CIOs Look Ahead: Millennials, Consumer Tech and the Future

Sep 17, 2012 05:10 pm | CIO.com

by Tom Kaneshige

It's 1 a.m. and Josh Robin is busy working.

"I'm kind of stir crazy, don't need a lot of sleep, so it's probably prime time for getting things done," says the fast-talking 25-year-old director of innovation at MBTA, the Massachusetts Bay Transportation Authority.

At any moment on any given day, Robin might be Skype-ing with interns, Tweeting work updates, or tapping on his personal iPhone to manage a cutting-edge mobile ticketing project. It drives him crazy that his workplace doesn't have Wi-Fi, which basically means he can't use his personal computer there.

Robin pays the monthly iPhone bill out of his own pocket, while a corporate-issued BlackBerry collects dust. "BlackBerries have become the metaphor for old-line IT," he says. "It would be a pain in the butt," if he was forced to use it.

If you think Robin is an oddity, think again. He is part of the next generation workforce known as the Millennials. They've been called many names: Always-On Generation, Gen Y and Digital Natives. They grew up right along with Facebook, Twitter, Skype and Apple's iPocalypse. They have different ways of working, different ideas about their jobs.

They're also the ones who will be running your company in the future.

Millennials and Consumer Tech

The Millennials, born between the years 1981 and 2000, are 85.4 million strong, outnumbering even the Baby Boomers, according to 2010 statistics from the U.S. Census Bureau. Attracting the brightest among them requires understanding and, yes, even catering to their desires.

A big part of that is giving them technology freedom.

Like Robin, Millennials don't want to unplug from work on the weekends and after-hours like their older counterparts, and so they want technology that keeps up with this lifestyle. They're driving today's big tech trends, such as consumer tech and bring-your-own-device, or BYOD, which naturally blends work life and social life.

Slideshow: 10 Coolest Tech Devices to Bring to Work

Truth is, they want to be in charge of the technology they use at work and don't want to be told otherwise. And chances are they do have a better grasp of the power of technology than older generations that grew up with, say, desktop computer towers, numeric pagers and clunky Microsoft Office.

"Millennials have little patience for bad IT solutions," says a 20-something mobile manager at a Silicon Valley company, speaking on condition of anonymity because he wasn't authorized to speak to the press. "When I interview Millennial job candidates, I ask, 'Do you have any questions for me?' They almost always respond, 'Will I have admin rights on my computer?'"

What's at Stake?

Appealing to Millennials with new-fangled technology just might be a CIO's highest priority. Fact is, Millennials will either drive your IT policy or your attrition rate.

Just ask Electronic Arts CIO Mark Tonneson. EA has been moving away from Windows-based Dell laptops and Hewlett-Packard desktops in favor of MacBooks, iPads, iPhones and Android phones. Some 10,000 smartphones fall under a sweeping BYOD policy. EA is even replacing cubicles and offices with open work spaces.

"This is a big push, and it's all in relation to the Millennials," Tonneson says. "As we look to bring on young talent, we're competing with Facebook, Zynga, Google, Apple."

EA's staff retention rate has never been better, Tonneson says, and consumer tech has played a crucial role in recruiting and keeping Millennials. It's certainly not the allure of stock options, since EA's stock has been sliding over the past year.

"They're staying because it's a great place," Tonneson says. "A lot of it is how we deliver solutions and services to them... and not encumbering them with old-line technologies."

Email and the Generation Gap

The effort to keep Millennials happy, though, has a dark side.

At last year's Consumerization of IT Expo, or CITE, in San Francisco, tech leaders spoke of the growing animosity between older workers and the Millennials. (For more CITE coverage, see BYOD: Making Sense of the Work-Personal Device Blur.)

When one company told its employees that they had to use a new enterprise social network to communicate with each other rather than email, older workers saw this as a sign that the company was prioritizing Millennials. Older workers felt their jobs were threatened.

The biggest difference among the generations is how people communicate, says Adam Noble, CIO at GAF Materials. Baby Boomers rely on the telephone, Gen X is all about email, and Millennials prefer social networking, instant messaging and even video chat. Tensions rise when, say, an old-line worker gets a video call across his PC from a Millennial worker.

"I often joke that if I email my teenage daughters, I'll never get a response," Noble says. "But if I put something on their Facebook page, I may get a response in seconds."

The challenge is to incorporate different styles of communication. Both GAF Materials and EA are working to integrate email and social communication to make the transition easier. Eventually, old-line employees will have to get on board with newer forms of communication.

"You can absolutely devolve into an argument of you-are-young-and-you-don't-get-it versus you-are-old-and-you-don't-get-it," says the Silicon Valley mobile manager. "But people who are the most creative and open-minded are going to adopt the coolest technology, regardless of how old they are."

Millennials Take Work Personally

If you don't embrace consumer tech, will Millennials bolt to a competitor?

