I hate it when corporate security is correct!

My laptop runs slow due to encryption.  I can’t use public file sharing sites like dropbox, google drive, etc.  Only some of the mobile functionality is enabled on my smartphone and it is not evenly distributed by operating system such Blackberry, iOS, and Android (due to security).  I don’t even know what we do with Windows Mobile OS?  All of this overhead, oversight, and security is cramping my style and agility and they are correct!

“When everyone is out to get you, paranoia is only good thinking. – Dr. Johnny Fever – WKRP in Cincinnati.

Corporate Security was correct in their thinking.  It looks like there are not just individual criminals and some less than ethical corporations out to get our corporate secrets, but the Chinese Government is actively working to steal them.  I found the NY Times article below unnerving.

I fully understand why governments feel they have the right to protect themselves from other governments.  And I’m willing to acknowledge that technology is part of warfare, but it appears China has bonded its defense strategy to its corporate strategy.  To me, a line has been crossed.  If you want to read the full Mandiant Security report, it is available, but I don’ think you sleep any better at night.  (http://intelreport.mandiant.com/).

Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.

:

Mandiant’s report does not name the victims, who usually insist on anonymity. A 2009 attack on Coca-Cola coincided with the beverage giant’s failed attempt to acquire the China Huiyuan Juice Group for $2.4 billion, according to people with knowledge of the results of the company’s investigation.

As Coca-Cola executives were negotiating what would have been the largest foreign purchase of a Chinese company, Comment Crew [Chinese Army Hacker Unit] was busy rummaging through their computers in an apparent effort to learn more about Coca-Cola’s negotiation strategy.

http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all&_r=0

It appears to me, that if you are going to approach cloud for your corporate assets, you better be very sure that your cloud provider is as focused or even more focused on security measures as your own company.

Losses due to hacking have big dollars associated with them. According to HotForSecurity site, recent reports showed hackers earned $12.5 billion in 2011.  The top 5 incidents that were known are below.  I’m sure many others went unreported.

1. $171 million – Sony
2. $2.7 million – Citigroup ($4B in total losses)
3. $2 million – Stratfor
4. $2 million – AT&T
5. $1 million – Fidelity Investments, Scottrade, E*Trade, Charles Schwab

http://www.hotforsecurity.com/blog/top-5-corporate-losses-due-to-hacking-1820.html

I can’t say what other cloud providers do or don’t do.  I can say that IBM, we always take security very seriously and push it down to the seemingly innocuous layers not just in the cloud data centers, but throughout the company.  And yes, that even means my laptop, iPhone, iPad, etc.  Keep in mind, it only takes one nasty e-mail or one invaded file from shared site to start the rift in your corporate security.

Yes, I still believe the future is cloud – IaaS, PaaS, and SaaS.  We just need to make sure we do it responsibly.  Later, I’ll discuss what we are doing at high level with our two public cloud solutions – SmartCloud Enterprise and SmartCloud Enterprise+ – to make them secure for enterprise computing including SAP.

SAP HANA MCOD – What I really want for my data center

The real SAP game changer will be when I have one (1) HANA DB for all my production applications.  I want single, giant in-memory DB where my ECC, BW, CRM, PLM, SCM, BOBJ, etc. all consume the same data.  I want a row  view for the OLTP ECC-like applications and column view for OLAP BW-like applications.  It would look like the picture below.

What we really need from SAP! The SAP HANA MCOD system.

Right now, I can’t really recommend using HANA on anything but OLAP based applications.  In the future, when we can do the analytic transformations in memory without silly exports, extractors, DSO’s and the like, we will really have a very* different scenario.  For now, the cost of the HANA license and risk of losing transactions only committed to memory is not justifiable.

In this new vision with MCOD, there will be two (2) key issues.  First, how do we support MCOD.  I’ve seen MCOD come and go since 1993 several times. Each time, it was easy to build and impossible to support.  The overlapping requirements became overwhelming. Second, HANA will need a data aging architecture which can age data out of main memory to some slightly slower memory or device.

IBM is working on some important technology, Phase Change Memory, that will be of great value (http://www.zurich.ibm.com/sto/memory/).   It may provide the near DRAM speeds while being cost effective and non-volatile.  Maybe IBM will build out series of servers specifically designed to run in-memory databases such as HANA with massive DRAM and massive PCM capacities.  PCM could then provide the roll-back logs and more at near DRAM speeds. PCM won’t solve the MCOD and data aging problems, but at least the risk of running rapidly transacting OLTP systems would go to near zero and certainly lower than that of even today’s highly cached disk writing databases.

It is going to be a fun watching HANA make it from infancy to toddler-hood.  I wonder how fast she’ll mature.

* Mark Twain said every time a writer was tempted to use “very” in a sentence, they should use the word “damn” and then the editor would strike the word and the sentence would read as it should.