Embed Size (px)
Citation preview
THE BUSINESS VALUE OF TECHNOLOGY
4 lessons from elite CIOs 10 | Runaway cloud costs 14 | Who’s really a ‘software engineer’? 34 | Cisco’s compelling cloud plan 38 | What to learn from vendor M&As 40
JUNE 25, 2012
[PLUS]HOW TO AUTOMATE PRIVATE CLOUDS p.23
Are you listening? With sentiment analysis, companies can snatch important customer insights from social networks and websites. p.17By Doug Henschen
People Are Talking
Copyright 2012 UBM LLC. Important Note: This PDF is provided solely as a reader service. It is not intended for reproduction or public distribution. For article re-prints, e-prints and permissions please contact: Wright’s Reprints, 1-877-652-5295 / [email protected]
12
COVER STORYSentiment AnalysisCompanies can now snatchimportant insights from socialnetworks and websites, butthey’ll need new tactics
12 Hadoop’s Many FlavorsThree vendors show where thedata management tool is headed
13 Big Data Analytics Vs. Old-School BITwo startups make the case fornext-gen analytics
Windows 8, Meet Windows 7Microsoft shows new OS can runinstances of previous versions
14 Cloud’s Runaway CostsCost overruns are one of IT’sbiggest worries about the cloud
[QUICKTAKES]
CONTENTSTHE BUSINESS VALUE OF TECHNOLOGY
17
informationweek.com June 25, 2012 1
June 25, 2012 Issue 1,337
Join us at our annual conference to hear a rangeof speakers, including Ford CTO Paul Mascarenasand Union Pacific CIO Lynden Tennison.informationweek.com/conference
Sept. 9-11 at the St. Regis Monarch Beach,Dana Point, Calif.
upcoming events InformationWeek 500
2 June 25, 2012 informationweek.com
23 Automating The Private CloudAutomation isn’t easy, but without it,you’ll never get self-service, self-healing,or the full savings from private clouds
26 VM Security Beyond VMwareIt’s time to tackle servervirtualization vulnerabilities
30 Phish Isn’t SpamPhishing is more dangerous, so treatit that way
34 Software Engineers All!Isn’t that what we’re really doing?
Contacts6 Editorial Contacts6 Advertiser Index
37 Business Contacts
4 Research And ConnectInformationWeek’s reports, events,and more
7 FeedbackReaders’ views on SAP hype andOracle FUD
8 CIO ProfilesAlways have “belt and braces,” thistech chief learned in the U.K.
10 Global CIOFour elite CIOs share insight withacademics on the future of IT
38 Practical AnalysisIt looks as if Cisco really does listento customers
40 Down To BusinessWhat M&As say about your tech vendor
[CONTENTS]
INFORMATIONWEEK (ISSN 8750-6874) is published 22 times a year (once in January, July, August, and December; twice in February, March, April, May, June, and September; and three times in October and November) by UBM
LLC, 600 Community Drive, Manhasset, NY 11030. InformationWeek is free to qualified management and professional personnel involved in the management of information systems. One-year subscription rate for U.S. is $199.00;
for Canada is $219.00. Registered for GST as UBM LLC. GST No. 2116057, Agreement No. 40011901. Return undeliverable Canadian addresses to Pitney Bowes, P.O. Box 25542, London, ON, N6C 6B2. Overseas air mail rates are:
Africa, Central/South America, Europe, and Mexico, $459 for one year. Asia, Australia, and the Pacific, $489 for one year. Mail subscriptions with check or money order in U.S. dollars payable to: INFORMATIONWEEK. For subscription
renewals or change of address, please include the mailing label and direct to Circulations Dept., INFORMATIONWEEK, P.O. Box 1093, Skokie, IL 60076-8093. Periodicals postage paid at Flushing, NY and additional mailing offices.
POSTMASTER: Send address changes to INFORMATIONWEEK, UBM LLC, P.O. Box 1093, Skokie, IL 60076-8093. Address all inquiries, editorial copy, and advertising to INFORMATIONWEEK, 600 Community Drive, Manhasset, NY 11030.
PRINTED IN THE USA. .
It’s easier than ever to get the
business technology news you
need with our iPad app.
informationweek.com/ipadapp
Download Our Free iPad App
8
4 June 25, 2012 informationweek.com
Meet Threats Head-OnConsidering an in-house threat-intelligence program? Weexamine staffing, costs, and the necessary tools.
informationweek.com/reports/threatintel
What’s In Windows 8In its latest OS, Microsoft has boostedthe capabilities of Hyper-V, streamlinedmanagement, and made other changesthat IT will appreciate. But Windows 8faces hurdles on PCs and mobile devices.
informationweek.com/reports/win8
Cloud OptionsIf you’re willing to dispense with traditional applicationhosting models, there are many pure cloud software op-tions worth considering.
informationweek.com/reports/privstacks
Strategic SecurityWhen it comes to security, don’t try to address every pos-sible threat. Pick your battles.
informationweek.com/reports/2012secsurvey
Decentralize For SavingsIT can’t maintain absolute control over highly virtualizedinfrastructures. Institute a smart role-based control strat-egy to decentralize management.
informationweek.com/reports/delegation
Room-based videocon-ference systems don’tconnect to desktops,new and old systemsdon’t integrate, and al-most nothing connectsto Skype. This Informa-tionWeek digital issue
explains how we can do better. Also in this issue: how thecloud and mobility will transform videoconferencing.informationweek.com/gogreen/060612s
More InformationWeek[ ]The IT Rules Have ChangedAt this year’s InformationWeek 500 Conference, execs willdiscuss how they’re rewriting the old IT rulebook. At theSt. Regis Monarch Beach, Dana Point, Calif., Sept. 9-11.
informationweek.com/conference
What’s Next In HealthcareIn this InformationWeek Healthcare virtual event, expertswill discuss how to move electronic health record systemsbeyond the basics. It happens July 31.
informationweek.com/hc/ehrevent
Keep Your Company SafeBlack Hat USA features technical training and presenta-tions on the latest security issues. In Las Vegas, July 21-26.
blackhat.com
Let The News Find YouGet the news topics you follow delivered to your inbox.
informationweek.com/getalerts
Get our 800-plus reports atreports.informationweek.com
Never MissA Report
>> Alternative AppDeliveryinformationweek.com/reports/altapp
>> How Attackers Exploit Database Vulnerabilitiesinformationweek.com/reports/exploitdata
>> Monitoring Privileged User Access informationweek.com/reports/useraccess
>> Get More Value From Security Log Data informationweek.com/reports/logvalue
>> Innovation Mandate Coming July 9
>> Integrate Security Into Operations Coming July 9
Resources to Research, Connect, Comment
Follow Us On Twitter And Facebook[ ]
Get Our Latest Digital Issue[ ]@informationweek fb.com/informationweek
LinksInformationWeek ReportsTake a deep dive with these reports[ ]
Please direct all inquires to reporters in the relevantbeat area.
IndexFor Advertising and Sales Contactsgo to createyournextcustomer.com/contact-us or call Martha Schwartz (212) 600-3015
[ ]
Copyright 2012 UBM LLC
All rights reserved.
informationweek.com6 June 25, 2012
Rob Preston VP and Editor In Chief, [email protected] 516-562-5692
John Foley Editor, [email protected] 516-562-7189
Chris Murphy Editor, [email protected] 414-906-5331
Art Wittmann VP and Director, Reports, [email protected] 408-416-3227
Laurianne McLaughlin Editor In Chief, InformationWeek.com, [email protected] 516-562-7009
Stacey Peterson Executive Editor, Quality, [email protected] 516-562-5933
Lorna Garey Content Director, Reports, [email protected] 978-694-1681
Fritz Nelson VP, Editorial Director, [email protected] 949-223-3608
Eric Lundquist VP and Editorial Analyst, InformationWeek BusinessTechnology Network, [email protected] 978-289-7306
David Berlind Chief Content Officer, TechWeb, [email protected]
REPORTERSDoug HenschenExecutive EditorEnterprise [email protected] 201-660-8467
Charles BabcockEditor At LargeOpen source, infrastructure, [email protected] 415-947-6133
Thomas ClaburnEditor At LargeSecurity, search, Web [email protected] 415-947-6820
Paul McDougall Editor At LargeSoftware, IT services, [email protected]
Andrew Conry-Murray Editor At Large Information and content [email protected] 724-266-1310
J. Nicholas Hoover Senior EditorGovernment IT, cybersecurity, federal IT [email protected] 516-562-5032
Eric Zeman Mobile, wireless [email protected]
CONTRIBUTORSMichael Biddick [email protected]
Michael A. Davis [email protected]
Jonathan Feldman [email protected]
Randy George [email protected]
Michael [email protected]
Kurt Marko [email protected]
EDITORSJim Donahue Chief Copy Editor [email protected]
ART/DESIGNMary Ellen Forte Senior Art Director [email protected]
Sek Leung Associate Art [email protected]
INFORMATIONWEEK REPORTSreports.informationweek.com
Art Wittmann VP and Director [email protected] 408-416-3227
Lorna GareyContent Director, Reports [email protected] 978-694-1681
Heather Vallis Managing Editor, Research [email protected] 508-416-1101
INFORMATIONWEEK.COMPaul TravisManaging Editor [email protected] 516-562-5217
Roma Nowak Senior Director, Online Operations and Production [email protected] 516-562-5274
Tom LaSusa Managing Editor, Newsletters [email protected]
Jeanette Hafke Web Production Manager [email protected]
Joy Culbertson Web Producer [email protected]
Nevin BergerSenior Director, User Experience [email protected]
Steve Gilliard Senior Director, Web Development [email protected]
INFORMATIONWEEK VIDEOinformationweek.com/video
Fritz Nelson Executive Producer [email protected]
INFORMATIONWEEK BUSINESSTECHNOLOGY NETWORKDarkReading.comSecurityTim Wilson, Site [email protected]
NetworkComputing.comNetworking, Communications, and StorageMike Fratto, [email protected]
InformationWeek GovernmentJohn Foley, [email protected]
InformationWeek HealthcarePaul Cerrato, [email protected]
InformationWeek SMBTechnology for Small and Midsize BusinessPaul Travis, Site [email protected]
Dr. Dobb’s The World of Software DevelopmentAndrew Binstock, Editor In [email protected]
InternetEvolution.com Future of the InternetTerry Sweeney, Editor In [email protected]
READER SERVICESInformationWeek.com The destination forbreaking IT news, and instant analysis
Electronic Newsletters Subscribe to InformationWeek Daily and other newsletters at informationweek.com/newsletters/subscribe.jhtml
Events Get the latest on our live events and Netevents at informationweek.com/events
Reports Go to reports.informationweek.com for original research and strategic advice
How To Contact Usinformationweek.com/contactus.jhtml
Editorial Calendar informationweek.com/edcal
Back IssuesE-mail: [email protected]: 888-664-3332 (U.S.); 847-763-9588 (outside U.S.)
Reprints Wright’s Media, 1-877-652-5295Web: wrightsmedia.com/reprints/?magid=2196 E-mail: [email protected]
List Rentals Specialists Marketing Services Inc.Phone: (631) 787-3008 x3020 E-mail: [email protected]
Media Kits And Advertising Contactscreateyournextcustomer.com/contact-us
Letters To The Editor E-mail [email protected]. Include name, title, company, city, and daytime phone number.
SubscriptionsWeb: informationweek.com/magazine E-mail: [email protected] Phone: 888-664-3332 (U.S.) 847-763-9588 (outside U.S.)
