business value & ICT - Telecommunications - Green IT - Orange Business Live blog

The Yankee Group recently held an interesting webinar on cloud computing that looked at how the widely talked about technology will fare in 2010. It got together analyst Agatha Poon with cloud computing experts from Microsoft, Sybase and Arista to talk about a number of issues, including:

Virtual Community Networks were one of the emerging trends at last year's Orange Business Live. Where it was once enough to sell to customers based on a perception of value that was product-centric and delivered to undifferentiated customers, businesses now need to get closer to those customers by collaborating directly with the supply chain to deliver the single customer experience.

Ubiquitous connectivity makes it possible to be continuously linked to the supply chain so that real-time collaboration is possible that streamlines business processes and also affords cost efficiencies. This development has been speeded along by social networking, although social networks are commonly constructed on the public Internet where users know and accept the security and privacy risks.

Secure the borders and forecast demand

In the enterprise, security must be harmonized between partners and suppliers so that information that would normally only be accessible by internal staff is made available safely to third parties. All devices on the network must comply with corporate security policies if the security perimeter is to be extended to include trusted third parties.

Once this is achieved, the business can shorten time-to-market, reduce inventories and the costs associated with maintaining them, and minimize order fulfillment cycle times. This is achieved by joint planning and collaboration between the company and its suppliers where demand forecasting, information sharing and coordinated shipping are optimized to result in increased availability to the customer, while reducing inventory, transportation and logistics costs.

One of the biggest developments in recent months has been building the flexibility into the supply chain to allow customers to personalize a product the way they want it before it is delivered. And that depends in no small part on instant contact between the supply chain and the enterprise. Without the speed to react to dynamic changes in the market and keep up with these personalized customer demands, so the logic runs, businesses are lost.

As anyone attending last year's Orange Business Live event will remember, M2M is growing into quite a phenomenon. Ten years ago, it was a smart concept with few deployments behind it. These days, businesses across many vertical sectors are using it to lower production costs, optimize the supply chain, lower energy consumption and increase operational efficiency. How many M2M devices are we talking about? Globally, about 412 million within four years according to the latest figures. There's an interesting overview of embedded M2M as the pervasive Internet in this M2M trends podcast.

About 1.5% of cellular network connections worldwide are used for M2M applications, showing that there's a great deal of headroom in the network for more. Utility metering is expected to become the most widespread application, offering lowered operational costs to utilities and more control over energy consumption to consumers. We looked at the main issues surrounding smart metering in this blog. But, hard on its heels will be the maturing of healthcare remote patient monitoring solutions, intelligent transport systems, manufacturing monitoring and security applications such as vehicle tracking and CCTV. We have written about telematics in this blog and recorded this podcast with Romain Jourdan, an Orange expert in in-car telematics.

Since the start of 2010, one of the hot topics in the IT press has been cloud computing in the government sector. The need to control costs while maintaining high levels of service has led authorities the world over to re-assess their IT needs, and it appears that the flexibility offered by cloud computing has become flavour of the month.

In the UK, the Government's Chief Information Officer, John Suffolk, recently iterated his feelings on the topic, endorsing a hybrid model where a private government cloud (or clouds) co-exists with public cloud services, which can in some cases deliver better numbers due to the sharing of costs across a wide user base -- one of the big benefits touted for the cloud. Suffolk's argument is straightforward: "if it delivers good citizen outcomes at a price you can afford then use the public cloud" but -- crucially -- Suffolk also believes that personal data should not be stored in the cloud.

This highlights one of the primary concerns about cloud adoption, which is data security. The amount of sensitive and private information collected by the government is enormous, including healthcare details and financial information, and security problems can be extremely embarrassing. Problems related to security in government IT were discussed here.

As part of our Autumn video tour of the US, we also recorded a number of podcasts. This is the first of them: a chat with Current Analysis analyst Amy Larsen DeCarlo that we had in Virginia. Amy speaks about where cloud computing is going, what sort of applications and services are suited to this approach, and how much attention enterprises should be paying to this new approach to computing.

Orange-innovation.tv introduces the Give&Get Channel, the first innovation speed dating channel. Give&Get is a virtual marketplace where starts-upers, innovators of any kind can exchange their High Tech Skills.

You can watch Give&Get videos if you are looking for high-tech skills in an open innovation perspective to speed up your project and enlarge your scope with people coming from all around the world. You can send your own Give&Get video, moreover each month, a selection committee select the most interesting Give&Get video. The winner will benefit of VIP contact that will help him to reach his goal.

Now, you can learn more about the Give&Get channel watching this video of Martin Duval

IP telephony places voice squarely in the data world, with phone calls becoming another service on the LAN and global Internet. While the convergence of voice and data opens the way to powerful network and cost efficiencies, it also means that IT managers need to be prepared for added security threats.

