Cyber Jan

JANUARY 2015 VOL. 13 ISS.
01
CYBERTREND.COM
CHALLENGES OF
IT OUTSOURCING
HOW TO MAKE IT
WORK FOR YOUR
ORGANIZATION
WHOLE CHICKEN
Tecumseh Farms Smart Chicken is truly the most natural chicken in the United States. All Tecumseh Farms
products are raised without the use of animal by-products, antibiotics, or hormones, are 100% all-natural, and are
processed using puried cold air instead of adding non-potable waterthats the air-chilled difference.
WWW.SMARTCHICKEN.COM
Volume 13 : Issue 1 : January 2015
41
IT OUTSOURCING CHALLENGES
& HOW TO FACE THEM
8 COVER STORY
IT outsourcing and its underlying complexities
12 BUSINESS
Xerox, its history and its expansion from offering photocopiers to a wide range of enterprise services
18 CLOUD
how cognizant computing stands to affect
future cloud services
20 MOBILITY
enterprise applications and how employees
use them
CONTACT US
P.O. Box 82545
Lincoln, NE 68501
or
120 W. Harvest Drive
Lincoln, NE 68521
THE DARK SIDE OF THE

INTERNET OF THINGS
26 ENERGY
the latest news and research into energyconscious tech
28 IT
benefits of managed service providers, overview of colocation services
54 STORAGE
storage management strategies
58 ELECTRONICS
the latest in premium consumer electronics
60 TIPS
smartphone and business travel tips
38 NETWORKING
software-defined networking, how the
Internet of Things affects enterprise security,
network virtualization solutions
46 SECURITY
how hackers crack make hardware vulnerable, managing enterprise risk, encrypting
endpoints
Advertising: (800) 247-4880

Fax: (402) 479-2104
Circulation: (800) 334-7458
Fax: (402) 479-2123
www.cybertrend.com
email: feedback@cybertrend.com
Copyright 2015 by Sandhills Publishing Company. CyberTrend TM is a trademark of Sandhills Publishing Company. All rights reserved.
Reproduction of material appearing in CyberTrend TM is strictly prohibited without written permission.
Mission-Critical Workload Testing

Vital To Cloud Users
Controlling costs is an often-cited
reason for investing in cloud services, as
evidenced by a recent international survey
conducted by Gartner. In the survey,
44% of respondents said cost reduction
was a top reason for using cloud services, although IT staff and IT managers
rated cost control as the highest concern
whereas senior executives rated it merely
a key benefit. Cost, however, wasnt
the most commonly stated factor overall.
The most commonly cited reasons the
survey found for deploying SaaS [software as a service] were for development
and testing production/mission-critical
workloads, says Joanne Correia, research
vice president with Gartner. This is an
affirmation that more businesses are comfortable with cloud deployments beyond
the front office running sales force automation and email, she adds.
Biggest Big Data Challenges

By and large, enterprises hold an optimistic view of big data as a means of transforming their business for the future, according to a recent Accenture survey. Of those
surveyed who presently have a big data solution, 94% reported that the solution is
meeting their needs, and 99% of those surveyed overall said big data is important to
their organization, with 59% qualifying big data as extremely important. Respondents
admitted to facing big data implementation challenges, however. Below are the top challenges cited.
51% Security
47% Budget
41% Lack Of Talent To Implement Big Data
37% Lack Of Talent To Run Big Data & Analytics Ongoing
35% Integration With Existing Systems
33% Procurement Limitations On Big Data Vendors
27% Enterprise Not Ready For Big Data
0%
10%
20%
30%
40%
50%
60%
Count Em: 30 Billion Connected

Things
Digital Spending Increases

Expected For 2015
35% Of U.S. Smartphone Users

Have Placed Video Calls
The IoT (Internet of Things) phenomenon is akin to the Internet in that it will
involve a massive number of connections
and mean many different things depending
on the myriad ways in which it will be
used. The latest forecast from research firm
IDC puts the worldwide IoT market at
$3.04 trillion in 2020 compared to $1.3
trillion last year. IDC also predicts that
by 2020 there will be 30 billion connected
things, including machine sensors and
computing devices. IDC expects government mandates and more openly eco-conscious cultures in Western Europe and
Asia/Pacific will cause IoT markets to grow
there faster than in North America.
According to a recent Gartner survey

of marketing executives, organizations
reported spending an average of 10.2%
of their annual 2014 revenue on marketing. Fully half of the organizations
surveyed plan to increase their marketing spending in 2015, with an average
increase of 10.4% and a slightly larger
increase (13.6%) planned by companies
who claimed to have outperformed their
competitors in 2014. Digital marketing
occupied 25% of the average marketing
budget for 2014. Of the 51% of organizations that plan to increase their digital
marketing budget, 17% will be the average increase.
The time has apparently arrived for video

calling, as 4G cellular service, Wi-Fi, and faster
smartphones have transformed video calling
from a glitchy and expensive proposition into
an easy option. In fact, a recent Gartner survey
found that 35% of U.S. smartphone-using
respondents have participated in video calls
on their phones. Person-to-person video
calling, especially using smartphones, has
reached very high numbers in the U.S., particularly among the younger demographics,
says Atsuro Sato, senior research analyst with
Gartner. The research firm recommends that
manufacturers continue to improve frontfacing camera technology in response to video
callings popularity.
January 2015 / www.cybertrend.com
Consumers Express Customer

Service Expectations
As of late 2014, 62% of consumers
felt that companies in general met their
customer service expectations, down
from 65% in 2010, while just 5% felt
companies exceeded their expectations.
Thats according to the recently published 2014 Global Customer Service
Barometer from American Express
and Ebiquity, which relied on responses
from 1,000 random adult consumers.
Many respondents believe the current
economy is at least partly responsible
for companies paying less attention to
customer service. In this climate, there
are plenty of opportunities to best the
competition and increase revenues accordingly. The accompanying charts
indicate the service values customers
most appreciate as well as the willingness customers have to pay more for
better service, according to the report.
MOST VALUED CUSTOMER

SERVICE QUALITIES
29%
Empowered To
Take Action
17%
Courteous
33%
Efficient
14%
Human &
Personable
WILLING TO PAY MORE

FOR CUSTOMER SERVICE
29%
Willing To Spend
5% More
18%
Dont Know
24%
Willing To Spend
10% More
16%
Willing To Spend
20% More
14%
Not Willing To
Spend More
7% Consultative
Slow Website vs. The TSA:

Survey Studies Perceptions
Tablets Are Key For BYOD

Programs, Says Gartner
IT Buyers, Vendors Adopting

Cloud-First Strategies
Which is more frustrating: a sluggish website or dealing with the Transportation Security Administration?
The answer, according to a study from
SOASTA and Switchfly, is the slow website, as 57% of those surveyed for the
study answered that they would rather
deal with the TSA than struggle with a
bad website or app. Surveyed over the
2014 holiday season, respondents said
their chief worries about booking travel
over websites were slow-loading sites
(18%), unresponsive sites (18%), sites
crashing (17%), and sites with poor interfaces (10%).
BYOD (bring your own device) programs continue to gain momentum

among enterprises. According to Gartner,
employee-owned devices will outnumber
enterprise-owned devices in the workplace by 2018. While such programs
exist for smartphones, tablets, and laptops, Gartner has found that tablet BYOD
programs are particularly good for businesses. IT leaders can spend half a million dollars to buy and support 1,000
enterprise-owned tablets, while they can
support 2,745 user-owned tablets with
that same budget, says Federica Troni,
Gartner research director.
The cloud services market is entering an

innovation stage, according to IDC, with
cloud-first strategies being adopted by both
IT vendors expanding offerings and IT
buyers implementing new solutions. Over
the next four to five years, IDC expects the
community of developers to triple and to
create a ten-fold increase in the number
of new cloud-based solutions, says Frank
Gens, senior vice president and chief analyst at IDC. Many of these solutions will
become more strategic than traditional IT
has ever been. IDC predicts spending on
public IT services will grow from $56.6 billion in 2014 to $127 billion by 2018.
CyberTrend / January 2015
Small Businesses Rely On Data

To Make Decisions
To what extent are small businesses

using reporting, analytics, and other
types of data to inform their decisions,
and how interested are small businesses
in big data? Constant Contact surveyed
1,200 of its customers to get a handle
on what the answers to these questions
might be. Of those surveyed, 60% are
not using big data and 8% dont think
big data is appropriate for small businesses, but more than three-quarters are
relying heavily on readily available data.
Finding new customers (73%) and retaining existing ones (67%) topped the
list of the ways in which respondents
find data useful. For those that dont
use data, 40% reported not doing so because they dont have time, and 49% say
they dont know where to begin. The accompanying charts provide some other
data insights from the survey.
SMALL BUSINESS DATA USE
PERCEPTION OF THE DATA EDGE
When asked whether they use reporting/analytics data

of any kind for business decision-making, respondents
answered as follows:
When asked whether they believed reporting/analytics

data gave them a business advantage, respondents
answered as follows:
Flexible Display Manufacturers

Ready For Massive Growth
Smart Watches To Erode Smart

Wristband Sale
Demand For 4G LTE Continues

To Grow
According to DisplaySearch, a market research firm focused on the display industry, the market for products
using flexible displays will increase
nine-fold between 2014 and 2015 as
consumers scoop up smart watches,
curvy smartphones, and other flexiblescreen devices. DisplaySearch points
out rapid flexible manufacturing capacity growth as spurring the flexible
display market value, indicating that the
market will exceed $2 billion in 2015,
$11 billion in 2018, and $21 billion in
2021, with a 119% compound annual
growth rate.
Smart wristbands have gained popularity

among consumers, particularly among those
interested in using technology to improve
their fitness and track their activity. Now
that smart watches have hit the market and
manufacturers are preparing to release many
more, consumer interest is beginning to shift
away from wristbands and toward smart
watches, according to Gartner. The research
firm anticipates that 50% of those thinking
about buying a smart wristband this year will
instead purchase a smart watch next year.
Smart watches can increasingly do everything wristbands can do, and Gartner expects
functionality overlap to continue.
The seemingly non-stop growth in demand for faster cellular service goes hand-inhand with increasingly powerful devices for
speedy data transmissions, high-quality video
streaming, and more. Underscoring this demand, ABI Research forecasts that 676 million 4G LTE devices will ship in 2015, more
than triple the 204 million units shipped in
2014. The research firm anticipates no drop
in demand, expecting unit shipments to surpass 1.89 billion by the end of 2019. Cheri
Wong, research analyst at ABI Research, cites
the proliferation of larger-screen smart devices as driving up the insatiable appetites
for content and faster speeds.
8% No,
But Wish I Did
4% No
2% Dont Know
21%
Dont Know
11% No
79% Yes
75% Yes
STARTUPS
Startup Helps Enterprises
Better Control Their Files
Apple Co-Founder Steve Wozniak Joins Virtualization Startup

Primary Data
Once you release a file into the world

whether it be an image, a song, or a documentits difficult (and often impossible)
to know what happens to that file, let alone
control what people do with it once its in
their possession. Veradocs, a startup out
of Mountain View, Calif., that has thus far
operated in stealth, promises to address
this problem as it applies to enterprise documents. The Veradocs service essentially
enables enterprises and users to secure
their own digital files, track how and when
those files are accessed or used by others,
and remotely edit or delete data, all using
the application or service of their choice,
such as Microsoft OneDrive or Dropbox.
According to Veradocs, its service is currently in private beta at top companies.
Veradocs recently announced it had raised
$14 million in financing, and it now expects to release its service early this year.
Primary Data, a data virtualization solutions provider

based in Los Altos, Calif., recently announced that philanthropist and Apple co-founder
Steve Wozniak had joined the
company as chief scientist.
This marks a return of sorts
for Wozniak, as he had worked
with Primary Datas founders
as chief scientist for their previous company, Fusion-io.
Primary Data is mainly focused
on separating application data
from the storage infrastructure in order to provide faster, more dynamic performance.
At Fusion-io, [Wozniak] helped us showcase the breakthroughs possible by adding
flash in the enterprise, said Primary Data CEO Lance Smith in an announcement,
and were excited to have him on the team at Primary Data as we focus on how
data virtualization can deliver intelligent data mobility that evolves with the needs of
modern enterprises. Primary Data operated in stealth until last fall, and now plans to
expand its workforce as it increases its capabilities and customer base.
Prezi Wants To Make Your

Presentations Better
Startup Says Its Successful At

Thwarting Advanced Malware
Analytics Startup Streamlines

Data For Apartment Owners
Presentations are often just slide shows

but have the potential to be so much more.
Prezi, a San Francisco-based startup, offers
a cloud-based service that lets users incorporate audio, video, and other common effects, and also zoom outside of the box, so
to speak, in a dynamic and absorbing infographic style. The other main selling point
of the startup, which recently secured a $57
million investment, is that its presentation
platform is available on numerous devices
for creating and presenting on the go. Prezi
plans to use the new funding to further expand its user base, which the startup now
counts at 50 million.
Menlo Security, a stealth startup based

in San Francisco, is currently providing its
own brand of cybersecurity services in private trials for a few unidentified large enterprises. Tom Gillis, a Menlo Security board
member and CEO of Bracket Computing,
says todays security offerings are typically
based on a fundamentally flawed premise
that one can determine whether something
is good or bad. Menlo Security says little
about how its product works but claims that
it uses a new security model to combat advanced malware. The company recently announced it had closed a $10.5 million Series
A funding round.
For data analytics software to be truly

effective for its end users, it must gather
all of the data thats relevant to the job
at hand and deliver it in a way that is
immediately useful. Analytics software,
then, varies greatly from one industry
to the next. Rentlytics, a San Franciscobased startup, started by hiring a team of
real estate experts to determine the range
of information that apartment owners
and operators require and to streamline
all of that unstructured data into a mobile-friendly format thats available on
demand. Rentlytics recently closed a $4
million seed round to further its efforts.
The Challenges Of Outsourcing IT

THE COMPLEXITIES INVOLVED IN USING EXTERNAL PROVIDERS FOR IT OPERATIONS
IN MANY RESPECTS, outsourcing IT
KEY POINTS
Outsourcing IT operations is generally seen as being on the increase,
including due to companies seeking to
acquire newer technologies.
Cementing a solid customer-provider relationship with an IT outsource
provider is seen as a fundamental key
in outsourcing IT operations.
Although IT service providers possess technical expertise, some lack a
significant level of business knowledge
or understanding, which can impact
business-specific IT functions.
A primary complexity associated
with outsourcing IT involves integrating
the external providers services into
the organizations existing environment for managing services.
operations has become so prevalent

that some executives dont give much
thought to what the process actually
entails or to the various complexities
and challenges it can present their organizations. Most likely, this is partially
due to the fact that on the surface, IT
outsourcing really amounts to nothing
more than an organization hiring an external provider to perform an IT function on its behalf. Below the surface,
however, things get more complicated.
Arguably, knowing the complexities and challenges that IT outsourcing
poses has never been as important due
to the increasing need for organizations to stay up-to-date with new IT
technologies in order to gain or maintain a competitive business edge. Having access to an infrastructure that can
enable taking greater advantage of the
organizations data and applying analytics to that data at various fronts is a
notable example.
Increasingly, companies that cant

tap into such abilities via their current IT outsource provider are jumping
ship for those that can, which coincidentally introduces its own set of
complexities. Overall, even executives
with a solid grasp on what it means to
outsource IT likely have something to
learn about the difficulties the process
can introduce. This article illustrates
some of these challenges.
A Current Perspective
Organizations outsource IT operations for numerous reasons, including
to save costs and improve their technology foundation in an affordable
manner. Others seek to revamp their
infrastructure to launch a new business initiative or simply to place development, maintenance, support, and
management duties in someone elses
hands in order to concentrate their
expertise and resources on the businesss core competencies. Commonly,
organizations outsource IT operations

to multiple providers, and some outsource most, if not all, IT tasks.
Today, companies outsource everything from security to storage, monitoring, IT access management, network
management, and hosting of cloud
applications, says Charles Weaver,
MSPAlliance CEO. These are the more
common services, but there are dozens,
if not hundreds, of types of managed
IT services offered globally, he says.
Wolfgang Benkel, Forrest Research
principal analyst, counts infrastructure
services (service desk, end device services, data center and server services,
network services, etc.), application services (application maintenance, development, etc.), and consulting services
as common processes being outsourced.
Forrester is also seeing main vendors
offering business servicesapplications
and infrastructure services, such as BPO
(business process outsourcing).
In general, organizations primarily
outsource services that are more commodity-oriented and technical in nature
while keeping business-relevant functions and services in-house, Benkel says.
In terms of service life cycle functions
(design, plan, build, run, etc.), he says
build and run functions are main candidates for outsourcing, while design
and plan functions are often performed
in-house.
Benkel describes sourcing itself as
deciding the right sourcing model, be it
in-house, staff augmentation, managed
services, or cloud computing, based on
a sourced strategy, business relevance,
and internal skills and experiences.
Sourcing itself is increasing, he says. Of
these sourcing models, Benkel counts
staff augmentation, managed services,
and the cloud as outsourcing, as the
resources reside outside the company.
Increasing technology complexity
and accelerating business dynamics
and changes are forcing companies
to use more external resources to
master the future services, Benkel
says. Companies main objectives
or expectations in doing so include
gaining greater flexibility (CAPEX vs.
We have external data to show that companies are

spending on managed services and that it encompasses
a variety of vertical markets. Some are more aggressive in growth than others, but its very prevalent, and it
happens at all levels of the spectrum: enterprise, midmarket and SMBs.
CHARLES WEAVER
CEO : MSPAlliance
OPEX, for example), agility (faster provisioning of additional capacities to

support growth), and reducing costs.
Outsourcing is increasing, but the way
to do it is changing. The definition of
what is in and what is out and why is
much more a decision process based
on criteria than as what companies did
in the past, he says.
Pinpointing which IT operations
are most common for outsourcing is
difficult, as different companiesparticularly those of different sizes and
in different countrieshave varying
needs and solutions available, says
Clive Longbottom, Quocirca founder
and principal analyst. Longbottom also
believes IT outsourcing is increasing,
although in what areas and by how
much depends on how outsourcing
is defined. For example, a majority
of companies now outsource breakfix functions, and increasingly more
systems are being managed externally
as system management tools become
more capable of run remotely via a
lights-out operation, he says.
Depending on the definition,
Longbottom also cites cloud computing, business processes (expense
management, payroll, etc.), colocation
(in terms of outsourcing the facility),
hosting (in terms of outsourcing the
facility and hardware), and SaaS (software as a service; or Web-based software) as IT outsourcing examples. At
the extreme, if youre using Google for
corporate searches, then youre outsourcing that global search capability
to Google through its data centers and
software, he says. These all have an
impact on IT. Are they IT outsourcing,

process outsourcing, or business outsourcing? Should there be any differentiation these days? Its difficult
to avoid outsourcing some part of IT
these days.
Weaver sees IT outsourcing as being
very much on the increase, pointing
to managed services and cloud computing as components that are particularly on the rise, taking a greater
percentage of overall IT services
spending. We have external data to
show that companies are spending on
managed services and that it encompasses a variety of vertical markets.
Some are more aggressive in growth
than others, but its very prevalent, and
it happens at all levels of the spectrum:
enterprise, mid-market and SMBs, he
says. Reasons why this is the case are
plentiful, but the generic answer is its
easier, cheaper, and better to use an
outsourced service provider to do the
work than take on the responsibility
and headache of doing it internally,
Weaver says.
The Complexities
IT-related headaches that outsourcing can alleviate can generally
fall into a few specific categories. One
is scalability. For many companies,
its easier to ramp up an IT services
department thats outsourced vs. one
thats in-house. Another headache is
that IT operations consume in-house
resources that could otherwise be devoted to the organizations core competencies. You cant be an expert on
all things, Weaver says. Running an
IT department is something that demands expertise, and if you dont have

that expertise, why do it? You still rely
on IT, so why not outsource it?
Compared to decades ago when
starting a business essentially could
mean renting an office and buying
file cabinets and folders, a telephone,
and a typewriter, today computers,
servers, and mobile devices have replaced most, if not all, of these things.
Because of that change, you now need
providers that can help you set up and
manage not only the devices but the
data that sits or goes through those
devices, Weaver says. Thats why
I think youre seeing so many MSPs
[managed service providers]. Theyre
simply responding to what has always
been a flourishing of small business
throughout the world. Today, however, even those small businesses can
have demanding infrastructure needs
that extend their in-house abilities.
Benkel says increasing technology
complexity, accelerating business
changes, and high competition have
led to gaps in capabilities of existing
IT organizations that they must resolve
with external resources and services,
and not just paying consultants for
a service or project but much more
to buy services (managed services) or
cloud solutions to obtain all the benefits of outsourcing. Benefits include
cost reduction; cost flexibility and elasticity; vendor expertise; and investing
in automation, provisioning platforms,
and tool frameworks for continuous
improvement.
The main complexity involved with
outsourcing is integrating the outsourcing providers services into the
organizations existing service-management environment, as well as managing multiple sourcing or vendor
service environments. The technical
At the extreme, if youre using Google for corporate

searches, then youre outsourcing that global search
capability to Google through its data centers and software.
These all have an impact on IT. Are they IT outsourcing,
process outsourcing, or business outsourcing? Should
there be any differentiation these days?
CLIVE LONGBOTTOM
Founder & Principal Analyst : Quocirca
complexity is easier to solve than the

complexity of the management and the
identification of the right responsibilities that clients should keep in-house,
he says.
While hiring a consultant to ease
such complexities and help devise
an effective IT outsourcing strategy
can be worthwhile, its worth noting
that while external IT service providers are technical experts, they
may lack certain business knowledge. Benkel says providers weakness
in the area of customers business or
business understanding is why most
sourcing strategies dictate that business-relevant and business-strategic
functions be done in-house while
technically relevant functions be
outsourced. Conversely, many organizations lack expertise in new technologies to efficiently implement
infrastructures or automate service delivery. These are strong domains of
most external providers, Benkel says.
Weaver similarly says MSPs have
largely been technical organizations
for the last 20 years, with most coming
from engineering or IT backgrounds
but lacking training and skills in business areas. Theyve had to learn the
business side to supplement what they
already know, he says. As an industry,
MSPs are making very good strides,
however, and are learning to translate the sometimes very technical into
a non-technical manner and explain
why what they do is very valuable,
he says.
Another complexity of outsourcing
IT is managing the relationship with
a provider. A company thats poor at
managing third-party relationships
may have difficulties with even the
best provider. Weaver stresses the importance of making the company-provider relationship the foundation of
IT outsourcing. What you see most
commonly are customers that arent
sure what the capabilities of the provider are, he says. For example, a provider may indicate what functions it
will perform for the company but it
doesnt end up being exactly what was
described. Thus, the company ends
up saying, We really didnt get what
we wanted, so were going to another
MSP, Weaver says. MSPAlliance is
seeing organizations now on their
third, fourth, and sometimes fifth MSP
for such reasons.
As a result, organizations are becoming more aware of how to validate
and qualify IT outsource providers to
their needs. Weaver sees this type of
educated consumer market as being
extraordinarily positive, including
because what providers do is highly
INCREASING TECHNOLOGY COMPLEXITY AND ACCELERATING

BUSINESS DYNAMICS AND CHANGES ARE FORCING COMPANIES TO USE
MORE EXTERNAL RESOURCES TO MASTER THE FUTURE SERVICES,
BENKEL SAYS.
10
technical in some cases and it can be

difficult for a company to know if the
provider really is managing its IT operations effectively. If a company doesnt
take the initiative to educate itself, the
only basis it has for knowing its getting what it should be getting is to ask,
Does the stuff work when I need it
to? Weaver says.
Longbottom believes that as long as
companies enter into IT outsourcing
with their eyes open, the process doesnt
have to be complex. He advises first
ensuring the organization knows exactly what is going to be outsourced.
Try and make it process-based, so that
you can define pretty closely what the
outsourcer has responsibility for, he
says. Never outsource the strategy.
For example, if the organization feels a
need to migrate to a more modern OS,
the outsourcer must respond to that
unless it has a very valid reason not
to. By allowing the provider decisionmaking power, it may take a status
quo approach, as it costs them less in
terms of updating staff skills, he says.
Further, the provider can cascade less
capable staff into your environment,
Longbottom says.
All vendors and client organizations know how to manage and set up servers or PCs and do this in the same
way. Application services are more client-individualized,
however, meaning more complexity for vendors in terms
of learning the application and other issues.
WOLFGANG BENKEL
Principal Analyst : Forrest Research
The similarities are what we should

pay attention to, he says. Specifically,
no matter whats being outsourced,
organizations arent abdicating their
rights to own that process. If outsourcing taxes, for example, the company is still responsible for its taxes. If
you outsource IT, you still need to know
whats happening. You still need to be
responsible for the IT assets you own.
In that regard, I dont think its any
different than outsourcing something
else, Weaver says.
Benkel, meanwhile, says infrastructure
services are more commodity in nature
(standardization, mature pricing models,
etc.) than application services. All vendors and client organizations know how
to manage and set up servers or PCs and
LONGBOTTOM ALSO RECOMMENDS

