#help! Japan is Considering Using Twitter and Social Networks for Emergency Notifications

On Wednesday the Japanese government hosted a panel discussion in Tokyo to discuss placing emergency calls through social networks during natural disasters, as reported by PCWorld. This was the first event of a three part program that will run through March of next year to discuss how to use social media during large disasters. The panel included the head of Twitter Japan as well as Yahoo Japan officials.

The thought is that when traditional voice-based infrastructure is impacted the social network might be a better alternative to process emergency requests. During Japan’s Earthquake that impacted several nuclear power plants, many of the Japanese citizens were only able to get updated information via the social network. The culture is quite fanatic about using cell phones and social media, so the government see this as a natural evolution for their emergency communication strategy.

On the surface this sounds like a practical and plausible solution to a difficult situation, however having managed a notifications platform, there is a lot of concern from a product perspective. Posting content and accessing the social media is only viable if the people have access to the service, cell phone service is not designed for the level of usage that occurs during a disaster. Alert notifications are a great tool, but you must have reserved capacity and if you are only using the service on rare occasion, your cost for reserving the bandwidth could become quite expensive over time.

But let’s assume the government can solve the bandwidth issue, now the question comes around geo-presence, how do you know where the person is if they are using it to tweet in an emergency? Yes the phone probably has a GPS chip and the location can be triangulated to near proximity of the cell tower, but how do you control this, how do you use it only in an emergency? You could probably build an app for this, but that would mean that now everyone has to install the application to tweet in an emergency and how do you train the masses on how to use the social network?

Finally, and this is my biggest concern, how do you prevent hacking, both on the notification and 911 inbound tweets. None of the social media sites that I have used provide any moderator level controls, which means if the government Twitter account gets hacked and someone send out an emergency alert, there would be wide spread panic.

Don’t get me wrong, these are the right discussion to be having, we need to find new ways to communicate to large groups of people, especially in a disaster, but if we are going to enlist the use of social media then these service providers have to find a way to manage security beyond their current methods.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

AMD’s New Buzz Word “Surround Computing”

Mark Papermaster, the IBM executive who was named AMD’s chief technology officer last year, prompted discussion on Tuesday at the Hot Chips conference in Silicon Valley to promote “surround computing” a concept that will usher in an era where the intelligence delivered through microprocessors becomes a built-in functionality that integrates into all devices around us.

Papermaster described a world in which natural user interfaces such as gestures, fingerprints and facial recognition replace keyboards, touchscreens and mice for interactive experiences on tablets and other devices. That integration can help users connect in a more natural way with their hardware but ultimately would require more power for servers to keep up with the increased flow of information being processed.

While everyone is always intrigued with the hologram keyboard that is often used in movies or the slick hand movements that pull up video and content, like in the minority report, the reality is that we are a few years away from that and probably a decade away before it becomes something you would see in a home.

I enjoy the competition that AMD and Intel have built over the last decade, and chip performance has certainly improved over that time, but the amount of data and processing needed to deliver these types of enhancements may make the financial cost somewhat impractical, not to mention the peripheral devices needed to interact with the user and the machine. Speech recognition programs have been around for years and despite the best technical minds and improved processing speed, they still do not function at the level that we have come to accept in our movies.

Perhaps the most comical example come from Star Trek IV: The Voyage Home, when Scotty is trying to build the glass needed to contain the water to transport the whale and he starts off by saying, “computer”, and the owner looks at him and points to the mouse and he picks it up and says “computer”. The irony is that we have envisioned computer interactive designs for over 50 years, so I guess another decade is probably to be expected, at least the chip manufactures are thinking along the next generation of productivity.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

VMware’s New vCloud 5.1 Makes Data Centers Virtual

According to VMware, VMware vCloud® Director™ (vCloud Director) orchestrates the provisioning of software-defined datacenter services, to deliver complete virtual datacenters for easy consumption in minutes. Software-defined datacenter services and virtual datacenters fundamentally simplify infrastructure provisioning and enable IT to move at the speed of business.

So what are you really getting? Conceptually this is a very neat package of utilizing data center services (compute, storage, networking, security and availability) into a software on-demand construct.. The vCloud Suite 5.1 is built on an updated version of VMware vSphere 5.1 and includes over 100 enhancements.

What appears promising about this design is the ability to manage flow resources across systems and workloads, along with privatizing the cloud infrastructure and securing the network. However there are skeptics. In an interview with TechNewsWorld, John Vincenzo, vice president of marketing at Embrane stated that this is "basically a small evolution of the classical virtual appliance approach, there's no scale-out architecture, with no elasticity."

The next round of designs will need to incorporate the ability to increase demand as needed (including interoperability with different hardware architecture), reduce demand as needed and park applications when necessary. The software appears to be headed in the right direction and should foster some strong innovation on the data center management front.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

zEnterprise EC12 - IBM’s Mainframe Built For The Cloud

IBM announced today that they are releasing zEnterprise EC12, a Highly Secure System for Cloud Computing and Enterprise Data. According to their press release the new mainframe will provide:

· New, cutting-edge System z® capabilities for security and analytics dramatically boost cloud performance with help from IBM Research innovations.

