technology navigator: September 2007

Tuesday, September 25, 2007

Telecom spending among Asian SMBs to cross $50 bn

SINGAPORE: Small and medium businesses (SMBs, or companies with up to 999 employees) across the Asia-Pacific region outside of Japan (APeJ) are on track to invest US$50 billion on telecommunications equipment and services this year. This is up some 5 percent over 2006, according to the latest study by New York-based Access Markets International (AMI) Partners.

“SMBs look toward telecom operators and service providers to offer telecom services to enable profitable business growth,” says Prasannavadan Gaitonde, Singapore-based analyst at AMI-Partners. “SMBs have to work harder for earning their dollar. They have tighter budgets and need high quality, low-priced telecom solutions and services.”

AMI’s findings reveal that developed markets such as Australia and South Korea, and fast-growing markets like India and China will account for more than 70% of the APeJ telecom spending this year. “The market is witnessing a transition from traditional PBX to IP-based PBX, with most new replacements going the IP way,” Gaitonde says. “While the base switch is going IP, the end points are moving to IP more slowly. This is due to the higher price of IP end points over digital end points.”

In 2006, only 8 percent of desk phones of medium businesses (MBs or companies with 100 to 999 employees) in a mature market like Australia had IP phones. Session Initiation Protocol (SIP) will reduce the price, making such solutions even more affordable. As for Unified Messaging—which can be considered a precursor to the more advanced Unified Communications—only 16 percent of Australia’s MBs are utilizing this service.

“SMBs are as interested in advanced solutions like Unified Communications as large businesses,” Mr Gaitonde says. “The difference is that SMBs have smaller budgets and need higher justification for spending their budgets on such services.”

As services mature and can be provided on a hosted model, SMBs can deploy enterprise class solutions. Once these enterprise class solutions are offered as a service—similar to SaaS (software as a service)—SMBs can adopt them at the right price points. Hosted communication services or managed telephony services can be provided by telecom operators and service providers in partnership with equipment vendors to provide low-cost solutions to SMBs.

Hosted communications or managed telephony services are set to grow more than three times the growth rate of premises-based equipment among SMBs over the next 3-4 years. Equipment vendors, telecom operators, and service providers need to work together to provide such hosted solutions to SMBs across the Asia-Pacific region.

MBs are expanding their horizons and need more connectivity between offices. Thus, spending on wide area network (WAN) services is expected to go up by a huge 24 percent in 2007 over 2006 among MBs. More than one in four MBs in this region is currently connected using WAN. In Australia, more than 75 percent of its MBs are connected by WANs.

“SMBs in the Asia-Pacific will continue embracing new technologies to remain competitive,” Gaitonde says. “Telecom equipment vendors, operators and service providers need to offer products and services using the right model and price points to tap this growing market.”

SMEs must invest in IT in advance of business growth

BANGALORE, INDIA: The National conference on 'Emerging Technology Trends for SMEs' organized by Manufacturers' Association for Information Technology (MAIT) was truly a learning experience for IT managers and representatives of small and medium enterprises (SMEs).

The day-long conference focused on how to maximize the contribution of IT to the core competency of SMEs and drive enterprises to higher performance levels for increased ROI.

SMEs, which are the backbone of Indian economy, need to remain competitive by adopting appropriate and robust technology. It is estimated that SMEs in India are set to spend over $8 billion IN 2007-08 to ramp up their IT infrastructure.

Delivering a keynote on 'Efficiency improvisation for SMEs through IT', Samir Inamdar MD and CEO of Forum Synergies (India) said that SMEs would drive the Indian economy going forward. "The manufacturing SMEs have to grow at a rate which is well into double digit."

Sharing the technology lessons he has learnt over the years as a CEO, Inamdar said that it is important to adopt IT to be globally competitive. He also advised SMEs to invest in IT in advance of business growth.

He also stressed that it is essential for the top management to take ownership of the projects. While regular CEO reviews are a must to sustain focus on the project, planning and system design was critical, he added.

Inamdar also called upon the SMEs to exploit new methods in IT like the hosted models and shared services and urged them to be flexible to in adopting to changes in IT designs.

Deliberating on the topic 'Industry perspective', Ashok Pamidi, director for commercial accounts, SMB and enterprise partners, Technology Solutions Group, HP India Sales Pvt. Ltd. said, "There is a big ecosystem supporting the SMBs today. IT no longer supports the business, it powers the business, more so with the SMBs."

SMEs are growing beyond 24 percent per annum for next three years but the penetration of IT among SMBs is only 17 percent. Adapting to change is the biggest challenge for SMBs, he added.

The event, which provided a common platform for both the SMEs and technology providers in the country, discussed strategies for driving business growth with right IT adoption.

ST chips to be used in Machblue media platform

MONTREAL: Bluestreak Technology, Inc., the developer of the MachBlue platform for mobile phones and digital television, has announced that the MachBlue platform will be using its STi710X family of decoder chips from STMicroelectronics. The MachBlue rich media platform enables enhanced UI and access to Web services including Flash video found on the Internet directly from the STB.

MachBlue also enables the creation in Flash of all these rich media services and takes advantage of the STi710x's computation power and graphic capabilities. This will bring a new level of interactivity and enhanced visual appeal to TV viewers. Bluestreak CEO Paul Forostowsky commented, "STMicroelectronics will demonstrate to operators, OEM's and developers the full capabilities of our platform, paving the way to a better TV viewing experience.''

According to Stefano Groppetti, director of Cable and IP Business Unit, Home Video Division, STMicroelectronics, "The integration of MachBlue into our industry-leading STi710X single-chip HDTV decoder will demonstrate the possibilities to leading consumer manufacturers of offering viewers increased levels of web content via Set Top Boxes, and a richer TV experience through the use of enhanced user interfaces.'' MachBlue offers a large subset of the Flash functionalities augmented with TV centric extensions.

Motorola selects Infineon to develop 3G RF chip

NEUBIBERG, GERMANY: Infineon Technologies AG today announced that it has signed an agreement with Motorola to develop a new multi-mode, single-chip 3G radio frequency (RF) transceiver based on Infineon’s SMARTi UE chip.

The RF transceiver is a core component in a mobile phone or other mobile cellular device; its primary function is to send and receive digital data over the air. As consumers continue to demand more multimedia functionality from their mobile devices, the RF plays a key role in delivering the data speed and signalling needed to support mobile content and services.

Motorola selected Infineon to develop the new RF chip which will address this growing market for 3G services by offering maximum HSDPA and HSUPA performance, efficient power consumption and slim design.

"We are pleased to enter into this strategic relationship with Motorola to create an advanced 3G RF solution based on our leading SMARTi UE chip. The new chip will effectively reduce size and footprint for next generation 3G devices and offer best in class radio performance at market leading system cost," commented Stefan Wolff, Vice President and General Manager of Infineon’s RF Engine Business Unit.

“Global System for Mobile Communications (GSM)-based technologies will be domi-nant for the early forecast period, accounting for just under 70 per cent of all produc-tion in 2006. However, the market is rapidly switching over to 3G-based technologies of various types”, explained Alan Brown, Research Director at Gartner. “The main 3G variant is WCDMA (including HSPA and LTE), and this will be produced in high vol-umes worldwide in 2010, representing 56 per cent of total production.”

Terms of the development agreement were not disclosed.

Technology blesses religion

BANGALORE: Technology has seeped into every aspect of our life and religion, which is important to many, is not spared – or do technological advances bless religion?

Very few miss the Sunday church service. But, one Sunday morning, due to unavoidable circumstances, Stacy Anne Homewood, a Michigan resident, missed the morning service.

Nevertheless, she was glad that she did not miss the sermon.

All she had to do was to log on to Second Life or virtual world, and put on her headphones and attend the service conducted in the ALM CyberChurch by Rev Benjamin Pastor.

Virtual world or Second Life is a 3-D virtual world, developed by Linden Lab, and is entirely built and owned by its users or residents.

In Second Life, users can create their avatars and can explore, meet other residents, socialize, participate in individual and group activities, create and trade items (virtual property) and services from one another.

Religion has not failed to be identified in the virtual world. Residents or believers have built churches, temples, synagogue and mosque in the virtual world.

“This is a not a complete substitute for real life church. But it serves the purpose for those who cannot go out due to various reasons. They can just log into Second Life. I consider this as a real church, just in a pixel form,” says Homewood.

Homewood is an ALM church staff. She is responsible to maintain decorum in the church. If anyone misbehaves she can ‘eject’ them from the church.

“I attend the real church and also attend the service in ALM CyberChurch. By the time service starts in CyberChurch, I would have finished my service in real life. Due to time difference I get to attend both,” says HomeWood.

The residents or users can light candle, kneel and offer prayers to the Lord. Rev Benjamin Pastor conducts morning sermon every Sunday and they sing hymns.

