Tech Chats from ITProPortal.com

In this podcast we discuss the impact that mobile is having on the retail industry and how retailers are managing to keep up with the pace of change.

Matt Wilkins is the ex- Google Global Integration Lead. Matt was responsible for the full integration of new global mergers and acquisitions in EMEA, APAC and the Americas (he held this role for seven years).

His current role is Senior Vice President of Product and Engineering, for RetailMeNot (the world's largest marketplace for digital coupon offers) and its UK subsidiary Vouchercodes.co.uk(the UK’s largest online coupon site).

VoucherCodes.co.uk is the largest voucher code marketplace in the industry, operating with a team of specialised retail and leisure partner managers who act as advisors on best practice, managing marketing spend and consumer trends. More than 7.5 million consumers subscribe to VoucherCodes.co.uk, enabling retailers to access new consumer segments, which in turn ensures consumers receive the best, exclusive offers.

Before we got onto the subject of mobile technologies in retail, I first asked Matt about what it was like working for a Tech Giant like Google. 

For more podcasts visit: http://www.itproportal.com/podcasts

In this episode of the Tech Chats podcast from ITProPortal.com we are live from the IFA 2014 conference in Berlin where Paul Cooper and Aatif Sulleyman got the opportunity to chat with Lenovo’s Product Marketing Director, Andrew Barrow. In this conversation hear how Lenovo are keeping the PC alive and also some details on their reported acquisition of Motorola phones.

For more podcasts visit: http://www.itproportal.com/podcasts

In this episode we are live from the IFA 2014 conference in Berlin. Paul Cooper from ITProPortal.com speaks to one of the founders of an innovative new company called 3doodler. David Cowen talk us through where the innovation for their handheld 3D printers came from and how they are going about building their kickstarter business.

For more podcasts visit: http://www.itproportal.com/podcasts

New research commissioned by Project Sunblock shows that more than a third of UK brands have no insight into where their display advertising is appearing online. A further more worrying statistic for the online advertising industry is that nearly half of senior marketers in the UK believe that online advertising is not transparent enough.

To tell us more about the outcomes of Project Sunblock research and discuss the challenges facing the online advertising industry is Duncan Trigg, CEO of Project Sunblock.

There are significant dangers, not to mention costs to brands who wake up to find their brand sitting next to something wholly inappropriate. In this podcast we outline, the scale of the problem, the implications and what the online advertising industry needs to do to adddress them.

Duncan gives his view based on Project Sunblock research on how the online advertising industry can get through the current growing pains to offer marketers a safe, regulated and transparent solution. This all comes of course on the back of the recent announcement that Google and Microsoft agreed measures to block explicit content online.

Considering using online advertising for your brand? Nervous about where your campaign might show up online? Duncan Trigg, CEO of Project Sunblock talks you through the things to watch out for.

For more related podcasts visit: http://www.itproportal.com/podcasts

Capgemini is a consultancy, technology and outsourcing consultancy. An international business with over 130 thousand people within 44 countries you might imagine that managing a business like that it quite an undertaking.

Christopher Stancombe has succeeded Hubert Giraud as CEO of the BPO – the Business Process Outsourcing Strategic Business Unit at Capgemini. So what does it take to step into a role like this within such a large organisation and how do you go about setting out your own vision when taking over the top role in a company with some interesting challenges.

Christopher Stancombe, the new CEO of the BPO Unit in Capgemini gives us an insightful talk on what he thinks makes a good CEO, the challenges of a mulit-national company and advice for anyone wishing to make similar career moves including tips on what to do when you get there!

For more related podcasts visit: http://www.itproportal.com/podcasts

One of the buzzwords of the year is of course the “Internet of Things” and in recent news Google has announced its acquisition of Nest, a provider of web-controlled thermostats.

On the podcast to discuss the significance of this is Gilad Meiri, CEO of Neura.  He recently released a whitepaper entitled “The Internet of Things – Where is the Inflection point” Gilad believes that this latest acquisition is an indication that big players in the industry are all ready to jump onto the Internet of Things bandwagon and release it's potential.