· zEC12 offers 25% more performance per core, over 100 configurable cores and 50% more total capacity than its predecessor.

· Over $1 billion in IBM R&D investment and collaborative client input on today's enterprise system challenges

In addition, zEC12 includes a state-of-the-art, tamper-resistant cryptographic co-processor called Crypto Express4S that provides privacy for transactions and sensitive data. Crypto Express4S includes new hardware and software developed with IBM Research to help meet stringent security requirements for various industries and geographies. According to IBM, it can be configured to provide support for high quality digital signatures used with applications for Smart passports, national ID cards and online legal proceedings, replacing handwritten signatures as directed by the EU and the public sector.

Traditionally mainframes have been used in the financial sector where millions of transactions are processed and have a high need for security, but I would expect adoption in the healthcare area as well, especially since the US has mandated that patient records move to an electronic status by 2014 with penalties starting in 2015.

Due to the cost (between 1 million and 10 million dollars), I do not expe small organizations to move quickly, but I would expect the larger organizations to adopt the technology and implement IBM;s solution. Being the only commercial server to achieve Common Criteria Evaluation Assurance Level 5+ security classification I think IBM has found a way to increase Mainframe adoption.

I would not be surprised to see the reduction of paper processes in a more expedited time frame. The good news is that this could very well spark new jobs and new technologies that have been unobtainable in the past.

IBM’s Mainframe sales account for only 4% of their overall sales, but peripheral sales for the Mainframe account for 25% of their total sales and deliver substantial margin to the bottom line, estimated to be. more than 40 percent of its profits, according to A. M. Sacconaghi, an analyst at Sanford C. Bernstein.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

The Patent Verdict Is In - $1 Billion for Apple

After just three days of deliberation, the nine jurors assigned to the Apple/Samsung Patent infringement case answered all 700 questions and returned with a verdict in favor of Apple, and awarding them more than $1 billion dollars in damages. For the most part the financial impact to Samsung, one of the world’s largest electronics manufactures is minimal, but the impact to how smartphones are built in the future could be dramatic.

In what was covered with much less detail, a similar suit was being argued in South Korea, In that case, the court ruled that Apple and Samsung both infringed on each other’s patents and awarded damages to both parties, $22,000 to Apple and $35,000 to Samsung, far less than the 1 billion awarded to Apple in the US.

There is clearly a lot to be said for home court advantage, while South Korea recognized both companies were in violation of patents, the advantage went to Samsung, in the US however, Samsung was the clear loser, not only did the jury find in favor of Apple, but the did not feel that Apple in any way violated Samsung’s patents.

It is interesting how two cases being argued with virtually the same data have two entirely different outcomes. Currently phones and tablets that are on the market have not been pulled off shelves and no injunction has been granted, although experts are predicting that Apple will ask for an injunction on all devices that currently violate the patents, this could have a major impact for Samsung and for consumers, especially since three smartphones are sold to every iPhone. Samsung is expected to ask to have the verdict overturned and if that fails appeal the verdict to a higher court.

There are a few things that will be interesting to see as this dilemma unfolds. There are those that believe that patents, like the ones Apple has, stifles innovation, meaning that the organization will rely on what it has already built and continue to offer that to the marketplace. In this way, the organization remains status quo. Others will argue that it will force Samsung and others to become more innovative and find ways around the patents which will ultimately lead to innovation. Of course, if Samsung licenses the technology from Apple, than we probably will not see that new innovation.

Even if Samsung takes the innovative path to compete with Apple, the reality is that it will take time, time to develop, review, test and ultimately distribute the product, in the meantime the consumer receives less choices, demand goes up while supply goes down, a great mix for increased prices.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Tim Cook Apple’s Savior or downfall?

Tim Cool assumed Apple’s top position a year ago and based on that news the stock price dropped, as of today it is not up more than 44 percent from where it was. On the surface this look great and Apple appears to be driving towards long term success. However (and there is always a however), product development takes more than a year at most companies and Apple is no exception. The products that are driving Apple are still the brain child of Steve Jobs. The real question is where will Apple be next year.

Back in April, Forrester CEO George Colony, wrote in his blog post that Apple will decline in the post Steve Jobs era. Colony also believes that Apple lost quite a bit when Steve Jobs left, “When Steve Jobs departed, he took three things with him: 1) singular charismatic leadership that bound the company together and elicited extraordinary performance from its people; 2) the ability to take big risks, and 3) an unparalleled ability to envision and design products.”

There is also heavy criticism regarding the advertising efforts that Apple is moving forward with, the addition of celebrities versus the traditional imagery that Apple products used to invoke seems to have hit a discord with potential buyers. While not scientific, the belief is that Apple is now becoming just one of the products versus a way to express your own identity and all of their advertising is beginning to lean towards that shift.
In addition, Apple and Samsung are embattled in a patent case around Samsung’s HTC smartphone. The outcome will have a substantial impact on both companies and depending on the verdict may highlight Cook’s legacy one way or the other.