Probably not right away, but down the road is another matter. The reason, say CIOs, stems from a common Millennial trait: Their identity is wrapped up in the job more so than older generations.

"Millennials tie a lot of their self-worth to the job," the mobile manager says.

Such a tight bond can lead to job-hopping. If they don't have the tools they think they need to perform at a high level, they may take it personally and become discouraged. As job performance suffers, they will look elsewhere.

Don't expect an older generation's sense of company loyalty to keep Millennials from jumping ship. Millennials have watched their parents get laid off, have their salaries cut, and their 401k's plummet. "Millennials have very little loyalty for sticking around a company," the mobile manager says.

Throwing cash at Millennials won't help, either. Last year, Cisco surveyed more than 2,800 Millennials and found that 40 percent of college students and 45 percent of young professionals would accept a lower-paying job if it had more flexibility on device choice, social media access and mobility.

The most effective way to foster loyalty among Millennials is by supporting trendy consumer tech in the enterprise, from iPhones to social communication to BYOD. They believe strongly that these tools play to their skills and give them the best opportunity for success, both personally and professionally.

Put more simply, MBTA's Robin says, "Technology tools today can facilitate the different ways people work, so why should technology get in the way?"

Tom Kaneshige covers Apple and Consumerization of IT for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Tom at tkaneshige@cio.com

Read more »

Jenkins integration server suffers security vulnerabilities

Sep 17, 2012 04:48 pm | InfoWorld

Four vulnerabilities, including two affecting the Jenkins core and one deemed critical, have been identified

by Paul Krill

Jenkins, the open source continuous integration server that forked out of Oracle's Hudson project, is facing several security vulnerabilities Monday, with the Jenkins project leader recommending upgrades to the Jenkins core and some plug-ins to fix the problems.

A security advisory posted by project leader Kohsuke Kawaguchi cites four vulnerabilities, including two affecting the Jenkins core. The first vulnerability has been deemed critical. "The first vulnerability in Jenkins core allows unprivileged users to insert data into Jenkins master, which can lead to remote code execution. For this vulnerability to be exploited, the attacker must have an HTTP access to a Jenkins master, and he must have a read access to Jenkins," the security advisory said.

[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. ]

The second vulnerability in the core involves a cross-site scripting vulnerability, allowing an attacker to craft a URL that points to Jenkins, with an attacker able to hijack a legitimate user's session. Two other vulnerabilities, also involving cross-site scripting, affect the Violations and Continuous Integration Game plugins. The Violations plug-in scans for violation XML files in the build workspace; the Game plug-in offers tips on improving builds.

To fix the core vulnerabilities, main line users should upgrade to Jenkins 1.482, and LTS (Long-Term Support) users should upgrade to version 1.466.2. To fix the Violations plug-in, users are to upgrade to version 0.7.11 or later, while the CI game plug-in can be remedied by upgrading to 1.19 or later.

Kawaguchi said the fixes plug all known holes. "However, the nature of this game is such that someone will find a new vulnerability --- it's just a matter of when. So we encourage users, especially those who run Jenkins in a higher-risk environment (on the public Internet, in a security sensitive environment, etc.), to monitor security advisories by subscribing to the mailing list or an RSS feed."

He assuaged fears about the vulnerabilities, noting limitations. "Those who are running Jenkins inside a corporate firewall, which I think are the majority, [have] a mitigating factor, because one of the vulnerabilities requires an attacker to have an HTTP access to the Jenkins master and the other vulnerability requires the attacker to know the URL of your Jenkins. So it pretty much requires an attacker to be an insider." But he added, "Nonetheless, we recommend everyone to update to a version that contains the fix in a timely fashion."

Hudson forked out of Project Hudson in the wake of Oracle's 2010 acquisition of Sun Microsystems. Oracle has since handed Hudson over to the Eclipse Foundation.

This article, "Jenkins integration server suffers security vulnerabilities," was originally published atInfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Read more about security in InfoWorld's Security Channel

Read more »

How to Manage Data Center Complexity

Sep 17, 2012 04:45 pm | CIO

by Thor Olavsrud

Complexity in the data center has a number of unwelcome effects on the enterprise, from increased costs to reduced agility and even downtime. For the past five years, organizations have been virtualizing their data centers in an effort to reduce complexity and increase efficiency. But while virtualization offers significant benefits, many such projects have shifted rather than eliminated complexity in the data center. To truly mitigate data center complexity, organizations need training, standardization and information governance.

"So many people think that virtualization is the penicillin of the data center, but in reality, what we've seen is that while people are investing heavily in virtualization, they didn't necessarily have the foresight to see the ramifications of virtualizing so quickly," says Danny Milrad, director of product marketing at Symantec, which just released the results of its 2012 State of the Data Center Survey. "One of the benefits of virtualization is spinning up an application so quickly, but they don't think about how big the footprint of that application can become."

