"Cloud-security" -- Protecting Web Servers

If cloud computing is vulnerable (as I previously blogged) then there may be a product to the rescue. Last week TrendMicro introduced an update to its Deep Security product that offers protection for the entire server--the OS, network and applications layers.

Larry Magid at CNET News interviewed TrendMicro's CEO Eva Chen in this article:

She acknowledged that servers are typically protected by a firewall, an intrusion detection system (IDS), and an intrusion prevention system (IPS). "But now people are doing virtualization," Chen said. "And once you do virtualization, the server can move from one network center to another network center or move from your own data center to a public data center, and therefore the server is not just behind the firewall all the time. It needs to protect itself."

Larry also had this to say about his own personal experiences:

As a small site owner, I understand the need. SafeKids.com, which is a WordPress blog I maintain, was attacked a couple of years ago due to a security flaw in a template I was using. The attacker embedded hidden links to sites that offered male enhancement products. I discovered the problem when I was embarrassed by Google Viagra ads appearing on my site. I don't have anything against Viagra, but the ads weren't appropriate for a site that focuses on Internet safety for children. Google, which places ads that are related to the site's content, was fooled into thinking that my site covered male enhancement rather than children's safety. Chen said that TrendMicro is exploring technology that could protect sites like mine by alerting owners to potential problems as soon as they occur.

Online holiday sites are expected to see sales increase 8%. They need a secure environment if consumers are to feel comfortable when purchasing online.

Vulnerabilities in the Cloud?

Researchers recently identified a security issue in Amazon's Elastic Computer Cloud (EC2) that allows a hacker to to locate and eavesdrop on targeted virtual machines  anywhere in the cloud.

The report--with the catchy title "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Computer Clouds". According to a Computerworld article: 

The attack described in the report was conducted against Amazon's Elastic Computer Cloud (EC2) service. But the vulnerabilities that enable it are generic and would likely affect other cloud providers, said Eran Tromer, a post-doctoral researcher at MIT's Computer Science and Artificial Intelligence Laboratory and one of the authors of the report. The report is scheduled to be presented at the Association for Computing Machinery (ACM) Conference on Computer and Communications Security next month.

The research raises questions about a fundamental assumption about cloud computing which says that data hosted in a cloud is relatively safe from targeted attacks because it's hard to know where in the cloud the data is located. The research also comes at a time when concerns are high about security and privacy issues related to cloud computing.

Amazon called the threat "hypothetical" and it would be difficult to initiate in practice. Perhaps we'll get a better idea of the true nature of the threat to cloud computing after the paper is presented at the ACM conference.

Google's New Navigation Software: Collecting info about where you are in real time (to serve real time ads?)

The just announced Google Maps Navigation looks pretty cool:

Google is announcing plans Wednesday to release a new Android application called Google Maps Navigation. When combined with a GPS-equipped mobile phone running Android 2.0, it provides turn-by-turn directions powered by Google Maps and a slick user interface that combines features such as voice recognition and Google Street View. Google Maps Navigation, like seemingly everything that emerges from Google, will be free.

"Mobile platforms--Android and others--are so powerful now that you can build client apps that can do magical things connected to the cloud," said Google CEO Eric Schmidt in a briefing for reporters at Google's headquarters on Tuesday.

The software won't be open sourced, but will be "free"--so how will Google make money?  It could license the software, perhaps to Apple for the iPhone. But Google will likely try to make money through its bread-and-butter advertising network. 

So I wonder what information will be collected by Google. Does that mean Google will not only know what I've searched for, what's in my email, what photos I have in Picassa, and where I want to go--but it'll know where I am presently and how far I am from my destination? That's cool...maybe...or not. 

BTW, the Verizon Droid also looks pretty cool.

Once Begun is ONLY Half Done

Buddha teaches us that there are only two mistakes that can be made along the road to truth: not starting and not going all the way. 

