3 Ways Enterprise IT Will Change in 2014

The holiday season is a great time to look back at the year, with an eye toward what we in the ever-changing world of information technology can expect in 2014. These three trends warrant your close attention in the new year.

In Light of NSA Revelations, companies Will Be Wary of the Cloud
For most businesses, 2013 was the year of the cloud. Companies that still hosted their email in house would in large part move that expense and aggravation to someone else. Microsoft SharePoint and other knowledge management solutions could be run in someone else's datacenter, using someone else's resources and time to administer, thus freeing your own people to improve other services or, gasp, work directly on enhancing the business.

But then Edward Snowden came around in June and started to release a series of damning leaks about the United States National Security Agency's capability to eavesdrop on communications. At first, most folks weren't terribly alarmed. But as the year wore on, the depth of the NSA's alleged capabilities to tap into communications - both with and without service provider knowledge - started to shake the faith of many CIOs in the risk/benefit tradeoff for moving to cloud services.

For companies in heavily regulated industries, it's hard to ignore the continued discovery of the depths to which the NSA has the capability to read data both in transit and at rest. Patient privacy records, sensitive financial transactions and any other data that must by law be kept private - is it now considered private? Can you warrant that to your customers? Can you warrant that to your regulators? Can you afford the risk that NSA access to your data represents? Is it even something that you can control, or do you just ignore it and hope for the best? (That is said with no judgment; given the realities of your business, that could very well be a valid strategy.)

How-to: 5 Tips to Keep Your Data Secure on the CloudMore: Who Can Pry Into Your Cloud-based Data?
In 2014, we'll see a continued analysis of just what services make sense in the cloud, but some old cherished low-hanging fruit, like email and collaboration, will no longer be considered "easy wins" because of these continuing allegations. Perhaps the cloud will not be the default choice going forward but, rather, a choice made after careful study of the environment, using these PRISM leaks as one important bit of context.

Microsoft's CEO Search Will Define the Future of Their Products in Your Organization
The biggest story of the first part of 2014 will undoubtedly be Microsofts selection for only its third CEO in its history. This job is one of the most important positions in the technology industry; who is selected, and what he or she does in her first 100 days, will set the tone for the next five to 10 years.

Reports as of the Monday morning after Thanksgiving 2013 suggest that the Microsoft board of directors has narrowed its potential selections to two: Satya Nadella, the current chief of servers and tooling at the company, and outsider Alan Mulally, who currently is in charge of the Ford Motor Company and is widely credited for executing a fantastic turnaround of operations, profits, and shareholder return after joining the company from Boeing, a corporate neighbor of Microsoft. ( Mulally denies he's interested in the Microsoft job, only heightening speculation.)

There are two main questions surrounding both the choice of chief executive and the immediate moves he makes in the first part of his tenure.

Will the new CEO continue the remake of Microsoft into a devices and services organization?
Steve Ballmer, the company's current CEO, has tried to convert the software company into an organization that makes a variety of devices, such as tablets and phones, which connect to services that Microsoft runs. This has been done both to make those devices more rich and useful for the end user but also to monetize that usage through enhanced upgrade services, advertising revenue and subscription profits.

Of course, this represents a big switch from Microsoft's traditional "pay us for the right to use this software in perpetuity" practice that propelled the business to its current height. Many investors and customers wonder if this transformation is beneficial to them. Will the new CEO elect to continue this transformation and carry on the vision of Steve Ballmer even after his departure? Or will the new CEO put pause on the progress and take a few months to assess whether that transformation is good for both Microsoft and its customers? The answers will have a big impact on the role Microsoft software and technology plays within your own business.

Will the cloud still be a huge focus of the company?
Will the continued preference of developing for Microsoft' cloud-based services versus its traditional on-premises software erode the trust of corporate customers who still have significant investments in their existing on premises licenses?

Related: Why Microsoft SharePoint Faces a Challenging Future
Nowhere is this tension more evident than in the Exchange community, where Exchange Server 2013 customers feel as if they are a distant second cousin to the Office 365 subscription data center environment. Complaints abound, from poor patch quality to irregular updates to features arriving in Office 365 but not Exchange Server 2013 for some time. These on-premises customers, paying many thousands of dollars for their combined server and client access license fees, feel shafted on their investment. Will this tension bleed over into other areas? Is the Exchange model the new model, warts and all, for the company's cloud focus? This is a trend to watch in 2014.

The Role of the Cloud Broker Will Emerge in 2014
Whatever Microsoft does and whatever the revelations about the NSA's PRISM program mean for your business, the continued push around consumerization will mean more cloud services for your organization, not fewer. PRISM might eliminate email and other line of business data from being considered in a move to the cloud - but other, less sensitive data can still be stored in the cloud. The corporate IT department can take advantage of a number of cloud businesses that are designed to save money and lower the cost of access to data while revealing new insights and workflows that may not have been feasible for your organization before.

Blog: Dirty Secrets of Dropbox, Google Drive and Other Cloud Storage ServicesAlso: How to Find the Cloud Storage Service That's Right for You
In 2014 that the cloud broker or cloud solution provider position will really come into its own and begin bearing fruit. Vendor neutral, pay-for-service cloud brokers will be able to consult on your situation and recommend both a provider and a strategy for making use of that provider's products and services for any given task or workload.

IT departments will be in the drivers' seats, able to really sit down with a knowledgeable set of professionals and figure out exactly what solution and what model works best. The cloud broker role will be best placed to help the furthering of the IT organization's transformation from a cost center to a place where new revenues and profits are generated - an additional trend to watch in 2014.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Microsoft joins group seeking to replace passwords

The FIDO Alliance envisions a system where users can interact with an online service without surrendering personal details

Microsoft has joined the FIDO Alliance, an industry group attempting to craft industry standards that reduce reliance on passwords, long regarded as a weak point in Web security.

Launched in July 2012, FIDO, which stands for Fast IDentity Online, is hoping its specifications for security devices and browser plugins will be widely adopted across the technology industry.

+ Also on Network World: Bitcoin -- 8 Funny Money videos +

Such efforts depend on voluntary adoption by many companies and organizations. So far, those participating in FIDO include heavyweights Google, MasterCard, Lenovo, Infineon, LG Electronics and a variety of smaller companies.

Authentication hardware and software widely varies, with many proprietary clients and protocols. FIDO hopes that standardizing authentication technologies will lead to better interoperability and innovations in biometrics, PINs (personal identification numbers) and secondary authentication technologies, according to its website.

Usernames and passwords underpin most online services but are easy to intercept. Computer security experts have long warned of password weaknesses, such as easy-to-guess ones and people who reuse them across multiple services.

Password replacement technology has a high bar: it needs to be both effective and simple for users.

FIDO envisions a software client that's installed on computers that employ public key cryptography to authenticate users. All major Web browsers will be supported. The initial focus will be on securing access through Web browsers to Web applications. The group also plans authentication options for Android phones soon and eventually for Windows tablets and Apple products.

When FIDO authentication is used, a user will not need to submit their biometric or personal information to an online service.

The FIDO Alliance will eventually submit its protocol to groups dedicated to Web standards, such as the Internet Engineering Task Force or the World Wide Web Consortium.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Juniper EVP Muglia abruptly quits

Leaves networking company shortly after new CEO is named

Bob Muglia, executive vice president of Juniper Networks' software solutions division, has abruptly resigned from the company following the appointment of a new CEO.

Juniper confirmed Muglia’s departure via this e-mailed statement: “We can confirm that Bob Muglia is leaving Juniper Networks effective Tuesday, December 10. We thank Bob for his contributions to Juniper and wish him well in his future endeavors.

“(CEO) Kevin Johnson will step in as Acting GM of the software division through the end of the month. He will then transition the organization over to Shaygan Kheradpir when he starts as our new CEO in January. We will be relentlessly focused on our customers through this transition.”

The move was first reported on Tuesday by the San Francisco Business Times, which did not give a reason for Muglia’s departure, but did outline the compensation package he will receive.

+ MORE ON NETWORK WORLD Juniper finally talks SDNs +

Juniper named Kheradpir, a former Barclays and Verizon information technology executive, as its new CEO a month ago. Kheradpir replaces Johnson, who last summer announced plans to retire once a new CEO was found.

Muglia, who also worked with Johnson while the two were at Microsoft, was mentioned as a possible replacement for Johnson. But after Johnson’s unremarkable five-year tenure at Juniper, many thought it unlikely Juniper would turn to another former Microsoft software executive to assume leadership of the company.

"Muglia, in my opinion, was always a long shot to get the role," said financial analyst, consultant and blogger Nikos Theodosopoulos, a long time Juniper watcher.