Finally, Apple is also dealing with several issues around their retail stores. First reported by Gizmodo, Apple’s Dallas flagship store has been doing some pretty horrible things to customers including erasing data and breaking components that worked when they were brought in. The story was also further confirmed by 9TO5Mac.

Where will Apple be in 12 months from now? Well if I knew that I would play the stock market, but what I can say is that without continual innovation and strong leadership, Apple will not be the same company it was two years ago.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

FCC Report Finds 19 Million Americans Do Not Have High-Speed Internet Access

According to the Federal Communications Commission's Eighth Broadband Progress Report  there are still 19 million Americans (6% of the US population) who lack access to high-speed Internet. Congress in Section 706 the Telecommunications Act of 1996 requires the FCC to report annually on whether broadband “is being deployed to all Americans in a reasonable and timely fashion.”

The FCC believes that we are in an era when broadband is essential to innovation, jobs, and global competitiveness, the Report concludes that the FCC – and the nation – must continue to address obstacles impeding universal broadband deployment and availability. In addition, the report states that billions have been invested by the communications industry in broadband deployment, including next-generation wired and wireless services, including:

• Expansion of networks technically capable of 100 megabit-plus speeds to over 80 percent of the population through cable’s DOCSIS 3.0 rollout

• World-leading LTE deployment by mobile operators

• Sweeping reforms by the FCC to its universal service programs, including the new Connect America Fund for broadband deployment, Mobility Fund, and the Lifeline program for low-income Americans

• Action under the FCC’s Broadband Acceleration Initiative to reduce the cost and time required for deployment

• Numerous steps to expand availability of wireless spectrum for broadband 

With this said, many rural and tribal areas still lack access to high speed service. The report also indicated that the US is behind many other industrial countries in the speed and coverage of high speed Internet service. With that said, I will admit I would never go back to dial up - I can even remember when I was overly excited to get the USR upgrade patch to bring my 28.8k modem up to 33.6k, but on the flip side the communications act has a cost.

My cable bill has steadily increased, I now pay more for cable than I ever imagined, yes I love my high speed service, but at what cost is it being delivered? In NJ we spent billions laying fiber optic cabling over a decade ago, someone had to pay for it, nothing in this world is free. So while the report provides great insight to our current state, my experience has been that the last part of a project of this magnitude is typically the most expensive and difficult.

In my days of Six Sigma, getting to 99.9% was much easier and less costly than moving to 99.99%. This is a pure statistical metric, in order to move to the next 9, you have to endure considerable effort and this effort has a substantial cost, so while we are making progress, I would expect the cost to complete the additional 6% to be a heavy burden.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Are Software Patents Stifling Innovation?

Pablo Chavez, Google's public policy director, spoke at the Technology Policy Institute’s conference this week and stated, "One thing that we are very seriously taking a look at is the question of software patents, and whether in fact the patent system as it currently exists is the right system to incent innovation and really promote consumer-friendly policies".

Having been in the messaging business for 15 years I can attest to the impact and cost of patent infringements. Companies have been known to collect patents (referred to as patent trolls) and derive business models by going after companies that have similar designs to their patents. The problem that often occurs is that it becomes less costly to settle than to argue your case in court. This then adds credibility to the patents, even if they are not an exact match.

Substantial monies are invested in bringing claims and defending patent positions, monies that could be used for new jobs, innovation, product improvements and increased stakeholder value. No one benefits from the patent lawsuits, while a company may win money in a settlement, the time and effort required to prove the case and bring experts in to testify, takes away from the filing company’s corporate direction and takes away substantial resources from the company being sued. In the end we as consumers pay the price with increased costs of services, fewer jobs and less innovation.

The challenge becomes how to protect a company’s investment without impeding innovation. Twitter announced in April a new patent credo and moved more control of the patents to their employees. Twitter published a draft of the Innovator’s Patent Agreement which basically allows the inventor to maintain control over their patents, and Twitter agrees not to use the patents to file offensive lawsuits designed to block technology development at other firms without permission of the inventor. I find this an interesting approach.

I personally have a software patent filed on behalf of my former company, and in fact the patent design is believed to be infringed by another company who built an app for a HP printing device. So I have seen firsthand how ideas and concepts can be created and used and end up in litigation. Because of the litigation between the two companies, I cannot really comment on my opinion on this particular patent, but I can say in general, as a society if we want our technology to become more innovative and grow our domestic organizations, than we need to figure out a new process for software patents.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Amazon’s ‘Elastic Beanstalk’ Now Supports Python

Amazon recently announced that AWS Elastic Beanstalk now supports Python, and seamless database integration. If you’re not familiar with Elastic Beanstalk, Elastic Beanstalk is a quick and simple way to deploy applications to AWS. By using the AWS Management Console, Git deployment, or an integrated development environment (IDE) such as Eclipse or Visual Studio to upload your application, Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. Within minutes, your application will be ready to use without any infrastructure or resource configuration work on your part.

