulting Innovation Center, officially launched Thursday, will work with clients to develop and align their business strategies in areas such as operational excellence, cost management and sustainability.

Mark Foster, Accenture's group chief executive of management consulting and integrated markets, said in a statement: "With businesses facing issues more challenging than ever, those who regularly review, refine and adopt their strategies to respond to market trends will come out of the current economic climate better positioned for the future. Our innovation center is designed to help clients adopt strategies that will ensure that success."
Accenture said the facility will also be a resource center to help clients identify and enter new markets, increase revenues in existing markets and deliver products and services more effectively and efficiently.
The IT services consulting firm will also provide case studies, diagnostic tools, simulation scenarios and hands-on demonstrations of best practices at its center.
Teo Lay Lim, Accenture's country managing director for Singapore, said: "As we help organizations navigate the new business landscape that is unique to Asia-Pacific, the center draws on Accenture's global intellectual property and insights from the region and around the world, and combines that with innovation and technology to help drive business results."
READ MORE - Asian firms get help on innovation

IT security spared from budget cuts

KUALA LUMPUR--Despite the economic headwinds buffeting the Asian region, organizations are not cutting their budgets for information security--at least, for now.

Aran Buckley, Standard Chartered Bank's global head of information security, said the bleak economic landscape has not affected the bank's IT security operations.

"So far, there is no direct impact on my program of [information security] activities, compared to how I would have planned it six or 12 months ago," Buckley said during a panel discussion at the 3rd Annual SecurAsia congress here Wednesday.

The country's national carrier Malaysia Airlines, has also resisted any plans to reduce its budget for information security projects--despite the fact that the airline industry has been badly hit by the global financial crisis, acknowledged Abdul Rahman Mohamed, its head of IT, strategy and governance.

The current mantra for companies is to reduce cost and save money, but Abdul Rahman noted that Malaysia Airlines will not compromise on security. In fact, the first two IT projects endorsed this year by the airline's management committee were specifically to address security, he said.

"Whether there is a financial crisis or not, we should not be compromising on our security solutions," said Abdul Rahman, who was also a participant in the panel discussion. "The committee took just five minutes to approve the first security project." However, he added, the airline was focused on identifying the "best value" in security products.

According to Buckley, IT security vendors have to brace for more rigorous scrutiny by businesses before contracts are awarded.

He noted that companies are now conducting more rigorous evaluation process, and added that the spending cycle for IT projects have been considerably stretched. "The days of the short spend cycle are gone," he said.
Jonathan Shea, CEO of Hong Kong Internet Registration, said companies planning to implement an Internet security framework must be prepared to spend more time and incur added cost.
For example, he said, its annual security audit and security monitoring exercise is a major IT cost for Hong Kong Internet Registration, a non-profit body responsible for the administration of ".hk" domain names.
"There is no free lunch, you have to spend more money for security," Shea said during the discussion. He revealed that when he sat down with the company's chairman recently to finalize the company's budget, they "cut nearly everything, except the IT budget".

Lam Chee Keong, a partner with local ICT products and services provider Heitech Padu, said interest in IT security was still "very much alive and kicking", even though customers were now more cost-conscious and prudent with their IT budgets.

Customers remain focused on security and recognize the implication of not spending on security, Lam said, citing a Forrester Research survey that revealed companies still spent an average of 12 percent of their IT budgets on security.

Referring to his customers, Lam noted: "Now they ask more questions and seek more information about the features, capabilities and performance of various security solutions in the market before making their decision."
READ MORE - IT security spared from budget cuts

User community growing influence on business

Businesses that depend heavily on social networks and user communities will need to deal with data privacy policies more carefully than their peers, experts say.

Facebook, for instance, last month bowed to user complaints and backtracked on its decision to modify the company's data privacy policy.

we're amid a shift that's happening online. Communities surrounding brands and products are becoming, and increasingly, larger part of a company's identity.
Jeff Roberto, Friendster
It reverted back to its previous Terms Of Service despite having explained that the amendment was necessary to provide the site the license to allow its users to share content.

Legally, Facebook has the right to change its terms of service policy, said Bryan Tan, director of Singapore-based law firm Keystone Law. But, whether it has sound business reasons to do so can only be determined by the company itself, Tan said in an e-mail interview.

"Maybe there is a reason that we [or the public] don't know about," he said. "Business cause has to be balanced with the stated aims. For social networking sites, they are beginning to figure out that the user community is important."

What is becoming clear, too, is that as social networking and Web 2.0 technologies grow in importance as a business strategy, so will the influence of user community and its impact on how businesses establish policies.
Tan noted that this trend will also affect the way organizations handle copyright and allow access to user data, for example, by governments.

Businesses with a strong focus on user communities must look more carefully at data privacy policies and adapt to changing user needs.

Friendster, for instance, tweaks its strategy and policies according to what its users deem "acceptable". One of the first Internet social networks to be formed, Friendster was launched in 2003 and currently has over 100 million members worldwide.

Jeff Roberto, the company's marketing and PR director, told ZDNet Asia in an e-mail interview: "As our industry grows and matures, we're learning a lot about how people utilize social media, and what is acceptable and unacceptable from communities on each site."
Keeping a close check on user policies is necessary for all social media sites, Roberto added, particularly where a lot of personal data and user-generated content are shared with people on the network.
"It is imperative that social media sites understand their users, and specifically, how they're using their site to share content," he explained. For example, Friendster observed a few years back that its users were keen to allow some people on the network, and not necessarily everyone in their contact list, to view their photos. The company then built a feature to enable users to give specific users permission to access private photos, allowing them to share content at their own discretion, he said.
As enterprises introduce user-driven features and build communities within and around their business strategy, they will have to adjust their privacy policies to environments in which customers are active participants, and not just consumers of content.
Roberto noted: "Companies should be aware that we're amid a shift that's happening online. Communities surrounding brands and products are becoming, and increasingly, larger part of a company's identity."
Tan advised companies looking to integrate social networking and other Web 2.0 tools into their business strategies to know their users well.
"Decide how you want to balance privacy policies," he said, adding that these policies should be written in a clear, simple language that can be easily understood.
Roberto noted: "The key to establishing user-acceptable privacy policies starts with understanding your users and your community. It's important for businesses today to work with customers to embrace a policy that fosters great community and encourages participation around the product or the service."
In fact, the community companies build around their products and services is not only part of their brand identity, it is also an important part of these companies' "voice" online and offline, he said. Hence, businesses can and should harness the potential of these user communities to build positive "word of mouth" marketing campaigns, he added.
READ MORE - User community growing influence on business

Microsoft hit with patent suit over update tech

Microsoft is facing another patent infringement suit, this time over the technology it uses to automatically update Windows, Office, and other programs.

In a lawsuit filed March 20, BackWeb Technologies charges that Microsoft's Background Intelligent Transfer Service (BITS), as well as Windows Update and other products, infringe four of BackWeb's patents.

BackWeb, which is based in Israel and has U.S. offices in San Jose, Calif., filed the complaint in U.S. District Court in San Francisco.

BackWeb seeks, among other things, an injunction against Microsoft, a declaration that BackWeb's patents are valid, and monetary damages.

A Microsoft representative said the company has yet to be served with court papers, so it would be "premature" to comment.

BackWeb was an early leader in the technology for "pushing" data onto a computer.

The full lawsuit is posted as a PDF file on BackWeb's site.
READ MORE - Microsoft hit with patent suit over update tech

Cybersecurity review is putting emphasis on privacy

As the National Security Council works on its comprehensive review of federal cybersecurity programs for President Obama, it is going to great lengths to consider privacy and civil liberty issues, some Congress members said Thursday.

The House Cybersecurity Caucus on Thursday met with Melissa Hathaway, the acting senior director for cyberspace for the National Security and Homeland Security Councils, who is conducting for the administration a 60-day cybersecurity review.

Rep. James Langevin, co-chair of the House Cybersecurity Caucus, said Hathaway has been meeting with privacy and civil liberties groups to receive their input on how to reform cybersecurity.

Those issues are "a forethought rather than an afterthought," he said. "Because these are such powerful tools (to grant federal authorities to regulate cyberspace), we're going to have to have the buy-in of the public and have their support."