“ALM CyberChurch is the best Church in the virtual world. Sermons are conducted every Sunday morning and also conducts Women’s bible study every Tuesday,” says Mariposa Psaltery, pastor of the Church.

Kalmeri, a regular in ALM, says, “Sunday is a busy day for me and I attend real life morning mass as well as morning sermon in the ALM CyberChurch in Second Life.”

ALM CyberChurch is the frequently visited Church by many residents in Second Life and has over 100 members.

Morning sermon is also conducted in the “Jesus House” another church in Second Life. It is conducted only on Sundays.

Little Enzian, another pious soul says, “Although we have prayer groups during the week. The “live” nature of our sermon, is difficult to do more often, although we’d like to”

Second Life has Krishna temple, Mosque as well as Buddhist temple. The residents or users have built a virtual temple of Lord Krishna. The temple is decorated with flowers, incense sticks and lamps. The resident can sit and meditate listening to the slokas at the background or the resident can listen to Prabhupada talks or bhajans.

So is the case in a mosque or a Buddha Vihara.

Second Life, since its opening in 2003, has grown and today is inhabited by a total of 9,430,051 pious members from around the globe.

Religion, faith that forms a core essence of every individual, finds its way out to be expressed in every other form. Many believers log on to the virtual world to evangelize religion.

The authenticity of the virtual religious ‘places’ is questionable. There are many fake churches and synagogues, aimed at making a quick buck.

This correspondent even came across a Shiva temple built in Second Life, belting out popular Bollywood numbers.

However, a question remains to be answered: Will virtual Gods – irrespective of religion -- bless real men and women?

Bhutan releases Dzongkha Debian Linux

THIMPHU, BHUTAN: The Bhutan government has launched their own version of linux which has been named Dzongkha Debian Linux.

As seen from the name, it is based on Debian and it has been designed around the national language of the country Dzongkha.

It has been designed to co-exist with existing operating system on a computer machine. Users can also use it as a Live CD!

It has been under development over a period of 13 months and the government has spent around US$80,000 on it.

They are now working on addition newer functionalities on it like Text to Speech, Speech Recognition, and Optical Character Recognition.

Interested users could get their CDs for free from the Department of Information and Technology.

It's sad to know that Indian government has shown little interest in Linux except for some rare deployments.

Source: techwhack.com

Microsoft unveils office for Mac 2008

PARIS, FRANCE: The Macintosh Business Unit (Mac BU) at Microsoft Corp. has announced at the Apple Expo in Paris its product lineup for the upcoming Microsoft Office 2008 for Mac release.

The product, Office 2008 for Mac, is the core suite that includes Microsoft Office Word 2008, Microsoft Office Excel 2008, Microsoft Office PowerPoint 2008 and Microsoft Office Entourage 2008 for exceptional productivity on the Mac.

A new combination for Mac users is Office 2008 for Mac Special Media Edition, which features the Office 2008 applications together with the Microsoft Expression Media digital asset management system.

According to release, all versions of Office 2008 for Mac support the new Open XML file format and are Universal applications that will perform natively on Power PC- and Intel-based Macs.

“We built Office 2008 with the unifying goal of making it easier for Mac users to access the tools they need to get the job done — whether it’s creating a brochure for their business, managing their family schedule and finances, or finalizing a presentation to share between Macs and PCs,” said Craig Eisler, general manager of the Mac BU at Microsoft.

He added, “And, of course, Office 2008 for Mac will provide the document fidelity with the 2007 Microsoft Office system that our users need to stay connected with their friends and co-workers on PCs.”

Office 2008 for Mac features a leading suite of applications that Mac customers rely on to get their work completed with office applications and Microsoft Messenger for Mac.

“We’ve worked closely with Microsoft since it launched the first version of Office for Mac more than 20 years ago,” said Ron Okamoto, vice president of Worldwide Developer Relations at Apple. “Office delivers tremendous compatibility across platforms for Mac and PC customers, and we look forward to another great user experience with Office 2008 for Mac.”

Asia, Europe top outsourcing destinations

NEW YORK, US: Asia and East Europe have emerged as the favored destinations for IT and BPO outsourcing, with 19 Asian and 12 East and Central European nations dominating the list of the Top 50 emerging outsourcing cities globally, according to the study revealed by Global Services, a magazine for global sourcing of IT and BPO services and Tholons, an investment advisory firm.

"Global Services sees the Top 50 emerging cities grabbing a much bigger chunk of the global IT and BPO services pie in the next three years," said Juhi Bhambal, editor of Global Services.

The study lists Bangalore, New Delhi National Capital Region (NCR), Manila NCR, Mumbai and Dublin as the top five cities that have established themselves as prime outsourcing cities by servicing the global corporate world for over a decade.

Five cities from India, three cities from China and two cities from Vietnam dominate the top 15 emerging destinations list. The top three emerging outsourcing cities world-wide from India are Chennai, Hyderabad and Pune. Kolkata at number five and Chandigarh at number nine are the other two Indian cities in the list, the report revealed.

The three hot cities for outsourcing from China are Shanghai at eight, Beijing at No. 10 and Shenzhen at No. 13. Vietnam's capital Ho Chi Minh City and Hanoi at six and No. 12 respectively are the other emerging cities to feature in the list of top 15 cities.

Cebu City ( Philippines) at number four, Colombo at seven, Cairo at No. 11, Buenos Aires at No.14 and Sao Paulo (Brazil) at No.15 are the other hot destinations.

The study reveals that the outsourcers consider process maturity, availability of relevant skills and costs in the individual city as the top reasons before deciding on the location for IT and BPO services outsourcing.

Avinash Vashistha, chairman and CEO, Tholons, said, "With the demand-supply gap widening, newer tier II cities will play a critical role in re-engineered globalization models. Destinations will need to provide greater level of cost effectiveness and operational efficiency."

The research ranked the top 50 and profiled the top 15 emerging global cities for outsourcing. These are the ones that may not be top of mind for most companies; but nevertheless are well suited for specific IT and BPO functions. As there are some global outsourcing cities that stand as the clear winners, the study also ranks the top five obvious choices that need no introduction.

Six cities of the Top 50 emerging cities is from India, followed by five cities from China. Brazil, Philippines, USA with three cities, followed by Czechoslovakia, Mexico, Poland, Russia, UK and Vietnam housing two cities each. The top 11 countries offer 32 destinations among the Top 50 outsourcing.

Govt sets deadline for telecom license application

NEW DELHI, INDIA: With the surge in application of new telecom licenses, the Ministry of Telecommunications on Monday issued a statement not to accept new applications after October 1.

This comes in wake of 160 license applications pending at the office of the Department of Telecom (DoT), most of the applications from non-telecom companies.

Non-telecom companies like Unitech Ltd, Parsvanath developers and a number of other players applied for the licenses after the telecom regulatory submitted it recommendations on no cap on the number of operators in each circle.

"India will not accept any new telecom license application after October 1," the ministry statement said.

However, DoT is in a fix with large number of application pending from the existing telecom operators due to scarcity of spectrum.

Speaking to the media, A Raja, Minister for Communications and IT said that the government would come up with a report on the license application in the next 10 days. "The government will be scrutinizing the license applications from the companies seeking for operating licenses. We are looking at formulating new screening guidelines where we need to be selective," Raja said.

However, the Ministry is in talks with the defence forces on the release of spectrum to be allotted for commercial use to ease the current congestion in the network. The minister had earlier informed that the license applications would be cleared once the government has received the appropriate amount of spectrum from the defence.

Nabard aid for new IT complex at Kochi

THIRUVANANTHAPURAM, INDIA: A new IT complex, which will spread across a total area of 4.27 lakh sq ft will get financial assistance to the tune of Rs 50 crore.

The project, being implemented by the Department of IT, Kerala, will take shape at the Inforpark campus at Kakkanad in Kochi. According to National Bank for Agriculture and Rural Development (Nabard) officials, the assistance is part of its Rural Infrastructure Development Fund (RIDF) loan. It is expected that there will be minimum contribution of Rs 60 crore to the nation exchequer when the project is ready for operations.

As any as 50 large, medium and small information technology companies are expected to set up shop at the facility. It is also expected that about 5000 IT professionals will get employment. A major chunk of employment generated would benefit the qualified youth in Information and Technology Sector from rural and semi urban centres all over the state. Besides, about 300 local people are likely to be employed for service related work in and around the project. Nabard had included IT as an eligible activity under the RIDF.

The proposed IT complex is part of the 144 projects being undertaken by the Kerala government. Nabard has sanctioned an amount of Rs 82.25 crore from its RIDF.

Novatium to roll-out Net PC and TV in 3 metros

NEW DELHI, INDIA: After the launch of the Net PC and TV in the national capital, Novatium Technologies is planning to launch it in three more cities within this year.