CONDUCTING CONSTANT REVIEWS, AS AN
OUTSOURCING DEAL EVEN ONLY SIX MONTHS
OLD MAY NO LONGER FIT A PARTICULAR
PURPOSE.
Longbottom also recommends conducting constant reviews, as an outsourcing deal even only six months old
may no longer fit a particular purpose.
Ensure up-front that flexibility isnt
going to result in hidden costs; that the
outsourcer doesnt double its prices just
because you asked for a small change,
he says.
Specific To IT
Compared to outsourcing other types
of processes or roles, outsourcing IT
can be more complex, although Weaver
believes the differences are minute.
do this in the same way. Application

services are more client-individualized,
however, meaning more complexity for
vendors in terms of learning the application and other issues, he says. This is
the service perspective, but we also see
that complexity is increasing if responsibilities arent clearly defined. If organizations arent willing to transfer more
responsibility to vendors, for example,
finger-pointing, tedious negotiation processes for improvements, and frustration
for everyone can result.
In the long term, companies that outsource IT services must ensure services
will evolve, improve, and refresh over

time so that those services are always upto-date and can meet rapidly changing
business needs, Benkel says. Innovation
for new services and solutions is also
key, as is choosing IT providers with the
capability and expertise to support these
processes.
Similarly, ensuring IT outsourcing
providers know whats occurring in
technical markets and what impact
this has on its environments it vital.
Longbottom says if too much is outsourced, its difficult to track whats
moving from physical to virtual to
cloud platforms and what is means to
the business or IT itself. In general,
aim to choose a provider thats honest,
will regularly convey what it sees as
happening in the markets, and that can
spell out what options this presents
to the business and what the costs of
changing or not changing will be.
Overall, an organization that is
unable to gain visibility into what a
vendor is providing should ask more
questions. Even the garden variety
MSP should be able to say, This is
what were doing. This is how were
earning our paycheck every month,
Weaver says. This includes providing
external data, reports, etc. that indicate whats been patched, monitored,
backed up, etc.
Conversely, its organizations responsibility to use the information to
drive accountability. We hear a lot
from MSPs that We give customers a
lot of data, but they dont care. Theyre
not reading it. Theyre not paying attention to it. That falls on the end
users because they have responsibility,
as well, Weaver says.
11
From Manufacturer To Service Provider

HOW XEROX EVOLVED & EXPANDED FROM PHOTOCOPIERS TO ENTERPRISE SERVICES
FEW COMPANIES have been around as
KEY POINTS
Xerox has been around for over
100 years in one form or another
and has flexed its innovation muscles with photocopiers, personal
computers, and much more.
The company built on its print
foundations by offering managed
print services, but it offers content
and transaction management services as well.
Xerox also offers IT outsourcing
services to help companies offload
some IT tasks and focus more on
business-critical projects.
Xerox helps companies improve
business processes either through
consulting or through outsourcing
services for HR, finance, and more.
12
long and made as much of an impact

as Xerox. With roots going back to the
early 1900s, Xerox has been a pioneer
in the field of photocopying for over a
century and was one of the first organizations to ever offer commercial-grade
photocopiers. And while the company
has never strayed far from its origins
and continues to grow its photocopier
and printer lines, Xerox is now making
moves toward providing services to enterprises that go well beyond the companys traditional hardware offerings.
But in order to grasp where Xerox is
today and how it got there, its important
to know just how much of an impact the
company has had on the business world.
Whats In A Name?
In the same way that Kleenex has
become synonymous with tissues,
Xerox was once a colloquialism that
many people used for the process of
photocopying. What some might not
know is that the name Xerox was actually derived from the term xerography
(also known as electrophotography),
which was the early process of photocopying invented by Chester Carlson in
1938. But Xeroxs foundations go back
even further than 1938 to 1903 when
the M.H. Kuhn Company was originally
founded and on to 1906 when it became the Haloid Company, which was
a predecessor to Xerox and sold photographic paper.
In 1936, the Haloid Company took
a huge step forward by offering public
company stock for the first time in an
effort to raise enough money to purchase the Rectigraph Company, which
was a manufacturer of photocopying machines. After inventing the xerography
process in 1938 and receiving the patent
for it in 1942, Chester Carlsons technology would eventually be fully unveiled at the Optical Society of America
Annual Meeting in 1948 and the term
Xerox was officially trademarked.
It didnt take the Haloid company

long to start expanding, and in 1956
the company joined with The Rank
Organization Plc in the U.K., formed
Rank Xerox, and started marketing photocopying equipment to Europe, Africa,
and Asia. And in 1958 the Haloid
Company officially changed its name
to Haloid Xerox and committed itself
to selling commercial-grade xerography
equipment. This commitment revealed
itself in the form of the Xerox 914,
which was the first automatic plainpaper copier. It was released in 1959
and by 1961, Haloid Xerox was renamed
the Xerox Corporation.
commercially available GUI, which included pop-up menus, icons, and overlapping windows that would essentially
become the backbone for all operating
systems today.
In the early to mid-1980s, Xeroxs efforts shifted a bit away from its PARC
innovations and back to its copying
products. In 1982, the company released
a line of more energy-efficient servers
with power down modes to help save
energy, which Xerox points out was developed nearly 10 years before the wellknown Energy Star program that many
manufacturers participate in today. Also
in 1982, Xerox also released its 10 Series
smartphones and tablets. This is important to keep in mind because a few years
later, in 1995, the Xerox PARC team developed and patented touchscreen technology for palm-sized mobile devices.
Foundation For Services To Come
Throughout the rest of the 1990s and

2000s, Xerox continued to innovate in
the area of copier technologies and introduced a wide range of products that
were not only more advanced, but were
also more energy-efficient and easier to
use than previous models. In addition to
following these more hardware-oriented
paths during this time, Xerox also started
building the foundation
it would need to offer
Much More Than
enterprise services in the
Photocopying
future.
Even though Xerox at
In 1992, Xerox PARC
its core had been around
built something called
for nearly 60 years, the
the Mbone multicast
name change in 1961
backbone, which was
signaled a shift in focus
designed to offer realfor the company from
time multimedia over
photocopiers to a much
the Internet. During
wider range of techthat same time period,
nological innovations.
Xerox PARC helped proIn 1970, for example,
Xerox opened PARC Xerox has expanded its product line far beyond photocopiers over the past century, but copy machines
duce and cofound mul(Palo Alto Research were originally the foundation of its business. The 1949 Xerox Model A copier, aka Ox Box (left), was too
tiple Internet protocols
cumbersome for widespread appeal, but improvements over the decades have led to complex machines
Center), which became such as the D125 copier/printer (right).
that were used to better
the locus of Xeroxs ofroute traffic and connect
devices to one another
fice of the future initiaover the Internet. Xerox
tive. It didnt take long
copiers, which were built using innoflexed its muscles in the Internet space as
for Xerox to see progress, and in 1973
vations discovered by the Xerox PARC
well when it teamed up with Severe Tire
the term Ethernet was coined for the
team and had built-in Ethernet and miDamage, a garage band from the Palo
first time as a technology that could
crocomputers for a much more advanced
Alto area, in 1993 to broadcast a concert,
connect different systems and be used
photocopying experience.
including live audio and video, over the
as a way to transfer information from
Obviously understanding the imporInternet. This innovation would continue
one place to another.
tance of the Internet, having developed
as in 2002, PARC spun off as a XeroxXerox continued its innovation streak
Ethernet technology for faster connecowned research company, which is still
in 1973 and sent shock waves through
tions, Xerox once again was ahead of
running today and bringing new techthe technology industry when it introthe curve when it established the Xerox.
duced the prototype for Alto, the firstnology to all of Xeroxs product lines.
com website in 1986, which interestever personal computer, which used a
Xeroxs dedication to Internet-related
ingly enough was registered with the
mouse, had a GUI (graphical user interprojects would continue well into the
Department of Defense at the time. But
face), and used a bit-mapped display for
mid-2000s and through to today. In
the forward-looking Xerox didnt stop
the first time in commercial applications.
2006, the company acquired XMPie, in
there, because in 1988, Xerox PARC
Following soon after in 1974, Xerox
order to be able to offer a wider range
started developing palm- and notePARC developed a word-processing
of business services to its customers,
book-sized devices in the PARCTab
program called Bravo, which would be
ranging from print to email and marand PARCPad, which were document
a precursor to Microsoft Word, and in
keting. And in 2010, Xerox acquired
readers, but were also precursors to later
1975, the company introduced its first
Affiliated Computer Services to build out
13
its document and business process management portfolio.

All of these innovations across Xeroxs
century-long history help illustrate
the companys dedication to offering a
wide range of products to its customers.
It started off with the most advanced
photocopiers with the most advanced
technology from the very beginning,
led through to the many PARC innovations that helped inform where we are
today in the technology industry, and
now Xerox remains solidly focused on
putting helpful tools in the hands of its
customers.
Even though the focus has shifted
somewhat from more physical systems
over to software- and Internet-based
services and solutions, Xeroxs dedication to quality remains. Whether you

choose specific managed services or you
take a more comprehensive approach
with Xeroxs outsourcing services, you
will not only save costs by certain IT
and business processes, you will also
be taking advantage of Xeroxs decades
of experience.
DOCUMENT MANAGEMENT SERVICES

Managed Print Services
Because Xerox has been such a staple
in the printing and copying industry for
so long, it makes sense that some of its
services would be dedicated to helping
companies get a better handle on how
much and how often they print. With
Xeroxs Managed Print Services, the
goal is to help companies understand
that they may be printing more documents than they truly need to, or that
they might be spending more on printing
costs than they need to. To solve these
problems, Xerox takes a three-step approach with its MPS solutions.
The first step is to assess and optimize. During this part of the process,
Xerox uses in-depth analytics to provide
insight into a companys entire printing
environment, regardless of whether the
printers and copiers are manufactured
by Xerox or not. From here, Xerox uses
tools such as its CompleteView Pro and
Print Awareness Tool to help develop
a baseline for current print operations.
Throughout this step, Xerox delivers
a much better understanding of how
much a company prints, what the TCO
(total cost of ownership) is for the entire printing operation, and a measurement comparing the company against
industry-best benchmarks. Then, the
company can use Xerox solutions and
tools to optimize its printing processes
and start heading toward a more efficient and cost-effective future.
The next step is all about security
and integration, because Xerox understands how important it is to make sure
that data sent to printers is safe and is
compliant to any industry regulations.
During this step, Xerox uses solutions
14
such as its Xerox Print Security Audit

Service, which scans the network and
security configuration to help pinpoint
areas requiring attention. The company
can use the Xerox Secure Print Manager
Suite to make it easier to monitor
printing operations and establish clear
rules for can and cant be printed. The
Xerox Mobile Print Solution can also
avenues for collaborating on digital

documents without having to print the
document multiple times for each edit.
And Xeroxs Content Management,
Workflow Assessment, and Document
Analytics Services are all designed to
provide more control over document
workflow throughout the organization
and help improve the productivity level
of employees while keeping print numbers and costs in check.
Centralized Print Services
be employed to enable safe and secure

printing from mobile devices, including
laptops, tablets, and smartphones.
The final step in the MPS process
is to automate and simplify, which is
the best way to help usher employees
into a more digital future and minimize the amount of physical printing
needed in an organization. Xerox Digital Alternatives, for example, offers
Xeroxs Centralized Print Services

are similar to the companys MPS suite
in that they follow the same assess and
optimize, secure and integrate, and automate and simplify model, but they
have some unique solutions that help
with more than managing how much a
company prints. The process involves
finding the baseline for where a company stands in terms of its current
printing operations, and then makes the
same security and workflow changes.
But companies can also, as part of the
process, establish a more centralized
printing control process so that its
easier to manage printing across the
entire organization.
In addition to CompleteView Pro
and Assessment services, which are also
a part of the companys MPS offerings,
Xerox offers more in-depth tools to
help with document production both
onsite and offsite, managing SLAs
(service-level agreements), ensuring
proper governance, and much more.
And when it comes to security and
integration, companies also get a few
more tools to play with, such as Xeroxs
Document Security and Services, which
help better manage and maintain sensitive customer data, as well as regulatory
compliance and brand compliance tools
to ensure all of a companys initiatives align with that companys policies
and agendas.
Its on the automation side that
Xeroxs Centralized Print Services
perhaps stand out more than its MPS
offerings. CPS can be used to tailor documents to be more suitable for mobile
devices and support digital policies, and
can also help companies customize the
print and document workflow experience at every level of business. For example, Xeroxs multi-channel delivery
Enterprise Content Management services

and tools. ECM isnt just about managing documents and the content within,
though, because Xeroxs services also
help manage print and digital content
from the time its created to the time a
company decides to archive it. Xeroxs
ECM services also help automate specific business processes, such as contract,
employee benefits, and human resources
management. This wide range of capabilities makes it possible for organizations
to essentially offload or at least automate
quite a lot of their core business so the
focus can instead be concentrated on
customers and generating sales.
THE DOW CHEMICAL COMPANY USES XEROX DOCUMENT

MANAGEMENT SERVICES TO PROTECT IMPORTANT R&D DATA
The Dow Chemical
Company is a science and
technology organization that
sells a wide range of products to customers in over
160 countries. As with all
science-related companies,
Dows intellectual property
(and R&D data is the core
of its business and is the
information responsible for
the businesss agricultural,
plastic, and chemical products being so successful
(to the tune of $57 billion in
annual sales). Some of the
companys R&D documents
were more than 70 years
old, which meant that preservation and capture would
be a challenge.
For these reasons,

Dow decided to go with
Xeroxs many document
and content management solutions to not only
capture and preserve this
information, but to do so
in a cost-effective way.
Before Xerox got started,
it worked with Dow to
develop a game plan to
determine exactly what
documents needed to be
scanned and make sure
that Dow had the right expectations in mind. From
there, Xeroxs Document
Specialists went to work.
Xerox scanned and
captured Dow documents
ranging from market
tools enable companies to safely send

documents via email, SMS messaging,
or other means. Organizations can also
better reach out to customers with personalized communications that align
across digital and print efforts.
Enterprise Content Management

Moving beyond print-oriented services, Xerox has also expanded into
the content management space with its
research documents to scientist notebooks and converted them into PDF files
before transferring them to
CD-ROMs. In the end, Xerox
was able to meet Dows
requirements and give its
scientists access to decades
of critical information in an
easy-to-use digital format.
This required the digitization
of over 5.5 million pages
worth of documents. Xerox
was also able to support
Dows disaster recovery
initiatives by providing a
solid record of its legacy
research. And by minimizing
duplications, Xerox was also
able to help Dow lower its
overall storage costs.
DocuShare is a prime example of how

Xerox can help improve content management, whether its for a smaller company
with only a few employees and small customer base or a large organization with
multiple satellite offices and potentially
millions of customers. DocuShare is a
Web-based solution that makes it easier
and more secure to share mission-critical business data across the organization
without negatively impacting regulatory
compliance. And perhaps the best thing

about DocuShare is that it makes it possible for employees, regardless of location or device, to access information and
collaborate with coworkers on projects.
Its a much safer alternative to public filesharing services and provides complete
control over the types of content that can
be shared.
In addition to document-based content management, Xerox offers the
Transactional Content Manager, which
gives companies a centralized system
for monitoring and managing the
many small transactions that take place
during important business processes.
Once again, whether the content is in
print or digital format, companies have
full control over every piece of content flowing through the organization
and can create rules to help automate
transactions. XTCM also integrates well
with CRM (customer relationship management) and ERP (enterprise resource
planning) systems so companies can
better manage customer relationships
and get a more precise grasp on where
the organization is headed. And as with
Xeroxs other solutions, XTCM is designed to be easy to use so the IT team
can focus less on system maintenance
and more on other projects.
Xeroxs ECM suite includes numerous
other solutions that are targeted at specific industries. For example, Xerox
Mortgage Services with BlitzDocs helps
automate processes between borrowers
and lenders to speed up the mortgage
preparation process and ensure everything involved meets legal requirements.
And for the health care industry, Xerox
offers Midas+ software that helps healthcare facilities better manage patient care,
minimize risks, and ensure proper regulatory compliance.
Back Office Transaction

Processing
Xeroxs Back Office Transaction
Processing services take pieces from
many of the companys other service offerings, but also include payment-related
process management functions that add
a whole new layer to what Xerox can do
15
for businesses. For example, Xerox can

handle check processing, credit and debit
card processing, and cash management
functions on a companys behalf. It can
also offer clearinghouse services as well
as electronic fund and balance transfers.
Organizations can even use Xerox services to handle employee-related payroll
processes and the distribution of benefits. And because Xerox has so many
experts onsite, this data is secure and
accurate, which alleviates some burdens,
as well.
In addition to payment services, Xerox
offers a multifaceted Front-End Services
solution, which covers such things as
mailroom processes, paper imports, and
image enhancements. With this solution
in use, companies also get many of the

same benefits as from Xeroxs other
service offerings. For example, Xeroxs
Document Management and ECM solutions come into play, so they can be integrated even more into existing systems
and processes. Xerox also brings more of
its printing and copying experience into
the fold with its Document Imaging and
Data Capture services.
Whether a company is working with
more traditional paper documents or
with maps, blueprints, optical media,
or even X-rays, Xerox can help capture
those images and store them safely.
This is a useful way to convert physical
media into digital media to once again
cut down on printing and make sure
there is a solid record for long-term archiving purposes. Companies also take
advantage of Xeroxs Mobile Scanning
Services, which involves having Xerox
professionals visit onsite and convert
content into a digital format.
For smaller businesses that may not
have as many resources as larger corporations, Xeroxs Mobile Scanning
Services can help save important data
quickly and at a much more affordable
cost. Once data is captured, Xerox can
also take care of the next step in terms
of processing and validation. Everything
is automated and uses a remote Xerox
server to process captured images much
more quickly than organizations can do
with a manual process.
IT OUTSOURCING
IT Outsourcing Services
One way that companies are looking
to save money and cut down on physical
infrastructure is to outsource certain IT
functions, which is an option that Xerox
offers to its customers. In fact, the company now has 6,000 employees that focus
specifically on such services and Xerox
supports more than 350,000 desktops and
manages 28,000 servers. All of these different services and solutions are designed
to take some of the burden off of IT teams
and, once again, help them focus on projects that will help the company grow and
earn more customers.
As far as pure managed IT services go,
Xerox covers nearly every aspect of running a data center from the physical infrastructure to the network, security, and
cloud solutions running on it. And for
companies that want to completely outsource a large chunk of infrastructure,
Xerox offers data center services whereby
IT assets are essentially offloaded to data
centers where Xerox manages and runs
those assets. Also, applications, databases,
and Web servers can be placed under
Xeroxs 24/7 monitoring.
For those that want to keep a little bit
more control and still have in-house infrastructure, Xerox offers management services for mainframe systems, services that
16
maintain infrastructure in a day-to-day

fashion so the companys IT team doesnt
get bogged down, and much more. On
the network, application, and storage side,
Xerox offers managed network services
to make sure Internet access is always
available and secure; security services to
help avoid potential data loss or theft via
websites, email, and VPNs (virtual private
networks); and data storage, backup, and
disaster recovery services to make sure that
data is not only safe and secure, but available whenever it is needed regardless of
whether theres an outage or system failure.
End User Computing Services

Xerox offers solutions for end-users as
well, including desktop virtualization solutions, so users have secure access to their
desktops regardless of location. This also
feeds into the companys wireless and mobility services, which are designed to help
VIRGIN AMERICA ENLISTS XEROX TO HELP IMPROVE ITS

CUSTOMER SERVICE APPROACH & ESTABLISHES A CALL CENTER
Virgin America didnt have
a problem growing its
business and adding new
customers, but it did have
difficulty properly handling
and managing customer interactions in terms of support. For that reason, the
company wanted to establish a new customer contact center and find better
ways to train its customer
support representatives.
Xerox not only set up
the call center in Seattle,
Washington, but it also
helped set up the infrastructure and solution backbone

of the facility. With 60%
of its workforce onsite
and 40% of it working
remotely from home, Xerox
was able to give Virgin
Americas customer service
reps access to a powerful
multi-channel platform,
analytics for every customer
interaction, and a series of
processes and tools that
helped the customer service
reps handle calls during
peak hours.
After the first year,

Virgin America saw an
immediate uptick in performance, including a
10% increase is customer
service agent productivity
and a 9.5% increase in
monthly call volumes.
Also, with the help of
Xerox training solutions
and programs, Virgin
America was able to meet
and exceed its goals in
terms of signing up business users to its loyalty
program.
companies offer reliable connectivity to

users and also spot and shut down potential
vulnerabilities. Xerox offers a combination
of MDM (mobile device management), remote user support, and VPN support, all of
which feed the idea of maintaining a mobile
workforce while still maintaining the companys security.
Xerox can also manage a companys help
desk and service desk. Rather than having
an onsite support staff or building a call
center, a company can use Xeroxs Service
Desk, which is widely used and takes more
than 1.5 million calls per month. And every
single one of those calls that goes through

the Service Desk is tracked and leaves an
audit trail.
Industry-Specific IT Solutions
As with some of the companys other
offerings, Xerox also offers IT outsourcing
services specifically targeted at certain industries, including retail, health care, manufacturing, finance, and the public sector.
Xerox understands that certain industries
have unique needs and equally unique processes that require extra attention when
it comes to engaging with managed IT
services, not to mention that many of these

companies must comply with specialized
regulations particular to their industry.
Xeroxs Digital Nurse Assistant is one example of an industry-specific offering. With
this solution, a nurse wears a digital tag, and
upon entering a patients room a touchscreen device in the room will turn on and
display relevant information that may help
the nurse offer more effective treatment for
the patient. This is just one example among
many of how Xerox is able to tailor solutions to support specific industries and job
tasks within those industries.
BUSINESS PROCESS OUTSOURCING

Customer Service & Support
In addition to its many managed IT
offerings, Xerox offers a wide range of
BPO (business process outsourcing) services. One such coverage area includes
customer service and support, which
includes the process of improving and
providing a solid customer experience,
offering technical support, and even
trying to reach out to customers more
effectively to maintain a companys customer base.
For improving customer interactions
and understanding, Xerox offers CRM
and BI (business intelligence) services.
These services help manage relationships
with existing customers and use insights
from customer-related analytics to better
serve and understand all customers and
acquire new ones. Xerox also offers services that help companies manage the
entire customer life cycle and make sure
those customers remain satisfied and
loyal for years to come.
that will provide a proper return on investment. All of these solutions work
together to make sure customers understand the business and that their experience is seamless regardless of how they
choose to interact with the business.
Financing & Accounting Services

Xerox has services that help companies
manage the payment processing functions
HR Consulting & Outsourcing
Communication & Marketing

Xerox supports multi-channel marketing initiatives that help businesses
communicate a clear message to customers through traditional media channels as well as social networking sites
and other avenues. Organizations can
also use Xerox solutions to optimize
their marketing budgets and ensure
that money is only allocated for projects
For example, with Xeroxs Financial

Management services, organizations can
create demand forecasts, develop growth
initiatives, calculate and manage risk,
and work to ensure all business processes
work as efficiently as possible. These
services, along with Xeroxs Decision
Support, Financial Planning, and Analysis
services, help companies gather insights
and use reliable analytics information to
plan for the future.
needed to run a business, but it also offers

financial services to help businesses plan
for the future. For CFOs, these services
are particularly important because they
can use all of the data available to make
sure resources are being properly used
and the right employees are in place to
move the company forward.
On the human resources side, Xerox

offers consulting services to help get a
better understanding of HR needs and
outsourcing services to offload certain
processes that may not need to be run internally. For consulting, Xerox helps companies get a better handle on what their
employees need and guides companies in
retaining employees through better communication and compensation models.
Also, Xerox offers services to help manage
the employee life cycle from initial talent
acquisition through to retirement.
For the actual outsourcing of HR functions, Xerox offers a wide range of HR
management services that go beyond consulting to actually help manage these employee interactions and processes. This
includes attracting new talent to the company, training employees on the specific
tasks related to the company, and administering benefits.
17
Cognizant Computing
BIG DATA, INTERNET OF THINGS & THE EVOLUTION OF THE PERSONAL CLOUD
COGNIZANT COMPUTING is a fairly new

term thats being applied to a technology
concept thats actually quite old. In its
most basic form, cognizant computing
refers to a series of apps and technologies that are capable of performing tasks,
making decisions, and solving problems
on your behalf, so you can focus more of
your mental and physical energy on more
important things. Because cognizant computing relies so much on a capacity to
predict the products you want to buy,
when to buy them, and ultimately make
those purchases, there is a lot of room for
profit for organizations who are able to
adopt the tech.
The Power Of The Personal Cloud

Gartner, the research firm that coined
the term, calls cognizant computing the
next phase of the personal cloud. Jessica
Ekholm, a Gartner research director who
covers mobile and wireless trends, defines the personal cloud as it exists today
as the individuals collection of digital
18
content, services, and apps which are

seamlessly accessible across any device.
In some cases, this personal cloud may
be represented as multiple services, such
as a standalone cloud storage service for
photos, videos, and files; your smartphone
app backup and data storage platform;
and a calendar service that syncs your appointments across various Web-enabled
devices. Key features of these personal
cloud services is the ability to store, synchronize, stream, and share content on
a contextual basis, moving from one platform, screen, and location to another.
Closer Than You Think

According to Ekholm, [There are]
four stages of cognizant computing and
they are Sync Me, See Me, Know Me,
and Be Me. These four stages assist in
increasing personal and commercial information about a consumer and there
is a natural progression from the lowest
level, Sync Me to the more complex Be
Me stage.
As the personal cloud evolves, all of

these separate capabilities will begin to
converge or share data with one another.
This aspect is where cognizant computings Sync Me stage gets its name. Here
we are talking about users contextually
storing and syncing apps and content.
The See Me stage gets its name from
these personal cloud services being able to
add location metadata to the mix. Ekholm
says that this stage is important for understanding where consumers are at any
given moment and where they have been
in the past in order to better align services
and promotions for them.
Smartphones and tablets currently
have a number of location tracking services that can be enabled to record the
time, place, and date that a photo was
taken and display accurate driving directions and durations given current traffic
conditions. There are also a variety of
apps that perform these functions to help
you find nearby businesses, friends, and
attractions. According to Gartner, now is
the time when this stage really takes off.

