BUSINESS IT

Microsoft Tech.Ed 2010 network shouldered the load

Stephen Withers — Fri, 03 Sep 2010 08:31:20 +0000

Sydney might have hosted the 'best ever' Olympic Games back in 2000, but Microsoft Tech.Ed 2010 held last week on the Gold Coast was the best ever as far as the event's technology manager Jorke Odolphi is concerned.

Odolphi, who spends most of the year as web platform architect evangelist with Microsoft Australia, told iTWire that the conference was "our best Tech.Ed ever" from an infrastructure perspective. There was zero downtime, and the "wireless [network] was rock solid." Furthermore, feedback from attendees was "overwhelmingly positive."

With around 3000 people at the event, wireless use peaked at around 1300 devices simultaneously connected. "[The network] could have handled three times as many devices," said Odolphi.

A significant change introduced for this year's event was the use of the IPv6 protocol. "We saw a fairly good uptake," Odolphi said, but there was only 23GB of IPv6 traffic compared with 1553GB of IPv4 traffic.

"There's not much content out there to consume [from IPv6 servers]," he explained. For example, while Facebook's main servers are accessible via IPv6, the associated content delivery network is still IPv4 only. So if someone turns off IPv4 and uses Facebook "it looks like a train wreck" according to an anonymous Microsoft engineer.

Active Directory broadcasts plus Google and YouTube access accounted for most of the IPv6 traffic on the Tech.Ed network generated by attendees. Still, "it was a good experiment," said Odolphi.

But there were some network-related issues - please read on.

Odolphi and his team had few problems to deal with during the course of the event. They did spend some time tracking down rogue Wi-Fi access points - attendees were specifically asked not to operate access points (including 3G wireless routers) or ad hoc wireless networks to avoid channel congestion.

There were also a few cases of network misuse such as running BitTorrent, but that was dealt with by identifying the individuals concerned and then sending polite SMS messages asking them to desist. Odolphi's team have some ideas for improving the tracking process next year.

Another change on the cards is to make external routing more diverse. Connectivity to the outside world is via a 500Mbps link from Telstra with a secondary 100Mbps connection from Over The Wire. The latter is normally reserved for use by session presenters and other production traffic, and the Gold Coast Convention and Exhibition Centre's permanent 100Mbps Telstra link is available for failover.

One potential problem that has now been identified is that there is some commonality between Telstra's and On The Wire's upstream providers. For example, all traffic between the event and microsoft.com was routed via Vocus. The Tech.Ed network team are investigating ways of achieving truly diverse routing, but this may require the use of a third provider.

Asked how he felt about reprising his role as event technology manager in 2011, Odolphi said he wouldn't know until early next year if it was going to be his responsibility again, but "I'm looking forward to it."

Skype extends videoconferencing to 10 users

Stuart Corner — Fri, 03 Sep 2010 06:43:10 +0000

Skype has released a new beta version of Skype for Windows that supports videoconferencing with up to 10 participants.

Skype 5.0 beta 2.0 replaces 5.0 beta 1 released in May that brought multi-party video to Skype for the first time, supporting up to five parties (all must be running the new version to participate in a 10 party conference).

Announcing the new version on Skype's blog, Skype's blogger-in-chief, Peter Parkes, said: "The second beta of Skype 5.0 brings a number of changes both outside and in…It welcomes in a fresh new look, as well as increased stability and better quality when making group video calls….

"We’ve also added Skype Home, where you can follow your contacts' mood messages, set your profile picture and mood message, receive account notifications and learn more about using Skype."

Parkes said call quality had been improved and a number of bugs fixed. "his version also includes automatic call recovery, which should help automatically reconnect Skype calls that are interrupted due to network problems."

When the first beta was announced in May, Skype promised videoconferencing support for the Mac version, "later in 2010," but there has been no further news on this.

Social networking and mobile devices call for right policies

Stephen Withers — Thu, 02 Sep 2010 12:32:27 +0000

IT infrastructure provider Dimension Data is advising its clients to formulate appropriate policies about the use of social networking and mobile devices.

Dimension Data senior security consultant Ed Luck said that Facebook presents "a massive attack surface." Part of the problem is that there are more than one million developers and entrepreneurs involved, and Facebook doesn't pre-screen apps - it waits until complains are received and then investigates.

The Facebook API presents multiple opportunities that can be exploited by malware writers. For example, the API is vulnerable to 'man in the middle' attacks between a client and a legitimate application server, and Luck also suggested that it wasn't a major challenge to arrange for the server behind one externally supported app to send a message to another unrelated app (spoofing).

"We have to live through the bad part of the [security] cycle before it stabilises," he warned.

Privacy is another issue, though one that doesn't seem to be taken seriously by most Facebook users. 89% of then use their real name, and 61% use an identifiable picture, Luck said. The problem for organisations is that information available via social networks can be used as an entry vector to internal networks. One example is that such information can be used for spearphishing or social engineering attacks - the more you know about someone, the easier it is to compile an email message that will appear trustworthy because it appears to come from a known source and contains subject matter that might be expected from that person.

Is your company likely to be attacked?, Luck asked. Maybe, maybe not - but he suggested that mining companies are a good example of organisations whose secrets are of great interest to competitors and to certain governments.

And developments like Facebook Places and foursquare reveal people's locations - very useful if you want to pickpocket a particular person's mobile device when they're in a crowded bar, or when you want to be confident they will be away from their desks for a certain period.

So what do you do? Please read on for some of Luck's suggestions.

Simply banning the use of Facebook and similar services is unlikely to be effective. Apart from anything else, the result of prohibition is isolation: if your competitors are engaging with customers through Facebook, where does that leave you?, asked Luck.

The trick, he suggested, is to get the balance right. Information that's open to misuse shouldn't be published unnecessarily, but excessive prohibition can be counter-productive and may be ignored. Acceptable use policies might reasonably include not wasting company time, and not being derogatory about customers. Such policies should also cover the use of personal devices.

Talking of personal devices, Luck described mobile devices - especially smartphones - as "a target rich environment." He noted the discovery of multiple Android apps that request more rights than would be appropriate for the ostensible purpose and then use them for nefarious purposes. The fact that an Android app given rights to read logs has access to information including SMS messages, GPS coordinates, browser history and more doesn't help.

Among other problems with Android are the way old versions of the operating system with less restrictive default permissions are still being shipped by some manufacturers, and the period of vulnerability introduced by the delay between Google releasing a security update and it being distributed by vendors.