Other observers suggested Muglia was comfortable working with Johnson and perhaps did not relish establishing a new relationship with Kheradpir.

Juniper did not say who would assume Muglia’s role heading up the company’s software business. Muglia developed Juniper’s software-defined networking strategy, which relies on a new software licensing model for more of the company’s revenue.

---

Best CCNA Training and CCNA Certification and more Cisco exams log in to Certkingdom.com

Social Engineering: The Basics

What is social engineering? What are the most common and current tactics? A guide on how to stop social engineering.

You've got all the bells and whistles when it comes to network firewalls and your building's security has a state-of-the-art access system. You've invested in the technology. But a social engineering attack could bypass all those defenses.

Say two fire inspectors show up at your office, show their badges and ask for a walkthrough—you're legally required to give them access to do their job. They ask a lot of questions, they take electrical readings at various wall outlets, they examine wiring under desks. Thorough, aren't they? Problem is, in this case they're really security consultants doing a social engineering 'penetration test' and grabbing access cards, installing keystroke loggers, and generally getting away with as much of your business's private information as they can get their hands on. (See How to rob a bank for details from this real-world example.)

Social engineers, or criminals who take advantage of human behavior to pull of a scam, aren't worried about a badge system. They will just walk right in and confidently ask someone to help them get inside. And that firewall? It won't mean much if your users are tricked into clicking on a malicious link they think came from a Facebook friend.

In this article, we outline the common tactics social engineers often use, and give you tips on how to ensure your staff is on guard.

What is social engineering?
Social engineering is essentially the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password.

Famous hacker Kevin Mitnick helped popularize the term 'social engineering' in the '90s, although the idea and many of the techniques have been around as long as there have been scam artists of any sort. (Watch the video to see social-engineering expert Chris Nickerson size up one building's perimeter security)
Through a Social Engineer's Eyes
Social Engineering expert Chris Nickerson reveals what criminals are looking for when it comes vulnerabilities in building security.

How is my company at risk?
Social engineering has proven to be a very successful way for a criminal to "get inside" your organization. In the example given above, once a social engineer has a trusted employee's password, he can simply log in and snoop around for sensitive data. Another try might be to scam someone out of an access card or code in order to physically get inside a facility, whether to access data, steal assets, or even to harm people.

Chris Nickerson, founder of Lares, a Colorado-based security consultancy, conducts 'red team testing' for clients using social engineering techniques to see where a company is vulnerable. Nickerson detailed for CSO how easy it is to get inside a building without question.

In one penetration test, Nickerson used current events, public information available on social network sites, and a $4 Cisco shirt he purchased at a thrift store to prepare for his illegal entry. The shirt helped him convince building reception and other employees that he was a Cisco employee on a technical support visit. Once inside, he was able to give his other team members illegal entry as well. He also managed to drop several malware-laden USBs and hack into the company's network, all within sight of other employees. Read Anatomy of a Hack to follow Nickerson through this exercise.

In What it's like to steal someone's identity professional pen tester Chris Roberts, founder of One World Labs, says he too often meets people who assume they have nothing worth stealing.

"So many people look at themselves or the companies they work for and think, 'Why would somebody want something from me? I don't have any money or anything anyone would want,'?" he said. "While you may not, if I can assume your identity, you can pay my bills. Or I can commit crimes in your name. I always try to get people to understand that no matter who the heck you are, or who you represent, you have a value to a criminal."


Sneaky stuff. Give me some specific examples of what social engineers say or do.
Criminals will often take weeks and months getting to know a place before even coming in the door or making a phone call. Their preparation might include finding a company phone list or org chart and researching employees on social networking sites like LinkedIn or Facebook.

In the case of Roberts, he was asked to conduct a pen test for a client who was a high-net-worth individual to see how easy it would be to steal from him. He used a basic internet search to find an email address for the individual. From there, it snowballed.

Useful Books on Social Engineering!
Social Engineering: The Art of Human Hacking
By Hadnagy and Wilson (Wiley, Dec 2010)
"This book covers, in detail, the world's first framework for social engineering."

No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing
By Johnny Long et al (Syngress 2008)
"Whether breaking into buildings or slipping past industrial-grade firewalls, my goal has always been the same: extract the informational secrets using any means necessary."

"We searched for the e-mail address online were able to find a telephone number because he had posted in a public forum using both," said Roberts. "On this forum, he was looking for concert tickets and had posted his telephone number on there to be contacted about buying tickets from a potential seller."

The phone number turned out to be an office number and Roberts called pretending to be a publicist. From there he was able to obtain a personal cell phone number, a home address, and, eventually, mortage information. The point being from one small bit of information, a social engineering can compile an enitre profile on a target and seem convincing. By the time Roberts was done with his pen test, he knew where the person's kids went to school and even was able to pull a Bluetooth signal from his residence.

Once a social engineer is ready to strike, knowing the right thing to say, knowing whom to ask for, and having confidence are often all it takes for an unauthorized person to gain access to a facility or sensitive data, according to Nickerson.

The goal is always to gain the trust of one or more of your employees. In Mind Games: How Social Engineers Win Your Confidence Brian Bushwood, host of the Internet video series Scam School, describes some of the tricks scam artists use to gain that trust, which can vary depending on the communication medium:

-- On the phone:
A social engineer might call and pretend to be a fellow employee or a trusted outside authority (such as law enforcement or an auditor).

According to Sal Lifrieri, a 20-year veteran of the New York City Police Department who now educates companies on social engineering tactics through an organization called Protective Operations, the criminal tries to make the person feel comfortable with familiarity. They might learn the corporate lingo so the person on the other end thinks they are an insider. Another successful technique involves recording the "hold" music a company uses when callers are left waiting on the phone. See more such tricks in Social Engineering: Eight Common Tactics.

-- In the office:
"Can you hold the door for me? I don't have my key/access card on me." How often have you heard that in your building? While the person asking may not seem suspicious, this is a very common tactic used by social engineers.

In the same exercise where Nickerson used his thrift-shop shirt to get into a building, he had a team member wait outside near the smoking area where employees often went for breaks. Assuming this person was simply a fellow-office-smoking mate, real employees let him in the back door with out question. "A cigarette is a social engineer's best friend," said Nickerson. He also points out other places where social engineers can get in easily in 5 Security Holes at the Office.

This kind of thing goes on all the time, according to Nickerson. The tactic is als o known as tailgating. Many people just don't ask others to prove they have permission to be there. But even in places where badges or other proof is required to roam the halls, fakery is easy, he said.

"I usually use some high-end photography to print up badges to really look like I am supposed to be in that environment. But they often don't even get checked. I've even worn a badge that said right on it 'Kick me out' and I still was not questioned."

-- Online:
Social networking sites have opened a whole new door for social engineering scams, according to Graham Cluley, senior technology consultant with U.K.-based security firm Sophos. One of the latest involves the criminal posing as a Facebook "friend." But one can never be certain the person they are talking to on Facebook is actually the real person, he noted. Criminals are stealing passwords, hacking accounts and posing as friends for financial gain.

One popular tactic used recently involved scammers hacking into Facebook accounts and sending a message on Facebook claiming to be stuck in a foreign city and they say they need money.

"The claim is often that they were robbed while traveling and the person asks the Facebook friend to wire money so everything can be fixed," said Cluley.

"If a person has chosen a bad password, or had it stolen through malware, it is easy for a con to wear that cloak of trustability," he said. "Once you have access to a person's account, you can see who their spouse is, where they went on holiday the last time. It is easy to pretend to be someone you are not."

See 9 Dirty Tricks: Social Engineers Favorite Pick-up Lines for more examples.
Social engineers also take advantage of current events and holidays to lure victims. In Cyber Monday: 3 online shopping scams and 7 Scroogeworthy scams for the holidays security experts warn that social engineers often take advantage of holiday shopping trends by posioning search results and planting bad links in sites. They might also go as far as to set up a fake charity in the hope of gaining some cash from a Christmas donation.

Why do people fall for social engineering techniques?
People are fooled every day by these cons because they haven't been adequately warned about social engineers. As CSO blogger Tom Olzak points out, human behavior is always the weakest link in any security program. And who can blame them? Without the proper education, most people won't recognize a social engineer's tricks because they are often very sophisticated.