ADVISORY BOARD
Dave Bent Senior VP and CIO, UnitedStationers
Robert Carter Executive VP and CIO,FedEx
Michael Cuddy VP and CIO, ToromontIndustries
Laurie Douglas Senior VP and CIO, Publix Super Markets
Dan Drawbaugh CIO, University of Pittsburgh Medical Center
Jerry Johnson CIO, Pacific Northwest National Laboratory
Kent Kushar VP and CIO, E.&J. Gallo Winery
Carolyn Lawson CIO, Oregon Health Authority
Jason Maynard Managing Director, Wells Fargo Securities
Denis O’Leary Former Executive VP,Chase.com
Randall Mott CIO, General Motors
Steve Phillips Senior VP and CIO, Avnet
M.R. Rangaswami Founder, Sand Hill Group
Manjit Singh CIO, Las Vegas Sands
David SmoleyCIO,Flextronics
Peter Whatnell CIOSunoco
APC by Schneider Electric www.apc.com . . . .11
Box www.box.com . . . . . . . . . . . . . . . . . . . . . . . . .15
Brosix www.brosix.com . . . . . . . . . . . . . . . . . . . . .29
Cisco www.cisco.com . . . . . . . . . . . . . . . . . . . . . . .39
CommVault www.commvault.com . . . . . . . . . . .27
dtSearch Corp. www.dtsearch.com . . . . . . . . . .34
FairCom www.faircom.com . . . . . . . . . . . . . . . . .32
Gimpel Software www.gimpel.com . . . . . . . . . .36
Hewlett-Packard www.hp.com . . . . . . . . . . . . . . .9
Housing Authority of the City of El Paso . . . .29
IBM www.ibm.com . . . . . . . . . . . . . . . . . . . . . .C2, C4
InterSystems www.intersystems.com . . . . . . . .C3
Kaplan University www.kaplan.edu . . . . . . . . . .16
Perforce www.perforce.com . . . . . . . . . .31, 33, 35
Radiant Logic www.radiantlogic.com . . . . . . . . .3
SMS Memory Module Assembly . . . . . . . . . . . . . .
www.smsassembly.com . . . . . . . . . . . . . . . . . . . . .29
Wells Fargo www.wellsfargo.com/securities . . . .5
Print, Online, Newsletters, Events, Research
June 25, 2012 7
SAP Hype Vs. Oracle FUDLet’s get to the facts in the war ofwords around SAP’s Hana and Oracle’sExalytics platforms. —Doug Henscheninformationweek.com/1334/sap
I don’t think there are many peoplescreaming about the need for mil-lisecond response times from onlinetransaction processing workloads, es-pecially in SAP’s core industrial andretail accounts. In your average tiremanufacturer or packaged goodscompany, there are no “transforma-tional” effects of getting 0.01-secondinstead of 0.24-second responses toqueries. It’s kind of a solution insearch of a problem.
Another issue that concerns peo-ple about Hana is that SAP seems tobe pursuing an Oracle “own thestack” strategy. Originally, it was anERP pro vider, then it added Net -Weaver and became an applicationserver and middleware provider,then it added business intelligenceand data warehousing. Now it hasSybase and Hana and is becoming adatabase provider.
SAP says that it will be an openprovider and preserve choice, but itwill have a great deal of power overaccounts that are SAP from databasethrough applications. —Sam I.
Businesses really are screaming forreal-time access to online transactionprocessing data. This has alwaysbeen problematic, and the pain runsdeep. —Anonymous
Social Collaboration:A Work In ProgressImproving collaboration continues totop executive priority lists, so let’s re-visit whether they’re using the righttools and techniques. —Rob Prestoninformationweek.com/1334/preston
Platform vendors such as Jive, Yam-mer, and Cisco sell a set of blue-skybenefits to customers. These benefitscan be realized, but to actuallyachieve them, you have to do morethan just roll out social networkingand tell everyone to use this wonder-ful new collaboration tool.
The rollout of these new toolsneeds to be treated as a change pro-gram. You’re asking people to changethe way they work. A few onlinevideos won’t do it. And, sorry to saythis, but this requires investment inboth money and time.
I’m a strong supporter of these newplatforms, and I think they’re going tochange the way we all work. But com-panies must understand that they’llhave to make investments to realizetheir full benefits. —Guy Thackray
Time to take a page out of W. Ed-wards Deming’s playbook and buildgovernance that lets teams securelyimplement the collaboration toolsthat best suit them. All too often, thereason given to not do this is “risk,”but a project that nobody uses carrieswith it the opportunity cost of notdoing something else that wouldhave worked (measured in both timeand capital). Yes, supporting multipleplatforms isn’t something CIOs want
to do, but you can’t collaborate un-less you’re using the tool or systemthat best fits. —Paul Calento
HP’s Identity ProblemA little more guidance on Hewlett-Packard’s long-term vision would goa long way right now, with customersand investors. —Art Wittmanninformationweek.com/1336/wittmann
Unfortunately for HP, I quit buying andrecommending HP equipment a longtime ago, when it became apparentthat it had lost sight of what kind ofcompany it was and who could lead itproperly. Its products were no longeraligned with customers’ needs, and itssoftware became just plain cludgy andbuggy. In short, it quit caring about theeveryday customers, HP products havemore issues than most, and there is alack of focus on the middle market.
I knew long before it disclosed to theworld that HP was no longer interestedin the PC and printer markets. It wasjust plain obvious. —AustinIT
Why The CIO Position Is In JeopardyDisruptive market forces generatedby IT are now turning on IT’s build -ers and managers. The number ofCIOs will decrease during the nextfive years. —Larry Tiemaninformationweek.com/1337/tieman
Most businesses, both large andsmall, depend heavily on a solid ITstrategy to survive. The skill andknowledge of a good CIO can rarelybe supplanted by a COO, CFO, orother top non-tech executive. I sim-ply don’t see the CIOs disappearing.Quite the contrary—as we all becomemore dependent on the computer,the need for the strategic IT guru willgrow, not diminish. —MLRJ
Write to us at [email protected]
8 June 25, 2012 informationweek.com
Career TrackHow long at Echo Global Logistics:About five years.
Most important career influencer:The biggest influence on my careerwas an industry, not a person. Ispent 10 years of my IT career inthe equity market side of financialservices in London and New York.We had a saying back then that I’vekept using: Always have “belt andbraces.” It’s a British expression thatmeans always overplan or have abackup for your backup. I incorpo-rate this way of thinking across allaspects of IT.
Decision I wish I could do over: I took a CIO job for a manufactur-ing company that had a brilliantpiece of software that it wanted totake to market. Once I arrived, itbecame obvious that there wasn’tenough appetite for the time,money, and resources required to dothis successfully. This was a greatlearning experience and taught meto dig deeper into business plansand projects before jumping in.
On The JobTop initiatives:>> Completion of our service-ori-ented architecture migration for allour platforms ensures that continu-ous and rapid development of newclient-requested data, services, andfunctions are easily supported. Echo’sSOA will continue to support ourgrowth and scale well into the future.
>> We’ll extend the function andreach of our technology and ser -
DAVID ROWECTO, Echo Global Logistics
Favorite sports teams: Chicago Bullsand Blackhawks—they’re scrappy andentertaining
Favorite president: Franklin D. Roosevelt; he guided us through theGreat Depression and a world war, andfought serious illness while remainingoptimistic
Smartphone of choice: I love thespeed, openness, and connectivity ofthe Android OS and HTC platforms
If I weren’t a tech chief, I’d be ... abeer brewer—brewing beer is a greathobby, and maybe I could make moneyat something I’m passionate about
vices to our clients and vendors viaexpansion of mobile applicationsand Web services.
How I measure IT effectiveness:At a high level, I look at metricssuch as user satisfaction, sales winsover our competition, the cost of ITas a percentage of gross profit, andser vice-level agreements. At a de-tailed level, we have tools, dash-boards, and reports that let usmeasure just about everything: ser -vices and database performance,application response times, transac-tional volumes, and much more.
VisionLesson learned from the recession:Always be ready for rapid changeand be able to make difficult deci-sions quickly. Know what your fi-nancial, corporate, team, and per-sonal priorities are, and what’srequired to support them. This disci-pline helps you focus on what drivesyour business in good and bad eco-nomic times.
What the federal government’s toptechnology priority should be: Thesecurity of national and corporatedata and information is paramount.Digital warfare could impact bothcorporate profits and national secu-rity. The impact to the U.S. throughthe loss of intellectual property andcapital is immeasurable.
Kids and technology careers:I would definitely steer my niecesand nephews toward a career intechnology. Technology is key toour future.
CIOprofiles Read other CIO Profiles at informationweek.com/topexecs
Ranked No. 52 in the 2011
10 June 25, 2012 informationweek.com
If you’re hosting a CIO panel discus-sion, getting execs from three For-tune 200 companies and one $4 bil-lion-a-year nonprofit hospital group
is a great start. But a recent panel I mod-erated also had a focused mission: toshare real-world IT trends with academ-ics, to help them figure out how to pre-pare the next generation of IT leaders. The panel kicked off the 50th annual
meeting of the Association for Com-puting Machinery’s Special InterestGroup on Management InformationSystems, held at Marquette Universityin collaboration with the local Societyfor Information Management chapter.Here are four ideas from that discus-sion that stood out for me.
It’s OK To Talk Tech NowAs CIO of Northwestern Mutual Life,
Tim Schaefer has long met withNML financial advisers. Just afew years ago, many of themwould almost apologize toSchaefer while explainingthey weren’t that into tech-nology. Today, however,they’re jumping in with ideasfor what NML should do next,suggesting apps and pulling Schaeferinto discussions. One big reason is theiPad. Unlike a laptop, the iPad is a com-fortable, unobtrusive device to use withwould-be customers amid conversationsabout investments and financial goals. Johnson Controls CIO Colin Boyd de-
scribed his team’s work on digitalscreens to put in the automotive aisle ofretail stores, so people can easily look upwhich car battery they need. The busi-ness need? About half of returns resultfrom people buying the wrong battery. Doing this kind of work moves tech
from the overhead expense category intothe revenue-driving realm. Schaefer
noted that IT organizations used tospend a lot of time hiding the technologyneeded to meet business goals andavoiding talking directly about tech.Now that technology faces the customer,“I’m in all kinds of settings where Iwould never expect the conversation toturn to technology, and it does,” he said.
The IT Career Path Is SplinteringSince our session focused on educat-
ing the next generation of tech leaders,we talked a lot about IT careers. All fourof these CIOs came up through the pro-gramming ranks. At that time, entry-level jobs at IT organizations weren’tradically different from those at techvendors. Today, “I think you have to cat-egorize different types of IT,” Boyd said. He articulated three categories. One is
end user companies, like the four repre-sented on the panel. Johnson Con-
trols IT pros rarely write code,Boyd noted; they integrateand apply it. Another is ITproviders and creators—theMicrosofts and Googles ofthe world, and the IT out-
sourcers—where people willcontinue to write code from
scratch. A third, growing area encom-passes those who provision and run IT,operators of the data center infrastruc-ture for cloud services and Web apps. Aurora Health Care CIO Philip Loftus
worries that it will be hard for IT pros toshift among tech tracks, as he did duringhis early days at drugmaker AstraZeneca,if application building and infrastructureare at different companies. Well-roundedtechnologists may become harder to find.
Cloud Requires A Mindset Change ManpowerGroup CIO Denis Ed-
wards said his people are scared todeath of cloud computing, worried it
will shift more IT operations outsidethe company. So Edwards first reassuresthem that companies still need ITknowledge to understand the complex-ity going on in cloud infrastructure. Buthe also insists that his team recognizewhere the cloud makes sense. Man-power does a lot of Web app proto-types, which can make great use of thecloud’s variable capacity. “If I’m doing aproof of concept today, you’re going tohave to really prove to me why wewouldn’t do this with Google or Ama-zon or somebody else,” Edwards said. Schaefer at NML doesn’t think the
big transformation comes from cloudinfrastructure. Instead, he wants histeam talking with business partnersabout the effect of iCloud and similarservices: “If I become accustomed togetting information and capability any-where, anytime on any device, andeverything is synced for me without mehaving to do an awful lot of work tomake that happen, what does thatmean about what we have to deliver forpeople to feel productive?” he said.
