Scanning with Canning: Catching The Wave of Emerging Security Trends

Turning Security & Privacy into a competitive advantage

Many Chief Security Officers supporting Financial Services today are delivering empirical data to their management as proof of Security & Privacy compliance; however you need more tangible evidence to sell customers and partners beyond registry ticks and checks.

Most Fortune 500 CIO’s I speak with are worried the company’s reputation and brand highly valued by the board; “its hard thing to earn and keep -- harder to repair”

This does not mean endless amounts of investments aimlessly poured into Security & Privacy; rather a measured balance view is critical when making buying decisions. Additionally, you must level-set across your partner ecosystem. Your company could be 100% compliant, but when client data passes from your enterprise to your partner’s and they haven’t applied the same rigors -- “egg” is on everyone face when information leakage is detected.

Managing the FUD “Fear Uncertainty and Doubt” is becoming a full time job for CSO’s and top of mind with CIO when mission critical transactions are at steak. Business and Technology must work together thinking through processes end-to-end understanding and anticipating the “Chess Board” a few moves down.

Good practice starts with a scorecard tracking basic items like, new incidences, vulnerabilities thwarted, escalated & tracked, closed, and level of granularity of attack. Industry analyst’s clearly state threats are moving away from the operating systems and network now targeting applications.

One emerging software vendor focused on this application protection space is Cenzic, who provides breakthrough enterprise software and services for automated application security assessment and policy compliance testing. This platform allows corporations and government organizations to dramatically improve the security of commercial and custom applications. “Hailstorm” enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Using a Stateful Assessment™ approach, Hailstorm is able to provide highly accurate results with minimal false positives.

Post cards from the edge…

Cheers,

Don.

September 26, 2006 | Permalink | Comments (6)

Turning Security & Privacy into a competitive advantage

Most Fortune 500 CIO’s I speak with are worried the company’s reputation and brand highly valued by the board; “its hard thing to earn and keep -- harder to repair”

Post cards from the edge…

Cheers, Don.

September 26, 2006 in Web/Tech | Permalink | Comments (6) | TrackBack (0)

Venture Capital Investments in NYC Skyrockets 40%

When startups think of VC investments they’re first reaction is not typically “New York City”, unless it’s Financial Services and Wall Street related. Well, New York is known for its Financial Services technology & innovation, however now seems to be diversifying into biotechnology.

My curiosity was first peaked when NYC based Medidata Clinical Trails Software-As-A-Service (SaaS) .NET Microsoft pure-play ISV backed by InsightPartners wins several local & national awards. I was thinking – OK, New Jersey has a ton of Fortune 100 Pharmaceuticals companies; therefore it’s somewhat normal for a few biotech investments.

From a few to a trend - biotech takes in 1/3 of investment pool. According to Amanda Fung report in Crain's New York investment trend: "Venture capital firms invested $535.5M in 58 New York metro tech companies in the second quarter, up 40% from the previous year, according to a recent quarterly survey released Tuesday, August 1st 2006” ... She continues “About a third of the New York funding, of which $175 million, went into 11 biotechnology companies, according to the MoneyTree report by PricewaterhouseCoopers and the National Venture Capital Association”...

"'New York Metro's second quarter has a terrific story to tell,' said David Silverman, managing partner of PWC's venture capital practice in a statement. ’To see this pace continue will only confirm the venture capital commitment to this region.'"

Investments in New York City’s early stage companies increased for the third consecutive year to $91.3M, up 55% from the previous quarter, and later stage companies were up for the fourth year to $214M, up 44% from the previous quarter.

Highlights include 4 NY Metro companies within business products and services received $96M, one of which received $47.5M. While 17 software companies took in $70 million, and 3 IT services companies took in $46M. Overall, New York Metro Investing Increased a Healthy $18M over Q4 2005 In Q1 2006 with $348M to view the full press release link to; http://www.nysia.org/member_press/pressrelease.cfm?pid=297

Nationally, venture capital investing reached its highest level since 2002 with $6.3 billion in 865 companies for the quarter, according to the survey. First-time financings reached a five-year high of $1.3 billion in 282 companies. PWC Money Tree shows investment by location nationally: http://www.pwcmoneytree.com/moneytree/nav.jsp?page=region

Cheers to the City that never sleeps – New York, New York!

Don.

August 03, 2006 | Permalink | Comments (1) | TrackBack (0)

A Startup Kinda Guy – Craig Mundie

More than a few of my emerging ISV company are asking me – what will Microsoft be like after Bill retires? Who will be taking the lead Research and Strategy role -- Ray Ozzie?

Well, I was quite interested in those answers myself and did a little digging finding a recent podcast with Global Chief Research & Strategy Officer Craig Mundie on Microsoft’s Channel 9. It’s a worthwhile 25 minute interview for the public to get the inside scope with one of Microsoft’s most influential though leaders driving next generation products and services. He describes in fare detail his relationship working directly for Bill Gates past 8 years and taking over many of his day to day line responsibilities over the next two.

One big surprise for me was his background in startups right out of Georgia Tech, developing Super Computing subsequently acquired by Data General, and speaking of those days with fond memories stating deep down he’s “a startup kinda of guy”.

He was hired by Bill Gates in 1992 to drive Emerging Business for Microsoft and confesses many of these endeavors were none PC based, i.e. WebTV, Phone etc. However gave him a good broad view across Microsoft and enabling strategic developments continually rising through the ranks.

I was very encouraged to hear Craig’s interview learning he has a passion for startups like I do supporting Microsoft’s Emerging Business Team and that the future for Microsoft will continue to be the leading innovator of technology by developing a rich ISV startup partner ecosystem.

Today The Emerging Business Team is lead by Corporate Vice President Dan’l Lewin who focuses his portfolio managers primarily on venture backed startups. Dan’l is expanding the team focus globally identifying high profile startups showing the world betting on Microsoft .NET = winning.