Social engineers use a number of psychological tactics on unsuspecting victims. As Bushwood outlines in Mind Games, successful social engineers are confident and in control of the conversation. They simply act like they belong in a facility, even if they should not be, and their confidence and body posture puts others at ease.
This is your brain on social engineering

Brian Brushwood is really good at tricking people. So good he founded a website called "Scam School".
Brushwood understands how social engineers mislead people. Four basic principles:
They project confidence. Instead of sneaking around, they proactively approach people and draw attention to themselves.
They give you something. Even a small favor creates trust and a perception of indebtedness.
They use humor. It's endearing and disarming.
They make a request and offer a reason. Psych 101 research shows people are likely to respond to any reasoned request.


Read the details in Mind games: How social engineers win your confidence
"People running concert security often aren't even looking for badges," said Brushwood. "They are looking for posture. They can always tell who is a fan trying to sneak back and catch a glimpse of the star and who is working the event because they seem like they belong there."

Social engineers will also use humor and compliments in a conversation. They may even give a small gift to a gate-keeping employee, like a receptionist, to curry favor for the future. These are often successful ways to gain a person's trust, said Bushwood, because 'liking' and 'feeling the need to reciprocate' are both fixed-action patterns that humans naturally employ under the right circumstances.

Online, many social engineering scams are taking advantage of both human fear and curiosity. Links that ask "Have you seen this video of you?' are impossible to resist if you aren't aware it is simply a social engineer looking to trap you into clicking on a bad link.

Successful phishing attacks often warn that "Your bank account has been breached! Click here to log in and verify your account." Or "You have not paid for the item you recently won on eBay. Please click here to pay." This ploy plays to a person's concerns about negative impact on their eBay score.

"Since people spend years building eBay feedback score or 'reputation,' people react quickly to this type of email. But, of course, it leads to a phishing site," said Shira Rubinoff, founder of Green Armor Solutions, a security software firm in Hackensack, New Jersey. "Many people use eBay, and users often bid days before a purchase is complete. So, it's not unreasonable for a person to think that he or she has forgotten about a bid they made a week prior."

Recent phishing lures even take advantage of the economic downturn, said Rubinoff. It has not been uncommon for fake emails to turn up that claim to be from human resources which say: 'You have been let go due to a layoff. If you wish to register for severance please register here,' and includes a malicious link.

No one wants to be the person that causes problems in this economy, so any email that appears to be from an employer will likely elicit a response, noted Rubinoff. Lares' Nickerson has also seen cons that use fake employer emails.

"It might say, 'In an effort to cut costs, we are sending W-2 forms electronically this year,'" said Nickerson.

How can I educate my employees to prevent social engineering?
Awareness is the number one defensive measure. Employees should be aware that social engineering exists and also aware of the tactics most commonly used.

For elements of an effective security awareness program, see Seven Practical Ideas for Security Awareness and Now Hear This!.

Fortunately, social engineering awareness lends itself to storytelling. And stories are much easier to understand and much more interesting than explanations of technical flaws. Chris Nickerson's success posing as a technician is an example of a story that gets the message across in an interesting way. Quizzes and attention-grabbing or humorous posters are also effective reminders about not assuming everyone is always who they say they are.

"In my educational sessions, I tell people you always need to be slightly paranoid and anal because you never really know what a person wants out of you," said Lifrieri. The targeting of employees "starts with the receptionist, the guard at the gate who is watching a parking lot. That's why training has to get to the staff."

Social engineering tricks are always evolving, and awareness training has to be kept fresh and up to date. For example, as social networking sites grow and evolve, so do the scams social engineers try to use there; see 5 Facebook, Twitter Scams to Avoid and 5 More Facebook, Twitter Scams to Avoid.

The National Cyber Security Alliance recently launched a 'Stop.Think. Connect.' campaign to get users to give more thought to their online behavior so they recognize social engineering cons before they get in trouble.

But it isn't just the average employee who needs to be aware of social engineering. A study conducted in 2010 found executives are actually the easiest targets. In Social engineering: 4 reasons why executives are the easiest targets Jayson Street, a security consultant and CIO of Stratagem 1 Solutions, says executives are soft targets for many reasons, including a lax security attitude and their tendency to use the latest technology—even before it is properly vetted.

Although it's a tactic to use with great caution, fear of embarrassment is a strong motivator. Nobody likes to look foolish, and a successful social engineering test does make the victim feel foolish. This is partly why storytelling works—the reader or listener feels empathy for the person who "got suckered."

Consider this factor if you choose to design an in-house social engineering penetration test. A little embarrassment will put everyone on their toes; crossing the line to humiliation will only make employees angry.


Are there any tools to help make this process more effective?
A number of vendors offer tools or services to help conduct social engineering exercises, and/or to build employee awareness via means such as posters and newsletters.

Also worth checking out is social-engineer.org's Social Engineering Toolkit, which is a free download.

The toolkit helps automate penetration testing via social engineering, including "spear-phishing attacks", creation of legitimate-looking websites, USB drive-based attacks, and more.

---

Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com

6 dirty secrets of the IT industry II

The classic illustration of this principle occurred in January 2012, when U.S. and New Zealand authorities shut down Kim Dotcom's MegaUpload file locker in January 2012. Along with a trove of allegedly pirated movies, the authorities confiscated the data of thousands of law-abiding customers and refused to return it. Whether those customers will ever get their data back remains unresolved.

"The risk of seizure is real," confirms Jonathan Ezor, director of the Touro Law Center Institute for Business, Law and Technology. "If there is any legal basis for law enforcement or other government officials to seize storage devices or systems -- which may require a warrant in certain circumstances -- and those systems contain data of both suspects and nonsuspects, all might be taken. Ultimately, any time an organization's data are stored outside of its control, it cannot prevent someone from at least gaining access to the hardware."

Users who want to protect themselves against this worst-case scenario need to know where their data is actually being kept and which laws may pertain to it, says David Campbell, CEO of cloud security firm JumpCloud.

"Our recommendation is to find cloud providers that guarantee physical location of servers and data, such as Amazon, so that you can limit your risk proactively," he says.

Encrypting the data will decrease the chance that anyone who seizes it will be able to read it, adds Ezor. Another good idea: Keep a recent data backup nearby. You never know when it might end up being your only copy.

Dirty IT secret No. 4: Your budget's slashed, but the boss has a blank checkRFPs are for peons

In virtually every midsize or larger organization, there are two ways to get purchases approved, says Mike Meikle, CEO of the Hawkthorne Group, a boutique management and information technology consulting firm. There's the official purchasing procedure -- a time-consuming process that forces you to jump through more flaming hoops than a circus act. And there's the special procurement diamond lane, available only to a special few.

"People at the senior leadership level have their own procurement pipeline," he says. "What takes an IT person eight months to obtain through official channels these execs can get in a few weeks, if not sooner. It's what I call the Diamond Preferred plan. I've never worked with an organization in government or private industry that didn't have a secret procurement path."

The purpose of the official procurement process is to make it harder for employees to spend the company's money, says Meikle -- unless, of course, they know the secret handshake. Unfortunately, he adds, the CIO is usually not a member of this club, which means large tech purchases can be made without serious cost benefit analysis or consideration of IT's strategic vision. 

"They'll go out to lunch, a vendor will whisper sweet nothings in their ear, and the next thing you know they've spent half a million on a mobile application management solution, not realizing you already had one," he says. "Now you have two."

Not so, contends a private consultant to the military and Fortune 100 companies who asked to remain unnamed. While there are cases where organizations may bypass standard procurement procedures, it's almost always for something the IT department needs right away and doesn't want to waste weeks cutting through red tape to get it, he says.

"Nontechnology executives don't know enough about IT to make a large purchase decision," he adds. "If a senior executive circumvents the procurement process, that purchase order has to have a signature on it before the supplier will ship it. If anything goes wrong with that technology, the executive would be accountable and traceable. That's like kryptonite to those guys." 

Dirty IT secret No. 5: You're getting the short end of the customer support stickThat technician is just another script kiddie

Stop us if this sounds familiar: You're on the phone with a support technician halfway around the globe, but you get the distinct impression they know less than you do and are just reading from a script. Guess what? They probably are.

"IT support is a cheap commodity," says Tim Singleton, president of Strive Technology Consulting, a boutique support firm catering to small and midsized businesses. "Tools that do most of it for you are free, and computers require less knowledge now than they used to. Your neighbor's daughter or the tech-savvy guy in accounting can probably fix your computer as well as any IT company."

But some say that assessment is too broad. While that may be true for the simplest problems, it's not true for more complex ones, notes Aramis Alvarez, SVP of services and support at Bomgar, which makes remote IT support solutions for enterprises.

"The problem with calling IT support a 'cheap commodity' is that not every problem is created equal," says Alvarez. "Some basic issues can be diagnosed by any tech-savvy person, but difficult ones, such as viruses, cannot. Your neighbor's daughter may be armed with enough knowledge to be dangerous, but she could end up destroying the data on your computer."

