Computer IT Tech News: 2012

Tuesday, November 27, 2012

£60m datacentre to be built in Birmingham

A 10MW (megawatt) modular datacentre worth £60m will be built in Birmingham by March 2013 to provide storage services for high street banks, financial services firms, media companies, technology companies and small businesses.

The IT facility is built by Data city exchange (dce), the datacentre service provider and will be called dce Central Exchange.

It promises to use 70% less energy than traditional datacentres, according to dce, as it is purpose-built and uses efficient cooling techniques such as free air cooling and renewable energy sources to reduce the carbon footprint.

Mark Barrow, strategic director of development at Birmingham City Council, said: “Birmingham is increasingly being seen as one of the digital hubs of the UK and this type of investment will help further raise Birmingham’s profile across the rest of Europe.

“The datacentre will create significant employment opportunities across the city and help support some of the local businesses in the area,” Barrow said.

Purpose-built datacentres are in increasingly high demand due to strong growth in IT and data storage needs. This is being driven by growing business requirements for 'on-demand' cloud-based services as well as high-availability storage and high-speed networks.

Raj Mack, head of Digital Birmingham, said: “Access to world-class connectivity lies at the heart of a smart, connected city. Birmingham is increasingly being seen as a city with world-class digital aspirations, establishing itself as the innovation test bed of Europe.

“This addition to the city digital infrastructure could attract new businesses and secure an internet exchange for our small and medium-sized enterprises (SMEs) and corporates, demonstrating that Birmingham is fast becoming the place to do digital business.”

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy$("a#eproductLogin").attr('href', function(i) { return $(this).attr('href') + '?fromURL=' + regFromUrl; });

computer

windows

Wolverhampton Girls’ High School goes wireless

Wolverhampton Girls’ High School has installed wireless technology across its campus to enable its staff and students to use mobile devices in lessons.

Wolverhampton Girls’ High School has 750 pupils, many of whom bring in their own laptops, tablets and smartphones. However, the school didn’t have the infrastructure to support them.

They chose to install 15 wireless arrays from Xirrus, which was both cheaper than a fully-wired alternative and meant there were no concerns about damaging the buildings during installation.

“Wolverhampton Girls’ High School is set in a very beautiful and old building,” said Sharon Holness, assistant headteacher. “It was important for us to get a wireless solution in place that would be sympathetic to the surroundings.”

“The Xirrus engineers conducted in-depth surveys around the school and were thorough and professional.”

Each array has the capacity for 125,000ft2 of coverage, but with the number of buildings and obstructions, it was necessary to install more.

The deployment happened throughout 2012 with two phases, although Xirrus said each phase itself only took a couple of days.

Now, teachers have embraced the new network by making extra resources available to pupils online, which they believe has led to richer lesson plans and stronger interactions with pupils.

£60m datacentre to be built in Birmingham

The IT facility is built by Data city exchange (dce), the datacentre service provider and will be called dce Central Exchange.

“The datacentre will create significant employment opportunities across the city and help support some of the local businesses in the area,” Barrow said.

Hyper-V boost pushes Microsoft virtualisation closer to VMware

Microsoft has done a lot to boost Hyper-V but the improvements do not justify switching from VMware, according to Gartner.

Speaking prior to the analyst’s datacentre conference at Westminster, Gartner vice-president and distinguished analyst Carl Claunch said: “Hyper-V is a viable alternative to VMware. Microsoft has improved the product’s position.”

Claunch said Microsoft’s push to establish Hyper-V as a VMware alternative means lot of added features that used to cost more in VMware now come free as part of Hyper-V, which is bundled free with Windows Server 2012.

“VMware will now have to deal with add-on virtualisation functionality that is now a datacentre commodity, " said Claunch. He believes Hyper-V will damage VMware’s revenue.

“Microsoft is a sizeable, capable competitor, but VMware is fast-paced and can innovate quickly to avoid competition.”

However, he said: “VMware has strong a strong position on x86 servers for Windows workloads, so people don’t feel they are going to miss out by not moving to Hyper-V.”

While there is no need to switch, he added: “If you are beginning to move to the cloud then Hyper-V is worth a serious look.”

For instance, in a fresh virtualised environment, Windows Server 2012 is more advanced than VMware, because it is able to move workloads around more easily than VMware, according to Claunch.

He said: “Hyper-V is much more flexible. VMware requires advanced planning. The machine needs to be in a compatible part of the network.”

Performance improvements include Hyper-V’s ability to combine multiple network adapters for load-balancing, its large memory support and the way it handles storage.

He said: "Thin provisioning, data deduplication, used to require SAN. Hyper-V now allows direct attached storage to be used.” This is considerably cheaper and could make it attractive to SMEs.

In system administration, Claunch said Windows management tools can be used to connect to each server individually. "You can now manage groups of servers in one go on Hyper-V.”

Leeds to become home to a new £43m independent datacentre in 2013

Leeds City Council authorities have approved the construction of a network-neutral datacentre worth £43m to improve the internet connectivity and network infrastructure in the region.

The datacentre called DC4, will have a floor-space of around 120,000ft2 over two six-storey buildings, and will become the UK’s largest independent datacentre outside London.

It will be a carrier-neutral datacentre, which means it is independent of a network, software or hardware supplier and that multiple Internet Service Providers (ISPs) will be able to take part in the datacentre, providing best value for businesses using the datacentre.

The IT facility will be built early next year by telecommunications company aql at a 3.14-hectare brownfield site in Hunslet, formerly the location of Leeds’ Yorkshire Chemicals plant.