While the Senate is working on its own plan for White House-run cybersecurity efforts, Langevin said Hathaway's assessment may ultimately suggest a strategy with a stronger emphasis on inter-agency efforts.

Langevin said it is still unclear whether Hathaway will recommend that a new office for cybersecurity should be created within the Executive Office of the President--a move some senators are pushing for. Certainly, though, policy will have to come from the White House.

"This is going to have to be an ongoing strategy of collaboration and cooperation directed out of the White House," Langevin said. "But there won't be one king, so to speak, at the end of the day. The chief information officers at the departments and agencies are still going to have a role to play."

He said a White House-coordinated cybersecurity strategy may resemble the federal government's current counter-proliferation efforts. He also said Hathaway may recommend increasing staffing at the Office of Management and Budget in order to increase its oversight role of cybersecurity efforts.

Hathaway will also address at the end of her review what the federal government can expect from the private sector, which controls the majority of network infrastructure. The final review may recommend a combination of regulations and incentives to create a stronger public-private partnership, caucus members said.

Langevin said the House Cybersecurity Caucus is working hard to coordinate bipartisan support for a cybersecurity strategy.

"I believe that a cyber 9-11 is a very realistic possibility, and it's something that keeps me up at night," he said. "We're working hard to keep that from happening."
READ MORE - Cybersecurity review is putting emphasis on privacy

Report: Rogue antivirus software pays off for scammers

Online scammers are making a lucrative business out of redirecting visitors from legitimate Web sites to sites that try install rogue antivirus software, according to a report due to be released by security firm Finjan on Monday.

Finjan's Malicious Code Research Center came across a traffic management server in Ukraine used by underground online scammers to keep track of how many redirects their rogue antivirus sites get from legitimate sites that have been compromised.

Typically, rogue antivirus software displays a message saying that the PC is infected and offering antivirus software for sale. In a successful attack, the scammers end up with the victim's credit card information and don't bother to install any legitimate software.

Members of the "affiliate network" who compromise legitimate Web sites get US$0.096 for each successful re-direct, Finjan said in its latest Cybercrime Intelligence Report. There were 1.8 million unique users redirected to the rogue antivirus software during 16 consecutive days Finjan was monitoring the network, or about US$10,800 for each day, the researchers calculated.

Finjan also discovered that between 7 percent and 12 percent of people end up installing the rogue antivirus software and 1.79 percent of them paid US$50 for it.

Finjan researchers said they weren't certain how the legitimate Web sites were compromised. Once the sites were compromised, the scammers made heavy use of search engine optimization techniques to get those sites ranked high in search results by dynamically generating search keywords with typos and popular terms that people might use, Finjan said.

Lured by the high ranking on search engines, visitors end up on the compromised sites and are immediately redirected to pages that try to install rogue antivirus software on their computers.
READ MORE - Report: Rogue antivirus software pays off for scammers

Gartner: Outsourcing prices to fall 10 percent

The outsourcing market faces up to two years of falling prices, according to analyst firm Gartner.

Prices in all areas of IT services will fall by between 5 percent and 20 percent, Gartner forecasts, with an average fall of 10 percent in the coming year because of the uncertain economic climate and IT budget constraints.

"This fall in prices will occur due to increasing competition in the market between traditional and new providers, as more providers compete aggressively to keep revenue growth on target," Claudio Da Rold, an analyst at Gartner, said in a statement on Monday.
Regardless of the relative strength of outsourcing during a recession, many companies are reporting intense discussions with their vendors, according to Da Rold. "[This includes] renegotiation of contracts for terms and conditions, service-level agreements, fees, volumes and low-cost offshore delivery locations," he said.
Gartner expects a price fall in data center services of between 5 percent and 15 percent. Prices in desktop and helpdesk services will decline by between 5 percent and 10 percent, but the fall in network services prices will be bigger, at between 10 percent and 15 percent. Charges for application hosting services, until now one of the fastest-growing areas, will drop between 10 percent and 20 percent, the analyst firm said.
India has been one of the most popular areas for outsourcing operations, but Da Rold believes the country will be hard hit by the price falls. Indian offshore providers "have been coming under significant pressure for pricing reductions due to the Mumbai terrorist attack, the scandal at Satyam, rupee exchange-rate fluctuations, and continued wage inflation and attrition levels", Da Rold said.
Gartner advises businesses not to try and negotiate for the lowest price on new outsourcing contacts, because: "It will not make providers safer, deliver good services or promote a positive relationship".
READ MORE - Gartner: Outsourcing prices to fall 10 percent

Define Projects Without Pain

Optimal Trace 5.0:
Projects live or die with requirements, but Optimal Trace tosses them a lifeline.

  By Peter Varhol

Every successful IT project begins with requirements. You don't embark on building and implementing a new system or software package without a defined business need. Without written and measurable requirements, it wouldn't be possible to know if a particular project met its objectives. Furthermore, requirements typically exist in the minds of the end users, and they relate to the business problems to be solved, rather than the systems and software needed to solve them.
Optimal Trace 5.0
Installation 20%
Ease of Use 20%
Features 20%
Administration 20%
Documention 20%
Overall Rating:
1: Virtually inoperable or nonexistent
5: Average, performs adequately
10: Exceptional

Mission Accomplished
A software application for requirements has two primary missions. First, it makes it easy to aggregate and organize requirements. The image of the business need must be clear and unambiguous. Second, it makes it possible to refer to the requirements during both project execution and testing. In particular, project results must be tested against requirements rather than the project implementation, as the implementation may not be a reflection of user needs.
Compuware Optimal Trace does a top-notch job at both missions. While in its appearance and function it supports a traditional approach to requirements management, its features and elegant user interface push that approach to the limit. The result is a software tool that's both easy to learn and surprisingly powerful once it's put to use.
For full disclosure: I worked at Compuware from 1999 to 2004; Optimal Trace was acquired by the company after I departed.

Define, Organize and Test
Optimal Trace excels at the definition and organization of project requirements. In particular, it lets business analysts and project planners visualize the relationship between requirements in a number of ways. You can construct requirements hierarchically, and you can diagram other types of relationships among individual requirements.
Project testers will also like Optimal Trace for its automated test-case generation. Furthermore, it provides traceability from individual requirements into the test cases, so that testers can easily document which tests cover which requirements. It also enables them to ensure full test coverage for both functional and non-functional requirements.
The product also supports teamwork. It uses a single repository for storing and managing all project artifacts, and lets users -- whether they're business analysts, testers or project planners -- all work together while managing versioning and conflicting changes. You can store part or all of the repository locally while disconnected from the network.
Figure 1
[Click on image for larger view.]
Figure 1. Optimal Trace lets you visualize relationships between requirements for better understanding.
Choose Your Edition
Optimal Trace comes in two editions. The Enterprise Edition provides collaboration for multiple users and teams, while the Professional Edition is for individual users to capture and manage requirements. The version you'll want depends to a large extent on the scope and frequency of your projects. If project work is occasional and the IT teams and end users already have close contact with each other, a few copies of the Professional Edition will probably suffice. If your teams are large and dispersed, and end users and business analysts aren't well integrated into the requirements-gathering process, then the Enterprise Edition may be a better choice.
Requirements creation and tracking tools such as Optimal Trace are used by many people in the project process: end users, system and software builders, project managers and testers. I've seen a number of such products, and Optimal Trace does the things you need to do with requirements as well as any of them.
A Balanced Approach
My only hesitation is that there's an emerging trend in requirements management toward a more multimedia approach, incorporating screen shots, user stories and video as part of the description of a business problem. That approach is a compelling way of accomplishing a task that's rarely done well in practice.
Optimal Trace doesn't work with these types of media particularly well, making it more difficult to adapt to more innovative ways of defining a project. However, these approaches also tend to be more difficult to apply in actual project work.
Overall, Compuware's Optimal Trace may offer the most balanced approach between traditional requirements definition and innovating lifecycle requirements management.
READ MORE - Define Projects Without Pain

IE 8 Pulled Out of the Fire

Plus, 'Vista Compatible' plaintiffs get hit again, Mimosa takes on SharePoint, and more.

by Doug Barney

I've been getting mail from dozens of IE 8 beta and release candidate users and the reports aren't good. The pre-release software was flakier than French pastry. So I asked you all to report how well the finished product performs. Somehow, Microsoft pulled off a massive turnaround. This puppy is fast, stable and compatible. This probably isn't enough to sway Firefox and Chrome fans, but for IE shops it looks like a nice step forward. With IE 8 looking solid and Windows 7 on the way, Microsoft is looking at a major desktop redemption. Tell me where I'm wrong at

'Vista Compatible' Ruled a Loose Term
PC buyers upset that Vista either didn't function or barely worked on new low-end machines have failed for the second time to get any kind of recompense. The first wallop of bad news is when the class-action status of a suit claiming damages because Vista wasn't as compatible as the logos said was tossed out.

