My dad just got new hearing aids. They are very cool with the ability to change the sensitivity based on the situation. For example, in a restaurant there is one setting that will cut out low and high frequency noise and amplify the frequency range associated with human voice. There is another setting for a quiet room where all frequencies are amplified with equal volume. There are a few other settings and of course there’s the setting associated with not listening to me

Two of my favorite movies are Crimson Tide and The Hunt for Red October. OK, so I’ve just aged myself…. But, I’m intrigued by sonar and how it’s used. There is the active sonar that sends out pings that generate that classic submarine sound: PINGggggggg! In IT terms, this is just like using Nessus to actively scan a FW, looking for open ports and possible vulnerabilities: ping!

Why does good IT planning not translate into good IT execution as often as we’d like?

When is the last time you heard someone in IT say triumphantly “Everything went according to plan!”. Not often… IT is one of those fields (like medicine and meteorology) that combines immense complexity with non-deterministic systems. In IT’s case, the non-deterministic part is human behavior, both users’ and administrators’.

The challenge for rules-based systems is that humans inject so much variability that determinism itself is suspect. In fact, one can argue that determinism is inversely related to the level of human involvement: the more we muck with things, the less deterministic the outcomes.

When I was a graduate student in the history of science, one of my favorite books was about the development and deployment of numerically controlled (NC) machine tools. What stands out in memory after all these years is that NC machine tools did not develop "naturally" -- they were not brought to market by companies as a result of organic development in the space.

Recently, my wife and I traveled from Virginia to Arizona in a winter migration to get away from the snow, cold and dampness of the DC area. Each night we’d camp in RV parks and for some strange reason the only show on TV was some variant of CSI. Well, it was either CSI or the local bible channel and being the sinners that we are, we always opted for CSI.

Last week Cisco confirmed that a flaw in its VOIP system could potentially allow attackers to remotely activate a desktop telephone microphone, allowing an attacker to listen in to conversations in the area of the location of the phone.

Alfresco previewed its upcoming version 2.9 of its open-source content management platform. Alfresco continues to build out third party integration capabilities, including the ability to integrate with Adobe's "Flex-2-Web" framework, as well as iGoogle.

Microsoft recently unveiled a developer portal focused on building support for its unified communications platforms including "Office Communications Server 2007". A common theme among vendors in the UC space is developing horizontal and vertical applications that can leverage UC capabilities such as integrated communications, presence, and role-based routing.

Cisco’s acquisition of Navini Networks expands its portfolio of WiMAX offerings and allows it to extend WiMAX from a fixed back haul solution into the wireless mobility environment. It also provides a significant boost for the wide spread rollout of mobile WiMAX service offerings in 2008 by major carriers such as Sprint.

While, this acquisition, in itself, does not ensure wide WiMAX acceptance, it nonetheless means that mobile WiMAX will now be a viable option for Cisco customers where such services are available. It also means that Sprint, who has made significant investments in preparation for a 2008 rollout of its WiMAX service offering now can anticipate that many business customers will be at least considering WiMAX mobility when they are doing their 2008 budget and technology planning.

Verizon's recent announcement of an expansion of its carrier Ethernet service offerings into Canada and Latin America, coupled with expanded service offerings in Europe demonstrates the growing importance of Ethernet as a WAN service. Forty-five percent of IT executives interviewed for the Nemertes benchmark Building The Successful Virtual Workplace said that their organization was using Ethernet (mostly in the metro area), with another 5 percent either evaluating or planning to deploy in the next two years, with many expressing a desire to deploy more aggressively as service coverage improve.

Skype's outage last week created a whole range of rumours. Was it a DDoS? An attack against a known vulnerability? Some bug?

It seems that the outage was caused as an unanticipated consequence of Microsoft's path Tuesday. As a major patch was rolled out, millions of computers rebooted. As skype is a peer-to-peer network it did not suffer from a single point of failure. But a balancing algorithm that allocates resources on the network suffered a "death by a thousand papercuts". The rebooting machines caused an instability that continued to grow until it exceeded skype network's ability to adjust.

Microsoft recently released its long awaited Office Communications Server 2007 unified communications platform to manufacturing. With this move Microsoft stays on-target for a fall release after completing an extensive beta testing period.

Microsoft continues to position OCS as a tool that will enable enterprises to shift their telephony applications away from costly hardware toward application-based services while improving the ability of individuals and groups to communicate and collaborate.