Amazon claims it is now the easiest way to deploy and manage scalable PHP, Java, .NET, and Python applications on AWS. You simply upload your application, and Elastic Beanstalk automatically handles all of the details associated with deployment including provisioning of Amazon EC2 instances, load balancing, auto scaling, and application health monitoring.

Integration with Amazon Rational Database Service (RDS)

Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud, making it a practical fit for scalable web applications running on Elastic Beanstalk. If your application requires a relational database, Elastic Beanstalk can create an Amazon RDS database instance to use with your application. The RDS database instance is automatically configured to communicate with the Amazon EC2 instances running your application. Once the RDS database instance is provisioned, you can retrieve information about the database from your application using environment variables:

Ability to Customize your Python Environment

 You can also customize the Python runtime for Elastic Beanstalk using a set of declarative text files within your application. If your application contains a requirements.txt in its top level directory, Elastic Beanstalk will automatically install the dependencies using pip. Elastic Beanstalk is also introducing a new configuration mechanism that allows you to install packages from yum, run setup scripts, and set environment variables. You simply create a “.ebextensions” directory inside your application and add a “python.config” file in it. Elastic Beanstalk loads this configuration file and installs the yum packages, runs any scripts, and then sets environment variables.

For more information about using Python and Elastic Beanstalk, visit the Developer Guide.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Progressive Settles Claim Amid Social Media Pressure

While the story you are about to read is very tragic and my heart goes out to the family for what they have had to endure, it is another example of how Social Media has evolved in our society. Matt Fisher recently wrote a blog article titled “My Sister Paid Progressive Insurance to Defend Her Killer In Court”. On June 19, 2010, Katie Fisher was driving in Baltimore when her car was struck by another car and she was killed. The other driver had run a red light and hit her car as she crossed the intersection on the green light.

The driver was under-insured, but Nationwide Insurance settled for the maximum amount of their client’s policy. Ms. Fisher was insured by Progressive and had additional coverage to protect her against uninsured/under insured motorists. Due to the outstanding bills such as student loans, the additional monies were needed to settle Ms. Fisher’s obligation. In Mr. Fisher’s article he goes on to outline that Progressive refused to honor their insurance policy and that due to legal restrictions in Maryland, his parent’s only recourse was to sue the driver for negligence. From there they could try to leverage that verdict to have Progressive honor their policy.

Needless to say, Progressive finally settled the lawsuit, but not after a tremendous amount of frustration and pain for the Fisher family and the driver of the other car, who has to live with the outcome of the accident every day. The problem here is that Progressive only settled when their reputation was being challenged via Social Media outlets. The blog article went viral and Progressive was flooded with complaints on their Facebook page. Had this recourse not been available to Mr. Fisher, one would wonder if Progressive would have ever settled.

This is the third article that has touched on the power of Social Media as it relates to companies (Amazon and Apple Make Changes Amid Recent Hacking and Where Will We Draw the Line With Social Media? ). Companies can pretend that their on-line reputation has little to do with their business (especially in the case of progressive who floods the air waves with commercials), but ultimately, stories that touch the heart or enrage our morality will make or break a company. Companies need to be aware of what is being said about them on line, they need to have a better understanding of what issues could become volatile and manage these issues accordingly. When you think about it, all Progressive had to do was the right thing and this would have been a positive story rather than a negative campaign.

I do not think it is hard for a company to manage their on line reputation if you are doing the right thing for your customers, and if you are not doing the right thing, you will probably get stung by the Social Media Buzz.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

New Meaning to Cloud Update

Last week NASA updated the Mars rover, Curiosity. At a distance of 160 million miles, this was no small feat. Each command took approximately 14 minutes to transmit and 14 minutes to receive a response (and we all think Windows updates take time). The rover was designed to process updates as part of the mission, in fact NASA officials claim that the rover has a small storage space for the OS and needed to be updated once it had landed. The total update took 4 days as NASA wanted to make sure Curiosity did not become the proverbial brick that we have seen once you mess up a BIOS update.

While this is an amazing accomplishment, what I take away from this is the fact that with passion, all things become possible. I see this as a way to overcome an obstacle, with innovation and ingenuity driven by passion, NASA was able to overcome Curiosity’s limitations. As Product Managers, we often face the same conflicts. I have always felt that Product Management is one of the hardest jobs because you have virtually every department asking you for enhancements and yet none of the teams directly report to you. I am sure we have all had at least one department heads go to your manager and escalate an item that they feel has to be in the next release – I used to say that secretly, everyone wanted to be a Product Manager.

In my experience, most Product Managers only look at the end user as the customer, but in reality, Product Management has many customers, this includes Customer Care – who will tell you what they need to service the clients, Sales – who will tell you what they need to sell the product, Operations – who will tell you what the product needs to do to keep running efficiently, Accounting – who will tell you what they need to create an invoice for the service, Development – who wants to work on new and exciting technology and ultimately the end user – who pays the bills. The fact is that each and every group is important and finding a way to balance their requests and developing a road map that meets all of their needs is a challenge.