His words come with a warning however as you'll hear him inferring that Google’s move to acquire Nest is more about data gathering than anything else and that we should all be concerned about how this data is to be used in the future.

He finished by giving us an insight into Neura, a company also creating "Internet of Things" products and explains how their offerings fit into the current marketplace.

For more podcasts and related articles visit: http://www.itproportal.com/podcasts

FireEye Inc have announced their latest security release which aims to bolster email threat protection and operational readiness.

Greg Day, VP and CTO of FireEye explains the background behind the FireEye Inc. company, their operating system and the security concerns their latest release hopes to address.

In this insightful conversation Greg explains how they go about integrating their systems into those of their clients.

Knowing where attacks are coming from and how they are involving is a key part of providing security solutions and Greg Day explains their understanding of threat sources and the methods they emply to stay ahead of the game to provide their clients with the adequate protection.

Traditional signature based defence systems are old and have their drawbacks, here we find out how systems like FireEye get around this problem and how the impact of the huge raft of changes in the security industry has formed their current offerings.

 For more related podcasts visit http://www.itproportal.com/podcasts

<br />

Darren Cassidy, MD of Xerox UK joins me on this ITProPortal Podcast to talk about IT; it’s development and what it means to organizations in the current times of change.

For more related podcasts visit http://www.itproportal.com/podcast

<br />

Let’s go back in time first Darren to 75 years ago and a guy called Chester Carlson.

This year marks the 75th anniversary of Chester Carlson founding Xerox. Chester Carlson began with what at the time, was a ground-breaking piece of innovation called the photocopier. Xerox today though is a global organisation working across a vast range of products and innovations.

Obviously that changed the face of how businesses could work, they then had the ability to duplicate information on paper without the need for costly printing presses. What the equivalent is in 2014? What has been just as important to businesses over recent times as the photocopier was then?

{MPU Placeholder

Chester Carlson's aim 75 years ago was to create innovations that “make office work a little more productive and a little less tedious.” It is interesting to note that although there has been dramatic change over those 75 years, the developments of the last 5 years to the way we work have been quite profound. I think the most exciting change is the one that we are about to go into now, the age of mobility. Agility driven by innovations and technologies are fundamentally changing the way people think about work at its core.

What IT trends do you think organizations should be most concerned about as we head through 2014?

Well "Bring your Own Device" is just one dimension of it, but actually if you get up a little level from there the type of conversation that we have been having with our clients for a while now is actually around the nature of work. They are asking questions like: "What is the office of the future going to look like?" "How would we define the office of the future?" Very quickly you start to change that conversation into how is work going to get done. 

"Work is not a place any more it is a thing we do," are the sort of quotes that we are starting to hear now so the nature of work is changing. Having the physical location of an office as a fixed place that you come to every day to do your work is changing and now we are driving the four main topics that organizations have been talking to us about.

The first is that we need to be more mobile. That is not just about allowing people to work at home but about being a mobile organisation that can be at our clients office, it can be on the road, it can be in a central place where they operate or it could be at home. We need to be more mobile as an organisation within our systems, processes and infrastructure. Likewise, there is a recognition now that change is happening at such a pace that we are having to rebuild our systems to be agile. Breaking those systems down into components and rebuilding them with that agile mindset at the core as opposed to creating the legacy that we know in 5 years time might not be fit for purpose. 

If you want to be more mobile and agile, security becomes a much more important thing. Mobility and agility create potentially more risks to the information that we have in your business. Therefore security is becoming higher up on the agenda in the conversations that we have had. We have gone from a world where we have been striving and grappling with getting information and data to where honestly, now we have got more information than we know what to do with. The challenge of the future is how we inject the right information but get it at the right time and place to enable our people to do their job. Mobility, agility, security and information at the right time and place are the four huge drivers as we go forward and build the businesses of the future.

Obviously over the recent years we have had huge changes within the way that organizations manage their IT, the use of Cloud, Internet of Things and BYOD of course. Do you see that the change in recent years has actually taught us a lot about how we are developing technology going into the future and has that changed how people like Xerox design technology?

Yes definitely, we have been focused on innovation for a long time ever since Chester Carlson 75 years ago and we pride ourselves in being a company that really has innovated and created some great things.

