Texas has blazed a trail of raising high school graduation requirements and testing standards to meet the growing demands of the 21^st century. For years, these efforts have attracted national attention and set the stage for other states to follow suit. Now, a concerted push by state legislators to reduce academic rigorin Texasis attracting an entirely different type of attention. 

In what can only be characterized as adisappointing retreat from academic standards, the Texas House of Representatives passed House Bill 5 last month. The bill would eliminate the State’s current 4x4-recommended, high school graduation plan and reduce the number of end-of-course exams from 15 to 5.

An educated workforce is the backbone of our economy. Now is not the time to reverse course, lower expectations and water down the curriculum. All high school students – whether they plan to get technical training or go to college – will be better prepared for future jobs by maintaining our state’s current rigorous graduation requirements, especially in math, science and English.

Already, almost half of Texas community college students require remedial math courses. HB 5 would require fewer math and science courses to graduate, and it would also remove Algebra II and English III testing requirements to get a “foundation” diploma under the proposed legislation.

Studies have shown that fewer than 20 percent of students whose highest-level math course was geometry earn a bachelor’s degree. The number jumps to 39.3 percent for students whose most challenging course was Algebra II (Adelman from the Department of Education). These statistics illustrate the direct relationship between challenging high school coursework and college success.

According to reports, the number of Texas jobs requiring post-secondary education will have grown 20 percent between 2008 and 2018, and jobs in science, technology, engineering and mathematics (STEM) will have grown by 22 percent—faster than in most other states. More than 90 percent of those jobs will require post-secondary education. (The Georgetown University Center on Education and the Workforce)

High school students graduating under the proposed requirements in SB 3 are less likely to acquire the skills necessary to qualify for jobs in an increasingly-competitive global marketplace. Part of the problem with HB 5 is that it allows the student and their parent to elect the easiest path to graduation as the default plan, rather that making them opt-out of the more rigorous 4x4 plan today. What ninth grader wouldn’t want the easier path?

Yet, then pushed towards academic rigor, our Texas students rise to the challenge. While the state has been increasing graduation standards under the 4x4, our graduation rates have also increased! The graduation rate rose from 63 percent in 2007 to 72 percent in 2011. This is the opposite of what the proponents are saying about the need for HB 5, that our tough graduation standards will cause too many students to drop out of high school. The evidence does not support their position.

If Texas employers are unable to hire qualified new recruits, our companies will quickly look elsewhere for a supply of technical workers and technology-based jobs will move out of state. Moreover, reducing state-wide educational standards will serve as a deterrent for companies interested in relocating to Texas. 

It is reasonable to compromise on reducing the number of end-of-course exams; however, it is unacceptable to compromise on the future of our students by lowering graduation requirements.

What we gain by taking short-cuts on academic rigor in high schools, we sacrifice in job placement for students and economic growthfor years down the road. Do not sell our students, or our state, short.

William C. ‘Bill’ Sproull is the president/CEO of the Metroplex Technology Business Council, the largest technology trade association in Texas, advocating for the growth of the technology in North Texas.

Organizations considering BYOD (bring your own device) policies need to incorporate the following best practices that address four major mobile device security threat vectors:

Users
In exchange for enjoying the conveniences afforded by BYOD, individual users must appreciate the vital role they play in mitigating mobile device security risks. Part of this responsibility entails individual users giving up some personal freedoms pertaining to mobile device settings, downloading of applications and use of public networks. Employees must be educated on the need and rationale for such BYOD tradeoffs and acknowledge security considerations through signed mobile device agreements.

Physical Access
Mobile devices get lost, stolen or are left unattended. To safeguard against unauthorized physical access in such situations, any mobile devices used for company purposes should include strong password authentication controls and data encryption settings that cannot be circumvented easily. Organizations should also deploy Mobile Device Management (MDM) software that allows managers to remotely “lock down” a missing mobile device and erase data residing on that device.

Wireless Communications Networks
Many venues offer free public wireless communication network (wifi) accessibility. However, it is fairly simple for unauthorized parties to intercept information transmitted within a public wifi network. Requiring use of a wireless virtual private network (VPN) or a secure sockets layer (SSL) connection helps mitigate that risk. The use of one-time passwords also helps ensure that if session data is intercepted, it cannot be used again.

Malware
Mobile device applications downloaded from unfamiliar sources are a major source of malware. Clicking on questionable links found in e-mail messages or browser windows may also expose a mobile device to malware. Users need to be educated about such dangers through regular security awareness training programs. Mobile devices should also be configured with anti-malware software that detects malicious or unwanted programs.

Address Mitigation Steps within Enterprise Risk Management Program
Mobile device computing and BYOD use offer considerable potential productivity and workplace satisfaction benefits. Management has a responsibility to engage and educate employees on potential mobile device threats and provide guidance on how to avoid security risks. Addressing mobile device security exposures within overall risk management efforts will enable companies to more fully realize those benefits.

Brian Thomas, CISA, CISSP is a partner and Brittany Teare, CISA is a manager in advisory services for Weaver, ranked the largest independent accounting firm in the Southwest based in the Dallas/Fort Worth Metroplex with offices throughout Texas. Brian can be reached at 713.800.1050 or Brian.Thomas@WeaverLLP.com and Brittany can be reached at 972.448.9299 or Brittany.Teare@WeaverLLP.com.

Use of personally owned smart phones and tablets in the workplace has become very common for organizations in 2013. The trend is commonly known as BYOD (bring your own device).

BYOD offers employees and companies numerous benefits such as eliminating the need for employees to retain separate devices for work and personal needs, and making it easier to complete work tasks away from physical workplaces and outside of regular work hours. However, these benefits come with a price. Specifically, there are security complications associated with allowing company information to reside on personally owned devices.

Possible/Probable Threat Vectors for Mobile Devices

There are four major threat vectors that must be considered with mobile devices - especially in a BYOD scenario:

• Users
• Physical access
• Wireless communications networks
• Malware

In exchange for the convenience afforded by BYOD, users must appreciate the vital role they have in combatting mobile device security risks. That requires educating users about the risks associated with certain activities as a means of encouraging adherence to company policies and practices. In addition, users need to be conditioned that they may lose some rights for the convenience of having access to company information on a personally owned device.

The most common risk with mobile devices is that they are often lost, stolen or left unattended. Therefore, password authentication controls and encryption settings that cannot be circumvented are needed, as are the capabilities to remotely remove data from a missing device. This is not easy to manage in a BYOD environment because of the variety of security capabilities available in various devices.

Many venues offer free public wireless communication network (wifi) accessibility. Unfortunately, it is very easy for unintended parties to intercept information transmitted to and from such a network. Individuals need to recognize public wifi risks and should be given training and tools to avoid unnecessary exposure.

Malware is a critical security and growing threat for mobile devices. The ability to download consumer apps at will is part of the experience mobile device users expect in 2013. However, this is at odds with traditional security policies and exposes users to the threat of malware, especially in BYOD environments that permit Android devices.

Mitigation Strategies for Security Exposures

BYOD and mobile device security threats must be considered within a company’s overall risk management approach. Risk mitigation measures include establishing BYOD and mobile device use policies, employee education, deployment of mobile device management (MDM) tools and periodic risk management reviews. The next BYOD and mobile device security article will more fully discuss best practices for mitigating related risks.

Brian Thomas, CISA, CISSP is a partner and Brittany Teare, CISA is a manager in advisory services for Weaver, ranked the largest independent accounting firm in the Southwest based in the Dallas/Fort Worth Metroplex with offices throughout Texas. Brian can be reached at 713.800.1050 or Brian.Thomas@WeaverLLP.com and Brittany can be reached at 972.448.9299 or Brittany.Teare@WeaverLLP.com.

Living in an information-driven world, information increases exponentially, becoming more and more challenging to manage and secure. Enter Symantec, a global leader in security, storage and systems management solutions. From consumers and small businesses to the largest global organizations, Symantec secures and manages information at more points and more completely than any other company.

“We provide security at all levels –the device level, the enterprise level and the application level, and we are the only company that does this,” said Paul Osborn, global partner manager for Symantec. “There are companies who do one or two of these things, but we are the only one that does all three.”

Securing the cloud is a significant area of focus for Symantec and is one of the reasons the company joined the MTBC – to participate on the Cloud special interest group. Symantec believes it has exceptional intelligence that will benefit the industry.

Now that technology has matured enough to use the cloud economically, trust and security are paramount, especially with the advancement of mobile technology during the past two years. The characteristics of mobile devices are more powerful than desktops and have location-based services that help users make decisions based on where they are. It’s a powerful benefit of mobile technology, but also brings security risks, both to users and enterprises because of BYOD (bring your own device) considerations. More and more people are using their personal devices in the world of enterprise.