With that said, when you look at what it takes to do a software upgrade 160 million miles from the point of origin, you have to wonder how any problem could appear as large as it initially did. Great Product Managers find a way to overcome obstacles, maintain relationships with key stake holders and never forget that each constituent has a desire to make the product and customer experience better.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Windows 8 – Time to Learn a New OS

Microsoft Windows has come a long way since the days of Win 3.1, they have had good success with Windows NT, XP and Windows 7, but have also missed the boat a few times, who could ever forget Millennium. We are now headed towards a new learning curve, for those of you who appreciated the change from Office 2003 to Office 2007, this will be on the same level. There is no doubt that people who have never used a computer before will gravitate to the Windows 8 interface, my experience with the beta version has been as one would expect. The general design is very easy to navigate, assuming you know nothing of previous Operating Systems. If you do, you will be challenged to find the functions that you have spent the last few years learning.

Windows 8 promises more integration with Touch Screens and if you purchase new computers frequently, you will probably like this feature. My experience however is that most people only buy a new PC when theirs is beyond repair, so if you are like the rest of us, it will be a while before you get the full advantage of Windows 8. The goal from Microsoft was to build the OS for the PC/Tablet to integrate with all of the gadgets we have become accustomed to, watching Netflix, reading an online book, playing Angry Birds or creating a spread sheet. Windows 8 is also a much lighter OS, it boots quickly and even functions well on older machines.

If I use my wife as the gauge – I installed the Windows 8 beta version on her laptop – then I would expect a few challenges for most users. She has asked me at least a dozen times where her pictures are stored as they never seem to show up where she expects them and it took her a few days to figure out the new navigation icons. But despite a few complications, Windows 8 will move us closer to the centralized OS that can run a house hold that is connected to a network.

One other critical component is that Microsoft is making Windows 8 very affordable, they recently announced on their blog that an upgrade to Windows 8 Pro (from any version of XP or later) would be just $39.99.  I have to show my age here as I was one of the geeks that waited until Midnight at Comp USA (yes they were brick and mortar before Tiger Direct bought their name) to purchase Windows 95 – the OS that was going to change everything. Microsoft certainly knows how to keep our lives on the PC interesting.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Kaspersky Labs Seeks Help From the Community to Crack Gauss

Kaspersky Labs is having a difficult time cracking the encrypted payload that is being delivered by the Gauss malware toolkit. The payload is delivered to machines via an infected USB stick that uses the .lnk exploit to execute the malicious activity. In addition to the encrypted payload, two other files that also contain encrypted sections are delivered to the machine; Kaspersky has been unable to crack these files. “We are asking anyone interested in cryptology, numerology and mathematics to join us in solving the mystery and extracting the hidden payload,” the researchers write in a blog post published Tuesday.

The spyware, dubbed Gauss after a name found in one of its main files, has a module that targets bank accounts in order to capture login credentials for accounts at several banks in Lebanon and also targets customers of Citibank and PayPal. Gauss has been distributed in the Middle East for at least 10 months, It was designed to intercept data required to work with banks and to collect information about systems it infects. However, more than 2,500 unique PCS have been infected with Gauss modules in 25 countries around the world. These include the United States and Germany. Kaspersky Labs suspects that the infections could be much more widespread.

What concerns Kaspersky the most though is the fact that the malware has a mysterious payload, designated resource “100,” which Kaspersky fears could be designed to cause some sort of destruction against critical infrastructure. “The [encrypted] resource section is big enough to contain a Stuxnet-like SCADA targeted attack code and all the precautions used by the authors indicate that the target is indeed high profile,” Kaspersky writes in its blog post.

The genesis of Gauss appears to come from the Flame Malware that was identified in May, This platform has several similarities to Flame, Kaspersky said."There's no doubt Gauss comes from the same factory which produced Flame," Roel Schouwenberg, senior researcher at Kaspersky Lab, told TechNewsWorld. "They're built on the same platform." The first known Gauss infections occurred around September, Kaspersky Lab said. The platform's creators have modified different modules several times and changed command server addresses. The command servers went offline in the middle of July, when Kaspersky Lab scientists were examining Gauss.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Will OpenStack Change the Face of Cloud Computing?

For those of you who are not familiar with OpenStack, it is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a data center, all managed through a dashboard that gives administrators control while empowering their users to provision resources through a web interface. The OpenStack project got a boost today when Red Hat released a preview version of its own version of the open source cloud software.

The preview version will be distributed to the forum which includes hackers to help identify security holes within the software. While it is not designed for Production use, I do believe that we will see multiple organizations jump on this new model. RackSpace, a major competitor of the Amazon Cloud Service, is already running a production version which is basically the cloud computing version of Linux. The software allows customers to set up their own OpenStack instance to run in their data centers or they can run it on RackSpace’s cloud or utilize other companies such as HP.

The ability to segment and setup an organizational private cloud will become very appealing to the Enterprise who is concerned about co-mingled data or access by cloud employees. The ability to encrypt data that runs on the cloud and access it in a private environment has tremendous value to the security team that has to manage the flow of data leaving the organization. I feel this will become the new cloud model in the next several years. As of right now it will not help consumers, which are a major revenue source for cloud providers, but it will begin to protect data within organizations, especially that data which is sensitive to many consumers.