In the brief history of Internet governance, few initiatives have been greeted with wider support than the recently signed Affirmation of Commitments between the U.S. Department of Commerce and the Internet Corporation for Assigned Names and Numbers (ICANN). The praise is well deserved, but now it's time to remind ICANN of the problems that the AOC did not solve, most importantly ICANN's ongoing accountability gap. At an ICANN meeting, you can gauge the contention over an issue by the volume (in both senses of the word) of comments at the public forum. The discussion over the Affirmation of Commitments lasted barely 15 minutes. The AoC represents a major step forward for ICANN, transitioning the organization out of an era of U.S. dominance and into a truly global future, where governments and the international community share in oversight over a truly independent, private-sector-led consensus-building body. What it does not do is create a sustainable accountability structure for ICANN. That task remains -- or should remain -- squarely on ICANN's plate.

Prior to the expiration of the Joint Project Agreement between ICANN and the U.S. Government, ICANN began a process of "Improving Institutional Confidence" to resolve outstanding issues relating to security, stability, transparency and, above all, accountability. I say "began" because despite some promising early efforts, the IIC process never managed to adequately address the problems it was created to solve. That would be fine, if the bright people involved with the process were continuing their important work, but there seems to be a belief by some within ICANN that signing the AoC ended their obligation to address these serious community concerns. In all the hours of concurrent meetings taking place over the past week, there wasn't a single session devoted to the Improving Institutional Confidence process or for that matter to the top issue raised in that process: the challenge of creating an lasting, effective accountability structure within ICANN. If there was agreement on anything in the months leading up to the expiration of the JPA, it was that the ICANN board must be accountable to some entity or entities other than itself. In response to broad-based outcry from the global Internet community, ICANN's President's Strategy Committee offered several proposed solutions to the accountability problem. While none of these proposals hit the mark, their continued evolution was an encouraging sign that ICANN took the issue seriously. Now the global community is worried that ICANN was just waiting out the clock on the JPA. With it gone and the Affirmation of Commitments in place, it's important not to declare victory and move onto other things. During a one hour session discussing the AoC, ICANN Board Chair Peter Dengate Thrush remarked that he would have preferred that these issues had been resolved prior to the expiration of the JPA but that other issues intervened including the launch of new gTLDs. I would contend that this very initiative raises the stakes for ICANN accountability considerably and far from being a reason to delay, the gTLD initiative represents a need for urgency in developing accountability mechanisms.

I hate to be the one to spoil the party, but very soon it's going to be time to sweep away the confetti and get back to the serious work of ensuring that ICANN is accountable to the community it seeks to represent. Returning, if I may, to the wisdom of Buddha " An idea that is developed and put into action is more important than an idea that exists only as an idea."

New Processors in Mobile Market Helps Handsets, Helps Software Developers

As featured on Slashdot, competition among processors that power mobile handsets is heating up.

ARM--whose chips dominate the mobile phone market--announced its smallest, lowers power multicore chip yet. These chips are meant to compete against Intel's Atom processor (which powers many Netbooks) in the smartphone market.

As users look to their iPhone, Blackberry, Android or Windows Mobile device to do more, processors need to keep up. Faster processors allow software developers to create more useful applications. It's a sort of symbiotic relationship -- hardware advancements, driven by increased competition, means more software innovation!  

This Week In Antitrust

Today, we're kicking off a new feature on the blog, a weekly round up of the tech industry's various antitrust cases and "potential" antitrust concerns. While last week's antitrust news was dominated by competition concerns outside the technology industry (health insurers and the BCS), there were a few notable stories coming out of the world tech competition.

Amazon - Are Amazon, Wal-Mart, and Target Pricing Like Predators? | WSJ Blog

Apparently, the American Booksellers Association (representing small and independent booksellers) has written to the DOJ asking it to "investigate the book price war under way between those three retailing heavies to determine if it constitutes “illegal predatory pricing.”

In a letter dated Oct. 22, the ABA said it believes that the discount pricing—which has led to 10 of the most anticipated hardcover titles being priced as low as $8.98 on Walmart.com—amounts to such an act and that it is “damaging to the book industry and harmful to consumers.”

And a great quote from Gary Reback about why the case is unlikely to make it to court:

”Successful predatory-pricing cases are as rare as Bigfoot sightings."

