IBM System Z Update
Shipped 800 zBX with 450 blades
Signed 80 new System z customers
Encourages new mainframe participants with education and recruitment support
Has added Windows to the supported platforms on zBX and URM
Focuses on business analytics workloads with Smart Analytics System 9700 and 7100 alongside its Smart Analytics Cloud
We expect to see Security Analytics addressed in future through its Q1 Labs acquisition
We recently spent some time in London with IBM’s Ray Berard and his team discussing its mainframe impetus. We’re sure you’d like to read more about this leading server platform.
System Z Market Success
Figure 1 shows our assessment of System z revenue and revenue growth by quarter up to Q3 2011 (based on a rolling 4 quarter analysis) and includes major product introductions along the way. We believe System z has had strong success, although its recent revenues have missed peaks at the beginning of 2007 and the middle of 2008. It suffered something of a ‘perfect storm’ in 2008, with the recession cut-backs coinciding with its customers slow down in spending in anticipation of the new machines in 2009. It has spent massively on development of System z, incorporating its impressive technical advances in the current line-up. System z is the most successful of the dwindling number of alternatives to x86 processors in the server area. It’s also well covered by IBM’s Smarter Computing approach, which we have covered extensively in the past.
In the year to September 2011 IBM claims significant success for its System z and associated offerings. In particular:
It shipped over 80 BladeCenter Extension (zBX) units
It shipped over 475 blades into these units
It signed up over 80 new System z clients (although this includes existing users installing a machine in a new location)
We assess System z Mips growth as 40% and revenue, 37% for the annual period to the end of September 2011.
In addition IBM has enjoyed a stronger adoption of System z by partners. In particular:
It now has around 7,000 applications supported, including 3,250 for Linux and 4000 for z/OS
1,200 new and upgraded applications were added to System z in 2010, when it launched the zEnterprise
It has added around 120 new ISV partners
IBM has engaged in a number of activities to encourage the development of mainframe skills among the younger generation. In particular:
It has enrolled 814 schools enrolled in the ‘Mainframe Curriculum’
32,941 students from 17 countries participated in its ‘Master the Mainframe’ contests
It has launched SystemzJobs.com, which connects System z clients, partners and businesses with students and professionals
All of this demonstrates that it is doing more than just holding position with System z in the server area.
Developing zBX And URM Business Analytics Solutions
For those of you not familiar, zBX and URM were part of the original zEnterprise announcement in 2009. IBM’s zBX is a box connected directly to either the z196 or z114. It has a 10GB data connection and 1GB service. Unified Resource Management (URM) capabilities are delivered over the service connection, allowing common systems management between the mainframe and the attached BladeCenter. Currently the attached BladeCenter can have two chassis per rack and up to 14 blades per chassis.
Initially customers were slow to adopt these offerings. We noted at the time that the failure to accommodate Windows would limit adoption. In addition to adding Windows to Linux and AIX as supported operating systems, IBM has also been active in developing specific solutions to increase the value of integrated co-processing. The latest flavour of these has been for Business Analytics solutions. In particular:
Smart Analytics System 9700 – an integration of hardware, software and services based on the zEnterprise 196 platform for large-scale analytics
Smart Analytics System 9710 – a smaller packaged based on the zEnterprise 114 platform for lower-cost analytics
IBM has also launched its DB2 Analytics Accelerator, which uses attached Netazza data warehousing appliances rather than zBX; its users report increased speeds of up to 1,000 times and – in one case – a ROI of 4 months. It also offers the Smart Analytics Cloud, which it describes as ‘a private cloud computing solution for business intelligence and analytics’.
As always with these events we came away with many ideas about developments and the messages IBM is promoting, such as application software cost savings for System z over x86 servers in large deployments, the role System z plays in test and development and production environments. Through its deep idiosyncratic technical knowledge goes further than other vendors in promoting its advantages in ‘total cost per workload’
Some Conclusions – Expect More Workload-Specific Mainframes
Despite IBM’s investment and educational push around mainframes, x86 machines continue to predominate. They are firmly associated with the Financial sector, where we believe 70% of sales take place. IBM has been expansive internationally recently, selling a handful of machines in Africa, but we doubt whether its System z will be considered by many as a general purpose alternative to x86 – certainly not outside large and relatively big medium-sized organisations. It is right to focus on its advantages in lowering the cost of workloads, where the larger the implementation, the larger the savings will be. It is also right to concentrate on producing tuned solutions in the business analytics area to add to the lead it has here in transaction processing. You should expect to see new areas addressed in future, such as security analytics through its Q1 Labs acquisition. The high-speed connectivity between zBX and the mainframe extends the value of association beyond close systems management to clever provisioning of virtual machines. We’re voted before that vertical integration has replaced the horizontal approaches of the past. In the mainframe area IBM’s maturity makes it a leader in business analytics, which HP and others are trying to emulate.