Business-Critical Apps Drive Data Center Complexity

The increasing number of business-critical apps is the primary driver of complexity in the data center: 65 percent of respondents in Symantec's study listed it as a driver of the complexity of their data centers. Symantec contacted 2,453 IT professionals from 32 countries. They included senior IT staff focused on operations and tactical functions, as well as staff members focused on planning and IT management.

"Show me an app that isn't a business critical application outside of file and print these days," Milrad says. "Now you've got to replicate it, and your storage footprint goes up. With all these new applications coming online, they're being virtualized, and you've got a ton more data than you ever expected."

When that happens, organizations hit a wall. "As they virtualize more and more, the cost of storage and the cost of virtualization licenses and everything that falls out of that grows faster than expected," he says. "Storage is cheap, but it's still very expensive when you have to buy 10 times more than you expected."

Other key drivers of data center complexity include the growth of strategic IT trends such as mobile computing (cited by 44 percent of respondents), server virtualization (43 percent) and public cloud (41 percent). The most commonly cited result of data center complexity is increased costs (47 percent). But other effects include reduced agility (39 percent), longer lead times for storage migration (39 percent) and provisioning storage (38 percent), security breaches (35 percent) and downtime (35 percent).

Complexity a Key Contributor to Data Center Outages

The survey found that the typical organization experienced an average of 16 data center outages in the past 12 months, at a total cost of $5.1 million. On average, one of those outages was caused by a natural disaster (costing $1.5 million), four were caused by human error (costing $1.7 million) and 11 were caused by system failure resulting from complexity (costing $1.9 million).

That's not to say virtualization is a bad thing, Milrad is careful to note, but it does mean IT needs to pay attention and prepare for the potential side effects.

"It's much like what happened with the introduction of SharePoint," Milrad says. "SharePoint created a power and cooling nightmare. It wasn't expensive for marketing or sales to spin them up, but power, cooling and storage costs went up as a result. It's the same thing with virtualization. IT needs to get [its] arms around it and manage it as part of the infrastructure. It's just a matter of slowing down and looking at what you're doing."

The survey found that 90 percent of organizations are implementing or actively discussing information governance in an effort to get their data center complexity under control. They cite enhanced security, ease of finding the right information in a timely manner, reduced costs of information management and storage, reduced legal and compliance risks and moving to the cloud among the benefits they seek to achieve.

Best Practices for Mitigating Data Center Complexity

Trevor Daughney, also a director of product marketing at Symantec, recommends adopting the following best practices to help reduce data center complexity:

Get visibility beyond platforms. Understand the business services that IT is providing, and all of their dependencies, to reduce downtime and miscommunication.

Understand what IT assets you have, how they are being consumed, and by whom. This will help cut costs and risk. The organization won't buy servers and storage it doesn't need, teams can be held accountable for what they use and the company can be sure it isn't running out of capacity.

Reduce the number of backup applications to meet recovery SLAs and reduce capital expenses, operating expenses and training costs. The typical organization has seven backup applications, generally point products for particular databases.

Deploy deduplication everywhere to help address the information explosion and reduce the rising costs associated with backing up data. It's not to simply deduplicate the backup. Consider placing an archive that has deduplication capabilities next to applications such as Exchange or SharePoint that tend to be the biggest data offenders.

Use appliances to simplify backup and recovery operations.

Establish C-level ownership of information governance. Building an information-responsible culture and creating an umbrella of information governance can help organizations capture synergies across focused projects.

Read more »

Two Romanians plead guilty to point-of-sale hacking

Sep 17, 2012 04:42 pm | IDG News Service

The two men were part of a conspiracy causing $10 million in losses from customers of Subway restaurants

by Grant Gross

Two Romanian men have pleaded guilty to participating in a US$10 million scheme to hack into the computers of hundreds of Subway restaurants in the U.S. and steal payment card data, the U.S. Department of Justice said.

Iulian Dolan, 28, of Craiova, Romania, pleaded guilty Monday to one count of conspiracy to commit computer fraud and two counts of conspiracy to commit access device fraud, and Cezar Butu, 27, of Ploiesti, Romania, pleaded guilty to one count of conspiracy to commit access device fraud, the DOJ said.

Dolan and Butu were two of four Romanians charged in December in U.S. District Court for the District of New Hampshire with hacking Subway point-of-sale computers.

In his plea agreement, Dolan has agreed to be sentenced to seven years, and Butu has agreed to be sentenced to 21 months in prison. 

The two men, in their guilty pleas, acknowledged participating in a Romanian-based conspiracy, lasting from 2009 to 2011, to hack into hundreds of U.S. point-of-sale (POS) computers, the DOJ said. Co-conspirator Adrian-Tiberiu Oprea is in U.S. custody and awaiting trial in New Hampshire. The group used stolen payment card data to make unauthorized charges or to transfer funds from the cardholders' accounts, the DOJ said.

