Cisco Picks up Reactivity

As a special kind of business-to-business gateway, the XML acceleration and XML safety companies are now poised to become the focus of similar acquisition initiatives by the "big guys."  It started in earnest a little over a year ago with IBM's acquisition of Data Power and Intel's acquisition of Sarvega.

So, who's the next heavy hitter to get on board? That's a more difficult question to answer than determining what companies are ripe and ready to be picked up.  The companies in the XML gateway, XML firewall/security and XML/SOA governance businesses are now going under the M&A microscope.

Cisco Picks Up Reactivity for XML Acceleration

... Cisco, which will pay $135 million for the privately held company, will bring Reactivity under its Application Networking Services unit as an extension to Cisco's existing Application Control Engine offerings. Reactivity brings to the table XML-specific and Web services-specific functions, availability and offload functions, as well as protocol conversion and identity management functions for XML and Simple Object Access Protocol applications.

Minority Report ... and hold the psychics.

After seeing a summary of this post from Science Daily, I could not resist picking up a summary of Minority Report from the IMDB database:

In the year 2054, a so-called "pre-crime division" is working around Washington, DC. Its purpose is to use the precog(nitive) potential of three genetically altered humans to prevent murders. When the three precogs, who only work together, floating connected in a tank of fluid, have a vision, the names of the victim and the perpetrator as well as video imagery of the crime and the exact time it will happen, are given out to the special cops who then try to prevent the crime from happening. But there is a political dilemma: If someone is arrested before he commits a murder, can the person be accused of the murder, which - because of the arrest - never took place? ...

OK.  If this scan for intention gets much better, we can dispense with the psychics.

ScienceDaily: Revealing Secret Intentions In The Brain

... Our secret intentions remain concealed until we put them into action -so we believe. Now researchers have been able to decode these secret intentions from patterns of their brain activity. They let subjects freely and covertly choose between two possible tasks - to either add or subtract two numbers. They were then asked to hold in mind their intention for a while until the relevant numbers were presented on a screen. The researchers were able to recognize the subjects intentions with 70% accuracy based alone on their brain activity - even before the participants had seen the numbers and had started to perform the calculation.
...
In future it will be possible to read even abstract thoughts and intentions out of patients' brains. One day even the intention to "open the blue folder" or "reply to the email" could be picked up by brain scanners and turned into the appropriate action.

SOA vs WOA and the Loyal Opposition

In the course of digging into the future of SOA and fine-grain security, I keep running into a theme which might be thought of as "the Loyal Opposition."  A well-spoken and thoughtful member of this community is Dion Hinchcliffe.  This morning's post is worth reading.

Perhaps what I'm seeing is the continued tension between the WS-* folks and the RESTians.  When I see a set of recommendations like those incorporated in this post, I get the sense of "Hey... that's not enough!  It's not going to solve the big problems of composable applications and virtualizing services. The 'consumer' of these applications is NOT always going to be sitting on the other side of a web browser!"  At this point, I get somewhat giddy about the aesthetics (and complexity) of WS-*.

And then I have this irritating, gnawing seed of doubt. "Didn't you learn about this same kind of issue when OSI was the be-all-end-all, only to be trounced by the simplicity of the TCP/IP suite?" 

Long live the Loyal Opposition. 

Eleven Emerging Ideas for SOA Architects in 2007

This is where the World Wide Web continues to teach us effective techniques for service consumption and adoption. Amazon has tens of thousands of consumers of its various and sundry Web services that range from e-commerce to the compelling S3 storage platform. And they're making money doing it as well. The rise of mashups too has shown how easily that simple, composable services can be made into workable browser-based composite applications. All of these has given us the conception of Web-Oriented Architecture (WOA), which I've been writing about here on this blog for a while now. This is using the basic Web formats and protocols such as HTTP, XML, REST, and JSON as the "Unix Pipe of the Web" -- to quote a colorful phrase of Ray Ozzie's -- as the fundamental glue between systems. This allows widgets, Ajax applications, and mashups to be wired together so quickly it can almost be done in real-time with the latest tools.
...
Increasingly, the common Web browser is the place where meaningful service integration is taking place. Because of this, building services that aren't easily consumable in the browser can be a death knell for the service because that puts its consumers in the business of building and maintaining adapters or using a Javascript SOAP stack -- if you can find one -- before the service can be used and measurable work accomplished. Ultimately, non-browser friendliness greatly reduces possible consumption scenarios for SOAs as we'll see in some of the points below. This doesn't' mean throw away your WS-* services. But it does mean you should automatically offer a REST or JSON version as well.

Shamir's Law

Dan Farber, reporting on RSA 2007, relates this exchange during the cryptographers panel.

» RSA 2007 keynotes: Notable quotes | Between the Lines | ZDNet.com

"Security wins many battles but loses the security war. We are definitely going backwards in computer security."–Adi Shamir

Moderator Burt Kaliski, chief scientist and CTO at RSA Laboratories, quickly factored a new way to look at security, "Shamir's Law": Every 18 months security gets half as good.

VMWare Establishes an SMB Market

How smart is that!?! 

After doing a great job with the give-away, and running the contest to find the coolest "virtual appliance" using the VMWare Server, VMware recognizes an un-tapped market and puts in place a modestly priced management offering, VirtualCenter.

OK, VMWare, now all you have to do is finish up your virtual machine for the Mac OS so that I no longer have to endure Bootcamp or Parallels.

VMware coaxes SMBs with low-cost management tool

A free downloadable version of its virtualization software has proven so popular among small and midsized businesses (SMBs) that VMware Inc. says it will offer a new virtualization management product -- with support -- for $1,500.