Android's not the only problem, Luck suggested, pointing out that techniques used to jailbreak an iPhone can also be used to implant malware.

Non platform-specific issues include mobile applications that expose personal data by failing to erase temporary files after use, web sites that use URL-based session IDs (which can then be abused by malware), and 'split tunnelling' situations caused by tethering a phone to a computer to bypass the corporate firewall (which can open the door to a cross-site attack).

Alcatel-Lucent targets mobile apps market with OpenPlug acquisition

Stuart Corner — Thu, 02 Sep 2010 10:26:57 +0000

Alcatel-Lucent has followed up its acquisition of ProgrammableWeb with the acquisition of mobile software and applications development tools vendor OpenPlug to extend its role in the applications space by delivering a platform where application developers can write an application once that can then be translated to run on any of the five major mobile operating systems.

According to Alcatel-Lucent, OpenPlug's functionality will "enable service providers, enterprises and developers [to] create and deploy applications - in virtually record time and without sacrificing the unique customer experience - across multiple mobile devices and within service provider app stores.

"As a result, applications that had previously only been available on more sophisticated devices such as smartphones, can now be enjoyed by consumers on any mobile device, which opens up opportunities in emerging markets, where low cost mobile phone circulation is highest."

OpenPlug has commercialised, under the ELIPS name, a range of patented technologies that facilitate the development of mobile phones, smartphones and the applications that run on them.

ELIPS Studio is claimed to "offer the first open software development environment allowing independent software vendors (ISVs) to create and deploy simultaneously in record time their mobile applications on iPhone, Android, Symbian, Windows Mobile, Linux and other proprietary systems."

Laura Merling, vice president of Alcatel-Lucent's global developer strategy, said: "This isn't purely a mobile play - the software can be extended to support application development for IPTV set top boxes, game consoles, even the ng Connect LTE Connected Car."

She told iTWire "One of the interesting things that OpenPlug has done is that when you compile the application they use the native operating system for that platform so the consumer experience is the way they expect it to be on every device.

"It takes advantage of the screen size and the interactions you expect. You can't really tell that someone used the same tool to build an app for an iPhone or an Android, and that is something we found really interesting."

CONTINUED

She added, "With featurephones you need a layer of software to be installed on the device. Moving forward our mid term goal is to be able to support mass-market phones based on bada, brew etc in the same way. So that carriers can reach all of their customers' devices.

"The reality is that while the growth for smartphones is there, our customers in Asia Pacific have a huge base of featurephones out there that they want to reach. It's not so much about increasing ARPU as about retaining customers."

Alcatel-Lucent intends to exploit synergies between the OpenPlug technology and its existing offerings, including ProgrammableWeb - acquired in June and claimed to be "the universal source for Web application programming interfaces" - by integrating the OpenPlug offerings into its suite of developer tools.

The OpenPlug toolset will be incorporated into Alcatel-Lucent's Developer Platform and Open API service, "thus broadening the functionality available to service providers, enterprises and developers for the exposure of network assets and the rapid introduction of new services across mobile and Web domains," the company said. They will continue to be offered stand-alone as at present.

"Deploying valuable web and mobile services requires assembling many different pieces from many horizons," said Eric Baissus, CEO of OpenPlug. "By combining OpenPlug's ELIPS Suite and ELIPS Studio technologies with Alcatel-Lucent's platforms and API services, we enable developers and service providers to gather all these pieces in a very efficient and consistent way. This will dramatically facilitate the deployment and the monetisation of the new generation of applications that the market is expecting."

According to Merling, "The move advances Alcatel-Lucent's Application Enablement strategy, which is focused on combining the trusted and secure network capabilities of service providers with the speed and innovation of the Web to provide a richer end-user experience. To those watching our developer platform and service strategy evolve, there is no mistaking how serious we are about playing a leading role in the future of application enablement."

Moreton Bay goes wireless for video surveillance

Stephen Withers — Wed, 01 Sep 2010 11:39:14 +0000

Moreton Bay Regional Council is augmenting its existing surveillance camera system with HD cameras linked by a wireless mesh network.

Link Security Group has been contracted by Queensland's Moreton Bay Regional Council to deploy what is said to be the largest municipal wireless video surveillance network in Australia.

Link will use Firetide's wireless mesh equipment to cover a 130 square kilometre area with 42 nodes. The network will carry HD video from nearly 50 outdoor cameras from Axis.

The Milestone XProtect video management software will be used to monitor the video feeds. The software can potentially be used to integrate Moreton Bay's existing analog CCTV cameras.

"Firetide represents the very best in cutting-edge wireless technology, with its wireless infrastructure mesh optimised for the transmission of surveillance video," said Alex Baulden, senior network engineer at Link.

"The security and reliability of communications were critical, and performance we’ve seen in the field is impressive," he added.

What about the cameras? Please read on.

Wai King Wong, country manager ANZ at Axis Communications said "Where image quality is the key consideration it is important to have full frame rate video streaming so that activities in a scene and fast-moving objects can be easily seen and captured."

"Our HDTV cameras are compliant with the SMPTE standards in resolution, frame rate, colour fidelity and aspect ratio to ensure that a rich viewing experience with excellent image detail is achieved," he added.

Panasonic provides smaller signage plasmas

Stephen Withers — Wed, 01 Sep 2010 07:09:39 +0000

Panasonic has released a new range of plasma displays designed for digital signage applications.

Four new plasma displays from Panasonic include features specifically aimed at the commercial signage market. Flat panel displays are being increasingly used for signage in retail, transport, hospitality, education and other environments.

The new Panasonic screens are available as 42in and 50in units, with HD and full HD versions in both sizes. They are designed for horizontal or vertical mounting.

Features include image enlargement (allowing up to 16 displays to be configured as a 'video wall'), picture-in-picture, and 'advanced dual picture' which allows video to be superimposed on a full-screen PC image.

A serial interface allows remote monitoring of the display status. A range of optional terminal boards allows the displays to be configured in various ways including RGB-through connections, or to provide remote control of connected equipment such as PCs or DVD players.

Prices start at $A1329 for the TH-42PH20W (42in HD) and rise to $2869 for the TH-50PF20W (50in full HD).

The new models join Panasonic's existing 58, 65, 85 and 103in screens.