I’m a startup kinda of guy too!

Cheers,

Don.

July 28, 2006 in Web/Tech | Permalink | Comments (0) | TrackBack (0)

From startup to super star, it pays to be NICE –

I had a unique opportunity to speak at Omni Resort & Hotel in Orlando FL, for NICE’s User Group Conference presenting emerging technology trends and Microsoft’s latest Security platform Forefront. The event hosted over 2,500+ customers focused on Compliance Quality Monitoring, Management Insight from Interactions using advanced analytics, and video providing specialty solutions within Public Safety and Private Equities Secure Content Management services.

Their innovative platform makes sure employees say please and thank you – while monitoring for transaction settlement and completion. Client's attending conference boast the who’s who of Wall Street firms including Deutsche Bank, J.P. Morgan Chase as well as other big named accounts in telecommunications - Avaya and Internet Service Providers like EarthLink.

"NICE made a strategic technology decision 5 years back moving away from UNIX, Oracle and Sybase realizing that betting on Microsoft .Net equaled winning big!"

NICE holds a close unique relationship with Microsoft working closely with product groups, local field representatives globally and actively engaged for go-to-market synergies. Executives see the relationship from three strategic perspectives; identifying customer needs while leveraging existing in-house skills, partnering is one of Microsoft’s greatest strength’s, and total cost of ownership for customers delivering best value.

Built 100% on .Net & SQL Server Windows platforms NICE applications captures hundreds of gigabytes of voice recordings, screen shots, and video communications (all encrypted) so that they can be evaluated for quality or forensic purposes. The company also provides enhanced voice recording and communications intelligence product to government agencies. Other products include specialized computer systems designed for air traffic control logging systems. NICE choose Microsoft’s Active Directory to ensure users have the appropriate credentials to gain access to high sensitive applications and data.

NICE is clearly one of Microsoft’s shining stars when it comes to presenting a compelling partnering story and valued relationship. NICE boast over $300M in annual sales and producing nearly 24% sales growth. The company is also expanding through Mergers & Acquisitions having recently acquired Proformix adding 200+ employees totaling over 1,400 FTE’s.

Cheers,

Don.

July 27, 2006 | Permalink | Comments (1) | TrackBack (0)

Microsoft Windows CardSpace enabling ePayments

Windows CardSpace enables users to provide their digital identities in a familiar, secure and easy way. In the physical world we use business cards, credit cards and membership cards. Online with CardSpace we use a variety of virtual cards to identify ourselves, each retrieving data from an identity provider. CardSpace is specifically hardened against tampering and spoofing to protect the end user’s digital identities and maintain end user control.

Windows CardSpace formerly known as “InfoCard” utilizes Microsoft’s latest .Net Framework version 3.0 formerly known as “WinFx” providing a secure user experience required by identity web-services and specifically enabling ecommerce internet based ePayments.

In fact Microsoft is well positioned to engage the mega-market on-line economy by investing in CardSpace and by developing an ISV partner ecosystem by working with Venture Capitalists investing huge capital in Financial Services ePayment space. One key indication of this emerging trend is explained by our Emerging Business Team’s Financial Services Banking Portfolio analytic Trends & Observations Report. Figures indicating an upward trend of 9 ePayment venture backed IVS’s totaling $34M in Q405+Q1 2006. A 22% increase ove prior quarters investments.

“Indications clearly point to huge growth potential in the payment processing space, especially alternative payments such as PayPal.” Anonymous Analyst quote.

Other indications competitors and partners are giving this special attention is Google’s entry in the market with “Google pay” that has the potential to become popular pretty quickly. Though experts and industry analysts are not convinced yet – Microsoft is acting quickly to establish itself and partners as a serious player in this growth oriented market.

Speaking with Microsoft’s US Financial Services Industry Unit Lead Warren Lewis and Christopher McLendon US Retail Industry Unit Specialist – ePayment success will depend on reach, pricing, and strategic partnerships with online banker and retailers.

From an emerging trend to a growing number of traditional retailers have jumped on the internet bandwagon as to not lose sales to their virtual competitors. Traditional legacy payment platforms such as credit cards and bank transfers which currently control 90% of consumer transactions today will become increasingly threatened by new ePayment solutions offered by Microsoft back-end e-payment infrastructure partners like IP Commerce. These solutions offer a compelling proposition of ease of use, loyalty programs, security and ultimately low transaction charges.

Security is a crucial factor when consumers consider ePayments and demand multiform factor identification capabilities – no longer is just a “pin” secure enough for consumer confidence. Emerging trends point combining Identity, Authorization and Device address validation as the ideal situation.

Identity can be further enhances thru new software platforms like Microsoft CardSpace, in addition to edge devices that can detect bio feedback (i.e. fingerprint, renal scan, bio-pulse etc) in combination with traditional account numbers and pins.

Authorization will also change the way we use ePayments, most transactions under $25 near future will no longer require a signature. RFID or Bluetooth signals will enable and complete “touch-less” transaction (i.e. EzPass for tolls, airport parking, and fast food restaurants on New Jersey Interstate parkway).

Device identifications are a bit further out leveraging IPV6 as the key to identifying every IP server and edge device uniquely. This does not prevent spoofing entirely, however does give the customer and merchant or bank a higher degree of confidence within non-repudiation or transaction settlement.

For additional information on what Micorsoft is doing and it’s partners please leave a trackback on this blog or check out ePayment Industry Architect Moin Moinuddin ePayment Blog at http:/blogs.msdn.com/mmoin.

Cheers, Don.

July 21, 2006 in Web/Tech | Permalink | Comments (0) | TrackBack (1)

How does a startup become an industry success?

Easy - demonstrate enterprise capability solving real business problems, integrate Microsoft’s latest product features and demonstrate success at Securities Industry Association conference.