IP telephony services based on VoIP chop up voice into data packets, routing them through the IP cloud and then re-assembling the data stream as a coherent, interactive conversation at the other end. As a growing number of organizations have chosen to handle their voice calls this way for cost reduction or increased functionality reasons, there are also a rising number of security threats as voice services are exposed to the same security weaknesses as the IT network.
 
The reason these threats are sometimes tougher to tackle is two-fold. Firstly, voice is viewed as one of the most business-critical services - a 'go-to' when email, instant messaging or video conferencing fail. Secondly, little focus has been placed on the ways that voice is exposed to security threats in the data domain, since voice has historically been transported over the PSTN and therefore not subject to many security weaknesses beyond physical outages.

Security weak spots
The main areas of weakness throughout the data and voice network are in the LAN and WAN network themselves, and session controllers, applications and end points attached to the network such as mobile phones, VoIP handsets, PCs and laptops.

The network is subject to security weaknesses in two discrete segments: the WAN and the LAN. The security of the WAN is usually the domain of the service provider or ISP that provides the access gateway to the Internet and helps erect other services such as VPNs and extranets. Although the WAN itself is less likely to be the target of attack, its role in facilitating access to the enterprise LAN is undeniable. The LAN can be subject to external threats or in some cases, attack from within the organization either by disgruntled employees or through innocent means such as downloading a virus through an email attachment.

 Specific network elements such as wireless access points, session controllers and the centralized software servers that allocate network and application resources for IP telephony calls, can also be the target of attacks.
 
Applications can be subject to threats or can act as hosts for attacks that distribute themselves to other applications, endpoints or network elements. Similarly, end points which are attached to the network, applications or are reliant on session controllers are also weak points.

Six main security threats
There are six main threat types to the enterprise network:
1.    Viruses
2.    Distributed Denial of Service (DDoS)
3.    Spam
4.    Toll fraud
5.    Eavesdropping
6.    Protocol threats

Six prescriptions for treatment
1. Viruses consume IT resources and can take the form of emails soliciting quick fixes for issues that don't exist, extraneous attachments, applications that use the email address book as a launch pad for further attacks or spyware. Commercial anti-virus applications at the desktop perform background checks on processes and files and eradicate or quarantine infections. Enterprise strength Intrusion Prevention Systems (IPS) can block common virus attacks that exploit IP telephony protocols such as H.323 and Session Initiation Protocol (SIP) by detecting typical attack signatures and traffic patterns. An inoculation program to download and append all current security patches can avoid common threats.
 
2. Viruses can sometimes be the launch pad for DDoS attacks, which typically flood servers and system resources with spurious requests for service, overwhelming the network and bringing it to a halt. These attacks can be tough to isolate because they use a fraction of the processing power from a high number of distributed computing resources to trigger an attack. Typical attacks include connection requests from bogus IP addresses or the flooding of routers with malformed data packets. The best response is to establish buffer limits on the processing of such packets or resource requests. Creating Virtual LAN (VLAN) services to effectively segregate IP telephony traffic in its own tunnel across the LAN can also save it from attacks, as can a series of failovers that keep sessions running when certain session controllers are disabled.

3. Spam can be limited by black listing known spam offenders. Often, junk emails sent to in-boxes which are linked to the IP telephony system as text-to-voice or voicemail provide a frustration to users who are desperate to check valid messages buried under specious spam. Enterprise email servers can combat this issue through the deployment of anti-spam applications and users can do their bit by hand-selecting email they believe to be spam and filtering it out.
 
4. By contrast, toll fraud is more of a threat to the bottom line than it is to the technical health of the network. International minutes can be stolen through a number of approaches including social engineering, voicemail box or PBX hacking. Receptionists or auto-attendants can be trained not to transfer calls externally to expensive outside lines to avoid social engineering, while the threat of hacking can be diminished by careful voicemail box password selection or monitoring remote access attempts to PBX maintenance ports.

5. Eavesdropping is theoretically possible but difficult to accomplish in the data world. Although would-be hackers could eavesdrop on an IP telephony call by reassembling the data packet stream, it's difficult to establish which packets are not just regular LAN traffic. But, there is a weak spot - the session control layer - because it knows which end devices are communicating with others. Encryption is one answer, although it can be expensive. More common is the practice of establishing VLANs, and limiting IP telephony to its own VLAN.

6. IP telephony and VoIP protocols such as Session Initiation Protocol (SIP) and H.323 were originally developed to be open, so that developers could build new services using them. However, this openness allows for protocol-based attacks to be created, such as taking control of call sessions or initiating bogus multi-party calls. This threat can be minimized by using a proxy server to apply strong authentication that stops malicious third parties from assuming control, and by deploying IPSec.