Speaking to CyberMedia News, Alok Singh, CEO, Novatium said that the company is strongly focusing on expanding to other cities by the year-end. “We are planning to launch in two to three cities. We will be launching in the major cities now,” Singh said.

Launching the Net PC and TV with Mahanagar Telephone Nigam Limited, the company is planning to launch its services in Mumbai soon. “We will prefer to launch in Mumbai next, as MTNL has its network present there,” he added. The estimated capacity to offer subscription in Delhi is around 20,000 users. He said that they have initially rolled out with 20,000 capacity, which will be increased in regard to the market response.

“We are targeting 25 per cent of the customers who own a home PC. We will also be targeting the current MTNL broadband customers in the capital,” Singh added.

It may be mentioned here that CyberMedia News has first reported about the company roll out plans in Delhi.

When asked about the tie-up, RSP Sinha, CMD MTNL said that the PSU is only offering the network connectivity to Novatium to offer the service. He said that it was a non-exclusive tie-up and Novatium can offer its services with other service providers.

Company insiders informed that Novatium is in talks with telecom major, Bharat Sanchar Nigam Limited (BSNL) to roll out this service in other major cities across the country. The company is planning to launch its services in Mumbai and Bangalore within a couple of months.

Saturday, September 22, 2007

IP networks do the trick for video conferencing

BANGALORE, INDIA: Video conferencing is certainly not a new application to enterprise communications users. Room to room video conferencing has grown from its introduction at the World’s Fair in 1964 to a widely deployed enterprise application around the globe. Video conferencing as a general business application however, while promising to become mainstream during the last 50 years, has remained a special purpose application and a niche market.

Yugal Sharma, Country Manager, India & SAARC, Polycom.

Yugal Sharma, Country Manager, India & SAARC, Polycom.

Video conferencing’ inherent benefits, such as facilitating in-depth interaction levels and reducing travel expenses have often been offset by a number of technology and operational issues. Expanded bandwidth and special networking requirements have limited its integration with the enterprise’s overall communication network and made it an overlay application that required special attention and administration.

Today, a number of changes have occurred that are stimulating an increased interest in video conferencing as a mainstream business application. The first change has been the growing deployment within businesses of IP Telephony based upon converging voice and data networks into a single integrated and robust network with enough bandwidth to accommodate video applications.

By creating a networking layer that can easily incorporate video streams into its transport mechanisms, the move to IP networks has broken down one of the technical barriers to broader deployment of video conferencing.

A second change enabled by IP Telephony is the ability to set up sessions that can carry multiple media streams while using telephony and windows based interfaces to achieve click-to-dial video conferencing setups between parties on the conference. Multi-party conferences can also be set up using video bridge technologies in a similar fashion.

A final factor that is facilitating a leap in the ease of use for video conferencing is the incorporation of SIP enabled presence within soft phone applications. This technology allows users at their desktops trying to set up a video conference to know if the person they are connecting to has the ability to enable a video call from their end.

Video conferencing can be easily added to a voice call by simply activating the video application on each end of the existing call.

The migration to IP Telephony along with the incorporation of standards based interfaces to other applications promises to open the door to a rapid expansion of video conferencing. Ironically, video conferencing is being discovered as a “new” IP enabled productivity application.

In addition, the extension of business telephony features to video endpoint devices makes video calling as natural as voice calling, while providing enterprise class call handling capabilities and scalability. For example, users now can have the ability to setup a call coverage path for a video call in the same way and with the same capabilities as a voice call.

If somebody calls on a video endpoint and the called party is not at their desk, a coverage path would direct the call to voicemail or a coverage assistant. The system can recognize whether the receiving endpoint (i.e. voicemail system or coverage assistant) has video capabilities and if not, the call would fall back to a voice only call. Easy call set up and coverage features had not been available for video until now.

The ability to expand video conferencing to any IP Telephony connection has the potential to deliver substantial business and employee productivity value to enterprises. Extending video interaction to employee conferences can make sessions more focused, productive and potentially shorter as clarity and real time decision making are facilitated.

Customer Requirements for a Video Telephony Solution

While the convergence of technology trends has enabled the arrival of mainstream video conferencing application, to achieve mass acceptance and deployment, communications applications providers will need to address requirements at three levels.

The next generation of video conferencing will have to address overall business drivers, cost and manageability requirements of an enterprise’s IT group and finally the usability requirements of employees.

No matter how impressive new technology capabilities might be, they need to justify their acquisition of serving enterprise business objectives.

Mainstream deployment of enterprise video conferencing must be built upon business case justification that includes facilitating global business growth, decreasing or offsetting existing business costs, improving employee productivity and enabling virtual business models with highly mobile workforce groups.

The next threshold that must be addressed is the specific requirements of IT decision makers in adopting widespread application deployment. IT Managers require applications that are easy to install, operate and manage.

New applications must also integrate easily with their existing network and leverage that infrastructure, thereby increase its value and payback. Open standards are often a critical requirement for new applications because it facilitates integration and prevents vendor ‘Lock-in”.

Finally, IT managers are concerned about the economic payback for new application deployment that dovetails with enterprise business objectives.

The third set of requirements would be to meet the needs of the employee user community. New technology acceptance and adoption can sometimes be pushed from power user communities who are driving for greater personal productivity tools.

Besides, being simple, easy and convenient to use, the application must also markedly improve personal productivity, enhance working relationships, and lead to faster and more efficient decision making within the enterprise.

Video Conferencing tightly integrated into telephony has the potential to meet the business, IT, and user requirements that will open it up to an impressive adoption rate over the next few years. Thus, moving the application from a specialty to a mainstream productivity tool.

The author is the country manager, India & SAARC, Polycom. Polycom is the provider of unified collaborative communications solutions (UCC) for enterprises.

"Today's attacks are moving beyond phishing and ID theft"

Against the backdrop of increasing attacks on the IT infrastructure, Richard Stiennon of Fortinet feels there is dearth of inhibitors to counter the escalating threats. With attackers becoming more innovative in development of lucrative business models, it is time that organizations beef up their security infrastructure

Given that cyber crimes are on an increase, how have attackers changed their modus operandi? Is cyber crime turning into a lucrative business? If yes, how?
Cyber criminals are expanding their horizons. On the technology front, they are researching and discovering zero-day vulnerabilities in Windows (iFrames, WMF) and deploying them for profit. Cyber crime is truly very lucrative. From the extortion attacks that garner tens of thousands of dollars to credit card thefts which can earn the thief $12 to $100 per stolen credit card, it is huge money.

Cyber criminals are changing their modus operandi to become much more entrepreneurial.

Richard Stiennon
CMO, Fortinet

In the contemporary scenario, who are more vulnerable to attacks? Are smaller organizations also targeted? What about home users, government and other sectors?
Medium enterprises with important web assets such as an e-commerce site that contributes more than 20 percent of their revenue are the most vulnerable. However, the scope of attacks is escalating and even large enterprises should take a fresh look at their risk profiles. In summary therefore, small as well as larger organizations are vulnerable to attacks although the degree of vulnerability could vary.

What is the nature of attacks today? Which part of an organization is more vulnerable? Is it the entire IT infrastructure or network specific?
The entire IT infrastructure is vulnerable. The network only enables the hacker by providing the avenue of attack. Web applications are vulnerable to business process hacking. Credit agencies, export-import and financial transaction sites have all been hit by attackers who purchase limited access and then abuse the underlying business logic to steal more information than they paid for. Employees are vulnerable to social engineering attacks and bribery that could lead to stolen IP and personal data.

Cyber criminals are changing their modus operandi to become much more entrepreneurial.

Richard Stiennon
CMO, Fortinet

Organisations face serious threat from within

BANGALORE, INDIA: Hugh Penri-Williams is a veteran in IT security domain with close to 30 years experience in information security, with particular interest in financial, operational and information systems audits and special investigations including fraud.

Currently working as Chief Information Security Officer (CISO) at Alcatel, Hugh is a prolific presenter and trainer, mainly in India, on IT security issues. His current responsibilities include establishing effective information security policies, procedures and practices to safeguard Alcatel's information and computing assets. He also contributes to the prevention, detection and investigation of fraud and promotes all aspects of business continuity.

Hugh was appointed Information Security Forum (ISF),Chairman in March 2006 and is a Director on the Board of ISF Ltd. The ISF is an international Member-owned body that harnesses the knowledge and experience of its Members to fund, drive and develop practical research on information security

In an exclusive interview with Idhries Ahmad of CIOL, Hugh gives insights about the ISF, the security threats confronting enterprises and the role of CISO.