“The new DC4 site will allow expansion room to support the data growth from the IT, media and mobile sectors – including the huge demands which 4G will place on the region’s infrastructure,” said aql’s founder and chief executive Adam Beaumont.

DC4 will be a large datacentre capable of housing 2,440 server racks serving the entire region.

The server racks will provide enough space for many of the larger ISPs to establish a firm and competitive presence in Leeds, according to aql.

Because it is carrier-neutral, DC4 will bring improved internet connectivity and network infrastructure to Leeds, benefiting both businesses and people in the city and the surrounding areas.

“This project will put Leeds, and Yorkshire as a whole, in a very strong position to fulfill their superfast broadband promise,” said Adam Beaumont.

The new facility will be a sustainable and energy-efficient datacentre.

Excess heat produced by the datacentre will be recycled and used to heat nearby buildings, and the land surrounding the site will be redeveloped and landscaped to create green spaces and civic amenities for local residents.

DC4 has the potential to make a huge impact on Leeds’ infrastructure and economy, and could help define the city as a major hub for digital business, according to Lurene Joseph, chief executive of Leeds and Partners, the agency responsible for attracting investment to the city.

“The new datacentre is another key milestone for Leeds as we work to make the city a centre of excellence across all aspects of digital technology,” said Lurene Joseph.

Cyber Security Challenge announces second round competitions

The UK national Cyber Security Challenge has announced four face-to-face competitions for the next round of the current challenge.

Cyber Security Challenge UK runs a series of national inspirational competitions aimed at attracting talented people to the profession and informing them about cybersecurity careers and training.

In the latest round of competitions, professional cyber teams from Orange, Prodrive, (ISC)2, the SANS Institute, QinetiQ and Sophos will test more than 100 qualifiers from the virtual first-round competitions over the coming months to determine the 40 finalists for the Masterclass grand finale in March 2013.

The Orange and Prodrive Risk Analysis challenge will pit candidates against a real-life motorsport set-up, complete with Aston Martin Racing car, pit crew, technical team and a complex ICT infrastructure that connects them all.

Candidates will work as security architects to deliver a practical security solution that protects the team’s intellectual property (IP) and confidential information from its rivals in preparation for Le Mans, the biggest date in the international racing calendar.

“Cyber security is a growing issue in professional racing, where the IP of the car and the information relayed between the team during races is vital to the performance on the track," said Michael Cloete, Prodrive head of IT said. "It’s fundamental business-to-business security and risk analysis, looking at how much vulnerability you allow before you put the organisation at risk or how secure you need to be before you run over budget and impede the team.”

The SANS Net Wars challenge will give candidates the opportunity to demonstrate their skills on one of the world’s most recognised cyber training platforms.

Currently used by used by professionals at some of the largest companies and government organisations in the world, this is the first time NetWars has been incorporated into the Cyber Security Challenge UK.

During two hours of gaming, participants will be tasked with recovering a number of targets from a virtual environment, with scores displayed on a real-time scoreboard to show their progress.

In the Sophos Malware Hunt, candidates will take on the role of forensics and defence specialists working for the UK Government. They will face the nastiest creations of both cyber criminal gangs and nation states as they run rampant in a virtual environment.

The candidates' mission will be to gather and analyse evidence of attacks on the systems, and identify the attackers’ motives, skill levels and likely origins. Finally, candidates will present their findings and make recommendations on the actions to be taken.

In the QinetiQ and (ISC)2 Command and Control challenge, teams of candidates will be responsible for securing the IT systems protecting a simulated top-secret facility. They must identify, fix and exploit vulnerabilities in command software systems and work to anticipate security breaches to avoid attack.

The challenge will provide first-hand experience of what it takes to secure software systems and the critical effect cyber attacks can have on the security and safety of an organisation, its people and its assets.

“Secure software development is a significant new area of focus for information security professionals, with application vulnerabilities increasingly identified as the number one threat to organisations," said John Colley, managing director for Europe at (ISC)2.

“For too long software that underpins business and much of our most critical national infrastructure has been written without enough appreciation for how easily it can be exploited or manipulated. We hope this competition will both educate software developers as to the importance of embedding security from first principles in the systems they write, and also attract some of the most gifted and security minded candidates over to work in a new exciting field where their skills are very much sought after. ”

Cyber Security Challenge UK CEO Stephanie Daman said: “This year’s face-to-face competitions have broadened the range of skills we are testing in a bid to more accurately represent those needed most by the range of employers which support us.”

As well as identifying talented people who can move straight into unfilled jobs, she said the four face-to-face competitions will open the eyes of more than 100 talented amateurs who might never have considered how exciting a job in this sector could be.

Image: Hemera/Thinkstock

UK rail ticketing services get next-generation facelift with AWS cloud

Rail Settlement Plan (RSP), the company that provides IT and retail services to UK rail operators, is upgrading its systems with AWS cloud to provide a next-generation ticket issuing systems as a growing number of commuters adopt the “click and collect” model.

The system will provide the rail industry with a flexible, high-availability cloud-based service. This will support ticketing on departure, where users collect rail tickets from self-service ticket machines after purchasing them earlier on the web.

The automated, on-demand infrastructure will enable train operating companies to support large fluctuations in demand for tickets during peak periods.

“Rail ticketing demand goes through seasonal and daily peaks and troughs, which makes it a great use case for cloud computing,” said Neil Miles (pictured), managing director at Smart421, the UK IT consultancy firm that will design, build and manage the new system for RSP.