Last July, the Palo Alto, Calif.-based server virtualization vendor made its entry-level product, VMware Server, available on its Web site. The free software has been downloaded 1.2 million times. Seventy percent of those downloads were by SMBs.

Groundwork Open Source

Speaking of open source software that's likely to achieve commercial success, I've always appreciated the thinking and approach taken by Groundwork Open Source. It seems that others (with more money to invest than I have) are also of the same mind. DJ's VentureWire (subscription required) is reporting this morning that Groundwork has closed a new round of $12.5 million in an oversubscribed Series C round of financing, led by new investor Jafco Ventures,

Take a look at Groundwork and then look over Tony Wasserman's nine criteria for OSS success.

Open Source Software and Commercial Readiness

Charles Babcock of InformationWeek has a very good and multi-faceted article on open source software in this week's edition.  I particularly like his choice of projects on which to focus and his understanding of the many forces -- market, internal politics, leadership of the open source effort -- that impact the ultimate success of an OSS project. 

The description of Tony Wasserman's "business-readiness rating service for open source code" reminded me of so many issues faced three years ago when I co-founded Univa Corporation to bring the Globus Toolkit into the commercial realm. While it's definitely a simplified approach, it's valuable as a starting point. I'll look forward to seeing more detailed output from the Business Readiness Rating service.

The article is well worth reading.

How To Tell The Open Source Winners From The Losers 

That's a dilemma for the many companies that are expanding their use of open source. Corporate developers and other IT professionals must get better at divining the winners and ignoring the losers. The wrong picks can lead companies down a rat hole of support problems and obsolete software.

Clearly... Some sort of disconnect.

Oops. 

Guidelines and tools certainly help, but what's missing is a generally accepted "standard of care" regarding the protection of data like the personal identifying information (PII). 

VA Loses Another Hard Drive, Vet Data At Risk - News by InformationWeek

... Rep. Spencer Bachus, R-Ala., whose district surrounds Birmingham, said that as many as 48,000 veterans' records were on the drive, and that as many as 20,000 were not encrypted.

"Why were the records of 20,000 veterans not encrypted? Given last year's experience, VA officials should have exercised greater caution," Bachus said in a statement released Monday. "Why did this incident happen at all given the fact that the VA already has the guidelines and tools needed to prevent such breaches? Clearly there is some sort of a disconnect between veterans officials in Washington and in the field," Bachus said. ...

Forget that OpenOffice and MS Office stuff. Here comes Google.

Larry Dignan at ZDNet's Between the Lines has posted a discussion about Google's upcoming completion of their "anti-Office suite", and sheds some light on just how much is at stake.  The discussion of strategy is reminiscent of third party candidates who "don't have to win... just distract the voters and split the vote."  But, I'll have to admit that we may be in for more of a sea change than we've been led to expect as Office 2007, OpenOffice and Google Docs collide.  Larry does a fine job giving us just how important ... in real dollars ... this could be.

» Google Office vs. Microsoft Office: What’s the end game?

For context, Microsoft's Office business delivered more in revenue and operating income than Google did in the fourth quarter. Google had fourth quarter revenue of $3.21 billion and operating income of $931 million.

Simply put, Google is a fly on the elephant that is Microsoft right now. But all Google has to do is make Microsoft defend the Office business. If Microsoft has to respond to Google Docs–it doesn't yet–the software giant won't be able to focus on search and keyword advertising. Even a company with Microsoft's cash pile has limited resources.

Under that formula, Google doesn't even have to be wildly successful with Google Docs–all it has to do is be a big distraction. Many of Google's initiatives appear only to be designed to distract Microsoft. And encroaching on millions of PowerPointers is one way to get Microsoft's attention. PowerPoint is also the best avenue to gaining adoption for Google Docs. Word processing and spreadsheets are nice, but if you play word association with corporate desk jockeys Office is PowerPoint.

Data Security Compliance and Accountability at NYSE

The issue of compliance, particularly Sarbanes-Oxley compliance, have got to be an on-going concern to financial institutions, and particularly for those securities, commodities and options exchanges that are taking the IPO route to becoming publicly traded companies. Wall Street & Technology has an interesting article regarding the NYSE and their "defense in depth" approach to securing sensitive data.

Although it's a bit of an advertisement, the discussion of their use of Lumigent's data auditing approach is interesting. The article makes the point that their technology using the database transaction logs to provide "... a continuous and complete picture of database activity." This is in contrast to other approaches to content/data monitoring and filtering that watch the network to interpret data access and assess what changes are taking place.

The article goes on to emphasize the importance of addressing inside/insider threat.  They make a pretty strong case for digging into the processes, systems and technologies the NYSE has in place, with a full-spectrum analysis, and big-time emphasis on accountability.

Wall Street & Technology : The NYSE Focuses on Improving Data Integrity

There are signs that the capital markets industry is taking steps to improve accountability regarding access to data, since allowing access to unsecured information in the database is typically where the Sarbanes-Oxley process breaks down, according to Adam Honoré, senior analyst with Boston-based consultancy Aite Group. Efforts are being made on the IT side to install governance processes around how data can be accessed, he notes.


But more work needs to be done in the entitlements piece, in terms of who has access to what data, and the governance process around that, says Honoré. "The biggest [security breaches] in capital markets are either people having laptops stolen or the loss of backup tapes," he contends. "Hacking has not been a big problem in capital markets."


Data ownership and accountability, therefore, must be the cornerstones of data-level security, adds Honoré. ...

Technorati Tags: compliance, security_compliance