Hugh Penri Williams Alcatel Please give me little brief about Information Security Forum. How does ISF help in mitigating the security concerns of enterprises?
The Information Security Forum is an independent, not-for-profit organisation, established in 1989. The Information Security Forum, ISF, is recognised as the world's leading Information Security organisation and independent industry authority. Through its members, the ISF brings together and harnesses the knowledge and experience of over 270 major international businesses and government agencies – including 50% of the Fortune 100. The ISF has invested more than US$75 million in providing authoritative, best practice research and guidance for its members. The results of this work represent the most comprehensive and integrated set of reports anywhere in the world on information security and risk management. .

Current ISF projects focus on a wide range of issues including security and legislation, identity management, phishing, patch management, information risk, VoIP and the disappearance of the network boundary.

Another key activity of the ISF is its comprehensive bi-annual Information Security Status Survey delivering an ‘real world' analysis and understanding of information risk and the causes and impact of security incidents. Born out of this work and other research input over 17 years, the ISF has released the latest version of its Standard of Good Practice for Information Security. This includes coverage of topics such as intrusion detection, e-mail security, broadband and wireless communications, PDAs and computer forensics as well as building on other standards such as ISO 17799 and COBIT.

You are a strong proponent of industry wise security standards. Why so? What is the importance of security standards and best practices in maintaining enterprise security?
Security standards always work fine when they are industry wide rather than used in isolated islands. Without standards, and the associated discipline required to implement them, organisations would be in extremely difficult situation when trying to protect themselves from harm. Standards are the fabric that binds together our approach on how best to safeguard an organisation's assets.

It is really difficult as every one comes out with their own security standards. There are close to 20 different security certifications, which is making it extremely difficult for the IT community to decide which one to choose from and why. We at ISF are prompting interaction among members and other like minded bodies to reach to some level of harmonization in IT security standards in the industry.

What are the most critical security threats that enterprises face and they need to be prepared for?
Contrary to common belief, insiders rather than external hackers pose the most serious threats to an organisation's assets. This is because insiders have extensive knowledge about their environment, ample opportunity and probably access to resources, and often motivation stemming from impending layoffs or, in their eyes, lack of recognition and reward. Why, they even get paid by their employer whilst they are possibly engaged in creating harm!. And the absence of IT security policies within the enterprise amplifies the risk manifold that results in many threats creeping into the enterprises resulting in loss of productivity.

Also remote access to enterprise network also expose the enterprise networks to security threats. CISO need to continually do risk assessment so as to check on the threats and attacks that confront the enterprise networks. Security is not at time investment. It is continual process and you should be always look out for any attacks and be prepared for any eventuality.

There are many instances when security issues crop up because of vulnerabilities in the software. How do you look at this? Don't you think software owners should own up to these security breaches if any enterprise encounters?
It really is amazing that the software industry has somehow managed to escape the quality & safety rigors applied to practically every other kind of product ranging from cars to cottage cheese. But the situation is what it is so we have to cope as best we can to find ways of identifying the flaws and then limiting the potential damage stemming there from. This is where the ISF plays a major role by promoting tried & tested solutions distilled from amongst its diverse membership.

You are quite pessimistic about the current state of information security. Your quote “ I don't think we're in any better shape now than we were 20 years ago. In fact, we're in worse shape", exemplifies that. Why is that so?
The number and nature of threats is increasing at a faster pace than our ability to parry them. This is primarily driven by the endemic imperfections in software cited above, the continuous emergence of devices with ever more technical wizardry and their increasing affordability. All of these factors are just what the doctor ordered for certain people itching to exploit those flaws. Take for example latest c ommunications technologies like Bluetooth, WiFi or Wimax. Though they have got the advantage of accessing information remotely, it also has its share of danger with hackers waiting to intercept the data and use it for their own nefarious designs. We have always ready with security plans with regards to emerging technologies and that is very demanding.

You talked about how to continually invest in updating your security shields against emerging threats. But that costs money and it is very difficult for CISO or CIO to convince the management to outline a recurring budget for security of an enterprise. How can a CIO convince the management to give money for a threat which exists but hasn't striked them in the past.
Ans. Let me tell you. It is really a very difficult situation for any CIO or CISO to ask for money from management to prepare shield against security threats. But it is not that difficult as it was some years ago. CEO are now more aware about the security threats confronting enterprises and are more than willing to lend ear to CISO about the emerging threats. The recent news of attacks by on enterprises by hackers has actually made the task on CIO's much easier to convince the management for investment.

However I feel that CIO's have to convince the management the benefits of implementing a security set-up in an enterprise. How it can save the company's , information and intellectual property which are more valuable to companies today than in the past, and therefore need a higher level of protection. R ather than scaring them about what will happen and what not if they are not doing what he wants them to do. Continually communicate with management and keep them updated as to what is happening in the industry and how they need to plan to them. Don't sound a geek. Communicate in a simple clear language.

The approach has to be positive one rather than a negative.

You come to India often, how do you find the security preparedness in Indian enterprises. Do they comply with latest security industry prevalent in Industry.
Ans. It is not a question of will they comply with international security standards or not. They have to. The threat to information systems is universal. Data is as vulnerable in India as it is in other countries. They have no choice because they are working in globalized set-up and are expected to conform to international security standards. And in my interaction with Indian enterprises, I have found that Indian enterprises are quite conscious of security standards and are implementing them continually. The security preparedness of the enterprises is as good if not better if compared to global counterparts. The budget allocated to IT security clearly elucidates this pint. However small enterprises need to work more on security in their networks.

One of the biggest problems for enterprise is how to foresee a threat and come up with a solution? How can an enterprise be able to do that consistently?
I wish the ISF, or anybody for that matter, was able to invent an early warning system for hitherto unknown threats so that we could be better prepared to meet them head-on with confidence and impunity. Nevertheless, we do make best efforts in this respect, for example, experts from some 40 member organisations, including my own, contributed to ISF's Securing VoIP Future Watch Report.

Emerging technologies such as mobiles, VoIP etc come with new set of security issue like SPIT. How can enterprise save from such type of threats?
With VoIP now poised to hit the business market in a big way, ISF believes that failure to address these serious risks may bring voice communications to a grinding halt and result in identify theft and loss of sensitive information. An often-used paraphrase for early adopters of newest technologies is that they are at the ‘bleeding edge'. Well, the ISF is there for its members with antiseptic, Band-Aids and ointment ( not ‘snake oil', I hasten to clarify) to reduce that pain and suffering as best we can. ISF's secure Member Exchange (MX2) website enables them to rapidly seek remedies from fellow members by posting issues of urgent concern, which is of growing importance for their ability to react in a timely and effective manner.

What are the qualities that make a successful CSO/CISO?
Every CSO/CISO should be honest, have integrity, possess good communication skills, gravitas, passion for the job, be a good team players, have good sense of humour, Good team player, have good sense of humour, be thick skinned and have the bounce back ability

Although it might be expected that there would be a strong emphasis on setting strategy, planning and goal-orientation the personal qualities that emerge from an analysis of input from CISOs are characteristic of highly interactive, socially skilled individuals. Honesty, integrity, team working, passion and gravitas are all highly valued personal qualities in general business management and, crucially, all considered necessary for effective communication and leadership.

Sense of humour, being thick skinned and being able to bounce back from adversity are all laudable personal qualities that are considered necessary to survive in the rough-and-tumble of a more competitive general management role – where other competitive and ambitious ‘C' level grade staff are the natural peer and comparison group.”

What sort of awareness campaign is there in Alcatel whereby they are consistently made aware about the security concerns confronting the company?
Every year Alcatel celebrates Information Security Day on its Intranet across all its locations by making available interviews with senior management about why information security is important; creating a quiz with prizes; showing videos explaining threats like, for example, social engineering and how to counter them; providing a free, on-line awareness training course in several languages; best practice guidance leaflets; and pointers to the various policies and standards that apply to particular topics

Hindering threats in the wireless world

The purpose of malware has changed since its inception. It was originally created for bragging rights among what were more or less hobbyists. Crashing computers with pranks was done for fun and glory. Then came the Internet with eCommerce and today it's quite different. Patrk Runald

Today malware is created with a new goal in mind – cold hard cash. Malware authoring is now a lucrative criminal enterprise. No longer is it created by some guy in a basement at 3 in the morning, it's more like a 9 to 5 professional operation.

Changing landscape

Yesterday's malware splashed crank messages across the user's desktop. Today's malware targets vulnerable computers and secretly infects them, converting them into "Zombies" in well-organized BotNets.

These Bot networks of zombie machines are used to push ever-increasing amounts of spam. They are used to attack Web servers in extortion protection rackets. They can also just sit and monitor all of the financial data, usernames, and passwords that come their way – and to send that information to the highest bidder.