The history of the OpenStack started at the Rainbow Mansion, and for anyone who is unfamiliar with this house should check out “The Secret History of OpenStack, the Free Cloud Software That’s Changing Everything”. It is a very interesting story that outlines the concepts of today’s greatest minds. The reality is that the cloud is an ever changing term, when I first started in the business, we were outsourcing the business process, then the term "Hosted" became the buzz word, then it evolved into a "Managed Service" and then the think tanks got clever and called it a "Cloud".

Now we will have public and private clouds as the technology becomes available. Expect to hear more about the private cloud that sits on the public domain, I predict it will become the future for the vast majority of enterprises. I would envision sections of applications (like salesforce.com) to become available via the private cloud. The challenge of course will be how to manage the co-mingled data that is contained in the database. But that is just a technical challenge and one that I do not think will take too long to figure out.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Do You Think Your Passwords Are Safe?

While I was reading a recent article on "Why It Pays to Submit to Hackers”, I was reminded that there have been a lot of cyber break-ins that we simply forget about. Stories that hit the news, live for a few days and then get pushed back to the far depths of our mind. Let’s stroll down memory lane, Gawker Media loses 1.3 Million user names and passwords in December of 2010, Sony PlayStation Network releases 77 million accounts in April 2011, 60 Million users of Epsilon were hit with a phishing attack, in June of this year Linked In had 6 million accounts taken and now Blizzard Entertainment had a security breach on August 4th. Have you noticed that despite the password complexity force on us as a way to protect our accounts, data is still being lost?

I have been part of many security audits and provided my fair share of training, what always drove me crazy is that the complexity and frequency of password changes ended up compromising physical security. Not sure what I mean? Do you have sticky notes with logins at your desk? Do you have a file on your PC with all your logins (probably marked Passwords so you can easily find it) or do you just change the password by adding an additional number (for example changing !Password01 to !Password02) – very common when you have to change the password every 90 days and still remember what you changed it to? And in the end, what is the point if the data is stolen by hackers?

The question we need to ask is how do we enhance security without making it so difficult for the user to actually use the service? I cannot tell you how many sites I have gone on and had to reset my password because I have no idea what the password I set up was. It becomes time consuming and unless I absolutely have to access the site will just abandon my attempt. Some people use password managers, like RoboForm, and they are pretty good, but even that has issues should your files become corrupt or lose your hard drive. Frequent backups are still required to maintain consistency and lets face it, we get lazy when it comes to backing data up on a consistent basis.

Perhaps it is time to demand 2 factor authentication for service providers. The reality is that we become complacent because security breaches only happen occasionally and only the big ones make the news, so we really do not know the full impact of data leakage. Until consumers and Enterprises start demanding better protection, we will continue to read about all of the theft that occurs in cyber space. While 2 factor authentication does not prevent a hacker from stealing data, it pretty much makes the effort pointless since they cannot use the data without the other piece of information, thus making a zero sum game.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

When Has The Government Gone Too Far When It Comes To Cloud Data?

As the US Senate heads toward their recess, the Cybersecurity Act of 2012, sponsored by Sen. Joseph Lieberman, is receiving a substantial amount of additional amendments. The Republicans want security standards to be voluntary as opposed to mandated by the government and the Democrats want to protect consumer privacy. In the end where does the Government belong in data protection and access? What happens if a cloud provider stumbles across plans to blow up a building in the US? Do they have an obligation to turn the data over to authorities? If they do, are they violating their agreement with the consumer? 

Now you may be able to argue that something like this violates the company’s terms and conditions, but what if is a writer doing research for a book they are publishing? Do we want the government to have access to our data if it means that we are better protected but some people’s rights will be trampled in the process? This of course is an age long debate and does not always apply to cloud data, there are plenty of other examples where this occurs, but ultimately we as the people, must decide how much freedom we are willing to give up to remain protected.

For those of you who are totally against government tracking via GPS phones, let me ask you this, let's say your child was kidnapped and the person that kidnapped your child had a GPS phone, but the phone company was unwilling to provide the GPS coordinates because it violated the kidnappers rights? Now let’s alter the story, what if this was a divorced parent who picked their child up from school and the other parent forgot to tell the baby sitter, who then reported the child kidnapped by the police?

These stories will go back and forth and for every positive reason to do it, there will be a negative consequence. With that said, this is not just an issue for consumers, the fact is that the Patriot Act grants US authorizes the ability to view data stored in cloud providers under certain conditions. In fact it has been a long standing argument with Europe that Data hosted by US companies (either in the US or in Europe) are subject to the Patriot Act, This became a hot button last year when Microsoft admitted in London during their release of Office 365that data they host could be subject to the Patriot Act no matter where they host it.

The reality is that all Governments, not just the US, are able to access data hosted in the cloud. A recent white paper by Hogan Lovells analyzes different governments and their access to data, based on their research, they claim, “The White Paper reveals that every jurisdiction examined vests authority in the government to require a Cloud service provider to disclose customer data. It explains why the access provisions of the USA Patriot Act are narrower than commonly thought.”