IT Isn’t On AutopilotThe last question from the audience
was what CIOs worry about. All fourCIOs agreed on recruiting the rightpeople. But they also agreed with aworry raised by Boyd—that tech hasbecome so critical to daily operations,IT needs to move into a “zero outage,never down” mindset. “You can haveinfinite budgets, and that’s technicallytoday still a huge, monumental chal-lenge,” Boyd said. And the pressure tobe perfect will only grow as IT keepsmoving closer to the customer.
Chris Murphy is editor of Infor ma tion -Week. Reach him at [email protected] or on Twitter: @murph_cj.
Lessons From 4 Elite CIOsG
L O B A L C I OG
L O B A L C I O
By Chris MurphyglobalCIO
Hadoop has grabbed busi-ness IT’s interest of late be-cause of its flexibility. It’s amassively scalable data
management and analysis environmentthat can handle many different datatypes without the complicated trans-formations and schema changes re-quired to load diverse data into a con-ventional relational database.But a look at the service and support
vendors behind open source Hadoop,and the upgrades and new featuresthey touted this month, shows justhow new a market this is. Here’s a Twitter-sized summary of
three of the most important Hadoopvendors: Cloudera is the market shareleader, Hortonworks is pitching a play-it-safe release for enterprise IT follow-ers, and MapR is an upstart blendingopen source and proprietary softwarefor better performance. Here are more details on what each
is doing to support Hadoop.
Cloudera Tackles ReliabilityCloudera is taking firm aim at enter-
prise IT shop with two new releases, itsfourth-generation distribution of opensource Apache Hadoop software
(CDH4) and its proprietary systemmanagement software (Cloudera Enter-prise 4.0). CDH4 is based on Apache’sHadoop 2.0 release, which includesupgrades for high availability, im-proved security. and a hot failover forthe NameNode (metadata server) ofthe Hadoop Distributed File System(HDFS), which has been known as asingle point of failure that made it toounreliable for many corporate tasks.Cloudera’s proprietary Enterprise sys-
tems management software promiseseasier setup and control of high-avail-ability server clusters running Hadoop.It adds heat map visualizations to flagproblem nodes in large clusters. And itadds an API to connect to conventionalsystems management software, promis-ing certified integrations with IBMTivoli, HP OpenView, and others soon.
Hortonworks Plays It SafeSpun out of Yahoo nearly a year ago,
Hortonworks has finally released its firstproduct: Hortonworks Data Platform.With it, Hortonworks plays it safe,
by sticking with Apache’s Hadoop 1.0code line. Cloudera’s CDH4 distribu-tion uses second-gen Hadoop code, inorder to get those enterprise-friendly
high-availability features. But Horton-works contends that code isn’t readyfor production use. In other words,Hortonworks is courting enterprise ITwith stability rather than new features.Hortonworks says it’s providing the
high availability and failover IT needswith VMware virtualization. Horton-works turns to open source softwarefor its systems management console,while Cloudera’s is proprietary. Lastly,Hortonworks includes open sourceTalend software for drag-and-drop dataintegration without ETL coding.
MapR’s AlternativeMapR pitches its Hadoop distribu-
tion as a high-performance alternative,replacing HDFS with a derivative of theUnix-based network file system that’shighly scalable and has high-avail -ability features. If Cloudera proves thatthe new Hadoop release solves HDFS-related outages, MapR loses a sellingpoint. But MapR has another edge in new
ties to Amazon. Anybody can run soft-ware in Amazon’s cloud, but MapR isnow the only Hadoop distributionavailable as part of Amazon’s ElasticMapReduce service. There are no authoritative stats on
Hadoop use. Best guesses are that thereare many thousands, perhaps even tensof thousands, of companies runningunsupported on free distributions,counting the tire kickers. But even formarket leader Cloudera, its last officialreport claimed somewhere above 100customers paying for support. Thecommunity is growing around theHadoop framework, and these compa-nies are betting revenue will follow.
Write to Doug Henschen at [email protected].
12 July 25, 2012 informationweek.com
Three Vendors Show Where Hadoop’s Headed By Doug Henschen
QUICKTAKES
HADOOPHEADLINERS>> ClouderaThe veteran, it’s out with version4 of its Hadoop distribution andmanagement software
>> HortonworksAfter spinning out of Yahoo lastyear, it’s put out its first product
>> MapRIt’s relying on proprietary codeto boost performance, but it’sreal ace might be Amazon ties
June 25, 2012 13
Datameer and Karmasphere,two startups offering report-ing, data visualization, anddata analysis capabilities on
Hadoop, have released new versions oftheir software. In doing so, they makethe case for next-generation tools.It’s not that old-school business in-
telligence software tools are going away,these upstarts grant. But they portraybatch-oriented extract-transform-load(ETL) data integration, relational datawarehousing, and old-school analyticsas too slow, rigid, and expensive tokeep up in the big data era.
Hadoop is the future, these vendorscontend, because it’s a massively scal-able data management environmentthat can handle variably structureddata from many sources without thedelays inherent in the static schemas ofrelational databases.If companies want to look at recent
point-of-sale transactions alongside Webclickstreams, online enrollments, and so-cial media chatter, for example, it wouldbe difficult or impossible to quickly putall that data into a relational data ware-house and look for correlations.Datameer CEO Stefan Groschupf of-
fers the example of a big retailer thatwants to get data to better understand
all interactions with its customers.“ETL and data warehousing and BI arejust fine for the problem of looking attransactions here and there, but there’sno chance of bringing it all together tolook at the interactions across all of theislands of information,” he says.Hadoop scales in linear fashion to
solve the data-volume challenge andruns on commodity hardware, so it’sless expensive than conventional rela-tional systems. Hadoop has its prob-lems, of course, such as a scarcity oftech talent and batch-related delays ofits own. Plus, IT can use old-school BIsystems that are integrated withHadoop to analyze data inside a clusteror result sets moved out of Hadoop.Datameer’s analytics platform pro-
vides modules for data integration tosources from mainframes to Twitter. Itprovides a spreadsheet-driven dataanalysis environment, meant to letbusiness analysts do Hadoop-drivenanalysis without IT expertise. Karmasphere also provides report-
ing, analysis, and data visualization onHadoop, but using a graphical inter-face and collaborative workflow thatworks with Hive, the data warehousingcomponent built on Hadoop.For companies building on Hadoop
that aren’t already invested in BI ordata warehousing, Datameer and Kar-masphere should be on the short list.On the other hand, if you’re a SQLshop that’s heavily invested in conven-tional BI, it can’t hurt to explore yourHadoop-integration options. For many, the enterprise data ware-
house remains elusive. We have yet tofind out if “next-gen analytics” onHadoop will fulfill that promise at lowercost and across a wider variety andlarger scale of data. —Doug Henschen
Big Data Analytics Vs. Old-School BI
Microsoft, out to prove that Win-dows 8 may be the most flexibleWindows version yet, showed at therecent TechEd conference how thenew OS can run instances of previ-ous versions within a Win 8 desktopand how it can easily boot on sys-tems running Windows 7.
Linda Averett, who leads programmanagement for Microsoft’s devel-oper experience team, demon-strated how the hypervisor soft-ware that’s built directly into theWin 8 client lets users run a virtualinstance of Win 7 within Windows 8.That could be useful for develop-ment teams that need to see howan app written for one version runsin the other, she says.
Averett showed how the displayscreen can be split so the same apprunning in two versions of the OScan be viewed side by side.
Averett also demoed Windows ToGo, a feature that lets a user store apersonalized image of Win 8 on aUSB drive and then boot it from anolder PC running Windows 7. “It’s anIT-sanctioned, pure image that canboot from any piece of hardware,”she says. The Windows BitLocker toolis used to ensure the security.
Windows 8 will let businessessupport a wide range of deviceswith minimal compatibility prob-lems, Averett says. You can “mix andmatch” new Windows 8 tablets andPCs with older systems, she says.
Microsoft has yet to confirm Win-dow 8’s official launch date, but it’sexpected to arrive later this year.
—Paul McDougall([email protected])
Windows 8, Meet Windows 7
TOP PRIORITIES
16% put big data analytics,BI, or decision supportamong their top 2projects in 2012
29% of those think that projectwill generate revenueover the long term
Data: InformationWeek survey of 453 business technology professionals
14 June 25, 2012 informationweek.com
It’s Friday, and as the software testingteam heads home for a three-dayweekend, members forget to turnoff a 250-server cluster they’ve been
renting from a public cloud infrastruc-ture vendor. The cluster doesn’t have ajob to run, but it still racks up a $23,400bill, 10 times what was planned for thattime period. “It went from $2,300 to$23,000 so quickly,” the testing teamleader observes when he gets back.It’s a true story recounted by a soft-
ware company CEO, and it points to amajor concern that businesses have withrunaway costs. Sixty percent of compa-nies using or evaluating cloud servicesare either very concerned (22%) or con-cerned (38%) about out-of-control costs,according to the 2012 InformationWeekCloud ROI Survey. Errors, mismanage-ment, and even attacks such as a distrib-uted denial of service that floods a web-site with information requests can causethe sort of overrun IT managers fear.Cloud computing management tools
aren’t that sophisticated. And manycompanies are only doing small-scalepilots, so they’re using spreadsheets totrack employees’ planned usage. Thetechnical term here is “deploy and pray.”A manager might not know how
many employees have created AmazonWeb Services accounts, since depart-ments can spin up capacity with acredit card. And even if employees dili-gently report planned use, unexpectedfees can trip them up. If marketing hasaccumulated tons of data in the cloudfrom a new promotion and decides todownload it to the in-house data cen-ter, that could set off Amazon’s 12-cents-per-gigabyte download charge.At that rate, 10 TB quickly runs upmore than $1,000 in unexpected costs.Most cloud managers don’t have a
real-time accounting system tabulating
charges as the month progresses. Fifty-three percent of survey respondentswho are using or evaluating cloud saythey use or plan to use monthly reports,which include some account numbers,categories, and total units of usage, butnot enough granular information to findthe culprits for high charges. Slightly
more than a third use in-house moni-toring, a fifth use an alert system suchas text messages, and 31% have no ideahow they’ll prevent cost overruns.Simplicity was originally at the core of
cloud computing pricing: a flat rate foran on-demand computing infrastruc-ture, delivered over the Internet. Butpricing has gotten increasingly complexas vendors and product variations grow.
IT isn’t apt to slow cloud use with alot of administrative controls and ap-provals. Speed is one of cloud comput-ing’s benefits—a researcher can launcha virtual server in minutes to work ona new product idea, rather than wait-ing weeks for an IT team to buy andprovision a physical server.