We spend a lot of time in sessions with clients running client advisory councils  to understand what it is that we need to be innovating to make, and I go back to Chester Carlson’s quote; “ife a little bit easier in the world of the future.”

Cloud allows you to now deploy things in a completely different way with an agility that just wasn’t there five years ago. But probably the biggest thing in the last 24 months I think has been the acceptance of Cloud and actually the tablet to drive a more mobile workplace to look at how work is getting done.

If I am honest many IT systems are behind now and we need to catch up in the creation of the infrastructure that allows the workers of today to do their job in a different way. We have done a lot of work in Xerox on some of things that we think need our attention if we want to unlock this world of the future.

There are a lot companies looking into the future but we believe there is an area that people have not paid enough attention to and actually that is the role of paper. It sounds a bit simplistic I know but if we had considered paper or print as an IT asset for the last 10 years we would be seeing our world very differently now. If you think about paper, what it does very effectively is move information around your organisation. It advances processes, it actually works in the same way that other IT assets have except that it has now been thought of as an IT asset and therefore it has been separated and kept on the side. Our view is actually forensically understanding the role that paper has in our business as one of the keys to unlocking the mobile, agile, secure and information rich organization of the future.

We clearly from the world that Xerox has been operating in, think that there is not another organization in the world that knows more about the role of paper in business than our organization. We have been developing and innovating for at least the last 10 – 12 years in the digital document area and in the digital space to look at how we can help organizations to understand and then manage paper out of their business.

If you want to be mobile, but your processes are run by paper then it will require you to come into the office to sign documents. That is simply not going to work. If you really want to get the right information, at the right time, to the right place it is impossible to lift up that filing cabinet full of that wonderful information that is on paper and get it to go to work for you. There is a lot of opportunity in business now to change the way work gets done and part of that is going to be around understanding and then changing the role of paper in your processes.

You raise an interesting point because probably for the last 20 years organizations have been talking about the paperless office but in fact a lot of reports seem to suggest that actually more paper is being used now in organizations than ever before, mainly due to concerns around security. Can we ever see a paperless office do you think?

That is a good point paperless, no paper I doubt, paper less less paper yes. There have been some recent disruptive innovations in the world of mobility as I talked about the tablet but it is changing the way people are seeing things. Cloud and our understanding of Cloud and its security credentials is also changing but we will not get to paperless or even less paper, again unless we get to grips with the role paper is playing and I say it again because I think we have got a pretty good job in business in taking structured data and automated process the other sats and the oracles of this world are doing a great job across enterprises big and small around doing that the key though is our businesses are fundamentally run on unstructured data and there is more of it coming because of the information access that we have today. That unstructured data is typically moved around a process or used via paper so unless we get to grips with that and understand it truly we will not realize the opportunity there is by digitalizing that process or the communications strategies that we have and the price is a big one because the opportunity that it presents in improving he way that processes work to drive the mobile, agile, secure work of the future and the ability to get the right information to people when they need it is a big prize worth going for and it is something that we as an organization have actually recreated our offers to organize our self to go and deliver for our clients especially in the enterprise space.

It must be an ongoing conundrum to solve the issues around interfacing paper held data with digital data and managing the resource required sometimes to get one into the other domain is that a big challenge still within businesses at the moment?

It is a huge challenge but with huge opportunities. It is a big challenge because it is difficult to do both. You tend to have to run both processes parallel for a while. The good news though, is that we do for our customers. One of the opportunities that we have is that to be able to change the way that we take our offerings to market so that we can actually make this easier for organizations to do. It is our area of expertise but it’s most likely not theirs, so they should run their business and we should be able to come and add our expertise and value by engaging with them to do that type of thing.  We have now created an approach that has got three pretty defined steps process, assess and optimize the current environment.

We have got some brand new innovation coming in all those areas some that we have launched over the last 6 months and quite a lot coming in the next 6 months which demonstrate how committed we are to be a company that historically people will know as making our money out of print to being now an organization that does systematically drive to bridge the paper and digital world.

Looking at Xerox, your offices and employees and the way that you work within Xerox what are the things that you put in place to make your company run smoother that perhaps some other businesses might be able to learn from?

