Have crimes been committed against Google in China? Forcing Google to improve its self-defense and be willing to fight

The official Google blog has a post titled “A new approach to China.”  And, after reading you could say Google has been a victim of a crime trying to steal intellectual property.  But what does Google do?

A new approach to China

1/12/2010 03:00:00 PM

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.


First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.


Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.


Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

Google has taken action by improving its self – defense skills.

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers.

And, they have taken the action of drawing international attention to the crime.

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech.

Which is common with environmental groups who draw public attention.

Google’s blog has 619k subscribers.

image

I would bet Google has chosen this issue as a battle to prove its motto “do no evil.”  And, Google probably knows it couldn’t fairly compete against Baidu.

Read more

2010 a year of change?

Happy New Year!

As we start the New Year there are many who look at 2009 as a year to forget.  StorageMojo has his top 2009 stories post, but what I like best is his last points.

The StorageMojo take
Like a termite-riddled barn after a heavy snow, the Great Recession is seeing old models collapse. We can’t afford to keep doing what we’ve been doing.

As the new models emerge, competition will grow in the hot areas, leading to even more innovation in the next 3 years than we’ve seen in the last 5. More on that in a future post.

I agree 2010 will have even more innovation.

So far most of the green data center efforts have held on to old models and tried to make them greener.  Now it is time to cast off the old models and look for new models to be green when resource consumption (carbon impact and water) is a top priority.

As the year develops I’ll be making announcements of changes GreenM3 is making in what I write about.  2010 is going to be an exciting year.

Read more

Economist article on IT systems effect on the financial crisis

Economist has an article on the relationship of IT system and the financial crises.

The article starts by pointing out financial services spends $500 billion globally annually on IT, according to Gartner.

Banks and information technology

Silo but deadly

Dec 3rd 2009
From The Economist print edition

Messy IT systems are a neglected aspect of the financial crisis

NO INDUSTRY spends more on information technology (IT) than financial services: about $500 billion globally, more than a fifth of the total (see chart). Many of the world’s computers, networking and storage systems live in the huge data centres run by banks. “Banks are essentially technology firms,” says Hugo Banziger, chief risk officer at Deutsche Bank. Yet the role of IT in the crisis is barely discussed.

The point of the article is the silos of IT made it difficult to see the overall risk.

This fragmented IT landscape made it exceedingly difficult to track a bank’s overall risk exposure before and during the crisis. Mainly as a result of the Basel 2 capital accords, many banks had put in new systems to calculate their aggregate exposure. Royal Bank of Scotland (RBS) spent more than $100m to comply with Basel 2. But in most cases the aggregate risk was only calculated once a day and some figures were not worth the pixels they were made of.

During the turmoil many banks had to carry out big fact-finding missions to see where they stood. “Answering such questions as ‘What is my exposure to this counterparty?’ should take minutes. But it often took hours, if not days,” says Peyman Mestchian, managing partner at Chartis Research, an advisory firm. Insiders at Lehman Brothers say its European arm lacked an integrated picture of its risk position in the days running up to its demise.

But is IT really the cause or its the people who refuse to work with other groups?  IT has grows so large because users want to own the data systems, as information is power.   As the economist points out the problem was discovery of issues across systems.

During the turmoil many banks had to carry out big fact-finding missions to see where they stood. “Answering such questions as ‘What is my exposure to this counterparty?’ should take minutes. But it often took hours, if not days,” says Peyman Mestchian, managing partner at Chartis Research, an advisory firm. Insiders at Lehman Brothers say its European arm lacked an integrated picture of its risk position in the days running up to its demise.

Due to the power of IT industry, people focus on going faster.

But many other banks are still in firefighting mode, says Mr Mestchian. Much of the money invested in IT still goes into making things faster rather than more transparent.

The change needed in IT is to think more about transparency of their systems and how they work with other systems.  This is will happen as social software systems permeate more of IT.  The old term was collaboration, now it is is social software/networking.

Imagine if twitter and facebook worked in a financial systems IT systems.  Could you discover issues faster?