We identify 2014 as a year when lowcost, low-energy Bluetooth beacons will
emerge as an indoor-positioning technology that will help to increase the diversity of cognizant-computing offerings.
Ekholm suggests that the Know Me
stage is all about connecting the dots.
Here we are talking about understanding
the needs and wants of your users in order
to proactively present suitable services and
products to them. Gartner currently sees a
majority of the cognizant computing apps
and services limited to the See Me and
Know Me stages.
The final, and according to Ekholm,
most interesting stage is when apps and
services are able to act on behalf of the
consumer; this is the Be Me stage. The key
to making this stage work is a detailed rule
set that enables the software to determine
when it is and isnt OK to make decisions
for you. Of course, its the consumer who
will need to have control over these rules
if cognizant computing will ultimately become a reality. Although were still a few
years away from realizing this final piece of
the puzzle, Gartner predicts that by 2018,
10% of consumers across the world will
be using intelligent agents in the Be Me
stage of cognizant computing.
Its All Connected

In order for something as complicated
and intelligent as cognizant computing to
come to pass, a number of other industry
buzzwords need to continue to evolve. The
IoT (Internet of Things) is a big one, which
is a term used to describe the "gadgetification" of everyday objects. IoT enables a
"[The] four stages of cognizant computing . . . are Sync

Me, See Me, Know Me, and Be Me. These four stages
assist in increasing personal and commercial information
about a consumer . . ."
JESSICA EKHOLM
Research Director : Gartner
variety of objects from our home appliances

to utility controls, automobiles and public
transportation, health care devices, personal
fitness devices, foodstuffs, and more can
connect to the Web and share information on your energy consumption, driving
habits, home temperature fluctuations, local
traffic, resting and peak heart rates, expiration dates of perishable goods, and countless
other pieces of information.
This becomes possible through smart
tags, wireless technologies, and a whole
lot of software thats capable of collecting
the data and making sense of it all. Adding
context to all of these bits of information
is the central concern of big data. With
the ability to track so much customer behavior, its not really a question of if, but
when retailers and organizations will begin
using this data to increase sales and retain
customers en masse.
Ekholm also mentioned context as being
an important consideration, and Gartners
IT glossary defines "context-aware computing" as being able to anticipate immediate needs based on situational and
environmental data about people, places,
and objects. Gartners Nexus of Forces concept is another that has bearing on cognizant computing; it involves the symbiotic
relationship between social, mobility, cloud,
and information patterns that come together to enable new business opportunities.
Living In A Cognizant World
Bluetooth beacons consume very little energy and can add

precise location data to almost anything that needs it.
When we asked for examples of cognizant computing, Ekholm pointed to a

handful of current apps that are hitting
very close to the mark, and many of them
are from very large organizations, including Google, Amazon, and Facebook.
More than 90% of [Googles] revenues
come from advertising, and they excel at
ad brokering and the algorithms behind
contextualization. Google Now is a great
example of what we can imagine as to the

future of cognizant computing. Google
Now is an app that gives you real-time data
to help you make decisions. It provides
drive time estimates based on traffic data,
weather forecasts, shopping reminders,
nearby businesses, and sports scores.
Tempo AI and Emu are other apps that
perform similar functions. Ekholm also
suggests that Amazons e-commerce, data
hosting, and warehousing expertise could
be used to develop a cognizant computing
service that is capable of pre-package and
readying orders before you purchase them.
Another expert in the field of contextualized advertising, Facebook may also be able
to develop services that leverage the power
of word-of-mouth recommendations that
occur between family and friends.
Ekholm points to Anki Drive as one
of the more innovative cognizant computing applications. It is a slot car-like
racing game in which real physical toy cars
race around a rolled out racetrack using
smartphone-based controls. The interesting part is that the cars drive themselves
with only a little help from you. You can
play one car and another three are all managed by a real-time AI engine.
According to Ekholm, Anki Drive illustrates all four stages of cognizant computing, The game syncs its state, the cars
know their place on the track and adjust
accordingly. The cars carry with them an
identity and they know their user, and finally they act on your behalf by driving
themselves and competing at a level of
sophistication that, to be honest, is pretty
darned amazing.
Although not every organization will be
able to leverage cognizant computing to
the same degree, the concepts it introduces
can tell us a lot about ourselves. The fourth
stage is just on the horizon, but if done
properly, we all stand to benefit.
19
Hand Pick Employee Apps

A SOFTWARE STRATEGY
THE RECENT MASQUE Attack vul-
KEY POINTS
An organizations internal app
store can include both internal and
third-party apps, selected for use
by employees.
Increased control over app usage
is one of the primary benefits of deploying and maintaining an internal
app store.
With internal apps, the enterprise
app store makes it easy for IT staff
to push out updates to employees
devices.
Enterprise app stores can be part
of an MDM (mobile device management) suite or a best-of-breed
solution, such as from an app store
specialist, system integrator, or
wireless carrier.
20
nerability on iOS devices highlights

how apps on smartphones and tablets could pose a big risk to your business. Cybercriminals use phishing
techniques with an email or text message that suggests you try out a hot
new app, such as Try out Words With
Friends 2. If the recipient clicks the
link in the message, he or she will be
directed to a website where the app
can be downloaded, and if installed,
the malicious app will replace a legitimate app on your mobile device.
Once substituted, the malicious app
can mimic the login interface, such as
what you see on a banking app or email
app, to steal usernames and passwords.
Alternatively, the malicious app could
steal sensitive data stored in the iOS
device, such as emails and files.
Its likely that your business uses
security processes and policies on your
mobile devices, but if employees are
given free rein to download whatever
apps they please on corporate-owned

devices, there are holes in your mobile security policy. One possible solution is to create an enterprise app
store, so employees can pick from business-approved applications on their
corporate-owned or personal mobile
devices. Employees can select from a
well-vetted group of apps, and best
of all, you can include apps that have
been designated as key to your business. Here, well examine how you can
deal with the challenges involved with
settings up an enterprise app store.
What Is An Enterprise
App Store?
At the most basic, its a delivery
mechanism for an organization to
share and distribute private and curated apps to its employees and/or subcontractors in a secure fashion, says
Philippe Winthrop, global mobility
evangelist at CSC. The apps could
consist of custom-built tools designed
for the organization, third-party apps,

and things such as device profiles and
email configuration profiles. Its also
possible to adjust the apps available
to subsets of employees, so engineers,
executives, and salespeople would see
only the apps necessary to their job.
For example, the Salesforce.com app
isnt necessarily going to be relevant
to an engineer, notes Winthrop, who
also points out that the enterprise app
store is really about leveraging a way
for the right people to have the right
apps to do the job more effectively.
Enterprise App Store Benefits

Besides improved security, there are
a lot of good reasons to deploy an enterprise app store. Apps downloaded
from public app stores for mobile
devices disrupt IT security, application, and procurement strategies, says
Ian Finley, managing vice president
at Gartner. A PGM enterprise survey
found that 72% of corporate IT leaders
cited increased control over application usage when asked what they see
as the benefit of an enterprise application store. A successful enterprise app
store can provide employees with access to a wide variety of helpful apps,
and unlike apps in a consumer store,
the organization can vet the apps available to specific employees.
The enterprise app store can act
as a list of apps ideal for a certain
job. For example, you could set up a
Recommended section where employees can find apps that help them to
work more effectively on a given task,
An enterprise app store will appear much like the

consumer app store on your smartphone or tablet.
The enterprise app store is really about leveraging a way

for the right people to have the right apps to do the job
more effectively.
PHILIPPE WINTHROP
Global Mobility Evangelist : CSC
such as a collaboration app or one for

remote file access. The internal store is
also a good way to provide employees
with an easy-to-understand, secure
way to download apps. This helps to
reduce the chances that the employee
looks on their own for app that hasnt
been evaluated by someone within the
organization.
Another benefit is that IT is able to
track any costs associated with apps.
Of respondents in the PGM study, 54%
found that an enterprise app store gave
them greater control over the software expenditures. For example, an
employee may not be aware that the
business has already purchased a license for a given app, which could lead
to extra costs on expense accounts.
App license purchases made in bulk
might also lower the cost per license.
Enterprise app stores enable procurement to broaden user choice by
encouraging providers to submit competing apps, and to monitor demand
for popular apps that may benefit from
better negotiation of license terms and
prices, said Stewart Buchanan, research vice president at Gartner.
The use of only approved apps may
also help to reduce the costs associated
with support, as the apps should be set
up to function well on the corporate
network. That translates as less time
spent by the IT staff to make thirdparty apps work securely and effectively on employees mobile devices.
Enterprise app stores can also serve
as ways to provide feedback and drive
the development of the available apps.
The best-of-breed enterprise app
stores allow employees to provide reviews, comments, and other feedback
on the apps, so it becomes a feedback
loop for the apps being distributed by
the employee, says Winthrop.
Enterprise App Store Concerns

If your organization has implemented a BYOD (bring your own device) program, its virtually impossible
to limit what apps employees have on
their mobile devices. Organizations
who say that Were going to do
BYOD and you have to have X type
of apps, thats not going to work. If
its my personal device, I should be
able to [install] any app that I want,
within reason and legal confines, says
Winthrop. By the same token, he
adds, if its not a device that I own,
they have every right to dictate what
I put on that device. Its key that
you adhere to a policy created with
the help of your organizations human
resources and legal departments, and
with the buy-in of employees.
Workers will also want to have a
say in the apps that are available to
download. BYOA (bring your own
application) has become as important
as BYOD in the development of a comprehensive mobile strategy, and the
trend toward BYOA has begun to affect desktop and Web applications, as
well, says Finley. With that said, an
enterprise app store can be used to
complement a BYOD policy by having
employees work with the organization,
rather than going around it somehow,
to improve overall productivity and
grow the business.
Custom Built Apps

An enterprise-run employee app
store is also a good way for organizations that want an easy way to distribute apps and services created by
the business for specific purposes.
Its helpful for internal apps that you
would never want to post to a public
app store, says Winthrop. In this
way, there is security, because the apps
21
are meant for internal consumption

only, but its more about convenience
for both IT and the end user to ensure
that the right people are having the
right apps.
With apps that reside inside your
corporate firewall, the enterprise
app store makes it easy to push out
needed updates. And IT staff can listen
to feedback and use that information
to fix bugs that might have otherwise
gone unnoticed, or the
app developers can
add new features that
employees ask for. In
this fashion, an enterprise app store can be
used to improve internal apps and help
people get their jobs
done more efficiently.
app store. Once you find the best solution, youll need to determine which
apps the enterprise should deploy and
recommend via the store.
Of course, youll also need to work
with IT to make sure everything goes
smoothly. The IT staff are typically the
ones who will be leveraging the back
end of the enterprise app store, via the
policies dictated by the organization,
to figure out who will have access to
app performance. By monitoring the

app store, you can identify which tools
are the most popular with your workforce and better understand which apps
employees are using most often to enhance productivity.
Enterprise App Store

Alternatives
If your organization doesnt offer any

internal apps, or if deploying an enterprise app store sounds
like too much of an
investment in terms of
setup and training, an
app store may not be
needed. Sometimes
the organization will
put out a newsletter or
an email blast telling
employees about a
new hot app or to be
leery of this app, says
What Youll Need
Winthrop. A small or
Internal app stores
midsize business might
are often available as
also be able to incorpart of a MDM (mobile
porate tools to meadevice management)
sure the credibility of
suites, which is handy
an app. These tools
because these tools
can test for such things
generally feature a lot
as data flow, data
of automation capabilistorage, authentication,
ties. But if your orgaPMGs Enterprise IT Survey found that there are a lot of good reasons to create an internal app store.
and points of entry.
nization isnt looking
Essentially, the mobile
to use MDM, there are
security software tests
plenty of reasonable
for vulnerabilities like a hacker would.
the right apps, says Winthrop. Its a
alternatives. There are best-of-breed
good to segment the apps by role, too. If
mobile application management tools
you dont setup logical roles, employees
that are more than just enterprise app
Keys To Success
could have access to all apps, which
stores. You dont need MDM to have an
Tech-savvy employees likely have
could lead to extra licensing costs.
enterprise app store, says Winthrop.
a few apps theyve already discovered
After deploying the internal app
You can opt instead to work with an
to help them get the job done. Even a
store, you might need to do some brief
app store specialist, or find services prodynamic selection of apps may not intraining with employees on how to use
vided by a value-added reseller, system
clude all the options that users want to
it. During training, you can also show
integrator, or wireless carrier.
see. Or alternatively, there might not be
employees how to provide feedback.
Whatever prepackaged option you
an app for a critical task the employee
This way, the whole business can imchoose, its likely easier than developing
must perform outside the office. In these
the store on your own. Winthrop says,
cases, its critical for the IT staff to work
prove through FAQs, feature requests,
I would never recommend an organihand-in-hand with employees, so evand comments. The social aspect also
helps to keep employees interested in
zation building an enterprise app store
eryone accessing the internal app store
finding apps through the internal store.
from scratch, as there are companies
can find what they need. The enterprise
Finally, youll want to configure any
that have invested millions of dollars
app store is there to empower and faautomation settings, such as how the
to build and perfect these solutions.
cilitate the work of the employee, says
store will push out updates, and set up
You should start by comparing the opWinthrop. Its more about a can do
utilities for analyzing user activities and
mentality vs. a cant do mentality.
tions available to acquire an internal
22
Mobile Devices & Control Issues

REIN IN CORPORATE DATA FLOWS & UNLEASH YOUR MOBILE WORKFORCE
TO SAY THAT INCORPORATING mobile
KEY POINTS
Whether or not organizations are
prepared for them, mobile devices
are being used to access corporate
data, and doing nothing invites risk.
MDM (mobile device management) and MAM (mobile application management) are powerful
methods for controlling data flow
and maximizing mobile benefits.
MDM and MAM platforms can
bolster security, ensure compliance, increase productivity, and
improve internally-developed apps.
For greater mobile control, start
small, focus on the user experience, and make sure employees
know how to handle corporate data
and mobile devices.
devices into the workplace has been

a mixed blessing would be putting it
lightly. On one hand, organizations
have enjoyed the bump in productivity
that comes with employees expanded
access to email and business applications outside of the typical work day
and away from traditional office settings. Smartphones, tablets, and laptops have enabled many companies to
conduct business in new ways and in
new places, fueling rapid expansion
and global growth.
On the other hand, the BYOD
(bring your own device) movement
has had a difficult time disassociating
itself from the negative consequences
of employees bringing unsecured mobile devices into the workplace and
using those devices to access corporate
data. Data breaches, cyber theft, and
the simple fact that highly mobilized
data is more likely to go missing are
among the new and significant risks
to organizations that have opened the

floodgates.
There are two forms of IT administration that have cropped up
to mitigate these risks for organizations. MDM (mobile device management) focuses on deploying, securing,
monitoring, integrating, and of course
managing mobile devices. Its primary
objectives are to protect corporate
data, secure user identities, and generally limit the problems most of us associate with the BYOD phenomenon
without hamstringing functionality.
MAM (mobile application management), meanwhile, is more about
controlling access to internally developed and commercially available mobile apps. Its purpose is to ensure that
users who need access to certain apps
have it, but also to block unauthorized
users and limit the flow of corporate
data onto unsecured networks (such
as the Internet). For example, it may
mean businesses allowing users to open
23
email attachments using a commercially available note-taking application, but blocking that apps ability
to share or upload data to consumergrade cloud storage services. MAM
also lets organizations monitor usage
to streamline their processes and improve the user experience wherever
possible. Together, MDM and MAM
are important for any organization that
is seeking to implement a new mobile
device strategy or to secure and enhance an existing one.
The Necessity Of A
Management Platform
Today, youd be hard pressed to find
an industry or even a specific company
that wouldnt benefit from mobilizing
its workforce, at least a to a small extent. And whether or not you want to
allow these devices into your corporate
network, the fact is, theyre probably
already there, and doing nothing about
them is taking a risk that organizations of any size cant afford. MDM
and MAM are all about limiting exposure to the negatives of mobility while
capitalizing on its strengths.
Christian Kane, Forrester Research
analyst for enterprise mobility, infrastructure, and operations, says, For
many companies, its basically looking
to be able to say, Yes, lets embrace
some of these trends, but not expose
ourselves to additional risks, [and] at
least put up some basic protections and
security around both mobile device
usage and mobile application usage as
a whole.
Ensuring device security, logging
activity, and email tracking, although
core concepts within modern MDM
and MAM solutions, are nothing new.
Indeed, organizations dont need such
For many companies, its basically looking to be able

to say, Yes, lets embrace some of these trends, but not
expose ourselves to additional risks...
CHRISTIAN KANE
Analyst For Enterprise Mobility, Infrastructure & Operations
Forrester Research
a platform to develop and maintain

an effective mobile device policy. Ken
Dulaney, vice president and distinguished analyst at Gartner, says, Im
not sure you need those types of technologies to monitor app usage. Weve
been able to monitor email from the
day it came about because it had to
pass through a server, and of course
there are logs of what people did, so
monitoring can happen no matter
what. Despite the abundance of information available to companies
looking for ways to improve their mobile strategy, Dulaney emphasizes the
importance of analytics, saying, There
is no technical solution which will give
you holistic protection against fraud
and abuse.
Rob Enderle, principal analyst of the
Enderle Group, points out that MDM
and MAM platforms dramatically
improve an organizations ability to
monitor the specifics of employee app
usage. Given the risks of bad apps,
which are increasing, the interest in
using some kind of management platform is increasing.
Kane adds that as it gets easier for
consumers to use their mobile devices
and apps to sync data, share files, and
share applications, organizations will
increasingly need a standard for the
management of security on mobile
devices. MDM and MAM platforms
provide this standard in as complete a
Given the risks of bad apps, which are increasing, the

interest in using some kind of management platform is
increasing.
ROB ENDERLE
Principal Analyst : Enderle Group
24
package as organizations are likely to

find today.
Benefits Of Implementing
Mobility Management
There are lots of reasons to look into
a management platform. Obviously
security is touted quite a bit within this
context, but we also see that companies
are thinking about employee productivity, flexibility, and choice. Kane
also suggests that by taking a close
look at the applications employees are
using, the organization can glean valuable information about features that
are lacking in their current suite of
apps, and get ideas for any commercial
apps that may make good candidates
for vetting and addition. But being
able to secure corporate and customer
data as its displayed on such apps,
and being able to monitor how theyre
being used, is important too.
Kane suggests that having such a
system in place can even lighten ITs
workload. To get a corporate device,
Kane says, Traditionally an employee
would have to contact IT, get enrolled in the right group, have policies
pushed out to them, have everything
configured, and have the right applications pushed to them as well. But
what were seeing is a lot of these tools
also include an enterprise app store
that gives you the ability to see all of
the corporate apps available for your
platform and you can just go download
them like you can with a consumer app
store. Other benefits of these tools
include simplified password resets, the
ability to track your devices location,
or lock it and wipe it remotely if its
ever lost or stolen.
Dulaney uses health care as an example of how tracking behavior can
benefit employees and the organization

as a whole. Most employers want their
employees to stay as healthy as they
can, which means lower rates from
their insurers. Many organizations are
self-insured, so if they dont use the
funds, theres more to earn interest on,
plus your employees stay productive
and at work.
The issue of privacy is a particularly important consideration, and
collecting data as a group, instead of
individually, can be one way to get
employees on board. Technically, the
individuals health is the business of
the company because the company is
providing health care, but most would
say thats a little bit too invasive. If
the organization wants to begin collecting health data, via mobile apps
or by other means, using a carrot and
stick method works best, and making
the data collection something that the
employee can opt out of can quickly
assuage privacy fears.
Enderle seems to advocate the cultivation of a closed corporate app store
ecosystem, which has a variety of benefits. Malware apps are increasing, and
[these kinds] of things could ruin an
IT managers entire day. App pricing
can become exorbitant if every user is
purchasing individual apps, but negotiating group rates for popular apps
can save the company a lot of money
in the long term. Enderle suggests that
restricting the apps that can run on
corporate devices also helps the organization assure policy compliance.
Tips & Tricks For Adopters

The experts we spoke with all had
good advice for companies looking
at potentially implementing a mobile
device and applications management
platform.
[Human resources] have got to get into the electronic

age, talk about how to use personal devices, and how to
handle business information and the responsibilities that
go with it on that device.
KEN DULANEY
Vice President & Distinguished Analyst : Gartner
In addition to tracking apps and devices, Enderle recommends adding an

SIEM (security information and event
management) solution to the mix,
which is an often overlooked but vital
threat analysis tool that can help keep
employees and employers safe from the
inherent risks of increased mobility.
Dulaneys advice is to keep in mind
the fact that theres currently no such
thing as a Supertracker capable of
monitoring everything that happens
with corporate data and completely
eliminating mobility risks. A lot of the
data that can be collected currently resides at the carrier, and accessing it can
be difficult or impossible. Routing as
many aspects of the employees workflows through a corporate server is the
best way to manage risks, maintain
compliance, and sustain high productivity. But in todays world, we use a
combination of internal and external
systems, and those external systems
may not be architected either to gather
the data or give it to you in a convenient format. Its not easy. Most businesses do the best that they can, but
they cant really solve this problem holistically.
The biggest weakness in Dulaneys
opinion resides in training and the HR
corporate code of conduct. Theyve
got to get into the electronic age, talk
about how to use personal devices, and
how to handle business information
. . . ORGANIZATIONS CAN START WITH A

FAIRLY SIMPLE SYSTEM THAT LETS THEM
ADD COMPLEXITY LATER, TO SUPPORT
MORE USERS, FORM FACTORS, PLATFORMS,
VERSIONS, APPS, ACCESS, AND DATA.
and the responsibilities that go with

it on that device. Having the human
resources department tell you to be
a good employee is simply not good
enough.
For Kane, confusion can be one of
the biggest hurdles for an organization
looking at MDM and MAM platforms.
When narrowing down the list of potential vendors and service providers,
prioritize the user experience, both
the individuals experience and also
the IT admin experience, such as getting the right information in front of
you, having it be fairly intuitive to set
up policies initially, and having good
resources, examples, and templates to
help you set up those policies.
Kanes other suggestion for companies is to simply start small. He says
those that see success start with a small
subset of the user population, those
who are already heavily mobile and
who are buying a mobile device for a
certain role or job function. Build a
policy around those users and their
needs, adjust it as needed, and let it
evolve over time. Using this approach,
organizations can start with a fairly
simple system that lets them add complexity later, to support more users,
form factors, platforms, versions, apps,
access, and data. There are a lot of
moving pieces to this. . . . You dont
have to do everything all at once.
Regardless of your mobility aspirations, taking a measured approach
early on is best. Small and midsize
businesses have just as much to gain
from smartphones, tablets, and laptops as large organizations do, but
control of those devices and applications should never be something youre
willing to compromise on.
25
Greenovations
ENERGY-CONSCIOUS TECH
The technologies
that make our
lives easier also
produce some
unwanted side
effects on the
environment.
Fortunately, many
researchers,
manufacturers,
and businesses
are working to
create solutions
that will keep us
productive while
reducing energy
demands to lessen our impact on
the environment.
Here, we examine some of the
newest green
initiatives.
The 2015 Mirai is Toyota's newest vehicle powered by alternative fuels. The car uses hydrogen as fuel; when combined with oxygen in the car's fuel cells, the cells generate electricity to power the vehicle and exhaust only water.
Toyota Releases Details For A Hydrogen-Fueled Car

Car manufacturers are coming out with cars powered by a variety of alternative fuels
as they seek to meet federal MPG and greenhouse gas standards and address customers'
environmental concerns. Toyota had previously said it was working on a hydrogen fueled vehicle but recently announced full details on the car and said it would be on the
market in 2015. The new model, called the Mirai, is an FCV (fuel cell vehicle) with a
135hp engine that runs on electricity generated from hydrogen. Tanks in the car hold
hydrogen gas and intake valves in the front grill provide oxygen from outside air. When
the fuel cells combine the gas with oxygen, they generate electricity to run the car and
exhaust pure water out the tailpipe. Refueling the car with hydrogen gas takes about as
long as fueling a gasoline-powered vehicle, and the Mirai can go 300 miles between refills.
The car has a premium navigation and audio system, heated seats, and climate touch
controls. MSRP for the Mirai starts at $57,500 plus $825 for delivery; federal and state tax
credits or rebates for alternative fuel vehicles can reduce that price by $10,000 or more.
World's Largest Solar Power Plant Now Operating In The U.S.