Then you may end up paying much more later to clean up the mess, adds Joe Silverman, CEO of New York Computer Help -- which often happens when companies cut corners by shortchanging or overburdening internal IT support.

"We have gone to many NYC offices and apartments to see the leftover tracks of a shoddy computer repair or IT job from another company, family member, or friend who acted as the go-to IT guy," he says. "The guy in accounting who sometimes takes care of computer issues is most likely too busy and too inexperienced to fix a failed hard drive, motherboard, or power supply. If the network or server crashes, do you want to really depend on your accounting guy to get the job done, or a senior network engineer with 20 years of experience?"

Dirty IT secret No. 6: We know a lot more about you than you thinkGoing all in on data collection

Think the NSA has you under surveillance? They're punks compared to consumer marketing companies and data brokers.

One of the biggest offenders are casinos, says J.T. Mathis, a former casino database manager and author of a self-published expose about his experience titled, "I Deal to Plunder: A Ride Through the Boom Town." When you enter a casino, you're gambling with more than just money -- you're risking your most personal data. Mathis estimates that his former employer's marketing database contained the names of more than 100,000 active and inactive gamblers.

"From the moment you enter the casino, everything you do is tracked," says Mathis. "If you sit down at a slot machine, they know exactly where you're at, how many times you've pulled the handle, and how much money you're putting in. They know you like to eat at 4:30 and order the lobster platter. They know your favorite cigarettes and wine and whether you watched porn in your room. And when you arrive during the summer they know the lady you're with is not your wife, so employees make sure to call her Cindy and not Barbara."

Former casino executive and LSU professor Michael Simon confirms Mathis' story. But, he adds, it's not that much different than the kind of data collection performed by companies like CVS, PetSmart, or Amazon.

"I teach an MBA class on database analysis and mining, and all the companies we study collect customer information and target offers specific to customer habits," he says. Simon, author of "The Game of My Life: A Personal Perspective of a Retired Gaming Executive," adds, "It's routine business practice today, and it's no secret. For example, I bring my dog to PetSmart for specific services and products, and the offers they send me are specific to my spending habits, and I like that. PetSmart on the other hand gives me what I want instead of wasting time sending me stuff I won't use like discounts on cat food or tropical fish."

One thing that is different: When Mathis was laid off in May 2012, he still had copies of the database in hand. When he tried to return it, he was out of luck -- the casino refused to return his calls. Talk about gambling with your data.

---

Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com

6 dirty secrets of the IT industry

IT pros blow the whistle on the less-than-white lies and dark sides of the tech business

IT pros usually know where the bodies are buried. Sometimes that's because they're the ones holding the shovel.

We asked InfoWorld readers to reveal the dirtiest secrets of IT -- the less-than-white lies and dark sides of technology that others may not be aware of. We then ran those "secrets" through a BS detector, fact-checking them with experts in the relevant field. In some cases the experts concurred, in other cases they did not.

[ Also on InfoWorld: Take heed, young techies, of these 10 hard-earned lessons of a lifetime in IT and beware these 7 fatal IT mistakes that will get you fired. | Think you got it bad? Check out InfoWorld's dirty IT jobs hall of shame for a dose of perspective. | Get a $50 American Express gift cheque if we publish your tech tale from the trenches. Send it to offtherecord@infoworld.com. ]

Do sys admins wield power far beyond the CIO's worst nightmares? Are IT employees routinely walking off with company equipment? Can the data you store in the cloud really disappear in an instant? Are you paying far too much for tech support?

Read on to find out what our leakers and experts believe.

What's the biggest IT secret you know about? Spill the beans below. (6 Comments.)

Dirty IT secret No. 1: Sys admins have your company by the short hairsWhen the IT fox is guarding the data hen house

Anyone who's followed the Edward Snowden story knows what kind of damage a sys admin with an agenda can do. But even IT people may not realize the full range of unfettered admin access and the kinds of pain it can bring.

"There are no secrets for IT," says Pierluigi Stella, CTO for managed security service provider Network Box USA. "I can run a sniffer on my firewall and see every single packet that comes in and out of a specific computer. I can see what people write in their messages, where they go to on the Internet, what they post on Facebook. In fact, only ethics keep IT people from misusing and abusing this power. Think of it as having a mini-NSA in your office."

This situation is more common than even most CIOs are aware of, says Tsion Gonen, chief strategy officer for data protection firm SafeNet.

"I'd estimate this is true in 9 out of 10 organizations," he says. "Enterprise security is only as secure as the ethics of trusted IT administrators. How many of them have sys admins who abuse their access privileges is harder to say -- but enough to hit the news almost every week. The scariest thing is that the same people who present the greatest risk are often the very people who approve access."

David Gibson, VP of Varonis, a data governance solution provider, agrees that admins are often able to access data they shouldn't without being noticed, but he puts the number closer to 50 percent. He adds it's not just the admins; most users have access to far more data than they need to do their jobs.

He says the solution comes down to getting a better handle on two things: reducing access to get to a "least privilege" model, and continuous monitoring of who is accessing data.

"The organization needs to be able to see who has access to what data, who the data belongs to, and who has been accessing which files," he says. "From there, IT can involve the data owners directly to make informed decisions about permissions and acceptable use."

Dirty IT secret No. 2: Your employees may be helping themselvesWhen "retired" IT assets enjoy a surprise second career

Old tech equipment rarely dies, it just finds a new home -- and sometimes, that home is with your IT employees.

"Employee theft of retired equipment is commonplace," says Kyle Marks, CEO of Retire-IT, a firm specializing in fraud and privacy compliance issues relating to IT asset disposition. "I have never met someone from IT that doesn't have a collection of hardware at home. To many, taking retired equipment is a victimless crime. Most don't view it as a security threat. Once equipment is retired, they act like it is fair game."

The problem with taking equipment bound for the scrap heap or the recycling bin is that it often still contains sensitive data, which if lost could result in massive liability for the company that owns the equipment, says Marks. And, of course, it is still theft of company equipment.

"Theft and fraud are serious situations that create massive privacy liability," he adds. "A capricious IT insider can have costly consequences if left unchecked. Yet in most cases, the people responsible for making sure assets are disposed of properly -- with all data removed -- are in IT. Organizations need to have a 'reverse procurement' process that assures assets are retired correctly."

But does every IT employee really steal old hardware? A veteran of the IT asset disposition industry, who asked to remain anonymous, says the problem isn't nearly as commonplace as Marks makes it out.

"I'm not saying that theft is nonexistent," he says. "I am simply stating that I have never met anyone in the industry with that particular mind-set."

Most equipment that goes missing is simply lost for other, less nefarious reasons -- like it was shipped to the wrong place, he adds.

"It sounds like a bad generalization when in essence a lot companies pride themselves on providing secure services and act in a way that is completely honest and full of integrity."

Dirty IT secret No. 3: Storing data in the cloud is even riskier than you thinkAll the security in the world won't help when Johnny Law comes knocking

Storing your data in the cloud is convenient, but that convenience may come at a high price: the loss of your data in a totally unrelated legal snafu.

"Most people don't realize that when your data is stored in the cloud on someone else's systems alongside the data from other companies, and a legal issue arises with one of the other companies, your data may be subject to disclosure," says Mike Balter, principal of IT support firm CSI Corp.

In other words, your cloud data could be swept up in an investigation of an entirely unrelated matter -- simply because it was unlucky enough to be kept on the same servers as the persons being investigated.

---

Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com

Firefox community roiled by Java crackdown

Mozilla's decision to stand firm on a move to block Java except on a click-to-play basis has admins and developers frustrated.

The Firefox web browser will, henceforth, require users to manually activate Java objects on sites that they visit, Mozilla has confirmed. The change is aimed at improving security and moving away from a dependence on proprietary plug-ins, but critics say it will cause untold headaches for developers, admins and less-technical end-users.
Java

When a page that features Java elements is loaded, a red security warning will display in the address bar – clicking on this will provide the option of activating Java. Many of those opposed to the change say that less technically savvy users might either miss the warning or simply decline to click through, out of a fear that they are compromising their security.

[MORE SOFTWARE: Study: Despite bright, shiny rivals, good old Office still rules at work]

Java is a key underpinning of a vast amount of rich web content, including everything from games to line-of-business apps, despite its long-standing role as a major target for malicious online activity. Requiring users to click past a warning that the plugin may be unsafe before running any Java content could head off some security threats, but it’s also likely to break Java apps designed to run automatically and generally create a less convenient web experience for Firefox users.