Now, I'm no fan of most class-action actions because each plaintiff usually pockets pennies while the lawyers walk away with millions. But in this case, a class action is the only option. If each plaintiff only suffered tens or hundreds of dollars in damages, it's hard to pay for a lawyer good enough to take on Microsoft.

Even without class-action status, the suit dragged on -- only to encounter another setback when the same judge, Marsha Pechman (likely an XP user) denied a proposed summary judgment that would've declared the proposed Vista requirements deceptive.

The ever-weakening lawsuit continues, but with this judge's attitude Microsoft may as well pop the champagne corks now!

Mimosa Not Just for Breakfast Anymore

Mimosa Systems made its name in Exchange archiving. Now the California-based company is setting its sights on SharePoint, a tool that's creating its own growing third-party market.

Mimosa NearPoint for Office SharePoint Server doesn't just archive SharePoint documents, Mimosa executives argue, but does so in a way that saves on storage and energy costs. That's because an optical archive uses less power than a hard drive that whirrs more than a hippy at a Phish concert. Users of NearPoint for Exchange can use the same management console, so in a sense the SharePoint is just an add-on to what you've already got.

Are you using SharePoint? If so, how? And are you using any third-party tools? Experiences welcome at
READ MORE - IE 8 Pulled Out of the Fire

HP India Launches ‘HP Software University’ In partnership With IIHT

HP India Launches ‘HP Software University’ In partnership With IIHT In partnership with the Indian Institute of Hardware Technology (IIHT), Hewlett-Packard (HP) has launched ‘HP Software University’ (HPSU) on Thursday.The first of its kind program in the non-enterprise training space will concentrate on the increasing demand of software testing experts in the country.

Moreover, the pupils will also receive certified training on HP Software and a curriculum path surrounding different testing software from HP including Quick Test professional and LoadRunner.

Certified professionals would also have access to unique HP Software online resources offering up the newest in software news, product information, job openings and much more.

Mr. Keshava Raju, CEO, the Indian Institute of Hardware Technology, said, “Keeping in mind the tremendous market for soft­ware testing tools, we have partnered with HP. With this program, our graduates will be equipped with unique skills that will benefit and make them more marketable.”

“We want to expose our students to products and technologies used by leading corporations in the real world,” he added.

Neelam Dhawan, Managing Director, HP India, said, “HP Software University is aimed at providing students a competitive edge in the software testing industry. With HPSU, students and professionals will have access to numerous opportunities in the technology industry.”

The University will also provide students as well as experts the chance to attend an official and accredited training on HP Software testing tools.

At first, the university will be launched in Mumbai, Delhi, Pune, Kolkata, Hyderabad, Noida, Chennai and Bangalore.

The company also has plans to add more cities by the next few months.
READ MORE - HP India Launches ‘HP Software University’ In partnership With IIHT

Lessons in unemployment from the dot com bust

Crossloop co-founder Mrinal Desai shares his story of a long stint he spent being unemployed after the dot com bust earlier this decade, in hopes that it might help a few of the many high-quality technology professionals searching for work right now.

When Desai’s high-paying gig at Silicon Graphics (SGI) dried up, he was forced to move, work odd jobs (like stringing Christmas lights), take contract work, and set up a makeshift office at Starbucks. He ultimately dug his way out by doing some creative professional networking that led to learning opportunities and, eventually, job opportunities.