Construction of Topaz, a 550 megawatt solar power facility in San Luis Obispo county
in California, is complete, making it the world's largest solar power plant. Covering some
4,700 acres, the plant has nearly 9 million thin-film photovoltaic solar panels mounted
about 5.5 feet above the ground at a 25-degree angle on steel poles. The site was designed
so animals could continue grazing on the land during plant operation. Underground electrical lines help minimize the visual impact of the solar farm. MidAmerican Renewables
now owns the plant and says the solar panels the facility uses produce electricity with "the
smallest carbon footprint of any photovoltaic technology," have no waste production, and
don't require the use of water (they don't need to be washed during use). Pacific Gas And
Electric has agreed to purchase the energy that Topaz produces over the next 25 years. The
plant is expected to provide enough power for 160,000 average homes in California.
26
German Cloud Company Aims To

Pair Data Centers With Homes
Most data center companies look at
the heat systems produce as an unfortunate byproduct. Now, German startup
Cloud&Heat Technologies is trying to
turn that heat into a commercial asset, by
selling data centers into homes. How it
works is the homeowner pays a set installation fee similar to the cost of a furnace,
and then Cloud&Heat handles the electrical bill for the next 15 years. Heat from
the equipment is pumped into a buffer
tank and used to heat water as well as the
home; in warm weather, excess heat is
simply pumped outside. The data center's
computing capacity is then sold or leased
out by the company to its customers.
Cloud&Heat Technologies wants to use the heat data

center servers generate to heat homes. The company
installs locked cabinets in homes; homeowners pay an
initial fee but the company pays the utility bill.
Americans Own More Electronics

Than Ever, But Forget To Recycle
A recent survey titled "American Tech
Recycling Habits" and commissioned by
Staples found that American consumers
love their digital devices more than ever,
but they tend to throw items away more
often than they recycle them. The survey
also found devices continue to proliferate in homes. For every 100 American
households, consumers reported owning
119 laptops and 139 smartphones. The
most common device by far, though,
is still the television, with 2.52 TVs per
household reported.
Semprius produces solar

cells under 600 microns
in length, the smallest
commercial cells on the
market. By stacking
cells that use different
wavelengths of light and
using lenses to concentrate
the light falling on each
cell, Semprius hopes to
achieve cell efficiencies
greater than 50%.
Semprius Wants To Use Its Small Solar Cells To Drive Down

Solar Power Costs
Solar cells smaller than a grain of rice may soon help make power derived from solar
less expensive than power derived from coal or natural gas. At least that's the hope of executives at Semprius, a company that has figured out a way to manufacture the smallest
commercial solar cells in the world. Semprius is using the cells in solar concentrator panels,
where lenses focus the sun's rays onto individual solar cells. Concentrators improve the
efficiency of solar panels, because they allow cells to receive hundreds of times as much
light. With smaller cells, it can be cost effective to make the cells out of more exotic materials that absorb light more efficiently. Now Semprius is working on creating solar panels
made of layers of cells that are made of different materials. The cells can convert different
wavelengths of light to electricity, so stacking improves the efficiency of the overall panel
compared with a typical solar panel. Semprius believes that stacking and concentrating
combined can improve efficiency to a point where solar power could be produced for a
cost of less than 5 cents per kilowatt-hour. That's not only much less expensive than other
current solar technologies, it's also cheaper than power from other sources such as nuclear,
coal, or natural gas, according to figures from the U.S. Energy Information Association.
UC Irvine Study Reveals People Don't Actually Do As Much To

Conserve Energy With Their Computers As They Think They Do
The California Energy Commission recently released the second part of a study by the
University Of CaliforniaIrvine on how people use the power management tools that
are built into most computers. The first part of the study asked students and staff at the
university to go online and fill out a survey to identify how often they turned off their computers and monitors and whether they used tools or settings, such as sleep mode, to save
energy when they weren't working on their systems. The second part of the study observed
a subset of the computers that were actually in use, giving the researchers a way to check
on the claims made by participants in the first study segment. While most people claimed
to be diligent about turning off their systems or enabling sleep modes when the systems
weren't in use, in actuality they were far less energy-conscious. The systems in question
were left on about 76% of the time but were inactive about 60% of that time and were not
placed in sleep mode. People hadn't, in fact, activated sleep mode or hibernation features
when they thought they had. The study concludes that estimates of energy use by computers in the U.S. may far understate the amount of actual energy consumed, possibly by
as much as 50% or more, because people are understating how often their computers are
actually powered on.
27
Benets Of Managed Service Providers

MAINTAIN OWNERSHIP OF IT ASSETS WHILE OUTSOURCING MANAGEMENT & MONITORING
KEY POINTS
Your MSP should be able to help
you save money and improve performance, but it should also provide a
certain level of support, depending on
its relationship with other providers.
Assess your current IT functions
and listen to employee complaints
to determine what types of services
might be good candidates for an MSP.
Consider moving functions like OS
updates, desktop management, and
patching over to an MSP, but think
about managed print and security
as well.
Make sure you fully understand
how moving certain services over
to an MSP will affect the end-user
experience.
28
THE BURDEN ON IT EMPLOYEES gets

heavier every day as companies want
to implement more applications and
services as well as deploy newer technology in the data center to keep up
with internal and customer demands.
And if your IT team spends most of its
time putting out fires or performing
mundane tasks instead of working toward the betterment of the business,
then its possible you might be wasting
their collective expertise. Instead, you
may want to consider outsourcing some
of those management and monitoring
functions to a third-party MSP (managed service provider) that can take
care of the more general tasks and free
up your IT team to focus on businessspecific initiatives.
At its core, signing up with an MSP
means transitioning day-to-day operations and management of IT environments to a third party, says Eric
Goodness, research vice president at
Gartner. You maintain ownership and
control over your assets, but the MSP

takes responsibility for the monitoring
and management of applications and
services. MSPs are able to perform most
of their tasks remotely, which means
that clients dont have to pay for frequent in-house visits and essentially
have a 24/7 support team that works on
a pay-as-you-go basis.
Darin Stahl, Info-Tech Research
Group senior director, says MSPs are
different from providers that offer colocation or a commodity infrastructure play where you have to continue
to manage those boxes and handle all
the operations. Instead, youll use
an MSP to step in and provide continuity and management as well as to
augment the skills of your in-house IT
team. For example, an MSP might take
over responsibility for desktop management, patching, or even security.
The key is finding an MSP that is experienced with handling the specific
IT management functions you need
to outsource, because it will ensure a

seamless transition of responsibility.
What To Look For In A Provider

Stahl says that the first and most important step in finding an MSP is to
understand the breadth of your needs.
He says companies need to work
within that acquisition process to understand not only what you need today,
but what youre going to become and
what infrastructure youll need. This
is important because you dont want to
outgrow your MSP and end up having
to transition those functions over to
another provider and hope they are capable of handling the responsibility.
Its also important to understand
your MSPs relationship with other service providers, especially in situations
where you hand over management of
cloud-based solutions to a third party.
Stahl says one of his customers doesnt
actually own a data center and instead
is warehousing or wholesaling some
space and then doing managed services
on top of that. Other customers use an
MSP to manage cloud infrastructure and
IaaS (infrastructure as a service), which
are major assets for those organizations
and absolutely essential for them to continue doing business. If your MSP takes
Ultimately, what remote IT management and monitoring has done is allow MSPs to reduce the cost of service
operations while improving performance, and the added
benefit, especially for SMBs, is that it gave them access
to enterprise-grade tools and the reporting and analytics
from these tools, that they never would have been able
to afford.
ERIC GOODNESS
Research Vice President : Gartner
platinum got through. You really need

to understand that relationship and
where theyre at in that ecosystem.
In addition to seeking out certain
capabilities or making sure your MSP
can provide a proper level of support,
there are numerous benefits you should
expect to receive. For one, Goodness
says, you should be able to recognize
reduced costs, because these centralized managed services and remote IT
management capabilities have an element of service automation and industrialization that most enterprises dont
engage in. What this means is that
many MSPs will be able to provide a
level of efficiency that some companies
simply cant attain. Coupled with other
and using a certain tool will help you

eliminate performance issues by a certain percentage through the life of the
contract, he says.
And the last major benefit is improved
knowledge of your IT assets and how
they perform. Because every asset is
being monitored 24/7 in real-time, they
should have access to trended analysis,
utilization reports, and other troubleshooting data so they have an idea of how
their IT is performing in a way theyve
never had before, Goodness says. You
can then take advantage of this knowledge transfer, he says, and use reporting
and analytics to improve your companys
performance across the board.
Choosing Services To Outsource
THE KEY IS FINDING AN MSP THAT IS EXPERIENCED WITH HANDLING THE SPECIFIC IT
MANAGEMENT FUNCTIONS YOU NEED TO
OUTSOURCE, BECAUSE IT WILL ENSURE A
SEAMLESS TRANSITION OF RESPONSIBILITY.
control of these types of mission-critical
services, you need to know where they
stand with those other service providers.
One of my customers had a problem
with their underlying infrastructure,
says Stahl. The MSP put in a ticket to
the base provider of the facility and
the colocation, but they were at a silver
level. Because there are platinum, gold,
and silver levels to this, their ticket went
in and then sat there and languished
for quite some time while other tickets
that were prioritized around gold or
functions, such as capacity management, that MSPs offer, you should not
only see a reduction in OPEX, but in
CAPEX, as well.
Another benefit you should expect
to receive from an MSP is improved
performance. The other value of these
managed services is that through 24/7
real-time remote monitoring, youre
able to provide proactive threshold identification to avoid service impacting
events, says Goodness. A good MSP
will be able to show you how hiring it
If youre trying to determine what

services to outsource or even trying to
decide whether you actually need an
MSP, its important to look inward
and ask yourself a few questions. Do
we need to manage every part of IT?
Goodness says. Is managing every
different technology and component
within IT in our best interest? Is it a
core competency? A lot of organizations
dont believe managing the LAN or LAN
switches is a core competency. This same
idea cascades down to database administration. Its generally just an organization saying, are we doing it as well as we
can, should we do it, and are we doing it
cost-effectively?
Its also important to pay attention to
complaints from employees if they are
concerned about the availability of the
network, response time of applications,
29
MSPs have been around for a long time. Generally, what

theyre going to do is try to augment your day-to-day operations. . . . [MSPs] provide continuity and management,
and augment skills.
DARIN STAHL
Senior Director : Info-Tech Research Group
or other issues, because these are often

telltale signs that something needs to
change, Goodness says.
You also need to determine if youre
investing in the right tools to put into
the hands of these people in terms of
IT operations management software, IT
service management software, and other
diagnostic tools they require to do their
jobs, Goodness says. Perform a basic
cost-benefit analysis to decide if you
want to spend more money internally
to try to catch up to your problems and
solve them or if youd rather put your
money toward an MSP arrangement
where it can help fine-tune your services and improve performance.
In addition to looking at what services you need to outsource, consider
what types of services MSPs are good
at delivering, which Stahl says are IT
operations and services that are commoditized. He doesnt want to give the
impression that MSPs can only handle
generic functions, but he does recommend outsourcing services that arent
tightly integrated with business context. Its more about handing over the
more basic functions to an MSP and
then freeing up the time of your IT employees for other business-specific tasks,
so they dont disappear into the cage
for days at a time, Stahl says.
Common MSP Services

Perhaps the most important service
an MSP offers is the ability to augment
your personnel with third-party experts.
Traditional IT outsourcing was more
about the transfer of personnel who

were in charge of managing IT, including those underlying assets like
servers, network elements, and applications, Goodness says. It was much more
of a financial decision aimed at reducing
onsite staff and cutting operations costs.
But now, MSPs are more focused on
helping your onsite IT team, rather than
replacing them, and doing so in a much
more efficient manner.
The real differentiator in the market
was the emergence of companies with
a centralized operations center from
which they could remotely monitor
and manage IT assets, says Goodness.
What that did was remove the cost of
dedicating single head count to an organization and allowed those engineers
within an operation center to time division themselves. One engineer could
solve an event in one persons IT organization and then once that was completed, he could remotely do the same
diagnostic on another environment. It
transitioned dedicated hands and feet
to shared hands and feet and they were
able to do that remotely.
Goodness estimates that MSPs can
perform more than 80% of their activities remotely, including changing OS
versions, updating databases, marking
port-level changes on a router, or managing unified communications. Not
only do these remote monitoring and
management capabilities help companies improve and maintain performance, but they also give SMBs
(small and medium-sized businesses)
access to enterprise-grade tools and reporting, and analytics from these tools,
that they never would have been able
to afford, Goodness says. Using MSPs,
smaller organizations can save money
by offloading certain management
tasks, but also take advantage of more
advanced services and thereby become
more competitive.
MSPs can also help manage entire
systems for their clients, such as managing a fleet of printers. One significant offering companies may want to
consider, according to Stahl, is security. Some companies simply dont have
the onsite expertise to handle security
monitoring and intrusion detection, because this level of security is a specialized field that takes a lot of tools to do
well, Stahl says. But with MSPs, you
can get the benefit of these more indepth security tools, and get the personnel to manage them, included in
your contract. Its not that companies
themselves cant do this, but its often a
cost-benefit analysis of saying, I dont
have all the expertise, I cant afford all
of these tools, and more importantly,
Im not able to aggregate lessons from a
bunch of different customers into threat
detection, Stahl says.
Other Considerations
Dont just take an MSPs word for it
and assume that when you hand over
management responsibilities that everything will improve. You really need to
think about how this impacts your end
users and what that end-facing service
delivery looks like with the MSP, Stahl
says. Goodness says that customers
also need to find ways to future-proof
how they deal with MSPs. You have to
consider what types of solutions your
company will be using in the future,
but also where technology is moving in
general. Make sure the MSP you choose
can keep up with your needs now and in
the future.
USING MSPS, SMALLER ORGANIZATIONS CAN SAVE MONEY BY OFFLOADING CERTAIN MANAGEMENT TASKS, BUT ALSO TAKE ADVANTAGE OF
MORE ADVANCED SERVICES AND THEREBY BECOME MORE COMPETITIVE.
30
Document Management
BEST PRACTICES TO HELP YOU PLAN AHEAD
IN THE OPINION OF Kenneth Chin,
KEY POINTS
A high-level DMS (document
management system) can return
cost savings, improved efficiency,
paper reduction, less storage, and
numerous other benefits.
One way companies fall short
is by not appropriately investing in
document-asset or ECM (enterprise
content management) technologies.
Outsourcing document management tasks reduces hardware and
other IT responsibilities, providing
more focus time for core goals.
In coming years, its expected
that document management will
become easier to use and more intertwined with file sync and sharing
abilities.
Gartner research vice president, document management is not only a mature

technology, its one thats becoming
much more a part of organizations
overall infrastructures. I think organizations arent going to look at it
and say, Oh, I need to add document
management. Whats the ROI on it?
Chin says. What we expect to see is
document management will be just like
email, where its going to be an essential capability that your knowledge
workers, your information workers are
going to require to do their jobs. For
companies, consistently performing
document management well holds numerous potential benefits. In this article we provide some best practices so
you can avoid trouble spots.
Reach Success
Among the benefits of planning,
implementing, and maintaining a
high-level document management
environment is less ROT, redundant,

outdated, and trivial information thats
no longer relevant or of value, says
Bob Larrivee, AIIM (Association for
Information and Image Management)
director of custom research. Beyond
increasing operational efficiency by
providing workers the right information at the right time, a high-level DMS
(document management system) can
serve as the central source of truth in
times of litigation or audit, he says.
Apoorv Durga, Real Story Group
analyst, says document management
done well can bring order to an increasing volume of electronic document, help organizations meet legal
and regulatory compliancy requirements, and reduce paper documentation. It can also provide users with a
more standardized means of gathering
and distributing data, and enable more
consistent communication among
employees, partners, and customers,
among other things.
31
Angle Boyd, IDC group vice president, cites benefits that include increased
intellectual property security; quickened
time to revenue; improved customer experience, satisfaction and loyalty; and
more time for innovation due to increased employee productivity.
Document management can also
provide greater confidence that contents of files are complete, something especially helpful when the
documents are part of a defined
workflow, says Diane Carlisle,
deputy executive director for ARMA
(Association of Records Managers
and Administrators) International.
Other advantages include improved
backup processes, increased physical
space savings and digital capacity,
and workers having greater confidence that they are working with the
most recent versions of documents.
Where storage is concerned,
Christopher Wynder, senior consulting
analyst with Info-Tech Research Group,
says Info-Tech analysis suggests enhanced document management with
version control and retention/disposition rules can cut overall storage growth
by 60 percent.
Avoid Failure
Its possible to have a good DMS
without possessing an application platform, Wynder says, if clear, logical rules
around file-type naming conventions,
folder structure, and duplication deletion
are present. An ECM (enterprise content
management) platform or DMS doesnt
guarantee you success, he says. Overall,
companies generally struggle with document management in several areas, including effort, he says. Although many
organizations assume workers have a
logical system for managing documents,
many workers assume technology
will save them, Wynder says. Further,
companies may not make the effort to
explain how to best save and label documents or invest in ECM or DAM (digital
asset management) technology.
Wynder cites appropriate control and
users needs as other challenging areas.
Many companies assume the best way
32
What we expect to see is document management will

be just like email, where its going to be an essential
capability that your knowledge workers . . . are going to
require . . . .
KENNETH CHIN
Research Vice President : Gartner
Regulatory compliance aside, outsourcing allows organizations to focus on their core business of developing new
products and services that generate revenues.
BOB LARRIVEE
Director Of Custom Research
Association for Information and Image Management
to reduce risk and enable productivity is

to control access, standardize the folder
structure, and require users to add tags
or metadata, he says. They have a notion of documents as a static, single
item that can be maintained through
good architecture, he says. Instead,
companies should view documents as
organic items that will grow and, at
best, aim to control the type and place
of growth, he says. Regarding users
needs, some companies implement a
system but dont organize it to solve
end users problems. A highly adopted
solution will fix daily irritations that
generate complaints or cause workers
to go rogue with consumer products,
Wynder adds.
Boyd says that hardly addressing
the 80%-plus of content thats unstructured is another failing. So, too, is
inadequately bridging paper-based
business-process content with digital
content and not staying current with
how mobile and desktop devices and
cloud and on-premises applications
are causing new inefficiencies and
complexities in business workflows.
Carlisle says not budgeting for ongoing maintenance, software licensing
fees and upgrades, data conversions,
and migration for a DMSs life cycle
are common shortcomings. She also
cautions against assuming document
imaging is an automatic answer to a
records storage problem.
Outsourcing & The Cloud

Where outsourcing document management pertains to using a SaaS (software as a service) model, Durga says,
the pros can include no capital expenditure; eliminating upgrade, patch, installation, and management worries;
eliminating hardware procurement or
maintaining numerous IT resources;
and acquiring a model thats more
elastic. Conversely, security issues, less
setup control (you need to be very sure
of SLAs and contracts, Durga says),
and the less-customizable and -extensible aspects of the SaaS model are potential cons.
Regulatory compliance aside, outsourcing allows organizations to focus
on their core business of developing
new products and services that generate
revenues, Larrivee says. Poor integration with in-house systems, user reluctance, and lock-in due to difficulties of
content migration can be negatives, he
says. Boyd advises organizations that
are outsourcing to work with providers
to develop SLAs, conduct monthly/
quarterly meetings to ensure goals are
met, and take corrective action quickly
if needed.
Where document management and
mobility and the cloud are concerned,
Larrivee says, the latter two are here all
ready. Many users are accessing corporate data via mobile devices and are
likely using a cloud solution to access
or share information with others, he explains. Organizations need to embrace

this and become proactive in identifying the requirements for their organization, he says. Boyd cautions that
if cloud and on-premises worlds and
mobile and desktop solutions arent integrated efficiently, they could create
new silos and inefficiencies that offset
their benefits.
Best Foot Forward

The items you might include on
a list of document management best
practices varies depending on whom
you ask. Wynder cites a need for an
overarching information governance
plan, which includes a standing committee that meets at least once a year,
and version control done on a granular
basis. Wynder also stresses the importance of implementing retention and
disposition rules, addressing accessibility, and adopting an information life
cycle plan.
Larrivee encourages organizations to
understand that change management is
a big issue, as is including the people
factor from a projects outset for input
and acceptance reasons. Additionally,
he emphasizes that governance over
the tools used and the way information
will be organized for consistency and
findability is key for performance and
risk management.
Its also vital to not simply automate or digitize a process, but instead
to go further and ensure the process
is optimized to achieve the desired
critical business outcomes, Boyd says.
Additionally, dont assume having
an enterprise application is enough.
Content management software, business process management, federated
search, and intelligent capture are
critical elements that may not be included, she says. Organizations
should address the paper/digital divide
and unstructured content with automated indexing and analysis, she says.
In health care and legal, for example,
most content is unstructured and must
be mined in a cost-effective, accurate
way, Boyd explains.
Always capture some form of metadataat least the

creators name and date last accessed. When possible
train users to use logical, project and timestamp derived
names for files.
CHRISTOPHER WYNDER
Senior Consulting Analyst : Info-Tech Research Group
Carlisle recommends planning and understanding how people use documents,

including who uses them, how quickly
they need access to certain documents,
and how they search for documents.
Vendor-wise, select one with products
that meet your organizations needs
rather than force-fit the business processes into the product. This is a delicate
balance because sometimes organizations
can be more efficient with modifications
to current practices. Finding the balance
is important, she says.
Where capturing is specifically concerned, Wynder suggests matching
capture capabilities to the use case. For
example, determine if its necessary to
have mobile OCR (optical character
recognition) or to develop templates.
Always capture some form of metadataat least the creators name and
date last accessed. When possible, train
users to use logical, project and timestamp derived names for files, he says.
Larrivee recommends capturing information as early in the process as possible, and to automate the capturing
process when possible using recognition technologies for data extraction,
indexing, and workflow to initiate required actions.
Regarding shipping management,
Larrivee suggests implementing mobile
technology to streamline the capture
process and bring such information as
signed delivery receipts into play immediately upon delivery. For records management, understand not everything is
a record; records must be handled in a
specific manner to maintain their integrity and authenticity.
From a cost standpoint, Larrivee advises minimizing the amount of print
in the organization, including by using
digital delivery via email, FTP, or other
means before printing. Use multifunction devices for print and as a capture
device tied to the DMS to maximize
their value, he says. Imaging, he says,
remains a staple due to the number of
paper-based documents still out there.
Also plan for what the organization really needs to have online. Formulate a
plan for when to scan documents on
a day-forward/as-need basis, and consider whether centralized or distributed
scanning makes the most sense based on
business requirements, Larrivee says.
Storage best practices, meanwhile, can
vary among organizations, with regulatory and industry guidelines being
factors. Media usage may also vary.
Sensitive information may have to be
stored locally, while marketing materials
that arent of a sensitive nature can be
stored in a cloud app hosted offshore,
he says.
Looking Ahead
Moving forward, Chin expects ECM
will take shape in terms of document
management usage becoming easier via
friendlier user interfaces, lightweight
Web clients that can access information,
an ability to go across multiple content
repositories, and having multiple products to access silos of documents that
may sit in different applications, he says.
Chin says were beginning to see
ECM vendors provide enterprise file
sync and share capabilities, and therefore, those capabilities are being intertwined with a DMS, providing different
ways to access and share content. I
think thats what is really going to take
hold over the next year or so. Really,
every vendor in the document management area will need to provide some
sort of enterprise file sync and share
capability to complement that.
33
More Value From Colocation Services

THE BENEFITS OF USING MANAGED & EXTRA-VALUE COLOCATION SERVICES
THE LOGICAL PATH FORWARD for many
KEY POINTS
Managed colocation services
providers can take control of such
things as an organizations security
or networking monitoring tasks.
More colocation providers are
providing interconnectivity abilities
in which they manage direct connections between tenants within
the same facility.
Many organizations use managed colocation services after
choosing a facility and, over time,
seeing the benefits of services.
Communities of interest within
a facility enable companies in a
specific industry or sector to colocate for mutual benefit.
organizations toward hosting, securing,

and connecting IT infrastructure is colocation services, according to a 2014 report
from Quocirca. The research firm cautions,
however, that not all colocation providers
are equal; and often its subtle distinguishing features that mark a successful
partnership. One differentiator that more
organizations are seeking in providers is
whether they offer managed services that
stretch beyond the facilities-related ones
traditionally encompassed by colocation.
Just as there are numerous reasons
that organizations go the colocation
route, there are numerous scenarios
that can lead them to take advantage of
data center-related managed colocation
services. In addition to detailing such
scenarios, the following explores the
benefits of embracing these services.
More Than Facilities

First lets define colocation services. There are multiple types of
34
services, including those that help organizations actually move into colocation
environments. The term can also refer to
the managed services a colocation provider offers to organizations after they
have moved some of their IT operations
into the providers facility.
From a pure play perspective, says
Sophia I. Vargas, Forrester Research
researcher, colocation refers to providing organizations fully outfitted and
managed data center space that includes
all mechanical and electrical equipment
(power, cooling, power distribution
units, universal power supplies, generators, security, etc.). In other words,
Vargas says, all the IT hardware is
supported up to the rack space. Basic
colocation services may also entail remote hands in which the provider, say,
reboots a server on behalf of the organization. Some colocation providers,
however, go all the way up the stack,
Vargas says, to offer hosted and managed services for storage, compute,
networking, and more, either through

themselves or via partners. Some companies will claim to do every element of
it, all the way up to provide cloud services for you, she says.
Darin Stahl, Info-Tech Research
Group senior director, says at its barest
bones, colocation essentially equates
to your kit, their site, meaning the
organization owns and has tons of
control over the application, the machine, the servers, everything but the
facility. With managed colocation
services, he says, you get into things
you can control, or share control with
the vendor.
An example might include a provider provisioning a server per the organizations required specifications.
Theyll lease it for you, and you
manage it from the application layer
on up. Theyll take care of everything
else, Stahl says. This arrangement can
extend to IaaS (infrastructure as a service), he says, as numerous providers
out there offer that full continuum of
services now. So you can start to take
advantage of the elasticity and have
a little bit of a hybrid deployment.
In short, managed colocation services
generally align with the idea of passing
more direct control to the vendor while
retaining oversight.
The Possibilities
While all colocation providers provide space and basic power, cooling,
and network distribution systems,
services can vary widely thereafter.
Higher-margin services is one example, says Lynda Stadtmueller, Frost
& Sullivan program director, cloud
computing. Common among these is
remote hands support to dispatch colocation personnel to install a server,
reset a router, or perform other tasks.
Some colocation providers also
make in-house, industry-specific expertise and knowledge available to
[Interconnectivity features are] becoming more prevalent

for more enterprises because they want to be able to
deliver applications with the highest level of performance
and speed for their customers.
SOPHIA I. VARGAS
Researcher : Forrester Research
tenants, Stadtmueller says. In some

cases, the colo provider simply develops an industry-specific sales
channel to address the specific content-distribution needs of an industry,
she says. In other cases, special offers or service-level agreements may
be developed for an industry. In recent years, she says, most colocation
providers have expanded offerings to
include managed hosting or cloud services to respond to customer demand.
By providing common management
tools, this allows them to offer their
tenants a degree of hybrid cloud functionality, enabling tenants to choose
the right configuration for each workload, Stadtmueller says.
Specifically, managed colocation
services can include architecting, provisioning, deployment, management,
monitoring, and support services covering servers, networking, storage,
security, applications, backup and
recovery, and other areas. Beyond
the management of the facility, most
providers have capabilities and offerings that [a] customer cannot staff inhouse, Stahl says. Long-term capacity
planning, 24/7 service models, etc., are
examples here. Adding such abilities
via a partner that already understands
the organization can be a significant
benefit over time, he says.
Stahl says many organizations path
to embracing managed colocation services is an evolution. Once Im in a
colocation, I get a little tired of losing
my staff in the cage for hours or days at
a time, he says. So initially, Ill start
taking on remote hands, but eventually

that becomes sort of, Hey, why dont I
take advantage of their network monitoring ability and their security monitoring ability? because those tools are
expensive. The knowledge and expertise some providers have aggregated, he
says, can translate into better capacity
and capability than some organizations
can accomplish on their own.
Shared Interests
A significant extra-value service
that various colocation providers offer,
says Clive Longbottom, analyst and
Quocirca founder, is providing multiple connectivity solutions to provide
extended availability and flexibility
of throughput. This should be a nobrainer to anyone in a colocation
space, he says. Other providers are
opening marketplaces of services that
tenants in the providers facility (or
in its other facilities) provide to other
tenants. Again, this can be highly
beneficial, as you can benefit from infacility core network speeds or preferential priority and QoS [quality of
service] speeds across facilities, as well
as a single platform for identifying and
dealing with any issues in service provision, he says.
Ian Brown, Ovum senior analyst,
says an example of these communities
of interest within a particular industry
is financial services hubs focused on
trading exchanges. Here, buy- and sellside traders, exchange trading engines,
and financial information services/
feeds co-locate to interconnect and
. . . MANAGED COLOCATION SERVICES GENERALLY ALIGN WITH THE