This year I attended Securities Industry Association (SIA) annual forum in New York Hilton, June 20, 2006 – housing over 500 technology booths showcasing latest SOA applications and services. The event draws a lot of attention due to capital market institutions and traders constantly looking for new ways to stay ahead of the game. And the formula for this years game is; technology + time to market = profits.

In the world of equity trading and investments, the power of Microsoft was demonstrated by one of my top-tier emerging partner Digipede. President & CEO John Powers team provide industry analysts and program traders several incredible real-time demonstrations of end-to-end Monty-Carlo portfolio calculation simulation using parallel HP clusters and common Office tools like Excel.

Stevan Vidich of Microsoft’s U.S. Financial Services Group worked closely with Digipede showcasing what promises to become one of the world’s most advanced modeling and trading platforms – the Microsoft Office Excel Services/Windows Compute Cluster Server solution.

What has Digipede accomplished? First they’ve integrated web-services features in Office 2007, delivered answer sets real-time to Excel Server and leveraged Compute Cluster Server (CCS) + Digipede .Net to deliver ultimate scalable parallel processing.

If you’re struggling with very complex Excel spreadsheet processing or .Net calculations and want real-time HPC performance, Digipede has the solution.

With the combination of Digipede, launch of Windows Compute Cluster Server and, later in the calendar year, Excel 2007 and Excel Services, Microsoft has a competitive offering in financial services with compelling points of differentiation relative to Linux grids:

- Leverage existing Windows OS, HW, and products Active Directory, Microsoft Operations Monitor etc.

- Works with Office applications, .Net and Visual Studio Integrated Developer Environment.

- Fully SOA enabled

- Turnkey operation with Office 2007, Excel Server, and CCS

Microsoft as a team is working closely with Digipede Technologies to enable seamless programmatic integration between .NET applications and cluster resources, and with Platform Computing to make sure that Compute Cluster Server nodes can be integrated with existing Platform-managed grids.

July 06, 2006 | Permalink | Comments (0) | TrackBack (1)

Emerging Business Team Road Map – 5 years in Success!

The first question most Startup Companies or Venture Capitals ask me is – “What do you do again?” It’s almost too hard for them to believe that Microsoft would care about small emerging companies and venture-capitalist portfolio companies. And often times I say well, it’s probably useful if I start at the beginning and give you some backdrop about the group, our motivations and how the group was started approximately 5 years ago.

It began with Dan’l Lewin, a successful 25-year player in the Valley tech industry, who contemplating his next career move. After working with companies such as Apple, (where he helped launch the Macintosh) and Next and launching some startups, he was ready for a new challenge. He came across a .NET speech by Steve Ballmer, and was so inspired that he sent Steve e-mail and was quickly offered a position as corporate vice president for .NET Emerging Business.

In addition, he committed to spearheading efforts to build strong relationships in Silicon Valley (and latter across the world) and help Microsoft better understand the area's unique culture and business dynamic. One of Lewin’s big pushes has been to make sure that Microsoft has a seat at the table, in terms of community engagement (i.e. Silicon Valley and key investment centers around the county).

“We’re better corporate citizens now because we show up at the table. In the beginning they thanked us for just showing up, and now they just expect us to be at the table.”

The venture-capitalist community has been wary of Microsoft, from past war stories about Netscape and others. The company’s broad success made startups apprehensive about launching new products for fear Microsoft would compete with them. Lewin began repairing this relationship by going to the VCs, analyzing their portfolio companies and letting them know how the Microsoft platform can help them.

“By responding quickly and consistently we have shown that we can be a great partner, and the feedback shows that VCs now recognize this much more than they did five years ago,” Lewin said.” It’s all been about building trust and showing them that we’re a helpful partner instead of someone to be feared.”

VC’s are now actively engaged with Microsoft; “We've been involved with EBT (Lewin’s Emerging Business Team) and Dan'l from inception and have found the program to be extraordinarily useful,” said Brad Feld, managing director, Mobius Venture Capital.

My role with the Emerging Business Team (EBT), is to be apart of an extremely focused group of people who are widely networked across Microsoft. As a result, we can help the startup [and their VC backers] understand their relevance to Microsoft, best partnering approaches, and get people connected quickly. In addition, we host and organize an annual Venture Capital Summit, attended by more than 100 top VCs and an equal number of Microsoft executives, as well as regular VC roundtables. High-profile Valley startups such as AmberPoint, Akimbo, AtHoc and DigitalPersona have benefited significantly from EBT support and guidance. Their mutual goal is to rapidly and successfully bring products and services to market using Microsoft tools and platforms.

As Dan’l Lewin reflects on the past five year road map; “A lot of people inside Microsoft have been incredibly supportive over these last five years which has allowed us the flexibility to do this work, and the results have paid off. What we have learned here about becoming a better partner and helping emerging companies become successful using our products and programs, will be helpful to other business and innovation centers around the world.”

Across the community, reflections of improvement;

It is hard to quantify how far Microsoft has come. It’s fair to say that three years ago the company’s relations with the Valley were unfavorable. Today, indications are that Valley community relationships have improved considerably, though the company realizes that it still has a long way to go to solidify the trust that has started to emerge.

Our Silicon Valley press agent Doug Free quotes; “Anecdotal feed back as well as coverage by the media indicates things are improving. In all our interactions, we strive to be open, thoughtful and consistent,” Free said. “Over time, we’re seeing people engaging us with an open mind. We don’t have to overcome as many negative perceptions to be heard.”

I hope this gives you a strong understanding about the group’s heritage and the importance Microsoft holds towards the VC’s and their portfolio companies. I’m always eager to share this story and proud to be apart of such an innovative team and leadership of dedicate professionals making a huge difference in one of Microsoft’s biggest challenges – overcoming skepticism.

Cheers, Don.

