Posted by Joe Franscella, 3-5-2010:

Again, I had an excellent, educational experience at the RSA Conference. I run into editors, bloggers and analysts I know from time to time at the show and always ask them the same question, anything new, exciting or cutting-edge? Invariably, I get yes and no responses but this year I think I heard more say they were excited about the fact that innovation is starting to creep back into the game. At around 11 Tuesday night, I ran into Richard Stiennon crossing Howard Street, he was with an MSP friend of his and during our brief conversation he mentioned a few of the more “interesting” vendors he had come across. I look forward to reading his complete thoughts on them when he publishes.

Again, I had the privilege or shooting video during the Executive Women’s Forum party at the W Wednesday night. This year I had the chance to interview three of some of the world’s most well known players in the Cloud and Cloud security game. On camera, each were asked what is the Cloud and can it be secured? The answers were stunning, I got back a technical, business and metaphoric description — I’m pleased to be able to say that my hours of research have paid off as the definitions weren’t far from my own conclusions I had made prior to talking with them. Next week, I will be posting the video.

Rake Narang of Info Security Product’s Guide visited two Trainer Communication’s clients’ booths at RSA, Secure Passage and PacketMotion. Each did an excellent job at quickly and comprehensively telling their company’s stories:

Click here to view the embedded video.

Click here to view the embedded video.

Back in August, the New York Times published an article written by Ellen Messmer out of IDG’s Network World, titled: Security Start-Up Rohati Extends Access-Control Gear to the Cloud.
In it, she says that John Burke of  Nemertes Research stated:

….Nemertes in its research has found that fewer than 5% of organizations today have any type of funded cloud initiative.

Interesting to see how fast that’s going to change. In only a couple short months analysts have predicted that spending on cloud services will account for 10 percent of IT budgets by 2013, making up a whopping $44.2 billion in total IT spend (not that the $9 billion to be spent this year is chump change). This was pointed out by Dave Rosenberg on his CNET blog ‘Software Interrupted, where he wrote:

If public cloud services will be 10 percent of all IT money spent [by 2013], that represents a blisteringly fast growth rate. And while we certainly don’t wish the recession to continue, it’s interesting to see how companies have adapted their IT plans to take advantage of services that require far less capital expenditure.

CNET Graphic Showing Cloud Computing IT Spend by 2013

Evolution of the “Cloud” – 1.) Buzzword, 2.) Chris Hoff is snatched up by Cisco, 3.) Obama open’s Cloud store, 4.) $44 billion by 2013, 5.) Reality

Other thoughts recently thunk: I thoroughly enjoyed Forbe’s Lee Gomes’ led coverage of the next Silicon Valley God Rush – Virtualization. I especially enjoyed the Nemertes contribution from Andreas and John: The Virtualized Desktop. As a PR guy with a special interest in the intrigue of digital security, I also enjoyed Andy Greenberg’s piece: Virtualization’s Real Security Problem: Sprawl.

Couple new blogs I’ve added to my roll lately:

Gary’s Blog (Nimsoft CEO Gary Read)

Tales from the Si Valley Front (Ken Rutsky)

“There is hacking,” says Legge. “Hackers are coming after the electrical grid all the time.” (Ed Legge is pokesman for the Edison Electric Institute (EEI), an association representing about 70 of the largest utilities which generate the bulk of the nation’s electricity through complex swatches of eastern- and western-distribution grids and management and control points called Independent System Operators)

What the security vendors said:

“The whole grid going down is the hardest one to believe,” says Eric Knight, senior knowledge engineer at Log Rhythm, noting the Wall Street Journal article lacked sufficient information “about why we should be panicking, per se.”

“This should come as a surprise to no one,” says Patrick Peterson, chief security researcher at Cisco, adding, “The truth is slowly coming out.”

Shane Buckley, CEO at Rohati, says he’s worries that “a number of utilities outsource development to Eastern Europe, Russia and China,” and cyberspy attacks could originate through outsourcing. (Disclaimer: I represent Rohati).

These stories hit hard and fast but I doubt they are over. It will be interesting to see how this plays out.

Network World’s Tim Greene launched his Cloud Security Alert newsletter today with a look at What is a cloud? Wrote Tim:

“So the cloud is a physical place, perhaps owned and controlled by some other entity, and it contains computing resources that are available pretty much on demand for a price. Simple enough, but there are plenty of variations.”

He goes on to explain it further, leaving the reader with a basic deffinition, something of value in today’s (excuse me for this nest description) “foggy cloud environment.”

In terms of cloud deffinitions, I also like the one in Gartner’s 2008 paper: Tutorial for Understanding the Relationship Between Cloud Computing and SaaS

In the paper, Gartner defines cloud computing as: a style of computing where massively scalable ITenabled capabilities are delivered as a service to external customers using Internet technologies. One IT-related function can be a software application. If the software application is written in such a way that it is “massively scalable,” then SaaS is considered a form of cloud computing (SaaS).

Posted by Joe Franscella

When learning about the system, the first thing that stuck out to me was how primitive, from a technological standpoint, it was. There were no alarms that alerted the power company when the power went out, it relied on calls from end users; the ultimate advance in handling downed high voltage power lines were rubber gloves and boots; and meters were still being read by service men and women who traveled door to door.

Deregulation was really what began to kick off a technological revolution in the industry and the Internet became the vehicle that allowed the market to be open to independent power and services vendors. California created the Independent Systems Operator (CalISO), a wholesale power clearinghouse that HQ’s in a state-of-the-art control center no doubt built on an IP infrastructure, independent technology vendors began to flood the market with “cost-effective” meter reading devices that operated through cellular relays and the Internet, and companies like Enron and Duke Energy played on the wholesale market through Internet-based trading floors. Fast forward to 2000, I was out of the power industry but heavily immersed in the middleware business as a communications manager for a major supplier. In addition to providing EAI for ERP vendors like SAP, one of the company’s primary markets was energy. It supplied much of the middleware that integrated trading applications.

In ’97 and 2000, the world was abuzz with integration and Internet-enabled technologies that were fueling the IT revolution for sure; no one was talking about security though. I can distinctly remember PeopleSoft’s (now Oracle) VP of marketing talking about the importance of 8′s pure HTML design during the big launch, but I can’t once recall him mentioning security.

Fast forward to today. The Wall Street Journal, CNN, Network World, CNET and SC Magazine have all printed features about a recent report that points out that cyber spies have infiltrated the US power grid via the Internet, leaving behind software (malware and bots I guess) that can feed back information and even allow them to disable the system.

As a communications manager with a power company in ’97, I read through hundreds of pages of deregulation related materials, as a communications manager with a middleware company I was immersed in Internet-based EAI daily, I can say with some degree of confidence that no one saw the security threats coming.

It will be interesting to see where this story heads. Could this be what sparks the next Microsoft-sized technology innovation wave? If a bot, malware, worm or something along these lines leads directly back to a foreign government’s intelligence agency, will that be what really forces technology to develop based on security first? It’s one thing to hack a defense system and get some information about defensive strategy of weapons development, being able to shut down the power is an entirely different matter. Imagine, all of the sudden, the power supply to Manhattan, San Francisco, Chicago, LA and Dallas shutting down – all at the same time. Remember the Road Warrior sequel Mad Max Beyond Thunder Dome — who really rules Bartertown?

Posted By Joe Franscella