“How do you effectively secure that device in a way that gives the user personal use but also enables them to do the things the company is expecting?,” said Ray Greenan, director of telecom marketing. “There’s also the issue of wiping out business data while keeping personal data intact if those people move on to another job. We provide those solutions.”

Symantec covers more mobile security than anyone else. Its Mobile Management Suite is a comprehensive mobile business enablement solution addressing a diverse set of enterprise mobility needs. It offers scalable device management, innovative application management and trusted threat protection technology. Mobile Management Suite provides all the capabilities needed for enterprises to enable, secure and manage mobile devices, applications and data.

The key to all of Symantec’s solutions, including its popular line of Norton products, is Symantec’s global intelligence network. Symantec has security research centers around the world which provide unparalleled analysis and protection from security risks. It also has tens of thousands of sensors around the globe to monitor online behavior and detect potential threats before they happen.

“Our global intelligence network gives us great insight on how to manage and ward off particular threats. It helps us understand what kind of mischief is happening so we can get ahead of it,” Greenan said.

As a result of this intelligence, Symantec has been instrumental in helping a variety of government entities and the cellular industry establish cyber security standards.

“It’s more than the government trying to protect their own data. The private sector needs help as well,” said Osborn. “If the industry can drive this effort, the outcome will be a lot better.”

Symantec was founded in 1982 by visionary computer scientists. The company has evolved to become one of the world’s largest software companies with more than 18,500 employees in more than 50 countries. More information about Symantec is available on the company’s website.

Recently, I attended an MTBC tech industry luncheon and was pleased to meet several other women in technology. Unfortunately, the perception of the number of women in technology is well below the reality for the general public.Part of the misguided perception lies in the unbalanced portrayal of technology women in the media. As a fellow woman in technology and the media, I want to emphasize the impact that the media has had on women in science, technology, engineering and math (STEM) jobs.

One group that is trying to improve the portrayal of women in media is The Geena Davis Institute on Gender in Media.Their marketing research showed that in family films from 2006 to 2009, not one female character was depicted in G-rated family films in the field of medical science, as a business leader, in law or politics. In film group scenes, only 17% of the characters are female. Where are all the women?  

Here are a few more facts I learned about women in media from The Geena Davis Institute and the U.S. Department of Commerce, Economics and Statistics Administration:

· Males outnumber females 3 to 1 in family films. In contrast, females comprise just over 50% of the population in the United States. Even more staggering is the fact that this ratio, as seen in family films, is the same as it was in 1946.

· Females are almost four times as likely as males to be shown in sexy attire. Further, females are nearly twice as likely as males to be shown with a diminutive waistline. Generally unrealistic figures are more likely to be seen on females than males.

· Females are also underrepresented behind the camera. Across 1,565 content creators, only 7% of directors, 13% of writers, and 20% of producers are female. This translates to 4.8 males working behind-the-scenes to every one female.

In these films, 80.5% of all working characters are male and 19.5% are female. This is a contrast to real world statistics, where women comprise 50% of the workforce.  Here’s another look at how women are portrayed in television and film.

      Source: Geena Davis Institute on Gender in Media

 According to the Census Bureau’s 2009 American Community Survey (ACS), women make up 48% of the US workforce but only 24% hold positions in STEM jobs. That representation is even more exaggerated in the media with a only a 17% female representation in those types of positions. So, my fellow women in science, technology, engineering, and math, please continue to support the MTBC organization and portray the great number of women in the DFW area involved in STEM careers.

More than 15 percent of kids ages 10 to 18 said they have texted sexual images or messages, according to a recent survey published in the journal entitled Pediatrics. That doesn’t include the number of kids who have looked at explicit photos or videos online. Some security apps for smart phones allow parents to track messages and data received and sent on their children's phones, but once the messages are sent, it’s too late. Enter MTBC member ImageVision.

A pioneer in the visual search industry, ImageVision has developed the world’s only solution for identifying and isolating explicit videos, images and text at both the server and the mobile device levels. ImageVision technology blocks illicit content from smartphones, tablets and social networks and handles a full array of content detection such as nudity, pornography, sexting, hate speech, logos and violence in online and mobile environments. This revolutionary intellectual property is patent pending in various areas of image analysis, including wavelet mathematics, video fingerprinting, video search, nudity recognition and embedded mobile object recognition.

“Smartphone and tablet makers embed our technology directly on their mobile devices so that wireless carriers can offer a completely ‘kid-safe experience’,” said CEO Steven White. “Reducing the costs of content moderation for social networking sites, we integrate our technology into the web services architecture, where it operates at a speed and scale that’s necessary to meet the exploding popularity of shared video and images.”

To put the power of this technology in perspective, a human can moderate 50 minutes of video per hour. ImageVision can moderate 50,400 minutes per hour, per server. The average human can scan 5,000 photos per hour. ImageVision scans 720,000 photos per hour, per server. This technology identifies nudity and images by looking for attributes and shapes unique to human beings. Unlike other programs which look for characteristics of body parts, the ImageVision technology uses artificial intelligence to find actual body parts. It is so precise that it can identify the texture of human skin, not just tonality. It can identify all of these aspects within milliseconds. The mobile solution offers integration at the camera device layer, which doesn’t just keep kids from viewing illicit content, but prohibits them from sending it, as well.

“We will continue to innovate to advance our customer’s objectives of protecting their brands and end users while minimizing costs and maximizing revenue opportunities,” White said. White was the winner of the 2012 Tech Titans Emerging Company CEO Award. View his acceptance speech.

ImageVision is a Texas-based company with headquarters in Anna, Texas, just north of the DFW metroplex. It was founded in 2008 and has 16 employees. More information about ImageVision is available on the company website.

WhichBox’s CEO, Bettina Bennett, was a finalist in this year’s Tech Titans for Emerging Company CEO.

 WhichBox media is changing the future of online publishing, and it couldn’t come soon enough. In the U.S. alone, more than 1,200 magazines have shut down since 2008, and many major newspapers have filed for bankruptcy. As audiences migrate online, publishers are discovering it’s not easy to monetize content or engage and grow that audience. It’s a problem other industries face as well.

Integrating and maintaining today’s array of web infrastructure applications is a growing burden to already strained budgets. As costs continue to rise and ROI decreases, most small and midsize organizations don’t have the financial reach for a content-centric web 2.0 presence. Until now, that is.

WhichBox Media is a software-as-a-service (SaaS) company, providing a proprietary next-generation content creation, management and monetization, online publishing, social networking and social media technology platform built for publishers and media companies, businesses and the enterprise, not-for-profits, trade and professional organizations, educators and eLearning environments. WhichBox is a fully integrated and feature-deep platform designed to empower content-rich organizations to manage multiple domain verticals from a single dashboard, manage their content and its distribution and syndication. Unlike so many great ideas on the web, at WhichBox, monetization is not an afterthought -- it is coded in the WhichBoxDNA.

“WhichBox is the first and only convergent technology platform, built from the ground up, to be affordable, relevancy driven and content focused,” said Bettina Bennett,CEOand chief maverick. “We offer a turnkey all-in-one platform to create, publish and monetize all-media web content using our organic storytelling model.”

The challenges

WhichBox is a media development, publishing, distribution and syndication company. In its quest to help publishers and brands culturally re-think and revolutionize themselves as customer-focused media organizations, they found each organization wrestling with the same major challenges:
·   Evolution of technology for web, media, and content
·       Growing audience demands
·         Increased sophistication needed

The WhichBox team tested every commercial solution on the market but kept running in to the same problem. These solutions were forcing companies to fit themselves into a specific technology instead of fitting their technology to the unique needs of the client.

Building a solution

There was only one solution – investing in and build a proprietary technology to fit the publishing and media business. Benefits of the platform include:
•          B2B SaaS (software as a service) platform
•          Scalable, low-cost, fast deployment
•          No IT required / No technology wrangling
•          Patent pending all media, organic storytelling® technology
•          Multi-publication and syndication environment
•          Destination device agnostic

The platform removes the boundaries between social networking, social media and content. It makes it easier for companies to generate rich, unique content by engaging the audience where they want to be engaged. It makes the online experience authentic for the audience and enables companies to focus on content instead of technology. Perhaps most important, it helps companies avoid becoming obsolete.