It is very interesting that you say that because we have had conversations about upping our game and utilizing more and more of the innovation that we are about to bring to market ahead of time partly to showcase it but partly to get our people to really understand its value. In terms of some of the basic things that we have done we have replaced paper in a number of our processes such as our expense process. Now through our technology we put our receipts into device, push an expense button on our piece of technology and it automatically routes that through into the expense work frame avoiding the need to have to physically sign bits of paper to advance the process.

We put controls over the use of paper in the process by monitoring its use and providing data intelligence to show us what has been printed and where. Also which process and application, so that we can provide hot spots of activity where we can get our team together to go and look at what it is that is causing that part of the business or that application to consume so much print of paper.

Would I say that we are using it to its fullest? No. We need to push harder in that area but there are lots and lots of examples of fundamentally changing how processes work and the way and how now we use digital formats to replace what we were doing on paper including most of our demand generation campaigns to our client base where we tend to communicate in a digital format now as opposed to a paper one.

What effect has this had on the employees at Xerox are they generally happier workers because they have the help they get from technology?

Yes, I think they are, one is it has allowed us to redesign our physical place of work so we now, like many other organisations have moved away from a physical desk to a hot desk environment where people can come in and out and have the flexibility to work.

It releases people to go and work with their clients and at home and it changes the way that they work. But, the biggest shift is the way that people bring technology into the work place and manage it; you mentioned Bring your own device. It needs to be managed well, it needs to be managed securely but actually being able to allow people to use devices that they are comfortable with at home into the office environment has been received very well.

Two final questions for your Darren - what are business customers asking you for but more importantly what should they be asking you for?

Our customers are very clearly asking us to help them print less, they have been asking us to take cost out of the printing domain forever and they are asking us to help them change their process, change the way their business works and support them to be an organization less reliant on paper to release the benefits of process automation. We are very clearly being asked to print for less but help organisations print less and we are set up to try and do that.  Interestingly in our channel business our channels are asking us to give them technologies and services that help them approach their clients in terms of printing for less.

Serving the small, medium segment of the market they are very much looking forward and asking for innovation that actually helps them work differently, print less but automate process. We need to be the company that helps businesses big and small bridge the gap between the paper and the digital world to help these organizations work in a more mobile agile and secure rich way.

Real Networks are a long standing company who have most recently launched a new App called Listen that allows users to customise their ringback tones, the sound that a caller receives down the line when they are waiting for a call to be answered. On the face of it, this might appear to be a bit of a gimmick with no place within business but we’ll talk about the possible applications within business for promotional messages and revenue generation.

Richard Jackson, Muzicall founder and VP of Sales is here to tell us more.

For related articles and podcasts visit: http://www.itproportal.com

<br />

First of all Richard, for those who might not be familiar with the relationship between Muzicall and RealNetworks, give us the background story?

RealNetworks has been around for many years. Basically if you have ever watched a video on a PC you have used one of their products called Realplayer and they were the inventor of streaming video services for the Internet. An entrepreneur called Robert Glaser founded it and he is still our interim CEO based over in Seattle. They have expanded worldwide into music services, streaming services and part of that remit was the mobile entertainment division, which is where you will find me. We are responsible for music mobile service that we offer through mobile operators. They recently purchased my company called Muzicall back in July here in the UK so Muzicall has been amalgamated into RealNetworks. What we were doing is a very strong focus on ring back tones in Europe and Realnetworks also do that so we compliment each other very well.

Starting with the basics then, explain what a ring back tone is and how you’re able to use it?

The ring back tone is the sound you hear in your ear when you call somebody on a telephone before the call is answered. Typically in this country in the UK it is a “burr burr” sound which is called an ITU ring back tone very technical, very boring and it has been around ever since the telephone was invented to basically tell somebody who is making a phone call that something is happening at the other end rather than just dead silences. What a ring back tone service does, is offer the ability for people to change that “burr burr” sound for anything they want it to be. It is just an audio signal; therefore you can change it to music or to messages or greetings or whatever you want.

We’ll talk in detail about the features of the ‘Listen’ app and how they can be applied to business but primarily what is the target market for this sort of technology?