A summary chart of the White Paper's findings is below:

So where do we draw the line, do we give up certain rights in order to increase the protection of all? Once again this is not an easy question and one that will evolve and change over time.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Amazon and Apple Make Changes Amid Recent Hacking

The other day I blogged about Mat Honan’s recent hack and the destruction of his personal data, of interest is that the story on my blog received less attention than Steve Wozniak's claim that the Cloud is Horrendous. I guess that we are either indifferent to hacks – that we have just come to expect them – or we just do not believe they can happen to us.

The reality is that what happened to Mat can happen to anyone, all it took was some good computer skills and some creative social engineering. Well fortunately, the publicity of Mat’s plight has forced both Apple and Amazon to make changes in regards to what their customer service representatives can change. According to a recent article, Apple on Wednesday confirmed that it is temporarily disabling its customers' ability to reset an AppleID password over the phone. Customers will have to use Apple's online "iForgot" system.

According to Wired, Amazon's customer service reps will no longer change account settings like credit cards or email addresses by phone. I have been pushing for enterprises to make sure that their cloud providers are doing everything they can to ensure data protection. But I believe it is equally important to evaluate a company after an incident. How a company responds in light of a bad situation speaks to their DNA as much as the preparation they put into protecting your data.

It would have been easy for both Apple and Amazon to simply say that this issue was isolated and that their process is well founded, instead they took action and are trying to determine the best long-term course to benefit their customers. When we get in our car each day, no one plans for an accident, but we know they are part of life, equally we know that our personal data could be compromised at some point in time.

Have you ever had your credit card numbers stolen from a website (I have had my discover card number stolen about 4 times in the last 3 years)? Ultimately the credit card company makes it painless to dispute charges and quickly replaces the card and you soon forget the pain. I applaud both Apple and Amazon – while the probably should have implemented this by default – they were smart enough to respond in a way to protect their clients and not shy away from a potential fire storm.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Where Will We Draw the Line With Social Media?

In May the NY times reported that a Judge in Virginia ruled that the “Like” button on Facebook is not considered protected speech and several people lost their job by liking an opposing official. Facebook has taken offense to this ruling and has countered in court that their like function is in fact protected under the first amendment.

Facebook filed a friend-of-the-court brief, on August 6th that urges an appeals court to vacate a recent ruling by the judge in Virginia that Facebook "likes" are not protected speech. While this may seem minor in the grand scheme of life, I believe it has a far reaching impact. Many prospective employers ask for your Facebook and Linked In pages to evaluate you as a candidate for a job position, if in fact your public comments are protected first amendment rights, can an organization reject you based on your personal beliefs? Can you be fired for your personal beliefs if they are posted publically?

For organizations, it can become a nightmare, most organizations face minimal scrutiny when one of their employees say or do something egregious, but being the NY area, we get to see this very issue in full color, our professional athletes are under constant scrutiny. Just imagine if you were the focus of removing your shirt after a rain storm, like Tim Tebow of the NY Jets. Is this a far reaching example? Of course, apparently a back up quarterback in NY with a massive following is head line news, but it does go to show how media, both news focused and socially goes viral on topics that would never have been discussed a decade ago.

For organizations, managing this phenomena becomes even more challenging. I have highlighted security and corporate reputation in my previous article, but just imagine if the wrong person with a massive following feels compelled to tell their side of a bad experience using a social channel. A great example of this was recently posted on Facebook regarding Alaska Airlines treatment of an elderly patron with advanced Parkinson's disease. Not only did the article go viral, but the local news picked up the story. I am not condemning either party as I do not feel all of the facts have surfaced, but social media typically only provides the sensationalism and delivers one side of a story.

As an organization, how do you monitor and manage these risks to your stakeholders. There are many businesses that will lose substantial revenues if their reputation is harmed, managing this communication outlet requires advanced strategy, SWOT teams and a full plan for responding to an ever changing public. I truly wonder how our constitution would have been drafted if our founding fathers were sitting down today to write these very documents that have formed our society, would they still provide the same freedoms we have come to expect as human beings? On a lighter side, I personally am waiting for a creative lawyer to use an entrapment defense for a burglar who breaks into a home to find occupants present even though their Facebook page says they are away at Disneyland.

I wish I could provide a clear vision of how this will all turn out, but the reality of the situation is that no one knows, all I can predict is a constantly changing environment around how we communicate with each other.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Are You Prepared for Social Engineering?

Recently, Mat Honan. A seasoned technology writer had his digital life dissolved by hackers. All it took was a call to Apple to have them reset his password, hack his Gmail account and then wipe all of his apple devices remotely. The hackers also accessed his twitter account and sent racist and homophobic messages to his followers. 

Access to the Apple account was granted via Social Engineering – an art of manipulating people into providing sensitive information. What this highlights for both consumers and enterprises is that access to data is only as secure as the weakest link, all the encryption in the world will not help if the intruder has your password. It also brings to light that what one provider considers sensitive information may not be relevant to other providers.