So what can be done about it? The obvious answer is to educate everyone and make them mindful of the risks. But this idea stops short unless we can educate all the members of the online community including those joining it for the first time. A second alternative might be a more secure Operating System. Again, this would help but how can an OS protect a user from willingly giving away his credit card details? Antivirus, antispyware software and firewalls are a must of course and will help a great deal but even they can’t protect the online community against all the evils of the Internet.

So, what’s the answer? How about this – catching the bad guys?

Sounds easy, doesn’t it? Unfortunately that’s not the case at all. Just imagine this. A trojan is being developed in Europe. That trojan is being distributed on a website in the US using a vulnerability in Internet Explorer. The same trojan, once installed on a PC somewhere in the world, will connect to a web server in Brazil to download additional components to install, among other things, a keylogger.

That keylogger will send online bank login credentials found on the system to a mailbox in India. The information gathered from the infected PCs is later sold to a person in Spain. Sounds complicated? It is and just imagine the trouble a law enforcement agency has to go through to make an arrest. And if they do, by which countries laws should they prosecute? The above example is a real case and there are hundreds of these cases every week.

Need of law enforcement

So how can the law enforcement agencies around the world become better at what they’re doing, what can we change to make their lives easier? Two words: Training and advice.

The industry needs to further develop the ties it has to law enforcement. The police are the users that need the skills to recognize computer crime and learn how to obtain important information to build a case. Only then will they be able to find and break the weak link in the chain.

We should also create forums and non-profit organizations where private and public sectors can come together and share information with each other. The United State's FBI has a forum like this based in Philadelphia and apparently it works great but we need to do this outside of the US as well. We need to put a stop to the bad guys now, before it gets further out of hand.

About the author

Patrik Runald is a senior security specialist at the F-Secure Security Labs. He has been in the IT security industry since 1995 and joined F-Secure in 1999. Patrik invites any law enforcement agency to contact him for a visit to F-Secure’s Security Lab in Kuala Lumpur, Malaysia for training and advice on how to better spot criminal activities based on malware.

Unified defense is the answer

BANGALORE, INDIA: It is not a simple matter to combat security breaches. In the past, enterprise IT teams used a mix of tools to fight a variety of security problems. However, this approach became costly and unscalable, primarily because it was difficult to maintain the various non-integrated tools. Thus, IT teams began to consider high performance and highly reliable integrated security solutions.

While this has sparked the trend of a growing number of small- and medium-sized enterprises (SMEs) embracing Unified Threat Management (UTM) and related solutions, at high volume locations such as the data centers and demilitarized zones (DMZs) of large organizations, the voluminous traffic demands dedicated, single function threat management devices to meet high speed requirements.

At present, the best approach for distributed enterprises is to combine UTM solutions at branch locations with dedicated high-performance threat management devices at core central sites.

Understanding UTM

While point products can be used when superior performance is of utmost priority, deploying and managing an array of dedicated devices can be very costly. Aside from the initial capital expense to purchase the various units, IT teams may also have to contend with multiple user interfaces and administration tools. Therefore, in most instances when a balance can be struck between performance, cost and manageability, a UTM solution is the preferred choice. However, it is not as simple as merely going out and buying any UTM product. They vary greatly between vendors and a company is strongly advised to carefully consider the different features and technical specifications before risking the company’s infrastructure on a particular security solution.

Uniform quality of functionalities

A UTM device might not have a uniformly high quality set of features. Vendors may simply package together various antivirus, firewall, and Web filtering functions from a range of sources and third-party suppliers. Because of low-cost, or simply bad product design, a UTM device might contain poorly produced technology, ultimately resulting in an end-product with inconsistent quality and unreliable performance.

Because of the crucial role UTM devices play in protecting the enterprise, IT managers are strongly advised to seek the best-of-breed UTM products which offer functions sourced from market leaders to ensure effective defense against breaches.

Comprehensiveness

Having the right UTM product means enjoying a comprehensive range of functionalities, including reactive mechanisms complemented by proactive ones and network-layer mechanisms by visibility and control at the network layer.

A true UTM device should meet the above requirements, as well as have the following specific features: VPN, multi-layered firewall, multi-method intrusion detection and prevention, multi-protocol antivirus, anti-spyware, anti-phishing, anti-spam, and Web filtering.

Virtualization Technologies

An important feature of a robust UTM device is the ability to virtualize. Virtualization technologies incorporated in UTM devices enable administrators to assign different “virtual” UTM devices to different network segments or user groups. The entire system can then be managed through a single interface. This important feature helps administrators cope with different types of access requirements, compartmentalizing user groups and traffic types with their own security policies, in a safe and simple manner. Virtualization essentially simulates having multiple devices on the network, without the overhead and complexity of physically doing so.

Some of the virtualization technologies include:

-- Security Zones. They represent logical sections of the network, segmented into logical areas. Security zones can be assigned to a physical interface, or the entire appliance can be assigned to a virtual system. In this latter arrangement, multiple zones share a single physical interface to lower ownership costs by effectively increasing interface densities.

-- Virtual Systems. This is an additional level of partitioning that creates multiple independent virtual environments. Each of the virtual environments has its own set of users, firewalls, VPNs, security policies, and management interfaces. By allowing administrators to quickly segment networks into multiple secure environments managed through a single appliance, virtual systems enable network operators to build multi-customer solution with fewer physical firewalls and reduced administrative efforts. This reduces both capital and operational expenses.

-- Virtual Routers. This feature enables administrators to partition a single device, which will then function as multiple physical routers. Each virtual router can support its own domains, ensuring that no routing information (and risk of traffic confusion) is exchanged with domains established on other virtual routers.

-- Virtual LANs. They are a logical, rather than physical, division of a subnetwork that enables administrators to identify and segment traffic at a granular level. Security policies can specify how traffic is routed from each VLAN to a security zone, virtual system or physical interface. This makes it easy for administrators to identify and organize traffic from multiple departments and define what resources each can access.

Choices in Web Filtering Approach

Most of the UTM devices available today come with a Web filtering function. But IT managers must make sure which Web filtering approach best suits their organizations’ needs.

Some UTM tools are equipped with external Web filtering which redirects traffic from the device to a dedicated Web filtering server for policy enforcement. Other UTM devices come with integrated Web filtering that enables enterprises to build their own Web access policies by selectively blocking sites listed on a continuously updated database.

No matter which approach one prefers, the UTM device must allow an organization to rapidly deploy the chosen approach. In addition, it must enable IT managers to customize Web filtering profiles by using black lists, white lists, and a number of pre-defined and user-defined categories.

Dedicated Threat Management

Many large enterprises or companies with huge data centers need to deploy additional threat management tools such as firewalls, antivirus gateways and intrusion prevention systems to meet requirements for high capacity and high performance.

Some businesses might also need application- or system-specific threat management products to handle mission-critical applications, specialized security functions or division of ownership and responsibility within a large organization. Examples include email security gateways, Web application security gateways and remote access security gateways.

The author is managing director of Juniper Networks for the Indian region, comprised of India, Sri Lanka, Bangladesh, Pakistan and Nepal

Security 2.0

As Symantec Chairman and CEO John Thompson sees it, the battleground for security has shifted. No longer is it just about the computer or even the corporate network.

Instead, the new challenge is about protecting users' most important assets: their information and their interactions. Providing that protection is at the heart of what Thompson has dubbed “Security 2.0.”

Evolving challenges

Security 2.0 has evolved in response to a dramatically shifting threat landscape. Previous editions of the Symantec Internet Security Threat Report have documented that attack activity has evolved from being motivated by status for technical prowess to being motivated by financial gain. Many of today’s threats are designed to gather information that has financial value to the attacker.

This can include personal information that can be used for the purpose of identity theft (the act of stealing the information) or fraud (using the information to commit fraud).

As the most recent Threat Report observed:
Vishal Dhupar, Managing Director, Symantec India

Vishal Dhupar, Managing Director, Symantec India

The current threat landscape is populated by lower profile, more targeted attacks, attacks that propagate at a slower rate in order to avoid detection and thereby increase the likelihood of successful compromise.

Instead of exploiting vulnerabilities in servers, as traditional attacks often did, these threats tend to exploit vulnerabilities in client-side applications that require a degree of user interaction, such as word processing and spreadsheet programs. A number of these have been zero-day vulnerabilities.

These types of threats also attempt to escape detection in order to remain on host systems for longer periods so that they can steal information or provide remote access.”

People are the new perimeter

Of course, the threat landscape isn’t all that is evolving. So too is the network perimeter. Traditionally, an enterprise’s computer network has been a well-defined entity, with clear perimeters and fixed endpoints throughout. But that was yesterday. Today’s IT network landscape has changed almost beyond recognition:

· Instead of one corporate platform and operating system, companies now routinely mix PCs and Macs with Windows, Unix, Linux, and more.