Ways To Track Cloud CostsCompanies in the early stages of using
cloud computing can probably get bywith a spreadsheet and regularly pollingemployees. But that system becomes un-workable as their cloud use expands.Amazon offers a Simple Price Calcu-
lator to help customers figure theirmonthly bills. It’s easy to use, but behindit is a complex pricing structure that in-cludes on-demand, reserved, and spotinstance classes with a variety of serversizes and types in each class, and chargesfor other services such as caching, loadbalancing, and data transfer. Prices varyamong Amazon data centers. Amazonand other cloud vendors will assist youif you’re a big enough customer. Other-wise, you’re on your own.A cottage industry has popped up to
collect and interpret cloud bills. CloudCruiser, 6Fusion, Uptime Software,and cloud server configuration man-agement service Puppet Labs offermore detailed and sometimes morereal-time billing information.Uptime says it uses the Amazon API
that allows read-only access to serverstats. It tags accounts with identifiers thatshow which employees are responsiblefor overages. Uptime also says it cancompose a near-real-time picture of acompany’s bill at any time of the month.Such services don’t sit well with
some companies, because they give athird party too much information onhow much computing capacity the
The Cloud’s Big Caveat: Runaway Costs By Charles Babcock
QUICKTAKES
Our Cloud Pricing Series>> Does the cloud really pay off?
informationweek.com/1337/cloud
>> Look for prices to continuefalling as vendors vie for yourbusiness informationweek.com/1337/pricesfall
>>Why cloud prices are so hard tocompareinformationweek.com/1337/compare
>> Find an online copy of this story informationweek.com/1337/runaway
company is using and possibly the ap-plications it’s using. Plus they add costs.Cloud services provider Carpathia In-
stantOn Cloud offers a financial thresh-old alarm, so that a customer is alertedwhen it uses up its planned hours beforethe end of the month. 6Fusion says itsCloud Resource Meter shows whetherit’s cheaper to run a VMware workloadon-premises or in the cloud. The com-pany sells a management platform foron-premises and public cloud comput-ing, with bill-per-use pricing, but itworks with VMware virtual servers, notAmazon Machine Images or CarpathiaInstantOn Cloud XenServer.Third-party, front-end management
companies also provide billing informa-
tion. RightScale—a server commission-ing, monitoring, and management ser -vice—is one of the few that can track andsummarize bills any time of the monthfrom multiple cloud vendors. RightScaledoesn’t get that tracking information di-rectly from the cloud suppliers, though.“We had to develop bill tracking our-selves,” says CEO Michael Crandell.Amazon and other leading cloud
vendors are aware of the problems withtracking cloud costs and are workingon providing greater visibility intocharges, on an ongoing basis as well asat the end of the month. At the sametime, Amazon has dropped the price onits popular small Linux server offeringtwice in three years, from 10 cents an
hour to 8.5 cents to 8 cents. Mi cro softalso has recently dropped its prices.The public cloud industry in some
ways has brought a new level of trans-parency to IT operations: Price lists areposted for all to see and ser vice failuresare made public, as are the post-mortemsexplaining what went wrong. But thepublic cloud has yet to make it easy forcustomers to predict monthly bills. Inthe rush to expand cloud service, thisfeature has been overlooked. If publiccloud is going to take on more large-scale enterprise IT workloads, tools thatensure predictability are essential.
Write to Charles Babcock at [email protected].
June 25, 2012 17informationweek.com
here’s Facebook, Twitter, and the other social networks, pluscommunity-driven websites, all of them generating comments good andbad about your company, products, and rivals. The promise of a never-end-ing focus group (along with fear of not knowing what’s being said aboutyou) has given rise to a fast-growing market for social media monitoring
and sentiment analysis software and services. What could be better than letting tech-nology magically comb the Web to bring back and interpret brand-relevant comments?If only it were that simple. If you wade even ankle deep into social media monitoring, you quickly realize that
it’s a much more nuanced problem than spotting positive or negative opinions. Forstarters, comments often have multiple meanings or gradations of meaning (see story,p. 20). And when it comes to marketing research, the best insights often come with nomention of a specific company or its products.“The mistake people make is they just listen for brands and miss all the conversa-
tions,” says Frank Cotignola, consumer insights manager at Kraft Foods. “I tell peoplewho are using this data to flip it around: Listen to what people are saying, and then seehow your brand fits in.” Knowing what percentage of comments about a barbecue saucebrand are positive or negative may be far less valuable than gathering insight into what
People Are TalkingCompanies are using
sentiment analysisto gauge the mood on social networks
and the Web. But getting insight
takes new skillsand tactics.
By Doug Henschen
Get an online version of this story at informationweek.com/1337/sentiment
[COVER STORY]
T
people like about barbecuing, howthey cook, or how they’d like to cook.Cotignola and other seasoned min-
ers of social media sentiment—at thelikes of American Express, The WallStreet Journal, and the American RedCross—say it takes a lot of human in-terpretation to get any value out of sen-timent reports. While the technologyis driven by marketing in most compa-nies, IT shouldn’t sit on the sidelines,as it has a role in expanding use of sen-timent analysis across the company.
This Isn’t A SurveyPollsters and the news media rou-
tinely use sentiment analysis technol-ogy. The Wall Street Journal’s SentimentTracker is an infographic that sharespublic opinion about certain topics asexpressed on Facebook and Twitter,using sentiment analysis software-as-a-service from NetBase Solutions. Recenttopics it has tackled include space-launch vendor SpaceX’s taking “OneSmall (Privatized) Step...” toward acommercial space program and theMark Zuckerberg “Hoodie-Gate”episode. Out of 1,000 Facebook andTwitter posts on Zuckerberg betweenMay 7 and May 11, 47% were positiveabout him and his Wall Street backerswearing hoodie sweatshirts whilepitching the Facebook IPO to in-vestors, 41% were against it, 4% madecomparisons to the Trayvon Martincase, and 8% cracked jokes, such as“Zuckerberg should have the decencyto graduate to a pinstriped executivehoodie.” (Sentiment analysis can’t yettell if a joke is actually funny.) The Journal has been careful not to
present Sentiment Tracker as a scien-tific public opinion poll, as Twitter andFacebook users are younger and havehigher incomes than the population atlarge. “It’s just very important for us toalways make a distinction as to whatthis actually tells the reader, and notpresent it as something more than itis,” said deputy editor Ryan Sager,speaking at last month’s Sentiment
Analysis Symposium in New York.The Journal’s editors have talked
about weightier uses of sentimentanalysis, such as a Candidate Trackerfor the current election season. Buthere, too, they’d have to be clear aboutthe biases of social media. “Ron Paulhas always kind of had a very high andvery positive Internet buzz becausehe’s Ron Paul, and that’s where hisaudience is,” Sager noted.
Channel AnalysisProduct and service companies
must also be aware of these “channelbiases.” At the American Red Cross,Banafsheh Ghassemi, VP of marketingand e-CRM customer experience, saysthe patterns of interaction differ byphone, postal mail, email, and socialmedia. A giant among charities, withmore than 500,000 volunteers and35,000 employees, the Red Crossmonitors social media commentsmade by volunteers, donors, and otherconstituents using the SaaS tools ofRadian6, which Salesforce.com ac-quired last year.“For the Red Cross, social media is
typically positive—they’re telling us howmuch they love us,” Ghassemi says. “Butif they’re taking the time to write andemail or send us mail, chances are it’snegative. They either didn’t like some-thing or they wanted to express an opin-ion or make a suggestion.”Social networks were not, for the
most part, a source of love for Wiscon-
sin Gov. Scott Walker during his recentelection recall fight. Sentiment analyt-ics vendor Topsy Labs found thattweets related to Walker generated avery low -1.999 sentiment score, whilehis Democratic opponent, Tom Barrett,registered a relatively neutral 0.932score. Yet Walker carried 53% of thevote to stay in office. “In Walker’s case,Twitter wasn’t representative of theelectorate, and it points up the need tochoose your data carefully and inter-pret it with these biases in mind,” saysanalyst Seth Grimes, who organizes theSentiment Analysis Symposium. Sentiment analysis technologies
shouldn’t replace conventional re-search, such as in-person focus groups,Ghassemi says. Focus groups and sur-veys are important for getting moredepth into ideas picked up in socialmedia monitoring. But each channelrequires different tactics. “The traditional researcher always
wants to ask questions: Why do youuse this product, and why do you useit that way?” Kraft’s Cotignola says.“With social media, you just standback and listen, and you can’t ask,‘Why did you say that?’ So it’s a cul-tural shift for researchers.”Kraft Foods has developed a Com-
munity Intelligence Portal to tap intoconsumer sentiment across social net-works, blogs, and other websites. LikeThe Wall Street Journal, Kraft relies onthe services of NetBase, one of thelargest among the growing number of
informationweek.com18 June 25, 2012
2012 2010
Do You Monitor Social Networks?
Yes
No
Don’t know
Data: InformationWeek Social Networking in the Enterprise Survey of 394 business technology professionals in October 2011 and 624 in August 2010 at companies using one or more internal social networking systems
R
36%38%
24%22%
40%40%
R
June 25, 2012 19
sentiment analytics vendors. NetBasecontinuously pulls comments frommore than 100 million Web sourcesinto its ConsumerBase, a cloud-baseddatabase of consumer sentiment acces-sible via an API. NetBase runs naturallanguage processing, analytics, as wellas machine-learning algorithms on topof this big data resource, to help cus-tomers spot and make sense of relevantcomments.Cotignola says Kraft tries to “tune
into the conversation” rather than justlisten for brand mentions. “You have tolisten when consumers talk aboutsnacking, listen to what they say aboutthe way they barbecue and what theyuse, and you have to listen to theiremotions and feelings,” he says.
The Perpetual Research MachineThose are some of the limitations of
sentiment analytics. But there are sev-eral key advantages. First, social sites are available 24
hours a day, seven days a week, so so-cial media analysis is a real-time toolthat’s not subject to the time lags in-herent in focus groups and surveys.Ghassemi of the Red Cross describes itas a “leading indicator” for her. “Youcan start to pick up on the signal in thenoise right away, and once you spot atrend, you can go into your otherchannels and use conventional re-search to figure out what’s behind thetrend,” she says.Timeliness is essential to the Red
Cross because it’s often dealing withfast-breaking disasters, such as theearthquake in Haiti, where the non-profit pioneered the use of text mes-saging for fundraising, collectingsome $40 million within days to sup-port ongoing relief efforts. It also lis-tens to “on the ground” social chatterduring disasters to learn where helpis needed most. Meantime, it’s listen-ing for everyday comments about thebrand and people’s experiences atblood donation centers and healthand safety courses it runs.
By mixing network analysis (who isinfluencing whom) with sentimentanalysis (insight into what they’re say-ing), companies can reach the mostimportant influencers, not just thelargest number of people, the waymass media can. Services such asKlout can help companies figure outwho the “influencers” are for a partic-ular topic or industry, and some of thesentiment analysis platforms havebuilt-in features or add-ons to assesswhether influential groups have posi-tive, negative, or neutral opinions ofa company or product. “Even though the reach of friends
and family is much smaller than a TVor radio ad, they’re much more influ-ential,” Ghassemi explains. “If yourcousin announces on Twitter that hejust gave blood and that he feels reallygood about it, chances are you willpay more attention to that than to anadvertisement.” However, social channels can ap-
proach TV and radio reach if celebri-ties or big media create or amplify thesocial content. If that cousin happensto be actor Ashton Kutcher, he’d beinstantly telling 11 million people hejust had a good (or bad) experiencegiving blood.
Tracking TrendsA second big advantage of social me-
dia analysis is that it lets organizationstrack changes over time. “If consumersare really hurting, do you want to con-sider raising prices, or do you want tooffer some sort of coupon or online of-fer?” says Cotignola of Kraft. “The greatthing about this kind of data is thatyou can continue to look at it daily tosee how things are trending.”A third advantage is that social me-
dia provide so much data about yourcompetitors. The American Red Crossdoesn’t think of other charities as rivalsper se, but Ghassemi notes that thenumber of charities has doubled overthe last decade and that they’re allcompeting for donations and volun-teers. “Social media has allowed me tolook at any organization within thenonprofit sector to find out what theyare doing that’s working and what’snot working,” she says. Just as for-profit companies have
seen the power of social media—as inthe 12 million views of the “UnitedAirlines Breaks Guitars” YouTubevideo, or the incident in whichWhirlpool’s customer service depart-ment displeased a blogger/customerwith more than 1 million Twitter fol-lowers—the nonprofit world has alsowitnessed cautionary tales. Susan G.Komen for the Cure, for example, wasengulfed in controversy after it pulledfunding for Planned Parenthood pro-grams in late January. The breast can-cer research charity restored funding afew days later after a (Planned Parent-hood-fueled) public outcry on socialmedia and elsewhere, but the brand’sreputation suffered. “We all learned a lot from the Susan
[COVER STORY]SENTIMENT ANALYTICS
Does IT Have A Credibility Problem?
Read our full report on ITspending priorities, with anexclusive survey, to learn whyit may. Free with registration atinformationweek.com/reports/itspending
Our report has detailedspending and return expectations for 16 IT projects.The credibility problem? Forevery one, IT expects tospend more near term butlower tech costs long term.