February 03, 2006 in Web/Tech | Permalink | Comments (5) | TrackBack (2)

Microsoft Financial Services Developer Conference 2006

<><><><><><><><><>

Microsoft Financial Services Developer Conference 2006

April 24-25, 2006

Millennium Broadway Hotel

145 West 44th Street

New York

Please join us for the annual Microsoft Financial Services Developer Conference. Now in its 4th year, it is the leading event for developers and architects in the financial services industry. This annual event offers developers the opportunity to gain insight into Microsoft's latest and upcoming technologies for the banking, insurance and capital markets industries. After attending this event you will walk away with best practices from industry peers, the latest tools and technologies from Microsoft, as well as information on security and the future roadmap for development technologies. In addition, the conference will offer an excellent opportunity for networking with your peers in financial services.

Building on the successful launch of the experience Financial Services vision, we will explore the practical implementation of industry leading solutions and give you tools and resources to help you apply it throughout your organization. We will feature distinguished speakers from the industry including our partner group and our Financial Services team. In addition, you will experience our customers presenting the value that they have realized through using .NET and the Windows Platform. We will also have showcase presentations from distinguished product managers from our corporate headquarters. Our sessions will be resplendent with demos, current case studies, and future visions of our next generation of Microsoft tools.

This year's event will be held at the prestigious 4 star Millennium Broadway Hotel, with the keynote delivered in the historic Hudson Theatre, the second oldest theatre in

New York

where stars such as Barbra Streisand and Louis Armstrong made their debuts, and the Tonight Show was first broadcast. It promises to be an event you will not want to miss!

AGENDA*

April 24
8:00am-9:30am Registration and Breakfast
9:30am-5:00pm Sessions
5:00pm-8:00pm Welcome Reception

April 25
8:00am-9:00am Breakfast
9:00am-4:30pm Sessions
4:30pm Depart

SESSIONS

Day 1 planned sessions include the keynote address, the latest on Microsoft in Banking, Capital Markets and Insurance, Building Smart Clients Solutions, Using Visual Studio Team Systems (VSTS), Developing Microsoft Office Solutions with Visual Studio Tools for Office (VSTO), .NET Security Framework, and Developing Cross Channel Applications with solutions like the Customer Care Framework (CCF).

Day 2 planned sessions include Windows Vista, Using SQL Reporting and Analysis Services, Prescriptive Architecture Guidance for Financial Services, Service Orientation and WSE, Platform Interoperability, Windows Communications Foundation (WCF), Windows Presentation Foundation (WPF), Threat Modeling, and other vertically focused sessions.

Visit our partner showcase daily featuring leading solutions, software, and resources for the Financial Services industry and get a chance to win one of several great prizes including an XBOX 360!

*Please note that the agenda is subject to change.

ACCOMMODATIONS

For your convenience, a block of rooms has been reserved at the host hotel, the Millennium Broadway Hotel. When making your reservations, please reference the Microsoft Financial Services Developer Conference to receive the reduced rate of $259. All reservations must be made no later than April 1, 2006 to receive the discounted rate.

January 30, 2006 in Web/Tech | Permalink | Comments (1)

Vista Security Road Map 06’ – Internet Explorer 7.0

The hot topic today is on-line or web-based transactions and how the public interrupts the issue of security. At the center of the debate is the “user interface” and how secure is that interface. Many people wonder who is watching my activity and gathering userid’s and passwords, fearing giving away access to their accounts. Some say – who cares, I only use ‘X’ credit card for on-line activities and that carrier protects me from fraud and account crediting. Others are opting for protection from Insurance companies – like Allstate’s new Identity Theft Protection policy.

All of these ideas are practical but the industry needs to respond with platforms for safe on-line commerce. For example, credit card companies and on-line transaction processor must comply with an evolving set of principles called Payment Card Industry (PCI) Data Security Standard. Announced as a joint MasterCard/Visa security standard December 2004, applies to any entity that ‘processes, transmits, or stores’ cardholder information. PCI mandates that third-party (i.e. PWC) audits and scanning for violations within largest merchants and service providers -- fines of up to $500,000 per incident.

The top 12 principles;

Install, maintain a firewall configure to protect data.
Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect stored data.
Encrypt transmission of cardholder and sensitive information across public networks.
Use and regularly update anti-virus software.
Develop and maintain secure systems and applications.
Restrict access by business need-to-know.
Assign a unique ID to each person.
Restrict physical access to cardholder data.
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
Maintain a policy that addresses information security for employees and contractors.

So, what is Microsoft doing about security and on-line transaction processing products – plenty! One item in particular, the new Internet Explorer (IE 7.0) on Windows Vista includes a more secure version of IE. Among the many new features IE 7 will support “protected browsing” mode, which prohibits the browser and any controls (i.e. malware) running within the browser from writing to areas outside the temporary Internet files folder without user consent (user gullibility still is an issue!). Some of the features within IE 7.0 like anti-Phishing, will be available on Windows XP SP2/R3, however “protected mode” browsing will only be available with the Vista release.

Financial Services enterprises wishing to provide a “protected mode” and zero-touch to thier existing IE “user-interface” for applications like "on-line banking services" try looking at one of Microsoft's partners Permeo. They have a very cool process for securing IE sessions against key loggers, browser cache theft, and having a very cool demo of an on-line banking transaction that detects and protects the session. Again, it’s a zero-touch solution that's deployed by the Financial Services institution when entering the banks website dynamically.

This is the second article on Vista road map click here for first.

Cheers, Don.

January 25, 2006 in Web/Tech | Permalink | Comments (3) | TrackBack (2)

Vista’s Security Road Map in 06’

The theme here is “Improving Security and Reliability” while a good sign that security as a business concern fell to seventh place this year from second last year, does not mean that security is no longer an issue according to Gartner; rather maintaining secure systems was just expected. Microsoft’s approach to that end is building upon Windows XP Service Pack2 (SP2) and later in 06, or early 07 Release 3 with new security features, all being poured into Vista. This posting will be a first in a series of blog postings highlighting Microsoft’s Vista Security Road Map 06’ and the Emerging Companies that support those initiatives – i.e. Vista functionality.