· At the same time, network usage has expanded to include multiple endpoints beyond the traditional desktop and servers. From laptops to PDAs to smartphones to guest computers, network boundaries have morphed to embrace a new business paradigm.

· Today the physical network perimeter is no longer defined by network devices. Instead, the people using the system — employees, customers, guest users, partners — comprise the new boundaries.

· Technology innovations, driven by pervasive computing, are fueling new business capabilities and business models. Customers, connecting directly to corporate networks, now accomplish transactions that were once completed by corporate employees.

That’s the reality of the online world today. Moreover, customers expect faster access to their information, and enterprises must keep up with growing customer expectations and look for ways to leverage new technologies.

Making it all work

So what makes this new world work? The answer shouldn’t come as a surprise. What makes it all work is confidence. Confidence is the essential component if enterprises expect to realize the full potential that these new technologies bring. And confidence comes only when all those in the connected world believe that their information is protected, their interactions are secure, and the risk of harm is minimal.

According to Symantec’s Thompson, building this confidence demands a new approach, as embodied in Security 2.0:

“At its heart is a realization that the battleground for security is no longer just the device — as it used to be in Security 1.0 — but rather it’s shifted to the information and interactions,” Thompson said recently.

Protecting this information and securing these interactions takes more than bolted-on security. It takes integrated products and services that provide a holistic view into an organization’s security posture. It also takes solutions that identify risks early — so that steps can be taken to mitigate them and prevent an attack. And it entails enabling customers to manage their security events — no matter what products they may already have installed.

As a result, Symantec is building an ecosystem of products, services, and partnerships that will help build a safe and secure connected world that enterprises can have confidence in:

· Symantec Global Services provides expertise and insight to help enterprises balance IT risk against the pursuit of increased business returns.

· Symantec has partnered with Accenture to launch a joint global services initiative, the Accenture and Symantec Security Transformation Services. It combines Accenture’s service capabilities, industry expertise, and business process skills with Symantec’s technology, global security intelligence, and security risk management expertise.

· Symantec’s Threat and Vulnerability Management Program is a framework for processing and prioritizing security intelligence.

· Symantec Managed Security Services provide remote, 24x7 monitoring of firewalls, security devices, and intrusion detection systems.

· Early Warning Services use custom alerts, detailed analysis, and mitigation strategies to produce a comprehensive view of network threats.

· The Symantec Enterprise Security Framework helps protect endpoint systems and corporate information from malicious attack, theft, and leakage.

Conclusion

External threats like phishing, pharming, and identity theft are evolving at an accelerating pace. Criminals and malicious users are no longer focused on PCs or networks; instead, they now reach into the depths of the world’s data banks.

These disturbing trends are introducing new risks to our most valuable asset — information — as well as our interactions that today span dozens of platforms and hundreds of devices. Clearly, a new approach to protecting information and interactions is required.

Security 2.0, which integrates software, services, and partnerships, represents Symantec’s vision for building confidence in today’s connected world. Its goal: the comprehensive protection of business interactions, critical information, and IT infrastructure.

The underdog of security implementation

BANGALORE, INDIA: Information Security Risk Assessment (IS-RA) is identified as the first step for effective security implementation - be it the Information Security Management Systems as per ISO 27001 or NIST SP 800-30 or the OECD Guidelines on Network Security or implementation of advanced security models like Security Process Maturity Model (SPMM).

IS-RA can be defined as a structured approach for identifying, measuring and analyzing security risks – an essential approach to implement any information security management framework in organizations.

“Identifying” includes the process of identifying the critical assets and their threats while measuring includes the process of prioritizing the risks based on the impact of possible outcome and probability of that event (generally into High/Medium/Low) and analyzing risks includes the strategy for prioritizing risks so that resources are optimally used.

Impact = Threat X Vulnerability
Risk= Impact of outcome X Probability of event of occurrence

Some challenges during conducting a Risk Assessment:

Identification of Critical Assets.

Most security implementers would agree that the biggest challenge of risk assessment is identification of assets in a conclusive manner. The danger of identifying too many assets is that it would consume too much of resources in mitigating with no return on investment. The worst is not identifying a critical asset itself which would, in the end be left unprotected.

The other challenge in identification of critical asset is the process that you would employ for identification itself. This process would involve identification of the right people, who should be involved in the identification, the standard approach for the basis of their identification and the people inside the organization who should able to finalize on the same. It should not end up that each department head gives the list of assets ranging from their mouse to their keyboard as an asset and the CISO consolidates these assets and finally makes a list of assets running into thousands of assets. This would end up making the asset list lengthy with not only impossible to maintain but also making it non-purposeful.

Identification of all threats

The other challenge is, there are so many sources and outcomes of threats. Ensuring that all threats are understood threadbare and are identified is a challenging task.

Measurement of Risks

The common problem faced by organizations is how they ensure that there is uniform and scientific measurement of risks in terms of high/medium or low.

Who decides what is low or high. A risk which is high can be considered medium or low by another person. So how do you ensure the uniformity of assessments? So that it doesn’t have people questioning the entire fundamentals of your results.

Dharshan Shanthamurthy, Chief Consultant SISA Information Security

If you are a security implementer, you could also be complaining of the length of time that you are taking as the project has got into a loop which is quite common and hence making its results obsolete with changing business environment.

You could also be complaining how to keep technology vulnerabilities in the context of enterprise security risk assessments. The list of challenges just goes on.

In my experience, I have seen organizations follow the approach of assets being identified by department managers who have not been given any idea of how assets should be identified. These lists are finally consolidated in an excel sheet running into multiple sheets with number of assets running into thousands.

Such risk assessments is what I term as ‘adhoc security’. This ends up identifying unimportant assets and making the task of maintaining your assets daunting to your security representative. So the solution lies in following a structured risk assessment approach like OCTAVE (Operationally Critical Threat Asset Vulnerability Approach) or NIST SP 800-30 or any other equivalent methodology.

OCTAVE approach is by Software Engineering Institute, Carnegie Mellon University and is one of the most scientific and easily implementable approaches.

Some organizations also implement tools like SMART (Security Management and Risk Assessment Tool) for their security implementation. SMART follows the OCTAVE Criteria and is a multi compliance tool enabling compliance to ISO 27001, PCI-DSS, GLBA, HIPAA, FIDS, etc.

The structured risk assessment methodology helps organizations in avoiding the learning curve and having the implementations faster and effective. Tools such as SMART help in your implementation being quicker and efficient. Effective because methodology ensures that you follow the right process and efficient because it saves your precious time in documentation and management of all artifacts during risk assessment. Both SMART and CRAMM help organizations implement ISO 27001. However SMART goes a step ahead by being a multi-compliance tool enabling organizations manage all security compliance standards.

To conclude risk assessments should not only be a document giving deep insight into you risks but it should determine the level of controls required for mitigating the same. Hence it should be purposeful and not merely a document created for certification purposes.

The author is Chief Consultant in global security audit firm SISA Information Security holding CISA, CISSP, OCTAVE Trainer/Advisor, CEH certifications. He can be reached on dbs@sisa.co.in

Security: Beyond anti-spam tools

NEW DELHI, INDIA: Email was the killer app of the Internet, but now it seems to be killing the bandwidth, thanks to spam. While its impossible to completely get rid of spam, you can reduce it by following various measures.

One is rules based blocking, which is not sufficient because spammers will always find new ids, subjects, and body text to send you spam. The next level is using anti-spam software at the client as well as servers level. These tools use sophisticated algorithms to filter spam, and also keep updating their filters with fresh rules.

You can also subscribe to DNS blacklists, such as mail-abuse.org and spamhaus. org, which keep a list of known spamming domains. Even these measures are not enough. To fight spam effectively, its also important to know how it is generated and spreads. Plus, you also need proper anti-spam policies.

How Spam is Generated

It all starts when spammers manage to get hold of your email address. The most common way is when you register with a website, perhaps to download software or purchase a product. The website could belong to a spammer, or it might be in the business of selling its mailing databases. Either way you figure in the spammers list and start receiving unsolicited mail. Subscribing to newsletters is another common cause of spam.

You could do it unknowingly or worse someone else subscribes you to mailing lists. In such a case, you could either ignore the deluge of mail or check out the websites (if they have one) of each newsletter for legitimacy. This is important because most spammers provide an unsubscribe link in their email. If you try to unsubscribe from the link, then the spammer gets a confirmation of your existence, and starts sending you even more spam. So as a rule of thumb, dont fall for the "unsubscribe" bit in spam mail.

Its also important to know about Web bugs. These are clear or transparent graphic images, merely 1x1 pixel in size that can be placed in email or Web pages. These are used to monitor the usage patterns of websites or email.