20 June 25, 2012 informationweek.com
G. Komen incident, and we took it toheart,” Ghassemi says, including “notletting politics get mixed up with themission” and using social media listen-ing to get ahead of a controversy beforeit “takes on a life of its own.”
Taking ActionWhen customer sentiments are
positive, you actually want social me-dia to help a message take on a life ofits own. Author and American Ex-press executive Christopher Frankcalls it “the flywheel effect,” and inhis book Drinking From The Fire Hose:Making Smarter Decisions WithoutDrowning In Information, he offers afour-phase approach to putting theflywheel to work: listen, engage,measure, and learn. Many organizations use sentiment
analysis technology to listen to andmeasure social media comments, Franksays, but few engage customers orquickly learn from social media to gainmomentum. Among the exceptions, he
says, are Dell and Procter & Gamble. Dell has a Radian6-powered social-
media listening command center,where the mantra posted on the wall is“listen, engage, act.” Average dailymentions of the Dell brand on Twitterhave a greater reach than the combinedcirculation of the top 12 daily newspa-pers in the U.S., according to Dell. Thecompany responds to service-relatedquestions and complaints and moni-tors for consumer tastes and trends.Now Dell’s trying to market its ex-
perience: the American Red Cross, forexample, worked with Dell to launchthe Red Cross’s Digital OperationsCenter in March.Procter & Gamble was listening to
the social buzz in late February whenworkers at the Daytona 500 wereshown on national TV using Tide de-tergent to clean the track after a crashand fuel spill. Within days, P&G cre-ated a TV commercial, posted onYouTube, using footage of the incident.As a sportscaster narrated, talking
about “a new use for laundry deter-gent,” captions read: “You keep invent-ing stains … we’ll keep inventing waysto get them out.”“P&G was just tracking the Tide
brand, and all of a sudden their mon-itoring system just lit up,” Frank says.“Their social team responded quickly,and it speaks to the capability of be-ing agile.”At American Express, where Frank
is VP of the Global MarketPlace In-sights Team, the company scrapes 150million Web sources in search of com-ments made in several languages. It hasbuilt a data cube that contains some 5million conversations about the com-pany, and it uses this resource, pow-ered by a listening platform from Visi-ble Technologies, for product andmarket research across the company. A separate department within Amer-
ican Express responds to individualcustomer complaints and questions onsocial media. But Frank says the com-pany is moving toward centralized ap-
Online comments don’t fall neatly into “positive”and “negative” buckets. There’s a range of con-sumer sentiment that challenges even themost sophisticated natural language process-
ing technologies. At last month’s Sentiment Analysis Sym-posium, Catherine van Zuylen, VP of products at Attensity, asocial analytics software vendor, provided this list of difficultcomment-analysis problems: False negatives:The words “crying” and “crap” suggest neg-
ativity, but then there is “I was crying with joy” or “Holy crap!This is great.” Here’s where simplistic tools might be fooled.Relative sentiment: “I bought a Honda Accord.” Great for
Honda but bad for Toyota.Compound sentiment: Doing work for movie studies, At-
tensity has had to make sense of comments such as “I lovedthe trailer but hated the movie.” Big mobile phone companiesencounter mixed messages such as “I love the phone but hatethe network.”Conditional sentiment: “If someone doesn’t call me back,
I’m never doing business with them again.” Or “I was reallypissed, but then they gave me a refund.”Scoring sentiment: Vendors are expected to measure rel-
ative sentiment, but how positive is “I like it” versus “I reallylike it” versus “I love it”?Sentiment modifiers: “I bought an iPhone today :-)” or
“Gotta love the cable company ;-<”. Emoticons are straight-forward, but what words are they connected to?International sentiment: Japanese have unique emoti-
cons, like (;_;) for crying. Italians tend to be far more effusiveand grandiose, whereas Brits are generally drier and less ef-fusive, making those relative scoring challenges mentionedearlier all the more complicated.
Sophisticated systems can be optimized to handle thesekind of problems, van Zuylen says. But analyst Seth Grimessays no amount of tuning will lead to perfection, so it’s bestto focus the extra effort on developing insight about andacting on the majority of clear-cut sentiments.
—Doug Henschen
Seven Shades Of SentimentLIKE OR LOVE?
June 25, 2012 21
proaches and standardization of tools.“Social usually starts with marketing
and the product groups on the frontlines with the customers, but veryquickly you need to loop in IT to buildout the capabilities,” he says.
Choosing TechnologiesAccording to InformationWeek’s 2012
Social Networking in the EnterpriseSurvey, 54% of respondents familiarwith their organizations’ social net-working monitoring tools say market-ing holds the primary responsibility forthese tools. IT is in charge at aboutone-third. Social media is one tech spending
area, along with Web analytics andmarketing automation software, that isincreasingly being led by chief market-ing officers. Most often they use cloud-
based service providers, such as Ra-dian6 and NetBase, for the founda-tional monitoring of social media.Those vendors handle the monitoringof data feeds from the likes of Face-book and Twitter, and the screen scrap-ing from other Web sources that don’toffer APIs.American Express decided to de-
velop its core social database in-houseto give it unfettered access to and con-trol over the data. American Expressblends its data with psychographicand demographic data from third-party providers to support f ine-grained customer segmentation andtargeting. Companies analyzing senti-ment about just their own brand andindustry may find an in-house re-source doesn’t have to involve hugedata volumes. Plenty of companies
have built social media applicationswithout getting into exotic platformssuch as Hadoop. And about half ofcompanies in our social networkingsurvey monitoring their companies’brands rely on search alerts fromGoogle or Bing. Other functions needed on top of
monitoring include CRM-based rout-ing capabilities, to send productqueries to employees able to respondto comments. Some companies willwant publishing and management soft-ware with workflows that require anemployee to get approval before post-ing something; such software mightalso make it easier to reuse content toanswer oft-asked questions. Conver-sion-tracking features help companiesturn comments into sales leads. Deeper analysis and understanding
of comments requires natural languageprocessing capabilities, and many spe-cialists in this software, such as Lexa-lytics and Lithium, have partnershipswith social media management plat-form providers. Measurement capabil-ities help companies establish baselineson customer sentiment and then trackthe effectiveness of advertising, publicrelations, and social media campaigns.Frank says social media will in-
creasingly be seen as just a part of theclassic marketing funnel: moving peo-ple from product awareness to buyingconsideration to buying to advocatingfor the product. With that context in mind, while a
lot of sentiment analysis dashboardshighlight the red, negative sentimentversus the green, positive ones, “I’mtrying to crack the code on the neutralsentiment,” Frank says. Those arewould-be buyers without entrenchedfeelings to overcome who can bemoved to buy. In an election year, theparallel use for social media monitor-ing is to tune into and influence thoseall-important swing voters.
Write to Doug Henschen at [email protected].
[COVER STORY]SENTIMENT ANALYTICS
2012 2010
Which group in your company is primarily responsible for social network monitoring tools?
Who’s Watching?
Marketing
IT
Web operations team
Customer support
Data: InformationWeek Social Networking in the Enterprise Survey of 88 business technology professionals in October 2011 and 143 in August 2010 familiar with the tools used to monitor social networks for discussions about the company or competition
R
54%41%
32%44%
9%Not available
2%4%
Learn how Procter & Gamble uses analytics.Hear P&G CIO Filippo Passerini in a keynote discussionat the InformationWeek 500 Conference. Registration atinformationweek.com/conference
Sept. 9-11 at the St. Regis Monarch Beach, Dana Point, Calif.
upcoming events InformationWeek 500
June 25, 2012 23informationweek.com
Automation isn’t easy, but
without it, you’ll never get
self-service or self-healing,
or realize full cost benefits
Get an online version of this story at informationweek.com/1337/auto
Automating ThePrivateCloud By Jake McTigue
Major public cloud providers, includingAmazon, Microsoft, and Rackspace, have beendriving hard toward automation since theirservices hit the market. The reason is simple:
It improves both the bottom line and customer satisfac-tion. Now, automating an enterprise-class private or hy-brid cloud is an entirely different affair from Amazon us-ing its development muscle to let a user spin up an S3instance. But that doesn’t mean you can stay stuck inmanual mode, because without automation, you don’thave self-service, and self-service is one of the most com-pelling reasons for a private cloud. As with most complicated projects, you’re better off
building in automation from the get-go; retrofitting ismore expensive and less effective. So we were somewhatdiscouraged with the results of our InformationWeek 2012Private Cloud Survey. The good news is, this technologyhas reached a tipping point: 51% of 414 respondents areeither building private clouds (30%) or have them inplace now (21%). But when we asked those in the con-struction stage about nine critical steps, orchestrating au-tomation across multiple subsystems came in dead last.
Let’s be clear: No automation, no cloud. How do wefigure that? NIST defines cloud as having five essentialcharacteristics: on-demand self-service, broad networkaccess, resource pooling, rapid elasticity or expansion,and measured service. Virtualization and solid WAN en-gineering will provide resource pooling, elasticity, andbroad network access, but measured service and—mostimportantly—on-demand self-service aren’t part of stan-dard virtualization management suites. For these, au-tomation is required.Self-service isn’t the only benefit. More efficient use of
data center resources, self-healing, improved applicationavailability, better power management, and preplannedresponses to various scenarios are among the other po-tential benefits of a solid automation deployment. Unfortunately, there isn’t a standard way to do cloud
automation; in fact, there isn’t even agreement on what,exactly, it entails. While virtualization vendors have in-vested a lot of effort in developing APIs that provide ex-tensibility and control, automating those infrastructuresis simply not a part of the core virtualization feature set.And yet, controlling a virtualized infrastructure is going
to be a key point of any automationstrategy, because virtualization is whereyour resource pools and elasticity live.At the most basic level, cloud automa-
tion packages support runbooks thattake preprogrammed actions when atrigger event occurs. But prepro-grammed events are just the beginning;new and innovative products, like thosewe list on p. 25, take management to anew level by enabling policy-based au-tomation. These products use multiplemanagement engines to stay in touchwith all aspects of the infrastructure andmake policy decisions based on specificscenarios and self-service requests. Vendors are evolving these systems
from workload management suites usedto automate diverse virtualization and in-frastructure components through a cen-tral policy engine. However, because theenterprise private cloud automation mar-ket is relatively new, there’s no stock fea-ture set, so what you’ll be able to do outof the box varies dramatically. For exam-
ple, while most of these suites have pow-erful central execution engines that canread data and act on it, some, like Moab,incorporate enhanced resource manage-ment for virtual infrastructures and self-service Web provisioning portals as well.Despite the immaturity of this market,
it’s worth evaluating these suites, be-cause automating the cloud has hugepotential to maximize your investmentand slash operational and capital ex-penses—an important point, as 61% ofsurvey respondents not using a privatecloud cite reduced operational costs as amajor reason to consider moving to thecloud, with capital expense savings(44%) and technical advantage (45%) asstrong secondary factors.
Build On Your AccomplishmentsSuccessful automation deployments
sit on top of strong virtualization deploy-ments that provide high availability, scal-ability, and a degree of fault tolerance, orat least fault recovery. Still, the first step in preparing to au-
tomate is cleaning house. Automatic ac-tions and self-service provisioning willexacerbate poorly configured virtual in-frastructures. In addition, better engines
help improve resource management,which is difficult to do if the infrastruc-ture is already overloaded. If you don’thave the spare capacity to maintain highavailability, self-service provisioning mayput core network services at risk.What exactly does housecleaning in-
volve? Consider resource provisioningfirst. If demand spikes jeopardize the per-formance of mission-critical businessservices by starving application servers,that can be a problem. You must segre-gate workloads into resource pools andassign priorities to them—as self-servicerequests come in, critical servers must begiven priority access to underlying phys-ical resources. When selecting an au-tomation management system, look forthe ability to manage resource load incloud environments, but be aware thatjust throwing resource management at abadly configured infrastructure is likelyto net you a lot of angry help desk calls.In addition, make sure you have a
method to track when a VM producedby automation becomes a mission-criti-cal server. It’s easy enough to increase itsresource priority after the fact, but thisis one area where you don’t want to runblind. And don’t spend on automation if
24 June 25, 2012
Get This AndAll Our Reports
Our full report on automatingthe private cloud is free with registration. Download it at informationweek.com/reports/pcautomate
This report includes 14 pages ofaction-oriented analysis.
