Next to NAC (Network Access/Admission Control), DLP (Data Loss/Leakage Protection/Prevention) is the second most abused acronym in IT. You know there is a problem when there isn’t an agreed upon meaning to a simple TLA (Three Letter Acronym). It turns out the source of the confusion is technology. It’s the last thing you need for DLP; not the first.

Over the past few weeks I’ve discussed agility enablers such as virtualization and unified communications (UC). We find both technologies are also seen as green IT enablers: Virtualization reduces data center power/cooling demands through consolidation and UC facilitates virtual workers (reduced travel) through presence, collaboration, Web conferencing and telepresence. So, what about virtualized security and virtual security engineers?

This week I’m switching gears and writing about unified messaging (UM); another agility enabler. Specifically, how UM raises significant e-discovery challenges.

Last week I mentioned the lack of adoption Nemertes sees for virtualization security (VirtSec); despite a rapidly growing list of vendors. The main explanation we hear from companies we work with is, “We don’t monitor inter-server traffic on physical servers, why should we monitor inter-virtual-server traffic?” So, this got me thinking about a case where the opposite is true: Where VirtSec is required to match the existing controls on the physical network.

From an idea mentioned by Doug Gourlay (@dgourlay) at the C-Scape conference:
"How about using netflow information to re-balance servers in a data center"

Routing: Controlling the flow of network traffic to an optimal path between two nodes

Virtual-Routing or Anti-Routing: VMotioning nodes (servers) to optimize the flow of traffic on the network.

As we look ahead to the Shiny New Data Center of the Future (SNDCotF) we have to focus inevitably on the cloud that lies beyond it, and its potential to be the overflow resource pool of anyone experiencing transient load increases (incidental, occasional, one time, or cyclical). Already small companies are able to take advantage of storage and processing power available in the data centers of Amazon, Google, and others. They can scale up quickly, briefly, and dramatically.

But, can they monitor what they do?

I just recently wrote an issue paper on the adventures of dealing with e-discovery and the impact of the amended Federal Rules of Civil Procedure (FRCP). The FRCP defines the rules of engagement for litigants in civil cases and as of last year the rules have been amended to extend the definition of discovery to include any electronically stored information (ESI). Much of ESI discovery is focused on either finding the smoking gun email ("you want to do what with me? To keep my job?") or

Everyone’s going Green. Come-on now, get on the Green Train! Data Centers are going Green. Mobility is now a Green enabler; so is UCC; so is virtualization. It’s fitting that there is so much focus on Green in IT. After all, Mr. Green Jeans himself, Al Gore, has always been a friend to IT; he even invented the Internet ;-). Seriously, all this talk of Green makes me see red.

The dynamic nature of virtualized server pools make troubleshooting quite challenging. The technology that delivers the most benefits for business but causes the most headaches for operation is virtual machine live migration.

Virtual servers can be connected to physical drives, but that severely limits their mobility. So most often, virtual servers run off virtual disks that live in a SAN or file server. And since most operating systems store logs "locally", all the application, OS and logs stay in the virtual disk.

Many new technologies or paradigms, like unified communications, converged networking, service-oriented architectures, and server virtualization, disrupt IT organizations and processes by undercutting the premises on which those organizations or processes were predicated.

In our research on enterprise virtualization use, we have heard many a server admin, data center director, and service engineer complain that as they have virtualized servers, it has gotten harder for people to find things when they need them.

A few months ago, a French trader managed to create one of the biggest trading losses ever recorded. He kept digging a hole with more trades, trying to offset his losses. He managed to hide his trades very skillfully until a bad combination of market trends made his loses too big to hide.

Last month I listened to a briefing from Verizon Business (NYSE:VZ) where Dr. Peter Tippett and A. Bryan Sartin talked about their recent report on data breach analysis. Verizon analyzed over 500 forensic analyses of breaches from the past four years. We all know that 10’s of millions of records containing personally identifiable information (PII) have been breached in the past four years.

"To a person who has only a hammer, every problem looks like a nail." This is the worst-case version of the unitasker's dilemma: when your tool only really does one thing, then you have to look at the world from the perspective that function embodies, and anything that doesn't fit (however badly) you have to ignore.

With all credit to Alton Brown, guru of the kitchen, for the headline, I salute the spirited tradition of reuse in IT.

My dad just got new hearing aids. They are very cool with the ability to change the sensitivity based on the situation. For example, in a restaurant there is one setting that will cut out low and high frequency noise and amplify the frequency range associated with human voice. There is another setting for a quiet room where all frequencies are amplified with equal volume. There are a few other settings and of course there’s the setting associated with not listening to me

Two of my favorite movies are Crimson Tide and The Hunt for Red October. OK, so I’ve just aged myself…. But, I’m intrigued by sonar and how it’s used. There is the active sonar that sends out pings that generate that classic submarine sound: PINGggggggg! In IT terms, this is just like using Nessus to actively scan a FW, looking for open ports and possible vulnerabilities: ping!

Why does good IT planning not translate into good IT execution as often as we’d like?

When is the last time you heard someone in IT say triumphantly “Everything went according to plan!”. Not often… IT is one of those fields (like medicine and meteorology) that combines immense complexity with non-deterministic systems. In IT’s case, the non-deterministic part is human behavior, both users’ and administrators’.

The challenge for rules-based systems is that humans inject so much variability that determinism itself is suspect. In fact, one can argue that determinism is inversely related to the level of human involvement: the more we muck with things, the less deterministic the outcomes.

It's not all about security, it's not all about events, it's not all about compliance. All those things are critically important to IT, of course, but even more fundamental is the task of keeping things running. All those other things depend on this one. System logs reveal a wealth of information about normal (and aberrant) operations, but they don't cover everything.

A typical evolutionary path for event and log management in an organization runs like this: paleolithic admin uses just eyes and brain to review logs, looking for evidence of misbehavior, misconfiguration, and mischance; crafty neolithic admin cleverly adds scripts to the mix and automates as much of the review as possible; later, the tools come from others rather than being made by his or her own

When I was going over the parallels between the numeric-control vs record-playback (NC vs RP) machine tools, there was a significant point of dissimilarity that was glossed over: machine tool inputs are known. The variable there is what you want to make with the material, the genius of the trained master being in how best to get from untouched stock to finished product.

When I was a graduate student in the history of science, one of my favorite books was about the development and deployment of numerically controlled (NC) machine tools. What stands out in memory after all these years is that NC machine tools did not develop "naturally" -- they were not brought to market by companies as a result of organic development in the space.

Recently, my wife and I traveled from Virginia to Arizona in a winter migration to get away from the snow, cold and dampness of the DC area. Each night we’d camp in RV parks and for some strange reason the only show on TV was some variant of CSI. Well, it was either CSI or the local bible channel and being the sinners that we are, we always opted for CSI.

Last week Cisco confirmed that a flaw in its VOIP system could potentially allow attackers to remotely activate a desktop telephone microphone, allowing an attacker to listen in to conversations in the area of the location of the phone.

Alfresco previewed its upcoming version 2.9 of its open-source content management platform. Alfresco continues to build out third party integration capabilities, including the ability to integrate with Adobe's "Flex-2-Web" framework, as well as iGoogle.

Microsoft recently unveiled a developer portal focused on building support for its unified communications platforms including "Office Communications Server 2007". A common theme among vendors in the UC space is developing horizontal and vertical applications that can leverage UC capabilities such as integrated communications, presence, and role-based routing.