Listen to Mrinal’s story in this edition of the Tech Sanity Check podcast, or read the transcript below. As he mentions in the interview, you can find Mrinal on Twitter and Linkedin, as well as on his personal blog.
Four ways to listen to this podcast:
  1. You can click Play directly from this page (if you have Flash installed)
Q: We’re going to talk about your experience being unemployed and some of the pretty useful stuff you got out of it during the big tech downturn in the early part of this decade. So let’s start with you explaining why you literally called yourself, “CEO, Vocationally Challenged, Inc.” after the dot com bust.
Desai: One big part of a phase like this, as one goes through it, is to maintain your sense of humor. So, to me, it was making the point that I want to enjoy my journey as much as the destination, if [I] get there. So using something that subtly attracted people in a conversation, or would be like “What does that mean?” I never shied at telling people that I was unemployed, but bring humor in allowed me to have a conversation with people.
And it was the best thing that happened to me. I’m personally very proud of it. Many people told to me, “Why are you always telling people that you’re unemployed. It’s not usually something people talk about.” For me it was one of the best things that happened to me, not only in hindsight but when I was going through it. You know, even in my Linkedin profile (where I used to work) I pretty much only described my experience in employment in-depth. Everything else was just where I was and for how long.
Q: When was it that you actually lost your job or became unemployed?
Desai: I came from India in ‘99 in the boom time. I was fresh off the boat. I used to manage SGI, Silicon Graphics, the largest Asia-Pacific account in India. So I was pretty confident that if I come for business school, do my MBA, I was at least going to potentially get a job at SGI. I was in Monterrey [California] and the school was in Monterrey.
And, you know, man proposes God disposes, at that time. When I finished [business school] in 2001, not only was the economy totally tanking but SGI was also going down. So when I came out of school in 2001 there were no jobs. So I actually moved up to the Northwest to Portland, Oregon, where it was at least cheaper to live, compared to California. But it seems unemployment followed me because Oregon had the highest rate of unemployment at that time.
So I never actually got a chance to get a job. I did a lot of part-time stuff here and there, including stringing lights for Christmas in downtown Portland, which was a big win for me mentally because culturally I had not grown up to do that stuff and I had all my personal ego in my head, that “I have an MBA, I have an engineering degree from the best school in India, and I have worked for five years in one of the best companies in India, so why would I be stringing lights in downtown Portland.” So that was a huge win for me in terms of just overcoming myself mentally because I think a lot of people will relate to the psychological challenges one faces, especially in this phase of your life.”
Q: So you’re in Portland and going from job-to-job, what kind of stuff did you do that eventually moved you toward your next job, which was at Linkedin, right?
Desai: When I was looking for a job, one thing I was doing was networking off line, and I was actually spending a lot of my time at a local Starbucks, which was my “office.” And I would make sure that I didn’t sleep in or just hang out at home and be alone, so I would head out [in the morning] with my wife and go to Starbucks and sit there for four to five hours and read. So I started building relationships with a lot of other people who were regulars there.
And one of the other things that I did was I actually audited a class at Portland State University because I thought maybe a business professor could potentially introduce me to the business community in Portland because I was new to Portland. So I started building those relationships and actually the professor did introduce me to a marketing director at a flat panel display company called Planar, and he gave me some consulting gigs at Planar and [I] did some jobs there. Actually now he is the V.P. of marketing at E-Ink, which makes the display for the [Amazon] Kindle. So what I’m trying to bring out here is that it’s all about relationships, and maintaining them forever. It’s long term. It’s not for, “Can you get me a job? No? Okay, bye, bye.”
So I started networking and then I heard about Linkedin in 2003 and I said, “Wow, this might be a good compliment to what I’m doing offline.” And so I just started playing around with Linkedin and it actually worked for me. It didn’t get me a job through the contacts I made, but I met some amazing people through Linkedin. I’ve actually started blogging about it in my personal blog. I’m writing a series called, “I know what I did the last time I was unemployed.” And that’s all tips, because I want to share with people who are there potentially right now.
So I built these great relationships with people [back then] and I went to Linkedin in 2003 and Linkedin had about 40 thousand users at that time, and I said, “Look, I see the power in this tool and I want to work for you. And this is who I am offline, so this won’t be a [chore] for me.” Eventually, I went to work for them a year later in 2004, because when I [first] approached them they said, “We’re not hiring, we’re really small, but since you’re such an early user give us product feedback.” So one of the co-founders Konstantin Guericke suggested some product feedback.
I did that for about a year and built a long-term relationship with him and a year later, lo and behold, they raised another round of funding and they were interested in hiring someone for business development to launch their first revenue product. So I went in and joined Linkedin in ‘04 as the first business development guy.
Q: What are some of the ways to start if somebody’s just been unemployed and they want to build the right relationships?
Desai: I think the first key thing is to do some internal introspection and [figure out] what is it that you’re really, really passionate about. So, one of the things that I’m driven by in relationship-building is the voracious need to learn. I’m really, really hungry for knowledge. And I’m a business guy so I’m always looking for tech people to interact with so that they can mentor me. Or I’m looking for a teenager who can teach me about consumer services such as cell phones [for exmaple] because I may not be using it the way they are.
So indentifying things that interest you at a genuine level is really important because then you can reach out to people who are experts in that field. Once you do that, the other thing is there are tons of social networks now that can help. I definitely don’t believe that they are a replacement [for real world networking]. They are more of an enhancement for what you’re doing offline, because genuine relationships - at least if you’re talking about building those for years and years - do need the body language and the interaction.
So [a social network], by no means, replaces good relationships, but it enables you to reach out to people, just the way I was using Linkedin to reach out to people when I was unemployed, but then I went and met those people and I still know all those people I reached out to, because I made it a point to maintain those relationships, independent of getting a job or not. So the focus was always on the journey and not the destination.
One quote that I really believe in, especially when you’re looking for a job is, “I am NOT a business man. I AM a business, man.” So you are a business by yourself. You are a product. You have to sell yourself. You have to make sure you promote yourself at the right places. Just the way you would go to buy a laptop at Best Buy as a channel, you have to figure out where are your channels to reach out to your target customer, who is potentially the hiring managers at the target companies. I have put a lot of these tips on my personal blog, which is I’ve basically broken it down about how individuals can proceed in the [best] way to go about job hunting.
Q: When you’re doing this, it also becomes an opportunity for you to eventually help out someone else, right?
Desai: Absolutely. You never know, when you’re building relationships you just do it because you’re aligned on the values. And you don’t do it because you want something from the other person or you think you’re going to oblige someone else. You genuinely do it because you believe in the person. Life is short. You want to surround yourself with really nice people. I’ll talk to a homeless person at a coffee shop, and hang out with him. If I can help him out and he needs some time to talk to someone then I’m happy to talk. I’m not going to lose anything, and he’s not going to give me anything, and I’m not looking for his title or his net worth or anything. And I think that’s where a lot of people lose out in real relationship-building.
Q: Why did you join a dot com company like Linkedin in the wake of what had just been the dot com implosion? Was there any reluctance there, and if you had been employed by someone like SGI the whole time do you think you would have still made the jump to Linkedin?
Desai: Yes, and primarily because I had reached the stage, or I probably did when I was employed that … I left India because I wanted choices. I became an engineer, not by choice, but because that was the way things were done if you wanted a job in India. And my brother became a doctor. That’s a very classic product road map for kids in India, overall. And I came to the U.S. because I wanted choices and I wanted to do what really excited me and Linkedin to me was who I was as a person. Their tagline is “Relationships matter.”
So, to me, it was a no-brainer, even if they had no funding. I had played around with the product, I saw the power, and I saw the way it would enable a lot of people to do much better in life. So even if I had been at SGI I think it would have been a no-brainer for me, assuming I had found it and played around with the product. So, to me, being deeply ingrained in social media and social networking, even today, is not because it’s the hottest thing that’s happening right now. It is allowing me to do what I love doing: finding really nice people and building relationships forever.
Q: So you did well at Linkedin and were there during much of the early growth, but then you decided to leave Linkedin in 2006. You’ve said your experience being unemployed before going to Linkedin is one of the things that helped you take the risk and start the new venture where you’re at now. So tell us about that.
Desai: When you want to start a business, the worst case scenario is that you’re not going to have a job, potentially. You’re going to fall on your face if it doesn’t take off. And then you’re unemployed again. I had lived that for almost three long years, so I knew the worst case scenario. I knew how to be happy and manage life sharing a cup of coffee with my wife on a Friday night. So I didn’t need a lot to see what I was happy and satisfied with. So that was a big part.
I think that’s one of the biggest fears I think people have if they want to start a company. [They think], “What if this doesn’t work?” I was very comfortable with “failure” because when I got out of school I never even got a chance to do much. That was a big part of the motivation to take the leap.
The other part is that I have learned from my personal experiences that adversity brings the best out of me. It brings things out of me that I didn’t even know I could do. Even when I was coming to the U.S. [from] back in India in 1995, which was my first attempt to come to the U.S., and my application for a student visa was rejected. And I couldn’t even apply for two more years, but I stood fast in terms of my dream and I said, “Okay, I’m going to do my best that I have India, build up some good experience and my resume, and try again. I’m not going to give up.”
So then I tried again in ‘99 and made it. And then, of course, in 2001 the economy tanked and so again I had to fight. Doing a startup is similar. You’re in a chase and you have all these adversities you have to overcome. Somehow, it’s always the best thing - if you have the right attitude - to bring out things you didn’t know about yourself.
Q: I think one of the dynamics in life is crisis and victory, and sometimes you need a crisis to catapult you toward a victory. I think that’s part of the dynamic you’re talking about.
Desai: Yeah, it’s like you never want to let a crisis go to waste. It’s such an important time if you really want to grow.
READ MORE - Lessons in unemployment from the dot com bust

Job-related spam on the rise

Riding the coattails of the worsening global economy, spammers are employing various job and finance-related guises in hopes of exploiting users hunting for jobs.
According to Symantec's latest spam report, spammers are sending out e-mail messages posing as job agencies, in hopes of harvesting personal information from job seekers who have responded. Some are posing as government agencies promising news of economic stimulus grants as well, said the report.
Some of the e-mail containing malware have disguised the malicious attachments as job applications. When opened, the file triggers the Hacktool.Spammer virus, which exposes the user to a flood of spam.
Symantec advised users to pay close attention to file types, especially executable files.
With the economic downturn spreading globally, spam beating the recession drum has also been noticed in a variety of languages from English to Chinese, noted the report.
Late last year, Sophos reported a surge in spam carrying U.S. President-elect Barack Obama as a theme, moments after his acceptance speech.
Crimeware explodes
In a separate advisory, the Anti-Phishing Working Group (APWG) said Friday, the number of Web sites spreading crimeware reached an all-time high of 31,173 sites as at December 2008, representing an eightfold increase from January that year.
The APWG said the number of such sites "exploded at year's end", and attributed this to cybercriminals "investing deeply in automated systems to steal personal and enterprise data".
Furthermore, fake anti-malware programs have doubled in number, it said.
This is not a new tactic, according to Panda Labs' technical director, Luis Corrons. He said in the advisory: "Rogue anti-malware applications are not something new. They have been around for a few years, but it was not until mid-2008 when cybercriminals realized that this form of attack was a great way to obtain fresh money from users.”
The report also noted that the number of phishing attacks against payment services increased more than 34 percent toward the end of last year.
READ MORE - Job-related spam on the rise

Analysts: Acer-Gateway move puzzling

Acer's recent push into the business notebook segment in Europe through its Gateway brand, has drawn criticism from analysts based in Asia.

Bryan Ma, director of personal systems research at IDC Asia-Pacific, told ZDNet Asia in a phone interview that it was "not completely clear" why the move was taken, because regardless of the region, Gateway "is very much a consumer-centric brand".

Citing market figures, Ma noted that 85 percent of Gateway's shipments worldwide in 2008 were categorized as consumer. For Acer, 63 percent of global shipments belonged to this category. In contrast, only 24 percent of Lenovo's global shipments consisted of consumer PCs, while Hewlett-Packard had 44 percent.
"Our numbers suggest that Gateway tends to be very consumer-centric…Acer actually does have some penetration on the commercial side," he said, but relative to vendors such as Dell or Lenovo, Acer is still seen as a consumer brand.

Shaun Rein, managing director of China Market Research (CMR), also said Acer's push into the European market with Gateway "doesn't make sense". The company is simply "really poorly run", and it is not clear whether Acer's focus in the notebook segment is on style, lower price points, value in terms of functionalities, and what segment it is after, he explained.