While the Web bug points to the website from where the image has to be downloaded, it also sends information about the users machine to the website. This information can be the IP address and the Web browser used of the machine. Spammers can use Web bugs to confirm the presence of an email address so they can continue spamming. Web bugs use cookies for sending back information, so blocking cookies can stop Web bugs from sending your personal information.

Some Useful Anti-spam Tools

yMail :
yMail is a stand-alone, portable email client with integrated spam-tackling capabilities good enough to make it one of the contenders in our shootout. The portable bit means that you can carry it around on a USB drive as it can be configured to store mail, contact information and the likes in the same folder as the program files. You can download this from www.spacejock.com/yMail.html

SpamAware:
This tool is very similar to SPAMfighter in terms of look, feel and functionalityinfact we had to closely re-examine the two to really appreciate the differences. For example, its default behavior is to mark junk mail by adding a prefix SPAM to the subject, while SPAMfighter moves it to a folder it creates. Of course, you can then create a filter in your e-mail client to move all mail with a prefix SPAM to trash else you desire. You can download it from www.jam-software.com

SPAMfighter
SPAMfighter sits inside Microsoft Outlook and Outlook Express, and monitors incoming mail on all accounts.It compares the mail against locally configured blacklists and whitelists as well as rules that are periodically downloaded from a central server. Mails that are identified as spam are moved to a separate folder within Outlook/OE, which you can browse later, if necessary, to ensure that no useful mail was junked and/or clean the folder. You can get it from www.spamfighter.com

Mailwasher Free/ Pro
Mailwasher is like an e-mail popper with advanced spam filtering capabilities. You set up an e-mail account just like in an e-mail client and it downloads the mail headers for you to preview, while marking the spam it can identify. The free version identifies spam using built-in filters and, of course, allows you to manually mark spam. it is available freely at www.mailwasher.net

Letterman Spam Control Pro
This is perhaps the most feature rich tool amongst the ones we gave a run during the shootout. It can operate in multiple modesas a standalone popper to filter out your mail before download which you can use, say, at the start of the day when youre checking mail for the first time.

And for the rest of the day, you can use it as a proxy server, an intermediary between your email client and server that not only filters out spam but also blocks hostile links in other email. You can get it from www.whatlink.com

Fighting Back
Spammers use clever techniques to avoid getting caught, such as IP spoofing, using drop boxes and free email websites, finding open relay servers, and using spamming tools.

So you may not be able to find out who is spamming you, but you can always find out enough to do something about it. Spam mail headers come to the rescue as they can reveal useful information about the spammer. You can reach the mail header by choosing the e-mails properties.

The mail header usually tells you the route that the mail has followed to reach you. In this, look for the IP addresses or domain names in the "Received" lines. There are two to three such lines that show which ISPs have relayed the message. The first line will say "Received from by yourISP.com.

Ignore the second address as thats your own ISPs domain. The first will be the ISP who relayed this message to you. Next look at the second "Received" line. This will most likely be the ISP where the spam originated.

Once you know the ISPs who relayed spam to you, the next step is to lodge a complaint with them about the spammer. You need to find out the ISPs contact information like email ids and phone numbers. The most effective way of doing so is by using tracing tools. These track the entire path used by an email to get to your mailbox.

They can also give complete information about all ISPs found in this path. This information can include the ISPs complete name, whos it registered to, phone and fax numbers and the contact email id. There are also some free websites that can give you this information. Many ISPs provide a separate email id that you can use to send them headers of all the spam mail youve received through their servers.

While the process is simple, it may not be easy to execute, simply because theres too much spam. Therefore, this process is better suited for companies who can use dedicated staff for the job, rather than individuals wasting time on it.

Also take measures to avoid getting unwanted subscribers. They can send an email to new subscribers to check if they have actually subscribed or not. This mail should mention that only after the subscriber responds to the mail would they continue sending newsletters in the future. Those who dont respond would be removed from the list.

Gelsinger of Intel speaks on high-tech industry's rapid design cadence

INTEL DEVELOPER FORUM, San Francisco, USA: Intel Corp. executive Patrick Gelsinger gave a variety of updates on Intel's work with the industry on the company's processors, surrounding technologies and "tick-tock" design cadence, including new details on Intel's upcoming 45nm products. He also discussed the industry's recent moves in energy efficient computing, virtualization, broad range of software enabling, as well as recent system architecture initiatives spanning the popular USB interconnect to upcoming lead-free products for the company's Intel® vPro desktop PCs.

"Intel's development model and cadence is a predictive, efficient and effective way to deliver products and provide the industry with an exciting computing roadmap in our relentless pursuit of Moore's Law," said Patrick Gelsinger, senior vice president and general manager of Intel's Digital Enterprise Group, at the Intel Developer Forum in San Francisco. "In addition to our processors, we're focused on delivering energy efficiency via design of better, Hafnium-based High-k transistors as well as enhancements in overall system level architecture to minimize the computer's energy usage."

During his speech, Gelsinger showed the first-ever Intel 45nm High-k metal gate next-generation microarchitecture (Nehalem) dual processor server that uses the element Hafnium instead of silicon in portions of the 700 million-plus transistors inside the processor die, which is about the size of a postage stamp. Nehalem is the codename of a new processor microarchitecture arriving in 2008 that will provide up to three times the peak memory bandwidth of current competing processors. He also showed broad industry support for the Intel QuickPath Architecture. The QuickPath Interconnect provides high-speed data paths to Nehalem's processor cores.

In addition to compute performance and memory bandwidth, Intel continues to provide leadership in I/O when Gelsinger announced the formation of the USB 3.0 Promoter Group. This revolutionary architecture will use a single connector and cable delivering over 10 times the performance of USB 2.0 while preserving backwards compatibility to more than 2 billion existing USB devices.

Along with Intel, the promoter group has been formed with HP, NEC, NXP, Microsoft, and TI. USB 3.0 will be the first I/O interface to include support for both optical and copper interconnects, scalable protocol, and energy efficiency optimizations for use in the PC, consumer electronics, and mobile segments.

Gelsinger reviewed Intel's QuickAssist Technology and its escalation of industry product development. QuickAssist Technology, first disclosed at the IDF in Beijing in April, is Intel's suite of hardware and software technologies addressing the unique requirements of accelerators in enterprise platforms. He reviewed the first Intel device to include the Intel® QuickAssist Integrated Accelerator for cryptography, codenamed Tolapai.

With availability targeted for 2008, Tolapai – a system on a chip – will deliver significant improvements in power-efficient performance and form factor with up to eight times the IP Security throughput, up to 20 percent reduction in power, and up to a 45 percent smaller footprint over previous multi-component security solutions in embedded and communications market segments.

On the heels of the latest-generation roll-out of Intel vPro processor technology, Gelsinger revealed plans to further evolve security and PC management benefits through the 2008 product codenamed McCreary. McCreary will include new halogen and lead-free 45nm dual and quad-core processors, a new chipset codenamed Eaglelake, an integrated Trusted Platform Module (TPM) and a more secure, manageable data encryption solution codenamed Danbury.

Danbury technology builds data encryption and decryption directly into the hardware providing greater protection of encryption keys and allows much simpler system management and key recovery. Intel Active Management technology also enables these operations to occur in "out-of-band" environments, meaning even if the OS is down or inoperable.

Bob Heard, founder and chief executive officer of CREDANT Technologies, discussed how their software security solutions can be improved in the future by leveraging Danbury and vPro technology. Mark B. Templeton, chief executive officer of Citrix Systems, showed how data protection and centralized data management can be balanced with an end user's desire for mobility and a responsive PC experience.

John Fowler, executive vice-president of Sun Microsystems, appeared with Gelsinger and pointed to the virtualization "wave" that Intel and other technology leaders are driving through the industry. Parallels demonstrated how they are taking advantage of innovations such as Intel Virtualization Technology and Intel Trusted Execution Technology to provide protection for virtual environments in future workstations and desktop PCs.

Gelsinger pointed to a wall of computer systems that Intel will deliver to suit most users' computing and cost needs. He showed how customers, such as Paradigm, will use Intel Xeon-based workstations with a new 1600MHz front side bus and Intel software tools to solve scientific problems, such as oil and gas exploration. Mark Barrenechea, president and chief executive officer of Rackable Systems, discussed Rackable's ICE Cube Modular Data Center on Wheels, which has 1400 quad core Intel Xeon servers in a single 40-foot truck container.

Gelsinger also discussed the improvements that solid state disk technology can bring to enterprise server and storage technology for IA platforms. He announced that products delivering substantial improvements in read performance and power savings from Intel utilizing non-volatile memory technology will be available next year.

Gelsinger shared his vision for I/O consolidation on Ethernet and steps to get to a converged network that supports both Fibre Channel over Ethernet (FCoE) and local area networks. In support of this vision, he announced availability of Intel® 82598 10 Gigabit Ethernet Controller now with full support for FCoE solution stack coming in 2008.