While this may seem elaborate, it all started by hacking an Amazon account. Because Amazon provides (like many other on-line retailers) the last 4 digits of the credit card, the hackers were then able to call Apple and provide the last 4 digits of the credit card which is needed to release certain information about your apple account. Once the Apple password was reset, they accessed the Gmail account and now had access to Mr. Honan’s cloud data and remote wiping options.

As technology becomes more integrated, the need for tighter controls have to increase. In this case the hackers used Mr. Honan’s Apple account to remotely wipe all of the data on his iPhone, iPad and MacBook. Even with proper backup, most people would have lost substantial amounts of data. And with a major push for consumers to move more to the cloud, it would not be surprising to see this type of behavior occur with more frequency.

One may interpret my articles to be anti-cloud, in fact I am very much pro-cloud, however, having worked for multiple cloud service providers that supported consumer and enterprise level businesses, I know the transition from supporting consumers to enterprises is not an easy process. My objective is to have the enterprise make sure their cloud providers are in fact providing best-in-class security. In terms of Social Engineering, you should employ social engineering techniques to test on a regular basis any cloud provider that is hosting your data, As an organization your security department should train and deploy preventive social engineering techniques.

The reality is that the Cloud is here to stay and will only expand over time, but as with anything, evolution requires hard work and a strong focus and delivering quality and security in the cloud is a must. In the end, if we push for the right behaviors now, we will have one less concern to address in the future.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Is The Cloud Horrendous?

Recently Steve Wozniak, who co-founded Apple with the late Steve Jobs, predicted "horrible problems" in the next five years as cloud-based computing begins to mainstream. He was recently quoted: 

"I really worry about everything going to the cloud. I think it's going to be horrendous. I think there are going to be a lot of horrible problems in the next five years."

Mr. Wozniak went on to describe how data in the cloud will belong to the cloud provider and the individual will lose ownership of their own content, but it is more complicated than that. In my previous article, I outlined that cloud providers must enhance their security controls, but this is not just about controlling the security for access to content on line.

Most cloud providers are able to reduce cost and increase operational efficiency by storing data across multiple servers and disk arrays, these same servers are used for all customers, meaning that your data is shared on the same server as thousands of other clients. Most providers use database configured controls to ensure each client has access to their specific content. In practice, this design works well and is very effective; of course this design also makes it very difficult to return all content should you leave the provider and as with anything there is always the chance for a glitch.

The risk of a glitch is not what scares me, in 15 years I have only seen this type of issue occur a handful of times and the exposure to clients has been minimal, what really concerns me is what happens when the hardware is upgraded? In 15 years of dealing with fortune 1000 clients I have never been asked what do you do with outdated hardware?

The reality is that this equipment has content stored on the hard drives, unless they are physically destroyed or wiped in a manner that prevents recovery, your data can be reassembled. The other question you have to ask is what do companies do with their outdated hardware? Many companies sell them on EBay so you have no idea who just received potential access to your data. I have never seen a cloud based contract that was executed outline what the policy was for hardware retirement.

For example, are you notified when servers containing your data are replaced, are you informed how they are being decommissioned? Are you made aware of whom and when the equipment was properly destroyed? I am not implying cloud providers are not handling security properly, but I do believe enterprises have to begin to demand more from their cloud providers and insist on the audits, notifications and penetration testing, otherwise Steve Wozniak’s prediction will become our reality.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.

Cloud Providers Must Enhance Their Security Controls

We see it all the time, social media sites being hacked and accounts being compromised, this has become a routine part of the internet (LinkedIn hack is much worse than you think), but in order to protect sensitive data and prevent embarrassment for organizations, these social media outlets must take a stronger stance on security and start to develop moderator controls. This especially holds true for enterprises that utilize social media avenues to promote their products.

Recently Major League Baseball was hacked on Facebook (Jeter has sex change in Yankees Facebook page hack), and being a Yankee fan I was surprised to learn that Derek Jeter was having a sex change:

“We regret to inform our fans that Derek Jeter will miss the rest of the season with sexual reassignment surgery. He promises to come back stronger than ever in 2013 as Minnie Mantlez.”

This of course was not true and was quickly caught and taken down. However had Facebook offered moderator controls, a feature they could easily charge for, these comments would never have been posted to begin with.

I have worked in the cloud space for over 15 years, you may think the concept of cloud is new, but in fact, we used to call this very concept, outsourced, hosted and managed services before some clever think tank decided to call it a cloud based solution.

The problem is that most organizations accept the contractual terms that outline security assuming they are protected, and from a legal perspective they probably are, however how does an organization bounce back from an attack on their reputation? The fact is that depending on the seriousness of the event, they may never be able to recover.

While this particular event was humorous, what if it was true, how do you take back a statement once the bell has already been wrung? This all starts with enterprises becoming more aware of the cloud solutions they are utilizing and putting in place stop gap measures to make sure that the cloud providers are in fact policing themselves the way they claim. Without a proper audit and penetration testing, there is no way to be certain your data is truly protected.

Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.