First things first; a new way to secure Windows Operating System startup. This feature eliminates the worry about when the operating system (OS) could be compromised at time of startup. Some security attacks happen during the operating bootup cycle where malware tampers with the OS before it loads network drivers. The new Vista OS feature will incorporate Trusted Processing Module (TPM) an on-board chip that stores keys, passwords and digital certificates. By encrypting the data on the disk it eliminates the probability of code injection during boot cycles.

Many of my Security Emerging Business Companies ask me if the new Windows File System (WFS) or WinFx will be included with encryption. It’s a bit too early to tell but from monitoring the Vista BetaOne Ascend correspondence it’ll probably be officially released late 06 or early 07.

This of course is a great feature, but what if your company’s laptops contain sensitive data that you would like to encrypt today on older versions of the Windows OS. ORBO has a great product RedSphere for Laptops that upon installation the local encryption agent will encrypt all data files contained on the computer’s hard drive. In addition to encryption, they have an interesting Access Control Manager comes with a choice of authentication modules and can be used as additional access security for devices using leading edge cognometric authentication, password shields or eTokens.

What is Cognometric Authentication using passfaces? Users start by getting to know a group of faces – their Passfaces – which are assigned by the system at random from a large library of anonymous faces. You remember the faces out of the crow and use them to gain access to the system in lieu of passwords. When I tried this, I thought I would never be able to remember to pick “one” of my five faces out of a line up of twenty, and repeat five times. Surprisingly, I got it right first try – check out the on-line demo, it’s fun!

This concludes the first post in a series.

Cheers, Don.

January 24, 2006 in Web/Tech | Permalink | Comments (1) | TrackBack (0)

SDForum’s Interoperability 06’

Microsoft is coming on strong and serious about Interoperability. Web-Services are all about driving horizontal business architecture strategy across many Fortune 500 corporations divisions. Companies are constantly looking for ways to save on development costs while delivering unique competitive business value. Many corporations are creating internal profit centers called “shared services” that act like privately run business that compete with outside vendors. These units can only be competitive if they have a handle on “Interoperability” and developing a robust heterogeneous Service Orient Architecture. As these disciplines become more and more prevalent third party process either internally or externally will be the norm.

The technology is ready and the vendors are ready to talk about how playing together makes everyone win in the Interoperability game. Microsoft is support this strategy with it’s platform called “Connected Systems” encompassing a vast array of different products and Windows operating systems that support SOA initiatives natively. One such example of this is code name “Indigo”, now known officially as Windows Communication Foundation (WCF) within Vista and soon XP R3 (Release 3). WCF is an industry complement to BEA and Tibco just to name a few top players. Security and Identity are two key aspects being explored by Deloitte, Oracle, Identrus and Microsoft.

Join industry thought leaders from Deloitte, IBM, HP, Intel, Microsoft, Sun, and Oracle, along with Burton Group expert Ann Thomas Manes, on January 31st, for an open industry dialog on industry-wide initiatives for interoperability.

Agenda

8:00 – 8:30am Registration/Continental Breakfast
8:30 – 9:00am Keynote: Anne Thomas Manes, Analyst, Burton Group Why Interoperability is Key to Your Business Success
9:00 – 9:40am Web Services Interoperability Andy Daecher, Partner, Technology Integration Services, Deloitte Edward Cobb, VP, Architecture & Standards, BEA Systems, Inc. Nick Kassem, Technology Director, Web Services Technology and Standards, Sun Microsystems Weston W. Swenson, President/CEO, Forum Systems
9:40 – 9:50am Break
9:50- 10:30am Fireside Chat Anne Thomas Manes, Analyst, Burton Group Graham Hamilton, VP and Fellow, Java Platform Team, Sun Microsystems Kelvin Lawrence, CTO and Distinguished Engineer, IBM Robert Wahbe, General Manager XML Services, Microsoft
10:30 – 10:40am Break
10:40 –11:20am Identity Management Brian Geffert, Partner, Identity Management Services, Deloitte Prateek Mishra, Director, Security Standards, Oracle Corporation Karen Wendel, CEO, Identrus Kim Cameron, Chief Identity Architect and Strategist, Microsoft
11:20 – 11:30am Break
11:30 – 12:10pm Enterprise Systems Management Magdy Assem, Marketing Director OpenView, Hewlett Packard David Caddis, Director Market Management, IBM Tivoli Service Delivery Solutions Tom Kemp, CEO, Centrify Corporation Kaladar Rau (RK), Senior Manager, Systems Management Practice, Deloitte Vijay Tewari, Senior Researcher and Software Architect, Intel
12:20—1:10pm CIOs: How Interop Matters to Their Business Dean Lane ,CEO Varitools and former Sr. Director of IT at Symantec (Author of "The CIO Wisdom") Vivek Asija, CIO, McGuire Real Estate Jim Swartz, CIO, Sybase Inc
1:10 pm – 2:00pm Lunch Provided

Location – Network Meeting Center 5201 Great America Parkway Santa Clara, CA 95054 Directions Price* $25 SDForum Members $40 Non-SDForum members *at the door add $10 to member and non-member prices

January 23, 2006 in Weblogs | Permalink | Comments (12) | TrackBack (1)

Microsoft’s Trustworthy Computing – A look back at 2005

When Microsoft faced with a challenge as serious as security, it fights back with a vengeance. Over the past year the company has gone through many changes ranging from reorganizations, to company acquisitions. These changes were implemented to better focus on becoming an agile security threat response organization. Six areas of particular note;

Fundamentals -- Microsoft’s Security Development Lifecycle (SDL), an approach to the entire software development process that incorporates security holistically and comprehensively. A major reorganization occured last summer where all security developers are aligned & reporting directly to the product groups. So what are some of the results; vulnerabilities in Microsoft Windows Server 2003 were reduced from 84 to 49 compared to the previous version; new wave of shipping products developed under the SDL process -- included Visual Studio 2005, SQL Server 2005, and BizTalk Server 2006 Beta 2. Lastly, Software Update Validation program that provides rigorous testing of updates before releasing products prematurely.