The market is basically anybody with a mobile phone so this is very much a mobile service, not a landline service. Typically a ring back tone is seen as a personalisation service so it is a way of personalising your mobile phone to another level so as people call you, you can share music that you love with your friends and with your colleagues and with your family. It is a personalization service appealing to the teens - late 20’s market for music but we do have users who are outside of those brackets using it as well.

The worldwide market today is about 4 billion dollars for revenue for mobile operators for ring back tone services but I think that is the tip of the iceberg as to where we have got with it so far. The service has been around for about 10 years so some would say why has it not taken off and I think the reason for that is that what makes it work is quite technical behind the scenes and therefore to make it activate and to switch it on and off is quite difficult. Whereas phones in the past were not very user friendly for those types of services, obviously Smartphones’make the user interface very easy, very intuitive with pictures, colour and everything you want. RealNetworks has come up with a product which basically allows the user to control this service much, much more easily than it the past and we have called it “Listen.”

Well of course we have alluded to the fact that there is more to it than simply paying music instead of tones how about some of the more advanced options that this offers?

It is in a sense like a sort of virtual switchboard. It is an App that allows you to manage your mobile phone’s inbound calls so obviously for people that call you a lot and your family and friends it can be doing certain types of music, for example. For your work colleagues it can be play status messages such as “I am in a meeting” etc and there are other abilities to set up like special holidays so you could set up on St Georges’ day you could play the national anthem , on Valentine’s Day you could play a special message to the person that is close to you and for your family you can put in automatic birthdays so even if you forget your mother’s birthday, when she phones you to tick you off she gets the automatic happy birthday message played to her!

Presumably you don’t want to answer your phone too quickly if you’ve added this customisation service?

You are right the service stops the moment you press the button to connect the call but having been offering ring back tone services for many years here in the UK and across Europe typically the average play time is about 10 seconds. Also most calls go to voicemail after 20 seconds so the typical play time for the ring back tone is 10 seconds in the UK. We have got years of historical data to prove that so as much as you may make a phone call and you start hearing the ring back tone there are sometimes very small delays before the mobile phone you are calling starts to vibrate or ring so typically you have heard 4 rings in your ear before the person answers the phone.

Describe then in a little more detail the process I would go through to sign up to this service and how does it work with my phone to achieve the ring back tone customisations?

Basically you download the App from Google play or the Apple store. The App is free to download and the first thing the App does is starts interrogating the call log on your phone to actually understand who the people are that call you the most. Then it suggests through an intuitive screen of pictures and icons whether you want to set something up for those individuals and it also has an ability to look at the type of music you have within your phone and then suggest and take you to the store front to actually purchase additional music to play to your callers based upon the taste in music that is sitting on the phone.

Once you have got that, there is a widget within that as people call you, their picture pops up on the screen and it clearly shows you what you are playing to them and then you answer the call. There are also lots of features to allow people to select what they want to hear from your service. There is a service called let them choose, let them select and you can actually send messages to your contacts to inform them that you have set up X, Y and Z up for them when they call you. So it is an intuitive, easy to use service.  Typically ring back tones over the years are a service you set up and you usually forget you have got it. What listen does is it constantly reminds you that you have this service so it is easy therefore to personalize and change and adjust what you have set up. Therefore this service becomes a sort of front running service that you are aware is running on your phone on a daily basis.

What sort of controls or freedom does the user have over the audio they can use on those ring back tones?

These pieces of audio are not stored on your phone they are actually stored on the mobile operators network. From a music perspective there are no digital rights that can be infringed because people cannot cannibalise it or re-use it because it is never delivered to the phone. The other angle is that the mobile operators are actually having a serious amount of control over this service as a value added service they can market and sell to their clients. This prevents users from side lining the mobile operators for ring tone revenue. Ring back time revenue has got to go through the mobile operator so therefore it is great opportunity for a mobile operator to partner with RealNetworks to gain revenue for a service that is very much mobile focused.

Obviously this has real appeal has a fashionable gadget for consumer mobile phone users. But how about business applications, is this being used for commercial messaging promotions and those kind of messages and how can business potentially use this as an income stream?