Skype Connect (Skype for SIP) makes Skype a serious business telco

Stuart Corner — Tue, 31 Aug 2010 09:44:03 +0000

Skype has launched Skype Connect 1.0 - previously available in beta as Skype for SIP - a service that enables a business' IP PBX or unified comms systems to make and receive calls via Skype.

According to Skype, by using Skype Connect, businesses can make outbound calls from desktop phones to landlines and mobiles worldwide; receive inbound calls from Skype-connected users worldwide by placing Skype's 'click & call' buttons on their web sites; receive calls from landlines or mobile phones in the corporate PBX using Skype's online numbers that have been purchased separately; manage Skype calls using existing PBX or UC systems' features such as call routing, automatic call distribution, conferencing, auto-attendant, voicemail, call recording and logging.

Companies using Skype Connect are charged a monthly channel fee of $US6.95 per channel (the number of calls that can be active at any one time is equal to the number of channels purchased). Calls are charged at Skype's standard rates.

Skype Connect has been certified to work with PBX and UC products from Avaya, Cisco, Siemens Communications, SIPfoundry, ShoreTel and others and also works with older TDM PBXs or key systems which can now add Skype through third-party IP gateways from AudioCodes, Grandstream and VoSKY. A full list is available here.

Skype also offers a certification guide and has appointed tekVizion labs as its certification partner.

Skype launched Skype for SIP in beta in March 2009 and opened the beta programme to anyone in December 2009. It now claims to have 2400 businesses worldwide using the service.

With the launch of the commercial version Skype has set up a dedicated customer support facility that includes real-time chat for Skype Connect customers and for Skype Manager administrators.

VARs and system integrators have been enrolled in a new Skype Channel Partner Programme details of which are promised "soon".

Local councils keen to deliver info to smartphones

Stuart Corner — Tue, 31 Aug 2010 06:34:44 +0000

Australia's citizens rely heavily on the services and facilities provided by local councils, and on access to information about those services. Councils embraced the Internet long ago. Now a survey suggests that they are gearing up to deliver to smartphones.

Last month, Brisbane City Council went live with its mobile ratepayer service, www.brisbanecity.mobi and Tweed Shire Council in NSW allows ratepayers to access council information from a smart phone at m.tweed.nsw.gov.au

And Blink Mobile - an Australian provider of a 'platform-as-a-service' claimed to enable the rapid development of mobile business applications - says that 75 percent of local councils in Victoria are looking at strategies that will enable ratepayers to access web-based information from their mobile device.

The findings come from a survey undertaken by Blink Mobile at this month's Victoria Local Government Technology Conference staged in Melbourne.

The survey also found that 38 percent of councils in the state plan to incorporate mobile ratepayer services as part of their overall IT strategies over the next 12 months, according to Blink Mobile.

Blink Mobile director, Darren Besgrove, said: "We're all hungry for information about where we live and work, whether we want to know about the latest traffic reports, which soccer fields are open, when the library closes or when our rubbish is being collected.

"At the same time, smartphones are becoming more popular and data plans are much cheaper, enabling people to converse and communicate with ever richer content. when it comes to all levels of Government it seems to be [local] councils who are more aware of the convergence in consumer behaviour and mobile technology capability, and how that will drive the mobilising of council information for the benefit of their ratepayers."

The survey found that, previously, mobilising council information had not been a top priority with an over-arching perception that the process would be too complex.

Blink Mobile said: "While 29 percent of respondents thought this was the case, an equal percentage of respondents also felt that accessing council information from their mobile device would be too expensive a process and offer a poor return on investment."

However, 96 percent of those surveyed said that enabling field staff to use mobile phones or tablets to access and update intranet systems would add to workplace efficiency, and 77 percent of council respondents said they would favour a single management platform to develop, deploy and manage all their mobile interactions across both ratepayers and staff, as opposed to multiple stand-alone mobile 'point solutions'.

Telstra's 42Mbps Next G broadband goes live

Stuart Corner — Mon, 30 Aug 2010 12:09:20 +0000

Telstra has become the first telco in the world to launch dual carrier HSPA+ services offering downstream speeds up to a theoretical maximum of 42Mbps.

The service is presently available in all capital city CBDs [to within 5km of the CBD] and selected metropolitan areas, associated airports and in more than 100 regional locations. (Telstra's web page devoted to the new service has a link to a list of all areas where the service is available, but the link was not working at the time of writing.)

Telstra is quoting "typical" downstream bandwidths in the range 1.Mbps to 20Mbps. A Telstra video showed the modem delivering around 10Mbps in a number of locations in the Melbourne CBD and iTWire was able to obtain 10Mbps from our office in the inner Sydney suburb of Enmore.

(This was achieved using speedtest.net and a server in Canberra operated by AussieHQ Interestingly the other two available nearby servers, operated by Optus in Melbourne and Sydney, delivered less than half this speed).

The service is being offered at the same price as current Next G broadband services (the modem is available at $0 on a $69 per month 6GB contract, or can be bought for $299). However because of a shortage of supply of the modems, they are being offered initially only to Telstra Enterprise And Government and Telstra Business customers with account managers.

Mike Wright, Telstra's executive director of networks and access technologies, said Telstra had at present only 2000 of the modems, dubbed the Telstra Ultimate USB Modem, but was expecting more shortly. "There is another shipment coming in late September and from then and after that we will have the supply to meet demand forecasts."

He added that, like previous HSPA services launched on Next G, the new service and delivery of the new modem had been made possible only through close co-operation between Telstra, network supplier Ericsson, chipmaker Qualcomm and modem manufacturer, Sierra Wireless.

CONTINUED

John Paitaridis, Telstra's executive director, network products and services in Enterprise & Government, said: "One of the reasons we decided to launch first to Enterprise And Government and Business customers is that clients are saying that their ability to access applications quicker makes a difference to their business and when they start to equate time savings and doing calculations around productivity it does become a return on investment."

Upstream bandwidths are the same as on the present HSPA+ service, for which Telstra quotes "typically 300kbps - 3Mbps." The new service does not have dedicated network capacity: it achieves its throughput by bonding two channels of the existing HSPA+ service. Wright said that, in doing so it achieves greater efficiencies. "Statistically is able to spread the load over the two channels." He was unable to quantify the gain, but said, "We will be measuring this as we deploy more of these devices."

Installation of the software and configuration of the modem is fairly straightforward. The Connection Manager application is stored on the USB modem and installation commences automatically when the modem is plugged in. However there is a trap for the unwary.