Threat and Vulnerability Mitigation -- The acquisition of Sybari Software for enhanced protection against malicious software for enterprise customers. Announcement of Microsoft Client Protection, which will combine strong anti-Spyware tools, comprehensive virus protection and centralized management capabilities for laptops, desktops and servers in business systems. Acquisition of FrontBridge Technologies to enhance management and security capabilities for enterprise e-mail environments. Windows OneCare Live, a subscription service that takes much of the work out of online protection, by automatically helping guard against spyware, phishing attacks and other threats.

Identity and Access Control -- A way to dictate what resources users can access, and personal and corporate information is protected throughout its lifetime—wherever it resides. Acquired Alacris, a leading provider of strong authentication solutions for digital certificates and smart card applications.

Prescriptive Guidance -- Intensive training for third-party developers on secure coding practices and the SDL at the annual Microsoft Professional Developers Conference. New online security curriculum called Learning Paths for Security, organized around four key learning paths: Threats & Vulnerabilities; Identity & Access Control; Regulatory Compliance; and System Integrity. Security360, a monthly webcast series focused on security topics that includes commentary and guidance from security industry experts inside and outside of Microsoft.

Industry Partnership Progress -- Creation of the SecureIT Alliance, a group of security partners that are working together to develop innovative security solutions for the Microsoft platform for the benefit of common customers. Founding member of the AntiSpyware Coalition and participated in Black Hat briefings and hosted two Blue Hat events. And working with government; Congressional Internet Caucus where detailed support for a “comprehensive” legislation approach to data privacy at the federal level that would provide meaningful protections for individuals, focused on preventing actual harm, and set clear guidelines for businesses while still allowing commerce to flourish.

A Look Ahead into 2006 -- Windows Vista platform will experience security improvements in everything from user account control, better support for smartcards, enhanced firewall protection, and improved security and privacy capabilities in Microsoft Internet Explorer 7.0. Additionally, BitLocker Drive Encryption, a hardware-based feature that addresses the growing concern over corporate and customer data on lost or stolen machines.

For more details on this blogs source and RSS subscription feeds click on this tab.

Cheers, Don.

January 03, 2006 in Web/Tech | Permalink | Comments (0) | TrackBack (0)

Scanning companies for IPv6, and emerging players surfing to profits.

It’s amazing to me that many of the Security companies I talk with have no idea about IPv6 or plans to address this significant change. It’s sort of like looking at the ocean and saying; wow, why is the water pulling back into the ocean – well you’d be wise get running now!

The signs are everywhere, i.e. proxy server mania -- will the real IP address please stand up! Sorry it can’t – it’s been translated 6x before it renders it self at the intended target. Additionally, this is a safe haven for criminals – What? You mean criminals can translate / mask their identity address x number of times making it nearly impossible to track back to the source or Phishing site – yup!

And what about those lagging gaps when talking over VOIP. Speaking over an IP circuit sometimes produces breaks in the conversation – why does it do that – it’s definitely not as good as a wired analog line? Well, quite frankly VOIP traffic looks the same as all IP traffic, with no such thing as priority IP packet shipping and added tax of layers of proxy servers the whole things gets a bit messy.

Aside from the scary aspects, lets get to the practical side of managing the change and what this means to corporations and opportunities for security companies. Don’t go too crazy -- bridges are already built managing the traffic between IPv4 & IPv6, so companies can still operate over IPv4 – BTW, no IPv5 exists. However, the real challenge is to take advantage of the features and benefits of IPv6. Like being able to identity each device on the network individually – or a hottub, automobile, cell phone, or home PC (trusted edge!), etc. Each device will have a unique identity / IP address no longer requiring proxy translation, so you get smooth sailing throughout the network, or how about a speed lane for priority traffic like voice and video packets.

This represents huge opportunities for emerging technology & security companies, especially startups whose development efforts are typically first in Go-To-Market schemes with products & services that no one else can claim. And the flip side, huge expense that corporations would rather not undertake.

So what’s the big change? Virtually all data networks are based on Internet Engineering Task Force (IETF), IPv4 and not only tie in the network protocols but all the interdependent Application Programming Interfaces (API’s) i.e. LDAP! – are your light’s blinking yet! It’s not an incremental update; it’s a complete stack replacement.

Why now? During the 90’s an explosion of internet device reveled limitations in IPv4, hence the need for NAT – Network Address Translation servers mapping and chaining IP addresses. This is no longer the case with IPv6 addressing schemes are now going from 32 to 128 bit. In addition, IETF made the administration easier to configure and manage networks, so we have a lot of good news to work with here. Mobility is especially enhanced, and if you look at any of the current IP projections & trends you know mobility is a key growth segment for services over the next five years. Other areas, phones, appliances, industrial, audio, video can now be IP enabled.

What is Microsoft doing in this space? Although not fully supported, IPv6 (Internet Protocol version 6) is ready for developer testing. Microsoft’s Customer Services and Support (CSS) will now help ISV’s with technology guidance and technical help testing IPv6 issues. The current Windows IPv6 implementations (XP SP2, Server 2003 & CE4.2) are not intended for production however does provide a test bed platform for learning, planning, development and testing. More and more Asian government contacts are mandating it as part of their check list requirements for vendors – maily because the US has 75% of the IPv4 addresses.