IDEA OF PASSING MORE DIRECT CONTROL TO THE VENDOR WHILE
RETAINING OVERSIGHT.
35
transact, Brown says. Other examples

include content and media providers,
content distributors, and cloud service
providers that co-locate for mutual
commercial benefit.
Such partner interconnections between tenants within the same colocation facility might entail the colocation
provider managing a direct fiber connection between two tenants to provide
a secure and private zero- to low-latency connection, Vargas says. An enterprise, for example, might directly
connect to cloud service provider, SaaS
(software as a service) application, or
hosting partner.
Any industry in which latency is
an issue should be interested in interconnectivity features, Vargas says,
including gaming, financial services,
and those dealing with large data sets
requiring fast results. Overall, though,
this is becoming more prevalent for
more enterprises because they want to
be able to deliver applications with the
highest level of performance and speed
for their customers, she says.
Elsewhere, Brown says, many colocation hosts try to attract large
magnet customers into their facilities that in turn attract other service
providers and make the facility more
attractive to smaller customers that
wouldnt typically have such choices
in providers or direct involvement
in a hub or ecosystem. Longbottom,
meanwhile, says some colocation providers are seeking to offer a menu of
services theyll provide from external
providers by tapping into public cloud
services. This can be both pragmatic,
as the colo provider will help in dealing
with any problems, and possibly costeffective, as the colo providers overall
spend could push the costs down for
everyone concerned, he says.
While arguably not a managed colocation services, another value-added
service Longbottom recommends
seeking out is DCIM (data center infrastructure management) capabilities from a colocation provider. This
enables an organization to keep tabs
on its piece of the overall multitenant
36
[There are] providers out there offer that full continuum

of services now. So you can start to take advantage of the
elasticity and have a little bit of a hybrid deployment.
DARIN STAHL
Senior Director : Info-Tech Research Group
By providing common management tools, this allows [colocation vendors] to offer their tenants a degree of hybrid
cloud functionality, enabling tenants to choose the right
configuration for each workload.
LYNDA STADTMUELLER
Program Director, Cloud Computing : Frost & Sullivan
colocation facility. By tying DCIM in

the organizations existing systems
management abilities, Longbottom
says organizations can gain vision into
what its equipment is doing but also
how the facility is operating with the
equipment the organization and its colocation neighbors are putting in place.
This should then allow you to be
better data center citizens and help
in avoiding the situation of you (or
those around you) from becoming
noisy neighbors, he says. Further, if
a problem does occur, DCIM should
help in working with the provider
to identify where the problem is and
dealing with it rapidly and effectively.
Speak Up
Before committing to managed colocation services, Longbottom recommends asking numerous questions
about whats available now but also
what solid plans the colo provider
has in place for the future. Look for
a visionary, yet pragmatic, set of responses that indicate the provider
knows its in a highly dynamic market
and is prepared to respond rapidly, he
says. Further, look for inclusivity. For
example, if the organization identifies a service it would like the provider
to offer, Longbottom says look for a
response from the provider similar to
Thanks, lets look into it together vs.
a straight-forward no or well look
into it and get back to you.
Stahl says the use of managed colocation services is a conversation

now occurring in a majority of organizations. Companies not having the
conversation now, he says, are beginning to. Five years ago, Stahl says, the
driver to enter colocation was often
connected to organizations staring at
major refreshes (aging cooling systems,
for example). Now, what Im seeing
happening is thats already taken place,
so most often its around disaster recovery, he says. After getting their
feet wet and having a good experience,
he says, organizations may use various
managed services with IaaS sometimes
rolled in and start to say, You know,
this works pretty well. Why wouldnt
I begin doing this for my production? And that evolution starts to take
place, he says.
Stahl does caution that its imperative companies contemplate the possibility of divorce with a provider
should the partnership/services not
work. Going into these things, nobody
talks about the end, he says. Whats
certain about IT is failure will occur.
The question becomes what happens
inside these relationships when it
does. Thus, determine how both parties will continually work to respond to
and repair failures, and if something
finally happens that the relationship
goes sour, how theyll try to rehabilitate it, Stahl says. Switching is the
last thing you want to do.
State Of Software-Dened Networking

ALTHOUGH NOT YET MAINSTREAM, SDNS POPULARITY CONTINUES TO GROW
THE CONCEPT OF SDN (software-defined
KEY POINTS
SDN (software-defined networking) lacks a consistent definition, but generally speaking SDN
decouples software from hardware.
The SDN marketplace is much
larger than it once was, but not all
vendors are offering a true SDN experience with their products.
SDN implementations require a
change in mind-set for your networking team. And with SDN, roles
within that team will likely change.
Even though analysts arent
100% sure when SDN will go mainstream, it should happen in the next
few years, which means companies
should think about starting pilot
projects and testing the technology.
38
networking) has been around for a few

years now and over the past year, more
and more vendors have begun offering
SDN solutions. But even though the technology is relatively well-known and many
companies have moved to the testing
phase, SDN is still far from a mainstream
technology. And one reason SDN might
be struggling to find its footing, is because
it doesnt have one true definition and the
market is somewhat segmented.
Just from my interaction with clients,
and we have a survey too, even right now
there isnt a common definition from our
clients, says Andre Kindness, principal
analyst at Forrester Research. If prospective users cant seem to get a grasp on
what SDN actually does, then it makes
sense that the technology doesnt quite
have the foothold you might expect despite its many potential benefits. For that
reason, it doesnt hurt to go back to the
basics and remember what SDN promises
to do for organizations.
At its core, software-defined networking

is a concept that changes the way we think
about designing, building, and operating
networks, says Joe Skorupa, vice president
and distinguished analyst at Gartner. Where
traditionally companies had to rely on
networking products consisting of tightly
bound software and hardware solutions,
SDN promises a future where software is
essentially decoupled from hardware and
makes it much easier to manage, monitor,
and make changes to your network. In
the past, a single vendor provided all of the
capabilities and if you wanted to change
things, you typically had to change software and hardware, says Skorupa. If your
vendor had great software, but fell behind in
hardware, you were stuck. If they had great
hardware, but fell behind in software, you
were stuck.
SDN gives you the freedom to choose
virtually whatever hardware you want, typically based on x86 infrastructure, and then
choose the type of networking software that
best suits your needs. No longer are you
beholden to a single vendor to get both your

hardware and software solutions. Instead,
you can compare products to get the right
price and feature set.
How SDN Solves Networking

Issues & Improves Agility
The important thing to remember about
your network is that it stretches far beyond
your data center and even your office as a
whole, which is why SDN is an important
tool for helping IT personnel better manage
all of those different connections. The network touches every part of the business, says
Kindness. You have the network within the
data center, a network connecting to public
clouds, and one bringing the users together.
What were seeing across the board is that
orchestrating all of this and having it all connected uses data and compute power no
matter where it exists. Having that automatically create these connections, disconnect
them, and bring them back up is really the
driver to software-defined networking.
This idea of the network going beyond
the data center is important to keep in mind
because many people see SDN has a data
center-only technology, which isnt the case.
Kindness says that the Open Networking
User Group and other groups regularly talk
about SDN as a WAN (wide-area network)
technology meant for use with wider wireless
networks. Plus, SDN can be used with the
cloud to help bring virtually every network
your company uses together under the same
centralized management.
How do you get all of it to connect together automatically instead of doing it in a
manual way, which takes months or years
to actually roll out and manage? Kindness
asks. You think about a user. Theyre going
to be using stuff in their private application
sitting in their data center, but they might
be using their own personal stuff or specific
corporate applications that are hosted in the
cloud. That is a lot of different infrastructures
and that requires a lot of different network
crossover, from the carrier, to the cloud, to
the data center.
SDN not only solves the issue of making
your many disparate networks more manageable and connected, but it can also help
you improve business agility simply by
streamlining the management process and
A lot of people dont have a clear definition of it and so I

try to recommend not buying any particular technologies
and try to stay with what you have as long as possible
and look for [solutions that are] the most open. Things
are going to change over the next four years . . . . Go with
your gut, but be wary of what vendors are presenting, and
really understand your own organization.
ANDRE KINDNESS
Principal Analyst : Forrester Research
removing potential bottlenecks. Kindness

says that companies often get too focused on
ROI. Instead, he says they should focus on
how SDN makes employees more productive
by giving them access to the data they need
in an efficient manner and how it can help
them attract new customers and maintain
their existing customer base.
SDN is really about winning, serving,
and retaining customers, says Kindness. It
can enable that to happen in a much more
proficient matter. Look at how much of our
lives are done on mobile devices. Businesses
want to be much more reactive and agile to
serve that customer that wants things wherever theyre at and serve the immediate need.
We call these mobile moments. You have
to have a network as responsive and agile
as that. In the end, its more than just ROI,
which is a very limited cost issue. Its really
about those mobile moments and serving,
retaining, and finding new customers.
Surveying The Marketplace

& Choosing A Solution
Because there are so many different SDN
solutions out therein fact, Kindness says
the number has quadrupled in the past
yearit helps to categorize solutions into
separate groupings. Kindness likes to break
them down into three groups: open, proprietary, and overlay. Open SDN isnt tied
to any specific vendor and is a much more
customizable solution for companies to work
with. Proprietary SDN means that a specific vendor has developed its own version of
SDN that often has to be used with its hardware when implemented.
Skorupa describes the third category,
overlay, as a way to run software on top of
an existing network and transparently tunnel

across the existing network. This means
that you may not have to change your networking infrastructure at all to support software-defined networking and instead can
just apply SDN software on top of it to enjoy
its benefits. Skorupa says SDN overlays are
often the easiest to implement and they are
the most commonly offered solutions from
major vendors.
The type of SDN solution you choose depends entirely on your network layout and
how you want to move forward with it in the
future. If youd rather overhaul your entire
network and tailor it specifically to SDN,
then you might want to go with a more open
solution. If youd rather keep your network
and implement SDN quickly, you might
want to go with the overlay option. And if
your networking hardware vendor offers
an SDN solution that fits your needs, then
maybe the proprietary route is the way to go.
When it comes to proprietary SDN, however, Skorupa has a few warnings. The first,
he says, is that some traditional networking
vendors say they offer SDN 2.0 when what
THREE TYPES OF SDN

Analysts describe three basic types of
software-defined networking:
open SDN - not tied to a specific
vendor, more customizable
proprietary SDN - developed by a
specific vendor, typically must be
used with that vendors hardware
overlay SDN - runs on top of an
existing network infrastructure
39
theyre actually doing is SDN 0.2. For example, a vendors SDN solution might give
you some automation and better management tools, but it still relies on the old model
with embedded, tightly coupled hardware
and software, Skorupa says. And the only
reason a vendor would do this is so that they
can maintain control over where the value
is and not let third-party SDN vendors offer
added value that they arent able to match.
Skorupa compares this practice to the
smartphone industry where a given operating system may be somewhat open, but
there are clear benefits to using first-party
applications. For instance, a mobile device
may have a very high performance graphics
rendering engine that only a first-party Web
browser has access to. And while you may
have the option of downloading and using a
third-party browser, it simply wont have the
same level of performance as the first-party
alternative. In that same way, some vendors
are trying to maintain their control over the
networking market by offering automation
that isnt necessarily the full SDN experience.
Fortunately for businesses interested in
software-defined networking, Skorupa says,
most of the rest of the industry has really
embraced a separation of control plane and
data plane, the centralization of intelligence,
and the distribution of packet handling.
Because you are decoupling the control plane
from the network hardware, you actually
have more say as to which SDN controller
you choose. And thats where Skorupa recommends going with a controller where
there are lots of people writing value-add applications to bring value to the environment.
With these more open alternatives, you have
much more control over what capabilities
you get from an SDN implementation.
SDN Implementations
Can Be Challenging
As with any technology, SDN comes with
some growing pains if you want to implement it in the right way. One of the biggest
challenges, according to Kindness, is that
networks tend to be overly complex and customized to the point where its difficult to
make major changes. Weve gotten to the
point where were far enough in technology,
whether its networking or anything else,
that technology itself is not going to solve
40
SDN changes the value chain. In the past, someone who

wanted to do something new and interesting in networking had to raise $150 million in venture capital so they
could build hardware and then take that out into the market to move their value-added software. The decoupling
with SDN means that six smart guys in a garage from
Syracuse, New York, could write a networking application
or utility that changes the industry. Thats a huge difference and the potential is amazing.
JOE SKORUPA
Vice President & Distinguished Analyst : Gartner
the problem, he says. A lot of it now is that

we need to change the mind-set internally.
Network engineers need to know coding and
you have to change your processes and procedures. Automation requires everything to
be standardized and with networks, thats not
a common thing.
Building on the idea that network engineers needs to change their mind-sets and
develop new skills, Skorupa says that one of
the biggest challenges with SDN is the culture
shock. A lot of the current networking team
is scared to death because theyre worried
theyre going to be automated out of a job,
he says, which could happen because sometimes the only extra value theyve built into
their skill set is knowing really obscure commands. SDN will cause a major shift in roles
for you network administrators, but it can
also make their lives easier if they let it.
When you start having these network
management applications where rather than
typing in screens of obscure commands, you
say, connect these two servers together with
this set of policies about bandwidth, quality
of service, and security and the underlying
application figures out how to do that, the
value shifts to people who understand the application and business value, not those who
understand obscure technical commands,
says Skorupa. It requires a different set of
skills from your team. This is not the person
who knows 17 decimal places worth of obscure commands. This is somebody who
understands business goals, knows something about security, applications, and networking, and has the people skills to work
across teams.
How Far Away Is SDN

From The Mainstream?
Some analysts have differing opinions
on just how far away we are from widespread SDN adoption. Kindness, for instance, says that even though there are a
lot more people talking about it and maybe
even allocating funds to do a pilot, mainstream SDN is probably still another five
years out. Still, the fact that companies are
actually making moves to pilot the technology and test it in their environments is
a step in the right direction, and Kindness
thinks the idea of SDN for WAN is a big
part of that.
As for Skorupa, he thinks mass adoption is as close as 2015 or 2016, where he
expects the number of deployment to jump
from the 1,000 or so now up to the tens of
thousands. But he also stresses how important it is to test the technology first and
make sure youre prepared for it before
jumping right in. He recommends using
SDN when you bring up a new Hadoop
analytics cluster, deploy virtual desktops,
or install a new row of hyper-converged
servers, because they are projects that
could benefit most from SDN.
Skorupa offers some additional general
recommendations. Get it in a place where
theres a lot of value, where the agility matters, and where theres more flexibility in
terms of disruption of process or procedures so you can work out the kinks, he
says. Look at things that dont have to be
fully integrated into your current environment, and then over time you can begin to
roll it across your data center.
The Dark Side Of The Internet Of Things

WHY CIOS & SECURITY PERSONNEL MUST ADDRESS VULNERABILITIES & RISKS NOW
KEY POINTS
The billions of devices, including
machines, sensors, and other devices involved with the IoT, will introduce a bevy of security concerns
enterprises will need to address.
IoT devices used in relation to
critical infrastructure environments,
such as the oil and gas industry,
are considered particularly enticing
targets for hackers.
As OT and IT networks/systems
increasingly combine and share
information, employing new, more
holistic security approaches may
be needed.
Although the IoT is still relatively
new, security vulnerabilities already
exist, thus enterprises should start
educating themselves now.
THE IOT (INTERNET OF THINGS) is one of

the most talked about and exciting technologies now happening, primarily due
to the massive scope, potential, and opportunities it entails. Take, for example,
Gartners recent forecast that there will
be roughly 5 billion connected things,
or devices, in use this year, up 30% from
2014. Depending on the source, projections call for upwards of 29 billion connected devices by 2020, not to mention
hundreds of billions in revenue for suppliers of related products and services.
One estimate states the enterprise
sector will make up roughly 40% of these
connected devices near decades end.
In terms of business transformation,
Gartner hails the IoT a powerful force,
stating it will have a disruptive impact
felt across all industries and all areas of
society. Manufacturing, utilities, and
transportation, Gartner projects, will
be the top verticals using IoT this year,
combining for 736 million connected
devices in use.
Still, not everything concerning IoT is

a positive. The vast number of connected
sensors, machines, devices, corporate networks, interconnections, embedded OSes,
and other entities involved with the IoT
promises to introduce a steady stream of
serious security concerns enterprises will
have to address. The following pages detail
issues that CIOs, CEOs, and digital security personnel must address and prepare
for or otherwise face serious consequences.
Inside The IoT

Theres no shortage of definitions for
the IoT. Essentially, however, think of the
IoT as a steadily growing number of devices that each possess a unique address
that enables it Internet connectivity.
The IoT also pertains to the interconnections these things share, including
connections with corporate networks.
Thus, beyond traditional computers and
mobile devices, IoT devices can include
wearables; thermostats; manufacturing
equipment; and sensors in automobiles,
41
As IoT spreads into areas such as facilities management and physical security automation, the definition of
what constitutes digital security will change and become
much more holistic than it is today.
EARL PERKINS
Research Vice President, Systems, Security & Risk : Gartner
oil rigs, trains, and jet engines. Broadly,

the IoT enables connecting energy grids,
transportation systems, smart homes,
manufacturing facilities, and other entities to the Internet.
For a 2013 summit on the IoT, the
SANS Institute described the IoT as enabling any-to-any connectivity, noting
three waves of connectivity, including
a first wave of homes and offices connected to business buildings via wired
connections and a second involving mobile devices connecting to businesses and
other mobile devices via wireless connections. The third wave, though, entails
things connecting to users, businesses,
and other things via wired and wireless
connectivity. Examples of these things
include automobiles, airplanes, medical
machinery, personal medical devices,
windmills, and environmental sensors.
The SANS Institute notes that most IoT
devices will be used in either critical infrastructure (power production, generation,
and distribution; manufacturing; transportation; etc.) or personal infrastructure
(medical devices, automobiles, etc.) areas.
Critical infrastructure in particular is an
attractive target for national and industrial espionage, DoS (denial of service),
and other disruptive attacks. Devices associated with personal data are also enticing targets. Therefore, both critical
and personal infrastructure will require
adding new security approaches to legacy
security processes and technology, according to the SANS Institute.
At the CyberMaryland 2014 conference,
Admiral Michael Rogers, commander of
U.S. Cyber Command, reportedly stated
that securing the IoT is a huge issue for
everyone. Literally every person on earth
is a sensor. We have billions of devices. Its
a daunting task, Rogers said. On average,
42
he noted that people have three to five

connected devices, with more expected in
coming years. How are we going to make
this work? How are we going to secure
them all? Thats for all of us to work toward, he stated.
In a recent blog post, Peter Sondergaard,
Gartner senior vice president, stated that
CEOs are shifting from heading up companies that produce cars, toasters, elevators, construction equipment, washing
machines, etc. to companies that basically
produce Internet-connected devices. This
fundamental change means CEOs will need
to face the same challenges IT has dealt
with since the Internets arrival, namely
securing your devices and networks from
malicious attack. Gartner projects that by
2017s end, more than 20% of enterprises
will have digital security services aimed at
protecting business initiatives that use devices and services in the IoT.
Should You Worry?

In many respects, the IoT is still relatively new. So why should CIOs and
security personnel be turning an eye toward IoT-related security concerns now?
Because in other respects, the IoT isnt a
tomorrow thing, as Mike Krell, Moor
Insights & Strategy analyst in residence,
says. Vulnerabilities exist now, including
within the enterprises in the form of connected HVAC, printer, and other systems.
Newly connected IoT devices, such as
thermostats, vending machines, HDTVs,
and wearables, are being added daily and
create some of the largest potential security gaps in the IT infrastructure, Krell
says. Case in point, a massive security
breach involving a well-known retailer in
2013, came through the HVAC system,
he notes. Further, as users demand for
mobility, cloud-based applications, and
collaboration inside and outside of organizations firewalls continue, Krell says, the
threat of a malicious attack or industrial
espionage is around every corner.
Earl Perkins, a Gartner research vice
president specializing in security, says
much like how the Web revolution of the
late 1990s and early 2000s began in business units with IT later supporting it, the
IoT revolution has started in business
units seeking incubation projects that
use different devices to enhance business
processes or initiate processes to support
IoT devices their clients or partners carry.
CIOs and IT must heed IoT security worries now or risk being caught flat-footed,
similar to how many were with the Web
and mobile revolutions.
They must also be concerned because
IoT brings the aspect of the physical into
their enterprise security strategy, Perkins
says. Similar to how business strategies
evolved to support mobile and BYOD, he
says, more devices requiring physical and
digital security controls will demand strategies to further evolve. As IoT spreads
into areas such as facilities management
and physical security automation, the definition of what constitutes digital security
will change and become much more holistic than it is today, Perkins says. Just
ask those involved in industrial automation and control enterprises. They know
exactly what this entails.
Rahul Vijayaraghavan, Frost & Sullivan
research analyst, industrial automation
and process control, says while theres
considerable focus on IT security now,
not as much is targeted at OT (operational technology) and control systems or
other critical infrastructures. Within the
oil and gas industry, if a criminal hacked
into a system and changed a valve position, the magnitude of impact would be
huge, he says.
Another issue enterprises face is the
general blurring of lines between IT and
OT, Vijayaraghavan says. Concepts such as
digital oil fields, smart factories, and other
factories of the future will require streamlined integration among various enterprise
systems, assets, and workforces, he says.
Factor in the IoT and the scads more assets,
devices, etc. involved and theres going
to be an increase in the number of attack

points. Hence, security should be a prime
focus for most of these companies, he says.
Theres going to be an increase in the number of attack

points. Hence, security should be a prime focus for most
of these companies.
The Connections
Examples of how corporate networks
are now connecting to networks that
involve machines and sensors are numerous. HVAC and lighting systems are
common ones. These systems, Krell says,
connect to the same networks that tap
into company data. Also, lets remember
that all networks are connected to the
Internet, which in turn is connected to
various machines and sensors, he says.
Printers and multifunction devices, for
example, are often overlooked in terms
of IoT and vulnerabilities, despite that
remote workers often connect to them
outside the corporate network.
Perkins says asset-intensive industries with automation production or engineering-oriented infrastructures and
services are the best examples of how corporate networks connect to machines and
sensors. Such infrastructures/services include electric utilities, oil and gas companies, manufacturing, and automotive
industries. Within commercial-oriented
industries in retail and facilities management, examples include the production use
of sensors, robots, and process control.
Perkins uses electric utilities, which for
decades had two personalities involving
technology, to illustrate IoTs influence
on security. Generally, corporate IT network and systems served business units
primarily involved with information processing, while OT systems served operations and production environments. Some
OT and IT technologies were and are similar, but other unique OT technologies, IT
may know little about. This is changing,
however, Perkins says, and IoT technologies and architecture are having an impact.
While many OT and IT systems were
once kept strictly separate in their daily
functions, theyre increasingly sharing information and opening up to other networks and the Internet, Perkins says. The
result will be a sea change in how digital
security is handled for these converged
environments. In general, as more proprietary, closed systems that OT used are
RAHUL VIJAYARAGHAVAN
Research Analyst, Industrial Automation &
Process Control : Frost & Sullivan
As we continue to be mobile, we open holes in the enterprise to data, hardware, and software. These holes are
natural entries for malicious attacks. As we connect more
devices to the enterprise, there are just naturally more
avenues we need to protect.
MIKE KRELL
Analyst In Residence : Moor Insights & Strategy
replaced/updated with more traditional IT

and in some cases IoT systems, the sins of
IT security are visited upon OT, he says.
To offset the increase in network connections and IT usage, digital security teams
must establish better and more structured
security. This is also true for physical security automation systems. Everyone is
starting to join the party, Perkins says.
The Impact
The extent to which IoT may impact
the way large businesses view digital security could be significant depending on the
company and industry. Vijayaraghavan
says a big challenge for enterprises is
simply having a willingness to change
and not hold on to an If its working fine,
why change? mentality.
A dominant theme concerning IoTs impact on security is that enterprises will need
to view security in a much more holistic
manner and consider areas and scenarios
they havent previously. In short, areas that
need to be secured within enterprises are
much broader than before, and security
cant be a secondary thought, Krell says.
Imagine all the Wi-Fi- and Bluetoothenabled devices that are now on our person
and then entering the enterprise, he says.
CIOs have to remember that enterprise
lighting systems are now accessible from
outside [their organizations] and connected
to the internal network.
At the network level, Perkins says

enterprises must look at all options for
network segmentation or separating the
flow of data. That will be one of the most
significant concerns. While many think
we have solved such a problem already
through firewall technology, that isnt true
and is incomplete anyway, he says. Like
other experts, Perkins says possessing a
more holistic approach to strategy, frameworks, and architecture is key. This includes reviewing requirements for such
areas as identity and vulnerability.
Enterprises that dont do this will find
an asset management nightmare as they
struggle with keeping up with network
links, data flows, and access, he says.
As with other initiatives, addressing
IoT-related security concerns will largely
boil down to devising and executing
a well-thought-out strategy. Enterprise
CIOs must accept that vulnerabilities already exist and will proliferate in the future, Krell says. Two significant challenges
include the mobility of todays work environment and workers desire to bring and
use personal devices to access work data.
As we continue to be mobile, we open
holes in the enterprise to data, hardware,
and software, Krell says. These holes are
natural entries for malicious attacks. As
we connect more devices to the enterprise,
there are just naturally more avenues we
need to protect.
43
The Case For Network Virtualization