However iTWire's Mac had the Sierra Wireless 3G Watcher for an earlier ExpressCard USB modem installed and it had to be removed before the installation process would commence.

The modem has two optional external antennas. These provide path diversity and improved bandwidth, as distinct from the dual antennas that will come with the next generation of HSPA+ which will use two antennas each carrying a separate signal to achieve theoretical downstream bandwidths up to 84Mbps.

Wright said Telstra planned to start trials of that technology in late 2011 and to have it available in its network in early 2012. "We are yet to make any detailed plans for the extent of that rollout."

Commonwealth Bank moves to protect customers' (online) bacon

David Heath — Mon, 30 Aug 2010 09:06:05 +0000

The Commonwealth Bank has announced additional security measures to protect online purchases by its customers. As well as extending the use of secure token support to approved eCommerce sites, the Bank has also instigated an out-of-band payment approval process.

Commonwealth Bank customers shopping at any eCommerce site displaying the MasterCard SecureCode or Verified by Visa logos will now be requested to offer an additional security code to verify the transaction.

Currently, 3.8 million customers are enrolled to use the Bank's NetCode token device or SMS service for existing on-line banking activities and all will be automatically enrolled to use the same token method to verify their eCommerce transactions.

In the case of the SMS service, a one-time code will be sent to the previously nominated mobile phone; that code must be provided as part of the transaction within 30 seconds. The token device, familiar to many millions of Australian online banking users will provide the authorization code whenever the button is pressed.

"Alongside greater peace of mind when shopping online and an additional layer of security in identifying a transaction is taking place by the genuine cardholder, the major advantages of NetCode is that it is not a static password and customers don't have to remember additional passwords," said John Geurts, Executive General Manager Group Security at Commonwealth Bank

Commonwealth bank customers may find further information here.

Out-of-band verification techniques are a good step towards stopping cyber criminals using your credit card, but they are not completely immune to attack. But as one wise sage noted when chased by a tiger, "I don't have to out-run the tiger, I only have to out-run other potential victims."

Thus it is with this level of security - it doesn't have to be perfect, just noticeably better than other methods.

Open Text primes secure social network

Beverley Head — Mon, 30 Aug 2010 08:04:16 +0000

Canadian content management specialist Open Text is edging closer to releasing a commercial version of a system it first trialled at the G20 meeting in Toronto in June, which allowed delegates to communicate and collaborate in a secure social network, sharing information over iPads, iPhones and BlackBerries.

“What you will see in the next month and further on is more mobile access,” said Conleth O’Connell, principal technologist with Open Text, during a visit to Sydney last week. He said that Open Text Social Media had been the platform used at G20 and that the company was now “looking at integrating that into our products.”

Dr O’Connell explained that there was something of a sea change taking place in the way in which enterprises stored and accessed information.

“The focus in the past has been so document centric. But if you took all the books and all the movies of the past and measured the storage associated with that it would be just a fraction of what would be needed for a year of emails and a year of newspapers.

“Then if you look at YouTube you are one or two orders of magnitude higher. The richness of information is growing as an exponential rate and it’s impacting organisations wondering what to do with that,” he said.

Dr O’Connell joined Open Text when the organisation purchased Vignette last year, where he had been chief technology officer. He likens the roles of the two merged organisations as complementary in the way that a restaurant’s wine cellar manager and sommelier rely on each other.

While Open Text had traditionally been in charge of the wine cellar, keeping information secure and properly controlled, Vignette played the role of the sommelier – offering up the right information for use when required.

A key step in that journey toward making useful information available on demand was the release of Open Text’s Semantic Navigation which debuted earlier this month.

The Open Text Content Analytics engine which is at the heart of the product has been developed to extract meaning, sentiment and context from content, and then in turn marries that content to what a customer or prospect is looking for on a website.

It’s key to what Dr O’Connell refers to as the creation of a relevant user experience. He believes it will become more and more important as the “consumerisation” of the enterprise gathers pace.

Where once organisations were content to be custodians of data, they now needed to serve it up to be useful and timely, according to Dr O’Connell.

“When I talk about content analytics and semantic navigation (to clients) the lights come on. But there is still a lot of education to do.” He added that mobility was also having a phenomenal effect on organisations and that Open Text was working on strategic partnerships in the smartphone area.

The challenge for Open Text was to develop tools that would create a “relevant experience”, allow mobile access to the data (including providing tools to let customers develop their own mobile solutions), deal with the increasing richness of media with video increasingly pervasive, and also embrace social media in the enterprise.

He said that it was important that organisations were equipped with tools that allowed them to both use social media, but protect themselves from abuse. In terms of progress to date he said “It feels like what the web was in the 1990s.”

“There is a lot of experimentation, a lot of chaos and some privacy concerns.”

While many organisations were bringing social network tools, such as Facebook or Twitter, into the enterprise there was no overarching management framework. This was something that Open Text was working toward according to D O’Connell.

It is also working on what he described as “tethered syndication” which would use widgets to take a portion of a website and put it into another page. “That’s very much a trend of the future and we are working on widget services and leveraging the visualisation of information.”

IBM X-Force Report says security threats have reached record levels

David Heath — Sat, 28 Aug 2010 12:03:37 +0000

This week, IBM released its half-yearly X-Force Trend and Risk Report - a detailed analysis of the state of security threats and vendors responses to them. Vulnerability disclosures are increasing, as well as the responses to them although the report found that 55% of the vulnerabilities reported in the first half of 2010 remained unfixed by mid-year.

Available here (registration required) the very extensive report can only be very briefly summarised in this short space.

"Threat dynamics continue to multiply and evolve at a furious pace, making it more crucial than ever to look at unfolding trends so we can better prepare our clients for the future," said Steve Robinson, general manager, IBM Security Solutions. "This year's X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities. This underscores the increased focus among our clients to continue looking for security solutions that help them better manage risk and ensure their IT infrastructure is secure by design."

As well as observing a 36% increase in vulnerability disclosures to 4,396 in the first half of 2010, the X-Force team also noted that over half of these remained unfixed by mid-year.

The leading attack vectors remain web-based (55%) with particular interest in JavaScript and PDF files also remaining high. Obfuscation of the attack code is also a growth area.

On a positive note, the report also observes that "In the first-half of 2010, organisations were doing more to identify and disclose security vulnerabilities than ever before. This in turn is having positive effects on the industry by driving more open collaboration to identify and eliminate vulnerabilities before cyber criminals can exploit them."