At the center of the controversy is Mozilla engineering manager Benjamin Smedberg, who has remained resolute on the issue. He’s received the bulk of community outrage in a lengthy bug tracker thread, which features several lengthy diatribes about the disruptive nature of the change.

It was pointed out, as well, that Java is also currently blocked by default in Google Chrome, though one discussion participant argued that Google’s interface for activating Java – a simpler and more obvious drop-down bar that states “java needs your permission to run” – is more suitable.

In an announcement of the prospective change last month, Smedberg urged web developers to move away from the use of plugins like Java.

“Even though many users are not even aware of plugins, they are a significant source of hangs, crashes, and security incidents. By allowing users to decide which sites need to use plugins, Firefox will help protect them and keep their browser running smoothly,” he said.

The change seems likely to be a further damper on Firefox’s reputation among institutional users, many of whom will have a lot of work to do to prepare end users and their own code. Mozilla’s move to a rapid release schedule was not well received by businesses, and the company eventually added a long-term support track to help address concerns.

But Mozilla is one of the prime movers behind the general trend toward more open web technology, and may simply find the prospect of accelerating HTML5’s ongoing replacement of older plug-in-based frameworks too tempting to pass up.

---

Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com

How startups should sell to the enterprise

CIOs sound off at DEMO Fall 2013 about the best – and worst – ways to establish business with them.

DEMO is all about startups pitching their new products, but a panel discussion on Thursday turned the tables, with CIOs telling startups what they can do to win business in the enterprise.

The panel was moderated by CITEWorld editorial director Matt Rosoff and featured Dish Network CIO Mike McClaskey, BDP International global CIO Angela Yochem, EchoSign co-founder Jason Lemkin, and Workday strategic CIO Steven John.

Citing the growing reach of technology into new departments of the enterprise, Lemkin warned that buying decisions for technology all eventually come back to the CIO. Even though other areas of the company may make small or even moderately sized purchases, CIOs may take note of the vendors that circumvent them when making the sale, and could block them from any future business. What seems like a short-term win could turn out to be a long-term problem.

However, some startups have been able to sell to enterprise customers after taking an alternative route. Yammer, for example, was mentioned during the panel as a company that gained traction with lower-level employees, often without the knowledge of the CIO. Once Yammer started to attract attention from executives, it embraced CIOs and scaled to meet their needs, satisfying both an enterprise customer’s users and decision makers.

Similarly, McClaskey mentioned the opportunity afforded through consumer technology outlets, such as the Google Play and Apple App Stores. Almost all CIOs use multiple devices that access these outlets, and if they come across a potentially useful enterprise technology while using a personal device, they’re more likely to seek more information about it later on.

Flexibility was mentioned as a key aspect for startup companies that are lucky enough to land large customers early on. McClaskey cited two cases in which Dish opted to work with startups. One of the most important aspects of the relationships was the younger companies’ willingness to incorporate Dish’s input on the product. The startups’ product development teams worked directly with Dish to help adjust aspects of the product to accommodate their needs. This is important not only to sustain business with early customers, but to help attract new customers in the future.

Lemkin cited the importance of use cases and references when trying to attract customers as a young company. Those that are willing to adapt in order to establish strong relationships early on will be more likely to build similar relationships with new customers.

The panel also discussed the importance of maintaining trust with customers and other connections throughout the IT industry. John cited trust as a main factor in all business decisions, from engaging in new business to hiring employees. Decision makers in large enterprises are more likely to side with people who they can trust, whether that trust comes directly from previous business or from word-of-mouth recommendations from others in the industry.

Yochem pointed out the benefit of establishing a good relationship even when failing to complete a sale. Regardless of how a discussion on new business goes, the connection made in the process is still valuable. Another important and often overlooked consideration is asking around for any other potential customers. Even if a potential customer company isn’t in a position to make a purchase, they might know of others who are. Yochem advised salespeople at startups to end every conversation with a potential customer by asking if they know anyone else they should talk to.

The panelists also gave valuable insight into the most effective, and ineffective, methods of engaging an enterprise customer. McClaskey mentioned being “bombarded” with cold calls, emails and webinar invites from sales representatives, and often even from third-party companies hired to do this work for them. These requests often receive the lowest priority, sometimes for no other reason than that they get lost in the white noise created by all the companies that want their business.

The best way to connect with a CIO, according to McClaskey, is through mutual connections – analysts, partners, references, or other companies they’ve done business with.

Similarly, Lemkin also warned against bringing in outside employees to head up their sales operations too early on. Most entrepreneurs won’t have a clear idea of what they want in a president or vice president of sales until they’ve made a handful of meaningful sales on their own. He advised startups to hold off on hiring a sales vice president until they’ve made two sales to CIO-type customers, and to learn from that experience.

For young companies selling tech products and services, Lemkin said the CIO is their best ally. Following his advice, and that of his colleagues, may set one startup apart from the rest of the crowd.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

VCPC510 VMware Certified Professional on vCloud

---

QUESTION 1
-- Exhibit –



-- Exhibit --
Click the Exhibit button.
An administrator needs to modify the range of static IP addresses available to the network in
question. The administrator clicks on the Network Specification tab and is presented the options
shown in the exhibit, which cannot be selected.
What is a possible cause for this issue?

A. The administrator does not have the vShield Manager role.
B. The administrator does not have the organization administrator role.
C. The vShield Edge appliance has been powered off and is inaccessible.
D. The network in question is a direct connected external organization network.

Answer: D

Explanation:

---

QUESTION 2
-- Exhibit –



-- Exhibit --
Click the Exhibit button.
When adding storage in the Provider vDC wizard you don’t see the intended Storage Profile. What
could be the cause?

A. The Storage Profile has not been created in vCenter.
B. The Storage Profile has been named with more than 5 characters.
C. The Storage Profile is set by the Org vDC wizard
D. The Provider vDC combines all storage profiles into *(Any)

Answer: A

Explanation:

---

QUESTION 3
-- Exhibit –



-- Exhibit --
Click the Exhibit button.
Which External Organization Network type is being created in the Organization Network Creation
Wizard?

A. External port group-backed
B. External VLAN-backed
C. External Direct
D. External Routed

Answer: C

Explanation:

---

QUESTION 4
-- Exhibit –



-- Exhibit --
Click the Exhibit button.
ACME has a virtual machine with an IP address of 192.168.0.51. It is running an SMTP mail
service and is unable to communicate from the assigned network. The network is an External
Routed network with the firewall rules displayed in the exhibit.
Which configuration change would correct this behavior?

A. Set the Destination IP address to 192.168.0.51.
B. Disable the Web Services rule for the Incoming Traffic Type.
C. Change the ACME External rule Traffic Type to Incoming.
D. Set the ACME External rule to Allow.

Answer: D

Explanation:

---

QUESTION 5
-- Exhibit –



-- Exhibit --
Click the Exhibit button.
Which External Organization Network type is being created in the Organization Network Creation
Wizard?

A. External port group-backed
B. External VLAN-backed
C. External Direct
D. External Routed

Answer: D

Explanation:

---

Best VMware Certification, VMware VCPC510 Training at certkingdom.com

Ballmer hammers home Microsoft's 'high-value' strategy in final letter to shareholders

Ballmer hammers home Microsoft's 'high-value' strategy in final letter to shareholders
Unlike last year, no surprises in CEO's last letter to investors

In his last letter to shareholders before retiring, Microsoft CEO Steve Ballmer hammered on the same themes he and other executives struck three weeks ago in front of Wall Street analysts.

Among the strategies Ballmer outlined in his shareholder letter were the ongoing transformation of Microsoft to a "devices-and-services" company -- a massive turn from its history as a purveyor of packaged software -- and its continued reliance on enterprise sales to drive the firm's revenue.

This year's missive was not as revolutionary as 2012's, when Ballmer first publicly floated the idea of devices and services, saying, "It truly is a new era at Microsoft."

On Monday, Ballmer spelled out the corporation's mission statement with as much loquaciousness as when he spent 2,700 words this summer trumpeting the "One Microsoft" strategy and the resulting reorganization.

"We declared that Microsoft's focus going forward will be to create a family of devices and services for individuals and businesses that empower people around the globe at home, at work and on the go, for the activities they value most," wrote Baller [emphasis in original].

Microsoft has used that phrasing before, as has Ballmer, including in his July letter to employees and on Sept. 19 when the company hosted a half-day event where executives spoke to Wall Street analysts.

The company has said that it plans to stick with the strategy swivel no matter who is appointed Ballmer's successor, a stance that has irritated some analysts but that was likely cemented when Microsoft announced last month that it would acquire parts of Finnish phone maker Nokia for $7.2 billion. "[The Nokia acquisition] will accelerate our growth with Windows Phone while strengthening our overall device ecosystem and our opportunity," Ballmer promised shareholders Monday.