HOW ENTERPRISES CAN BENEFIT
FOR THOSE WHO LACK an extensive

background in networking, NV (network virtualization) can be a difficult
concept to grasp. There is also considerable confusion about its connection to
SDN (software-defined networking) and
NFV (network functions virtualization).
Still, theres good reason why executives
should familiarize themselves with NV.
Although enterprises interest in NV has
stemmed primarily from a technical perspective, thats changing as vendors are
positioning themselves to make business
cases for adopting their NV offerings.
Mark Tauschek, Info-Tech Research
Group associate vice president, infrastructure research practice, says in the
near future, as enterprises ready themselves to refresh their network infrastructures, any vendor they work with will
have NV on the table. Anything youre
going to purchase in your next refresh
cycle is going to support NV, and likely
SDN, more broadly, he says. You definitely need to understand the benefits. I
44
think it will be a good fit for pretty much

any organization.
A Complicated Existence
Deciphering where NVs relationship
with NFV and SDN starts and stops can
be perplexing. NV is commonly described
as enabling an enterprise to slice a physical
network into several virtual ones that reside on the same infrastructure but remain
isolated. This is similar to how server virtualization permits creating multiple virtual
server instances on one physical server.
Matthew Ball, Canalys principal analyst,
describes NV as enabling the creation of
these dedicated, separate networks for different uses, applications, departments, and
more. For example, an enterprise could
create one virtual network for testing and
development purposes and others to meet
specific QoS (quality of service), performance, and security requirements for different business groups.
Tauschek considers NV the last man
standing in terms of data center infra-
structure yet to be widely virtualized. As he

sees it, NV allows for taking a commodity
piece of hardware or component of hardware and easily creating separate, logical
connections on it. For example, an enterprise could provision a segment of a port
on the network to a particular resource
as opposed to dedicating a full port to a
physical server or physical NIC (network
interface card).
While NFV often gets mixed in with
NV discussions, Ball says NFV is just the
virtualization of network-based services
delivered on x86 servers in data centers.
Andre Kindness, Forrester Research principal analyst, says when he speaks with
business professionals, he usually equates
NFV as the software version of network hardware, similar to what a word
processing program is to a typewriter.
Enterprises, he says, can buy switches,
routers, load balancers, WAN optimization
controllers, and firewalls all in software
form. Basically, any network hardware
has a software counterpart, he says.
SDN, meanwhile, is considered to have

more to do with delivering automation and
programmability in complex network environments by decoupling software (the
control plane) from hardware (the data forwarding plane). Tauschek considers NV a
subset of SDN. NV isnt really about running applications on your network infrastructure. Thats really what SDN is about,
he says. SDN is also about essentially providing a signal point of control and policy
control for the network infrastructure.
Obviously that makes use of NV, but NV is
really a subset of SDN, he says.
Network virtualization allows services to exist right next

to applications and data in the virtual world, instead of
appliances dangling off the network.
ANDRE KINDNESS
Principal Analyst : Forrester Research
Anything you buy now is going to be proprietary SDN/NVready, or its going to be OpenFlow-ready, or both. Whats
really driving interest now is vendors.
MARK TAUSCHEK
Associate Vice President : Info-Tech Research Group
Benefits & Problems

Testing is often cited as a benefit of NV
in the sense that enterprises using NV can
fairly easily create testing environments
not dependent on the physical world.
Kindness says this is similar to CAD or
solid modeling seen in manufacturing
or design sectors. Overall, NV and NFV
offer numerous benefits, Kindness says,
including a low-cost alternative to purchasing hardware and with less associated setup time required. IT, for example,
can download software and begin using it
rather than order the physical network infrastructure and wait for it to arrive before
configuring the components.
NV and NFV can also be well-suited
to small environments. Physical network
components, for example, can be larger
than what a smaller organization needs.
Specifically, most switches are 24- or 48port devices, but a small site may only need
four ports, Kindness explains.
NVs ability to simplify architecture is
another positive. Networks have generally become ugly messes due to the need
to attach firewalls and other services in
certain areas, Kindness says. Add in redundancy and networks can transform
into complex, costly infrastructures. With
NV, software isnt physically constrained,
which can simplify architectures. Network
virtualization allows services to exist right
next to applications and data in the virtual
world instead of appliances dangling off
the network, Kindness says.
In his column, Lee Doyle, principal
analyst with Doyle Research, writes that
implementing NV can introduce scalability
and multitenancy benefits. Specifically,

each application, or tenancy, can have its
own network and security policy thanks
to NVs ability to isolate network traffic.
Technically, Doyle notes that NV offerings
are available from numerous suppliers,
each putting its own spin on NV with associated strengths, weaknesses, protocols,
and pricing options. NV is also available in
various open-source options.
There are a number of people who believe some performance abilities and security controls with NV dont equal those of
hardware. Here, Kindness says organizations should have solid processes and controls in place before using NV. Because NV
is nebulous, he says, more due diligence
around procuring, deployment, and management is required.
As with server or storage virtualization,
monitoring can be an issue with NV in
terms of usage and running up against
capacity, which will impact performance.
If you go this direction, you have to
monitor your infrastructure more closely,
Tauschek says.
Where security and NV relate, arguments go both ways, says Tauschek, who
tends to believe NV is better for security,
as most problems we have with security
are human error. Often, for example,
security problems result from someone
misconfiguring something. Standardizing
policies across different groups of applications, servers, and infrastructure is easier
to manage with NV than with individual
switches, where if someone makes a mistake with, say, an ACL (access control list)
on one switch, you just open the door to

problems, he says.
The Market
Implementation- and technologywise, NV is still in its early stages. Doyle
writes, however, that because using NV
software as an overlay to existing network
infrastructure offers a fairly easy option to
alleviate virtual machine networking challenges, he expects NV adoption to strongly
increase throughout 2015 and 2016. Doyle
explains that adoption will depend on
pricing, standards, the open-source impact on the market, and other variables.
He projects global spending on the SDN
software market, of which he counts NV a
subset, to reach about $1.2 billion by 2018.
Tauschek says Info-Tech is seeing more
client interest in NV and SDN, though the
technologies are emerging within enterprises primarily in test beds, lab environments, or safe segments of networks. That
said, executives should be learning more
about NV now.
Anything you buy now is going to
be proprietary SDN/NV-ready, or its
going to be OpenFlow-ready [an open
networking standard for configuring
switches], or both, Tauschek says.
Whats really driving interest now is
vendors. Here, few independent NV solution startups remain as large network
vendors have all bought into the technology with acquisitions, he says. Now,
a lot of the vendors are saying to their
customers, Look at what we can do. Isnt
this cool? You should buy it.
45
Better Understand Enterprise Risk

MITIGATING RISKS REQUIRES STRONG COMPANY-WIDE POLICIES & A RISK-AWARE CULTURE
WHILE THERE ARE quite a few areas
KEY POINTS
Understand that risk and security
are actually business issues, so the
business should manage them and
have IT put solutions in place.
There are almost too many potential issues to name if you dont
take a risk-based approach, but the
most crucial are data loss and loss
of brand reputation.
Consider implementing GRC
platforms, to better handle risk and
compliance, and put strong quality
assurance processes in place.
Security and IT teams need to
use business terms when communicating risks so executives and
managers understand how important it is to fix security issues.
46
where business and IT groups tend to

have a disconnect, risk management is
one area that doesnt always get enough
attention. Risks are everywhere in the
business world, and they can negatively
impact companies in a variety of ways.
If companies really want to mitigate
risks and avoid major issues, then business and IT groups need to come together and communicate. The first step
in ensuring your company has the right
approach for viewing and managing
risk is to make sure employees in all departments understand what their roles
are in the process.
Michael Versace, global research director at IDC, stresses that companies
need to have a strong culture in tone,
from the top of the organization, on everyones role, which means that executives and members of the IT team need
to be on the same page and understand
that risk touches every part of the enterprise. You have to start by building
this strong risk culture because if it

doesnt exist, then whatever process,
procedure, or technology you use underneath that is fundamentally going to be
less successful, Versace explains.
Its important to point out that even
though this risk culture has to start from
the top, it shouldnt just be executives
pontificating risk from on high, says
Renee Murphy, senior analyst, security
and risk, at Forrester Research. She adds
that everybody should be contributing
to the risk portfolio rather than one
group being in charge of everything.
There has to be some kind of universal
definition for what risk is and what
constitutes risk, because it becomes a
problem when IT sees risk and security
differently than other parts of operations, Murphy adds.
To help solve this problem, Versace
says companies need to make information security a business quality priority
and understand that its not something that simply sits in technology.
Companies need to make sure that risk

is a priority and is included in every
single policy and process to minimize it
as much as possible. It also doesnt hurt
to start having regular conversations in
the organization to make sure everyone
is on the same page.
If you want everybody, at least in IT,
to understand risk and have a risk-aware
way of working, I think you have to put
committees together where youre all
sitting at the same level having the same
conversation about risk and how it applies to your downstream work, says
Murphy. You have a technical operations manager there. The CISO is there.
You have the help desk guys there. And
youre hashing out all the risks. Thats
a good way to get that started. You certainly cant do it by yourself in security
or operations.
Understanding Risk
Once conversations among the business and IT groups begin, you can
move on to establishing the definition
of risk and working to spread that idea
throughout the entire organization. The
first step, according to Versace, is to
understand that risk and security are
actually business issues and not software
or technology issues. For that reason, he
recommends that companies consider
moving security out of IT and making it
a function of the business instead. Using
this approach, the business can pinpoint
enterprise risks, and then IT can help
put software and technology in place to
minimize those risks.
Ultimately, the end responsibility
with incentives and compensation
models around it for security and risk,
have to be established at the line of business level, says Versace. These folks
have to have the ultimate endgame responsibility, and its their responsibility
really to bring development, operations,
and security together on solving those
problems for their products, services,
and ultimately the line of business that
they operate.
Versace also recommends that companies put business training programs
in place so their security and operations
[Companies need to make] information security a business quality priority. . . . Its not something that simply
sits in technology. Its something that must sit in the line
of business, and we see that. We see a whole bunch of
trends indicating how much more business is influential
in making technology decisions that relate to risk and
security. Organizationally and policy- and process-wise,
making these things a business responsibility, priority and
accountability with incentives is really important.
MICHAEL VERSACE
Global Research Director : IDC
staff can get a deep understanding of

the products, services, customers, competitors, and the market, in general.
Then, they can use training and educational resources to make sure everyone
is focused on protecting the business.
This can also lead to social collaboration programs where employees on the
business side and the IT side can communicate better and exchange ideas for
how to manage risk.
The Dangers Of Not Taking A

Risk-Based Approach
Without having a proper risk management strategy in place, you could be
opening your company up to dozens of
potential problems that will negatively
impact your business in different ways.
For example, Versace says perhaps the
most obvious and fundamental outcome
of not managing risk is financial loss,
whether thats loss of business, loss of
customer trust, inability to meet deadlines, or loss of position to competitors.
The idea of financial loss also leads
to potential loss of brand recognition
and trust. If someone decides to attack
your company and steal information,
you will end up losing reputation and
your brand could take a hit it wont be
able to come back from. Versace says
it can be so damaging to find yourself
on the front page of a newspaper for a
data breach that it may cause a significant loss of value for the company in
the market.
But in addition to financial loss and

a damaged reputation, you also have
to consider how a failure due to improper risk management will impact
your workforce. Organizations tend
to be less productive when there are a
lot of actions that have to be carried
out as a result of some failure in a risk
process, Versace explains. And thats
why its crucial that everyone within
an organization, regardless of position,
should constantly think about risk.
The whole concept of risk management is built on the idea that every
business decision you make, every
policy you put in place, and every solution you implement should be done
so as to mitigate risk in one way or
another. Even if you think about something as simple as setting up a phone
line, you put that technology in place
to avoid the risk of customers or clients not being able to reach you. It
sounds obvious, but not making risk
a part of doing business could make
you vulnerable to attacks, data loss, or
other security issues.
For example, Murphy says, if your
company is in the health care industry
and you dont have a DLP (data loss
prevention) system in place, you probably have leaks you dont know about.
Data loss doesnt always come in the
form of a virus stealing information or a
person hacking into your systems to see
sensitive data. It can sometimes happen
as a result of human error. Its really
47
Understand your role in the organization and leverage

roles where you dont have a lot of strength. Lets say I
have a risk program and I think its running pretty well,
but I want to monitor all of the remediation. You should
be tapping your audit department for that. They should be
telling you whether your risk is appropriate based on the
outcome of your remediation efforts. If youre not leveraging audit and operations, because they have a ton of data
you need, and youre not leveraging security, and youre
not all coming together to have that conversation about
risk, then youre not a risk-centric organization.
RENEE MURPHY
Senior Analyst, Security & Risk : Forrester Research
easy to email someones health information to the wrong person or to the right
person, but its not secured, Murphy
says. Thats why she recommends companies keep risk in mind, regardless of
project or process.
If youre not doing this to mitigate risk, why are you doing it then?
Murphy asks. The only reason you do
anything should be to mitigate risk. You
have a risk and you want to mitigate it,
so you create a control. Then, audit goes
in and tests that control to make sure
the mitigation works. If you ever have a
control that isnt tied back to a risk, you
are literally doing it for no reason, and
thats the danger of not taking a riskbased approach to security.
Technologies & Strategies

To Consider
After you have all of the policies and
concepts properly established, only
then can you start looking at the types
of technologies you can implement to
aid in the risk management process.
Murphy says that some companies use
survey tools to get feedback from employees as to what systems, processes, or
potential issues keep them up at night.
Theyll give you this litany of stuff
and you just throw it into a registry,
she says. And with that registry, you
can start pinpointing areas that require
48
attention and then start figuring out

what technology to use.
For example, if your company has
to consider regulatory compliance, you
might want to implement a GRC (governance, risk, and compliance) platform
that allows you to put all of that in
place, put workflow around it to resolve
it, and do incident management and
tracking through it, Murphy says. You
can also find GRC platforms that include financial transaction and security
transaction monitoring to get an even
more in-depth view of your organization
and potential risks. They can be specific
to industries, and there are some related
to healthcare and financial, and there
are others that are like a Swiss Army
knife that you can use for everything,
Murphy says.
However, its also important to remember that software doesnt solve everything. If you put risk management
systems in place, but you have no one
in-house who can validate or understand how to use them, youll be hardpressed to actually get anything useful
from them. Versace says that every company with a significant IT component
needs to have a strong QA (quality assurance) function and a set of structured
programming quality standards that
are evaluated, tested, and validated.
This means that when risk management
systems or any other solution throughout the organization are put in place,
they need to be checked for QA
throughout the development, testing,
and production processes, he says.
Versace stresses the importance of
including QA as a part of the business
continuity process as well, which can
also involve what happens when you
make changes to infrastructure. He says
you have to be able to evaluate how
changes to an operation or application or even to a significant business
process might impact the ability of the
firm to recover from a minor problem,
like a software or server failure or a
storage array running low on space, or
a major failure that could be related to
a major issue in the data center or loss
of power.
Communication Is Key
Although the strong risk-aware culture has to come from the top of the organization, there is also a huge amount
of responsibility on the security team
within an organization to properly communicate its concerns to executives.
Murphy says that too often executives in
companies are warned about security issues but because the warning isnt given
in business terms, it falls on deaf ears.
Its important that the security team
learns how to speak to the business and
that the business listen to what the security team has to say.
Even when you do bring them the
risks, if management doesnt have an
understanding, then that, to me, is
the biggest disconnect, says Murphy.
Once you understand the risk, you have
to understand how it actually feeds into
the corporate risk and figure out how
your security solutions and your security
risks impact that business. Then, he
adds, you can point it back to the business and have business conversations
with the rest of the world. You can have
your conversations about security and
technology internally, but the minute
you take that out of your own department, understand that you need to speak
in business risks, because technology
risks will never win the day.
Is Endpoint Encryption In Your Future?

LEARN WHATS INVOLVED IN ENCRYPTING LAPTOPS & MOBILE DEVICES
ENTERPRISES HAVE LONG employed

endpoint security for desktop and laptop
systems. Increasingly, though, CIOs and
security administrators are turning their
attention to securing the smartphones and
tablets their employees use to connect to
corporate networks and access company
data. This will likely continue as more enterprises embark on mobility initiatives;
implement BYOD (bring your own device) programs; and enlist cloud-based
applications that enable accessing data,
collaboration, and other functions that
help workers do their jobs.
One form of endpoint security more
enterprises are eyeing for all their endpoints is hardware- and software-based
encryption. As a case in point, ABI
Research in 2013 projected that the mobile
encryption software and services market
would hit $230 million by the end of that
year. At the time, ABI Research described
such services as growing dynamically with
the "saturation of cloud-based applications
and BYOD trends." As cybercriminals
increasingly target endpoints, endpoint

encryption will likely gain more momentum. The following explores the
concept of encrypting endpoints, cites
differences in encrypting desktops/laptops and mobile devices, notes the types
of companies that should more strongly
consider endpoint encryption, and more.
The Importance Of Encryption

Regulatory obligations are strong motivators for implementing endpoint encryption for many companies, including
those subject to HIPAA (Health Insurance
Portability and Accountability Act) regulations and that deal with PCI (Payment
Card Industry) data. More broadly, James
McCloskey, Info-Tech Research Group
director, advisory services for security
and risk, says companies that experience
a loss of personally identifiable customerrelated information have a duty to report
it to affected customers, and potentially
to law enforcement officials, if the data
lost wasnt encrypted. Thus, while a states
regulatory requirements regarding such

data may not require encryption, best
practices effectively lead you to a situation where encrypting endpoints that hold
that kind of information is really in your
best interest, he says.
Beyond regulatory requirements, companies also encrypt endpoints to protect
intellectual property. An engineering firm
that uses secret processes, for example,
doesnt want that information residing
unencrypted on a stolen laptop. For such
companies, deploying endpoint encryption ubiquitously throughout the workforce can make sense.
Notably, for organizations contemplating whether endpoint encryption is a
viable option, a key first step is getting a
firm grasp on the data it possess and what
value that data has. Not all data needs to
be encrypted, and encryption comes at a
cost, says Rob Bamforth, Quocirca principal analyst. Thus, he advises companies
to apply discrimination based on business
value and risk.
49
Not all data needs to be encrypted, and encryption

comes at a cost. Therefore, apply discrimination based
on business value and risk.
ROB BAMFORTH
Principal Analyst : Quocirca
The Approaches
Encryption in general can be classified
into hardware- and software-based categories. Michela Menting, ABI Research
practice director, says both are valid for
endpoints. The former includes hardwarebased full-disk encryption, something
common to desktops and laptops, and can
involve usage of external hardware such as
USB dongles or flash drives that essentially
contain a random number generator that
creates an encryption key. Hardware-based
encryption can be more efficient and uses
less power, but it is more expensive than
software-based encryption, Menting says.
Software-based data encryption doesnt
rely on external hardware and is typically
easier to implement. Further, the approach
enables protection of data in transit and
at rest. Yet, this can increase processor
overhead and reduce data-transfer times,
Menting says. Overall, while no encryption
technology is inherently more secure than
any other, Menting says, AES (Advanced
Encryption Standard) is currently considered the most secure cryptographic scheme.
Importantly, the security of an encryption
system relies just as much on the secrecy of
the key as on the algorithm, she says.
Where laptops are specifically concerned,
widespread enterprise encryption deployments once carried a considerable pain
factor in terms of long and involved installations. Self-encrypting solid-state hard drives
have greatly turned this on its head, reducing
encryption times down to a minimal state,
McCloskey says. Elsewhere, some organizations take advantage of embedded encryption technologies on laptopsBitLocker on
Windows systems and FileVault on Mac OS
X systemsto obtain encryption benefits,
though lack of manageability can be an issue.
To combat this, many organizations seek
out endpoint encryption solutions that add
a management element but also enable using
embedded technologies.
50
Endpoint encryption for mobile devices

is substantially different, McCloskey
says. Unlike full-disk encryption with laptops, typically MDM (mobile device management) or EMM (enterprise mobility
management) solutions are used to create
a container thats encrypted on the device.
An application using the container will
require additional authentication to access
the encrypted data. The approach isnt as
heavy-handed as full-disk encryption, as it
targets specific data, McCloskey says. For
example, an MDM solution might enforce
encryption on contact data in an email calendaring application or on data associated
with VPN (virtual private network) access
into the corporate network to access files.
In both cases, encryption is tied to specific
applications a worker will use.
McCloskey says Info-Tech is seeing interest developing among companies for
consolidated endpoint protection suites
that cover antivirus, anti-malware, host intrusion, host firewall abilities, and encryption. The concept is this approach gets
you down to having a single management
console associated with the security thats
deployed on those endpoints, he says.
Organizations with BYOD and mobility
programs should consider EMM/MDM
platforms as a tool for general policy, security enforcement, application delivery, and
encryption, he says.
The Market
Beyond health care companies and financial sectors, any organization dealing
with considerable personal identifiable
data is a good candidate for endpoint encryption. Insurance companies and some
educational entities where FERPA (Family
Educational Rights and Privacy Act) comes
into play are examples. McCloskey advises
organizations that deal with sensitive or
valuable IP (intellectual property) information to consider endpoint encryption
for at least a portion of the user base. That

said, while encrypting every laptop may
not be necessary, McCloskeys perspective
is that companies are better off deploying
encryption more broadly than missing
someone who has an unencrypted database or spreadsheet on his laptop that gets
stolen and creates a huge mess for the
organization.
Similarly, for companies with high
BYOD participation, imposing encryption
on every device may not be cost- or efforteffective. Key is targeting data, which may
possibly involve keeping critical data encrypted and separate via containerization,
which McCloskey says is still not as widely
known among IT as it should be.
Broadly, in addition to encryption
strength, cross-platform usability is in demand. Generally, organizations are seeking
solutions with minimal configuration requirements, ease of use, and simple management. Other features that add value include
protection for mobile devices and portable
storage media and an ability to shred original
files after theyve been encrypted.
To date, software-based encryption has
dominated the market due partially to lower
price points, Menting says, although increasingly cheaper hardware costs should lead to
more development of hardware-based encryption equipment. The competitive advantage for vendors of encryption software
lies essentially on the variety of features and
add-ons for the software, she says.
Vendors of software-based encryption
solutions are numerous and highly competitive, Menting says, with categorically
different vendors populating the lowerand higher-end markets. Open source,
freeware, and permissive license software
litter the lower-end market and compete
against similar low-cost, high-value offerings, she says. Standalone solutions are
particularly popular with SMBs (small and
midsize businesses). More comprehensive
software-based solutions, meanwhile, are
available for larger organizations in the
form of DLP (data loss prevention) and
key management offerings, Menting says.
Generally, the larger the organization, the
more data and users exist within it, and the
greater the demand for centralized management and authentication services.
When USB Devices Go Bad

AN OLD THREAT WITH A TWIST
YOUR COMPANYS IT STAFF is likely quite

diligent about running security scans and
working to prevent malicious software
from making its way onto local networks
and PCs. But when faced with sturdy front
door security, hackers have come up with
inventive back door attacks, such as using
malicious USB devices, routers, and other
hardware peripherals to load spyware and
viruses onto corporate networks. A USB
device, like many other peripheral devices,
has firmware that can be reprogrammed,
says Alan Tang, Info-Tech Research Group
director. A hacker can program a USB drive
with malicious commands and make the
USB device act as other devices, such as a
keyboard, network card, etc. With this in
mind, we look at how these attacks might
work and the ways in which they could affect
your business.
The USB Hack