RSP has signed a five-year contract to Smart421 to design a live sales management system using Amazon Web Services’ cloud platforms.

The AWS cloud implementation will begin in December this year with the new system ready in early 2014. But the contract includes a five-year 24/7 support service. The financial terms of the deal were not disclosed.

The cloud-based system can be scaled up to a billion tickets per annum by 2018 without more capital investment in computer hardware.

RSP can also scale it back during the off-peak times, saving it costs for itself and for the rail operators, which include Eurostar, Chiltern railways, East Coast, First Great Western, Virgin Trains, South West Trains and Scot Rail among others.

Among other benefits, it will allow RSP to support future delivery channels such as mobile and smartcards, as customers’ adopt these channels.

The new cloud-based sales management system is part of RSP’s IT modernisation plan to meet the demands of rail travellers who want the convenience that comes with mobile ticketing and systems such the London Underground Oyster card, Miles said told Computer Weekly.

“One of the key challenges the new system addresses is providing flexibility to the growing number of ticketing systems and retailers,” Miles said.

The new infrastructure will provide the basis for interoperability where a ticket can be sold through one channel, collected through a second and validated through another, he said.

It will also help the company upgrade the system to support new generations of ticketing technology that rail franchises may use in the future when issuing passenger tickets.

The RSP live sales management system will be built on a range of technologies in the AWS cloud, including: Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Map Reduce (EMR).

Smart421 will use AWS as the cloud computing platform to deliver support for business processes, including deferred ticket delivery and sales reconciliation.

The system will receive, validate and store records in a secure repository, check the correct rail card has been used and deliver reporting on all transactions from all areas of the system.

It also integrates leading open source technologies such as an identity and access management platform (ForgeRock) and reporting database and reports server (Infobright and Jaspersoft) with the core transaction process and routing platform (RedHat).

To overcome the data security issues of cloud computing and all-time high-availability challenges, the system will be built across multiple availability zones in the AWS European region.

“We have taken security very seriously. Starting with the basics, we are taking advantage of a highly secure environment in the AWS Cloud that is ISO 27001 certified,” Miles said.

The security layering of the new system will include measures to minimise any attack surface and tightly manage access via Identity & Access Management (IAM) controls. Smart421 will also apply the security design patterns that best exploit the security measures already built into the AWS cloud, Miles said.

While it provides a flexible, secure and highly-available ticketing system for rail operators to serve their customers, what does it bring to RSP’s infrastructure?

One of the challenges RSP’s IT team faced with the old system was ensuring lower total cost of ownership, protecting revenue and opening up systems without compromising customer data security.

Cloud computing’s utility-based computing model will help it minimise infrastructure costs – one of the key advantages in a time of shrinking IT budgets.

“This live sales management project will deliver high-quality service at reasonable cost which is good news for all industry stakeholders,” said Steve Howes, managing director at RSP. “We realise that this project will be watched very carefully because of its importance to RSP and the train operating companies we serve.”

The AWS-based sales management system is also vital to updating RSP’s business services over the next few years and is the first step in the company’s IT modernisation programme.

The AWS cloud infrastructure will allow RSP’s IT team to focus on serving the train operating companies rather than on managing and scaling internal technology infrastructure, Miles said.

Cyber attack reporting will boost defence capability, says Neelie Kroes

The European Commission (EC) is considering making it mandatory for companies to report cyber attacks to harness the benefits of open dialogue, says vice-president Neelie Kroes.

Despite industry opposition, open discussion about cyber threats is vital to enable organisations to learn and improve understanding of the issue, she told the German publication Süddeutsche Zeitung.

Details of the EU’s plans are likely to be revealed later this year with the publication of the its cyber security strategy.

Kroes, who is responsible for the EU’s Digital Agenda, believes cloud computing may give new impetus to the faltering economy, provided people are confident that the new model is reasonably secure.

The EC predicts that cloud computing could boost European economic output by €160bn a year because of increased efficiencies and lower cost access to resources by smaller companies.

Kroes believes that increased use of cloud technologies will also create 2.5 million jobs by 2020 and help redress high unemployment among youth across Europe.

In January, Kroes called on public authorities, industry, cloud buyers and suppliers to come together in a European cloud partnership.

Calling for action to support the speedy uptake of cloud computing in Europe at the World Economic Forum in Davos, Switzerland, Kroes said the main obstacles to cloud adoption like standards, certification, data protection, interoperability, lock-in, and legal certainty needed to be addressed.

The EC has established a working group to address the need for common technical standards to support and grow the cloud computing industry.

The working group is set to tackle thorny issues such as what happens to organisations’ data after the cloud services contract expires.

In early November, the steering board of the new European Cloud Partnership (ECP) met in Brussels to kick off the process of building an EU Digital Single Market for cloud computing.

The board aims to make the most of the public sector's buying power to shape the growing market for cloud computing services.

The ECP will develop common computing procurement requirements for use by EU member states and create a common framework for cloud computing across Europe.

The ECP is also tasked with stimulating the migration of public IT to the cloud by resolving barriers to cloud computing adoption in the public sector.

Half of companies lack cyber threat knowledge

Half of companies worldwide lack knowledge about potential security threats they may face, a global IT risks survey has revealed.

Almost a third of more than 3,000 IT professionals, including 200 from the UK, polled by security firm Kaspersky Lab, admitted they had never heard of any of the cyber epidemics that recently posed direct threats to their organisations.