"This is an example of a company that three or four years ago had a real good opportunity to [progress in the notebook space], and be a real value [proposition]--like Asus is now," said Rein. "But instead they kind of screwed up."
Another problem is that Acer amassed not just Gateway but also Packard Bell and eMachines through acquisitions over the last five years, with no clear direction of how it intends to work the brands to its advantage.
IDC's Ma said: "It's a very interesting situation--they've effectively got four brands that are all skewed toward the consumer space…four brands all lumped on one side of the spectrum.
"At the end of the day, they probably need to reposition some of those brands, especially if they are looking toward differentiating [each] and…more toward the commercial side," he noted.
In reality however, such a move may be a bit of an endeavor, Ma pointed out. "If they are spending money to rebuild these brand names it's just a question of how is that necessarily worth the investment it requires to build these brand names."
CMR's Rein added: "[Acer] spent too much time buying all these other brands, so they never really focused on brand building.
I'd throw out the Packard Bell [for instance], and focus on Acer and Gateway together but it costs a lot of money to do that," he said. "It's hard to push so many different brands--you are going to get confusion in the marketplace."
Lenovo, which bought over IBM's PC division in 2005, faced those issues and spent a lot of time trying to build both the ThinkPad and Lenovo lines over the last three years, he noted.
Milk consumer sales
Acer may do better focusing on the consumer market, as that's where the current PC growth is happening, said Rein.
"To sell to businesses, you need to spend a lot of money on building up the sales network and proving to businesses that you're going to be reliable on service and quality control," Rein pointed out. "And right now, Acer and Gateway just don't have that trust with businesses. According to him, corporate buyers would tap on HP, Dell or Lenovo's products.
And while Acer has "missed the boat" for tier 1 and 2 cities in China, Rein said there may be still pockets of opportunity in the third- and fourth-tier in the country. Within these cities, there are "a couple hundred million consumers who want to buy their first computer" and may be looking at foreign brands with competitive pricing. The spending outlook in these markets are also "more optimistic", he said.
After repeated attempts by ZDNet Asia to contact Acer's corporate office, a spokesperson declined comment in an e-mail.
READ MORE - Analysts: Acer-Gateway move puzzling

Seven benefits of virtual desktop infrastructure

With the ever increasing prices of upgrading desktop computers, virtualization of the desktop is becoming very appealing.

For IT administrators with a lot to deal with in today’s corporate infrastructure, here are some of the benefits of virtual desktop infrastructure (VDI):
  • Management: In a typical corporate infrastructure, you  manage desktops using remote software technology such as Altiris or some other push technology. It is really hard to manage hundreds of desktops as you are well aware if you administer desktops in your corporate infrastructure.
    Using technology such as VDI allows you to have central management of all your desktops and really control what is being installed and used on the desktops. Deployment of virtual desktops is lightning fast as opposed to using imaging technology such as Norton or other antiquated technologies. Would you like to manage 500 desktops all over the United States or Europe or manage them from one data center?
  • Security: Security is a key factor in rolling out VDI. With VDI, you have greater control of how you secure your desktop. You can lock down the image from external devices or prevent copying data from the image to your local machine; I'm a big fan of this feature of VDI. Remote users or road warriors also benefit as sensitive data is stored on the server in the data center and not the device. If the device is stolen, the information is protected.
  • OS migrations: Let's say you want to roll out Windows Vista  to a select few managers. Prior to VDI, you would have to look at their equipment and most likely upgrade hardware, memory, disk space, etc. With VDI, you can just push out a Windows Vista image from a central location to the group of managers.
  • VDI image: You can create a library of VDI images to meet all of your company needs. If your company is seasonal, you can have extra images to handle the increased employee traffic. If you use third-party vendors/contractors/consultants, you can use secure/encrypted locked down images to allow them to work in your environment.
  • Snapshot technology: With VDI, you have the ability  to roll back desktops to different states. This is a great feature, and it allows you to give a lot of flexibility to your end users.
  • Go green: A thin client VDI session will use less electricity than a desktop computer.  Using VDI is a way to reduce your carbon footprint on our planet and save your company money in power costs.
  • Independence: With VDI, who cares what device you use? A thin client, a PC, Apple, Linux, etc. As long as you can connect to your VDI with ICA or RDP, you are golden.
Steven S. Warren is a freelance writer with a passion for learning. He is the author of The VMware Workstation 5 Handbook and is a Microsoft MVP.
READ MORE - Seven benefits of virtual desktop infrastructure

iSCSI storage networks--full separation or not?

Today's tech landscape has a convergence of services ending up on the network. One that can be contentious is storage networks.

Managing storage networks for services like iSCSI is relatively new in network architectures. iSCSI storage systems have been very popular in the small and midsize business space, as their cost is generally low and the ease of setup is high.
Traditionally, for organizations that are large enough to have distinct groups responsible for servers, storage, and networking, full separation of networks for storage seems the natural way to go. But iSCSI is unique in that the storage protocol runs over TCP/IP and traditional switch gear.
iSCSI networks need to be free of unnecessary traffic to keep performance optimized--that is the easy part. But how do we go about implementing this from the network architecture perspective?
Here are a few approaches that can be taken:
Storage systems and clients only--This would be where the disk system and the clients are the only nodes connected to the iSCSI network. There are no IP routes out or into this configuration, so the risk is removed of traffic from sources other than the required nodes. This can create an island effect and make the management tools (disk system and network) a little difficult to access. Dedicated switching gear could also be implemented for this configuration.
Isolated with firewall rules for management--Depending on the storage system, some management tools may need to occur directly on the iSCSI network. If the iSCSI segment is fully isolated with the only traffic into the segment being destined to the management interfaces over the specified ports, which can protect it well and avoid contention to the data traffic.
Dedicated VLAN and fully routed--This configuration would assign a dedicated VLAN over existing network gear, and it would be routed as any other VLAN in the environment. This configuration would permit other traffic to potentially access the network, and it may increase the risk of latency.
iSCSI traffic shared on other networks--This would allow the storage protocol to share the same segments as regular server traffic over the same IP networks. This configuration allows the most risk of performance issues.
Of these four general configurations, my preference is for the first two configurations. There are other ways of architecting the IP part of iSCSI networks, such as using virtual machine consoles or dual-homed systems to administer the management nodes while isolating the segments. Please share your approach to how you build iSCSI networks.
READ MORE - iSCSI storage networks--full separation or not?

Easily manage software projects with Lighthouse

Need to get a handle on a software development project? Justin James suggests considering Artifact Software's Lighthouse product.

Artifact Software's Lighthouse is a comprehensive tool that makes it easier to manage software projects.
I recently had the chance to discuss Lighthouse with CEO Mark Wesker; I was also fortunate to get my hands on the product.
I have seen a number of products designed for use by developers, architects, and other technical people, but I have not seen a tool that makes it possible (let alone easy) for less technical people to get a handle on software development projects. Lighthouse is just that product, and I think it deserves serious consideration by IT pros trying to keep their projects in order.
Over the years, I've seen people use products in the Microsoft Office Suite (or other applications) to perform tasks that the software was never designed to do. One such task is managing software projects.
Sure, requirements documents can be written in Word, and it is possible to track bug reports in Excel. But I think most people involved in these projects need and want something more tailored to managing a development project, not balancing a budget.
Project managers employ Microsoft Project to track tasks and overall project status, but that is just one piece of the overall whole that needs to be addressed.
Lighthouse addresses this exact niche. It is not designed to replace the technical team's bug trackers or version control systems; nor is it meant to be a complex integration point between various tools. Instead, Lighthouse is a pragmatic system that you can easily customize to fit your needs, and it requires little effort to learn or use.
Lighthouse is a Web-based application. In some ways, Lighthouse reminds me of some of the more popular Web 2.0 style applications (in a good way) because users can tweak it to meet their needs.
All throughout the application, you'll see a link that says Customize This Page, which takes you to a system that allows you to add/edit fields to the various entities throughout Lighthouse (Figure A). It is quite easy to perform a search (or a "filter") and save it for future use. This means that it is possible to use filters as workflow management tools.
Figure A
Figure A
Figure A--Editing entities. (Click image to enlarge).