Yes and over the past we have done some trials with not just only commercial messages whereby commercial organizations personalize their mobile phones for promotional activities we have also run some advertising trials where people endorse brands based upon a revenue share with a brand to endorse brands and use a promotional tool. When you look at the numbers if you take worldwide there are about 18 billion inbound mobile calls every single day. If you take that average of 10 seconds what you have got there is about 2 billion minutes every single day that today is uncapped audio inventory and if you think of commercial radio you think of internet radio and how they have a monetizing revenue model and look at 2 billion minutes which somebody told me the other day was 388 years. You have 388 years of time every single day going to waste therefore yes it can be used for commercial usage and it can be used to brand endorse, advertise and it can be used to play music and it can be used to play ring tones the ring back tone that you hear today. It is the choices as subscribers as to what they want to do with it.

On the face of it this looks like a bit of fun but underneath lurks some quite powerful business uses as well. Is it difficult to get an app noticed in such a saturated market? How do you get people to understand and buy in to an App given the huge range of choice available?

It is difficult because today how do people sell let apps usually it is through word of mouth, people say oh have you seen this latest app so therefore obviously one thing this does is when you call somebody and somebody hears music they say how did you get that that’s cool and therefore itself promotes itself and I suppose it is an overused term getting it to go viral like a video on Utube is usually what you want it to do but what we do is we do advertising through mobile channels whether they be in centre channels or a thousand channels to basically to market and promote the service with special pieces of music , people click on the banners , they can download the app for free and they can use it on a free trial for 30 days to see if they like it and if they don’t like it then they pay nothing but if they want to keep the service then they pay £2.49 per month to have the ability to play as many messages as they like to their inbound callers. As much as you go back to the ring tone market where £2.40 per month was certainly not the revenue model that the ring tone market had but that is the revenue for the ring back tone market.

Many organisations take proactive steps to prevent hackers from gaining access to company networks, believing that by keeping the information safely inside it¹s secure. What companies forget is that IT administrators, with unfettered access to company information, are in an ideal position to leak sensitive information.

Jason Thompson, Director of Global Marketing from SSH Security is here to talk about the need for SSH key management to close security holes and control system administrators access to critical systems and data.

For related articles and podcasts visit: http://www.itproportal.com

<br />

Jason, you’ve been doing some research recently into how organisations can address these problems, give us the background of how this study came about and what the actual depth of the problem is here?

We have been working on this secure shell environment since we invented the protocol back in 1995/96 The secure shell protocol has been around for quite some time and it has been a trusted workhorse for encrypted data and transit communications and from that standpoint we have deploying our product across the Linux / Unix platform as well as main frame and windows. In addition to that SSH is an open source protocol so it is widely used and is distributed with every version of Linux and Unix and is sold other machines as well. There are millions of deployments of SSH throughout the world.

Over time SSH has done its job to definitely secure the pathways to information assets to make sure that there is a secure encrypted channel between two machines or to allow remote access to a server to do work on that server and in an encrypted fashion. What has happened over a period of time is that the access controls to these millions of deployments by the server in the organizations and how you gain access to those encrypted channels and in many cases a key. In many cases there could be one key or there could be many keys and in some organizations we found that there were millions of keys to the high levels of administrative access to various servers throughout the environment. What that was creating as wells as a compliance issue was obviously a security issue where if anyone were to get hold of one of those keys then they would be able to gain access a wide swab of the organizations servers and potentially do a lot of damage to the organization. So we went back into our customer base and others using open SSH looking initially at the economic costs and challenges of managing these keys.  This was substantial into millions of dollars and really there was no ability to rotate and remove the keys so that was a provisioning cost of several million a year. Out of that was a significant security risk that was created by a lack of identity of the access management control inside of the organizations. In one instance an organization that we went into we asked them how many keys you have in your environment and how many do you think you have and they estimated maybe 500,000 but they had 1.5 million. We asked them how many of those 500,000 do you consider should have high level of privilege access and they said that they didn’t think that any of them should and it ended up that about 10% of them did. So what we learnt from our customer base is that this is a widespread problem that really has become a real risk and now the compliance organizations are all coming to us and asking us to help them write updates to their current guidelines to help address this. Also to come with best practices so that we can help organizations better secure their encrypted channels so that people can’t get control of those really vital networks and do damage to the organization or steal critical information assets.