A further 58% highlighted a lack of resources into both staffing and improving IT security systems, reducing the organisations' ability to cope with cyber security threats. This was mainly due to poor understanding among senior managers of the reasons why IT departments exist.

The survey also revealed that 35% of companies have insufficient personnel trained to deal with IT threats.

According to Kaspersky Lab, this problem cannot be dealt with simply by hiring new employees; existing staff also need to be educated.

Teaching staff the basics of IT security should be no less important than installing the latest software
Kaspersky Lab

The research report said this is emphasised by the low level of computer literacy among employees, which can lead to confidential information leakages, and to the infection – or even total disablement – of a company’s IT infrastructure.

The report concludes that teaching staff the basics of IT security should be no less important than installing the latest security software.

Commenting on the survey’s findings, Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, said: “Companies should not underestimate global cyber threats.”

He said although organisations are starting to take this issue seriously and have increased the proportion of IT staff dedicated to security to around 40%, these people are not always sufficiently trained and competent to protect businesses from the most pertinent threats.

“Increasing the level of computer literacy among staff is an essential element of security, while senior management needs to be fully aware of the potential consequences of cyber threats and understand that reliable protection of the corporate network is vital in ensuring the effective development of a company’s IT infrastructure,” said Kaspersky.

IT security, he said, is important not only to individual companies, but to whole economies, because cyber criminals can destroy the normal business environment; they could prevent future global development and bring on economic and even political collapse.

“We are here to stop this happening, and are confident of doing so,” said Kaspersky.

Image: Hemera/Thinkstock

BBC management gains tighter cost control with dashboards

BBC managers are gaining tighter cost control with SAP Business Objects Web Intelligence dashboards.

Simon Griffiths, data and reporting improvement manager at the BBC, presented the corporation’s home services management information (MI) strategy at the recent SAP UK and Ireland user group meeting in Manchester.

Simon Griffiths said the BBC MI strategy goal was to focus managers more on decision-making for future programmes and less on manipulating data.

The dashboard project began in December 2011, and has become part of a Finance Effectiveness programme, headed by John Turner, programme change director at the organisation.

Griffiths initially carried out a proof of concept dashboard, on cost centre reporting, to get the project started, “without involving consultancies”.

His is a “relatively small team”, consisting of six data warehousing and business intelligence (BI) professionals, with three other contractors from the finance effectiveness effort.

He is a trained accountant with a background in engineering. He joined the BBC in 2006 as a continuous improvement consultant. Though more on the business side of the organisation, he said that he knows enough about the detail of the technology to know when he does not know enough.

And the challenge, he said, is to knit together those who know how to grab and filter the data with those who know what to present to which end-user group.

“It is difficult to find people who can take the data all the way from the data warehouse to the dashboard," said Griffiths.

He recommended the approach of getting stuck in to real data and proving the value fast.

“Don’t sit back and do an involved cost-benefit analysis. You can do a proof of concept for free. It doesn’t have to be SAP. I’ve used QlikView, too. The tools are much of a muchness," he said.

His team is now creating one dashboard per month. The core idea is to provide a dashboard targeted for each audience inside the business. The dashboards are spread across 1,300 cost centres and 600 managers are using them.

“We’ve got managers asking for them, and that is new," Griffiths said.

Managers can now see things like top 10 expenses, and can quickly see what is in policy or not. But the dashboards are not just for finance. Dr Who is but one programme run as a project in an SAP environment, he said.

Griffiths said that his team has “good statistics on take up, coupled with good anecdotal evidence [of interest]."

The dashboards are at the end of “a long chain”, stretching from a BW warehouse through business objects to web intelligence, where the data is modelled.

The dashboards are proving their worth, he said, in cutting down on training.

“It’s more efficient to have one system, rather than three or more. New starters are used to buying stuff on Amazon and it is as easy as that. The dashboard knows who the manager is. And the manager can write notes within the dashboards, which is an aid to working more effectively with colleagues."

The next stage is mobile access, delivering dashboards on tablets. “The business case for mobility remains a challenge," said Griffiths.

"It is almost an act of faith. I’ve not seen one killer application for that, but it would improve the user experience”.

Apple drags more devices into patent battle with Samsung

The number of devices that allegedly infringe patents held by Apple and Samsung continues to grow, with Apple adding six more products to its case against its South Korean rival.

The rival companies are fighting cases against each other in more than 10 countries, each accusing the other of violating patents.

In August, a US court awarded Apple $1bn in damages against Samsung, after ruling that several of Apple’s software and design technologies had been infringed.

However, Samsung has appealed against the ruling and has called for a retrial.

But in a separate case brought by Apple in February and countered soon afterwards by Samsung, the rivals are adding claims scheduled to be heard in a Northern California District Court in March 2014. Both claim the other is infringing eight mobile device patents.

Just days after Samsung alleged that Apple’s iPad mini and the latest version of the iPod Touch infringed eight of its patents, Apple has asked the court to add Samsung's Galaxy S3, the Galaxy Note 2, the Galaxy Tab 8.9 Wi-Fi, the Galaxy Tab 2 10.1, the Galaxy Rugby Pro and the Galaxy S3 Mini, according to US reports.

The Galaxy S3 Mini is yet to be released in the US, while the other five devices have been released in the past two months.

"Apple has acted quickly and diligently to determine that these newly released products do infringe many of the same claims already asserted by Apple," the company said in the filing.