Dr.Schumacher takes over as CEO, president of Grace Semiconductor

SHANGHAI,CHINA: The Board of Grace Semiconductor Manufacturing Corporation has named Dr. Ulrich Schumacher as the new president and CEO of the Company, effective September 15th, 2007. Dr. Schumacher will also be a director of the Board of the company.

Dong Yeshun, Chairman of Grace Semiconductor, said: "We are delighted and honoured that Dr. Ulrich Schumacher has decided to take on this role as President and CEO of Grace Semiconductor. Dr. Schumacher enjoys an unrivalled reputation worldwide as one of the best minds and leaders in the semiconductor industry. With someone of Dr. Schumacher's calibre and international stature heading our management team, we are confident that we can further accelerate the process of bringing the Company to the next level."

Dr. Schumacher joined the Semiconductor Group of Siemens AG in Munich, Germany, in 1986, where he held several management positions in manufacturing, engineering and marketing. In 1988, he became Assistant to the CEO and drove Strategic Planning and Alliances. In 1991, he became General Manager of Memory, Chipcard IC and Multimedia Products. In 1996, he was appointed President and CEO of Siemens Semiconductor Group, and in 1998, he became a member of the Board of Siemens AG.

In 1999, Dr. Schumacher led the spin-off of the Siemens Semiconductor Group and successfully brought it public in 2000 as Infineon Technologies. Under his leadership, Infineon Technologies grew significantly, from being the 19th to the 4th biggest semiconductor company in the world, and for several years, it was the fastest growing company among the world's top 20 semiconductor companies. Dr. Schumacher resigned in 2004 and joined Francisco Partners, a private equity firm in

San Francisco, USA, which specializes in high technology investments, as Operating Partner. Dr. Ulrich Schumacher said: "I very much look forward to joining the Grace team as its President and CEO. It is an opportunity I could not resist. The potential of the foundry market remains enormous, and Grace is in an excellent position to become one of the leading PRC companies in this space. I am glad to work in such a competitive environment, and in such a vibrant and dynamic country." Dr. Schumacher has resigned from Francisco Partners but will continue to support it as a special advisor.

Dr. Schumacher is assuming the role of President and CEO from Dong, who will remain as Chairman of the Board. Grace Semiconductor is a specialized semiconductor foundry with a strong focus on high quality services and advanced technologies, including embedded nonvolatile memory, high voltage, and low leakage processes. The Company started operations in 2003 and has been one of the fastest growing companies in the industry. The Company is located in the Zhangjiang Hi-Tech Park in Pudong, Shanghai, and has more than 1,400 employees. Shanghai Alliance Investment is a leading shareholder of Grace Semiconductor.

SoftLayer receives Microsoft Gold Partner Certification

DALLAS: SoftLayer has announced that it has attained the highly regarded status of Microsoft Gold Certified Partner, with certified expertise and service in Networking Infrastructure Solutions, Advanced Infrastructure Solutions, Hosting Solutions Specialization and Storage Solutions Specialization.

The Microsoft Partner Certification program identifies companies who meet exceptional performance levels when delivering solutions built on Microsoft technology. Gold certification is the program’s highest designation.

“This certification verifies that SoftLayer is committed to excellence,” said Steve Kinman, SoftLayer Customer Service Manager. “It’s exciting for us that Microsoft recognizes we have the talent, drive and dedication for providing the expertise that customers deserve and require.”

To receive certification, partner companies must undergo a comprehensive review by Microsoft to ensure that they meet the software giant’s exacting standards. Microsoft reviews many facets of a partner companies’ performance, including customer references and in-house capabilities, requiring multiple Microsoft Certified Professionals to be on staff. “We’re proud SoftLayer not only meets Microsoft’s Gold partner requirements, but exceeds them,” said Mr Kinman.

“This certification does more than recognize what we have done well in the past. It advances what we can do for customers from here forward,” said Sam Fleitman, SoftLayer Chief Operations Officer. As a Gold Certified partner, SoftLayer will be among select companies that have the closest working relationship with Microsoft, giving it top-level access to Microsoft resources and support including a Technical Services Coordinator, Microsoft’s exclusive Partner Knowledge Base and more. SoftLayer will also have advanced access to the beta and pilot programs for Microsoft’s newest technologies. “We will be able to raise our service levels even higher, and let our customers try new technologies before some people have even heard of them,” said Mr. Fleitman. “That’s a competitive advantage that we can directly pass along.”

Canon U.S.A. multifunction devices voted most reliable by SMBs

LAKE SUCCESS, NEW YORK: Canon U.S.A., a leading provider of digital imaging solutions, has announced its imageRUNNER and imageCLASS digital, black-and-white, multifunction peripheral (MFP) series have been named the overall “most reliable” MFPs on the market in a customer study conducted by Industry Analysts. Through an extensive survey of more than 200 enterprise and small- and medium-size businesses (SMB) in multiple industries, Industry Analysts, rated Canon’s devices number one according to feedback on the features users stated they depend on most each day.

Respondents were asked to rate their MFP on a scale of 1-10 with "10" being the best. Averaging scores of nine, Canon has consistently received high ratings in Industry Analysts’ Office Product surveys over the years. With product and solutions offerings for both the corporate and small office / home office (SOHO) settings, Canon’s MFP series have shown great adoption within financial services, legal, retail and healthcare industries, among others.

“Canon U.S.A. has been a leader in the MFP market for years,” said Andy Slawetsky, president, Industry Analysts, Inc. “Based on feedback from customers, anyone in the market for a reliable MFP should strongly consider a Canon device.”

As a central hub for document management in today’s busy offices, Canon's imageRUNNER and imageCLASS MFP series are designed to provide speed, functionality and dependability. With state-of-the-art technology leveraging Canon’s innovative Multifunctional Embedded Application Platform (MEAP) software, the MFP enables customized solutions to meet today’s evolving business challenges including security.

“This distinction confirms Canon’s commitment to providing its customers with reliable, user-friendly and affordable products to help run their businesses,” said Tod Pike, senior vice president, Imaging Systems Group, Canon U.S.A., Inc. “We are pleased that our customers have recognized our ability to meet their needs and we look forward to continuing to partner with them to deliver customized solutions for their business.”

This achievement is included in the 2007 Office Product Analyst (OPA) study, published by Industry Analysts and is focused exclusively on the office automation industry. It shows Canon rated consistently above other MFP manufacturers including Xerox, HP, Konica Minolta, Ricoh, Sharp, Toshiba, and Brother.

Wings Infonet launches Wings e-Biz

HYDERABAD: Wings Infonet Limited, a leading software products company has announced the launch of Wings e-Biz, a suite of business software products.

Wings e-Biz works on current generation technology and offers wide scope, great design, outstanding features and a rich user experience. It is designed for mid-sized businesses which desire to automate systems beyond mere book-keeping and want the computerised systems to help them manage their businesses better.

“With Wings e-Biz, we have brought about a unique suite for businesses, the like of which is not available today. It is neither a traditional ERP system with huge pains and costs of implementation nor a traditional book-keeping software with limited scope. It is a modern suite which helps businesses computerise many functions beyond accounting in an integrated environment, using modern technology. It is designed to help businesses manage their businesses better,” said Ajay Gandhi, Director of Wings Infonet.

The suite offers several products usable by businesses of all kinds. These products are for accounting and inventory, payroll, fixed assets, etc. The suite also offers special products for different industry verticals or special uses – like retail, restaurants, automobile dealerships, Distributor Management, etc.

All products work by themselves, and also seamlessly integrate with each other – thereby giving users the choice of computerising one or more areas of their business, when they desire to.

“The products bring to the users the benefits of current generation technology. The software is completely web-based, allowing users to setup fully online or offline systems across multiple locations. Working on robust databases and on the .Net platform, and with many security features built in, users can now scale up their operations to any level without problems”, he added.

Wings e-Biz offers many unheard of tools and features – the ability to work in any major World Language; a powerful Report Designer; flexible Forms Designer; and advanced features like Transaction Authorisation, MS Office integration, Mobile Devices enablement, etc.

Most importantly, Wings e-Biz products can be deployed within a few days or weeks without having to go through the pain of traditional ERP systems.

The major highlights of Wings e-Biz suite are:

a. Web-based online or offline systems

b. Enterprise-wide product range – with the ability to computerise one or more areas of business

c. Comprehensive functionality – each product is complete for what it does

d. Total Security

e. World Languages

f. Advanced Features on the desktop

The suite includes the following products:

· Wings e-Accounting

· Wings e-Payroll

· Wings e-Asset

· Wings e-Central

· Wings e-Retail

· Wings e-Auto

· Wings e-F&B

· Wings e-Trade

· Wings e-S&D

technology navigator