IBM - IBM Facing Double Legal Trouble | San Francisco Chronicle
The San Francisco Chronicle and IDG ask which is worse for IBM, the fact that the head of Big Blue's Systems and Technology Group has been charged by the SEC with insider trading, or that the US Department of Justice is formally investigating alleged abuses of IBM's mainframe monopoly. One key quote:

"Djurdjevic writes that IBM is dealing with "triple trouble," referring to the two legal incidents and a beating taken by IBM stock. Out of the three, the insider trading allegation "probably hurt the most," he writes... Oct. 16 may go down as a "Black Friday" in IBM history, he says."

Google - Obama & Google (a love story) | Fortune

Fortune Deconstructs the Google Lobbying Strategy on Competition Issues and the Company's Relationship with the Obama Administration. This article has some great insights into Google's Washington operation and its strategy for overcoming potential competition issues. While it is clear that Google is trying to learn from Microsoft's mistakes in the antitrust world, it hasn't completely avoided them and is even creating some new problems. As the article suggests:

Google...likes to portray its Washington operation as a quasi-academic resource that's above the political fray. Politicians and their staffers "are sometimes taken aback by the fact that we don't always act the way that other companies act," says Bob Boorstin, a former Clinton White House speechwriter who works on freedom of expression issues in Google's Washington, D.C., office. "What we offer is technological expertise ... It's a company that's a think tank, or a think tank that's a company."

To which the author suggests:

Either Google is very naive about the way Washington works, or it thinks everyone else is.

Cloaking corporate interests in the "public interest" is a long-time lobbying tactic that we recently warned about in the tech sector. While the interests of corporations and the public often intersect, any company that suggests is policy interests are a mirror image of the public interests is overstating at best.

This is particularly problematics given what the article calls the "Orwellian nature of Google's power."

"Google is in a position to pick the winners in just about every web-based market," says antitrust lawyer Gary Reback, who is part of the charge against Google Book Search. And, he adds, "it can do it without anyone even knowing."

And this power is creating real concern in Washington. Google has to do a lot more than say "trust us" if it wants to quell the growing concerns about its dominance.

Eric Schmidt recently suggested to a group of reporters that Google's culture was the strong hand that kept it from engaging in anticompetitive behavior: "If somehow we went into a room with the evil light, and we announced an evil strategy, we would be destroyed," he said. "There is a fundamental trust relationship between Google and its users." He shared similar comments, according to Wired, with Varney's predecessor at the Justice Department, who apparently was floored that "trust" was Schmidt's legal justification for pushing through the Yahoo/Google deal.

Microsoft - Microsoft/ Yahoo! Search Deal Gets Support From Major US Advertising Agency Group | Marketwatch

The American Association of Advertising Agencies, representing some of the world's largest advertising firms, wrote the Department of Justice in support the proposed partnership between Microsoft and Yahoo! on Search and search-based advertising. The partnership is currently being reviewed by the DOJ for any potential competition issues.

"We believe that Yahoo and Microsoft's proposal to combine their technologies and search platforms is good for advertisers, marketing services agencies, Web site publishers and consumers," the American Association of Advertising Agencies said in a statement.

Oracle/Sun - Oracle Fails to Convince MySQL Doubters | The Register

It appears that Oracle has not convinced FSF founder Richard Stallman, MySQL founder Michael Widenius, or, most importantly, European antitrust commissioner Neelie Kroes that its acquisition of Sun and MySQL poses no competitive problems. This is a really fascinating case when you start to think about open source licensing and business models.

A spokesman for Competition Commissioner 'Steelie' Neelie Kroes said the Commissioner had: "expressed disappointment that Oracle had failed to produce, despite repeated requests, either hard evidence that there were no competition problems or, alternatively, proposals for a remedy to the competition problems identified by the Commission", according to the Beeb.

"Hey, Pot... It's the Kettle."

This news story from last week just about speaks for itself, and little commentary is needed. (And no, it's not a leftover from April 1.) It feels like something that should be on SNL's "Really?!?!?! With Seth & Amy." I mean, China... Really?!

Chinese Group Says Google Violating Copyrights

No Patent Troll Here -- Rewarding Innovation Down Under Through Patents

Slashdot's recent discussion of how an Australian research/tech transfer agency enforced its patent rights against 14 of the world's largest tech companies has what everybody should view as a happy ending: reinvestment.