Lighthouse allows you to combine pieces of data from its various functions in many useful ways. For example, you can "subscribe" to updates to various pieces of data, much like Facebook allows you to easily track the changes your friends make (Figure B).
Lighthouse also has some very nice reporting and dashboard tools. While I have never been a super huge fan of the "gas gauge and thermometer" dashboard styles that were so popular a few years ago, Lighthouse makes it pretty simple to get a dashboard view of your project(s) in a way that makes the most sense to you, whether the style is a "gas gauge and thermometer" or a "tables and numbers".
Figure B
Figure B
Figure B--Selecting events to which you want to subscribe.

Lighthouse is designed for rapid drilldowns to quickly get you from a general oversight view to a detailed view. Likewise, you can create tasks that can be tied to a project plan. These project plans are what we usually think of when we think about project management: Gantt charts and critical paths. These tasks can stand on their own, separate from a project plan if desired.
Speaking of Gantt charts and project plans, Lighthouse is able to import and export Microsoft Project files. The application lets you work your own way and does not enforce any particular management style or technique. Also related to project management, Lighthouse includes simple facilities for tracking issues, defects, and change requests, managing release information, and gathering feedback.
The time management tools are quite smart. The tools tie into databases of local holidays, so that you do not accidentally expect a task to be worked on during national holidays. Like the rest of the application, you can edit and customize these databases. For example, if your team in Mexico gets U.S. holidays off, it is easy enough to do. And the time management tools tie back into the rest of the application, particularly the project planning tools.
Unlike many other Web-based applications though, you have the ability to purchase it for use on site (as a virtual appliance), and therefore you are not required to use it as a SaaS application. This is a welcome thing for organizations that have concerns about keeping its data outside of the firewall or using online services in general for business purposes.
The hosted plans are reasonably priced, and there is a free version as well. You can try a 30-day demo, and try the advanced features; after the 30 days, the demo will revert to being a standard free account.
There are a few minor items in Lighthouse that I am not 100 percent happy with, but they are easily remedied. First, the fonts were a touch too small to easily read in some places. In addition, the application spread itself across my screen and ended up with too much white space between elements, making it a bit easy to get lost on a page sometimes. I think this is preferable to the alternative, which is having an application screen so "busy" that you don't know what is happening. With regards to the functionality, I was quite happy with it, and I do not feel like there was anything obviously missing or broken.
Overall, I was pleased with my experience of trying Lighthouse and with the walkthough of the application. I think that Lighthouse hits all of the right notes. Is there room for improvement? Sure. But talking to Mr. Wesker, I think that Artifact Software has an excellent grasp of the challenges that management faces when dealing with software projects.
I also like the company's willingness to allow customer feedback to drive its development plans. I feel that this application will only get better with time. Artifact Software has hit the mark when it comes to providing an application that allows a project to be managed with a tool, without needing to concede control of the project to the tool.
Disclosure of Justin's industry affiliations: Justin James has a working arrangement with Microsoft to write an article for MSDN Magazine. He also has a contract with Spiceworks to write product buying guides.
READ MORE - Easily manage software projects with Lighthouse

Survival of the smartest – How to thrive In a slumping economy

Commentary--While our current economic state is one that most businesses have never experienced, the need to evaluate processes and optimize efficiencies is a no longer an option that can be put off to the next planning cycle.
This economy will rebound, and companies that can preserve capital and smart investments in innovative technologies will have “first mover advantage” when the economy begins to recover. Even today it is possible to rise above the turbulence and separate yourself from the competition.
A good first step towards getting a business to adjusting to leaner times is to identify major inefficiencies within the company – and rather than taking out the proverbial scissors and cutting programs – attempt to find an affordable solution that can not only help resolve the issues, but also provide some much needed confidence in the direction of your business.
However, with so many innovations in IT, companies must do their homework to select the technologies that will work best for their business needs and provide a quick ROI.
Head in the cloud
In the interest of affordability and ROI, many companies are using their limited IT budgets to invest in SaaS solutions – or bringing their business to the cloud. Currently, cloud computing is moving forward and away from a single application focus (like CRM or Web analytics) to an alternative computing platform that includes advanced internal and external data integration and exchange. These advancements cannot be ignored by organizations, especially with the ability to offer a new level of analytic collaboration across departments, organizations or extended enterprise networks.
Information and analytic communities can be enabled to share or exchange data across a cloud in secure manner. Proven “opt-in” networking concepts can be applied to business information and new business eco systems that can be enabled easily. Businesses don’t want to set up servers, develop data warehouses or data marts and then be saddled with the cost to maintain them.
In today’s economy, you should expect a well defined process around data integrity and security, to allow IT departments to focus on the critical systems that make the business competitive.
Take business intelligence (BI) technologies. With so many advancements in on-demand BI offerings, companies have the ability to take a virtual “look in the mirror” through the aggregation, reporting and analysis of business data. SaaS BI can also be easily distributed to business partners for increased transparency and greater effectiveness, building reciprocal business relationships.
With the right BI tools in place, companies within healthcare, e-commerce, insurance, consumer packaged goods, retail, technology and others, have received greater profitability through a deeper understanding of their business, allowing companies to quickly and efficiently become aware of – and improve upon – lagging areas of the business.
Collaborate with partners
It’s a fact that businesses are fighting for less dollars, so keeping your existing customers in this economy is vital. One way to ensure strong customer relationships is to create a transparent supply chain (regardless of what industry you are in), allowing your customers to see how their product or service is working within your business – or vice-versa. This kind of increased transparency allows companies to operate in a more predictive environment that provides the ability to take advantage of increased demand or better anticipate “low” periods.
Think of this as a shoe company and an athletic store. If the athletic store implemented a technology that provided the shoe company with a look at how shoes were selling in their stores, both companies would benefit through the ability to identify the most popular selling shoes, price-points that drive sales or when the store might run out of size 9 in women’s runners.
This example reflects just one store and one company – now think about the benefits if all of the shoe suppliers had this information on hand and the store was actually a chain of stores in every major city in the U.S. This would allow both the stores and shoe suppliers to know which shoes are more popular on the east coast than west coast or which stores are running low on supply. This important information maximizes inventory distribution and helps avoid overstocking.
Don’t just survive, thrive!
The time is now to get ahead of the competition by looking at all aspects of your business to make sure your not only survive the current economic malaise, but prosper in it. According to Gartner, Inc. “through 2012, more than 35 percent of the top 5,000 global companies will regularly fail to make insightful decisions about significant changes in their business and markets.” Furthermore, most organizations do not have the information, processes and tools needed to make informed, responsive decisions due to underinvestment in information infrastructure and business tools.
In order to thrive in business over the next few years, businesses must have systems in place to bring greater awareness to the decision making process and SaaS solutions are an affordable way to implement such a strategy, according to Gartner.
The following are three positive aspects of SaaS and how it can benefit your business:
  • Affordable Innovation: By adopting SaaS solutions and moving aspects of business to the cloud, a company is not buying any fixed (physical) assets, thus providing an affordable, low-risk solution without the financial obstacles associated with capital expenditures. On-demand technologies allow organizations to pay for only what they need and only when they need it. ROI is far more likely to be realized and surpassed in a short amount of time than a customized on-premise solution managed by a businesses IT department.
  • Information Sharing: To react quickly and intelligently to changing market conditions, employees, partners, and customers must have easy access to the up-to-date information as it applies to specific business goals. Decision need to be made on fact, not gut feeling. Having access to information 24/7 will help you make fast, fact-based decisions, gain fresh insights, and grow a profitable, highly competitive company.
  • Know Your Business, Know Your Customers: To thrive in the current economy, end-to-end awareness of your business will make the difference in whether your company just stays afloat or generates growth. Share your newfound awareness with your customers and partners to help improve the flow of business between you and them. Finally, invest in solutions that supply the best information to make good decisions for your business and produce confidence in the boardroom, client meeting or new business deal.
Again, what’s important to remember is that there are affordable technologies available to provide some “pop” to any lagging area of a business. The cloud is an exciting place to move your business processes and adopting a robust business intelligence solution is a must have if you’re interested in elevating awareness of your businesses’ strengths and weaknesses to make better decisions and ultimately increase profitability. biography
Quentin Gallivan is the CEO of PivotLink and has more than 20 years of leadership in the hi-tech industry. He has held a variety of senior executive positions with market leading companies such as Postini, VeriSign, Netscape and the General Electric Company.
READ MORE - Survival of the smartest – How to thrive In a slumping economy

Microsoft's DNS Patch Flawed, Security Official Says

Patch Tuesdays usually bring a nightly ritual of "coffee, bad jokes and really bad music" for Tyler Reguly, senior security engineer at San Francisco-based nCircle. However, this time, the routine was interrupted by his company's discovery of a major flaw in a patch for Microsoft's Domain Name System (DNS) and Windows Internet Name Service (WINS) servers.