Results

TownSquareBuzz.com was in business as McKinneyNews.net for seven years, before changing names and switching to the WhichBox platform. Within six months on WhichBox, TownSquare Buzz experienced organic audience growth of 50 percent, revenue growth of 75 percent and received thousands of user contributions. The Town Square Buzz now receives more than 50 monthly citizen articles, has received national attention for exclusive user-covered events and has added a new audience of teenage high school students.

“We’re now able to empower our communities and neighborhoods…Our readers are now publishers themselves,” said Angie Bado, owner and publisher of Town Square Buzz. “Moreover, the WhichBox platform has liberated my team, so we can focus completely on our publication instead of the technology. For the first time in year, I am actually enjoying creating content.

In order to not just survive, but strive, content owners have to take a chance, create their own aggregators, make their content available on any platform their audience wants to consume it on, and look for new opportunities – by being creative and not letting existing business structures dictate their moves. Publishers have to take their content, make it more interesting, start using content in different ways and get out of silos.

The WhichBox platform makes that both possible and affordable. Find out more about the company from their website: http://whichboxmedia.com/

Lewis & Fowler has a straightforward mission - enable Fortune 1000 companies to successfully manage and execute their most important business and IT initiatives. They accomplish this by combining their services with a team of seasoned consultants who are uniquely equipped to address the issues and needs of each client.

The people at Lewis & Fowler understand the types of challenges you're up against. They can develop strategies and solutions to overcome them. They also understand that achieving your goals requires insight, effective methodologies and strong leadership, coupled with a laser like focus on execution.

Lewis & Fowler has established a reputation for offering insightful strategic business consulting services supported by a hands-on approach to implementation. Their passion for their clients' businesses and commitment to their vision, mission, and objectives allows them to engage at a higher level, driving meaningful and measurable results.

For more information about Lewis & Fowler, visit the firm’s website.

The average human can scan 5,000 photos per hour. ImageVision scans 720,000 photos per hour, per server. ImageVision is the visual searching technology of tomorrow’s online and mobile world. Based in Anna, Texas, this software solutions company is comprised of engineers, developers, social media directors and others with a common goal of cleaning up communications.

ImageVision is the pioneer of the visual search industry. It has developed the only solution for identifying and isolating inappropriate content in consumer, enterprise, web publishing, advertising and mobile communication digital environments. Its EyeGuardian solution offers the most advanced and comprehensive way to visually search and understand user-generated content. The technology is designed to monitor, protect and ensure that inappropriate, illicit or unwanted content will not damage the reputation of children, employees or brands. It handles a full array of content detection such as nudity, pornography, sexting, hate speech, logos and violence in online and mobile environments.

The EyeGuardian suite is revolutionary with its abilities to handle a vast array of content moderation and compliance solutions across Internet and mobile environments. More information is available on the ImageVision website.

Mark Armentrout was board chairman of ERCOT from 2005 through 2008. He recently spoke to our public policy committee on the need for greater energy supply, generation and innovation in Texas.

Any economist will tell you that a competitive market will, over time, evolve and industries need to adapt or ultimately go the way of the rotary phone. Texas currently leads the nation’s economic growth engine, but to maintain that status, it is imperative that we have a growing electric supply and an incentive for new generation. Demand is growing in Texas, but electric supply is not. When that happens, the lights can go out.

The Texas electric market is managed by the Electric Reliability Council of Texas (ERCOT). In its first decade, ERCOT's market has become extremely efficient, seen incredible innovation and provided consumers with a wide array of choices not found in many other states and regions.

ERCOT is remarkably reliable and inviting to competitors nationwide. That is good for Texas consumers. But for all its intricacies, the Texas electric market is, at its heart, a pretty simple supply-and-demand model. About 550 generating units supply the power to meet the daily demands of the market and its 23 million consumers.

The market set a new winter peak demand record in February, three new all-time peak demand records in just four days last August, and a weekend peak demand in late August. Notably, the market also set a new wind generation record in October. And Texas continues to grow. A recent SMU Cox School of Business report says Dallas-Fort Worth alone is on pace to add almost one million residents every six years. What's not growing is electricity supply, which means demand could eventually outstrips supply in the electric market.

ERCOT President and CEO Trip Doggett briefed the Texas House of Representatives’ State Affairs committee last month about this "resource adequacy" issue. ERCOT seeks to maintain what's known as a "reserve margin" for generation. This margin, which provides a cushion should demand unexpectedly jump or a power unit go offline, is targeted for 13.75 percent. Doggett said as soon as the summer of 2013, that reserve margin will fall below the target.

Wholesale power prices in the ERCOT market follow natural gas prices. This is because natural gas is the swing fuel for our electric grid. In other words, we turn gas generating plants on or off to meet demand.Shale gas, as in the Barnett and Eagle Ford fields, has driven prices to historic lows and will last for generations. A recent MIT study states that we have a known 80-year supply of natural gas. Therefore, electricity prices have also fallen dramatically in both retail and wholesale markets.

Markets rely on price signals for companies and investors to plan, design and build new supply. In ERCOT, as in other electric markets, new generating plants are expensive and can run well into the hundreds of millions of dollars, paid for by investors and power companies. The cost to build is not passed on to the consumer, as it is in most other parts of the country in what are called capacity markets.

What I see in ERCOT's data is that investors have become very leery of making further investments in power plants here. Something has to change. ERCOT recently contracted with the Brattle Group to broadly study how to create investment to ensure electricity supply for our growing state's needs. That report is available on the ERCOT website.

Time is of the essence. Faced with chronically low natural gas prices complicated by additional risks of the state's drought and increasing EPA regulations, to stay open for business we need a growing supply of electricity to fuel Texas' future.

According to the 2012 IDG Enterprise Unified Communications and Collaboration (UC&C) survey, 90% of organizations (which, as a whole, are already spending an average of $383,000/year on UC&C solutions) plan to invest in unified communications and collaboration in the next 12 months. Consider this, along with the sixty-three percent of organizations that plan to increase their IT budget allocation for cloud initiatives by 16% over the next 12 months (via the 2012 IDG Enterprise Cloud Computing survey), and it’s hard to ignore the significance that both cloud and collaboration solutions will have over the next year.

As more resources (budgetary and otherwise) are being shifted to support cloud initiatives, it’s important to acknowledge both the short- and long-term benefits of moving your collaboration solutions to the cloud to understand why it might be worth your company’s time. Collaboration, at its most basic level, delivers value to the enterprise with operational ROI by avoiding unnecessary costs, productivity ROI by improving processes and interactions and strategic ROI through business transformation. So how exactly can collaboration in the cloud benefit the enterprise?

Let me outline what I see as the four main benefits:

Improved User Experience
Cloud-based collaboration solutions offer users a consistent experience across all devices. For example, I don’t need to worry about inconsistencies in my WebEx presentation whether my colleagues are taking the meeting from a smartphone in an airport, a laptop in an office or a tablet by the pool. Knowing that everyone is getting the same experience across devices, I don’t have to tailor my presentation to each attendee.

Optimized Resources
The fiscal benefits of moving to the cloud have been widely documented, but resource gains go beyond potential monetary advantages. The cloud offers unification and automation of operations across employees and offices, permitting IT to be more efficient and allowing executives to focus investments less on operational issues, and more on strategic priorities.

Enabling IT & Business Agility
By creating a consistent solution via the cloud, IT can offer evergreen applications to employees, allowing users to utilize the latest versions of the most up-to-date apps. This permits IT to be nimble when faced with an onslaught of new devices and application upgrades. 

Maintaining Control & Management
Offering collaboration solutions via the cloud improves the pace and consistency of application deployments by providing IT full visibility into, and control of, collaboration applications across the organization. With visibility and control, IT has a greater chance of enabling business continuity for employees by providing consistent upgrades across the organization.

There are now over 7 billion people on the planet. Our challenge as business leaders is to enable the next wave of productivity and innovation for our companies. The cloud is the next big step in the evolution of the internet, offering a more scalable, flexible and reliable place to house your collaboration solutions to power the latest technology and, in turn, facilitate greater innovation.

MicroTransponder Inc. is a medical device company spun out from the University of Texas at Dallas in 2007. Dr. Larry Cauller, a PHD neuroscientist, is one of the founders and had the vision to create a company to work hand-in-hand with the University of Texas at Dallas to create innovative neurological devices.

MicroTransponder currently is developing The Serenity System™ to treat tinnitus, also know as ringing in the ears. The Serenity System™ pairs an existing therapy called Vagus Nerve Stimulation (VNS) with listening to tones. VNS is approved by the FDA and has been used to treat more than 60,000 patients for epilepsy and depression, but has not yet been evaluated for safety or efficacy to treat tinnitus.