This table outlines the potential components that a company could insure from a cybersecurity perspective.
Photo credit: (Graphic courtesy ASIS International Security Applied Sciences Council)
08 2015 IoT Superball only 55ef1652baed7
The IoT 'Superball' model, pictured above, was developed in cooperation with the Security Applied Sciences Council, ASIS International and The Video Quality in Public Safety Working Group, part of the U.S. Department of Homeland Security Science and Technology Directorate.
Photo credit: (Graphic courtesy DHS)
cyber insurance chart 55ef170fe27f8
This table outlines the potential components that a company could insure from a cybersecurity perspective.
Photo credit: (Graphic courtesy ASIS International Security Applied Sciences Council)
08 2015 IoT Superball only 55ef1652baed7
The IoT 'Superball' model, pictured above, was developed in cooperation with the Security Applied Sciences Council, ASIS International and The Video Quality in Public Safety Working Group, part of the U.S. Department of Homeland Security Science and Technology Directorate.
Photo credit: (Graphic courtesy DHS)
CLICK HERE FOR MORE INFORMATION
CLICK HERE FOR MORE INFORMATION
In today’s interconnected universe, network and sensor outages in one system often have cascading impact on other systems with which they interact. For instance, a communications failure of one of the world’s largest airline carriers affected for not only the travel industry, but also the logistics and distribution of consumer goods. Very recently the failure of a sensor network shut down the largest petroleum refinery in the Midwest, causing the wholesale price for gasoline in Chicago and St. Louis to jump 60 cents per gallon in a single day.
A fault in a submarine optical fiber cable connecting Australia, Guam and Japan also recently failed; however, hundreds of gigabit per second data traffic from the impacted section was switched to alternate paths on an optical fiber ring configuration. If this resiliency had not existed, the outage could have potentially shutdown untold numbers of credit-card purchases, ATM money withdrawals and vital healthcare teleconferencing while awaiting a cable repair ship to reach the site and repair the damage.
And then, of course, there are the deliberate saboteurs. When internal technical issues simultaneously affected operations at two global financial exchanges, communications in the "Dark Web" congratulated the perpetrators on a job well done referencing the institutions by name. Chances are you're not very familiar with this shadowy network of websites often used to sell illegal goods and services. But ironically, the Dark Web itself was shut down recently when someone discovered services protocol vulnerabilities that could reveal the location of supposedly anonymous servers. Essentially, the hackers got hacked.
So what can we do as manufacturers, system architects and users to protect ourselves against such catastrophic events, whether initiated accidentally or maliciously?
Establishing trusted access authentication for IoT devices
According to a recent study conducted by Capgemini Consulting and Sogeti High Tech, the two most significant vulnerabilities in the world of IoT devices are password attacks and identity spoofing. This has led developers to devise better processes for establishing trusted access to the IoT, including server-based authentication.
CLICK HERE FOR MORE INFORMATION
One approach has been to base cybersecurity on server locations that are far away from the devices connected to the Internet – the "things" in IoT. However that method tends to slow down traffic. A faster alternative is to use multi-factor authentication (MFA) which permits multiple servers located closer to the "edge" IP cameras, physical access control panels and/or communications devices to process authorization requests.
Push Notification Services. One of the best examples of these high-performance security processes is the smartphone in your pocket or handbag. Push Notification Services (PNS), a highly efficient and secure remote notification feature for Android, iOS and Microsoft smartphone devices establishes an encrypted IP connection with the PNS and receives notifications over this connection. If a notification for an app arrives when that app is not running, the device alerts the user that the app has data waiting for it. When new data for an app arrives, the provider prepares and sends a notification to the PNS, which pushes the notification to the target device. This process also works with other IoT devices, sensors and even IP cameras.
The PNS establishes peer-to-peer authentication in the IoT sensor identity Transport Layer Security (TLS). The IoT device initiates a TLS connection with the PNS, which returns a digital certificate from the server. The device validates this certificate and then sends its device certificate to the PNS, which validates that certificate. PNS servers also have the necessary certificates, credential authority certificates, and cryptographic keys (both private and public) for validating connections and the identities of providers, corporate servers and IoT devices. This provides a more secure alternative to SSL, especially considering the latest PCI-DSS 3.1 compliance requirements
Whether it is a text message, video stream or complete digital multimedia content (video, audio and metadata), this process to establish trusted identities is the cornerstone of IoT device cybersecurity.