The patch (MS09-008) had just been released this week as part Microsoft's monthly security rollout. What Reguly discovered was a vulnerability that renders the new patch virtually useless if a server has already been compromised.

The vulnerability allows users to set Web Proxy Automatic Discovery (WPAD) program entries in DNS when "dynamic updates are enabled." Dynamic updates allow a workstation to send messages to the DNS server to provide an IP address. Internet Explorer then attempts to download proxy settings from the server, which if infected, could allow the hacker to jump into the process.
Reguly described this kind of attack as a "man-in-the-middle" hack. He goes into greater technical detail describing the problem in his blog entry here.
"Like any [Patch] Tuesday, we sit and do an all-nighter and analyze the patches," he recalled in a phone interview on Thursday afternoon. "I happened to draw the straw, I guess, and I just noticed that when we were doing testing, we discovered that if we tested against a vulnerable host server, the patch doesn't work as prescribed."
After sending Microsoft an e-mail on Tuesday night, Reguly posted the blog entry to inform people of the issue. On Wednesday, Microsoft replied, saying that the patch achieved its intended functionality.
Reguly and others contend that without a proper response from Microsoft, it becomes race as to whether or not this vulnerability will be patched first or exploited first.
"So I'm the hacker sitting there waiting and everything you do via Internet Explorer is now coming over to my computer and I have full-access to everything you do," Reguly said. "The impact of a successful man-in-the-middle attack can result in stolen passwords in addition to monitoring and redirecting web traffic to sites containing malicious code."
The DNS flaw got attention last summer when Dan Kaminsky, a researcher at security firm IOActive Inc., announced a new-found vulnerability. Problems with WPAD entries go back further still, to 2002.
Two years ago, a hacker named Beau Butler told Australian media that Microsoft did not respond to e-mails regarding the existence of a security bug exploiting Internet Explorer via WPAD programs. However, by that time, the bug had been around for about five years.
Microsoft has yet to comment on Reguly's discovery or admit to flaws in the patch. In Reguly's estimation, Microsoft seems satisfied with the steps it took. The vulnerability exists simply because DNS can't tell the difference between a valid WPAD entry and a malicious one, he added.
With that in mind, Reguly said, "I don't think the response [from Microsoft] was sufficient. I think the ball has been dropped on this one."
READ MORE - Microsoft's DNS Patch Flawed, Security Official Says

Firms to wring business outcomes in outsourcing

SINGAPORE--In an environment of cost-cutting and flat budgets, businesses in Asia are increasingly looking for service providers that can guarantee business outcomes, according to an analyst.
With the downturn, there will be a greater demand for outsourcing as companies strive to cut costs, Nitin Bhat, senior vice president for ICT practice in the Asia-Pacific region at Frost & Sullivan, told ZDNet Asia in an interview Tuesday. However, there is also a more substantial mandate to ensure business outcomes are clearly stated in outsourcing contracts.
"They will be asking, 'What can you do for me to save what amount of money'," he noted, adding that the degree of business transformation may be another consideration.
Penalty clauses will also be more closely examined, but in reality, there may not be any enforcement of compensation, said the analyst.
At the same time, there is a recognition that greater flexibility needs to be worked into contracts, Bhat pointed out. To that end, there will be more discussions around, for example, exit options.
Should cost be a key concern, there will also perhaps be a willingness to lower service level requirements, Bhat said, but this may not make sense for important business functions, particularly if they are external-facing. Any rapid deterioration could make an "entire business unviable", he warned.
According to Bhat, other ICT trends in 2009 include greater traction in the data center space as a variety of players including pure-play facilities, carriers and systems integrators compete around the building of data centers and maximizing their operations. Also prominent in the corporate environment are unified communications and cloud or utility computing.
The economic downturn has not quite reached the bottom, Bhat cautioned, citing U.S. retail sales figures. Therefore, economic recovery will "at best" occur at the start of 2010, he predicted. Even then, there will be a slow start to the revival.
READ MORE - Firms to wring business outcomes in outsourcing

Filesystem fragmentation--A security threat

By Chad Perrin, Special to ZDNet Asia
Tuesday, March 17, 2009 01:37 PM
It may not be immediately apparent, but filesystem fragmentation is more than just a minor annoyance; it can also up the level of risk to your system and data security.
Filesystem fragmentation is a problem with which many computer users are familiar. Many, however, are not.
They don't know that filesystem fragmentation reduces performance so that they have to wait longer for their applications to respond. Gaming in particular can suffer--probably the most common high performance need for home computer users.
Those who know these basic problems presented by filesystem fragmentation usually know about defragmentation programs, and they sometimes even use them. A lot of people don't use them nearly enough. That can be especially important considering the security implications.
The list of immediate security concerns is short, but considering the relative ease with which defragmentation can (usually) be accomplished, they're important enough to go to the trouble when you need it.
Security problems include three key issues:
  1. disaster recovery: If your system suffers some kind of filesystem corruption, and you need to recover the data, many recovery tools can do so using a file allocation table. If that is corrupt, though, a longer and more difficult process needs to be used--and if your filesystem was significantly fragmented, that can increase the difficulty of a successful recovery quite a lot, as recovery tools will tend to have a harder time reconstructing complete files. Obviously, you should have good, up-to-date backups, but if the filesystem is corrupted between when critical data arrived and when the next backup was scheduled, this may be a very real problem for your data security.
  2. I/O activity: The more fragmented the data on your drive, the more physical operations a drive has to make to read the data your system needs and write data you wish to save. This can consume more power, generate greater heat, and degrade your system more quickly because of wear on the moving parts. Standard SSDs (solid-state drives) are limited to a particular number of write operations due to integral design characteristics required to make them maintain state when power is cut, which means that greater fragmentation can reduce operational lifespan as well, though the defragmentation process itself will also reduce the life of an SSD. Such circumstances can threaten data security in the long run due to the growing likelihood of an eventual crash.
  3. performance: You may think that reduced performance is just an annoyance, but it isn't. It also affects the speed, efficiency, and effectiveness of security software such as application layer firewalls and virus scanners. Virus scanners in particular are affected, because they are not only directly affected when the scanner applications and their virus definitions are fragmented, but also because they have to be able to scan the entire filesystem regularly to provide complete protection. Making backups can also suffer.
Of course, a better approach is simply to use a filesystem that doesn't get notably fragmented. Most filesystems in use on modern operating systems today are, in fact, very resistant to fragmentation. Filesystems such as UFS, ext3, and ZFS have pretty much solved the problem of fragmentation entirely. The two most common filesystems that still suffer significant fragmentation are NTFS and FAT32 (which is still used on many external storage devices).
MS Windows, as the primary user of NTFS and FAT32, comes with a defragmentation utility in default installs. Third-party defragmenters can do a better job, and if you run large networks of MS Windows computers that do a lot of I/O, it is probably worth your while to research them for the best combination of price, functionality, reliability, efficiency, and speed for your purposes. Be aware, though, that even the best defragmentation utilities for MS Windows begin to have difficulty performing effectively as your drive starts running out of space.
Modern non-Microsoft operating systems use non-fragmenting filesystems: FreeBSD uses UFS, most Linux distributions use ext3, and OpenSolaris uses ZFS. Other filesystems often used by these OSes and others that do not generally fragment include reiserfs, XFS, and JFS, for example.
The only time that any significant fragmentation starts occurring on such filesystems is when the filesystem starts getting too full to be able to efficiently manage data distribution on the storage device (over 98 percent full, generally). In such rare circumstances, however, complete filesystem defragmentation can be achieved by using tools such as dump and restore to quickly rebuild the filesystem.
One way or another, you should keep your filesystems as free of defragmentation as reasonably possible--not just for performance, but also for security. The preferred method would of course be to use a filesystem that isn't susceptible to file fragmentation, but failing that, regular defrag operations can help you protect the security of your data and make the process of protecting yourself against malicious security crackers and malware more tolerable.
Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.
READ MORE - Filesystem fragmentation--A security threat

Running Exchange Server 2007 in a virtual environment

In efforts to virtualize everything from the lowliest application server to the highest-end database server, Exchange servers look like scrumptious candidates. But do watch out for caveats.