This migration effects network router, Ethernet based LANs, firewalls and Internet Service Providers (ISP’s) ATM & Frame Relay WANs and backbone carriers, as well as wireless carriers. To me, this has the making of a mini Y2k, however the legacy code is much more current, and therefore should be a much less burden some task of migrating & testing. Additionally, I see a huge opportunity for new services and capabilities opening up for new product & services.

For further detail see Directions on Microsoft “Independent Analysis of Microsoft technology & Strategy”

Cheers, Don.

December 20, 2005 in Web/Tech | Permalink | Comments (0) | TrackBack (1)

Xbox 360 has no favorite children…

So what does a Senior Director of Microsoft do the week before Christmas Sunday morning@ 3am – sleep? Hardly, I’m waiting in line at Best Buy, Union City New Jersey standing in position 71 out of 102, in freezing temperatures. The whole thing stated when prompted by my wife the day before seeing 52 Xbox 360 units on BB web-site shipped on 12/18 -- hoping to acquire one of the ‘season must haves’ for our 15 yr old son.

We approach the store seeing people litterly camped out in tents – where my wife jumps out of the car hoping to secure a strategic position in line before anyone else gets in -- feeling as if every person is a threat to the goal. Before I park the car, and join her in line, she share’s with her line companions that I work for Microsoft – Oh Crap! The good news is that at least they see that Xbox 360 has no favorite children -- however I had to get an ear full how Bill Gates is a bad man for not meeting the seasons demand.

We now have a small therapeutic group discussing the woes and impacts of going to catholic school, and other antidotal stories about cabbage patch doll scenarios from the 80’s. At that point 5am, I decide to go get coffee at Dunking Donuts and felt; heck – I’m in the holiday sprit and decide to go for the Box of Joe for our group and dozens of Munchkins. Needless to say, I was the line hero and befriend by all who stood by us – friend or foe. I made my contribution to humanity and coffee ultimately provided by bad Bill’s payroll. It was actually a feel good moment that defines a new story that’ll be told in the future and remembered fondly.

Suddenly , a word from the know – a yellow jacketed store manager addresses the crowd at 6am, stating they only have 46 unit available, firmly indicating; this man here wearing the Jets football Jacket is the last person guaranteed – unless folks CC don’t go through, or others short of cash. Well, we were 25+ past Jets guy, so we decided to call it a night and said goodbye to our new line friends.

Still searching….

Cheers, Don.

December 19, 2005 in Web/Tech | Permalink | Comments (0) | TrackBack (1)

Compliance – Transitioning from Lemon’s to Lemon-Aid!

Compliance means one thing to a corporation -- taxation. It’s all about managing the legislative lemons that are delta out by our government (and others) at an alarming rate. Ask any corporate executive about HIPPA, SOX, and GLB etc. They quickly have a look of fear and concern. No doubt, if neglected in any of these categories you liable for law suits or CEO prison – a different kind of pinstripes.

So how can we turn these Lemons into Lemon-aid? Well, technology can help, new innovative companies like Tizor can provide insight into vulnerabilities monitoring data streams real-time. Today companies not only cope with compliance mandates but must transition that effort into measured trust. And you know what’s printed on every dollar -- “trust”.

How does this trust lead to corporate profits? Through building trusted peer relationships across the street or around the world. Once you and your external partners can agree upon the governing rules, trust monitoring should be the key. Like back in the 80’s when Regan met with Gobechev, the catch phrase during the nuclear talks were “trust but verify”, and that’s exactly what corporations my do today. Profiting together in harmony by demonstrating trust and eliminating / exposing dangerous combinations.

Outsourcing is all the rage, but what’s happening with your (your customers) data at that site. What about the legislation governing that data, and in those country’s – can you discern today what pieces of data are venerable to your corporate health and in what countries?

If this hasn’t struck a cord within by now you’re not in the Compliance game, but if it has you know all to well that this is exactly at the heart of the issue and must be addresses if companies are to being to collaborate horizontally in Financial Services, Health Care, and Supply Chain Management.

Tizor – check’em out.

Cheers, Don.

December 17, 2005 in Web/Tech | Permalink | Comments (4) | TrackBack (1)

Sometimes you get what you need

On A quarterly basis I tabulate where the Venture Capital funding is flowing, and sort companies security taxonomies. This is by no means an endorsement of a particular trend or investment however it reveals some very interesting statistics, and surprisingly the total dollar amount invested in Security Startups in Q3 2005 is substantial.

Investment Overview;

Estimated $315M new Investment in Q3 within the Security portfolio worldwide (34) deals, with the majority of investment $257M within US companies (27) by US VC firms, and (7) international. (18) Deals were primarily early stage (Series A and B) and averaged $8M. Largest deals were Series B for $12M, some highlights Vidient Systems; Hotung Venture Capital and Tizor; Hummer Winblad Venture Partners.

Six Major Breakout Trends;

Majority (10) investments were focused on $53mm Security Content Management companies (SCM) (consisting of; Delivery, Disposal, Filtering, Security, Digital; Assets/Rights/Signatures; Encryption; PKI).
Second most active investments $34mm in (8) Identity companies (consisting of; Authentication; Authorization; Biometrics; Access Management; Protection; Single Sign-on; Smartcard; Theft).
Third (8) investments in Antivirus for $88mm (consisting of; Anti; Cheating; Spyware; Piracy; Spam; Heuristic Attacks; Mobile; Phishing; URL Filtering).
Fourth (6) investments focused on $54mm Security Event Management (SEM) companies (consisting of: Correlation & Analysis; Forensics; Intrusion Detection & Protection Systems (IDS & IPS); Vulnerability Assessments).
Fifth, and most interesting (3) investments focused on $52mm in Managed Services (consisting of outsourcing; SCM; Identity; Antivirus; SEM, etc).
Sixth investments (3) Networking companies $15mm (consisting of; Networking/Anti-Spam/Anti-Virus/Network (IDS – IPD)/VPN/Wireless).