Interestingly, the report notes a significant decline in phishing but financial institutions remain the top target. "Phishing volume has fluctuated wildly over the past few years. The first half of 2010 has only seen a fraction of the phishing attacks that were seen at the peak in 2009, a decline of almost 82 percent.

"Despite this drastic decline, financial institutions are still the number one phishing target, representing about 49 percent of all phishing emails, while credit cards, governmental organisations, online payment institutions and auctions represent the majority of other targets."

Looking to the future, the report notes two growing technologies that are expected to attract the increased attention of the nasty people.

Firstly, there is Virtualisation. "Questions have been raised about the wisdom of sharing workloads with different security requirements on the same physical hardware. X-Force's vulnerability data shows that 35 percent of vulnerabilities impacting server class virtualisation systems affect the hypervisor, which means that an attacker with control of one virtual system may be able to manipulate other systems on the same machine. This is a significant data point when architecting virtualisation projects." This area was also identified as a potential area of concern with respect to the physical management of the virtualised environments.

Identifying the second area of concern, the report observes, "As an emerging technology, security concerns remain a hurdle for organisations looking to adopt cloud computing. As organisations transition to the cloud, IBM recommends that they start by examining the security requirements of the workloads they intend to host in the cloud, rather than starting with an examination of different potential service providers. Gaining a good understanding of the needs and requirements first will help organisations take a more strategic approach to adopting cloud services."

In both of these areas, it is clear that a race to the "latest and greatest" technologies should always be tempered with a careful analysis if the risks involved.

Sophos: Don’t underestimate the bad guys

Mike Bantick — Sat, 28 Aug 2010 09:38:29 +0000

Security firm Sophos has recently produced its 2010 mid-year Security Threat Report, and whilst many things remain the same, there are plenty of new security vectors for the connected among us to deal with. And with a NBN on the horizon, there may be plenty more of us connected in the near future. iTWire sat down with Sophos AP Managing director Rob Forsyth and Senior Vice President of Worldwide Field Ops, Michael McGuinness to discuss.

If there is one thing that is clear from the latest Sophos mid-year security threat report, it is that traditional attacks on private data are still prevalent. Perhaps the vectors are shifting but figures show Spam, Phishing and Malware are still a major source of worry for security personnel world-wide.

How can this be the case? Why is it that the general public are continually fooled by Spam emails for example? And beyond these basic questions, why don’t people, armed with the knowledge of rising online fraud crimes shy away from using services such as Internet Banking?

Michael McGuiness, Sophos’s Vice President of Worldwide Sales and Field Operations tries to explain “A general observation that we would make is that most people will default towards convenience over security. Though people are aware that credentials could get stolen, and bank accounts compromised creating a situation, at best a huge nuisance and at worst at significant financial loss for them, they are still unwilling to go back to the point where they hand write cheques and lick stamps.”

McGuiness continues, “The same is true in the corporate world, employees of a corporation understand that using an iPhone is not as secure as a Blackberry, they still demand the iPhone. It starts at the top, it’s not somebody sneaking one in at the lower levels of the organisation, and it’s the CEO demanding the ability to use the iPhone to communicate with the board of directors about a critical earnings announcement.”

The Security Threat Report shows that the traditional security attacks are migrating to social networks such as Facebook and Twitter. Since April 2009,moving into 2010 reported Spam attacks reported from social networks increased from 33.4% to 57%, Phishing from 21% to 30% and Malware from 21.2% to 36%. It is clear that criminal activity is moving into the online worlds increasingly populated by everyday internet users.

“The most common way to get infected these days is no longer double clicking on an attachment in an email, but rather following a link to a website,” explains McGuinness “Which is why the social networking vector is becoming more prevalent and prominent. It fools people, if you go to Facebook and up on your news page your best friend says ‘isn’t this cool?’ You don’t necessary think, wait a minute, was his account compromised? And was this sent as a way to entice me to a malicious website? I start to think that way now, but I didn’t necessarily a month or two ago. “

CONTINUED on PAGE 2

McGuinness continues “You look at something and say, is that really what my best friend would have done. You don’t have to go to a website and click on something; you only need to be at the website and malicious code will execute, if you are unprotected.”

The organisation of criminals attempting to get hold of your private information is getting more professional by the year. One way of enticing traffic to malicious websites is no longer simply to present an alluring link, instead malware writers are using current news events and search engine optimisation techniques to simply put their sites at the top of an innocent Google search.

Obviously money is being made by these organisations. “It’s growing, it’s profitable, and it’s much more professional.” Says McGuinness “ I have this vision of a modern malware author-hacker out there is a guy with a lunch box, [access] badge, health plan and a desk. They show up at the office, badge their way in, and spend a day trying to steal your money, punch out, go home and coach the kid’s soccer team.”

“If you ask most people where does most malware come from?” says McGuinness “They would say Russia or China, but you can see from the report that it comes from the U.S.”

42.29% of Malware is hosted in the U.S according to the report, with China at 10.75%, Russia at 6.13% and Germany and France around 4%.

McGuinness is quick to point out that things are changing in China “Even more recently China has dropped much further down the ranking, the suspicion is that Chinese are just stopping out-bound spam. If they determine a high volume spammer is residing in China they just shut down that IP address. So I think China has become a very good corporate citizen of the internet in the last six months.”

CONTINUED on PAGE 3

How can the everyday computer user hope to beat organised crime gangs constantly attacking and probing for digital information?

McGuinness says” We are in a different world. When you were young, you had your parents to teach you when to cross the road safely, cross when there is a green man, not when there is a red man. But who’s teaching our society currently about what is good and bad? We are having to learn by accident. We have the largest social change that has probably ever occurred in our social history, and that change is happening around us right now, legislation is a couple of years behind, law enforcement is a couple of years behind and one of the good elements that isn’t behind is the media. I think you guys are doing a good job publicising what is good and bad whilst our society goes through its learning. “

Thanks Mr McGuiness, but there must be more weapons in our defensive arsenal? McGuiness goes on “The other element other than good legislation and good education is obviously good technology, we are getting better at integrating and making that simpler. The enemy of security continues to be complexity, so bringing together good elements of education, legislation and technology I think we will win the battle one day, but I think we are really only at the start of that process.”

How does a company such as sophos stay on top of new technology in this new world? What are security firms doing to protect the public where a new connected device hits the market every month?