Samsung has not commented on Apple’s latest move, but its decision to add the iPad mini to its complaint followed a court order that Apple must disclose details of its patent-sharing deal with HTC.

Samsung asked the courts to order Apple to reveal the information because it was "almost certain" the deal covered some of the patents at the centre of its dispute with Apple.

Some analysts said the order to give Samsung access to details of Apple's deal with HTC may have a big effect on the legal battle between Samsung and Apple.

If there are similarities between the two disputes, analysts believe it will give Samsung an advantage in any future negotiations with Apple.

Barclays Bank to give thousands of staff iPads

Barclays is rolling out 8,500 Apple iPads across branches to improve interaction with customers.

Shaygan Kheradpir, COO at Barclays' retail and business banking division, told Computer Weekly earlier this year that the company was planning numerous mobile developments for staff and customers.

Barclays looked at different tablets before deciding on the iPad, which will now be rolled out across the UK.

A Barclays spokeswoman told The Register the devices will assist branch staff when interacting with customers to improve the customer experience.

"We investigated a number of different tablet options and in this instance, we concluded that iPads were the best solution for their specific needs. We are now starting to use these across Barclays branches in the UK," she said.

Barclays is not the first British bank to standardise on Apple devices. In 2010 Standard Chartered announced plans to migrate thousands of staff from the Blackberry to the iPhone.

The bank initially moved 15,000 staff but with 75,000 staff in total it is expected to go further.

Standard Chartered said the move is a response to a change in technology with a long-term vision to back it up. It said the iPhone is a way to develop in-house mobile applications, cut costs and enhance employee satisfaction.

The project saw the first major UK corporation standardise on the iPhone smartphone to support mobility to its employees.

Todd Schofield, global head of mobility at Standard Chartered headed up the project. He told Computer Weekly in 2010 that the strength of the iPhone is its App Store, as well as its dual capability for staff at home and at work.

Ineffective computer system missed £1.4bn UBS fraud

The £1.4bn losses caused by a rogue trader at Swiss bank UBS could have been avoided had a computer used to detect unauthorised trading been more effective, according to the Financial Services Authority (FSA).

The FSA has fined UBS £29.7m for failings related to losses of £1.4bn caused by the unauthorised trading of Kweku Adoboli.

“The computerised system operated by UBS to assist in risk management was not effective in controlling the risk of unauthorised trading,” said the FSA report.

Adoboli was arrested following UBS's announcement that a rogue trader had caused massive losses. He was convicted of two counts of fraud and sentenced to seven years in prison.

Soon after the loss was announced, UBS interim CEO Sergio Ermotti admitted systems in the banks IT infrastructure did detect the unauthorised trading activities of the rogue trader who cost UBS over $2bn. In an internal memo, Ermotti also revealed nothing had been done about the warning signals.

Reports claim the service used to detect suspicious trading is run from an offshore location in India. A source in India told Computer Weekly that the problem occurred in a USB captive in Hyderabad.

The source said captives are less stringent about processes than suppliers. He told me that the reason the rogue trading was missed was because data had been deleted as part of a system upgrade. "If there had been a process, like that of any supplier, this would not have happened."

He said when data was being migrated to a new system it started to slow things down. The person doing the migration deleted data to speed things up, which meant the trading went unnoticed.

He said this would never happen with a supplier because of the strict processes and the risk of contract penalties.

The failure to monitor fraudulent activity highlights the need for banks to constantly monitor and upgrade their fraud systems.

In 2008, a rogue trader who cost French bank Société Générale £3.6bn was accused of using computer hacking techniques.

Image: Thinkstock

Centrica delivers SAP self-service HR portal with agile testing

Energy company Centrica has carried out its first corporate agile IT project, building an employee self-service HR portal in an SAP environment for 30,000 users.

Mark Tristram, agile development manager, Centrica said the SAP competency centre at the energy group’s corporate headquarters had been looking for an agile project candidate and alighted on the HR project partly because of the function’s enthusiasm.

“They were keen to get the right project delivered. It was not a case of IS doing agile to the business,” said Tristram. Centrica’s business units, which include British Gas, have agile project experience, he said, but this was their first corporate project.

Inspiring the project was a “three amigos” approach, he said. Testing, development and the business were “all on the hook together”.

Simon Evans, director at Experior, a testing consultancy that worked on the project, said that “agile is still very rare in the SAP world”. He and Tristram presented at this week’s SAP UK & Ireland user group conference in Manchester.

Centrica was looking to replace a system from HR consultancy Aon Hewitt, which remains a user of the new system. The project took 18 months, with an August 2012 go live, and comprised 10 three week development sprints, five in 2011, and five in 2012.

Centrica’s Tristram said the company’s IT function is “not aiming to become an agile factory”, but that this project lent itself well to the agile methodology. The contrast is with the waterfall approach, where “IS [information systems] goes down a hole and comes back in a year, declaring: ‘this is what we thought you wanted’”.

“With agile the business is in the room every day”. Their motivation is that they want all business administration process to go from 40% to 80% automation, he reported.

One advantage with the agile methodology was that an initially ugly user interface was dealt with early in the process. “We would not have caught that in a traditional project. And the business will pay more attention to that next time”, said Tristram.

Experior’s Evans said: “the project was big enough to be taken seriously, but not too big. HR is slightly isolated within the SAP platform at Centrica”.

The value of agile from a testing viewpoint, at least on this project, was that “all the nasty stuff is sorted in testing at the beginning. And so we went live very quietly”, he said.

Testing is also “front and centre” with agile said Evans. “It’s not about rattling keyboards”, in isolation.