The device is fully implantable and can easily be used at home. During the therapy, an individual sits in a comfortable chair and wears headphones. They listen to tones while receiving small bursts of neurostimulation, which activate the vagus nerve.

MicroTransponder has an experienced team of neuroengineers and clinicians collaborating with academics to develop neurostimulation solutions to treat neurological diseases and bring those therapies into the clinic for the benefit of patients.

More information is available on the MicroTransponder website.

ExpandWith is your small business advocate and larger enterprise partner. It empowers companies to increase their efficiency and boost their sales performance.

ExpandWith provides services that can multiply a company’s in-house capacity while enabling it to focus on what matters – growing the business. Services, which are tailored to the unique needs of each client, include wireless billing management, sales hiring and training programs and mobile application development. ExpandWith is in touch with industry leaders across business sectors, clients benefit from its extensive knowledge of market-tested solutions.

More information about ExpandWith is available on its website.

Cologix, Inc. is a network neutral interconnection and colocation company headquartered in Denver, Colorado. It provides massively scalable interconnection services and secure, reliable colocation services in densely connected, strategically located data centers.

 Its collocation network service with carrier neutrality offers customers optimal position to grow their networks and businesses at the lowest cost, which is why the Cologix platform includes a secure, managed meet-me-room environment in each of its markets. The meet-me-room environment enables colocation network customers to connect to a dense selection of carriers, ISPs and networks.

 With more than 300 network choices and 11 prime interconnection data centers around the country, including one in Dallas, Cologix currently serves more than 550 carrier, media, financial services and enterprise customers. The company’s experienced team of communications infrastructure professionals is committed to providing its customers the highest-standard of local customer support. 

For more information, visit the Cologix website.

Net.Orange provides healthcare informatics solutions that address population health and help healthcare organizations implement a patient-centric virtually integrated care delivery model. The company's patented clinical operating system (cOS™) leverages existing legacy systems, such as electronic medical records (EMR), health information exchanges (HIE) and claims, in real-time, to allow hospitals, physician practices, employers and payers to work together and thrive in a value-driven accountable healthcare environment, regardless of the payment model.

 cOS-powered applications provide predictive analytics and care coordination workflows for all stakeholders in the care continuum, including physicians and their staff, hospital administrators, community care providers, disease and wellness management coaches, health plan administrators, patients and their caregivers. Immediate benefits include reduced readmissions and a significantly enhanced visibility into real-time constraints, such as personnel and facilities, and to the success/risk factors for profitably participating in value-based purchasing and bundled payment (ACO) models.

More information is available at ndorange.com.

Trends in public and private Cloud offerings

Abstract:  This article is a specific look at the major changes and shifts occurring in the IT industry and how they are being reflected in the way technology vendors are going to market with their Cloud offerings.

Very few B2B industries embrace major thematic shift as broadly and dramatically as the technology industry.  In the last couple of years, Cloud computing has permeated its way into the lexicon of every new offering or solution that vendors are bringing to market. Beyond naming conventions, some significant trends have emerged in how the major industry players are going to market with their cloud offerings and are worth some inspection as customers look to explore, enter or expand their own cloud computing experience.

Public cloud offerings have generally been grouped into three well known types:
Infrastructure-as-a-Service (IaaS):  compute, networking and storage infrastructure in a pay-per-use model, made popular by their well-advertised pennies per hour pricing. Early IaaS offerings were typically characterized by their minimalist approach to support and SLA’s. This is rapidly being addressed as an increasing number of players enter the IaaS segment, forcing vendors to differentiate themselves by offering more traditional outsourcing types of services and service levels.

On the downside, this has resulted in an increase of more traditional outsourcing contract models being applied in the form of consumption minimums, annualized contracts or extensive base fees that detract from the pure consumption based models that make public clouds so appealing. Finally, IaaS has been traditionally dominated by x86 platforms, but new cloud services based on traditional unix and mainframe technologies are forthcoming.  

Platform-as-a-Service (PaaS): application environments, development tools and middleware available as subscription offerings on IaaS platforms.  This area is experiencing significant growth as ISV’s aggressively expand their comfort level with shifting their software licensing models to support usage consumption versus traditional user-based or token based pricing.

With software compliance an increasingly expensive and complex risk for customers, and more firms using global resources to address application development needs, PaaS should become more appealing. However, this will place even more pressure on IT organizations to have strong governance models to ensure that rogue IT consumers don't increase the level of exposure that firms have to the aforementioned compliance concerns.

As the trend towards pushing the line of abstraction (where users no longer need to care about what’s under the covers) upward continues, PaaS will continue to be more and more relevant and is worthy of some focus by customers exploring how to leverage the cloud to their benefit.

Software-as-a-Service: business applications being delivered as cloud services with a variety of consumption models that aren’t always usage based. Initially, SaaS focused on industry agnostic or less differentiated solutions such as email, billing and CRM. However, as this has also become a high growth area within the realm of cloud offerings, these services often misrepresent how little they differ from traditional hosted solutions.

While the majority will offer browser-based access to applications, the underlying infrastructure and contract vehicles are still heavily grounded in traditional hosting models. This results in financial offerings to customers that still lack the flexibility and economic efficiencies that their cloud moniker implies, especially when vendors use pricing models that are not reflective of actual consumption. Customers will also need to be vigilant to ensure they are not compromising their corporate standards for security and compliance, as vendors look to manage costs by leveraging massive multi-tenant environments.

Private cloud solutions have also undergone some significant re-structuring as vendors look to simplify offerings for customers, resulting in three types of go-to-market approaches:

Single Stacks: offerings that combine the required infrastructure (compute, storage & networking) and software (products that provide the necessary automation, orchestration & management) with nominal services to deliver ‘cloud in a box’.  Typically, this offering is the bastion of the larger IT vendors who have been systemically filling the gaps in their hardware and software portfolios with well-publicized acquisitions. This approach plays on traditional themes around global presence, strength of brand and single vendor accountability, which will resonate in the executive suite. 

Customers must be conscious of the exposure to potential rip and replace scenarios for both existing hardware and IT service management software tools, significant integration and process consulting work for the extensive software stacks and the long-term impact of a broad IT lock-in with a single vendor. Interestingly, this was the initial starting point for many of private cloud offerings from larger players and during 2011 we’ve seen a movement softening a rigid all-in-one solution approach.

Reference Architectures:  a market approach that takes successful solution designs that leverage components from multiple vendors and bundles them with some additional pre-sales and post-sales support. This model has created a significant number of alliances and cross-alliances from traditional and nontraditional players. We’ve seen component-specific vendors partner together and more interestingly, we’ve seen open-source vendors partner with traditional IT vendors. 

Typically this approach is seen as beneficial as it provides validation that different components can work together for certain use cases. It also allows the most flexibility and customization for customers as no governance is required in either its configuration models or in the offerings themselves. The risk for customers is that the designs are static, which limits the applicability while evaluating different system sizes or how to support mixed workloads. Customers also have to be watchful as flexibility and customization will likely push them even further away from the original validated solution design.  

When customers finalize configurations, they will still need to execute the traditional order, build, test and deploy, which can be time consuming. Finally, they should be conscious that additional support is often delivered through alliances, which can still put them on the hook for integrating problem resolution and support.  There has been significant activity as vendors scrambled to have a cloud story, and this should continue as barriers to entry for this approach are not challenging.

Converged Infrastructure (CI): a tightly defined set of compute, storage, networking and virtualization technologies that are pre-engineered and pre-integrated into a single infrastructure platform as the foundation for cloud computing. Admittedly, this approach can see significant variance depending on the vendor, but as mentioned previously, there is a trend toward raising the level of abstraction within IT and Converged Infrastructures provide this for customers looking to mitigate the complexity, risk and time that managing today’s complex IT environments require. 

By leveraging CI’s standardized configurations approach, customers can mitigate their risk around design, configuration, sizing, testing and validation of the infrastructure platform. This same premise also means that the time required for deployment and integration should be greatly reduced. Customers should also benefit from a reduced total cost of ownership (TCO) and enhanced support experience as their CI vendor has ownership for providing support that encompasses the entire solution, mitigating a significant amount of work previously owned by the client’s own IT organization. 

From a concern standpoint, customers familiar with trying to institute standards in their company will understand the challenges that may arise and that the deployment of Converged Infrastructures may require transformation of existing approaches to skills, processes and culture. Converged Infrastructures may also require customers to refresh broader portions of their infrastructure in a timeframe that differs from the norm. 2011 saw significant movement in this segment as vendors look to capitalize on the market’s adoption of this approach, and it will important for customers to inspect vendor’s offerings carefully to ensure the value proposition of this segment is being adhered to.

