IT WEEK • 20 SEPTEMBER 2004
CONTENTS
40 INTERVIEW Rob Clyde of security specialist Symantec on
the latest techniques to combat growing online dangers
40 COMMENT A Home Office desktop
migration project shows how
training can help firms get more
value from IT and improve productivity, writes Madeline Bennett
37 INTERVIEW Rob Clyde, chief technology officer at security specialist
Symantec, explains how behaviour
blocking and client compliancy
systems can protect companies
MANAGEMENTWEEK
WHERE TECHNOLOGY BECOMES BUSINESS REALITY
Editor: Madeline Bennett
Outsourcing to go on tap
I
T outsourcing services will become
commoditised, making them similar
to utilities, and resulting in cheaper
deals for firms, the UK head of Unisys has
predicted. He forecast that offshore IT
services will also become more popular.
Brian Hadfield, managing director at
the IT services firm in the UK, said the
future of outsourcing would see a move to
packaged offerings and away from one-off,
specialist deals. “We believe the ability to
take an outsourcing venture and grow it
into a utility is important,” he said. “You
get economies of scale, which can be
passed on to the customer.”
Hadfield predicted that demand for
outsourcing would grow in a number of
areas, including supply chain management, logistics and customer relationship
management. “You’ll see a transition from
outsourcing the back office to the middle
and front-end. People will start taking a
look at outsourcing these activities.”
Hadfield predicted that in order to
focus on their core competencies and dif-
ferentiators, more organisaalmost a third of firms are
OFFSHORE OPTIONS
tions will begin to offload
planning to offshore IT infraActivities firms plan to
tasks to outsourcers such as
structure during the next year,
offshore in the next year
Unisys. “We see particular
and the same proportion are
Application
66%
growth in business process maintenance
researching the possibility.
Application
outsourcing,” he added.
Application maintenance
65%
development
Hadfield also anticipated
came top of the list, with
Business
34%
growth in offshore IT outmore than two thirds of
processes
Infrastructure
sourcing. “We do some offcompanies planning to move
30%
management
shore work and have made
this activity offshore in the
Source:Wipro
investments in this area,” he
coming year. And 34 percent
added.“The ability to lower costs by doing
plan to offshore some of their business
work offshore will be attractive to cusprocesses within the same timeframe.
tomers and suppliers.” However, firms are
Spending on offshoring is set to grow.
likely to be selective about the projects and
Almost 90 percent said their organisation
activities sent abroad, he predicted.
would increase its expenditure this year, by
Hadfield acknowledged that offshore
an average of 34 percent.
providers will have to reassure customers
The results indicate that offshoring has
about security and the quality of the end
entered the mainstream, according to Sudproduct, but argued that when offshore
ip Banerjee, president of Wipro’s enterprise
projects run into difficulties it is not always
solutions division.“There is a clear indicathe fault of the service providers.“It might
tion that various global organisations have
be that the activity was the wrong choice
gained confidence to offshore new and
for offshoring,” he argued.
complex service lines like IT infrastructure
IT services provider Wipro agreed with
management and critical business processUnisys that there is growing interest in offes,” Banerjee commented.
www.unisys.com www.wipro.com
shoring. Its recent research suggests that
Analytics to extend BI
Madeline Bennett
such as supply chain management and
sales may help firms to achieve better
yperion will release a new version of
returns from their BI investments.
its analytics software today, to give
Hyperion said the Olap server could
analysts and business users faster and betscale to terabytes of data and provide fast
ter insight into their firms’ operations.
responses to thousands of concurrent
Essbase 7X combines analytics capausers, thanks to Aggregate Storage techbilities with a new intuitive interface, to
nology, which compresses data footprints
help users in sales, logistics and human
and increases query return speeds.
resources departments deal with financial
Hyperion plans to make the latest verand business data, said the business intelsion available on Itanium 64bit systems,
ligence (BI) tools vendor.
which could further improve performance.