Roby Forsyth, Managing Director for Sophos in Asia Pacific explains” We actually have more people baking in security to new technology rather than bolting it onto the outside, so if you have a new product coming to market and you want the market to perceive it is a good product to use, and you haven’t thought of security then you will not be successful. So that is why Sophos works with so many OEM partners to ensure we bake in their security. I think we are getting better at it, there is a long road ahead but each new product that comes on the market is more secure than its predecessors.”

Michael McGuinness expands on this”Many of our customers are concerned about additional devices that they consider insecure, for example the iPhone, the iPad, however, the concern right now is less about malware and more about information loss. It is very easy for people to carry around huge amounts of information on these devices, and if they are lost, or stolen or somehow compromised then that information is out in the wild, with potentially significant ramifications both in terms of regulatory compliance, IP protection even legal action. We are a company that focus both on malware as well as helping companies with information protection, so we start to put in capabilities into our products that let companies assign policies for different types of device interaction.”

In Australia our (yet to be decided) Government is wrestling with the best options for connecting even more people to the internet, whether it is fibre to the home or some other technology, chances are that over the next few years even more folks will be greater consumers of connected technology than ever before.

CONCLUDED on PAGE 4

Forsyth is also the Deputy Chairman and Treasurer of the Internet Industry Association of Australia and certainly has some thoughts on what the NBN may mean for the country: “ The delivery of high speed broadband to our society, comes with some security risks to those that haven’t been exposed to it previously. I suppose I am keen to see the rollout of any future broadband network have security baked in rather than tacked on.”

Forsyth continues “If we have a disadvantaged community in a remote part of Australia, who has not previously been exposed to the internet, and is suddenly given a 1GB link to their premises, that’s going to be a serious security risk to expose them to the worst of Eastern European crime. It doesn’t matter if that is delivered wirelessly or fibre, whether it comes at 12MB or 1GB, we still have an education process to go through, and if the government are going to get involved in delivering then they must take responsibility for delivering it safely. We don’t build roads without having rules on those roads, without driver education and without standards for seatbelts and air-bags, there is a whole range of things that come together for that kind of safety, and should exist in any type of rollout of a National Broadband Network. One way or another the society will end up with a fast broadband network, the delivery mechanisms will be decided on through government initiatives and commercial realities of what can be afforded, so I have no doubt we will get there, but I want to get there safely.”

Finally, there was a time when one of the selling points for Apple’s range of technology was that it was relatively immune to many security attack vectors.

McGuinness says” Don’t underestimate the bad guys, be very certain that they are in a free market economy, and so they invest their resources where their likely to get the greatest amount of return. Historically Macs were a relatively low percentage of users, especially if one of the objectives might have been to steal corporate information. I would say, in the U.S [today] Macs are fifteen percent of the corporate population, and growing. And those fifteen percent are often contain the most valuable information, because their C level executives or key designers, or creators of intellectual property within an organisation. They are the ones that feel they have the need or the power to say ‘I’m getting a Mac’. As the prevalence of Mac use increases in both the home and the corporate environments, the bad guys are just going to start to target the Mac.”

For further info regarding security attacks in the Australian area, check this former report regarding the Windows XP Cold Calling Scam from earlier in the year.

ACMA takes the measure of the digital economy

Stuart Corner — Fri, 27 Aug 2010 13:17:47 +0000

The ACMA has produced a timely analysis of major developments in information and communications technologies that explores the implications of these changes.

In 36 pages plus a comprehensive glossary and with numerous hyperlinked references the report presents a very useful and concise snapshot of the state of development across a broad range of technologies that will impact the digital economy, and the lives of its citizens.

ACMA chairman, Chris Chapman said the report had been produced "to assist the ACMA, government, industry and the community to understand just how rapid is the pace of technology change, how it is impacting Australia and how we might ensure all Australians reap the benefits.

"The technologies covered in the paper reflect a snapshot in time in what is a dynamic and complex environment," Chapman added. "The paper acknowledges the fundamental role of technologies as the foundation of convergent communications and media services in the digital economy."

The report focuses on developments or relevance to the emerging digital economy since release of the ACMA's "Trends in communications and media technology, applications and use" report in March 2009. The ACMA says it: "offers an opportunity to identify and engage with change and to anticipate the need for possible action by the ACMA.

"This body of work is one part of a broader research programme focusing on technology developments. Other recent ACMA research reports discussing technology developments include the IPTV and internet video delivery models (June 2010) and Community research into attitudes towards the use of mobile payment services (July 2010)."

The report covers Infrastructure - optical networks, wireless, home networks and digital identity management; smart devices and systems and ICT energy efficiency; and the 'digital community' - mobile payment technologies and mobile coupons, the location aware community, web applications and developments in social media.

The first rule of data protection

Stephen Withers — Fri, 27 Aug 2010 10:44:44 +0000

Disaster recovery starts with moving your data off the premises, according to a senior technical specialist.
"Get the data out of the building" is the first rule of disaster recovery according to Jason Buffington, Microsoft's senior technical product manager for System Center Data Protection Manager.

Once the data is being transferred to a second location, you can start working on a strategic plan for disaster recovery. What you really need to avoid is the possibility of a disaster occuring while you're still in the planning stage and your data is still in the building that's been destroyed by a fire or other calamity, he explained.

Buffington suggests there are two distinct sides to data protection. The immediate availability aspect (getting up and running very quickly after a system failure) is built into products such as Exchange, SQL Server and - through Distributed File System Replication and Distributed File System Namespaces - Windows. "The platforms themselves are natively resilient," he said.

Data preservation, on the other hand, is addressed by Data Protection Manager (DPM). Even a very small business can put DPM to good use in a relatively affordable configuration that puts a second server in another location (typically the business owner's home) to provide offsite backup of the primary server and the PCs connected to it.

This sort of arrangement also provides opportunities for hosting providers and channel partners to provide the second server. Companies such as Iron Mountain and JASCO can also be called upon.

CONTINUED

Good disaster recovery planning is important to SMEs because they typically provide 'commodity' services that are available elsewhere. So if a business can't get up and running quickly following a disaster, customers will go elsewhere and may not return. Furthermore, SMEs rarely have deep cash reserves so they can't afford to do without a couple of weeks' revenue or to pay for specialist assistance to get their systems running again.

Even if your IT environment is complex enough to require more than one server, the secondary site may only need to house one or two servers running virtualised copies of the primary servers and therefore needn't be expensive.