These opinions are solely of the writer and not the opinions of the MTBC or VCE.

Andre Wu
Senior Director, Global Cloud Strategy, VCE
andre.wu@vce.com

Cloud-centric assured information sharing
Bhavani Thuraisingham
Director of Cyber Security Research Center at The University of Texas at Dallas

The Cyber Security Research Center at UTD is working to address the needs of the Department of Defense as it works to find a cloud-centric approach to information sharing between government agencies. The group, working with assured information sharing (AIS), is developing technologies and tools for cloud-centric assured information sharing funded by the Air Force Office of Scientific Research (AFOSR).

We initially examined developments in grid and cloud computing and explored security issues. In particular, we explored secure virtualization, secure storage, secure data management and secure cloud monitoring. A secure cloud data manager was developed that will be used as the engine for assured information sharing (AIS).

Two types of cloud data managers were developed, one based on semantic web data and the other based on relational data. Current frameworks do not scale for large resource description framework (RDF) graphs and, as a result, do not address these challenges. Here, we developed a framework using Hadoop to store and retrieve large numbers of RDF triples by exploiting the cloud computing paradigm.

A scheme to store RDF data in a Hadoop Distributed File System was developed. More than one Hadoop job may be needed to answer a query, because a triple pattern in a query cannot take part in more than one join in a Hadoop job. To determine the jobs, we developed algorithms to generate a near optimal query plan based on a greedy approach to answer a SPARQL Protocol and RDF Query Language (SPARQL) query.

Hadoop’s MapReduce framework answers the queries. XACML-based policy management was implemented and integrated with query processing strategies. The HIVE framework was used for secure query processing for relational data. In addition to secure query processing, encrypted query processing was also developed on the Amazon cloud that interfaced to the Intelligence Community’s BlackBook system.

More recently we have developed strategies for secure storage and query processing in a hybrid cloud. In particular, algorithms for query processing have been developed where users’ local computing capability is exploited alongside public cloud services to deliver an efficient and secure data management solution.

Hybrid clouds offer numerous advantages including the ability to restrict data and processing being outsourced based its sensitivity or confidentiality, as well as controlling expenses by exploiting local resources. Nonetheless, query processing in hybrid cloud introduces new challenges:
1) data design: How to partition relations between public and private components of the cloud? The solution must account for the sensitivity of attributes in a relation as well as the workload that will be executed;
2) data security: How to represent encrypted (sensitive) data that enables non-trivial query processing on the public cloud? and
3) query processing: How to execute queries over the distributed data with mixed representation (i.e., encrypted and plaintext) while minimizing processing and communication costs?

We have also made progress on a number of research areas related to the cloud.
1.    SPARQL/JENA-based inference controller for provenance data. This inference controller is being implemented on our Hadoop Cloud;
2.    Cloud-based malware detection for evolving data streams with a scalable feature selection and extraction solution that leverages a cloud computing framework; and
3.    CloudMask: developed with Purdue University, this approach supports fine-grained attribute-based access control based on encryption while assuring privacy of the identity attributes of the users accessing the data.
4.    Future plans include secure virtualization using the XEN hypervisor to host cloud data managers and demonstrate assured information sharing.

Dr. Bhavani Thuraisingham (aka Dr. Bhavani) is a Distinguished Professor in the Erik Jonsson School of Engineering and Computer Science at The University of Texas at Dallas (UTD) and Director of the Cyber Security Research Center. She is one of the leading experts in data security and data mining. Thuraisingham works behind the scenes of our ever-increasing digital world to protect the billions of pieces of personal data floating around.

Her work has resulted in more than 100 journal articles, 200 refereed conference papers and workshops, and five US patents (two pending). She is the author of eleven books in data management, data mining and data security including one on data mining for counter-terrorism and another on database and applications security. She has given more than 90 keynote presentations at various technical conferences including at the White House Office of Science and Technology Policy and at the United Nations on Data Mining for counter-terrorism.

SOC 2 Report: Cloud Service Providers Can Offer Greater Assurance
By Brian J. Thomas, CISA, CISSP

Cloud service providers (CSP) should consider adopting the recently introduced Service Organization Controls 2 (SOC 2) report for providing greater assurance to their customers.

The SOC 2 report is one of three SOC reports offered by the American Institute of Certified Public Accountants (AICPA). The AICPA developed those reports to complement its 2011 replacement of SAS 70 with a new reporting standard, Statement of Standards for Attestation Engagements No. 16 (SSAE 16).

Like SAS 70, SSAE 16’s focus remains strictly on internal controls over financial reporting. The SOC reports, though, provide more appropriate options for examining the compliance and operational aspects of a service organization’s internal controls, particularly controls related to information technology and cloud service providers.

A SOC 1 engagement is based on SSAE 16. That report is most valuable to cloud customers who used the CSP’s SAS 70 in fulfilling Sarbanes-Oxley requirements (i.e. internal controls over financial reporting).

The SOC 2 and SOC 3 reports are based on the AICPA’s trust services principles of security, availability, processing integrity, confidentiality, and privacy.

The SOC 2 report addresses one or more of the trust services principles as it pertains to the CSP’s internal controls over the services provided to customers. For example, a CSP could receive an SOC 2 report focused on just security OR security and availability.

The SOC 3 report is more of a general-use report that is beneficial for marketing purposes and only includes the auditor’s opinion about whether the system achieved the trust services criteria (not the supporting detail). Although helpful from a marketing perspective, SOC 3 reports are less useful in fulfilling customers’ audit requirements.

Examples

For a CSP, the SOC 2 report directly addresses vital concerns facing its customers. A health care provider, for example, must comply with provisions that require it to safeguard personal health information. The heath care provider needs to know whether the CSP’s internal controls provide sufficient assurance for maintaining the security, privacy and confidentiality of that information.

A hotel chain may depend on a CSP to host its website for accepting customer reservations and inquiries. For that hotel chain, system availability and processing integrity are crucial operational needs.

By adopting SOC 2, CSPs have an opportunity to provide customers greater assurance for such compliance and operational concerns, which should increase the value of the services provided to their customers.

Brian J. Thomas, CISA, CISSP is a partner in Advisory Services for Weaver, ranked the largest independent accounting firm in the Southwest with offices throughout Texas.
brian.thomas@weaverllp.com
713.800.1050.

Delivering Secure Updates to the Cloud
by Rusty Cone, Senior Vice President of Sales and Marketing, NEI

Everybody is talking about cloud computing and its potential for transforming today’s enterprises. But while the cloud can confer many benefits for IT – among them, greater flexibility, efficiency, scalability, and cost savings -- some issues, particularly in the area of support and maintenance, need to be considered before moving to the cloud.

What is the Cloud?
Cloud computing is essentially the delivery of IT computing as a utility service (similar to the electricity grid) by which resources, software, and information are provided over a shared network. With the ability to deliver greater flexibility, efficiency and scalability, cloud computing is transforming the way enterprise software is developed, deployed and maintained. As a result, it has become a rapidly growing technology area, due in large part to the potential savings in fixed operational costs and capital expenditures that cloud computing offers.  

While clouds can be private or public, they are further differentiated at the service level:

Infrastructure-as-a-Service (IaaS) provides a bare virtual machine for the enterprise to configure in the cloud. The user is responsible for providing the operating systems (OS) and all applications that will run on it.

Platform-as-a-Service (PaaS) is the next step up. As the name implies, it provides a virtual platform which will often consist of the configured OS and required applications.
 
Software-as-a-Service (SaaS) provides a service to the end user instead of a virtual server or platform (e.g. Gmail or Salesforce.com). The end users simply consume a service.

The Need for Automated Updating
Whether moving to a public or private cloud, companies must have a comprehensive strategy for deploying validated updates for both the OS and applications. Managing software patches and updates is critical to maintaining cloud performance and compute efficiency. Cloud instances can proliferate much faster than physical deployments, causing small support issues to balloon quickly.

With a growing number of non-IT professionals deploying cloud services for their departments or workgroups, simplicity of updates is critical. Deploying application updates and OS patches manually is extremely labor-intensive, and cloud platform managers will need a secure and automated method for the distribution of authorized updates.   