What you’ll find:
> Ten IT success metrics and howwell private clouds deliver
> Example goal sets and enabling processes and self-healing actions
54% 23%
17% 43% 40%
11% 52% 37%
10% 49% 41%
8% 50% 42%
6% 50% 44%
4% 44% 52%
3% 55% 42%
3% 35% 62%
Completed In progress Not started
Built the underlying server, storage, and networking infrastructure
Deployed hypervisors and management framework
Inventoried applications and workflows
Built a self-service portal
Automated subsystems
Integrated subsystems
Created required services like runbooks
Created application templates
Orchestrated automation across multiple subsystems
Data: InformationWeek 2012 Private Cloud Survey of 123 business technology professionalsat companies starting a private cloud project, April 2012
R
23%
What Steps Has Your Company Taken To Build A Private Cloud?
informationweek.com
June 25, 2012 25
the overall capacity of the infrastructureis lacking. If you’re barely able to satisfyyour current workload, the last thingyou need is new machines being rolledout without human intervention.
Set GoalsDetermine what you want to accom-
plish with your automation initiative. Doyou need self-service machine provision-ing? Automated responses to changinginfrastructure conditions? How aboutpolicy-based virtual machine and appli-cation life cycle management?If the intent is to monitor application
performance and spin up additional ap-plication servers when demand peaks,the plan is going to be different than ifself-service provisioning with depart-mental chargeback is the primary goal.Formulating a concrete set of objectivesis essential to the evaluation phase ofyour automation project. Then, since product capabilities vary
widely, map that goals list to feature re-quirements. How easy or difficult it willbe to make that match depends on theunderlying virtualization and manage-ment platforms you’re dealing with. Afull-featured automation product willneed to plug into multiple silos to gatherthe information it needs to make policy-based automation decisions. This meansintegrating all relevant server, storage,and network virtualization technologiesas well as maintaining accurate licensingand consistent configuration informa-tion. Depending on how your network isset up, every one of these resources couldbe a silo, making integration daunting.Survey respondents with a private cloudstrategy underscore that point: 58% sayintegrating existing IT products withcloud is a major issue.Because integration can be such a
challenge, it’s important to delve deepinto the compatibility matrix of anyprospective product before writing acheck. If a vendor provides few hooks,it may be impossible to link policy en-gines without an absurd investment inlabor. How absurd? A 2-to-1 or 3-to-1
investment in expert consulting servicesor internal staff commitment vs. softwarecosts before the benefits of automationare apparent isn’t unheard of.Why? Again, a lack of standards. That brings us back to goal setting.
When it comes time to dig into the de-tails, automation requires that you have avery clear idea of what you want to ac-complish so you can create workflowsand processes that are repeatable, consis-tent, trustworthy, and (this is key)reusable. Take incident response: Say anapplication server has a meltdown that
jeopardizes the availability of a key soft-ware system. If the application is in awell-constructed app server farm, otherservers should continue to meet client de-mand, but at a higher load with reducedefficiency. If one goal of your automationinitiative is a self-healing response to theloss or degradation of an applicationserver, many variables must be consid-ered before an automatic action is taken.We provide examples of goals and theirrelated processes in our full report, at informationweek.com/reports/pcautomate.
What You Get For The MoneyFor large enterprises, the cost of these
suites can easily reach six figures andclimb to $300,000 or more, dependingon the level of automation and cus-tomization required and the size of theinfrastructure. For your licensing invest-ment, you get a task engine that can re-act to data by triggering work flows andwhatever set of common integrationsand functionality the vendor bundles;self-service provisioning Web portals, avirtual machine optimization scheduler,or some basic VM power managementpolicies are commonly included.What you don’t get are workflows
specific to your network, applicationportfolio, and business processes. That’swhy the single most important step is tocarefully scope goals and requirements,identify overlap, and conduct a thor-ough cost-benefit analysis before tack-ling an automation project.Still, it’s worth getting started. Survey
respondents who have private clouds saythey’ve gotten excellent results in termsof reducing operational and capital ex-penses as well as managing their ITteams’ time. Better resource usage over-all, life cycle management, and auto-mated provisioning—all very achievablegoals—can easily make the effort and ex-pense worthwhile.
Jake McTigue is the IT manager forCarwild and a senior consulting net-work engineer for NSI. Write to us [email protected].
PRODUCT SNAPSHOTAdaptive Computing MoabCloud Automation PROS Able task-scheduling engine,highly interoperable, advanced features out of the boxCONS Can be costly to implement
BMC BladeLogic AutomationSuitePROS Market leader, powerful engine,integration with other BMC productscan save on back-end workCONS Expensive
Cisco Process Orchestrator PROS Built for Cisco hardware, extensive feature setCONS Expensive
Embotics V-Commander PROS Good value, features are comparable to suites from much larger vendorsCONS Newcomer
IBM Tivoli Service Automation Manager PROS Powerful, able task engine, fullfeature setCONS Very complicated, high TCO
Stonebranch Opswise Automation PROS Extensive Web interoperability,integrates workload management, innovative, full feature setCONS Newcomer
UC4 One Automation PROS Powerful, lots of functionality,reasonable cost, Web standard interoperability, extensibleCONS Difficult to configure
[PRIVATE CLOUD AUTOMATION]
26 June 25, 2012 informationweek.com
Virtualization is standard op-erating procedure. It alsobreaks conventional defensemechanisms by hindering
visibility and control, creating new at-tack avenues, increasing complexity,and blurring administrative roles be-tween network and server teams. Our2012 InformationWeek State of the DataCenter Survey shows there’s no goingback, even if we wanted to: Half of 256respondents will have at least 50% oftheir production servers virtualized bythe end of next year; 26% will have75% or more. So it’s unfortunate thatinnovation in the virtualization securitymarket is stalled. The holdup is two -fold: First, the lack of a publicizedbreach targeting the hypervisor hasmade IT complacent. And second,there’s an unwillingness among ven-dors to take on VMware; it owns mostof the market and controls the APIs, abig deal given the scant enterpriseadoption of rival server hypervisors. That leaves us with a limited number
of major products for hypervisor net-work security. Two of them, VMware’sown vShield and Juniper’s vGW (VirtualGateway, acquired from Altor), use theAPIs provided under VMware’s VMsafesecurity program. Cisco, the other bigplayer in this market, bases its technol-ogy around the proprietary Nexus1000V virtual switch, which was devel-oped in cooperation with VMware butisn’t dependent on VMsafe. Cisco hasn’tcompletely hitched itself to VMware’swagon; it has hinted that the technology
will be usable with other hypervisors.If you run a non-VMware hypervisor,
you should be looking at Vyatta’s Net-work OS product, which works with Cit-rix XenServer and Red Hat KVM, and,like VMware’s vShield Edge, includesNAT and DHCP servers. Vyatta also addsa sophisticated routing engine with sup-port for IPv4 and IPv6 dynamic routingprotocols like BGP, OSPF, and RIP. Granted, the non-VMware cadre is
small for now, as some version of VM -ware is the primary hypervisor platformfor 90% of respondents to our latest In-formationWeek Virtualization Manage-ment Survey. But the market could getmore dynamic should open source cloudsystems like OpenStack (which usesKVM) and CloudStack (which uses Xen)gain traction. Microsoft has made some
storage and migration enhancements toHyper-V in a bid to appeal to enterprisesbut doesn’t yet have anything compara-ble to VMsafe for network security, al-though third parties are starting to fillthe gap. And don’t count out startups,like Bromium, led by former Xen archi-tect Simon Crosby, that are focused onvirtualization and cloud security. A rad-ically new platform could raise the com-petitive bar by making secure virtualiza-tion a table-stakes feature. Crosby hintsat the opportunities for Bromium whenhe says he believes that in five years,most IT workloads will be in the cloud,whether public or private, and that thehypervisor’s “sole value will be security.”Still, for now, VMware’s vShield line
sets the standard for the VM securitymarket. More important, it effectively
What percentage of your company’s production servers do you expect to have virtualizedby the end of next year?
Data: InformationWeek 2012 State of the Data Center Survey of 256 business technologyprofessionals, April 2012
Zero
75% to 90%
Greater than 90% 2%
19%
22%
17%
9% 7%
Less than 10%
10% to 24%
25% to 49%
24%
50% to 74%
Road To Virtualization
%
Get an online version of this story at informationweek.com/1337/vm
VM Security Beyond VMwareIt’s time to tackle server virtualization vulnerabilities By Kurt Marko
28 June 25, 2012 informationweek.com
defines three segments that align withlogical network and virtual machineboundaries—intra-VM (Layer 2 withina virtual switch); inter-VM (Layer 3,between physical hosts in a privatecloud); and guest OS (application con-trol within the VM). We delve into eachlayer in our full report, at informationweek.com/reports/vmsecure, but thisstructure is a great baseline for ITteams to plan their security strategies.
On Your Own, For NowEffective security requires specialized
engineering expertise, and therefore fewbelieve that open source projects ontheir own will provide acceptable secu-rity for either KVM or Xen. Microsofthas the resources and talent to developsomething like vShield for Hyper-V, butit has yet to do so. “Microsoft admitsthey’re not networking people,” saysChristofer Hoff, chief security architectat Juniper, adding that he expects Red-mond to foster a security ecosystemaround Hyper-V, much like that coalesc-ing around the VMsafe partner program.One problem with all virtual security
software is the near impossibility of ex-tending a company’s own security poli-cies into the public cloud. The easiestoption for VMware shops is adoptingVMware’s cloud management service,vCloud—something VMware must seeas a strategic advantage. However, forcompanies using Amazon or Rackspacecloud services, your virtualization secu-rity policies go out the window whenyou go to the public cloud. Hoff sees de-veloping a consistent set of high-levelsecurity APIs that work across platformsand providers as the next big challengefor virtualization security. But he admitsthe industry is a long way from converg-ing on such a standardized, interchange-able set of security protocols.So what can IT do until then? Plan to combine traditional and vir-
tualized defenses, with a bias towardincreased use of virtualization. The se-curity software you pick will be dic-tated by which virtualization platforms
you’re using, but make your vendorsaware that support for a diverse set ofhypervisors is a selling point. That’s es-pecially true if you plan to implementdesktop virtualization, which is a muchmore wide-open market in terms of vi-able vendors. Virtual desktop infra-structure can rein in chaotic PC envi-ronments, making it easier to keepdevices securely configured and consis-tently patched. If you’re using VDI,move endpoint protection from theguest OS into the hypervisor, replacingstandalone, agent-based client anti-malware with an endpoint virtual se-curity appliance. The gains in perform-ance and manageability are significant.Make sure that server and network vir-
tualization is part of your security team’scharter and project plans—not a one-offimplemented by VM administrators.Don’t underestimate the potential for turfwars, either. As Crosby points out, virtualsecurity appliances expose thorny con-trol issues, especially as the VM manage-
ment platform now handles vSwitchesand logical volumes and is thus rapidlysubsuming various categories of datacenter labor, including security, net-work, and storage configuration. Serveradmins inheriting these new roles maybe ill-prepared to handle the subtleties.Don’t expect to shed security layers.