“You do want to be involved in an agile project again, once you have done one”, said Tristram. “It is hard, especially for the business, but it is rewarding.

“Take up has been high”, he said. “You’re not so much looking to save money with agile. It is more about doing the right things, in the right order. The business is very pleased [with the outcome].

“Now we have an internal SAP platform that we can control. We can keep costs down and move faster”.

Networking services market to fall in next two years

IT buyers are moving away from using external networking services, according to new research from Computer Weekly and TechTarget.

The survey showed 55.5% of organisations had used outside services for their networking, wide area network (WAN) and unified communications deployments. However, just 33% said they planned on outsourcing these tasks in the next two years.

Only 13% of those who hadn't used external services for networking before planned to try it for size in the next 24 months.

A drop in budget was the main reason for moving away from the services, as 28% believed their specific service budget would fall – half of which said it would go down by more than 10%.

Two thirds said it was because they already had the skills in house, with just 9% blaming it on being too expensive.

Cisco was still the dominant provider of services for these companies. A significant 50% of respondents said they got their services from the networking giant, whilst 25% said they sourced it from Cisco authorised resellers or integrators.

The nearest significant player after that was HP, which 24% of the IT buyers said they got services from, followed by IBM at 18.5%.

The top two reasons for choosing the providers were the expertise they had on specific networking disciplines or due to an existing relationship – cited by 58.7% of respondents equally. Yet, even in times of tightening budgets, only 33.7% said best price was their main driver when choosing a service provider.

Greater Anglia rolls out train station Wi-Fi

Greater Anglia has signed a deal with The Cloud to roll-out Wi-Fi across its stations in the east of England.

The first station to get the technology will be Chelmsford – available from today – but other stops, including Cambridge, Norwich and Stansted Airport, will go online in the next few months.

“Since taking over the railway franchise in February, we have been focusing our efforts on improving customer service,” said Andrew Goodrum, customer service director for Greater Anglia.

“Offering our customers free Wi-Fi is an important part of this as we recognise that the internet is a vital part of people’s everyday lives.”

Users will only be entitled to one hour of free Wi-Fi per day from the service though, unless they are Sky customers. The Cloud is owned by BSkyB and offers free use of its hotspots as part of its TV and internet packages.

Vince Russell, managing director at The Cloud, added: “We have seen usage on our network increase at an unprecedented pace in the last two years and it shows no sign of slowing down.”

“To keep their customers satisfied, Greater Anglia needs a fast and reliable internet connection, which The Cloud Wi-Fi will provide, ensuring each person passing through the stations can enjoy the best journey possible.”

The Cloud provides Wi-Fi to a number of retail outlets, restaurants and sports venues, including Pizza Express and Lords Cricket Ground.

Google among firms hit in Pakistan hack

Technology firms including Google, Apple, eBay and Yahoo were among almost 300 companies whose websites were hit by a hack attack in Pakistan.

The attack, which exploited vulnerabilities in domain name systems (DNS) to redirect traffic, targeted sites with Pakistani domain names, such as .com.pk, .pk and org.pk, according to the BBC.

Visitors to the targeted sites were redirected to a web page with a picture of two penguins walking across a bridge with the slogan "Pakistan Downed".

Although the attacks targeted websites, and not the networks of the companies involved, services such as Google's Gmail were temporarily unavailable in Pakistan.

The motive for the attack has not been confirmed, but some reports have speculated that it was aimed at highlighting weaknesses in the organisation that administers .pk web domains, known as PKNIC.

Technology blog ProPakistani said it had received an email from the hackers explaining how they carried out the attack.

The hackers claimed that PKNIC’s servers were vulnerable to Boolean-based blind SQL injection, time-based blind SQL injection, cross-site scripting (XSS) and “sensitive directory disclosure”.

Image: Thinkstock

Video interview: Why develop for Windows 8?

In this interview, Anand Krishnan, director, developer & platform group, Microsoft UK speaks about Windows 8 development.

He says: "We're making a big shift to becoming a devices and services company." He believes Microsoft is on the edge of a revolution to redefine the idea of a device.

"It used to stand for phones and tablets. But we are walking into a world where a device is just a computer."

As Computer Weekly has previously reported, Windows 8 represents a departure from how applications are currently developed. "To truly take advantage of the new UI, you will need to redevelop applications," he adds.

computer

windows

Mersey Care NHS Trust moves to cloud in £3m deal

Mersey Care NHS Trust has signed a £3m deal for cloud services, in a move intended to deliver around £1.5m in savings.

Under the five-year contract, Mersey Care NHS Trusts' operational data and ICT infrastructure will move to SCC’s OptimiseCloud platform. The deal includes patient administration services, email provision, Share Point and a business intelligence (BI) system.

Some 15TB of data stored on the Trust’s 90 in-house servers will be transferred to the company’s datacentre from December.

Neil Smith, director of finance at Mersey Care Trust, said: “After an extensive review, the business case for moving to a cloud-based platform was compelling, offering significant savings over the alternative options we considered.

“The move will provide a more flexible infrastructure capable of responding to the organisation’s changing IT needs, freeing up the technical services IT resource to work on application developments and other service delivery projects," Neil Smith added.

The deal follows a framework agreement signed earlier this summer with Informatics Merseyside to allow nine organisations in the North West to access the cloud services.

A minimum of 15% is expected to be taken out of running costs, as bodies avoid maintenance and upgrade to their on-site data centres and servers.