Furthermore, updating operating systems can be difficult and often disruptive for end-users, a challenge for OEMs trying to automate the application lifecycle management process. An automated method that allows OEMs and ISVs to provide updates and maintenance of applications in the cloud without requiring IT managers to execute them manually provides many benefits to application technology providers, including:

•    Accurate and automated management of application and OS patches
•    Secure delivery and administration of updates with digital fingerprinting technology
•    Reduced support costs
•    Increased uptime and reliability

This type of technology will allow software providers to completely control updates in the cloud, while streamlining administration and integration processes.

Integrating Cloud Solutions Into the IT Toolbox

For today’s IT organizations, it’s essential to keep the IT toolbox tuned up with the latest and greatest tools. Jay Warsaw, senior director, Electronic Business Solutions at Fujitsu, knows that running a smooth IT operation is not about just choosing applications because they’re “in the Cloud.” It’s about evaluating the solution based on the business need. “The key is finding the best solution that meets the business requirements, and evaluating options on a variety of criteria, not just cost,” Jay said.

 “When we begin evaluating a business need, we run down a long list of considerations, exploring options, and doing a lot of up-front due diligence. Do we have well-defined requirements? Do we currently have a solution in-house? Do we have a possible solution with other existing vendors? Are there other solutions available? What are the cost, time, security, and integration considerations? The cloud raises additional important questions, since your data and business processes will be running in someone else’s datacenter.”

Cloud computing isn’t always the go-to answer—the solution is always going to be business-process driven. Although the cloud has numerous advantages, Fujitsu has its own efficient, highly virtualized internal data center environment. Eliminating worries about integration or security issues when moving data in and out of their internal systems can be its own advantage.

“We just had an instance where we chose to bring an externally hosted application in house,” Jay said. “If you plan on using the solution long term and it’s not a true multi-tenant solution but merely a hosted application, it’s sometimes better just to house it internally instead of paying monthly hosting fees and having your IT department develop the in-and-out integration processes necessary to transfer information externally.”

However, during the last five years, Fujitsu has found success with the cloud, as 60 percent of its new significant software implementations have been cloud-based.

For example, the company recently determined that it needed to consolidate and automate the configure-price-quote (CPQ) process, as the current process involved too many separate tools, was very cumbersome and extremely manual with multiple handoffs. Fujitsu sent an RFP to eight candidate providers (without the requirement that they be cloud based) and only three met the selection criteria: two cloud based, one on-premises.

As the evaluation continued, Fujitsu chose to build a proof of concept with each solution. With the cloud, providers could move quickly and set up an environment to begin building test solutions the next day. With the non-cloud based provider, they would have to build multiple physical and virtual servers and have an engineer fly in to do the configuration for a proof of concept.

“We decided to continue with only the cloud-based solutions for our proof of concept. Ultimately we chose our vendor for their ability to meet our complex business requirements, the great implementation support they were able to provide, and the fact that their multi-tenant solution had an existing fully certified integration with the Salesforce.com solution,” Jay said.

Jay’s experience matches the benefits frequently touted by cloud advocates: quick implementation, easier upgrades, backup capabilities, low maintenance, and low up-front costs.

Previous cloud experience, such as that enjoyed by Fujitsu, eases ongoing cloud use and makes internal audiences more comfortable that the right questions have been asked and answered. “With our first major move to the cloud in 2007, corporate security and business leaders were much more wary about the security of information,” Jay said. “Over time, standards and controls have evolved with most service providers acquiring relevant certifications and having their processes regularly audited. We have a better idea of what to ask and look for, so comfort levels have certainly increased.”

“Personally, I feel while more and more processes continue to move out to the cloud, we will continue to manage and maintain some solutions in our datacenter. In the future, I expect the majority of our datacenter will be in the cloud as well,” Jay said.

For more information about the questions Jay’s team had to answer, visit the online article and follow up at www.metroplextbc.org/magazine (QR code)

(online support)
Considerations of Cloud-based solutions:

• Company financial stability

• Data center operations

• Whose data centers and where are they

• Defined processes (change control, backup, etc.)

• Infrastructure and facility standards

• Security

• Physical site access

• Employee background checks

• Firewalls, intrusion detection

• Auditing

• Integration capabilities

• Security and single sign-on

• Flat file transfers and/or real-time integrations

• Agreements

• Service level

• Subscription and termination agreements

Implementation obstacles needed to overcome:

• Possible in any system implementation

• Competing requirements from hardware, software and services business groups

• Availability of subject matter experts for business requirement/process definition and testing

• Specific cloud related challenges

• Integration with other cloud and on-premises systems

• End-user experience and perception of performance

• Overall system performance

Cloud-based solution benefits

• Overall cloud benefits

• Lower upfront costs

• Quick implementation process

• Little or no hardware or maintenance costs

• Easier and more regular upgrades with less resources

• Disaster recovery and backup capabilities

• Specific to our implementation

• Ability to perform proof of concept implementations

• Ability to address system performance issues

It’s Tech Titans season here at the MTBC. That means a full committee of volunteers and staff are now actively planning for the Tech Titans Gala, which will occur Friday, August 24. Tech Titans is very significant for me. I have been on the Tech Titans committee for five years now.  Several years ago I was extremely honored to be selected as the emerging company CEO of the year.  I can claim the title of Tech Titan, and I do it with much honor.

Tech Titans is like no other event hosted by the MTBC. This is not your average banquet that we’re talking about. It’s a black tie gala where many great cutting edge leaders from the North Texas tech industry are recognized for doing something truly great in the technology world – telecommunications, software, bio-med and others. These are people doing truly great things to make our industry better, not just in North Texas, but globally. The gala is truly a night to remember.

Tech Titans is the Academy Awards of the North Texas tech industry. High-tech companies, organizations that implement unique high-tech elements in their business, technologists themselves and even high schools and colleges/universities are recognized each year for their special programs fostering technology advancement.  More than 750 people come out for this affair, which has been completely sold out for the past three years.

The Tech Titans committee is in full swing planning for the multi $100,000 gala. Nominations are being sought.  Judges (secretly) are being briefed.  Multi-media is well into the planning stages.  Advertising, both print and online, is well underway.  The goal of the committee each year is to ensure that the very finest of North Texas are recognized. Categories garner from 15 to 25 nominations each (some smaller). Those nominations are whittled down to the finest three to five finalists in each category.  Those finalists are formally announced and the Tech Titans recipients are announced at the Gala.

I love working on this committee. It is an opportunity for me to give back to the North Texas tech community that has been so good to me for more than 25 years. Being selected as CEO of the Year was over the top. I was so proud for myself, and particularly for the people of my company. They were proud to have our company singled out. Our customers and prospects also were happy to hear of a Tech Titan award. Nothing but good comes of this.

If you are an MTBC member, you too could participate in the planning for this event. Join our committee. There is always something for people to do, and it’s a great way to network.
Nominations are open and being accepted through June 4.  The real success of the Tech Titans program comes for great nominations, and it very easy to nominate (even easier this year). High impact with a high-tech audience. Just go to the Tech Titans website: http://www.techtitans.org.

 As the founder, president and chief executive officer of GlobeRanger Corporation, George Brody is responsible for leading the company during its current growth phase including its overall strategy, growth and advancement in various markets and geographies. GlobeRanger is the leading provider of RFID and sensor network-based software solutions to government and commercial markets worldwide.

Prior to co-founding GlobeRanger in 1999, Brody served as vice president and general manager of Nortel Networks’ Wireless Network Solutions division, where he managed a series of entrepreneurial start-ups including Satellite Network Solutions, Wireless Intelligent Networks and Wireless New Business Ventures, a business incubator. During his tenure at Nortel as vice president of wireless technology, Brody was responsible for its global wireless product development programs and the management of the Bell Northern Research Labs in Richardson, a world-class research and development organization that employed more than 2,500 professionals.

Brody holds a bachelor’s degree in electrical engineering from the Indian Institute of Science, Bangalore, India. He also earned master’s degrees in electrical engineering and computer science from the University of New Brunswick, Canada.  He is a member of the advisory council for the School of Management at The University of Texas at Dallas and serves on the board of directors of the MTBC, and is also the Chairman of MobME Wireless Pvt Ltd, an exciting Wireless technology venture, based in India.

Brody is a holder of several patents in the area of wireless networks and is a charter member of TiE. His current professional interests lie in the areas of entrepreneurship and the creation of new ventures at the intersection of wireless technology with medical and enterprise applications.

Alt-N Technologies develops affordable and secure messaging and collaboration solutions designed for small-to-medium businesses in more than 90 countries worldwide. The company's flagship solutions, the MDaemon® Messaging Server and the SecurityGateway for Exchange/SMTP servers, include the latest email security technologies and require minimal support and administration to operate and maintain. The company uses a network of global distributors and resellers for the sales and support of its products. In 2009, Alt-N was designated as one of the top 25 small business Best Places to Work by the Dallas Business Journal.