Although cybercriminals have used USB
devices to deliver malware in the past, these
new methods of attacking devices could
be capable of much more, in terms of destruction. For years, hackers have used
infected USB drives to spread malware that
could execute on machines with AutoRun
enabled, says Chris Rodriguez, Frost &
Sullivan senior industry analyst, network
security. More recently, researchers
Karsten Nohl and Jakob Lell published research on USB firmware vulnerabilities that
could mean the risk is even steeper.
Nohl and Lell, both researchers at SR
Labs in Berlin, discovered that USB devices
can have several identities, which are indicated by descriptors in the code. Malware
installed in a USB devices firmware can
make the device appear as a different type
of USB device, which allows it to infect
multiple endpoints and gain root privileges
and spoof other devices.
Typically, an infected USB device can
send code both directions, from the USB
device to the PC and from PC to the USB
device, says Tang.
The most notable examples of USB drive
attacks, according to Tang, are BadUSB
and Cottonmouth. BadUSB, for instance,

overwrites a USB devices firmware to carry
out malicious tasks. Because security software doesnt check for malicious code on
the firmware, the spyware and viruses can
easily go undetected.
BadUSB is capable of stealing usernames
and passwords, controlling Web traffic
on your network (enabling redirection attacks), and installing a new BIOS. Tang
adds that a disguised network card may
cause connected computers to connect to
malicious sites impersonating trusted destinations." Tang explains that some drive
attacks may transform a USB drive "into a
keyboard that opens a command window
on an attached computer and enters commands that cause it to download and install
malicious software.
A Universal Attack
These types of hardware-based attacks arent dependent on a PC running
a particular OS (operating system) or
application. Since the infection is rooted
51
from the firmware level, the malicious USB

drives are communicating with the OS
from lower-level device drivers," says Tang.
Basically, as long as the OS is capable or
designed to recognize and manage USB
drives, it is subject to these types of attacks.
Behavioral security software also may not
detect malware, because the infection could
change the USB device type and it would
appear as if someone had just plugged into
a new device.
Cybercriminals could use most any
USB-based device to create the attack, because USB devices all share similar types of
firmware. That means a Webcam, printer,
smartphone, or tablet could also be used to
infiltrate the corporate network. Android
phones have already been demonstrated
to be used to launch these types of USB
drive attacks, says Tang. Even worse, malware might be able to use peripherals and
other USB devices to hide from security
software. For instance, while you antivirus
program might remove the digital infection from your PC, the USB devices will reinstall the malware when your PC reboots.
Risks Everywhere
If a USB device, including a mouse or
external hard drive, could hide malware,
how do you go about protecting your business and local network? You wont' find the
answer with your current security software.
Generally speaking, traditional security
approaches won't work because the malware resides in the firmware that controls
the sticks basic functions and the malicious code is invisible to conventional security tools, say Tang. Even if you had
tools that could identify the code, reformatting a BadUSB-infected stick wont fix
the problem, because, as Tang mentions,
the malware is in the devices firmware.
To protect your business and networks,
youll want to make certain that employees
never use any unsecured USB drives.
However, this might be harder than you
think. As Rodriguez explains, Penetration
testers tell stories of leaving USB drives in
common areas, on desks, or even laying
in a parking lot. Inevitably, someone will
come along and pick up the USB drive and
plug it into their work machines and personal computers.
52
A malicious hacker can program a USB drive with malicious commands and make the USB device act as other
devices such as a keyboard, network card, etc.
ALAN TANG
Director In Security Infrastructure : Info-Tech Research Group
USB ports on POS systems are frequently targeted to

great effect. Hackers could also offer low level and temporary employees thousands of dollars to connect a USB
drive with carefully crafted malware into a POS system.
That is all it takes.
CHRIS RODRIGUEZ
Network Security Senior Industry Analyst : Frost & Sullivan
Possible Solutions
Due to the challenges involved in detecting the firmware level code, youd need
advanced forensic methods for examining
devices. This type of deep scanning might
be difficult to achieve. In order to detect
hardware-level USB drive hacks, security
software vendors need the specific API
[application program interface] to access
to the firmware, which may be unique to
each manufacturer, says Tang. At this
point of time, it is almost impractical for
USB drive vendors to open their APIs to
other partners.
Multiple layers of security can help to
prevent any serious breaches. Businesses
should have plans to migrate to NGFW
(next-generation firewalls), which include
integrated threat detection capability, says
Rodriguez, who also notes that a UTM (unified threat management) solution "provides
a NGFW, plus a range of additional capabilities, such as content security, intrusion
prevention, gateway AV, and data leakage
prevention. NAC (network access control)
tools can also help to block network-based
USB device attacks.
What might be more practical is something thats already in place in most
modern OSes. Code signing is a common
countermeasure from the operating system
side to stop the unauthorized modification of firmware, says Tang. Microsofts
WHQL program uses a type of signing
that will ensure that firmware has not been
changed. However, the code signing will

make it more expensive for USB device
manufacturers to create the trusted USB
device, so not all manufacturers will use
the WHQL program.
USB device vendors may also be able
to do other things to resolve the issue.
According to Tang, They should be
building security into their devices to prevent unauthorized parties from updating
USB drive firmware. This type of block
would easily defend against the BadUSB
type of attacks.
Likelihood Of Attack
Despite the difficult-to-prevent nature
of USB device attacks, hardware exploits
are not the easiest path for a cybercriminal to take. For example, its not a simple
matter to reprogram firmware. Secondly,
hackers would need to find a way of getting
the USB devices into the intended targets
hands. The extra effort required makes
the hardware attacks an unlikely way to
target anyone but very large businesses or
high-value marks. Traditional methods of
attack are much easier for cybercriminals.
Still, it helps to be mindful of the risks.
USB ports on POS [point of sale] systems
are frequently targeted to great effect,
says Rodriguez. Hackers could also offer
low level and temporary employees thousands of dollars to connect a USB drive
with carefully crafted malware into a POS
system. That is all it takes.
GO DEEP
If quality time with the latest, fastest home computing technologies is your
idea of well-spent leisure time, CPU is the magazine for you. Each month CPU
serves up how-to articles, interviews with tech industry leaders, news about
cutting-edge research, and reviews of the newest hardware and software.
Check out the latest edition right

now at www.computerpoweruser.com
or on your iPad via the iTunes Store.
Storage Management
WHEN EVERYTHING IS COMPUTERIZED, STORAGE IS MORE CRUCIAL THAN YOU MIGHT THINK
KEY POINTS
Todays IT personnel must deal
with an ever-increasing influx of
data and storage-consuming apps
while continuing to manage the
data thats already stored in-house.
Poor storage management can
result in various negative impacts on
a business, including applications
running slower or stopping entirely.
Storage management involves
making decisions about what types
of data are (and arent) good candidates for cloud storage.
Organizations that decide to
migrate data from one storage
method to another should anticipate
potentially lengthy data migrations
and multiple potential impacts on
the business.
54
ITS COMMON KNOWLEDGE organizations are generating and storing more

data than ever, and storage is becoming
more affordable. It would seem companies could just keep adding storage
to handle their expanding data stores.
Dig deeper, though, and youll find
that storage isnt as cheap as its often
perceived to be, particularly when you
factor in expenses for the software and
infrastructure required to manage and
house the data.
Theres also the matter of managing
the storage thats already in-house,
which for IT personnel means constantly assessing hardware and processes that could pose problems down
the road if they become too outdated.
For these reasons and others, good
storage management is an essential part
of keeping a business technologically
afloat. For some executives, the traits,
tools, and decisions that comprise good
storage management arent entirely
clear, nor are the negative outcomes to
the business that poor storage management can lead to. This article explores
those concepts.
The Technicalities
Storage influences all aspects of an organization. Storage underpins all your
applications, housing the data required
to keep the lights on, bill customers,
pay employees, and keep store shelves
stocked, says Terri McClure, Enterprise
Strategy Group senior analyst. Weve
computerized everything, and it all depends on data being available to run.
Generally speaking, executing good
storage management ensures systems
are healthy and performing and that
theres enough space to store all data.
Failing at these tasks can result in
applications running slower or stopping, which in turn, depending on
the application, can cause an immediate negative impact on business. If
an application runs out of addressable
storage capacity, for example, it cant
Storage underpins all your applications, housing the

data required to keep the lights on, bill customers, pay
employees, and keep store shelves stocked. Weve computerized everything, and it all depends on data
being available to run.
TERRI MCCLURE
Senior Analyst : Enterprise Strategy Group
commit changes or updates. Prior to

this, says Laura DuBois, program vice
president for IDCs storage practice, an
applications performance will begin to
degrade, taking a long time to run processes and delaying processing requests.
This impacts user productivity and potentially larger business processes such
as order-taking and customer service.
The tools IT personnel use to monitor and manage data and storage can
range from simple operating systembased functions that list directories
and capacities to purpose-built management tools tied to a particular
storage system or management software
package, says James Bagley, SSG-Now
senior analyst. Traits of good storage
management, meanwhile, generally include having complete knowledge of
what data the organization has, what
purpose the data serves, and where that
data should reside.
Other desirable traits include having
a full set of policies around how the organization captures and manages data,
such as knowing what storage is in use,
whats available, and whats unallocated. They understand the headroom
they have before they need to purchase
more capacity, DuBois says. Other
common characteristics include using
storage-efficiency tools (deduplication,
compression, etc.) to reduce storage
demands and employing good capacity
planning and troubleshooting processes to identify storage issues (system
health, performance, etc.) before they
lead to downtime.
Often, larger organizations have a
dedicated storage team well-versed in
storage technologies. McClure says
such teams understand how to leverage
storage as a competitive advantage,

regarding storage as something strategic vs. an afterthought or necessary
evil, McClure says. An alternative is
contracting with a managed service
manager, says Bagley, which tends to
work well for up to midsized organizations where architectural decisions,
such as server virtualization and shared
storage systems, will drive the level of
attention to storage management.
IT Issues
Largely due to data growth, storage
management has become more difficult
for IT. Finance, budget, and other constraints dont help. Storage now takes up
a larger piece of overall IT, DuBois says.
Storage infrastructure is growing, but
the [number of] people to manage the
storage is not growing.
Although the cost of storage hardware is continually falling, another hard
truth is that the price of software for
managing storage isnt dropping as fast,
says Clive Longbottom, analyst and
Quocirca founder. Power, cooling, and
real estate costs are also rising. Such realities can make it necessary to use data
management techniques such as deduplication even at the file level in order to
reduce actual required storage volumes,
he says.
A business perception that storage
is cheap, however, can hinder the implementation of efficiency strategies,
Longbottom says. Asking businesses to
come up with solid policies on data
taxonomy and classification, along with
retention schedules, isnt easy, he says.
Its far easier for them to just say, Buy
more storage and store everything.
Storing everything, though, slows data
analysis and getting the right data to the

right person at the right time, making
it more difficult and expensive to make
informed decisions.
For organizations saddled with older
storage arrays, meanwhile, speed and
energy can pose problems. Also, spinning disks can have a nasty end-oflife habit, Longbottom says, and drive
failures in an array can prove expensive
at the business level. IT can cascade arraysmove a previously high-performance array to a lower tier when a new
model is adoptedthough its key that
IT ensure business-critical data is in the
right place on the right type of storage
system to ensure data availability and
business continuity, he says.
The worst-case scenario is a proverbial fork-lift replacement of a storage
system, Bagley says, due to the expenses,
lead time, and downtime involved.
Positively, some options, such as storage
virtualization, provide the means to use
existing equipment and add new equipment the virtualization system manages,
mitigating headaches, he says.
Storage managers, says McClure,
need to understand how virtualization and mobile computing impact
the storage environment, and how
the storage environment may need
to change to meet these new requirements. This could require cross
training and even collapsing the organization to create teams that understand more of the virtual stack and
virtual machine-storage relationships.
Additionally, storage managers might
need to work more closely with mobility
and security teams, which they traditionally havent done.
Time For a Change

Ultimately, some organizations
will decide that changing storage
methods is appropriate. For example,
server sprawl can drive companies
from a basic file server architecture to
a shared SAN (storage area network)
or NAS (network attached storage)
system, Bagley says. Indications that
a change is needed include current
storage methods impacting availability,
55
performance, and recovery, which can

have financial or operational implications, DuBois says. McClure says three
vectors taken together will dictate a
change is needed: understanding application requirements and data growth
potential, data governance issues, and
advances in storage technology; understanding how to best serve application
requirements while protecting corporate data; and ensuring compliance
mandates are met.
Switching storage methods isnt an
easy decision, Longbottom says. Were
at a tipping point in storage mechanisms.
Previously, advances were small. Now,
we have the massive impact of flashbased storage, he says, which promises
latency, power usage, and other benefits.
Highly time-dependent data sets should
be already moving toward flash, he says.
Over time, all online storage workloads
will likely follow. Currently, he says, not
all flash [storage] is equal, so the choice
of workloads must be driven by business
need, not just a feeling that flash is the
way forward.
Increasingly, storage management
also involves major decisions around
cloud computing, including determining which types of data/storage are
Storage now takes up a larger piece of overall IT. Storage

infrastructure is growing, but the [number of] people to
manage the storage is not growing.
LAURA DUBOIS
Program Vice President, Storage : IDC
need to access data from multiple devices

and enable faster and better sharing and
collaboration, she says.
For data types other than backups
and archives, Longbottom believes the
cloud decision depends on how an application is architected. For example,
having an application housed one place
but its data in another could be asking
for problems concerning performance,
he says. Similarly, simply moving most
of an organizations data to the cloud
may not make sense for reasons concerning data control, security, and
costs. Despite the buzz, cloud isnt always the cheapest route, DuBois says.
Many firms started with cloud, and
then due to ongoing costs as the scale
of data grew and ingress and egress
charges applied, it became too costly to
maintain data/workload in the cloud.
McClure says recent Enterprise
Strategy Group research shows 90% of
IF AN ORGANIZATION DECIDES TO MOVE TO

A NEW STORAGE METHOD, MIGRATING DATA
TO THE NEW SYSTEM CAN BE A LENGTHY,
ARDUOUS PROCESS THAT ENTAILS MONTHS
OF PLANNING AND PROJECT MANAGEMENT
BEFOREHAND.
well-suited to move to the cloud. Solid
options generally include second-tier
storage and archive and backup data,
Bagley says. McClure says the first big
move to the cloud was for backup/data
protection, or data organizations dont
need to access quickly or frequently.
Rarely accessed data also makes sense
because cloud providers charge for data
ingest and retrieval and capacity, she
says. More recently, theres been a focus
on file data and a move to SaaS (software
as a service) applications to support a
56
responding organizations have some

type of data they prohibit from cloud
storage due to reasons related to concerns about hackers, how data is
protected, where its stored, and compliance. The latter is a big issue, she
says, as many countries have rules regarding where certain types of information can be stored. Another detractor
is the possibility of a cloud provider
going bust. Then who owns your data?
Longbottom says. It may be simple
to say the customer does, but it will be
residing on hardware that belongs to

a third partyin this case, possibly an
administration company brought in to
maximize returns to creditors.
The Great Migration

If an organization decides to move to
a new storage method, migrating data
to the new system can be a lengthy, arduous process that entails months of
planning and project management beforehand. An organization McClure recently spoke with, for example, was 18
months into a storage migration that
entailed migrating Tier 1 apps to a new
storage platform. Of course, the pain
depends on the amount of data being
moved and whether or not it needs to
be available during migration, she says.
As Longbottom says, if all you have is
1 bit of data, then its almost instantaneous. If a few zettabytes, then expect a
few years.
Factors affecting the length of migration include whether it will occur over
LAN (local-area network) or WAN
(wide-area network), whether an intermediary data storage device is used to
help move data when a WAN is involved,
whether data is file- or object-based, and
whether there will be additional needs in
synchronizing ongoing transactional data
thats created between the start of the
move and initial completion.
McClure says some cloud providers
let organizations send a shelf of disk
drives containing data to seed the cloud
to avoid migrating data over the wire.
Other providers can help map and
model file migrations and ensure all the
file structures migrate over properly,
she says. But in a file world, you need
to make sure that user permissions, data
protection relationships, and things
like that get carried over. It can get
pretty complex.
Help I.T. stay on pace with the
SPEED OF CHANGE
You use CyberTrend
to keep tabs on the latest
business technology trends.

IT and data center leaders turn
to Processor to learn more about
the products and technologies
that impact organizations
at their core.
Processor is a leading trade publication
.COM
Get the latest issue right now
online at www.processor.com
or on your iPad via the iTunes Store.
that provides the news, product information,

and technology advice that IT leaders and
data center employees can trust.
THE LATEST PREMIUM ELECTRONICS
Thin & Light For Traveling With The Cloud

WWW.ASUS.COM
Sometimes a fully decked-out Windows laptop is more than what you need for on-the-go fun and productivity, but a smaller mobile device lacks the screen size you'd prefer, not to mention a keyboard you can actually type on. The 20mm-thick Chromebook
C300 ($249) from Asus fills the gap, providing the familiarity of a small laptop with a 12-inch screen and a battery that runs up
to 10 hours on a charge, but without the bulk. Because the C300 uses Wi-Fi (802.11ac) and runs Google's Chrome OS, it's wellsuited for working with a host of cloud services, including online storage, all via Android-like Google apps. Additional Chromebook
C300 features include Bluetooth 4.0 as well as HDMI, USB 2.0, and USB 3.0 ports.
58
Add A Mic To Your

Favorite Headphones
WWW.MODMIC.COM
If you really love your headphones, perhaps because theyre a premium set with
unbeatable audio, chances are you dont
want to slip into a cheap headset whenever
you need a microphone. Wouldnt it be
a genius if there were a microphone you
could simply attach to your favorite pair of
headphones? AntLion Audio thought so,
too. The companys ModMic ($49.95) is a
kit that includes a boom microphone with
10-foot cable, base clasps, an extra 3M
pad (in the event youd need to reattach a
clasp), carrying case (black to match the
mic and cables), and other necessities.
Simply attach the mic, plug it in to a standard 3.5mm audio jack, and youre ready to
use your headphones as a headset.
The Ultimate
Audio Upgrade
WWW.CREATIVE.COM
If you prefer your digital audio to sound
bigger, bolder, and more refined than
what the typical computer, audio player, or
gaming system provides, the Sound Blaster
X7 ($399.99) from Creative offers an impressive upgrade. The latest in Creative's
Sound Blaster line of audiophile-grade
amplifiers, the X7 connects to a computer
or other device and delivers sound to
whatever you want to attach to it, whether
you plug in your favorite headphones or
speakers, or stream audio wirelessly via
the X7's Bluetooth 4.1 capability with aptX
Low Latency and AAC codec support. The
X7, which also acts as a Dolby Digital 5.1
decoder, is ideal for enhancing shelf-style
speakers in small spaces.
59
Images, clockwise from top left, courtesy of Apple (1), Samsung (2), Sony (3), Microsoft (4, 5), and BlackBerry (6)
Smartphone Tips
LOADS OF QUICK ADVICE FOR GETTING MORE OUT OF YOUR SMARTPHONE
BLACKBERRY
Get Driving Advice
On Your BlackBerry
If youre using the Map app to find
your destination on a BlackBerry 10
smartphone, with a few more taps on
the screen you can also get turn-byturn directions and other advice for
the drive. If you can see your destination on the map, you have undoubtedly
already established a GPS connection.
Now, tap the pin marking your destination, tap the Location icon (triangle
pointing upward), and then tap the
location icon again to start turn-byturn directions. You can toggle spoken
directions on and off by tapping the
speaker icon. Tap the X icon at any
point to turn off turn-by-turn directions. While youre driving, you can
tap the List icon to see the directions in
list form.
60
Manage Connections When Traveling

When youre traveling to an area in which your cellular data plan does not
support coverage, especially abroad, its a good idea to take your BlackBerry
offline. The easiest way to do this, rather than simply shutting the BlackBerry
off, is to scroll to and select the Manage Connections icon from the Home
Screen, select Mobile Network Options, select Data Services, and then turn off
Data Services entirely or set When Roaming to Off.
Keep It Cool
The lithium-ion batteries used in mobile devices such as BlackBerry smartphones retain more capacity over time if they are kept cool. Precise capacity
loss varies depending on multiple factors, including how frequently the battery is charged and what level of charge is maintained, but it is generally the
case that devices stored with 100% charge at 32 degrees Fahrenheit (0 degrees
Celsius) will lose roughly 6% capacity per year, while those stored at 77 F (25
C) will lose around 20% capacity per year, and those stored at 104 F (40 C) will
lose about a third of their capacity per year. Storing batteries at a lower charge
(generally between 40% and 60%) reduces capacity loss, especially when using
the device in hotter temperatures.
ANDROID
Avoid Storage Woes
Stop Background Cellular Data Usage
Running out of storage capacity is

easy to do if you store a lot of files
(particularly photos, videos, or other
large files) on your Android smartphones internal memory when a
larger-capacity memory card is available. To verify the default storage location for multimedia files, open the
Camera app, tap Settings, scroll to find
Storage, tap it, and make sure the appropriate storage location is selected:
Device or Memory Card.
One quick way to reduce your Android smartphones cellular data usage and
battery consumption, which can be particularly useful when traveling, is to
stop apps from using cellular data in the background when a Wi-Fi connection
isnt available. Doing this can cause apps that rely on background data usage to
malfunction, but does not impact how apps behave when youre actively using
them. On the Home screen, tap Apps and then tap Settings and Data Usage.
Tap the Menu icon
and then tap Restrict
Background Data to
select it. A pop-up box
will caution that apps
performance might be
affected; tap OK to continue. You can more
carefully control how
apps use data connections by adjusting the
settings within each
app, but stopping background cellular data
usage is an easy way
to turn off such usage
across all apps, and its
Restricting the background use of cellular data affects all apps, but is a
quick and easy way to control data usage.
just as easy to turn this
setting off again.
Take Front & Back Photos

If your Android smartphone is
equipped with Dual Camera functionality, you can take a photo from both
your front- and rear-facing cameras
simultaneously. Open the Camera app,
tap the Mode button, and select Dual
Camera to enable this mode, and then
take a photo as you normally would.
Then, if you like, you can touch and
hold the resulting photo and drag the
corners as appropriate until the photo
is resized.
Website Bookmarks
& Saved Pages
The Android operating systems
browser distinguishes between website
bookmarks, which are links to specific
Internet locations and operate the same
way they do on desktop browsers, and
saved pages, which are Web pages saved
to your smartphone for future reference. When you are using your mobile browser, tap the Bookmarks icon to
create a bookmark for the page youre
currently visiting, or tap the Menu icon
and Save Page to save the current Web
page for reading later on. Links at the
top of the browser screenBookmarks,
History, Saved Pagesoffer quick access to these items.
Empty The Web Browsing Cache

Just as your desktop computers Web browsers collect and store all sorts of informationbrowsing history, website cookies, online form data, usernames and
passwordsyour Android smartphones Web browser hangs on to the same kinds
of data. Although the data your mobile browser amasses isnt likely to impinge on
your smartphones storage space, it affects the performance of the browser itself.
On the positive side, the things it remembers (website visits, passwords, etc.) can
be helpful, saving you some time when you use the Internet. On the negative side,
the browser might be holding on to passwords, form information, and cookies
you dont want to be stored on your phone. To clear the browsers cache, tap Apps
on your phones Home screen, and then tap Internet, the Menu icon, Settings,
Privacy, and Delete Personal Data. Tap Cookies And Site Data to select it and then
tap Done.
Unlike bookmarks, saved pages in Androids browser are Web pages saved to your smartphone.
61
I OS
Brighten Your Alerts
Format Text In The Notes App
Depending on your iPhones settings

and whether or not the volume switch is
on or off, you may receive an alert tone or
your iPhone may vibrate when a new alert
appears. If you like, you can also make
the phone flash its light as an alert indicator. Access Settings, tap General, tap
Accessibility, and switch on LED Flash
For Alerts.
The iPhones built-in Notes app may seem fairly, ah, one-note in terms of the
way text appears on-screen. You cant, for example, add true indentations or
bullet points (although you can make your own bullet points using dot symbols).
And recent iOS versions dont even allow you to change the font. However, the
Notes app includes features that let you do a little more with text. Tap any word
twice and the Cut/Copy/Paste menu appears. Tap the right arrow icon on the
right of this menu to access formatting options, and tap BIU to change
formatting for the selected word to
bold, italicized, or underlined. There
is also a Define option in case you
would like to look up the dictionary
definition for the word.
Your iPhone, On The Level

You might not be aware that you can
use your iPhone as a level. To access this
feature, open the built-in Compass app,
calibrate the compass if prompted, and
then swipe to the left. Doing this displays
the level screen, which you can use by
either placing the iPhone flat on its back
or on its side (as long as it isnt enclosed
in a case with curved edges). Swipe to the
right to return to the compass.
Dont Tap-Tap-Tap
Your Photo Button
Why tap away repeatedly at the
iPhone cameras photo-taking
button when you can simply use
Burst mode instead? To use this
mode, open the Camera app and
press and hold the button. The app
will then start snapping at a rate of
10 photos per second. A counter
above the button displays the
number of photos taken. Be forewarned, the app will continue to take
photos at this rate until you release
the button.
The iPhones Notes app is basic, but it does include a few

text formatting options.
Change Your Default Safari

Search Engine
When you first get a new iPhone, the default search engine for the Safari mobile
Web browser is Google. You can, however, change the search provider to Yahoo!,
Bing, or DuckDuckGo if you like. To do this, access your iPhones Settings, tap
Safari, tap Search Engine, and then tap your search provider of choice. Changing
these settings doesnt affect other browsers you may have installed.
So When Did You Send That Text Message?
Did you know you can turn your iPhone into a level?
62
Recent versions of iOS have eliminated the persistent time stamp alongside
texts in the Messages app, but that doesnt mean time stamps have gone away
completely. With a string of texts open in the Messages app, swipe to the left and
dont let go to reveal the dates and times that messages were sent and received.
WINDOWS PHONE
Take A Screen Shot
Stop Apps From Running In The Background
Whether youd like to keep a snapshot

of a particular map view for future reference, visually document an error message, or capture an image of anything
else displayed on your Windows Phone
smartphone that you might want later,
you can take a screen shot of it. Press and
briefly hold the Power button and the
Volume Up button simultaneously (on
some models the right combination is the
Power and Volume Down buttons), and
your phone will take a screen shot. By default, newly taken screen shots are stored
in a dedicated Screenshots album.
If there are any apps on your Windows Phone smartphone that youve used recently but arent using currently, theres a good chance those apps are running in the
background and consuming some of your phones resources. To stop an app from
running, access Settings, tap Apps, swipe to view the All tab, find the app, tap it, and
then tap Disable. Repeat these actions for every app you wish to shut down.
Wait, Theres More

When, using your Windows Phone
smartphone, you swipe down to reveal
the Notifications widget, be sure to look
for any arrows pointing to the right. If
one displays, this indicates there are additional notifications. Tap an arrow to
view more.
Add Notifications
If you have any installed Windows
Phone apps that could provide you with
notifications but dont, check the notifications settings for those apps. Access
Settings, tap Notifications + Actions, select an app, and toggle Show In Action
Center to the On position to enable notifications for that app.
Reconnect With Your Vehicles Bluetooth

Ordinarily, after you set up Bluetooth pairing between your Windows Phone
smartphone and your vehicles Bluetooth system, the phone and car should connect automatically every
time they are on and
within close proximity.
Sometimes, however, the
pairing can falter. To get
your smartphone and car
reconnected, access your
phones Settings, swipe
until System is displayed,
tap Bluetooth, move
the Bluetooth switch to
the On position, ensure
that both the phone and
the vehicles Bluetooth
system are discoverable,
tap the vehicle identifier
on the Bluetooth screen,
If automatic pairing fails, re-establish the connection between your
and follow the on-screen
Windows Phone smartphone and your vehicles Bluetooth system.
prompts.
Swipe To Type
A feature new to Windows Phone 8 enables you to type by moving your finger
from one letter to the next on your phones on-screen keyboard. Microsoft calls this
shape writing because the words take shape as you move your finger about the
keyboard. Android users will find this feature familiar as it is standard on Android
phones; it is not, however, a built-in feature of BlackBerrys and iPhones.
Manage Notifications
To gain control over the ways in which
notifications appear on your Windows
Phone smartphone, access Settings, tap
Notifications + Actions, and select an
app from the list to change its notifications settings. You can, for example, tap
Notification Sound to change the sound
associated with that apps notifications.
Do Not Disturb
Sometimes its nice to be left alone. As with other mobile operating systems,
Windows Phone 8 includes a feature that lets you silence calls and notifications.
Microsoft calls its version Quiet Hours. To turn on Quiet Hours, press Search
(which brings you to Cortana if enabled), tap Cortanas Notebook, tap Quiet Hours,
and slide the Right Now toggle to the On position. On this same screen, you can
switch on Automatic Rules to schedule specific times for Quiet Hours to take effect.
63
Ofce In The Cloud