Australia's CSIRO has "injected $150 million from the proceeds of its wi-fi technology to the once-defunct science and industry endowment fund, originally established by parliament in 1926" according to the Aussie news article. The article also has a great quote:

It's very important that when you have a success like this, you re-invest it back into the wellspring," CSIRO boss Megan Clark said.

Exactly! This is what the patent system is supposed to be all about. Rewarding innovation creation and providing incentives for new research. Here, it's a government agency that benefits. But it could be a small IT company that uses patents to also invest back into the "wellspring." 

LA City Council Reads ACT's "Paying for Free" Paper

OK, maybe nobody on the city council actually read Paying for Free, the paper where we describe the security, privacy and sustainability costs of "free" software. Still, on Monday the Los Angeles city council delayed its vote on a contract to replace the city's email system. with Google Apps. The reason: concerns over costs.

Cloud-based software is often touted as an easy way to save money instead of using software installed locally on desktops and servers. Often, cloud-based software and services are even "free" to use (in the sense that they have $0 license fees) but will be supported by advertisements. Users often provide personal information or consent to targeted ads based on their interests to help online companies pay for these free services.

In Los Angeles, the city is rightly considering the costs as well as the benefits of the software that it chooses.  There are also cloud computing security concerns over storing sensitive city/law enforcement information on remote servers. These too are a potential cost that should be weighed into the mix of total costs of ownership. Free of licensing fees does not mean free to use.

The Meaning of Innovation—And What's Coming Next

It’s a term that’s been thrown around a lot over the past couple of years, at times being more popular than at others.  Now seems to be one of those times when “innovation” is the hot word—but what the heck does it even mean?

I was at a Business of Innovation conference last week—there’s “innovation” right there in the title!—and defining “innovation” was a portion of several presentations. 

The dictionary says that innovation is simply “the introduction of something new.” But for people looking to make money from innovation, it’s got to be more than that.  “Something new” comes along all of the time, but does that mean it’s innovative?

One of the presenters said that a renewed interest in “innovation” is a result of the recession. He went on to say that 18 months or two years ago you would have been hard-pressed to find a conference on innovation, and now they’re everywhere. Since companies have laid off as many people as they could and cut expenses back as much as possible as a means to surviving the downturn, now they must concentrate on growth in order to survive. And how does that happen? Innovation.  And apparently history shows that recessions are a pretty good time to introduce and sustain innovation.

One definition of business innovation was the “successful outcome of bringing a novel product, service, or customer services to market in a way that creates significant new customer value.” And many innovations fitting that description have been introduced in recessions, including:

• Light bulbs (1876)
• Scotch tape (1930)
• Fluorescent lamps (1938)
• Disposable diapers (1961)
• Post-its (1974)
• World wide web (1991)
• iPod (2001)

These innovations weren’t just about novel products, or about the R&D behind them (there does not seem to be a correlation between R&D and innovation), their patents, the creativity of the team, or product improvements. These were about establishing positions of “ownable distinction”—things like their market positioning, being first-movers, branding, and the totality of their intellectual property rights (IPR).

Over at the Innovators Network, our Entrepreneurs in Residence have written about the role of intellectual property in economic downturns. Andre Carter wrote about how “Times like this support and encourage new ideas, methods, and channels; in turn, this makes the likelihood of increased small business activity, especially IP-based, high” and looking at the full scope of your intellectual property rights to find new opportunities. IP attorney Rob Cogan gave us this chart to help distinguish and define those various assets that comprise the totality of your IPR.

Thinking about all of these things combined has me sort of excited. Since most economists say that the recession is ending, that should mean that we’re also just about due for some ground-breaking, disruptive innovation.  I feel like a kid on Christmas Eve wondering if Santa’s going to come and, if so, what’s he going to BRING?? (Somebody at the conference suggested that the big innovation to come out of this recession is going to be LED lighting. I suppose that’s cool, but doesn’t seem life-changing. Unless, of course, all hotels and stores change from their horrid florescent lighting to the more flattering LED. In that case, I’m on board.)