For more information, visit www.altn.com.

Radware is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

For more information, visit www.radware.com.

Developing a Future-Proof Cloud Strategy

IT organizations often speculate about when they will move everything to the cloud.  This discussion presupposes two things.  First, that the cloud will be suitable for all IT needs sometime in the future.   Second, those organizations should make wholesale, not incremental, changes in IT deployments.  The relevant question is, “How can your organization leverage the cloud as part of a mix of IT Infrastructure services to support your unique, but evolving business needs?” Consideration must be given to specific performance, control, security and cost requirements. Enterprises should take a pragmatic approach to cloud adoption –there isn’t a “one size fits all” approach to deploying cloud services.

While the cloud is a powerful solution, it is only one piece of an overall IT Infrastructure strategy. An organization should conduct an audit of IT needs to determine the cloud solution that will help meet business goals.  Even with the advent of the cloud, enterprises will continue to require multiple types of IT Infrastructure services, such as managed hosting and colocation. IT leaders should understand the fundamental differences between the available offerings and determine the right mix of services to meet business needs.

For example, while early-stage businesses may choose to host applications in the cloud, when an organization reaches a certain level of application usage or Web traffic, the economics of managed hosting or colocation might make one of these services a better fit than pure cloud services. Similarly, a business may have specific compliance or performance requirements that require significant portions of the company’s infrastructure reside on dedicated, physical hardware. Would an IT organization put a gigantic enterprise database in the cloud? Maybe not. Would requests for temporary IT resources (testing instances, temporary marketing programs) be satisfied using the cloud? You bet.

A myriad of short- and long-term decisions about an organization’s need for security, control, scalability, performance and support of IT infrastructure must be made when developing a cloud strategy. As you look to future-proof your investments, do the math on the use of clouds as compared to other IT Infrastructure services. Solutions that offer maximum flexibility with private cloud, public cloud and scalable cloud storage services should suit your specific application needs.

Some companies follow a fairly linear path to IT infrastructure outsourcing.  Newly formed companies often start by placing infrastructure in the cloud. As bottlenecks emerge with growth, dedicated infrastructure is often added to the mix when the database needs to achieve higher levels of performance. As IT workloads become more predictable, the economics of colocation become appealing. This path works for some, but many businesses find the evolution is not quite so sequential.  

By mapping growth projections for major applications, investments in cloud solutions can be made wisely, and scaled accordingly – enabling the movement from one platform to another or using hybrid approaches as priorities and business needs evolve. The key to solving the cloud evolution challenge is to find the right mix of services – from colocation and managed hosting to public and private cloud – to support specific application and business requirements; and to realize that the cloud is a means to an end, not the end itself in the overall IT Infrastructure services picture.

Paul Carmody, Senior Vice President Product Management and Business Development, Internap

Internap provides intelligent IT Infrastructure services that enable customers to focus on their core business, improve service levels, and lower the cost of IT operations. Internap’s enterprise IP, CDN, colocation, managed hosting and cloud solutions are differentiated by unparalleled levels of performance, availability and support.  In December, Internap opened the first high-density data center in Dallas that features cutting-edge green design and operational practices to minimize energy consumption, as well as a full range of customer amenities and maximum flexibility and performance for customers. http://www.internap.com.

Using new data storage technology with Cloud achieves sustainability while reducing cost

By Lars Rosene, Chief Sustainability Officer, Hie Electronics

The ever-evolving nature of information systems ultimately poses a considerable environmental risk for our planet. Each year, more than 2 million electronic devices are discarded (according to the Environmental Protection Agency). Electronic landfill waste from data storage devices contributes a significant amount of toxic substances found in soil and water. By consolidating data center operations into a cloud environment, lasting sustainability can be obtained compared to onsite data center operations.

Cloud service providers are beginning to invest heavily in data center infrastructure in order to meet the growing demand of business and individual user communities. “The Smart Report: Enabling the Low Carbon Economy in the Information Age,” released by Global e-Sustainability Initiative, estimates that the environmental footprint for data centers will more than triple between 2002 and 2020, making them the fastest growing contributor to the Information and Communication Technology (ICT) sector’s carbon footprint.  

Hie Electronics has developed a data storage Active Archive™ providing end-users a sustainable solution and can easily be integrated into today’s cloud computing infrastructure. The technology solves the three main issues with current cloud systems: energy consumption, maintenance and capacity. The TeraStack® Solution avoids consuming unnecessary power and considerably increases the lifecycle of data storage, while reducing the total cost of ownership by as much as 70 percent.

Because of its sustainability benefits, Frost & Sullivan awarded Hie Electronics with the 2009 North American Data Storage Technologies Green Excellence Award in Technology Innovation.  

The TeraStack® Solution is an improvement over current technology, which places a large burden on cooling infrastructure. It operates on only 500 watts of power, equivalent to a home refrigerator. In fact, the system allows for a 92 percent energy savings, while comparable solutions require as much as 7,000 watts per hour.

To reduce power consumption and maintenance, the system uses energy passive data storage. Studies have shown that 80 percent of all new digital data is fixed content (or sleeping data). The TeraStack® Solution uses an Active Archive™ architecture that moves fixed content onto lower cost storage tiers.

Blu-ray media is used to store sleeping data, eliminating the need for hard drives to constantly spin, migrate data and consume energy. Blu-ray media is rated for 50 to 100 years of data integrity, a significant improvement over current hard drives and tape backup systems that need to be replaced every four to nine years and eventually end up as electronic landfill waste. In addition, the implementation of passive data storage reduces maintenance costs.

Lars Rosene serves as Chief Sustainability Officer for Hie Electronics. Prior to his current roles, Rosene served as Chief Sustainability Officer for Flowserve Corporation.
www.hie-electronics.com

Mobile Device Security and Infrastructure Management: New Challenges and Solutions are Both in the Cloud

Call Outs:

A product development manager saves important and confidential documents on iCloud and loses their personal iPhone in the Shanghai airport.

The CFO reuses his existing e-mail security partnership to view e-mailed M&A documents on his teenage nephew’s iPad.

An IT manager is given the assignment of deploying, securing and pushing applications to 300 new iPads; in just two weeks!

The proliferation of smart phones and tablets in the work place, along with the advent of cloud-based file hosting services have combined to present IT managers with an array of complex new management and security challenges. IT managers are being asked to support a diverse population of devices with up to five different mobile operating systems, but existing processes and tools often lag behind the many new choices out there. Mobile device users can lose proprietary information, expose the enterprise to potential legal liability and seriously compromise system security. It is for these reasons that instituting a robust mobile device policy and mobile device management (MDM) process are becoming high priorities for many IT leaders.

MDM solutions allow IT managers to secure and manage all mobile devices out of a single console and allow IT to configure and secure mobile devices over the air without needing physical access to the device. In many organizations employees can connect personally owned smart phones and tablets to enterprise e-mail without the knowledge and approval of IT. MDM solutions control this potential source of data leakage by instituting a quarantine process around e-mail that ensures only approved users and devices have access to enterprise information. 

After enrollment, MDM solutions allow administrators to mandate and enforce the use of strong passwords or PINs. Administrators can also lock down certain features to prevent use or changes by users and can blacklist high-risk applications and services like cloud-based file-hosting services. Another useful feature of MDM solutions is their ability to locate lost devices and lock or wipe them. For employee-owned devices, the ability to selectively wipe company information only while leaving pictures and music intact is key to maintaining user satisfaction. More advanced solutions allow administrators to push home-grown or purchased mobile apps to mobile devices and to manage apps over the air.

Some of the most popular MDM solutions are offered in a cloud-based, multi-tenant, software as a service (SaaS) delivery model. The advantages of MDM in the cloud are quick deployment, flexibility and scalability, automatic upgrades to support multiple and rapidly evolving mobile operating systems and lower total cost of ownership. Some cloud-based MDM solutions can even achieve complete integration with the enterprise’s existing messaging infrastructure without installing an appliance in the data center.

Managing mobile devices in the enterprise involves a level of complexity and a pace of change never before encountered in IT. Some of the new mobile device management challenges and security threats IT leaders face have their origins in the cloud. The good news is that some of the most viable MDM solutions offer help in the form of the unique capabilities made possible by their cloud-based, multi-tenant architecture and SaaS delivery model.