The scheme involved more than 146,000 compromised payment cards and more than $10 million in losses, the DOJ said.

During the conspiracy, Dolan remotely scanned the Internet to identify vulnerable POS systems in the U.S. with certain remote desktop software applications (RDAs) installed on them, the DOJ said. Using these RDAs, Dolan logged onto the targeted POS systems over the Internet.  The systems were often password-protected and Dolan attempted to crack the passwords to gain administrative access. 

He then installed keystroke logging software onto the POS systems and recorded all of the data that was keyed into or swiped through the POS systems, including customers' payment card data, the DOJ said.

Dolan electronically transferred the payment card data to various electronic storage locations, called dump sites, that Oprea had set up, the DOJ said. Oprea later attempted to use the stolen payment card data to make unauthorized charges on, or transfers of funds from, the accounts, the DOJ alleged, and he attempted to sell the stolen payment card data to other co-conspirators. 

Dolan stole payment card data belonging to approximately 6,000 cardholders, the DOJ said. Dolan received $5,000 to $7,500 in cash and personal property from Oprea for his efforts, the DOJ alleged.

In his plea agreement, Butu said he repeatedly asked Oprea to provide him with stolen payment card data and that Oprea provided him with instructions for how to access the website where Oprea had stored a portion of the stolen payment card data, the DOJ alleged.

Butu later attempted to use the stolen payment card data to make unauthorized charges on, or transfers of funds from, the accounts. He also attempted to sell, or otherwise transfer, the stolen payment card data to other co-conspirators. Butu acquired stolen payment card data from Oprea belonging to approximately 140 cardholders, the DOJ alleged.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Read more »

Smartphones and tablets may be making you sleepless, fat and sick

Sep 17, 2012 04:26 pm | Computerworld

Using back-lit devices and laptops decreases melatonin, researchers find 

by Sharon Gaudin

Having trouble sleeping? Gaining a bit of weight?

Your smartphone or computer might be to blame.

Actually, the problem is more likely about your obsession with your laptop and devices than the devices themselves.

A new study from researchers at the Rensselaer Polytechnic Institute in Troy, N.Y. shows that even a two-hour exposure to any backlit device - smartphone, laptop, tablet - suppresses your body's ability to produce melatonin, which could cause sleeplessness, especially in teens and seniors.

Melatonin is a hormone that helps regulates the body's sleep clock.

The study also showed that exposure to back lighting over the course of "many consecutive" years could also lead to an increased risk for obesity and diabetes, as well as breast cancer.

"Technology developments have led to bigger and brighter televisions, computer screens, and cell phones," said university researcher Brittany Wood, who worked on the study. "This is particularly worrisome in populations such as young adults and adolescents, who already tend to be night owls."

Zeus Kerravala, an analyst with ZK Research, said he's not surprised that devices are affecting health because so many people are obsessive about them, constantly keeping them close by - even when they're sleeping.

"I can see that the obsession with Facebook, Twitter, text messages, e-mail and the other dozen or so ways to communicate is hurting our health," said Kerravala. "People used to disconnect from the outside world when they went to bed. They don't anymore. Almost everyone I know sleeps with their device no more than a few feet from their head so they don't miss out when something happens."

And when text messages or emails come in, devices buzz and light up with alerts. That means even during sleep, we're being bombarded with that electronic light.

To sleep better and head off other health issues, people should avoid using their devices at night -- especially, before bedtime. And they should not keep them beside the bed at the night.

"People need to want to disconnect," said Kerravala. "Plug the phone in another room to charge. Use an alarm clock as an alarm clock instead of your phone, and realize whatever is happening in the social media world can wait until tomorrow."

However, Kerravala noted that this will be a difficult change for a lot of people to make.

"I think we're really hooked," he noted. "The smart phone is like an addictive drug. The more you use it, the more you want it. It's almost like we need SPA (Smart Phone Anonymous) where we need counselors to help us."

University researchers said they're hopeful device manufacturers will be able to use this information to change the lighting in their devices so users won't be so affected by it.

Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, on Google+ or subscribe to Sharon's RSS feed. Her email address is sgaudin@computerworld.com.

See more by Sharon Gaudin on Computerworld.com.

Read more about smartphones in Computerworld's Smartphones Topic Center.

Read more »

House panel sets Friday hearing on probe of LightSquared deal

Sep 17, 2012 04:07 pm | IDG News Service

The House Energy and Commerce Committee wants to know whether the FCC followed its own rules

by Stephen Lawson

A subcommittee in the U.S. House of Representatives will hear testimony on Friday about whether the FCC followed its own rules when it gave LightSquared conditional approval for an LTE network early last year.