LEVERAGE THE WEB
JUST AS THERE ARE NOW virtual or

cloud-based versions of software and
storage solutions that used to be firmly
entrenched in physical servers and desktops, there are now Web versions of
Microsofts widely used Office products.
Word, Excel, and other Office programs
are included in a hosted service called
Office 365 (office365.microsoft.com). But
as familiar as you may be with the functionality of traditional Office products,
there are plenty of new capabilities, features, and collaborative possibilities to
explore in the Web-based version. We
offer some practical tips and how-to steps
that will help you advance from novice to
experienced Office 365 user.
Customize Your Public Website

If your company uses SharePoint
Online, you can update or add pages to
your Public Website whether you are
in the office or on the road. Click the
Page tab and select Edit to start making
changes to an existing pagesay, to add
64
new information and photos for a new

product, update a schedule, or post to
a blog. Use the Page tab to change layouts, the Insert tab to add content, or
the Format Text tab to work with text.
Or click the Page tab and select New
to create an entirely new page for the
Public Website.
Create Personal &

Team Websites
When you become an Office 365 user,
you can activate a My Site website where
you can manage and share docs hosted
by SharePoint Online. A similar feature
exists for team project management in
the Team Site, where you can create a
Team Site for syncing calendars, developing projects, and working offline. To
start a team-accessible home base site

in SharePoint, go to the Site Actions
menu, choose New Site, and then click
the Featured Items or Browse All tab.
Assign your team site a URL and title and
click Create.
Add Shared & Private Notes

During A Lync Meeting
Many times the records, lists, and
important items you save in OneNote
(Microsofts digital note-taking software)
turn into meeting agendas and tasks for
colleagues, so its convenient that Lync
lets you save private notes or share notes
for collaborative discussions. To start a
note during an in-session Lync meeting,
click the OneNote tab in the conversations
window after you pause the presentation.
IF YOUR COMPANY USES SHAREPOINT ONLINE,

YOU CAN UPDATE OR ADD PAGES TO YOUR
PUBLIC WEBSITE WHETHER YOURE IN THE
OFFICE OR ON THE ROAD.
Then select My Notes to start typing private notes or click Share Notes and choose
a section for note-taking.
in this way requires that the corresponding Microsoft Web App (Word, Excel,
PowerPoint, or OneNote) is installed.
Share A Presentation
Share Your Calendar
Lync not only lets you share your

Desktop, a program window, a whiteboard, or a poll, but it also lets you share
PowerPoint presentations. When you start
an IM (instant message) conversation,
Office 365 Outlook includes calendar

sharing options that let you select a contact or group of people who may access
your schedule. You can do so by entering
the Calendar view, clicking Share, and
THE LYNC APP IS AVAILABLE FOR A VARIETY

OF MOBILE PLATFORMS AND PROVIDES YOU
WITH CAPABILITIES SIMILAR TO THOSE OF THE
DESKTOP VERSION.
click the Share drop-down menu and select the PowerPoint Presentation option.
After the presentation uploads, you can
enable restrictions, such as who can enter
the presentation, who presents, and who is
allowed to annotate the presentation.
Send Documents Via Instant

Message
There are two ways to send a document as an attachment using Lync:
from the document itself or through
an open IM window. Within the document you intend to send, click File, click
Save & Send, and then select Send By
Instant Message. In the Address Book
window add the recipient names in the
To field, and then make sure you can
see the attachment in the IM window.
Alternatively, you can start an IM conversation with a recipient, click the paper
clip icon (for sending attachments),
choose a file, click Open, select the item
you intend to share, and send.
choosing Share This Calendar. Next, insert the individual or group who will receive the shared calendar.
Stay In Touch With Colleagues

Via Mobile App
If your company uses Microsoft Lync,
try the mobile app when youre away
from the office. The Lync app is available for a variety of mobile platforms and
provides you with capabilities similar to
those of the desktop version. Log in and
start connecting with colleagues directly
via IM, or use the app to place calls, start
an email message, or participate in a videoconference. As with the desktop Lync,
you can use the app to let others know
your present availability, as well.
Use Your Mobile Device

To Share Docs
Microsoft recommends two sharing
methods from mobile: sharing with recipients you invite to your site and
sharing via a guest link. Both methods
may require you to switch from mobile to
PC view through the Settings menu. To
share with site invitees, tap More in the
document library, then tap Share. Next,
type the appropriate names or email
addresses of those with whom youre
sharing the doc. Next, select Can Edit
or Can View; check the Require Sign-In
box. If you would like to add a message,
choose Show Options and tap Send An
Email Invitation. If you opt to send a
guest link, simply uncheck the Require
Sign-In check box.
Record Collaboration Sessions

Using Lync
Lync helps you document current
multiuser conversations, calls, and meetings so you can easily reference pivotal
conversations. To do this while youre
in Lync, direct your pointer to the conversation window and click the More
Options menu (two arrows on the right
side of the window). Next, click Start
Recording. You can access saved recordings by navigating to the Microsoft Lync
Recording Manager. Click Start, select
All Programs, and then click Microsoft
Lync. Open the Manager and choose
your preferred recording.
Edit Or View Docs In Real Time

Another advantage of SharePoint is
the ability for multiple users to work in
the same documents simultaneously. To
access a document thats available for
team editing, find the document link in
your SharePoint websites document library, hover over and click the arrow
(if youre asked to select Read Only or
Edit), and choose View In Browser or
Edit In Browser. Accessing documents
There are plenty of helpful features built into Office 365 to keep you organized. For example, you can customize your
Outlook calendar Web app as you plan meetings and work toward deadlines.
65
Isolate Malware
HOW TO COMBAT ATTACKS
AN UNFORTUNATE FACT about using

an Internet-connected computer these
days, whether it is a personal or company-issued notebook, is the constant
threat of malware infection. Even when
taking preemptive action to combat
malware attacks, theres a fair chance
one will eventually hit your notebook
anyway, if for no other reason than
the sheer volume of malware that attackers introduce daily. Frighteningly,
a leading security software maker reportedly gathered 15 million new malware samples between April and June
2014 alone. Of this number, Trojan
horses accounted for 58.2% of all newly
detected malware threats and were responsible for 62.8% of all global computer infections.
Whats startling is that these attacks
included zero-day threats in which, as
the name suggests, zero days expire
between when a given vulnerability is
discovered and when attackers release
malware targeting the vulnerability.
66
With malware being so prevalent and

persistent, a large part of combatting
it is being able to recognize signs that
a system may be infected and then
knowing how to troubleshoot the
problem. Also important is what security tools are available to detect, protect
against, and remove malware. The following details these issues and others
for notebook business users.
The Warning Signs

Although new malware variants are
constantly being developed and released, malware is generally categorized into several common groups,
including viruses, worms, rootkits,
spyware, Trojans, keyloggers, adware,
and ransomware. What these groups
have in common is an aim to infect
a users notebook to steal personal
or company information, hijack the
system outright, or cause other types
of damage. Malware infections can
transpire in numerous ways, including
when you visit an infected website, install software or an app with malware
hiding inside, click links or open attachments in email, or insert an infected USB thumb drive.
Though warning signs that malware
may be present can differ depending
on the malware type, there are some
primary indicators to look for. Michela
Menting, ABI Research practice director, says the most common include
applications and programs running noticeably more slowly, slower Internet
performance, and data or files that
are unexpectedly deleted or altered.
A notebook running more slowly, for
example, could indicate malware is
stealing computing resources to fuel
whatever activity the malware was designed to execute, such as hijacking
the system to help generate and spread
spam to other systems.
Some specific examples of changes
in notebook performance to watch out
for include programs, files, and folders
that take longer to open or that dont

open at all and the notebook taking
exceedingly long to shut down or not
shut down at all. Menting says an easy
way to check for system performance
issues on Windows notebooks is to
look at the processes running in the
Task Manager and pay particular attention to memory or CPU resources.
If users regularly check the Task
Manager, they may be able to more
easily spot when something looks different from normal, she says.
Other odd or strange system-related
occurrences that can signal possible
malware activity include the notebooks battery draining more quickly
than normal, beeps or alarms sounding
unexpectedly, and internal fans
speeding up for no obvious reason.
Elsewhere, the sudden and constant
appearance of error messages can be
a clue that malware is present, as can
a Web browsers home page changing
or new toolbars appearing in the
browser without the users involvement. Additionally, an inability to access various system tools; messages
that report that administrator rights
Most malware will use the Internet connection to send

information back or infect other computers on a network.
Isolate the laptop and then run an antivirus scan.
MICHELA MENTING
Practice Director : ABI Research
fake). Another indicator to watch for

includes phony social network posts
that the user appears to initiate and
share with his contacts.
Immediate Response
When you suspect malware has
infected your notebook, Menting
advises turning off its Internet connection. Most malware will use the
Internet connection to send information back or infect other computers
on a network, she says. Isolate the
laptop and then run an antivirus scan.
Additionally, ensure that antivirus
software on the notebook is up-to-date
with the latest malware signatures.
If not, then copy a free AV program
onto a USB thumb drive and use it to
install [the software] on the disconnected infected PC, she says. More
WITH MALWARE BEING SO PREVALENT AND

PERSISTENT, A LARGE PART OF COMBATTING
IT IS BEING ABLE TO RECOGNIZE SIGNS THAT A
SYSTEM MAY BE INFECTED AND THEN KNOWING HOW TO TROUBLESHOOT THE PROBLEM.
have been denied; and a sudden disappearance or appearance of unfamiliar
icons, shortcuts, folders, photos, and
file types are all other possible malware
warning signs.
Pop-up messages, including those
that appear out of the blue when a
Web browser isnt even open, are another indication that malware (particularly adware and Trojans) may
be present. An especially cruel type
of malware-related pop-up is one that
warns a user of security vulnerabilities on his notebook and recommends
that he download or buy the suggested
security software (which happen to be
sophisticated malware, Menting says,

may be able to obfuscate its presence,
and others, such as zero-days, have
simply not yet been uncovered by security firms and, therefore, an antivirus
[program] will not help. In such cases,
Menting says the best option may be to
wipe the hard drive clean and reinstall
the operating system.
Means Of Prevention
As a means of prevention, Menting
says, at the least, you should ensure
that a firewall is running and working
properly. Generally, she says, most operating systems have built-in security
features that users should activate.

Additionally, numerous programs
(including PDF and document-creation programs) provide options to
password-protect files. These are really useful for protecting sensitive documents, she says. On browsers, there
are a number of security features that
can also be activated or increased.
Malware Removal Tools

Beyond built-in tools, numerous
malware-removal tools are free for
download and use, as are numerous
useful and easy-to-use program-based,
on-the-fly encryption tools and antitheft products. Menting says, Users
should definitely consider protecting
their data as well as their devices. She
says specific features and abilities to
seek out in such tools included antivirus, antispam, antiphishing, and
antispyware; firewall and intrusion
prevention systems; email, browser,
chat/instant messaging, and application protection; privacy, ID, and
online transaction protection; encryption and password management;
antitheft and remote locate/lock/
wipe; and cloud-based services and
backup platforms.
Usage-wise, routinely run antivirus
scans and avoid opening email and
attachments or clicking links within
messages from senders you dont recognize; dont reply to suspicious email;
avoid visiting suspicious or unknown
websites; dont click pop-ups that appear suspicious and consider using a
pop-up blocker; and dont download
and install software from suspect
sources. Additionally, keep software,
including Web browsers and security
programs, updated; back up data regularly; and report suspicious activity to
your companys IT department.
67
Ease Travel Headaches

THESE DEVICES CAN HELP
IF YOU DO ENOUGH traveling, you quickly

learn tricks to eliminate some of the stress
and headaches that come with being on the
road. Technology can often help, as the following travel-friendly devices prove.
Bluetooth Finder
$20+
Ever set down the keys to your rental
car or your own vehicle on a restaurant
table only to get up, walk away, and leave
them behind? Many of us have done
this. One way to prevent the aggravation
that typically follows is to attach a small
Bluetooth dongle-like device to the key
ring. These devices communicate with
a smartphone, warning you when the
phone moves out of range of the dongle.
Typically, such devices cost about $20 or
more and have a smartphone app that
sounds an alarm, emits a beep, or even
provides a visual indicator that lets you
see when you get closer or move farther
away from the key ring or other object to
which you attached the device.
68
Bluetooth Keyboard
$60-$100+
Device Charger
$40-$100+
No matter how adept or comfortable

you are typing on a mobile devices
touch-enabled keyboard, there are
times when facing a hefty amount of
text or numbers to enter into a document or spreadsheet that would make
anyone conclude that a full-fledged
keyboard would be a better choice.
While some tablets bundle a Bluetooth
keyboard, others dont. Fortunately,
plenty of third-party options are available. Nearly all Bluetooth keyboards
are thin and light enough to make
an ideal travel companion, and some
double as a protective tablet cover as
well as conveniently fold into a stand
to present a laptop-like form factor.
Depending on the model, a particular
Bluetooth keyboard may include backlighting and specialty keys, integrate
a rechargeable battery, and provide a
carrying case. Pricing generally ranges
from $60 to $100 or more.
If theres one certainty about mobile

devices its that they dont hold their
power forever. Further, an outlet isnt
always available for recharging. Thus,
its a good idea to pack your own portable power supply so you can keep using
that smartphone, tablet, notebook, or
other device. Though price, size, and
weight can vary widely, general portable
charger options include battery packs
that are solar powered and/or integrate
a rechargeable battery. Typically, models
bundle multiple device adapters, and
some models may include multiple connectors to charge several devices simultaneously. Some packs also function as
a cover for a smartphone. Other powerrelated products worth considering
include USB power adapters that plug
into power outlets to provide a USB port
for charging, solar backpacks, power
adapters for overseas travel, and mini
surge protectors.
Luggage Tracker
$50-$100
Some people would pay a small fortune to know where their luggage is
at all times. Anyone who has experienced lost luggage understands why.
The good news is you dont have to pay
a fortune to pinpoint the exact location of your baggage. For somewhere
in the neighborhood of $50 to $100,
you can acquire a device (perhaps even
an FCC-certified and FAA-compliant
one) that uses GPS (Global Positioning
System), GSM (Global System For
Mobile Communications), and other
technologies to provide tracking abilities for luggage. These devices are
small enough to easily fit in a bag and
can do such things as email or text
you a verification that your luggage arrived at its destination. If your luggage
is completely lost, the devices let you
pinpoint the bags locations on a Webbased map.
Multi-Tool Knife
$25-$100+
While you still cant carry a pocketknife onto a plane, you can take one
with you when traveling by land, and
having a multi-tooled knife on hand
can get you out of a fair number of
jams, including in a storage sense.
Thats because beyond packing an actual blade (as well as possibly a screwdriver, scissors, wine opener, pliers,
etc.), some multi-tool knives integrate
a USB memory stick for storing and
transferring several gigabytes worth
of document, image, video, audio, and
other files. Thus, even if you lose your
notebook or tablet, youll still have important files handy. Depending on the
storage amount and model, prices of
multi-tool knives can span from about
$25 to $100 or more.
Noise-Canceling Headphones
$50-$100s
Whether in a plane, shuttle bus, taxi,
or room in a not-so-quiet hotel, noise
seemingly always surrounds a traveler. Noise-canceling headphones provide an escape from the din by using
battery-powered technology to essentially match and cancel external sound

swirling around. Alternatively, less
bulky and non-battery charged soundisolating earbuds offer comparable results by fitting into a users ear canal
to isolate sound rather than cancel it.
Depending on the mechanics, engineering, sound quality, and materials
in use, headphone and earbud prices
can stretch from $50 for an acceptable
pair to into the hundreds of dollars.
Portable Hotspot
$50+
Staying Internet-connected while
traveling is an absolute necessity for
business travelers, but doing so via
Wi-Fi isnt always easy. Although
public Wi-Fi hotspots are available,
theyre not always free and security
can be an issue. An alternative is to
use a portable hotspot device (costing
about $50 or more) that uses a mobile
broadband connection (a 4G LTE network, for example) to form a wireless
hotspot for multiple devices. Another
option is to use a portable router. Plug
an Ethernet cable into, say, a hotel
rooms wired Internet port, plug the
cables other end into the router, and
youve created a wireless network with
multiple-device support. Elsewhere,
various companies provide private
Wi-Fi services for a monthly/annual
charge that provide a welcomed layer
of security when connecting to a public
Wi-Fi hotspot.
Portable Monitor
$75-$200+
In some office environments today,
you may see two (or more) monitors
on an employees desk. This setup allows users to easily switch among open
programs, keep tabs on continually updating information in a Web browser,
and perform other multitasking chores.
Travelers can get this same secondscreen ability away from the office by
bringing along a USB-based portable
monitor. Such screens (generally $75
to $200 and more) connect and draw
power from a notebook via USB cable.
Typically, the screens support landscape and portrait modes, bundle a

stand to prop them up, and are light
enough you likely wont notice when
youre toting one around. Depending
on the model, touch abilities might
also be included.
Storage Device
$10+
One thing you cant have too much
of is storage, including for reasons
tied to accessing and backing up data.
Packing an extra memory card, USB
thumb drive, or external drive on
which you can grab or offload photos,
videos, and other files is smart. (Just
make sure not to lose the storage device on which that data resides.) If
youre expecting rugged conditions
where youre going, some external
drives and USB memory sticks offer
water- and shock-resistant features
to provide protection against the elements and drops. Overall, storage
continues to be an excellent value.
Memory sticks, for example, can
start at around $10 depending on the
storage capacity.
Video Streamer
$35-$100+
Its possible you already have a settop box-like device attached to your
HDTV at home to stream on-demand
TV programs, movies from subscription services, and audio from Internet
radio stations. A nifty aspect of these
devices is that travel-friendly sizes
(some are essentially a glorified USB
stick) means they can easily stow away
in a suitcase. Unpack it once in your
hotel room; connect it to the TVs
HDMI, USB, or AV port; configure
the Wi-Fi settings; and all the content
you have at home is now available for
watching in your hotel room. Should
you forget to pack the remote control
the device bundled, many streamers
have compatible apps that enable a
smartphone or tablet to function as a
remote control. With prices ranging
from about $35 to $100 or more, these
devices are an entertainment steal.
69
Excel Formulas
MAKE THEM WORK FOR YOU
EXCEL SPREADSHEETS are useful for

tracking finances, storing important figures, or even creating databases of information. But the only way to take full advantage
of Excel is to use functions and formulas.
Whether you simply want to find the sum
total of a column of numbers or calculate
compound interest, formulas are the best
way to transform your data. Here are examples of formulas that might save you time.
want to see how much money youll have

in 10 years with a 4% interest rate, you can
plug those numbers into the =PV*(1+R)^N
formula. In our example, your formula
would be 100*(1+.04)^10. Note that you
need to change the 4% figure into a decimal number, otherwise you might expect a
larger than life return on your investment.
Calculate the formula and youll see that
over 10 years your initial $100 investment
will grow to $148.02.
Calculate Compound Interest

Because Excel doesnt have a built-in
function for calculating compound interest,
Microsoft provides a formula that will get
you the results you need using
present value (PV), interest rate
(R), and the number of investment periods (N). So, if you
make an investment of $100 and
Excel doesnt have a built-in
compound interest function, but
you can use this relatively simple
function to get the same result.
70
the information you already know. For

instance, you can use a simple division
formula to find a comparison between
two numbers. For instance, if you shipped
25 products and only one of them was
returned, you can simply enter =24/25
(or use cell coordinates) to get a figure
of .96 or 96%. If you want to calculate
change between numbers (200 to 250, for
example), you can use the formula =(250200)/ABS(200) to get a growth rate of .25
or 25%.
Calculate Percentages
You can calculate percentages in a variety of ways using Excel, depending on
Sum Of Totals Across Multiple

Worksheets
Lets say you keep track of sales figures
over the years using the same Excel document. Not only do you want a record of
your current years sales, but you also want
your sales figure from the previous year
at the top of each sheet. This will require
the use of the SUM function as well as
some cross-sheet calculation. Using the
SUM function, =SUM(Sheet1!A1:A6) for
instance, you can take numbers from the
first sheet, add them together, and display

them in a cell on the second sheet.
MATCH Function
Excels MATCH function makes
it easier to find the location of a specific
figure relative to its order in a column.
For instance, if you are searching
for the number 780 in a column of
30 cells, you can type the formula
=MATCH(780,B1:B30,0) to find your
exact match. If the information is located
in the 15th cell, for instance, youll receive
the result of 15 from the formula. You can
also use a 1 or -1 modifier in place of the 0
to find the number that is greater than or
less than your desired figure.
Round Up Or Down
If you work with figures that have multiple decimal numbers and need to round
up or down to a specific decimal place,
then Excel has two easy functions you
can use to get the job done: ROUNDUP
and ROUNDDOWN. For example, take
a number you want to round up, such
as 12,345.678 and decide what decimal
place you want to round to. Then, use the
function =ROUNDUP(12,345.678, 2) and
Excel will automatically round it up to
12,345.68.
WORKDAY Function
WORKDAY lets you take a start date
and a number of days to determine what
your end date will be with weekends and
holidays taken into account. For example,
you need to enter the DATE formula,
Cross-sheet calculation makes it possible to link

formulas across multiple sheets in the same workbook,
so you dont have to copy and paste information
or calculate figures outside of Excel.
The MATCH function is helpful if you want to find a specific figure in a long column of numbers. It shows you where your
query is located in relation to the array you provide in the formula.
well use =DATE(2014,3,1) into the A1

cell, and a specific number of days in the
A2 cell, well use 18, you can use the formula =WORKDAY(A1, A2) to find your
end date, which in this case is March 27,
2014. You can also add holidays to the
formula by entering the dates into cells
and adding them to the end of the formula
=WORKDAY (A1, A2, A3:A9), which will
change the end date.
Display Current Date & Time

Excels NOW function is a quick and
easy way to display the current date and
time in your spreadsheet. Type =NOW()

into a field and the date and time will appear. This information doesnt update
automatically, but rather every time you
make a calculation within the spreadsheet
as well as every time you open that particular Excel document.
REPT Function
Typing the same thing over and over
can quickly get repetitive, especially if
you need 32,767 instances of the same information. If you think that number is
oddly specific, youre right. Its the maximum number of times you can use the
REPT function, according to Microsoft.
To use the REPT function,
simply take a word, number,
or other entry (Repeat,
in this instance) and tell
Excel how many times you
want it repeated by typing
=REPT(Repeat ,5) into a
cell. You can also use this
function to better visualize
data. For instance, you can
use symbols to represent
sales figures or your amount
of customers and watch your
growth over time.
71
Certied Piedmontese beef tastes great: lean and tender, juicy and delicious.
But theres more to it than just avor. Certied Piedmontese is also low in fat
and calories. At the same time, its protein-rich with robust avor and premium
tenderness. Incredibly lean, unbelievably tender: Its the best of both worlds.
piedmontese.com

Cyber Jan

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Cyber Jan

Caricato da

Copyright:

Formati disponibili

JANUARY 2015 VOL. 13 ISS.

Volume 13 : Issue 1 : January 2015

THE DARK SIDE OF THE

Advertising: (800) 247-4880

Mission-Critical Workload Testing

Biggest Big Data Challenges

Count Em: 30 Billion Connected

Digital Spending Increases

35% Of U.S. Smartphone Users

According to a recent Gartner survey

The time has apparently arrived for video

January 2015 / www.cybertrend.com

Consumers Express Customer

MOST VALUED CUSTOMER

WILLING TO PAY MORE

Slow Website vs. The TSA:

Tablets Are Key For BYOD

IT Buyers, Vendors Adopting

BYOD (bring your own device) programs continue to gain momentum

The cloud services market is entering an

CyberTrend / January 2015

Small Businesses Rely On Data

To what extent are small businesses

SMALL BUSINESS DATA USE

PERCEPTION OF THE DATA EDGE

When asked whether they use reporting/analytics data

When asked whether they believed reporting/analytics

Flexible Display Manufacturers

Smart Watches To Erode Smart

Demand For 4G LTE Continues

Smart wristbands have gained popularity

January 2015 / www.cybertrend.com

Apple Co-Founder Steve Wozniak Joins Virtualization Startup

Once you release a file into the world

Primary Data, a data virtualization solutions provider

Prezi Wants To Make Your

Startup Says Its Successful At

Analytics Startup Streamlines

Presentations are often just slide shows

Menlo Security, a stealth startup based

For data analytics software to be truly

CyberTrend / January 2015

The Challenges Of Outsourcing IT

IN MANY RESPECTS, outsourcing IT

January 2015 / www.cybertrend.com

operations has become so prevalent

Increasingly, companies that cant

organizations outsource IT operations

We have external data to show that companies are

OPEX, for example), agility (faster provisioning of additional capacities to

impact on IT. Are they IT outsourcing,

CyberTrend / January 2015

IT department is something that demands expertise, and if you dont have

At the extreme, if youre using Google for corporate

complexity is easier to solve than the

INCREASING TECHNOLOGY COMPLEXITY AND ACCELERATING

January 2015 / www.cybertrend.com

technical in some cases and it can be

The similarities are what we should

LONGBOTTOM ALSO RECOMMENDS

do this in the same way. Application

will evolve, improve, and refresh over

CyberTrend / January 2015

From Manufacturer To Service Provider