Ballmer also said that Microsoft would rely on its strength -- its dominance in the enterprise -- to generate revenue, putting consumer services as a step-child for, and step toward, commercial wins.

"We will primarily monetize our high-value activities by leading with devices and enterprise services," Ballmer said. "In this model, our consumer services such as Bing and Skype will differentiate our devices and serve as an on-ramp to our enterprise services while generating some revenue from subscriptions and advertising."

"High-value" was a buzzword Ballmer used repeatedly in his letter -- seven times altogether -- and more often than he wrote "employees" (1), "strategy" (6), "customers" (3), or "family of devices" (3), the watchword of his July memo.

Ballmer's message about enterprise was virtually the same as the one he gave to financial analysts last month. Then, he said that Microsoft knew how to monetize services to businesses.

"How do we get our services to be popular on non-Windows devices?" Ballmer asked rhetorically during the Q&A with analysts on Sept. 19. "With the enterprise we kind of know how to do that. You walk into the enterprise, you say sign up for Office 365, you say we're going to embrace your iPads and your iPhones, and blah-de, blah-de, blah. We know how to do that. We know how to get paid. Life feels pretty straightforward."

But when it came to consumers, Ballmer tacitly admitted last month, Microsoft faces an iffier sales pitch.

"How do you monetize high-value activities? Amy [Hood, Microsoft's CFO] talked about the three bubbles: devices, consumer services and enterprise services," noted Ballmer. "The two that are most easily monetized, in fact, are devices and enterprise services. Consumer services, as we say, are tough."

Industry analysts saw the prioritization of enterprise in the Sept. 23 introduction of the revamped Surface line, especially the it's-a-tablet-no-it's-a-notebook Surface Pro 2. Ross Rubin of Reticle Research read Microsoft's emphasis on the Surface Pro 2's ultralight notebook-like characteristics as consistent with the strategy to focus on the enterprise over consumers, for example.

While Ballmer gave a quick summary of the restructuring he launched three months ago -- "We are well underway," he said, of the shuffling of executives, personnel and responsibilities -- he said nothing of the search for his replacement.

That search, which conceivably could take until late August 2014, has been the subject of much rumor and discussion by pundits and analysts, but no clear leading candidate has emerged. Among those most often mentioned as possible successors have been Alan Mulally, CEO of Ford Motor; Paul Maritz, a former Microsoft executive and most recently the CEO of VMware; Tony Bates, who joined Microsoft after it bought Skype, and who now leads business development and evangelism; and Stephen Elop, the former CEO of Nokia who will return to Microsoft once the acquisition closes early next year.

Ballmer also reminded everyone that although he will soon step down as CEO, he will remain a major stockholder. "I'm optimistic not only as the CEO but as an investor who treasures his Microsoft stock," Ballmer wrote Monday.

That was muted in comparison to his comments last month before Wall Street analysts.

"I am very long on Microsoft. I believe in the company as an investment," Ballmer said. "I believe in what the company can do. I believe in the people and talent that are here. And at least this one shareholder will absolutely be cheering every day, from the day I'm not working here on. I'm Microsoft, if you will, all over."

As of Sept. 13, Ballmer controlled about 4% of the company's shares for a paper value of approximately $11.1 billion at Monday's closing price. Co-founder and current chairman Bill Gates owns about 4.5% of Microsoft's shares, but because he sells about 80 million shares annually under a pre-set plan, by this time next year -- assuming Ballmer retains his shares -- Ballmer will be the largest individual stockholder.

Ballmer is up for reelection to the Microsoft board of directors when shareholders meet Nov. 19.

---

Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com

iPad 5 rumor rollup for the week ending Oct. 1

Smaller Apple iPad, bigger iPad, mini 2 delays, and date debate

The iOSphere knows so much about the iPad 5 and iPad mini 2 that it's easy to overlook how little it really knows.

A video of an alleged iPad 5 rear casing confirmed that the Next iPad will be somewhat smaller than the current one. Unless it’s much bigger than the current one. Anguish blew through the iOSphere over claims that unnamed production problems will delay full-scale release of the iPad mini 2 until early next year. And, based on nothing except looking at the calendar one year after the last iPad announcement, confidence is high that the new tablets will be announced Oct. 25.

You read it here second.
Thanks to a plethora of rumors, leaks, photos and videos we have a good idea what to expect from the iPad 5 when it arrives, but there are still some parts of the iPad 5 that remain up in the air.
— Josh Smith, GottaBeMobile, who was, nevertheless, unable to identify any specific feature, beyond the possibility of new rounded instead of sloping edges, for the iPad 5.

iPad 5 will be smaller than current iPad, but not by much

A video posted by a Chinese parts supplier, sw-box.com, compares the current iPad and iPad mini with a slate-gray rear housing alleged to be that of the iPad 5. Finally, someone in one of these dealing-in-stolen-property revelations actually uses a tape measure to compare the sizes.

And it turns out that the iPad 5 will be a little bit smaller than the current model.

[SLIDESHOW: 20 essential business apps for iPads and iPhones]

MacRumors apparently was the first to pick up on the video post.

The Youtube video itself is very straightforward, showing all three devices in a line, and then looking at the iPad 5 housing in more detail.

Here are the measurements, converted into inches:
Width x Length
iPad 4 - 7.31 x 9.49
iPad 5 - 6.67 x 9.42
iPad mini - 5.41 x 7.87

According to the video, iPad 5 is a smidgen thinner than the current iPad: 0.28 inches versus 0.37. If this is an actual iPad 5 rear housing, then the new tablet will be about one-half inch less wide, a teensy bit shorter, and about one-tenth of an inch thinner. The screen size and display area, presumably, will remain unchanged, with a 9.7-inch diagonal panel.

These figures would fit with the long-held belief that the sides (or bezel) of the front “frame” around the display will be thinner, but the top and bottom of the frame will be very close if not identical to the current model. The new casing is also somewhat lighter. Whether that will translate into a lighter finished product may depend on whether or how Apple has changed other components, including the display panel.

For most rumoristas none of this is new, though Business Insider’s Dylan Love seems stunned by the video. “According To This Leak, The 'iPad 5' Will Have A Completely New Design That Looks More Like The iPad Mini,” is the headline to his post. The Completely New Design, based on the rear housing in the video, means a body with rounded edges.

iPad 5 will be bigger than current iPad, by a lot

Apple is actively working on a 12-inch iPad model with Quanta, a Taiwan based contract manufacturer, according to the resurgent rumor of a larger-screened iPad.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Enterprises more accepting of Android, while Windows is losing ground

Only 26 percent of enterprise staff are very interested in developing mobile apps for Microsoft's OSes, according to a new survey

Enterprises are increasingly interested in developing apps for Android-based smartphones and tablets, showing how Google's OS is becoming more accepted, according to a poll. At the same time fewer are willing to spend resources on Microsoft's OSes.

For the second time, cross-platform tool company Appcelerator has queried IT directors, CEOs, development directors, CTOs and people in a number of other roles what their priorities are in the mobile market. The results hint at how the enterprise arena is slipping away from Microsoft, while at the same time acceptance for Android is growing and iOS is the number one priority.

As part of the survey, Appcelerator asked the 804 participants how interested they were in developing consumer and enterprise apps for the various mobile platforms. Apple was on top, with 80 percent saying they were very interested in developing applications for the company's smartphones and tablets, which is roughly the same response elicited by the first quarter version of the survey.

The third-highest priority was Android-based smartphones, which 71 percent of the respondents said they were very interested in, an increase of 7 percentage points from the first quarter. But unlike Apple, Google and its hardware partners have so far failed to convince enterprises that Android-based tablets are as important as smartphones based on the OS. Fifty-nine percent stated they were very interested, though that was an increase compared to 52 percent during the first quarter survey.

"Android interest is increasing ... there are probably a few reasons for that. One could certainly be because of Android's strong overall market share and with BYOD enterprises have to build apps for multiple platforms," said Nolan Wright, co-founder and CTO at Appcelerator.

After that there is a big gap down to Windows-based smartphones and tablets, at 26 percent and 25 percent, respectively, compared to 29 percent and 30 percent in the first quarter study. To add insult to injury more than 60 percent thought that Windows 8 would ultimately fail as a mobile platform.

"That is probably a reflection of market demand. I think Windows hasn't done too well in the market, and the interest for developing apps is following that. It will be interesting to see what happens with Nokia," Wright said.

Earlier this month Microsoft announced it would buy Nokia's Devices & Services business in an effort to beef up its mobility push. Wright thinks the deal could help change Windows' fortunes.