With the release of Exchange Server 2007 SP1 and Windows Server 2008, Microsoft began supporting Exchange Server 2007 in virtual environments.
However, not every scenario is supported, and Microsoft only recommends and supports a virtual environment if specific conditions are met.
First of all, as I implied, only Exchange 2007 SP1 can run virtually. SP1introduced further improvements to Exchange's I/O footprint, which, I imagine, led to Microsoft's easing of restrictions on the installation in virtual environments.
Second, your Exchange servers must be running under Windows Server 2008; Windows Server 2003-based Exchange servers are out of the question.
Next, your virtual environment needs to be running on Hyper-V or a third-party virtualization provider validated by Microsoft. Validated third-party products include VMware ESX 3.5 updates 2 and 3 and Citrix Xen Server, among others. Microsoft prefers that you use Hyper-V as your virtualization platform, but it's nice to see that it isn't excluding other major players.
One major item of note: If you intend to use unified messaging, that role is not supported in a virtual environment. In fact, it's not recommended that you use virtualization for any services for which real-time communication is required.
I have tested the unified messaging role in a virtual lab and can safely say that this role really needs to run on its own physical server.
There are a number of other items to take into consideration when it comes to running Exchange in a virtual environment. The list below is just a few of the major items. Microsoft provides a complete list of requirements and limitations on TechNet.
  • Don't forget to account for the processing and disk needs of the virtual host, particularly if you're using Hyper-V. Under Hyper-V, the root machine needs processors assigned to it, and the root machine will consume processing resources and RAM. As you build your virtual hosts and add virtual machines, makes sure that the virtual processor-to-physical core ratio is no greater than 2:1. That is, if you have a four core machine, do not assign more than eight cores worth of processor to the running virtual machines.
  • Understand that Exchange's high-availability features, such as continuous cluster replication, don't mix well with hypervisor-based clustering, such as Hyper-V's quick migration or VMware's VMotion. Microsoft doesn't support combining these technologies. If you choose to forgo VMotion or quick migration on your root server or virtual host, then Exchange's clustering capabilities are fully supported in a virtual environment, although you do lose a significant server availability feature. Of course, you can always run clustered mailbox servers on different virtual hosts as a way to mitigate some of this downside. This limitation would only affect the virtual machines hosting the mailbox server role. The servers housing the other roles should not be limited.
  • Microsoft does not support making snapshots of full Exchange virtual servers at the virtual host level due to the fact that most hypervisor-based snapshot tools are not application aware. Snapshots could end up creating a mess if used improperly.
  • Even when running in a virtual environment, you need to adhere to design recommendations when it comes to building your virtual servers. If, for example, a physical machine would require 16 GB of RAM for a particular Exchange installation, the virtual machine will too.
  • Under Hyper-V, VHDs are limited to 2 TB in size. Size your mailbox stores accordingly.
These are just some of the most significant limitations and items of note with regard to running Exchange in a virtual environment.
READ MORE - Running Exchange Server 2007 in a virtual environment

Windows 7 Beefed

Plus, the new OS won't get any virtual tricks, IE 8 is declared the fastest browser, and more.

  by Doug Barney

Microsoft tries as much as possible to lock down new product features early in the beta, and then drives to make sure they all work. The Windows 7 crew must have missed that memo as the team just added a troupe of tweaks, tunings and trimmings all tailored toward tightening the tool before it takes on release candidate status. Many of the tweaks are fixes to little problems, like USB items not working after the machine comes out of suspend mode. Others affect look and feel, such as moving the "new folder" button up higher so it's easier to build new places for files.

Windows 7: No Virtual Tricks 
Microsoft has used virtualization for years to ensure compatibility. Windows NT ran on RISC chips like Alpha, even though it was native to Intel. The solution was the Hardware Abstraction Layer (HAL), a thunking layer that more or less let NT run on different processors.
Some gurus saw this approach and thought a somewhat similar approach could work with Windows 7 to help it run the software and drivers Vista failed to support. The idea was to use a virtual layer that mimics older OS architectures. The newest OS -- say, Windows 7 -- would be the leader and underneath would run the virtual layer. If done elegantly, you wouldn't even know the virtual layer is there.
Microsoft hasn't chosen this approach with Windows 7, and so far the compatibility reports are pretty good. These virtual pundits may be smart, but the Windows 7 dev team may be even smarter.
IE 8 Declared Fastest...Before Race Even Starts
I remember some months ago reading about a research team (not Microsoft) that found IE 8 to be the safest browser ever built. This is a bit like saying the Mercury Bobcat was the safest car -- before it was ever built, and before its gas tanks started exploding.
I didn't run IE 8 through any lab tests, but you've all told me about IE 8 and how the beta and release candidate spend more time crashing than driving. How can it be the fastest when it isn't even moving? When it does work, many of you find it faster than IE 7. But can we at least wait 'til final release before declaring victory?
Your Turn: IT Gone Good
Two-and-a-half years ago, I wrote a story about IT abusing its power -- blackmailing executives, spying, stealing and sexually harassing.
READ MORE - Windows 7 Beefed

Bridging the Business and IT Divide

Leadership is all about people. In the simplest terms, you can’t be a leader without followers. And to inspire and motivate people to follow, you need a clear vision and the ability to articulate it. Moreover, leaders need to be professionally and technically competent; they need to understand their industry and the competitive environment, and be able to effectively engage decision makers, subject matter experts, and employees across the enterprise and stakeholders outside of it.

For a CIO, leadership can be even more challenging because of the balance needed between the business and technical aspects of job and the need to communicate to those two communities in their respective languages and to be able to translate between them. Often, sitting in meetings I see the best intentioned IT folks often talking techie “right past” their business counterparts and the business folks discussing mission to IT people who may never have been outside the confines of the IT environment.
As the CIO, it’s key to bridge the divide and help the business and IT communities in the organization work together and learn to speak and understand each other. Only this way, can the IT folks understand the business requirements and the business folks understand the technical solutions being proposed.

To accomplish this, the CIO should have the business and IT people work together in integrated project teams (IPT’s), tiger teams, task forces, and so on to accomplish IT projects, rather than the business just being consulted at the beginning of the project on the requirements, and handed a “this is what we thought you wanted” deliverable at the end.

Further, the CIO should appoint business liaisons or customer relationship managers to routinely work with the business, understand their needs and work to address them—until completion and satisfaction. The business liaisons need to “own the customer” and should not just be a pass-through to the help desk with no follow up, closure, or performance measurement
Where appropriate, I think it is even a good idea to collocate the business and IT people together, rather than in their separate fiefdoms and functional silos to so they really become a cohesive team—sharing business and IT knowledge and working together to implement an IT enabled business.
Of course, the CIO should encourage training, field trips, work details, and other cross-pollinating initiatives.
Finally, a robust enterprise architecture and IT governance helps to effectively bring the business and IT people together to jointly build the plan and make the decisions, so that it is not one side or the other working in a vacuum or imposing little understood requirements or solutions on the other.
In the book, The New CIO Leader by Boardbent and Kitzis, one of the basic premises is that “every CIO will follow one of two paths:” as follows:
--either they will be a “chief technology mechanic,” narrowly focused on IT to the exclusion of the business.
- or they will be a “new CIO leader,” where “IT is at the heart of every significant business process and is crucial to innovation and enterprise success.”
To be the new CIO leader, and truly integrate IT into the very fabric of the mission, you need to “weave business and IT strategy together” and also integrate the business and IT people to work effectively together.
Of course, this starts with building a high-performing IT organization, but must also involve regularly reaching out to the business at every opportunity and including them as full partners in build effective and efficient enterprise architecture planning, IT governance, and full systems life cycle execution.
In my opinion, the new CIO leader, does not think just IT, but lives and breathes the business and does everything in their power to bring the two not just in alignment, but in true partnership.
How important is this?
As Broadbent and Kitzis state: “If you don’t think like a constantly ‘re-new-ing’ CIO, you may be on our way to becoming an ex-CIO.
READ MORE - Bridging the Business and IT Divide