LightSquared wants to build a land-based 4G LTE network to complement its satellite-based mobile data system. In January 2011, the U.S. Federal Communications Commission gave the company the last major break it sought for the plan, but it demanded proof that the network wouldn't lead to interference with GPS receivers. Subsequent tests showed interference with some devices, and on Feb. 15 this year the FCC proposed steps that would kill LightSquared's plan.

Just two weeks later, the House Energy and Commerce Committee asked the relevant federal agencies for all of their communications about LightSquared. The panel questioned why regulators conditionally approved the network in the first place without learning more about the interference issue. In addition to the FCC, other agencies targeted in the probe include the National Telecommunications and Information Administration (NTIA) and the National Executive Committee for Space-Based Positioning, Navigation and Timing.

Friday's hearing, entitled "The LightSquared Network: An Investigation of the FCC's Role," will take place before the committee's Subcommittee on Oversights and Investigations. It will begin at 9:30 a.m. in Washington, D.C., and a link to a webcast will be available at the Energy and Commerce site, according to a notice by the committee.

LightSquared is no stranger to politics. Republicans, who control the House, in the past have accused the Obama administration of giving LightSquared preferential treatment in return for political contributions by Philip Falcone, whose Harbinger Capital Partners investment firm owns most of LightSquared.

After the FCC's negative ruling in February, LightSquared declared bankruptcy. The company is still proposing ways to make its network possible, such as a swapping some of its spectrum for another band. Last Wednesday, LightSquared executives met with an official from the office of FCC Commissioner Mignon Clyburn to discuss its ongoing pursuit of the network.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

Read more »

Android under fire again for poor vulnerability patching

Sep 17, 2012 03:37 pm | CSO

by Antone Gonsalves

Carriers and device managers continue to be slow at patching Android devices, as the number of malware targeting the mobile operating system soars, recent studies show.

Two security vendor reports released last week point to the continuation of a longstanding problem with Android devices. The platform remains the prime target for malware, yet there's no easy way for users to keep the software up to date with the latest patches.

In the latest findings, Duo Security collected results from 20,000 Android devices that users had scanned with the company's X-Ray vulnerability assessment tool, which became generally available a couple of months ago.

Based on the results, Duo estimates that more than half of Android devices worldwide have unpatched vulnerabilities.

"We feel this is actually a fairly conservative estimate based on our preliminary results, the current set of vulnerabilities detected by X-Ray, and the current distribution of Android versions globally," Jon Oberheide, Duo's chief technology officer, said in a blog post.

[In depth: Mobile device security - 5 questions to ask when creating policy (includes video)]

Duo's findings are in line with a Bit9 report released this year. The security vendor found that 56% of Android phones in the marketplace in 2011 were running out of date and insecure versions of the software. Device manufacturers found to be slow in upgrading phones included Samsung, HTC, Motorola, Sanyo, LG and Sony.

In the meantime, Sophos reported last week that the number of newly discovered malware for Android hasincreased 41 times this year over 2011, based on samples collected by the vendor's lab.

Almost half of the increase comes from a family of toll fraud malware targeting Eastern European markets. Toll fraud is when a malicious app secretly sends text messages from a hijacked phone to paid services. Cybercriminals typically get a cut of the generated revenue.

Closer to home, the biggest threat in the U.S. is new apps that contain aggressive advertising tactics that cross the privacy line. The more aggressive apps place links for sponsored apps in the phone's launcher area, display advertising even when the app is not running and send the user's personal information to the advertising server. These tactics are often in violation of Google's ad policy for Android.

Overall, the studies reinforce what security experts have known for years: Android fragmentation is an ongoing risk for users.

Unlike iOS, which only Apple controls on the iPhone and iPad, the Android market has many vendors using many versions of the platform. This translates into a mishmash of patching strategies made more complicated by carriers responsible for pushing out updates.

"Some carriers push out patches sooner than others, and some users install patches sooner than others," said Chenxi Wang, an analyst for Forrester Research. "No one should really be surprised that more than half of Android devices have unpatched flaws. Would the situation get better any time soon? I don't see it."

While no easy solution is in sight, Android malware is on the rise, which increases the risk to users with unpatched phones, Wang said. However, mobile malware is not at the level of maturity as malicious apps built to exploit vulnerabilities in PCs, so the danger to Android users is far less.

"You can survive not having updated your phone OS for some time, but you cannot survive if you don't update your [antivirus] or OS patches for your PC," Wang said.

The level of risk to Android users is a longstanding debate in the industry. While antivirus vendors are a steady source of threat research, Google has said they are hyping the risk to sell their products.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Read more »

FCC rules that cable operators can buy local phone carriers

Sep 17, 2012 02:47 pm | IDG News Service

The agency relaxes rules against acquisitions contained in the 1996 Telecom Act at the request of cable operators

by Grant Gross

The U.S. Federal Communications Commission has waived restrictions that prevented cable operators from acquiring local telephone carriers, saying those mergers could lead to stronger competition to large telecom carriers for business customers.