"From what we hear there is a genuine interest in the enterprise for Microsoft to have viable products. So it certainly still has an opportunity," Wright said.

But Microsoft isn't the only vendor struggling to drum up developer interest for its platform. Only 12 percent said they were very interested in developing apps for BlackBerry phones, which is two percentage points better than in the first quarter study but still a much smaller share than competing OSes.

On Friday, BlackBerry said it would as part of its efforts to stay alive refocus on enterprises. To succeed the company will have to convince them to use its devices, and an important part of that is making sure apps are available.

For enterprises that want to build applications for multiple platforms at the same time, HTML5 is an option. Sixty percent of the respondents said they were very interested in developing mobile, HTML-based Web apps, making them a higher priority than native applications for BlackBerry and Windows devices as well as Android-based tablets.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

IT hiring: Your text resume is soooo last century

Goodbye, boring CV. Today's tech resumes are tricked out with video, social and graphic elements.

Tim Ondrey has glimpsed the future of the job-search market, and it's going multimedia.

Already, he has had one friend using a blog and a 30-second video to apply for a marketing job and another, an IT colleague, interviewing via Skype for a developer position.

Ondrey figures it's just a matter of time before he -- and everyone else -- uses more than just an old-fashioned resume to land his next job.

"I'm kind of nervous about it, but we're all going to be in that same boat, figuring out what works and what doesn't," says Ondrey, an active member of the SHARE user group. An applications report specialist at Marist College in Poughkeepsie, N.Y., Ondrey isn't currently looking for a job, but, like a lot of his colleagues, he keeps an eye on the market.

What he's seeing is that video, graphics and social media are becoming part of the job-search landscape. Recruiters and hiring managers say younger workers, who grew up online and use FaceTime more than landlines, are more apt to show off their assets via personal websites, blogs, videos, and online portfolios with embedded examples of current work and links to online communities in which they're active.

It's no coincidence that LinkedIn recently began encouraging its users to amp up their profiles with videos, illustrations, photography and presentations. And Toronto startup Vizualize.me has attracted 200,000 users to its tool, still in beta, that turns text-based resumes into online infographics.

"People are open to new formats, new ways of presenting credentials," says John Reed, senior executive director of Robert Half Technology, an IT staffing firm based in Menlo Park, Calif. "People are trying to figure out how to stand out in the crowd, how to bring life to their profile and experience, and they're using social media tools to do that."

Reed says that neither he nor his colleagues have seen a lot of applicants submitting videos yet. When they do, they function more like cover letters than resumes. "The videos are 'let me introduce myself before you look at my resume,'" Reed explains. "The companies look at it and say, 'That's cool, that's an interesting twist, that makes the candidate stand out.'"

That's the thinking at the Washington, D.C.-based staffing company Hire IT People LLC. Owner Dan Nandan says his firm is moving into videos as a way to showcase its IT talent.

"We felt they'd have a more powerful impact if a video resume was submitted" in addition to the traditional paper CV. "And it's working," he says, explaining that well-done videos presenting candidates' skills and background "definitely make a big impact."

Nandan recently worked with Neeraj Uppal, a technlology project manager who had made a video in which he talked about his background. The Hire IT People staff used the video to evaluate Uppal and were impressed enough to recommend him to a client company, which led to the conventional application process, with Uppal sending a text resume, then interviewing and getting the job, a contract position.

When technology project manager Neeraj Uppal was looking for a new job, he prepared a video preamble to his resume so companies could assess his presentation and communications skills. "That was definitely a first for me," say Uppal, who credits the video with playing a part in helping him land his current contract position at a large bank.

"I don't know if he was hired based [only] on the video, but it made an impression," Nandan says. "It gets people's attention. If I get 50 emails, and there's one that says, 'Please watch my video,' I will watch the video first."

Video can also function as a second chance for IT hopefuls whose resumes might otherwise be rejected by scanning software looking for specific keywords to quickly, if not always accurately, match qualifications with the position. Those same candidates might be able to hook a hiring manager's interest with a well-crafted video pitch (see Video dos and don'ts for tips.)

Video interviews, pros and cons
Video is playing a larger part in the entire hiring process, not just as a resume accompaniment. For example, many companies now use Skype or other videoconferencing technologies for first-round interviews, rather than in-person meetings, to save time and money while still getting a sense of candidates' interpersonal qualities.

Some companies also use videos, recorded by candidates responding to specific questions, as a screening tool. "That's where I've seen a greater evolution on the video side, because the convenience factor is tremendous," says Dan Pollock, senior vice president of the tech-staffing firm Modis.

Typically a hiring company comes up with five to 10 questions and passes these on to Modis. Candidates for a developer position, for example, might be asked about their responsibilities on a recent project, how they approached those responsibilities and how the project turned out.

Candidates typically travel into a Modis office to record these screening sessions -- Pollock says this ensures good audio and visual quality -- although some candidates do it from their own computers. A SaaS platform from HireVue allows Modis to set a time limit for each response (three minutes) and control the number of retakes (one).

Hiring managers can then view the videos at their convenience, using them to replace phone calls that they had used in the past to screen candidates. "It's much more tailored to the position that they're trying to fill," Pollock says, adding that the videos also show hiring managers whether candidates know their stuff, can think on their feet and can communicate concisely.

Video dos and don'ts
If you plan to submit a video as part of a job application or online profile, or if you've been asked to take part in an interview via teleconferencing, here's what you need to think about before you turn on that camera:

Keep it short. Hiring managers who don't have time for multipage resumes won't have time for lengthy videos or rambling responses either.
Pick a professional, quiet spot. Stay out of Starbucks. And your bedroom.

Have a solid or bland background. Check behind you for distracting artwork, offensive material and unkempt home offices. (Hiring managers say they have indeed seen all of those during video interviews.)

Maintain eye contact by sitting still and looking into the camera. You don't want to fidget or multitask; such behavior wouldn't fly in an in-person interview, so it won't suit a video interview or presentation either.

Dress as you would for a face-to-face interview. (For those who need reminding, that means business attire suitable to the position and the company's culture.)
Guard against interruptions. Shut off your phone. Give the dog a bone, and make sure no one comes knocking at the door.
Don't forget to smile.

Others say video interviews -- either live or pre-recorded -- help by winnowing out candidates who might have Googled answers while on a phone interview, as well as those who lack interpersonal skills, which are of particular importance for IT professionals who interact with customers, executives, board members or the public.

On the other hand, some point to potential problems using video when screening candidates. Some employers wonder if it will open them up to claims of discrimination as they can more easily see traits (age or ethnicity, for example) that they shouldn't use to eliminate candidates. Other tech industry watchers worry that video interviews could unfairly prioritize presentation skills for jobs that don't necessarily require them. After all, coders don't need to come off well on camera to do a bang-up job, the argument goes.

Reed says such concerns keep many companies from adopting video as part of their candidate search and screening process. "Companies don't want to be susceptible to accusations," he says. He points out that candidates, too, often hesitate to use these tools because they're worried about where their videos will reside and for how long.
Resumes gain graphic, social flourishes

That said, video is nevertheless becoming more prevalent in the IT hiring process, just one of the multiple new formats and platforms that candidates are beginning to utilize for job searches. "The resume hasn't changed in the past 40 years. It just feels like it's time for it to evolve, and technology is at a place where it's helping us evolve it," Pollock says.

Pollock says he's seeing candidates successfully use graphics to represent skill sets, responsibilities and accomplishments on or as a supplement to their text-based resumes. Some IT workers, particularly Web designers or UI and UX professionals, maintain online portfolios or submit links to their work.

Others, such as developers, point to their contributions to open-source communities like GitHub. And, of course, job shoppers ignore at their own peril the reach of LinkedIn and, to a lesser extent, other social media sites like Facebook, Google+ or even Instagram.

"[Hiring companies] want to see what people are doing within the tech community, the development space, are they contributing? So I encourage people to have a strong digital profile as well as a resume, and LinkedIn is the primary tool for a strong digital profile," says Doug Schade, principal consultant in the software technology search division at Waltham, Mass.-based search firm WinterWyman.

Schade says savvy candidates know how to leverage social media to separate themselves from the pack. They don't just paste their traditional resumes into their LinkedIn profiles but rather focus on showcasing themselves with links and presentations that highlight their skills and accomplishments.

"There is an opportunity to be more robust with one's persona," Schade says, "because social media is used by hiring managers to gain more intel, gain more insight."

Web developer Avery Anderson gets that. Anderson, 27, graduated in 2008 from the Franklin W. Olin College of Engineering in Needham, Mass., with a degree in mechanical engineering. She worked in the field for a year but decided it wasn't the best fit.