Buffington observed that 43% of US SMEs never reopen after a disaster, and another 29% go out of business within two years. This shows the importance of having a system for getting data out of the building and back again as required, he said.

"No one has as much interest in your data and your recoverability as you do," said Buffington, so consider carefully what you will do for yourself and what you will let others do for you in the context of data protection.

If you are using an outside provider as the secondary site, think about the types of disaster you are trying to protect your business against. A building two blocks from yours will probably be adequate if your office burns down, but a cyclone or flood calls for a backup site in another city. But in the case of a disaster on that scale, you probably won't be worrying about being open for business the next day.

Training the key to avoiding software security flaws

Stephen Withers — Fri, 27 Aug 2010 10:40:03 +0000

The same types of exploits have remained the most common for at least three years. Are developers slow to learn?
The Open Web Application Security Project (OWASP) list of the top ten attacks has changed little between 2007 and 2010, while code reviews conducted by Microsoft's internal IT operation reveal five types of flaw that keep cropping up.

"This happens because it [software] is complicated," said Rocky Heckman, senior security architect at Microsoft, explaining that software has a tendency to do unintended and undesirable things.

The five common flaws he sees involve cross-site scripting (XSS), SQL injection, buffer overflows, canonicalisation, and cross-site request forgeries (XSRF).

There are established ways of avoiding these issues, including input validation, stored SQL procedures, managed code, and encrypted unique session IDs, so why do they keep appearing?

"Big organisations are like the Titanic - difficult to turn around," Heckman told iTWire. A general reluctance to touch old code contributes to the problem.

Training is the key - see page 2.

"I wish they'd teach it [secure development practices] more in universities," he said, adding "the best thing you can do for your developers is training."

While elements of Microsoft's Secure Development Lifecycle do have a time impact on projects, they do get you to a better place, said Heckman. Developers at Microsoft say that if their peers can only make one change, it should be to carry out threat modelling.

"The best thing you can do for your developers is training," he said, observing that those who have received training in secure development don't make as many mistakes as those that haven't - though you would hope that was the case.

IT reorganisation reduces cost, improves service at design firm

Stephen Withers — Fri, 27 Aug 2010 07:30:36 +0000

Architecture and design firm Hassell has dramatically improved the effectiveness of its IT operations by reorganising it around a service desk with selective outsourcing.
The company, which has offices around Australia and in several Asian cities, found itself in a situation where it had three separate IT teams - one supporting CAD, another for finance applications, and the third for general IT matters. These teams were competing with each other rather than effectively sharing information, said Bill Rue, Hassell's CIP.

Hassell wanted IT to support the more effective delivery of projects to clients, so Rue was given three weeks to generate a plan to reorganise the operation.

A traditional outsourcing arrangement was not attractive, as Hassell wanted to keep the focus on design. Rue's solution was to set up a service desk operating from 8am to 9pm (reflecting normal working hours in the time zones where the offices are located) with an escalation mechanism for urgent and important after-hours issues. A few IT staff remained in the individual studios to provide on-the-spot support, but most of the team was reorganised around the service desk. In addition, the company appointed regional delivery managers to take care of compliance issues that vary in different countries.

The service desk approach means that Hassell's staff always know who to phoneregarding IT issues. If the person that answers the call can't help, they can find someone that can.

Rue also engaged key vendors to work on a partnership basis to provide additional support as required. In return, Hassell acts as a reference site for those vendors.

"Being a partner means there's no arguing about who owns an issue," explained Wally Eastland, principal operations consultant at Microsoft.

CONTINUED

The changes have allowed the IT group to shift from a break/fix mentality to a service improvement strategy. Projects must meet at least one of three criteria (improve profit and loss, improve corporate reputation, or make it easier for staff to do their jobs), and ideally all three.

A lot of previous break/fix work had gone undocumented due to the geographically and functionally distributed nature of the IT group. Centralising issue management through the service desk has made it possible to identify common problems that can now be fixed systematically.

Another example of the benefits of centralisation is that Hassell previously kept running out of licences for a certain application that was used to produce documents for clients. By rearranging things, the company has been able to halve the number of licences needed.

The group is also better placed to engage with the business (which can see that changes are being made for good reason) and to cater for the needs of each speciality within the group (eg, landscape design or interior design).

Satisfaction with IT has improved, performance and availability has been maintained or improved, and operational costs have been reduced. Costs relating to project delivery have increased - but that's in keeping with current thinking about spending less on 'keeping the lights on' freeing up funds to spend on innovation.

Every IT job at Hassell changed except for Rue's, and he now reports to a director from one of the design disciplines rather than the finance director.

CONTINUED

A number of jobs (and in most cases the incumbents) have been transferred to outsourcers, and in some cases people chose to leave the company rather than work under the new arrangements. The headcount has been reduced from 37 to 25 plus outsourcing, at a "significant saving."

Understandably. the project caused "fear and uncertainty" as people expected the worst. Rue spent a lot of time reassuring his colleagues of the benefits, and the scepticism started to fade as the results began to materialise. Non IT staff were also concerned that support levels would fall if specialists were removed from their studios.

Other benefits include more agile responses to changing business needs, and better prioritisation by the board. Rue explains that he is able to tell the board what IT could do to improve various areas of operation and what the cost would be.

"That's almost nirvana behaviour" for IT to be successful, observed Eastland.

Microsoft Australia makes Meter Maids ‘apology’

Alex Zaharov-Reutt — Thu, 26 Aug 2010 18:55:04 +0000

Microsoft Australia has been forced to apologise for choosing to use the Australian Gold Coast’s “Meter Maids” during its Tuesday-night welcome party, with Microsoft Australia MD Tracey Fellows declaring it “just wrong” and “unacceptable”.

An unexpected brouhaha has erupted during Microsoft Australia’s annual Tech.Ed event concerning the hiring of the Gold Coast’s iconic and skimpily dressed “meter maids” as hosts of a remote control racing competition for Tech.Ed delegates during the Tech.Ed welcome party.

Founded in 1965 to thwart the then newly installed parking meters with attractive young women dressed in gold coloured bikinis, who went around putting extra credit into parking meters that have either expired or have nearly expired thus saving street parked car users from parking fines, Meter Maids are said to be a Gold Coast tradition.

Given that Microsoft was hosting a “Women in IT” event at this year’s Tech.Ed, and given the high proportion of women employed at Microsoft, there has been concern from some at the event, including some Microsoft employees, that the use of Meter Maids was decidedly inappropriate.