VM security supplements but doesn’treplace other elements of a defense-in-depth strategy, like perimeter hardwarefirewalls, intrusion prevention appli-ances, and content filters. Tie virtualization into your overall se-
curity reporting framework. Even virtu-alized network devices like vSwitchesand vNICs need to be monitored andaudited, but you don’t want anotherSEIM, network, or intrusion monitoringand management platform. That meansvirtualized security products must be in-tegrated into the existing network man-agement and reporting infrastructure,not treated as special cases. No silos. Finally, talk to your vendors. Over the
past few years, several have announcedand even demonstrated products de-signed to provide network security forVMs, only to redirect their strategies, ei-ther in the face of competition from bigboys like Cisco, Juniper, and VMware orafter realizing the technical complexityof the task. “Over time, as VMware hasadded capabilities, other players likeCatbird and Reflex have transitionedaway from doing enforcement into com-pliance,” says Hoff, referring to all-in-one VM management platforms provid-ing monitoring, policy compliance, andauditing rather than Layer 2 or Layer 3virtual network security. Our take is that we’re likely to see
VMware and other major IT vendors,including CA, Hewlett-Packard, IBM,and Microsoft, encroach on this nicheby adding VM management features totheir comprehensive infrastructuremanagement suites.
Kurt Marko is an IT pro with broad ex-perience, from chip design to IT systems.Write to us at [email protected].
[VM SECURITY]
Get This AndAll Our Reports
Our full report on next-generationVM security is free with registration. Download it at informationweek.com/reports/vmsecure
This report includes 16 pages ofaction-oriented analysis.
What you’ll find:
> Breakdown of virtual server security products from Cisco,Juniper, and VMware
> Why VMware’s three-layermodel makes sense
More than 500 millionphishing emails show upin our inboxes every day.While this number pales
in comparison to spam, which accountsfor almost 70% of all email traffic, spamis mainly a nuisance, whereas phishingcan lead to costly security breaches. Phishing attacks, which use highly
targeted emails to induce users to di-vulge passwords or use malware, haveresulted in direct financial losses of sev-eral billion dollars per year in the UnitedStates alone. This is just the tip of theiceberg, as more-targeted “spear phish-ing” attacks can lead to potentially dev-astating security breaches, loss of sensi-tive data, and significant financial losses.
Comparing Apples And OrangesFull disclosure: My company, Wom-
bat Security Technologies, provides afilter tuned to identify phishing attacks,so I have a bias. Most anti-spam andanti virus vendors have repurposedtheir filters to also catch phishingemails. They rely primarily on black-lists of malicious URLs, which typicallyare manually vetted to minimize thenumber of legitimate sites flagged. Butthese lists are always a step behind thebad guys, lagging by at least severalhours and sometimes days. During thattime, spam filters fail to detect manyphishing emails, and brows ers, whichalso rely on these same blacklists, don’tflag many of the malicious websites towhich phishing victims are directed. This lag can be a serious problem be-
cause studies have shown that duringwork hours, half of users who fall forphishing attacks read their email withintwo hours of the time it reaches theirinbox. Ninety percent read their emailwithin eight hours of receiving it. Inother words, a lag in updating blacklistsby just a few hours can be devastating.“Reply-to” phishing emails with no at-
tachments and no links are another typeof phishing attack that anti-spam and
antivirus filters often don’t detect. Thisis due in part to filters’ use of simple “bagof words” techniques that look for emailscontaining words that typically indicatespam, such as “Viagra,” “cash,” and “youwon.” This technique works well atcatching spam but doesn’t effectively dif-ferentiate phishing from legitimateemails, since many phishing emails arecrafted to look like legitimate ones.Performance statistics that vendors
provide when promoting their filtersdon’t make this state of affairs clear.Many of them boast of their ability tocatch “up to 99%” of malicious email,a confusing statement that lumps to-gether spam, viruses, and phish. Phish-ing attacks account for only about0.5% of all email traffic, so even if a fil-
ter catches 99% of malicious email, it’spossible that it still is letting all thephishing messages through. Furthermore, an unfiltered spam
message making it into your inbox can’tbe equated to phishing emails, whichare potentially much more damaging.In other words, spam vendors are oftencomparing apples with oranges. Theyalso don’t tell us how many false posi-tives they flag to reach the 99% per-
formance. False positives are legitimateemails that are tagged as spam and endup in your junk box, forcing you to reg-ularly check junk mail for legitimatemessages. To reach 99% effectiveness,many spam filters require settings thatlead to more false positives, effectivelyreducing the value of the filter becauseof the annoyance factor.
The Most Dangerous MessagesEven with phishing, not all emails are
created equal. People are least likely tofall for high-volume phishing campaignsclaiming to come from well-establishedorganizations such as large banks, ISPs,and the IRS. Targeted spear phishingmessages directed at small groups, suchas employees of a particular department
Read all about software development at Dr. Dobb’s: drdobbs.com
30 June 25, 2012 informationweek.com
Phish Isn’t Spam Phishing is more dangerous, so treat it that way By Norman M. Sadeh
Even with phishing, not all emails arecreated equal. Targeted spear phishingmessages directed at small groups tend to be more effective at fooling recipients.
or even individuals, tend to be more ef-fective at fooling recipients. These cam-paigns have been used to initiate manyof the high-profile security breaches inthe past couple of years, as well as low-profile attacks on smaller organizations. Statistics that simply look at percent-
ages of phishing emails caught, includ-ing the easy-to-detect, high-volumeones, fail to recognize these complexitiesand produce seemingly reassuring num-bers that are skewed toward the leastdangerous types of phishing emails. Focusing on spam and viruses isn’t a
fair assessment of the potential risks.We need benchmarks that reflect thegreater risks associated with phishingmessages, treat them separately fromspam, and test in ways that take intoaccount the importance of timelinessin dealing with phish. Testing a filter’s
response to a phishing attack days orweeks after it was launched isn’t goingto reflect the filter’s true performance.In the meantime, if you’re evaluating
email filters, request trial licenses andevaluate the filters using live email,looking at anti-phishing performanceover several weeks. If you can’t affordto conduct these tests, then ask for in-
formation on how effective the filtersare at catching phish attacks.
Norman Sadeh is a professor of com-puter science at Carnegie Mellon Uni-versity. He’s also co-founder and chiefscientist of Wombat Security Technolo-gies, which provides cybersecurity train-ing software and anti-phishing filtering.
Coding From Within The Echo Chamber Coding and design suffer from the inability to escape our own echo chamber.
informationweek.com/1337/ddj/echo
Disciplined Agile Change Management The best approach depends on the skill of the project owner and the maturity of the dev team.
informationweek.com/1337/ddj/agile
The Parrot Asteroid Development Experience The company behind the AR.Drone has released the first Android-based in-dash car computer.
informationweek.com/1337/ddj/parrot
MORE DR. DOBB’S ONLINE
[DR. DOBB’S REPORT] PHISHING VS. SPAM
Scott Thompson was recently let go as CEO of Ya-hoo for falsely claiming to have earned a bachelor’sdegree in computer science. I need not rehash theevents, which played out in the headlines for sev-
eral weeks, nor need I enter into the ethics of the matter.But I do have to chuckle at Thompson’s choice of embel-lishment: A degree in computer science is probably theone credential in our field that is well defined and easilyverified. Had he instead chosen to claim he was a com-puter scientist or a software engineer, no hedge fund man-ager could have ever ousted him for a false claim.Actually, computer scientist, while still rather unde-
fined, does suggest a course of study in computer science.If you look at the kinds of articles published by computerscientists, they tend to be academic papers explaining re-search in narrow niches. At least, that’s what the field hasevolved into. It might have made more sense for com-
puter science to have evolved into hardware engineeringin computers. As Edsger Dijkstra once observed, “Com-puter science is no more about computers than astron-omy is about telescopes.” And he’s exactly right; the namesuggests a principal focus on the hardware, rather thanon its actual calling, software.While computer science is a poorly defined term, soft-
ware engineering is not. Software engineering is accuratelyexplained in Wikipedia as “the application of a systematic,disciplined, quantifiable approach to the development,operation, and maintenance of software.” As most of youknow, it has come primarily to mean the study of qualityin software. But in an odd historical quirk, a software en-gineer is a title that in the United States can be accordedto most any programmer. There is no formal standard, nocertification is needed, and in almost all cases, the “engi-
informationweek.com
[DR. DOBB’S REPORT]
Software Engineers All!Isn’t that what we’re really doing?By Andrew Binstock
“Software engineer” issomewhat of a conceit, aeuphemism for someone withbetter-than-code-slinger skills.Or does it require even that?
neer” need know absolutely nothingabout software engineering.A look through help-wanted ads for
software engineers shows few openingsthat require anything more than pro-gramming experience. Titles with theword “senior” in them require a
broader range of experience than thosewith the word “engineer.” In the list-ings I examined, I found none—not asingle one—that required experiencein software engineering. As such, thetitle of “software engineer” is somewhatof a conceit, a euphemism for someone
with better-than-code-slinger skills. Ordoes it require even that?
Programmer MetamorphosisSoftware engineer is only the latest
term to undergo this peculiar disconnectfrom the reality it implies. In earlier gen-erations, the title of “analyst” was fa-vored. In the data processing world ofyore, the entry level was “programmer.”When a change of title was needed to re-flect tenure, the programmer was ele-vated to programmer/analyst. Then, ul-timately, he became an analyst. Thismetamorphosis might have implied thatprogramming was an activity the em-ployee had finally left behind. But in fact,most analysts did even more program-ming than their junior brethren. Analysiswasn’t a large part of the job, except in-sofar as some of positions did requireanalysis as an adjunct to programming.While the industry would benefit
from some kind of requirements for pro-gramming titles, I enjoy the looseness ofthe terms because they reflect a uniqueaspect of programming: the value of theself-taught individual. It’s not consideredastonishing that Bill Gates, Mark Zucker-berg, and famous hackers who droppedout of college still succeeded on theirprogramming chops. And it’s not pecu-liar at all for them to discuss program-ming with Ph.D.s in computer science. The industry is based on merit rather
than academic credentials. The second-ary standing of such academic creden-tials bleeds into the employment list-ings, which invariably ask for a com -puter science degree “or equivalent.”The ill-defined equivalent gives plentyof room for candidates with demon-strated coding prowess but lacking theacademic credential. In sum, all are welcome to the party.
With that in mind, I raise my pen to you,dear readers—software engineers all!
You can share a digital version of thisstory and read others by Andrew Binstockat drdobbs.com/andrewbinstock. Write tohim at [email protected].
36 June 25, 2012 informationweek.com
[DR. DOBB’S REPORT] SOFTWARE ENGINEERS
Business ContactsExecutive VP of Group Sales,
InformationWeek Business Technology
Network, Martha Schwartz
(212) 600-3015, [email protected]
Sales Assistant, Salvatore Silletti
(212) 600-3327, [email protected]
SALES CONTACTS—WEST
Western U.S. (Pacific and Mountain states) and
Western Canada (British Columbia, Alberta)
Western Regional Sales Director,
Kevin Bennett
(415) 947-6139, [email protected]
Account Manager, Ashley Cohen
(415) 947-6349, [email protected]
Account Executive, Silas Chu
(415) 947-6330, [email protected]
Account Executive, Rose Lin
(415) 947-6157, [email protected]
Strategic Accounts
Account Director, Sandra Kupiec
(415) 947-6922, [email protected]
Account Manager, Vesna Beso
(415) 947-6104, [email protected]
Account Executive, Matthew Cohen-Meyer
(415) 947-6214, [email protected]
SALES CONTACTS—EAST
Midwest, South, Northeast U.S. and Eastern
Canada (Saskatchewan, Ontario, Quebec, New
Brunswick)
District Manager, Jenny Hanna
(516) 562-5116, [email protected]
District Manager, Michael Greenhut
(516) 562-5044, [email protected]
District Manager, Cori Gordon
(516) 562-5181, [email protected]
Account Executive, Kevin McIver
(212) 600-3036, [email protected]
Inside Sales Manager East, Ray Capitelli
(212) 600-3045, [email protected]
Sales Assistant, Bill Myers
(212) 600-3163, [email protected]
Strategic Accounts
Eastern Regional Director, Mary Hyland(516) 562-5120, [email protected]
Account Manager, Tara Bradeen(212) 600-3387, [email protected]
Account Manager, Jennifer Gambino(516) 562-5651, [email protected]
Account Executive, Elyse Cowen(212) 600-3051, [email protected]
Account Executive, Kathleen Jurina(212) 600-3170, [email protected]
Sales Assistant, Liz Westendorf(212) 600-3157, [email protected]
SALES CONTACTS—NATIONAL
Dr. Dobb’s
Sales Director, Michele Hurabiell(415) 378-3540, [email protected]
District Sales Manager, Steven Sorhaindo(212) 600-3092, [email protected]
SALES CONTACTS—MARKETINGAS A SERVICE
Director of Client Marketing Strategy,Jonathan Vlock (212) 600-3019, [email protected]
Director of Client Marketing Strategy, Julie Supinski (415) 947-6887, [email protected]
SALES CONTACTS—EVENTS
Senior Director, InformationWeek Events, Robyn Duda
(212) 600-3046, [email protected]
MARKETING
VP, Marketing, Winnie Ng-Schuchman(631) 406-6507, [email protected]
Senior Marketing Manager, Monique Kakegawa(949) 223-3609, [email protected]
Promotions Manager, Angela Lee-Moll (516) 562-5803, [email protected]
AUDIENCE DEVELOPMENT
Director, Karen McAleer (516) 562-7833, [email protected]
Subscriptions Subscriptions: informationweek.com/magazine
E-mail: [email protected]
Phone: (888) 664-3332 (U.S); (847) 763-9588 (outside U.S.)