The FCC on Monday approved a request by trade group the National Cable & Telecommunications Association (NCTA) to relax rules in the Telecommunications Act of 1996 that prohibited cable firms from acquiring more than a 10 percent stake in any local exchange carrier within the cable firm's franchise area, with some exceptions.

The '96 Act, as the law is called, attempted to preserve competition between cable providers and telecom carriers, the FCC noted in its ruling. But relaxing the rules for cable firms to acquire some local telecom carriers, called competitive local exchange carriers or CLECs, could create competition for the dominant, incumbent carriers, often called ILECs.

The decision to allow the acquisitions "will likely speed the entry of cable operators into the market for telecommunications services provided to business customers," FCC staff wrote in the ruling. "Alliances between competitive LECs and cable operators can merge these entities' complementary capabilities, resulting in increased facilities-based competition."

The NCTA argued the prohibition does not make competitive sense. The trade group argued that the '96 Act did not prohibit cable operators from acquiring CLECs, but only incumbent telecom providers. The FCC rejected that argument, and denied the NCTA's request for the agency to permanently overturn the rules, but the FCC decided to suspend the rule.

The ruling should lead to more competition, said Robert McDowell, a commissioner at the FCC. "Consumers will benefit from the increased efficiencies springing from strategic combinations between cable companies and competitive local telecom companies," he said in a statement. "This forbearance order promotes good public policy because it should spur competition in the telecommunications marketplace."

The NCTA praised the decision, saying it removed "outdated obstacles that have historically deterred pro-competitive transactions" between cable firms and CLECs. The NCTA's request for the change was prompted by one proposed merger that was rejected by a local cable franchising authority, a spokesman said.

Other groups said they were disappointed in the decision. After the FCC's August approval of a dealallowing Verizon Communications to buy wireless spectrum from a group of cable operators, "it's disappointing to see the commission scaling back these protections, too," said Matt Wood, policy director for Free Press, a digital rights group.

"We need real competition policies to spur the deployment and adoption of affordable broadband services," Wood added in an email. "We hope this so-called streamlining of the agency's review process will not merely transplant the duopolies we already see in the residential broadband market into the business market, which until now has been one of the few places that competitive carriers maintain a foothold and offer an alternative to big phone and cable."

The Independent Telephone and Telecommunications Alliance (ITTA), a trade group representing midsized telecom carriers, also raised concerns about the FCC's action.

The NCTA's request for the relaxed rules "in order to be able to compete more effectively against the 'big bad' ILECs, is a gross mischaracterization of the current communications marketplace," Genny Morelli, president of ITTA, said in an email. "In many markets, large, nationwide, vertically-integrated cable conglomerates have come to dominate the market for the bundled service packages favored by most consumers today."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Read more »

Zuora launches app suite for subscription businesses

Sep 17, 2012 02:36 pm | IDG News Service

The offering includes a new finance module to go along with Zuora's billing and commerce cloud software

by Chris Kanaracus

Zuora, a cloud application startup focused on products that serve subscription-based businesses, announced Monday that it has added a finance module to its previously released billing and commerce software and is selling the trio as a suite called Z-Business.

There are millions of businesses based on a subscription model, and they go well beyond magazines, wine-of-the-month clubs and digital content, said Zuora CEO Tien Tzuo. He pointed to companies such as Rent the Runway, which allows customers to rent high-end fashions on a subscription basis, as well as Kiwi Crate, which provides regular deliveries of arts and crafts products for kids.

The core point is that these companies are building deeper, ongoing relationships with customers, versus dealing with them transaction by transaction, Tzuo said.

Zuora's billing and commerce software has helped such companies handle two aspects of their businesses, but it turns out that finance presents challenges to subscription businesses as well, according to Tzuo. "Finance hasn't changed since double-entry bookkeeping was invented," he said. "That's worked well for 500 years. It doesn't work anymore."

For one thing, recurring revenue and expenses have to be recorded and tracked differently than one-time sales and costs, according to the company's announcement.

Subscription companies are dealing with these problems, but in a painful and time-consuming manner, according to Tzuo. "What we're finding is more and more of the finance department is seeping out into a phantom accounting system called Microsoft Excel," he said.

Z-Business and the finance module will help these companies crunch their subscription numbers and get them into the general ledger more easily, according to Zuora.

About 20 Zuora customers have been using the new finance component, including a large telco in Singapore, Tzuo said.

Z-Business pricing starts at $30,000 a year for the Growth edition, aimed at smaller companies, and $100,000 for the enterprise version. Existing billing and commerce customers can upgrade when they like to Z-Business, and Zuora will make "a sweet deal for them," Tzuo said.