Note worthy investments namely; Girisoft $50mm (retail Antivirus & firewall), WestTec Interactive $20mm (video surveillance), Identrus $20mm (digital identity authentication).

Data calculations derived from Venture One feed as well as referrals from other groups throughout Microsoft and deals captured under the radar scope.

Cheers,

Don.

PS. Picture taken by Sam Ramji, of me standing in front of Starbucks in the center of the Forbidden City in Beijing. I got what I needed; Vente Latte & t-shirts for the kids back home.

December 15, 2005 in Web/Tech | Permalink | Comments (1) | TrackBack (0)

Walking up the tail of the Dragon

While working with Venture Capitals and Emerging Business Security companies sometimes managing expectations is one of my most difficult challenges. Synergizing and aligning with Microsoft’s Partner Ecosystems value chain is what makes things work.

A bit tong-in-cheek, you need to keep two key things in mind; Tireless Patients and Manage Exuberant Expectations, as quoted by IDB key note speaker General Partner Sam Jadallah of Mohr Davidow Ventures. It's like walking up the tail of a dragon!

Additionally, he listed key dos and don’ts; Do’s

Relevant Progress: know who and what you are – Enterprise class or Small or Medium Size Business (SMB).
Cultivate Top priorities: organize initiatives and align your initiative with Steve Ballmer’s top 6 or 7 priorities and game plan – this is public information.
Aligning yourself with priorities get you to jump in front of the parade. Field Contacts: Who’s motivated by your success, could be revenue pull through, or Systems Integrators.
Partnerships with aligned goals are critical for success.

Don’ts

Thinking your going to be bought by Microsoft: It happens but so does stories about people getting hit by lighting – it’s rare.
Focus on closing deal by a special date: is typically unrealistic and sets up everyone for a disappointment.
Microsoft brings you the first customer: I had conversation with a startup on a competitive platform wanted me to convert the platform and position the first deal. Again, highly unrealistic.
Skip the programs and go directly to Microsoft Corporate: Many Startups don’t realize that they need to go through due diligence with the appropriate program steps developing relationships with internal Microsoft advocates.

I’ve worked with many different types and personalities and witnessed first hand all of his observations and believe Sam advice is spot-on. Following a prescribed sequenced steps, building relationships, working the ecosystems and taking advantage of programs, greatly improves the odds now in your favor to accelerate deals and revenue.

Cheers,

Don.

PS. My first published Art work -- Dragon pencil sketch, hopw it's not too scary :)

December 15, 2005 in Web/Tech | Permalink | Comments (0)

InfoSecurity event – What’s at Risk? & Beyond Fear.

Last week I attend the Info Security event at Jacob K. Javits Convention Center in New York City – an awesome forum for Security professionals to get a handle on the latest defense against vulnerabilities. As you may already know I work for Microsoft overseeing 340+ Emerging Security companies who are typically Ventured backed, either contributing directly to Microsoft Partner ecosystem or believe or not complements our platform with competitive operating systems and languages.

Of special interest was two key note speakers; former US Sectary of the Department of Homeland Security Tom Ridge and Founder of Counterpane Internet Security Bruce Schneier, author of his lattes book Beyond Fear.

Tom Ridge’s speech was focused around the five aspects of driving a secure homeland starting with personal responsibility, governments, enterprises / corporations, coordination and Information technology Security. He made his point clear that these ingredients combined are necessary to have complete confidence going forward – he was a bit formal, however actually a very captivating speaker worth listening to.

Schneier_web Bruce Schneier was a bit more animated, as he approached the stage actually leaping vertically 5ft to the podium, sporting a 3 ft ponytail – I knew we were in for a wild ride with that entrance. Bruce took a more pragmatic approach describing the challenges that the audience was facing on a day to day basis within their profession.

*******************************************************************

10 trends;

Economic Value - protection must match the asset value.
Network as Critical - is part of the computing value chain & vulnerability.
Third Parties Controlling Information – i.e. financial information is kept by suppliers.
Criminal are on the Internet - shift from hobbyists to criminals.
Ever increasing Complexity - complexity is faster than security.
Slower Patching and Faster Exploits – orchestration is formalized: i.e. Microsoft Patch Tuesday.
Sophistication of Automated Worms– i.e. polymorphic / morphic worms.
Un-trusted Worthiness of Endpoints – Bruce’s Mom’s PC is the culprit: confession pending.
End user as the Attacker – Botnetworks!
Regulatory Pressure – putting the punitive fines where the control is.

General observations;

- Things are getting worse not better – primarily due to speed & complexity.

- Non technical aspects of security; Political / Social / Economic

- Political pressure is the key: punitive damages & suing.

- Economics not computer science: aligning interaction & economics.

- Externalities leveling: $$ + effort investment = security investment.

- Who’s really exposed, it may not be the one who has the control.

- Tradeoffs & Interests: it will change every six months.

The event was great worth the $$, and met many of the companies that work with on a day to day basis (was like speed dating) and look forward to writing about in the near future.

Cheers,

Don.

December 15, 2005 in Web/Tech | Permalink | Comments (0)

Another cool company I work with is Ping Identity when you feel like the business of Security is becoming increasingly complex, virtual and decentralized Ping can simplify your world. Real-time management of relationships with employees, contractors, partners, suppliers, and customers is becoming ever more crucial. Even within a single company, applications may reside on different platforms, in separate departmental security domains, in legacy databases derived from prior acquisitions, or in separate organizations thanks to outsourcing. As seamlessly gaining access to distributed resources--including applications--that reside beyond corporate firewalls becomes increasingly vital; the ability to manage identity effectively becomes a paramount concern. Web services, which have the potential to enable even greater interoperability and business integration, only magnify the challenge. Ping makes it easy and is now hooked up with Microsoft's (MSFT) InforCard product Group bring simplicity to implementation. Check out Kim Cameron's Web-Blog on the subject.

December 02, 2005 | Permalink | Comments (1)