The numbers quoted of unidentified people with access are huge and this much represent a really difficult situation to manage if organisations are realizing this now for the first time?

It really is an uncontrolled environment and this is the challenge because when SSH was developed and deployed especially because of its open source setup, individual groups and administrators used it mostly as a plumbing layer type solution. So over time you have these silos in organizations who were all managing deploying keys to gain access to servers on their own and there was no centralized control or management so the proliferation of this kind of attack happened over a decade. Now because of the existence of advanced persistent threats and the idea that the perimeter is not going to be 100% secure we know we need to implement a zero trust model inside the environment. We know that we need to make sure that inside of our organizations for security and also for compliance purposes that we are able to restrict and control who has access to what information and also who can provision, remove and rotate the keys and those types of things are really critical.

You mention the recent ‘Edward Snowden’ case as an example of how administrators can pose a risk to security in this way. Given that understanding how the threat is deployed helps to find solutions, how do administrators compromise security in this way and how can understanding that method help identify what is missing and how to deal with it?

I don’t actually know what happening with that particular case, the details will come out in the course of the ongoing criminal investigation. But I can tell you about a potential way an attack can occur though and that would be to effectively go into and environment and use a key that had a broad range and level to it and then once you have access to that you can then use that key to access an encrypted channel and move throughout the environment. You then have privileges that enable you to take information out. Because it is an encrypted channel you are basically able to pull that information out and you are going to blind any sort of security operation or forensics teams as to what you have done. So that is one way that someone could pull a tremendous amount of information out of an organization like the Department of State without being noticed because they are going to be using an encrypted channel. Part of our platform in addition to the key management is a solution that is in the middle, which actually utilizes the key so that an authentication error drops into what we call a ‘crypto monitor.’ We can actually then inspect the traffic and provide contacts to the identity inside the network.

The key here in the Snowden case is that yes that person is probably authenticated with the strong authentication but the organization in this case, the Department of State was not able to understand what the identity was doing inside the environment and they were not able to provide context and because it was an IT administrator using an encrypted channel they were blinded.

So really there needs to be solution in place that allows the organization to strip back who has access to what, that would be the key access management control side but also would be to actually be able to monitor what that individual is doing while they are transacting with the network. We call that security intelligence and the IT world where we provide that intelligence in real time. So if a guy is pulling out files at 2am until 5am this is the kind of activity we need to shut down in order to do an investigation.  In this case that was not possible so the person who put that information on to a computer and flies to Hong Kong at that point it is outside the grasp of who did what and to whom and when. Those are the critical things that are missing.

What is awareness like in industry about this, is it a case of educating IT departments around the risks that this problem presents?

It depends who you are talking to in the organization, in some cases they don’t know but if you talk to a Unix / Linux admin they would tell you that yes they had known about the problem for a long time but no one has said anything about it on the upper levels so we are not really concerned about it until someone says something.

As you get into the compliance side you see people a little bit more concerned because of the compliance issues and the risk as well   As you get higher up in the organization you get the feeling that they are almost unaware of this problem largely because it doesn’t appear broken. There is no compliance mandate that is required there will be compliance mandates coming out towards the end of this year which will give these organizations about 9-18 months to comply with it. Those are really the triggers that build awareness of the things that are going to happen to you. I think if we talk to some customers who tend to be the financial institutions and they are really worried about credit cards being stolen and anything that can pose a threat to even a part of their business, these early adopters are looking at it from a stand point of we have a security issue which we need to resolve and that is happening in the financial institutions these problems are coming in the top 10 – 15 projects for organizations, which if you are huge bank it is pretty high up there.

So for the early adopters who see themselves to be at the greatest risk for the most severe attacks they are aware of it and it is really getting harder talking to the broader group of users out there is the world and getting them to recognize that you need to control access to your privileged users and internal users in the same manner you control access to your office administrators who have very limited access to your organization and the message is now getting out there.