The estimated cost of IT services for all the trusts over the next five years is about £16m if they all use the framework, compared to £20m if they built their own IT.

Dympna Wilson, head of service delivery for Informatics Merseyside, said the move would free up its 25 technical staff from having to spend as much time on systems administration work.

“We are doing a lot of innovative work in the mobile arena, and this means our staff can work with clinicians more closely on things like apps,” Dympna Wilson said.

She said the procurement process began in 2009, ahead of the government’s G-Cloud. But she added the body would look at the G-Cloud, once the framework contract expires.

SCC recently invested £25million in cloud services the company also offers cloud services to IL2 and IL3 services on the CloudStore.

Ofcom publishes proposals for white space devices

Ofcom has outlined its proposals for using the gaps between allocated frequencies to boost connectivity across the UK and opened a consultation to investigate the implications.

"White space" is the gap between frequencies of radio spectrum unused by licensed broadcasters.

The industry believes using these frequencies could enable boosted performance for Wi-Fi networks or encourage machine-to-machine (M2M) devices, such as a smart meters in the home transmitting data on how much energy has been consumed.

However, UK regulator Ofcom wants to ensure using white space doesn’t interfere with any other spectrum-based technology.

It has proposed a new database which white space devices will have to contact before connecting over white space. The database will then grant permission to the devices and define a limit on the power levels to ensure there is no interference with neighbouring spectrum.

“White space represents a fundamentally different approach to using spectrum by searching and recycling unused gaps in the airwaves,” said Ed Richards, CEO of Ofcom.

“This could prove critical in averting a global spectrum capacity crunch, as consumers demand more bandwidth over different devices.”

Ofcom is asking for feedback on the proposal and will run its consultation process until 10 January 2013. After this date, it will take its proposals to the European Union, but Ofcom believes if all goes to plan, white space technologies could launch within the year.

For more on the consultation, click here

Zero-day exploit for Yahoo Mail goes on sale

A hacker is selling a $700 zero-day exploit for Yahoo Mail that lets an attacker use a cross-site scripting (XSS) vulnerability to steal cookies and hijack accounts.

The hacker, known as “TheHell”, created a video to market the exploit on an underground cyber crime market called Darkode.

According to the video, attackers would have to lure a victim into clicking a malicious link to launch the exploit code that records the user’s cookies or small files containing user details, session tokens or other sensitive information retained by the browser and used with that site.

The cookies logger replaces the cookies it stole, the video claims, and allows the attacker to log in to the hijacked Yahoo email account, according to the Naked Security blog of security firm Sophos.

The hacker claims that the exploit works on all browsers and does not require an attacker to bypass IE or Chrome XSS filters, adding: “Will sell only to trusted people cuz I don't want it to be patched soon!"

Security researcher Brian Krebs alerted Yahoo to the vulnerability, and the company said it was responding to the issue.

Ramses Martinez, director of security at Yahoo told Krebs the challenge now is working out the exact yahoo.com URL that triggers the exploit, which is difficult to discern from watching the video.

“Fixing it is easy, most XSS are corrected by simple code change,” Martinez said. “Once we figure out the offending URL we can have new code deployed in a few hours at most.”

TheHell said his exploit attacks a stored XSS vulnerability, in which the injected code is permanently stored on the target servers, such as in a database, message forum, visitor log or comment field.

The victim’s browser then retrieves the malicious script from the server when it requests the stored information, said Krebs.

GCHQ aims to tackle open source security clearance problem

UK security services have begun bridging the gap that has stopped open source software getting security clearance for use in government systems.

The initiative has come too late to stop the first big contract wins delivered under the government's flagship G-Cloud procurement vehicle going to a supplier that shunned open source products because they did not have security accreditation.

Open source suppliers meanwhile insist the certification block has not disallowed their software from government systems – but it has allowed proprietary suppliers to raise doubts over open source security.

CESG, the IT security arm of Government Communications Headquarters (GCHQ), has begun working with an unnamed small UK business which has agreed to sponsor an open source virtual private network (VPN) system through its strenuous security clearances.

The small firm is the first open source supplier to break the impasse that has stopped open source software getting CESG security clearance.

The open source community thrives on collaboration to solve technical problems. But its commercial fragmentation and dominance by small suppliers has created an environment where individual companies have not been willing to risk investing in CESG certification, only for larger companies with better public sector exposure to reap the benefits.

The government's solution was to ask large suppliers to sponsor open source software through the security clearance process. But large suppliers have been slow to put their weight behind open source.

The cost of CESG certification is a prime example of a market failure. Government should put up the funding to correct it
Gerry Gavigan, chairman, Open Source Consortium

Computer Weekly understands CESG has instead begun working with the Department for Business, Innovation and Skills to recruit open source suppliers by convincing them there is a business case in putting up the necessary cash. They are formulating a way to assist the sponsoring firm's entry into the £16bn public sector IT market.

Philip Dawson, CEO of Skyscape, a hosting supplier that secured two large G-Cloud contracts, said it dismissed open source software when building its datacentre platform because of the uncertainty over security status.

Skyscape built its service on software supplied by virtualisation giant VMware, with which it formed a commercial alliance.

"I'm a great advocate of open source technologies – to a point," said Dawson. "Then the point is who takes it on and gets it accredited and invests in it, and who gets the benefit from it? VMware vSphere 4.1 is the only hypervisor that has been accredited by CESG. It was a factor in our decision on who we partnered with. You have to get really into the guts of it to understand how it works to get it accredited. And that's what VMware has invested in doing with CESG."