Alternative ways to harden against vulnerability
Looking back at the high-speed submarine cable incident, there’s obviously a need for resilient connectivity to maintain service and protect against attack. Although different transmission modes provide for connectivity, the architecture should also include authentication of the devices on the network. So why not just use "sat-backup" to keep authentication servers connected? The issue is response time agility. The total carrying capacity of a typical submarine cable between the U.S. and East Asia is in the range of terabits per second compared to satellites which typically offer only around 1000 megabits per second. The "Cyber Cloud" operators, governments and enterprises need the ability to quickly deliver differentiated services by activating, on notice, a virtual pool of bandwidth through resilient architecture.
CLICK HERE FOR MORE INFORMATION
Our petroleum example is another case in point. If caught in time, the IoT sensor network responsible for detecting leaking pipes would have notified plant operators in real time to implement a repair. Should a petroleum refinery flow sensor or server come under attack, the usage archives or historical data could be compromised. A cyber-attack on a refinery during peak winter (heating) or summer (automobile usage) periods could be catastrophic. Protecting IoT sensor data in motion is important, but intelligence in the wrong hands can be deadly. This is what cyber resilience is all about: not only protecting the operation and transmission of data, but preserving "data at rest."
The business case for investing in IoT safeguards
We know what we need to do to protect IoT devices. But how do corporations cost-justify investing in these safeguards? The answer is to expose risk management professionals to the daunting consequences of suffering a breach:
class-action lawsuits
regulatory fines, penalties and consumer redress
damaged reputation
data and income loss
With successful cyber-attacks on the rise, up from 11 percent in October 2013 to 16 percent in 2014, according to a recent survey analysis from Heavy Reading, many companies are reaching the point where the cost of deploying in-house authentication servers is well-worth the risk mitigation.
Damage from escalating cyber-attacks has also given rise to a new type of insurance category: cyber security insurance that covers both network security and privacy liability (see table pictured above).
But even with authentication servers and cybersecurity insurance in place, there’s another tough decision for a company to make: whether or not to share their threat intelligence. Does an enterprise keep their name out of the headlines as the yet another victim? Or do they contribute to a safer and secure world by pooling their ideas and strategies on how to combat cybersecurity attacks?
As a leading cyber security consultant recently stated, "When it comes to cyber intelligence, there's strength in numbers."
Creating multiple security layers for everyone
CLICK HERE FOR MORE INFORMATION
The Internet of Things in safety and security represents a networking paradigm where interconnected, smart sensors are powered and protected and continuously generate and transmit data over the internet.
Multiple layers of protection are needed to secure the operational integrity of those IoT sensors. Those layers include:
IoT device structure – This can include the physical housing of an IP camera, as well as a wireless communication antenna and solar energy collection device.
Wireless and Wired Communications – This refers to how the device connects to the local area network via Ethernet, Bluetooth or other connectivity as well connectivity to the internet.
Cybersecurity – The heart of the external, internal cybersecurity and device protection functions, this layer also serves to assist in MFA.
Power transfer – This is where energy for storage is acquired such as wireless charging or energy harvesting.
Energy storage – Primarily this is where volatile data storage and processing functions occur.
Data exchange – This layer performs protocol negotiation and ensures interoperability.
Process and Analysis – This is where metadata analysis, energy management, storage optimization and indexing processes occur.
Data storage – This is where the sensor data from all the "Things" in IoT are archived.
Striking a balance between protection and responsiveness
The trick is to devise those layers of protection without compromising the ease and timeliness of data interchange. Communication, storage, process, data exchange, security and device power are the defining factors in the IoT model structure.
Depending on the urgency of the response required for the event, there may be a need for the device to process certain data internally. In the case of an IP camera, for example, there is metadata that describes size, color, speed, trajectory and timeframe which may be needed urgently. For instance, the license plate of a vehicle associated with an amber alert, an armed robbery or other time-sensitive emergency.
IoT data may statically reside internally, immediately nearby or in mobile objects and IoT data concentration storage points. The data may be distributed widely, but it always must be transmitted and stored securely. The migration or "flow" of IoT data can continue from one secure container to another, until a centralized data store is reached where more sophisticated processing and analysis takes place, like facial recognition or other pattern matching algorithm.
Cyber protection is a joint responsibility
CLICK HERE FOR MORE INFORMATION
Consider the IoT sensor less of a "razor blade" and more of an evolving device and resource. Its most vital part is often its data, which forces us to make important choices about how we handle it: how it is collected, how it is stored, how it is processed and how it is protected.
With this foundation we can expand our use of IoT to a wide range of data types and formats from different data sources, including time and geo-location tags, and global intelligence. By pooling our knowledge about ways to protect these resources we can minimize our vulnerabilities to cyber-attacks even as they continue to evolve.
About the Author: Steve Surfaro is the Industry Liaison at Axis Communications. He is also Chairman of the Security Applied Sciences committee for ASIS International. He can be reached at stevesurfaro@gmail.com.