Zuora made the announcement as it holds its Subscribed 2012 user conference in San Francisco.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com

Read more »

Cisco takes its lumps, keeps developing video meeting tools

Cisco Systems owned up to some miscalculations in its video collaboration strategy but showed off some promising future capabilities in a briefing with media this week.

The company's video meeting business is best known for its TelePresence Meeting Systems, especially the high-profile three-screen meeting rooms that include Cisco-designed furniture and cost hundreds of thousands of dollars. But Cisco is now looking beyond those swanky environments toward mobile devices that can bring video meetings to participants wherever they are.

One platform intended as part of that strategy, the company's Android-based Cius tablet, has been cut from future development plans, said Barry O'Sullivan, senior vice president and general manager of the Collaboration Technology Group, during the briefing at Cisco on Thursday afternoon. Cisco discussed the move in a blog post later on Thursday. The Cius will still be available for companies that specifically want a device issued and tightly controlled by the IT department, but Cisco won't be developing more form factors for the platform, O'Sullivan said.

Cisco now acknowledges most enterprises let employees bring their own tablets to work, citing its own survey that said 95 percent of companies have a BYOD (bring your own device) policy.

"When we talk to them about the Cius tablet, they say, we love the collaboration experience on Cius, but can you please take that software and put it on other devices?" O'Sullivan said.

"Our strategy for the future is all about software," O'Sullivan said.

The next chapter in that push is a new client for Jabber, Cisco's voice, video, instant-messaging and presence platform, coming this summer. Jabber clients are already available for Apple iOS and for Research In Motion's BlackBerry platform, as well as Windows PCs, and will soon come out for general Android tablets, he said.

The new Jabber client will allow users to take video calls on PCs, tablets and Cisco TelePresence systems and transfer the calls from one platform to another. Cisco APIs (application programming interfaces) allow Jabber functions to be integrated into Microsoft Outlook so users can find contacts and start Jabber calls from Outlook, and this integration will be expanded in the new versions.

At the briefing, Cisco demonstrated Jabber sessions being moved among different platforms. It also showed users of third-party videoconferencing systems, including Microsoft Lync and a Polycom HDX system, becoming full participants in a Cisco TelePresence meeting. Cisco's inclusion of industry standards including SIP (Session Initiation Protocol), H.323 and H.264 make this possible, the company said.

The full-scale TelePresence platform is still marching forward despite the new emphasis on bringing in diverse clients. And real-time translation of telepresence meetings is back on Cisco's roadmap.

In late 2008, Cisco video chief Marthin De Beer said that he expected that feature to go on sale with 20 languages in the second half of 2009. But a year later, Cisco said the system's accuracy wasn't high enough and the company didn't even have a forecast for when it would go on sale.

Cisco is still working on it, said De Beer, now senior vice president of Cisco's Video and Collaboration Group.

"It's coming along. It's not quite real-time yet," De Beer said. "It's a little bit too expensive still to do that and the technology's not ... perfected enough." But De Beer once again expects the feature to be commercially available within a year or two. Cisco does offer translation of a recorded meeting within a few minutes, he said.

The Cisco TelePresence systems already installed in enterprises are being used about six hours per day on average, De Beer said. But new mobile video options may be hurting another business Cisco once promoted as a big potential market, of videoconferencing suites for rent in hotels and airports, he said.

"It is being used. It has not gone pervasive, it has not gone big," De Beer said. "We've sold probably hundreds of units in that space." The Marriott hotel chain has set up suites in multiple of its locations, he said. But the rentals, which in some cases were priced at hundreds of dollars per hour, may not be necessary down the road.

"Now that video becomes pervasive on your iPad, on your smartphone and your PC, maybe that use case will actually diminish," De Beer said.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

Read more »

Rehearsals over, IPv6 hits Broadway June 6

IPv6 will go fully live on June 6. That's the date when 50-plus access networks and more than 2,500 websites -- including Google, YouTube, Facebook and Yahoo -- will turn on support for the long-anticipated upgrade to the Internet's main communications protocol and leave it on for good.

World IPv6 Launch Day is being coordinated by the Internet Society, which is promoting IPv6 as the best strategy for ensuring that the Internet continues to grow as address space becomes increasingly scarce with IPv4, the original version of the Internet Protocol.

Participants in World IPv6 Launch Day are trying to drive home the message to techies worldwide that it's time to start deploying IPv6.

"If you've been waiting to deploy IPv6, there is no reason to continue waiting," says Leslie Daigle, chief Internet technology officer with the Internet Society (ISOC). "There are customers who will view your website over IPv6 now. It isn't experimental. It's out there for real."

BACKGROUND: Leading ISPs, websites commit to June 6 start date for IPv6

Some of the largest ISPs have signed on for World IPv6 Day, including Comcast, AT&T, VerizonWireless and Time Warner here in the United States. Each has agreed to enable IPv6 for 1% of their subscribers by Wednesday.