About the Author:
Eric Edstrom has been Vice President at ProfitLink Telecom Expense Management since 2003. He holds a B.A. from Bates College and an MBA from Northwestern University’s Kellogg Graduate School of Management.
eedstrom@profitlinktelecom.com
www.profitlinktelecom.com

Enabling Business Models that Work in the Cloud
Gordon Haff, Cloud Evangelist, Red Hat, Inc.

Increased agility. Faster time-to-market. Increased business value. Phrases like these pepper cloud computing marketing literature. Cloud computing concepts are more focused on IT as a business enabler than on simply making IT cost less. But that doesn't mean the need for financial justification is thrown out of the window even if “soft costs” play a bigger role than in other cases.

Metrics that you might use for your analysis include:

Time to deploy a new service (application). One of the main features of cloud delivery models is that users are given self-service access to computing resources. On demand provisioning can dramatically decrease the time needed to kick off a new project or to ramp up work on an existing one. At the same time, self-service takes place under a managed, policy-based framework so the IT department can maintain appropriate control over usage patterns. While  a soft benefit, this speed and agility can be quantified through a combination of productivity measures.

Standard Operating Environments. Research from market researchers Gartner Group shows that an average of 80 percent of mission-critical application service downtime is directly caused by people or process failures. A significant portion can be attributed to change management and configuration management, which the centralization of policy and workflow controls in a cloud computing infrastructure can help reduce. Gartner goes on to note that downtime can tarnish a company's image and reputation. While this can be hard to quantify, downtime can also cause a company to miss out on orders or require overtime to make up for lost productivity—factors that can be more easily modeled in a financial analysis.

Administrator to server ratio. One of the big efficiency differences between a public cloud provider and traditional enterprise IT lies in how many servers (or virtual machines) that an administrator can manage. For traditional enterprise IT, a few dozen servers per admin is a fairly typical number. For a large cloud provider, a ratio of servers per admin into the thousands is not unheard of. Much of the difference can be attributed to the high level of standardization that large cloud providers drive into their operations. While it won't typically be possible for an enterprise to adopt such cookie cutter practices, a private cloud can nonetheless provide a means to develop and deploy a more standardized catalog of services to users, thereby reducing the amount of one-off work that admins need to perform to keep images updated and patched.

My focus in this article has been on some of the elements that can be quantified to provide business justification for a hybrid or on-premise cloud computing deployment. Organizations would be well advised not only to think of business cases focusing on OPEX and CAPEX reduction but to also attempt to quantify how agile and flexible delivery of IT services via the cloud can increase the organization's ability to deliver on its balanced scorecard.

Gordon Haff - Cloud Evangelist, Red Hat
Gordon Haff is senior cloud strategy marketing and evangelism manager at Red Hat.

Drafting Contracts for the Cloud
By: Robert J. Scott

As more companies adopt cloud computing services, corporate and outside counsel are being asked to review cloud agreements. The unique business, legal and regulatory risks associated with cloud computing arise from the fact that customer data is stored and processed by the cloud vendor. This article highlights these risks and describes recommended methods for risk balancing between the parties.

Business Risks
Data Risk
Data security is a primary concern for parties to cloud computing agreements. Each party endeavors to place data security risk on the other. In our experience the risk is best balanced by putting data security liability on the vendor, then transferring that risk to a professional liability carrier. By structuring the limitations of liability, indemnity and insurance provisions properly, both sides can reduce the risks associated with data security and privacy.

Service Interruption
The next significant business risk is the access and availability of the service and the impact to the business if the service is unavailable for any reason. Access and availability commitments are typically contained in a Service Level Agreement (SLA) that is part of many cloud computing contracts. The best SLA’s contain custom service metrics narrowly tailored to the customer’s business requirements.

Many times the cloud solution may be comprised of two or more third-party platforms, so customers should ensure that the SLA addresses subcontractor liability for third party service failures. Also, the SLA should define service failure remedies and action plans for resolution of service interruptions.

Termination of the Agreement
Because the data is controlled by the cloud vendor, cloud computing agreements should contain an effect of termination clause that sets out a process for returning customer-owned data to the customer post-engagement. It should also specify the circumstances under which the provider can withhold services or preclude the customer for accessing the service.

Legal Risks
Intellectual Property Ownership
In cloud contracts, data provided by the customer is generally understood to be owned by the customer. It is not necessarily obvious, however, who owns intellectual property that is not customer data. For instance, it is common for a vendor to customize its service offering to meet a customer requirement. The agreement should specify whether additional code written by the vendor to customize its solution for a customer is the property of the vendor or considered a “work for hire” owned by the customer. If the vendor will own the customizations, the customer may ask for exclusivity over the customizations throughout the term of the agreement.

Litigation and Discovery
The customer must have access to its data in the event of litigation. Cloud agreements should define policies for data retention and procedures for discovery production that provide the customer with significant control. In addition, data retention in the cloud should match the customer’s internal retention policies.

Regulatory Issues
Compliance with industry and regulatory requirements is one of the most vexing issues facing a customer contemplating cloud services. From HIPAA/HITECH to PCI, FTC Red Flags Rules to state security and privacy statutes, many companies are required to comply with one or more data privacy and security regulations. In many cases, the cloud vendor is subject to the same data security regulatory requirements as its customers.

Whether and to what extent a vendor or customer is a covered entity under privacy and data security regulation is something both parties must evaluate separately. Much to the chagrin of cloud vendors, attempts to specifically reject responsibility for compliance with applicable regulatory requirements are prohibited by some of the more recent privacy and security statutes. Where a regulation is particularly important to the customer or vendor, contract language should track the applicable statutory language. In other cases, a provision requiring both parties to comply with applicable laws and regulations related to the services may be sufficient.

Conclusion
The two important steps to take before entering into any cloud computing agreement is to identify the risks described above to determine your client’s comfort level with respect to each and begin the discussion of risk balancing early in the negotiation. Lengthy, unsuccessful negotiations can be avoided if each side is clear as to their “deal-breakers” with respect to these risks upfront.

About the Author:
Rob Scott, the managing partner of Scott & Scott, LLP, handles intellectual property and technology matters. He represents services providers and end-users in technology transactions including cloud services contracts. He can be reached at rjscott@scottandscottllp.com or 214.999.0080.

Command and Control: The Importance of the Network in Cloud Strategy

By Tony Hurtado, VP Global Marketing, Masergy

As cloud adoption continues to proliferate within the enterprise environment, it is clear there is no one-size-fits-all model to deliver dynamic mission-critical applications businesses crave. A variety of approaches to executing a cloud strategy exist based on the unique needs of organizations.  

However, even the most ambitious and innovative cloud strategies rely on one simple element – network quality. Without a sound, reliable network, business applications can’t deliver the performance necessary to fulfill objectives.


Here are some of the cloud options:

• Public cloud
  The public cloud is familiar to most businesses, where applications, information and computing power are accessed via the Internet.

• Private cloud
  Private cloud solutions typically involve businesses purchasing, configuring and maintaining servers within company-owned facilities.

• Virtual private cloud
  Virtual private clouds involve connecting businesses to a public cloud provider through a secure, quality of service (QoS)-enabled network that is inaccessible to outside parties, eliminating most concerns associated with traditional public clouds.

•  Hybrid
   Hybrid cloud options are where service providers incorporate private, public and virtual private cloud components to correspond with evolving needs and business
   processes.

The Power of Visibility and Control

Regardless of the cloud strategy adopted, the ability to analyze network performance and react in real-time is essential for success. Real-time network visibility and on-demand configuration allow businesses to leverage the cloud’s agility and flexibility with in-depth network troubleshooting and real-time adjustments to traffic prioritization and bandwidth.

The ability to adjust network configurations and increase bandwidth requirements on-demand is a powerful component of enabling cloud-based services as it allows companies to scale resources to meet the fluctuating requirements of the enterprise. For example, a static Internet connection to a cloud provider might meet a business’ needs initially, but, as more applications are delivered via the cloud, bandwidth congestion becomes a problem and application performance suffers.

An elastic bandwidth model allows the network to accommodate a variety of services from a cloud provider that complements evolving business priorities. This capability empowers organizations to manage their network traffic; without it, mission critical applications could be compromised by insufficient bandwidth.

A customized network solution may be deployed to meet specific requirements, taking full advantage of public, private and virtual private clouds as needed. Overwhelmed IT departments can better manage and disseminate critical business information around the world without incurring exorbitant operating and capital expenses. Transitioning to the cloud on a quality network offers tremendous advantages, including cost efficiencies.

Tony Hurtado is VP Global Marketing for Masergy, a provider of managed, secure virtualized network services to enterprises with complex data needs across multiple locations www.masergy.com.