Avery Anderson online portfolio
Software engineer Avery Anderson built a personal website, complete with this skills portfolio page, to highlight her tech talents and emphasize her involvement in the programming community.

Anderson did some contract work in robotics, and then in February 2010 she sought out a Web engineer position at an Internet start-up for wine aficionados called Second Glass. "Web development seemed like a huge opportunity, but I didn't have a lot of experience, so I started with a personal website. It was like, 'See, I can make website.' That got me in the door," says Anderson, who was hired right away.

When she left Second Glass in April 2012, Anderson turned to her website again, tweaking and updating it to reflect more of her skills and personality. She says her site, along with her LinkedIn profile and her account at the online developers' site GitHub, got plenty of traffic; she estimates she was contacted by about 50 recruiters during her two-month job search, contacts that led to nearly 10 interviews -- including some Skype sessions.

She landed a software engineer job with The Minerva Project, a startup that's building an elite online university. Although she was introduced to the organization through a roommate, she says she knows the company checked her out online before she even walked in the door. "People Internet-stalk everyone before meeting in person," she observes.

And even though she's not looking for a new job now, she keeps up her personal website to have what she calls "a landing page" for people who want to know more about her and her work -- a particularly important point as she tries to gain more experience, recognition and speaking engagements.

"It's not just about what jobs you get. Every time you do things like that and work your way into the community more, you make yourself more valuable as an employable person, you build your reputation," she says.

Ondrey, the Marist College applications report specialist, says he and his colleagues are getting that message, so they're beefing up their online professional presence by posting or Tweeting articles they find interesting along with their own commentary. They're updating their skill sets and responsibilities more frequently. And they're adding videos -- both their own and others that are relevant to their field of interest.

There is no replacement for face-to-face interviews, but video is a very powerful format.
Jennifer Taylor, Appirio

That fits with what's happening at Appirio, a San Francisco-based cloud technology company with 650 employees globally.

"We have definitely seen more candidates modify their resumes to include links to their social media profiles," says Jennifer Taylor, Appirio's senior vice president of HR. Resumes now include Twitter handles and links to LinkedIn profiles and to blogs.

The process works both ways, Taylor says; she and her colleagues use social media to reach out to potential prospects. "Often we have found that it's through a Twitter conversation that one of our employees will identify someone in the ecosystem who is contributing unique ideas or products. We use those as an opportunity to say, 'Look at what this person is doing, we should start a conversation with this person,'" she says.

And while she says she hasn't yet received a video resume, she and her hiring managers use video to promote the company to prospective employees as well as to interview candidates -- something they do live using Skype, Google+ and occasionally GoToMeeting with video.

"We still believe that there is no replacement for face-to-face interviews, and we do make that a requirement before anyone is hired. But video is a very powerful format," she says. "It makes information about our company as available as possible, and it gets people familiar with us. It creates some rapport right off the bat. The candidate feels like they're getting to know us and vice versa."

---

Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com

Social media sends Ballmer off with a bang

Reaction to news of Microsoft CEO's forthcoming retirement unsurprisingly noisy, contentious.

The Internet reacted to the news that Microsoft CEO Steve Ballmer plans to retire within 12 months as might have been expected – with a flurry of jeers, opprobrium and the occasional heartfelt farewell.

“Retirement! Retirement, retirement, retirement!” japed redditor trataka, in reference to one of Ballmer's well-known performances at a Microsoft conference.

Fellow reddit user foxmccloudpsu went with “I see you're trying to find a new CEO. Can I help you with that?” and Arizhel bemoaned the loss of Ballmer's influence at Microsoft - “I'm not happy at all. Ballmer needs to stay in charge; he's doing an excellent job of running MS into the ground. I do not want this trainwreck to end.”

[MAIN STORY: Microsoft CEO Ballmer to retire in 12 months]

Much of the reaction on Twitter, by contrast, was surprisingly measured, with much made of the fact that Microsoft's stock price jumped by about 9% following the announcement. Register writer Iain Thomson said that “has got to be more than a little embarrassing.”

Journalist Ed Bott joked that “mainstream support for Steve Ballmer ended in 2009. Extended support ends in 2014,” while a spoof account for tech evangelist Jeff Jarvis snarked “what Microsoft needs is a CEO who thinks big, like Elon Musk.”

Snide comments were unsurprisingly rife on Google Plus as well. Blogger Patrick Jordan weighed in with “I'm sure he's going to be a business school study, for all the wrong reasons.”

Well-known Rackspace startup liaison officer Robert Scoble, as part of a lengthy open letter to Microsoft's board, said that Microsoft under Ballmer “is like that super smart kid who is doing drugs and not living up to its potential.”

Pocket Labs' Gary Royal dug all the way back to antiquity for his zinger, saying that Microsoft's board “no doubt plans to install a Caligula to make Ballmer's Tiberius seem sane, tolerant and kind by comparison.”

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

7 IT security skills certifications on the rise

GIAC IT security certifications, among others, show strong gains in demand

A number of IT security skills certifications requiring candidates to pass exams have sharply gained in terms of demand and pay value, according to a new Foote Partners report.

The “2013 IT Skills Demand and Pay Trends Report” is based on the tracking of the demand for a wide range of IT skills at 2,496 private and public-sector U.S. and Canadian employers for a total of 151,864 IT professionals.

For the second quarter, seven IT security certifications gained 10% or more in market value in terms of demand from the previous quarter, according to Foote Partners. David Foote, chief analyst and research officer, says obtaining certifications in IT skills typically means the worker’s pay gets a boost, often as a bonus for having been certified for certain skills through training and passing an exam of some type.

Foote Partners tracks 61 separate IT security certifications overall, and over the past three months five of the seven hottest are produced by the Global Information Assurance Certification (GIAC) organization, which is affiliated with SANS Institute for training.

The five GIAC certifications singled out are:

Certified Incident Handler, which spiked 22.2% in demand according to the companies reporting to Foote Partners.
Foote says which typically translates into a 1% to 2% pay bonus to the employee holding the security certification.
Certified Firewall Analyst, rising 20%.
Certified Forensics Examiner, up 16.7%.
Certified Intrusion Analyst, up 10%.
Certified Forensics Analyst, up 10%.

Two other IT security certifications were also considered valuable in terms of boosting pay during the past three months.

One of them is the CWNP Certified Wireless Security Professional certification, up 16%, from the Certified Wireless Network Professional organization.

The other is the Infosys Security Engineering Professional certification, known as the as the ISSEP/CISSP certification, and which is up 10%. It recognizes advanced security engineering and was designed by the International Information Systems Security Certification Consortium (ISC2) in coordination with the U.S. National Security Agency.

Foote notes that while trends can show upward spikes in demand, they can also drop in a three- and six-month timeframe. He adds that security spending tends to be driven by corporate need to achieve regulatory compliance.
The GIAC IT security certifications cited in the Foote Partners report were among those considered to provide “the highest pay premiums” along with non-security specific ones, such as the Open Group Master Architect and the EMC Cloud Architect Expert (IT-as-a-Service). “Cloud certifications haven’t been around for a long time, so we’re just starting to put in this data during the past year,” Foote points out.

Other IT security certifications are also ranked among those earning the highest pay premiums, though they didn’t necessarily show the three-month market-value jump. These include the IT security certifications known as the GIAC Security Leadership; Certified Information Systems Security Professional; Certified Information Security Manager; CyberSecurity Forensic Analyst; and the Information Systems Security Architecture Professional (ISSAP-CISSP).

The Foote Partners quarterly report also cited significant rise in market value in a number of non-security-specific certifications, including the CWNP/Certified Wireless Network Expert and CWNP/Certified Wireless Network Administrator certifications. Some HP systems administration certifications rose sharply in value as did some project management certifications. Three Oracle database administrator certifications jumped 10% or more in pay value. However, a number of Oracle certifications also declined 10% over the previous quarter. These decliners were: Oracle SOA Infrastructure Implementation Certified Expert; Oracle Certified Professional Java EE Web Services Developer and Oracle Certified Master, Java EE Enterprise Architect.

The only IT security certification seen as falling 10% or more in pay value in comparison to the previous quarter was the GIAC Certified Penetration Tester certification, which dropped by 33.3%.

The Foote Partners report points out that overall, IT certifications in general have actually been falling in value since 2007, so it’s notable that 289 IT certifications increased last quarter, up 0.84% in value overall. Foote Partners also continuously tracks the demand for IT roles and responsibilities not based on IT certifications.

---

Best GIAC Certification, ISC Training at certkingdom.com