A Visual Explorer feature can
The new release also offers better
help users to visualise large data
integration with SAP’s NetWeaver
volumes across a range of business
software and support for Red Hat
dimensions. And drag-and-drop
enterprise Linux, said the firm.
capabilities are designed to make it
Henry Morris of analyst comeasier for technical and non-techpany IDC said, “With the new
nical users to get more insight into
release, scalability is improved,
business operations.
expanding the range of applicaThe ability to conduct finantions that Essbase can support.”
cial and business analysis through Sullivan: better
Hyperion will also release its
a single analytics system in areas profitability tools Profitability Management system
H
itweek.co.uk
Matt Hicks
ANALYSING BUSINESS DATA
today updates its analyt• Hyperion
ics software to make it easier for
•
•
staff to examine business data.
Essbase 7X offers an intuitive interface, which lets users visualise large
amounts of business information.
It may help firms get better returns
from business intelligence tools.
today, designed to help firms understand
their most and least profitable customers,
products, regions and channels.
The software, which integrates with
Essbase 7X, offers reports, dashboards and
advanced analytics to assess areas such as
customer purchasing behaviours, costs of
acquiring new customers, and potential
profitability over time.
Godfrey Sullivan, Hyperion’s president,
said Profitability Management combines
Hyperion’s technology with best practices,
methodologies and services to make it easier for customers to understand profitability at a granular level.
www.hyperion.com
© eWeek USA 2004
Madeline Bennett
Free tools
police P2P
and IM use
IMlogic has issued free tools to help
firms detect and block the use of
instant messaging, peer-to-peer file
sharing and voice over IP applications.
IM Detector Pro offers basic
tools to help IT staff see the extent
of such traffic flowing on their networks and decide how to best manage it, said Dave Fowler, vice-president of marketing and strategic
alliances at the IM control specialist.
With the use of IM and P2P
increasing, firms face the risk of sensitive information being disclosed,
employees illegally sharing copyrighted files, and viruses and worms
entering their networks.
Meanwhile, firms have to comply
with corporate governance rules and
act to prevent copyright abuse.“Ignorance is not a defence in a lot of
these cases, and corporations and universities are just waking up to the fact
that a lot of this is going on and that it
does put them at risk,” said Fowler.
He added that firms could use IM
Detector Pro as a stopgap while
developing more advanced plans to
manage IM and P2P networks.
One reason for IMlogic to offer a
free tool may be to demonstrate a
need for its gateway product for
managing and securing IM, as the use
of IM grows.According to Genelle
Hung, analyst at research firm The
Radicati Group, over 80 percent of
firms have staff using IM or P2P. “But
less than 15 percent have the necessary IM management solutions to protect against security breaches, meet
corporate governance rules or avoid
inappropriate file sharing,” she added.
IM Detector Pro software can be
downloaded at the first URL below.
Threats and defences evolve, p40
www.imlogic.com/imdetectorpro
www.eweek.com
39
© eWeek USA 2004
40 COMMENT How to
get more from staff
MANAGEMENTWEEK
IT WEEK • 20 SEPTEMBER 2004
Why it pays to train
A major desktop migration project at the Home Office shows how training schemes can
help organisations to improve efficiency and get more out of IT, says Madeline Bennett
I
came across an interesting
story recently on the deployment of new IT systems going
hand in hand with staff education. The training in question will
offer a blend of physical presentations and online material.
It seems the Home Office is
upgrading the desktops of its
15,000 staff to Windows XP and
Office XP from older versions of
the operating system. Training
provider KnowledgePool will help
Home Office employees make the
transition to the new system.
This is a good example of the
government following its own
advice by attempting to improve its
operations, using the latest technology. However, simply rolling out
the latest software does not mean
employees will make best use of the
new resources. An IT training
expert at the Home Office points
out that it is largely the training
going on alongside the upgrade to
XP that is expected to improve the
productivity of staff.
For the training package,
KnowledgePool will offer face-toface briefing sessions at various
Home Office sites across England
and Wales, demonstrating the latest
applications and how they differ
from older ones. These sessions will
be supported by an e-learning
package, which focuses on new features in XP and organisational policy for using the latest software.
The mix of instructor-led sessions and e-learning modules, which
will enable users to dip back into
advice after attending training periods, should help most employees get
to grips with the new systems.
So thumbs up to the Home
Office for embarking on such an
extensive training programme,
which seems to cover all eventualities – there’s even a 15-minute video
available for those who miss their
designated seminar. But this good
example of IT education also highlights how most UK organisations
are failing in this respect. According
to the British Computer Society,
fewer than four in 10 adults have
received any kind of formal IT training or achieved an IT qualification.