Some are questioning why using the world-famous, Gold Coast-based Meter Maids at a Gold Coast event is “just wrong” and “not acceptable”, as local Microsoft MD Tracey Fellows is reported to have said, but Microsoft Australia insists it apologises for any offence caused.

Microsoft Australia is blaming its local marketing department for hiring the Meter Maids, and reports say that Microsoft’s initial denial of knowing what attire the Meter Maids would wear at the Tech.Ed event was incorrect, given the report by Asher Moses in the Sydney Morning Herald (SMH) that the MD of Meter Maids says she has emails spanning a 2-3 week period in which Microsoft’s local marketing people chose from a selection of outfits the Meter Maids could wear.

However, Moses’ SMH report quotes Microsoft Australia saying in a statement that: "We do stand behind our first statement, however, it's our show, we take full responsibility, and it was the wrong choice.”

Unfortunately for Microsoft, the issue has received worldwide attention in the tech press and will probably be looked upon sternly by Microsoft HQ in Redmond, right when Microsoft is much keener for people to focus on its upcoming Windows Phone 7 devices.

The brouhaha has given Microsoft and the Meter Maids a great boost of free publicity, while also highlighting the trend away from using or even outright banning of “booth babes” at technology events such as the E3 gaming conference in Las Vegas, and from next year’s Australian CeBIT expo.

So, um… back to the Windows Phone 7 and other Microsoft stuff now? The IE 9 beta is due on September 16 apparently. Presumably it will be launched without the assistance of booth babes or booth blokes. Windows 8 is due in a couple of years, maybe longer – no-one at Tech.Ed would officially or unofficially say anything about it, despite my sort-of best efforts. Oh yeah, Apple’s having a reality distorting iEvent on September 1.

The Australian Tech.Ed event officially closes on the 27th of August, 2010, with the 2011 and future local Tech.Ed events presumably to be highly scrutinised by management to ensure no Meter Maids, Meter Men, Ninja Nerds, Psychic Pokemons or any other potentially Offensive Objects make an appearance.

Alex Zaharov-Reutt attended Tech.Ed as a guest of Microsoft.

The Internet in 2025, according to Cisco

Stuart Corner — Thu, 26 Aug 2010 12:55:33 +0000

Cisco and the Monitor Group's Global Business Network have published "The Evolving Internet, a report that "examines the driving forces and uncertainties that will shape the Internet - and the $US3 trillion market it enables - from now through 2025."

According to Cisco, the report's findings "culminate in four illustrative scenarios, designed to help decision-makers in both technology companies and government understand, anticipate, and manage key changes, risks, and opportunities so that the Internet's potential to create economic and social value can be realized globally."

The report, Cisco says, "outlines five powerful trends already underway that provide a common foundation for any scenarios on the Internet's future. These trends relate to the global composition and governance of the Internet, generational differences, interface technology, and pricing models for connectivity."

The report's four scenarios "portray challenging and distinctive alternative stories about how the world might unfold." They are:

Fluid Frontiers: "A world in which the Internet becomes pervasive and centrifugal. Technology continues to make connectivity and devices more and more affordable (in spite of limited investment in network build-out) while global entrepreneurship - and fierce competition - ensure that the wide range of needs and demands from across the world are met quickly and from equally diverse setups and locations."

Insecure Growth: "A world in which users - individuals and business alike - are inhibited from intensive reliance on the Internet. Relentless cyber attacks driven by wide-ranging motivations defy the preventive capabilities of governments and international bodies. Secure alternatives emerge, but they are expensive."

Short Of The Promise: "A frugal world in which prolonged economic stagnation in many countries takes its toll on the spread of the Internet. Technology offers no compensating breakthroughs, and protectionist policy responses to economic weakness make matters worse - both in economic terms and with regard to network technology adoption."

Bursting At The Seams: "A world in which the Internet becomes a victim of its own success. Demand for IP-based services is boundless, but capacity constraints and occasional bottlenecks create a gap between the expectations and reality of Internet use. Meanwhile, international technology standards don't come to pass, in part because of a global backlash against decades of U.S. technology dominance."

Finally, the report proposes two frameworks that explore the business strategy and policy implications of each scenario: What business models will best establish a sustainable, profitable position around the Internet of the future? What are the policy challenges that need to be addressed, nationally and internationally?

MYOB cloud/desktop model will provide opportunities for developers

Stephen Withers — Thu, 26 Aug 2010 09:31:24 +0000

MYOB officials have explained how the company's forthcoming hybrid cloud/desktop accounting software will include APIs that can be exploited by third-party developers, and how it will initially handle the problem of simultaneous changes to records.
One of the biggest problems with the hybrid desktop/cloud model being adopted by MYOB is dealing with any conflicts that arise when at least one user is working in offline mode. For some aspects of the software, the issue is no big deal, but for others it is a crucial consideration.

For example, it is easy to reconcile a situation where two people have created a contact record for the same new customer. But how can you tell if a disconnected user has just paid a particular invoice? And how can you ensure that invoices are issued with strictly sequential numbers?

The company's plan is to start by only allowing no more than one copy of the data to be nominated as writable at a time. The other copies would be synchronised with that copy That should work in most circumstances but runs into problems if that copy is forced offline for a protracted period (eg, a serious Internet outage at that location). A possible workaround is a mechanism to release the lock via an alternative channel such as a mobile phone.

Looking further ahead, the company plans to progressively allow specific parts of the data to be written by more than one user. Contacts is a possible starting point for the process.

MYOB also plans to provide rich cloud APIs so other companies can develop add-ons and integrations. Possibilities include links to other cloud applications such as Salesforce,com or NetSuite, and multiple backup providers to suit the varying requirements of MYOB users. company officials also suggested there would be an opportunity for partners to provide more stringent access controls.

CONTINUED

The first release of the hybrid desktop/cloud software is expected in mid-2011, with a two-year roadmap for frequent releases to add functionality. The plans initially focus on the AccountRight product, but the intention is to cover the complete range. MYOB is building the new software on Microsoft's .NET, which has implications for the company's Mac customers, MYOB officials acknowledged the issue but said the company was not ready to discuss the matter at this time.

It seems MYOB will be focussing heavily on the benefits of the hybrid model (the problems it solves and the way it can reduce effort) rather than on the technology aspects.

Company officials said their research showed customers were comfortable with the idea of having their data stored offshore, and that there were no legal obstacles to that practice as long as users were notified.