Meanwhile Microsoft's competitors tout richer feature sets and proven enterprise-class reliability and scalability, a message that so far continues to resonate with enterprises as noted in the Nemertes benchmark , "Building the Successful Virtual Workplace." ITEs interviewed for the benchmark were by and large adopting a "wait-and-see" approach, planning to integrate their Microsoft presence apps with their telephony systems, but not yet ready to commit to replacing IP-PBXs with OCS servers.

There's no doubt many enterprise IT managers will spend next week fielding requests from employees who want to know how to sync their brand-new Apple iPhone with enterprise messaging and calendaring applications. But at this point in time the iPhone is a consumer device. Even with rumors of an impending announcement from Apple regarding support for Exchange ActiveSync, the iPhone lacks enterprise controls for security and management of mobile devices. However, the introduction of the iPhone should serve as a drive for enterprises to develop a mobility strategy that enables proactive, rather than reactive approaches as new devices hit the market.

Enterprise 2.0: Organizational Challenges Remain

Attendees at this week's Enterprise 2.0 conference saw numerous products demonstrating how social computing and unified communications can solve business challenges and improve the ability of virtual companies to collaborate. Still, organizational challenges remain a hindrance.

In Nemertes "Building a Successful Virtual Workplace" benchmark, only 8% of enterprises had created a company-wide collaboration and communications planning function. Most organizations still plan for adoption of tools and services within silos, meaning they are

Preliminary analysis of the data for Nemertes forthcoming Security and Information Protection benchmark shows that approximately 63% of participants want to deploy (or more broadly deploy) technologies that they felt they could not, for security reasons. Of those, half named wireless as the technology in question, and over a quarter named collaborative tools, especially IM.

Regulatory compliance offers security vendors a tremendous opportunity to hitch their sales pitch to something that has a dedicated budget. As a result we see many vendors touting compliance as a feature, even if all they do is provide a report that (possibly, maybe with a bit of massaging) can be used to document compliance.

But while vendors tout their ability to make you compliant they often forget to be compliant themselves! Many regulated industries require that companies use vendors who follow best practices and have proven compliance to certain regulations. A security architect participating in our Security and Information Protection research commented "Our internal requirements say that anybody who delivers services for us has a SAS 70, yet when we speak with a lot of vendors they do not understand what a SAS 70 is or why it is necessary. They don't have those docs or auditing functions in place. It makes it very difficult for us to purchase a product if they do not have those capabilities in place."

While enterprises are interested in the concept of endpoint control and admission, they are not committing budget just yet. IT executives are looking at both aspects of endpoint control: admission/access at L2/L3 and also policy verification and remediation (is the AV up to date etc.).

Some companies are implementing "poor man's NAC" by using RADIUS or ACLs to restrict access to known hosts. Such solutions may provide some control but become quite unmanageable in large networks. Others are using their VPN clients to do some basic policy checks on endpoints.

But the vast majority are still waiting for Cisco, Microsoft and others to agree on standards and provide broadly interoperable and mature solutions.

Walking the show floor at RSA last week, I found the perfect metaphor for the state of enterprise security. With 200+ products on the floor, there’s still no holistic solution to the problem of end-to-end security. (I also found out that wearing new shoes to a trade show is not the best of ideas—my feet were aching before I got past the first couple dozen).

Even worse, most of the products didn't even, strictly speaking, qualify as "products"—more like “features”, because each one only tackles a single aspect of security. Tying them all together becomes a daunting task.

Consider what I, as an IT executive, would need to deploy in my enterprise to secure against all these threats:

Banks may be dropping support for online direct connections from Money and Quicken while scrambling to comply with new banking regulations. If you are a user of these software applications you may find that you lose features either temporarily or permanently.

In October of 2005 the FFIEC (a bank regulator) created a regulatory "guidance" that pushes banks towards stronger authentication. Authentication that is appropriate for the risk level is required for transactions involving large sums of money, transfers out of the account or other transactions which may be the target of hackers. That may mean two-factor or other approaches, but any changes must be made by the end of 2006 (see FAQ)

Backup is a huge challenge for small and medium businesses. Tape drives are expensive and to really safeguard data you have to send it offsite. Add to that the risk of information disclosure and backup becomes a real headache. Online storage seems to be the answer, but how do you trust a third party with your data?

Well... you don't: You give them an encrypted copy that only you can read. Better yet, create multiple encrypted copies and spread them around multiple providers ensuring that you can reconstruct the data from a subset of all the copies. A bit like RAID: A redundant array of inexpensive storage providers (RAISP?). Throw some P2P in the mix and you can also include disk space on millions of home computers (or co-worker laptops) in the storage equivalent of SETI@Home.

The New York Times is reporting on ClearSafe, a startup open-source company developing a distirbuted encrypted P2P storage solution.