Although programmes such as
the European Computer Driving
Licence exist, most employers expect
their staff to either come fully
equipped with the required skills for
tasks such as using the internet or
spreadsheets, or rely on colleagues
and on-the-job training.
Some firms worry that if they
provide basic IT training for staff it
will encourage them to try to fix
their own IT problems and might
actually cause more harm than
good. But training courses could
cover exactly this kind of issue, educating users on what they should
and shouldn’t touch.
Other employers express concern that by funding IT training
courses they would simply provide
staff with qualifications that would
help them get jobs elsewhere. But
Threats and defences evolve
Symantec’s Rob Clyde explains how behaviour blocking and
client compliancy systems could improve corporate security
SECURITY INTERVIEW BY IAIN THOMSON
ITWeek: As chief technology officer at security specialist Symantec, what do you
think are the biggest dangers to IT?
Rob Clyde: Virus threats will continue to
drive the business of security. Viruses
attacked 92 percent of firms last year, and
the rest probably were attacked and just
didn’t notice it. The number of malware
attacks has also increased and continues to
rise, as have network intrusion attempts.
Attacks are becoming more complex and
that’s the most troubling aspect.
How can the virus
threat be overcome?
Reactive, signaturebased protection is
becoming less effective. The time from
software patch to ex Clyde: more
proactivity
40
ploit is dropping below the time needed for
companies to install the patch. Even if you
start when the patch is released, most IT
departments will take 30 days to test and
patch a system and hackers are faster than
that now. We’ll still need signatures but a
new, predictive approach is necessary.
What technologies should companies be
looking at now to make their network defences more proactive?
Behaviour blocking looks promising. This
mimics how biology deals with viruses, by
identifying anomalies before they get serious. For example, it’s very unusual for a
normal email message to contain an executable program, so why not quarantine
them when they do? Client compliancy is
another useful approach. When you connect into the network it can check to see if
your system’s hardware and software is
properly protected. If it’s not, organisations
can block off or limit access.
Do you think there will be an improvement in the security of software?
We see 53 vulnerabilities in software products discovered every week, 80 percent of
which are of high severity. This figure of 50
or so a week has hit a steady state and could
be an equilibrium point. Personally, I think
we’re at a knee in the vulnerability curve
and the numbers will continue to rise as
new, more feature-rich operating systems
come on the market.
Do you think that the open-source community is better at patching holes than
commercial software vendors?
With open source, if an individual cares
about a code flaw they’ll fix it fast. If, however, it’s an obscure piece of code it could
languish for years untouched. Commercial
companies will try and patch all problems
within a fixed timescale. Most commercial
vendors are really keen on reporting problems honestly and trying to fix them. I
don’t know of a single vendor who will sit
on a vulnerability – maybe that would have
happened five years ago, but not now.
Is outsourcing a good option for security?
It varies for different industries. Manufac-
this is short-sighted – if companies
don’t offer training, they won’t see
the benefits of a properly educated
and IT-literate workforce.
With properly trained staff,
firms would be in a better position
to identify new ways of using technology to boost business operations
and improve efficiency, while minimising future training costs.
The advantages are clear.
Instead of relying on others –
schools, universities etc – to provide their staff with proper computer training, firms should be
taking it upon themselves to assess
and improve the current IT skills
of their employees. ITW
www.tinyurl.com/5tl6n
[email protected]
ABOUT ROBERT CLYDE
Clyde is chief technology
• Rob
officer at Symantec, where he sets
•
•
the security company’s technology
vision and strategy.
Clyde has over 25 years experience
in the security business, almost exclusively in Fortune 500 companies.
He was part of the founding team
of security firms Axent Technologies
and Clyde Digital Systems.
turing loves to outsource, for example.
Even industries like the banking sector,
that you’d think would do security themselves, outsource some functions. Most
experts suggest that you should never outsource policy development. It makes a lot
of sense for smaller companies to outsource everything but there’s a job of education to be done first.
What advice can you offer IT managers
interested in the security business?
If you’re looking for a long-term lucrative
career, security is where to go. There are very
few computer security PhDs coming out
these days – only 17 in the US last year for
example. We didn’t get any of those, most
stay in academia. Part of the problem is that
this is a new area. Until recently you could
not get a degree in computer security. ITW
itweek.co.uk