"One percent was chosen as a metric because it is a big deal," Daigle explains. "It represents a serious commitment by the network operators to provide IPv6. In order to get to 1%, you have to have IPv6 enabled on a considerably larger percentage of your customer base because not everybody has a home router that can do IPv6 or equipment that is configured to use IPv6. To get to 1%, [one ISP executive] estimates that you have to have 10% or more of your network enabled."

Comcast met its goal of IPv6-enabling 1% of its subscribers on May 24. 

"We've launched IPv6 to a third of our network at this point," said John Brzozowski, chief architect for IPv6 and distinguished engineer with Comcast. "We will be deploying it to the rest of our network over the balance of this year and likely beyond 2012. At this point, the momentum is there for IPv6, and we are making significant strides in penetration and the number of people that have IPV6 available to them."

Equally significant is the participation by content delivery networks such as Akamai and Limelight.Akamai carries between 20% and 30% of the Internet's Web traffic on any given day, so its support of IPv6 is a boon for the new protocol. Among Akamai's customers are Apple, Lands' End, Ticketmaster and Travelocity.

World IPv6 Launch Day is designed to "send enough IPv6 traffic toward content providers to give them confidence that the big access providers are serious about IPv6 and that they should leave it on at their front doors," Daigle says.

Thousands of popular websites have agreed to permanently enable IPv6 by Wednesday. Some, including Facebook, have already turned on IPv6 in production mode. Other World IPv6 Launch Day participants include: consumer-oriented websites such as Bing and Netflix; U.S. government agencies including NASA and the Census Bureau; universities such as Indiana University and the University of Pennsylvania; and network vendors such as Cisco and Check Point.

"World IPv6 Launch Day is a lot larger than people understand," says John Curran, president and CEO of the American Registry for Internet Numbers (ARIN), which doles out IPv4 and IPv6 addresses to network operators in North America. "It's not a small decision for the major content providers to turn on IPv6 and leave it on. From now on, everything they roll out will be on IPv4 and IPv6."

Additionally, four home networking equipment manufacturers -- Cisco, D-Link, NDM Systems and ZyXel Communications -- have agreed to enable IPv6 by default on their home router products by the June 6 deadline.

"There are other home router vendors that are mostly there [with IPv6 support] but for one reason or another haven't gone through the certification process," Daigle says. "We have definitely met our mark in terms of raising awareness with the CPE equipment vendors that IPv6 is real."

Created in 1998 by the Internet Engineering Task Force, IPv6 offers an expanded addressing scheme but is not backward compatible with IPv4. While IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet, IPv6 uses 128-bit addresses and can connect up a virtually unlimited number of devices: 2 to the 128th power.

The Internet needs IPv6 because it is running out of IPv4 address space. The free pool of unassigned IPv4 addresses expired in February 2011, and in April 2011 the Asia-Pacific region ran out of all but a few IPv4 addresses being held in reserve for startups. The European registry is expected to deplete its supply of IPv4 addresses in August, and ARIN next summer.

Network and website operators have two choices when it comes to IPv6: They can either support both protocols in what's called dual-stack mode, or translate between IPv4 and IPv6. Until now, most have been unwilling to make the upgrades required to support IPv6 because IPv6 traffic has been so scarce.

That's expected to change after June 6, when IPv6 traffic is expected to surge. While the most recent estimates are that IPv6 represents less than 0.5% of all Internet traffic, participants in World IPv6 Launch Day are hoping to drive IPv6 up to 1% or more of Internet traffic.

BACKGROUND: Lack of IPv6 traffic stats makes judging progress difficult

"One [college] campus expects that on June 6, 50% percent of its network traffic will be IPv6 because its top four most-visited sites are participating in World IPv6 Launch Day," Daigle says. "It might surprise some enterprises how much IPv6 traffic they will see if their users are going to Google, Facebook or Yahoo."

The anticipated surge of IPv6 traffic after June 6 is expected to bring new security threats along with it.

In February, Arbor Networks reported the first-ever IPv6-based distributed denial-of-service attacks. While IPv6 security incidents remain rare, experts predict that as more Internet traffic flows over IPv6, DDoS attacks, malware and other threats will follow.

Experts say enterprise network managers should upgrade their DDoS detection, intrusion protection and deep packet inspection systems to support IPv6.

"It's time for the enterprise to make sure that their security devices are IPv6-enabled, that they have the ability to look at IPv6 traffic and to create rules for it and do intrusion detection," advises Bob Hinden, one of the creators of IPv6 and a Check Point fellow. "Most host operating systems -- Windows Vista, 7, Mac OS, Linux, IOS and Android -- all have IPv6 in them. Even though they may not think they have IPv6 turned on, there might be tunneled traffic coming from outside their enterprise. It's important that the enterprise know what's going on with IPv6 in their network."

Read more about lan and wan in Network World's LAN & WAN section.

Read more »