Computer Weekly understands, however, that VMware has not yet gained a full security certification, called the CESG Commercial Product Assurance (CPA), for its hypervisor software. It has worked extensively with CESG and is striving for certification, but it has got only as far as a classified list of software CESG says can be used by government, but has not passed the stringent tests of a formal certification.

CESG is thought to be working with other hypervisor suppliers, but is not evaluating any open source alternatives. No hypervisors have achieved certification, however, because the agency has been evaluating the security parameters of the technology generically. VMware has helped to do this. Since the formal test procedure has been in development, CESG has approached it as a risk management issue.

Kate Craig-Wood, managing director of Memset, another G-Cloud hosting supplier, said VMware had made a "claim to fame" that it had CESG certification, but it was superfluous.

Memset uses the open source Xen hypervisor. It attained a cross-government CESG accreditation for its service, incorporating the open source hypervisor, even though Xen itself was not certified. Memset's accreditation included "aggressive" penetration tests of the hypervisor to security Impact Level 3 (IL3), the standard for restricted government communications.

Craig-Wood said she had, as technical co-lead of the G-Cloud programme pilots, established the principle that any virtualisation software could be used to put multiple government servers on the same machine, regardless of the software's security certification, as long as the different servers were themselves all the same security level.

"I believe that still stands," she said. "People are hung up on virtualisation. People make a big issue out of VMware versus Xen. But it's not a big issue. You need to have a separate infrastructure stack on IL3 stuff anyway, because it can't be connected to the public internet. It's connected to the Public Sector Network. It's possible to use Xen in that setting. If some people still have an issue we just provision a private cloud."

A CESG spokeswoman said: "CESG's approach to accrediting G-Cloud services does not rely solely on the use of products which have been formally evaluated. Instead, the approach requires providers to demonstrate how they are managing the risks. It does not preclude the use of open source software."

The open source certification confusion has nevertheless stopped public sector bodies buying open source software, and allowed proprietary software suppliers to convince customers open source is not safe, as Computacenter did in Bristol last year.

The government's solution last year was to send a delegation to Bristol explaining that its decision on whether to use an open source email system was a matter for its own risk officer. But risk officers have still been uncertain about uncertified open source software.

The government asked large suppliers to sponsor open source software through the security clearance, but they have been reluctant to cooperate, even though they incorporate open source elements in both bespoke and generic systems that must themselves get a risk officer's accreditation under CESG guidance.

Alec Muffett, security consultant to Surevine, a small open source supplier that integrates social media tools, said: "I am aware that some suppliers have been using security as a FUD [fear, uncertainty and doubt] lever against some parts of government – local county and district offices, that sort of thing – to scare them into not going open source. This got so bad that CESG got up on stage last year and called it out as FUD."

Some of the confusion has come from the difference between accreditation and certification. Government risk officers must accredit their organisation's systems. Their assessments will incorporate a risk derived from whether its software components are CESG-certified or not.

CESG is understood to be keen to get open source software packages approved in what it deems the proper manner, with an industry sponsor. The unnamed supplier that has become the first to take up the baton has done so with its own cash – it did not raise community funding.

A foundation-level CPA certification, which covers most government business at IL2 to low-IL3, can cost around £25,000, with most of that paying for the time CESG's laboratory spends testing the software. An augmented CPA, to IL3/4 can cost another £60,000.

Gerry Gavigan, chairman of the Open Source Consortium, said: "If this is about stimulation of the economy, government should be funding it. If the government wanted a vibrant digital community, a vibrant open source software community, it could remove some of the stumbling blocks. The cost of CESG certification is a prime example of a market failure. Government should put up the funding to correct it.

VMware and the Department for Business, Innovation and Skills were unavailable for comment.

Google pushes infrastructure-as-a-service into Europe

Google is expanding its infrastructure-as-a-service (IaaS) cloud computing platform into Europe and cutting the price of its cloud-based storage by 20%.

From December 1 2012 the price for up to 1TB of storage will be reduced by $0.025 per month to $0.095. This is $0.025 cheaper than Amazon's equivalent S3 storage cloud.

Barak Regev, European head of Google’s Cloud Platform, said the company can now host data in the EU. Google’s Cloud Platform now meets EC data compliance regulations, but Google's expansion into Europe also means data traffic is closer to where it is needed by European users.

The European datacentre supports Google App Engine, Google Cloud Storage and Google Cloud SQL. The Compute platform, for hosting virtual machines is not yet available.

Google has introduced a lower-priced storage service called Durable Reduced Availability storage. Regev said Durable Reduced Availability storage is designed for non-operational class data storage.

Google has also added a way to protect data from being accidentally deleted. The Object Versioning feature automatically keeps a history of old versions of data.

Google has also expanded its Cloud SQL database to support data sets up to 100GB and has increased the number of compute platform configurations available in the Google cloud to 36 types of workload. Virtual machines with up to eight cores and 30TB of memory are available.

Google provides Ubuntu but Regev said Google is planning to provide Red Hat and SuSE Linux support.

Companies using Google’s IaaS cloud computing platform include a manufacturer running simulations on a high performance computing (HPC) workload based on 10,000 cores for one hour.

Regev added: “We have customers running Hadoop, batch processing.”

BigQuery, Google’s own big data analysis tool, is being used at Centerparcs to analyse big data to accommodation pricing across Europe.

Bioinformatics company, DNANexus, is using Google storage to store 350TB of DNA data.