ADVERTISING AND PRODUCTION
Publishing Services Manager, Lynn Choisez (516) 562-5581 Fax: (516) 562-7307
MAILING LISTS
Specialists Marketing Services Inc. (631) 787-3008 x3020
REPRINTS AND RIGHTS
For article reprints, e-prints, and permissions, please
contact: Wright’s Media, (877) 652-5295,
Back Issues Phone: (888) 664-3332 (U.S.); (847) 763-9588 (outside U.S.)
E-mail: [email protected]
BUSINESS OFFICE
General Manager, Marian Dujmovits
EDITORIAL OFFICE
(Fax) 516-562-5200
UBM LLC
600 Community Drive
Manhasset, N.Y. 11030 (516) 562-5000
Copyright 2012. All rights reserved.
UBM TECHWEB
John Dennehy CFO
David Michael CIO
Scott Vaughan CMO
David Berlind Chief Content Officer, TechWeb, and
Editor in Chief, TechWeb.com
Ed Grossman Executive VP, InformationWeek Business
Technology Network
Martha Schwartz Executive VP, Group Sales,
InformationWeek Business Technology Network
Joseph Braue Sr. VP, Light Reading Communications
Network
Beth Rivera Senior VP, Human Resources
John Ecke VP and Group Publisher, InformationWeek
Business Technology Network
Fritz Nelson VP, Editorial Director, InformationWeek
Business Technology Network, and Executive Producer,
TechWeb TV
UBM LLC
Pat Nohilly VP, Strategic Development and Business
Admin.
Marie Myers Sr. VP, Manufacturing
June 25, 2012 37
38 June 25, 2012 informationweek.com
Ask anyone for the top five or10 cloud vendors, and it’slikely that Cisco Systemswon’t make the list. But as I
watched presentations earlier thismonth at the Cisco Live event in SanDiego, I was impressed with whatCisco is doing to turn cloud aspirationsinto something that enterprises can ac-tually use.As he always does, CEO John Cham-
bers went on about listening to cus-tomers. And as he talked about thecompetitor carcasses Cisco has left inits wake, he reminded the audiencethat not many companies are good atspotting market shifts and changing toaccommodate them. I’ve chided Cham-bers before about his listen-to-cus-tomers mantra, doubting they’ve everasked for myriad proprietary standards.
But in the cloud offerings that Ciscodescribed this month, you do see thewants and needs of customers. Hereare three examples.>> Cisco’s Integrated Services
Router—the one that typically goes intoremote offices and other small-need fa-cilities, such as retail outlets—is nowgetting a fully functional UCS card. Pre-viously, Cisco offered a UCS Expressproduct, which was underpowered. UCS is Cisco’s blade server platform,
so with the new full-function E-Seriescard, the ISR can run not only Cisco’sservices, but also your own. Data cen-ter professionals can start VM-encasedapps in the data center and then use atechnology like VMotion to move them
to the remote office. With the USC card, Cisco is giving
customers the sort of private cloud ca-pability that could be a deal changer.Local apps in remote locations can per-form better, and they can show up justwhen they’re needed. Since most ofthese offices will have no IT expertise,the ISR’s proven track record in theseenvironments is critical.>> The second immensely practical
technology Cisco introduced thismonth is its Cloud Services Router.The CSR is a virtual router that runs ina VM. It can be used on the cloud sideof infrastructure-as-a-service/platform-as-a-service to create a VPN tunnel be-tween the cloud instance and your datacenter. If you’re using Cisco VPN prod-ucts, then the CSR will help providedata-in-transit security that’s otherwise
hard to do in the cloud.For Cisco shops, using the CSR
rather than whatever VPN service thecloud provider might have ensures alevel of independence from the cloudprovider. As long as your chosen vir-tual machine is supported, it’ll be afairly easy matter for IT to deploy thesame instances to a variety of cloudproviders.>> Third, there’s Location/ID Sepa-
ration Protocol, or LISP. It’s not new;in fact, it’s been around for a fewyears. But in 2011, Cisco startedLISP-enabling more and more of itsproducts. The intent for LISP is to al-low a device to be assigned one IPnumber and then to use that IP num-
ber from wherever you are. As a practical example, you could
start out watching a video on youriPad, delivered over your home wire-less network, then walk outside, switchto 3G/4G, and then go to a Starbucksand use its wireless without interrupt-ing the video. Cisco has put LISP intothe public domain, and in order for itto be useful, it’ll have to be pervasive.But it’s an important capability in a vir-tualized world. Even if it’s not perva-sive, it’ll have applications—universi-ties, for example, would love it.
Hybrid BoundCisco has overhyped its share of
technologies, but cloud hasn’t beenone of them. Instead, it keeps addingtechnologies that should be very help-ful to those looking to make great useof IaaS and PaaS. Cisco seems to realize that most IT
shops will want a hybrid strategy, as allof these products give a nod to that no-tion. That it took Cisco awhile to offerthem probably has more to do with let-ting customer demand sort itself outthan anything else.If the cloud is a gold rush, then
Cisco intends to make money on it byproviding the shovels and pick axesneeded to do the mining. That ap-proach is smart for Cisco—and help-ful for the customers it’s apparentlylistening to.
Art Wittmann is director of In for ma -tion Week Reports. More than 100 ma -jor reports will be released this year.You can sign up for a free account atinformationweek.com/reports/register.Share a digital version of this story andread others by Wittmann at informationweek.com/artwittmann. Write tohim at [email protected].
Cisco’s Cloud Play: Three Strong Examples
practicalAnalysisBy Art Wittmann
Cisco CEO John Chambers talks a lotabout listening to customers, and this timeit looks like the company really has.
40 June 25, 2012 informationweek.com
Businessdown tofrom the editor
One of the best measures ofan IT vendor’s state of mindand overall competency isits M&A activity. Is it
among the last vendors into an emerg-ing market with an acquisition, over-paying for a second-tier player? Do itsacquisitions add up to something largerthan the sum of their parts? Are itsbiggest acquisitions bold, even uncon-ventional moves, or are they obviousploys to buy revenue, market share,and new customers?
Consider a handful of the most ac-quisitive IT vendors over the last fewyears: Salesforce.com, Oracle, IBM,SAP, Dell, and Hewlett-Packard. Whatdo the companies they’re buying, andthe point at which they’re buyingthem, say about their ability to executeon a long-term strategy? A lot.
Salesforce.com. It’s by far the small-est and most focused of the vendors inthis cluster, and it’s also the fastestgrowing, on track to increase revenue32% this year to about $3 billion. It’sleveraging a series of acquisitions tomove beyond sales force automationinto marketing (Buddy Media), HR(Rypple), and sentiment analysis (Ra-dian6). The common threads: social-media-rich apps on a cloud base. Sales-force is a force to be reckoned with longterm, assuming that it (and its $18 bil-lion market cap) don’t get acquired byone of the following players.
Oracle. Small and focused are hardlythe calling cards of Oracle, which hasacquired about 20 companies since its$7.4 billion purchase of Sun in 2010.Among those far-flung purchases: PillarData Systems (storage systems), Endeca(e-commerce and business intelligencesoftware), FatWire Software (Web con-tent management), RightNow (cloud-based CRM apps), and Taleo (cloud-
based HR apps). Oracle’s commonthreads are its Fusion application suite(six long years in the making, knittingtogether its existing apps with its amal-gamation of PeopleSoft, JD Edwards,Siebel, and other apps) and Exa line ofintegrated hardware-software appli-ances. Oracle’s financial success speaksfor itself. But as my colleague ArtWittmann has written, Oracle’s recentcloud announcement, an attempt to rollup everything from PeopleSoft to Sun toRightNow to Taleo, was all over themap. Oracle may be doing well for itself,but it needs to do better for customers.
IBM. Say this much for IBM: It has acompelling vision, Smarter Planet, andit has acquired early and often to feedthat vision. A prime example is its $3.5billion acquisition of PwC Consulting in2002, a bold move into business con-sulting. Another tenet of Smarter Planetis business intelligence and data analyt-ics, now a core competency that IBMbuilt on top of Cognos, SPSS, Netezza,and a number of smaller acquisitions.More recently, IBM has plowed into thenext major business technology growthmarket, marketing automation, snap-ping up Coremetrics, Unica, and Tealeaf.
SAP. What do Business Objects,Sybase, TomorrowNow, SuccessFactors,and Ariba have in common? Not a lot—other than they were all big SAP acqui-sitions. The Business Objects (businessintelligence) and Sybase (databases andmobile tools) deals have producedworkmanlike results, while it’s still tooearly to say whether SuccessFactors(HR) and Ariba (procurement) will ele-vate SAP into the cloud big leagues afterthe company’s painfully slow start withBusiness ByDesign. An unmitigated dis-aster was TomorrowNow, which SAP ac-quired in 2005 to provide technical sup-port services to licensees of rival
PeopleSoft software. The now-defunctTomorrowNow ended up costing SAPmore than $300 million in legal dam-ages, after it admitted to infringing Or-acle’s copyrights on PeopleSoft software.
Dell. After eschewing acquisitionsduring its first decade, Dell has snappedup a range of mostly data center andcloud computing vendors over the pastseveral years. EqualLogic and Compel-lent placed Dell firmly into storage.Force10 got it into Ethernet switching.SecureWorks, SonicWall, and AppAs-sure beefed up its security. And Clerity,Make Technologies, and Wyse will helpDell modernize customers’ legacy appli-cations. It’s not sexy stuff, but it’s a con-sistent, cumulative strategy.
HP. Last and possibly least is HP,which, on its third CEO in two years, isstill vacillating when it comes to a vision.It parted with $25 billion to buy Com-paq in 2002 and $1.2 billion to buyPalm in 2010, only to plot an exit fromthose businesses last year … only to re-verse course (sort of) this year undernew CEO Meg Whitman. HP shelled outabout $10 billion for content manage-ment software vendor Autonomy and anundisclosed sum for analytics softwarevendor Vertica last year, following thefailure of its internally developedNeoview big data platform and long afterIBM and EMC had acquired marketleaders in that sector. HP won a biddingwar against Dell for storage vendor 3Par,but the $2.3 billion purchase price wasmore than twice Dell’s initial offer. HP isstill trying to make sense of its $13.9 bil-lion acquisition of EDS in 2008.
Rob Preston is VP and editor in chief of InformationWeek. Share a digital ver-sion of this story and read others by himat informationweek.com/robpreston.Write to Rob at [email protected].
What M&As Say About Your Tech Vendor
By Rob Preston