Read more

Oregon State Data Center, learns from its first data center, a bit of humor

Saw this Oregon article about Oregon’s state data center.  I started reading expecting to hear interesting data center ideas, but I started to laugh as it was humorous to see this was Oregon state's first true data center and they thought they could run a data center with unqualified staff and they could do server consolidation across organizational boundaries.

Here is the background.

The Lesson from Oregon's Data Center: Don't Promise Too Much

12/04/2009

State governments across the country are making big changes in their IT departments. They're centralizing their own state data systems in a push to save money. The state of Washington is building a $300 million data center in Olympia. Oregon undertook a similar project a few years ago, but it's been criticized for failing to produce the promised financial savings. Salem Correspondent Chris Lehman found lessons from Oregon.

The State Data Center is a generic looking office building on the edge of Salem. Inside are the digital nerve centers of 10 state agencies, including Human Services, Corrections and Transportation. This mammoth information repository is so sensitive, you can't get very far before you get to something that operations manager Brian Nealy calls the "man trap." It's kind of like an air lock, you have to clear one set of doors before you can get through the next set.

And the story continues.

They have a physical security system.

Bryan Nealy: "You'll notice there are card readers on every door in the secure part of the data center. That way we can give people access only to the areas they need to go into. It's very granular as far as where people can get. This is the command center. This is manned 24–7, 365."

Yet, their goal was to consolidate across agencies which would cause huge workflow and security problems.

Koreski says the original business case for this $63 million facility made assumptions that turned out to be impractical. For example, planners figured they could combine servers from different agencies just by putting them under the same roof. But that's not what happened. Koreski says you can't do the two things at once: physically move the servers and combine their functions.

Due to this assumption they promised a cost savings.

Three years after it opened, data managers are still trying to reduce the number of physical machines at the Oregon Data Center. That ongoing work is one of the reasons Data Center Director John Koreski concedes the facility isn't on track to meet the original goal of saving the state money within the first five years.

John Koreski: "It's not even close."

So, data center operations is dancing to show they didn’t save money, but they did reduce future costs.

And that change has meant the economies of scale haven't materialized as fast as once thought. Koreski took the reigns of the Data Center in January. His predecessor left after a scathing audit from the Oregon Secretary of State's office last year. It said, quote, "It is unlikely that the anticipated savings will occur." But Director Koreski insists the Data Center is saving the state money.

John Koreski: "What our consolidation efforts resulted in was a cost avoidance, as opposed to a true cost savings where we actually wrote a check back to the Legislature."

Luckily Intel and Moore’s law saved their ass even though they are making it seem like the data center addresses budget issues.

In other words, Koreski says the Data Center is growing its capacity at a faster rate than it's growing its budget. That explanation computes for at least one analyst. Bob Cummings works in the Legislative Fiscal Office. It's his job to make sure the numbers add up for major state technology projects. He jumped into the Data Center fray as soon as he was hired last summer, and what Cummings found shocked him.

The Legislative Fiscal office faults the rationale for the data center as bullshit.

Bob Cummings: "It was the right thing to do. However, the rationale for doing it, and the baseline cost estimates and stuff for doing it, were all b–––––––. They were all wrong. They were all low."

Then it gets funnier.

Cummings says the state of Oregon failed to take into account one key detail: Washington already had a data center and is building a bigger one. In Oregon, no one with the state had ever run a Data Center before.

We have never done this before, but our first try was a great job.

Bob Cummings: "I mean, we had to build everything from scratch. And by the way, we did a great job of building a data center but didn't have anybody to run it, didn't have any procedures, no methods. We outsourced to a non–existent organization."

These guys are amateurs.

Oregon Department of Administrative Services Director Scott Harra echoed this in his response to the Secretary of State's audit. Harra wrote that the consolidation effort was hampered because it required skills and experience that did not previously exist in Oregon's state government. After last year's audit, Democratic State Representative Chuck Riley led a hearing that looked into the Data Center. He says he's convinced Data Center managers are saving the state money, but:

Rep. Chuck Riley: "The question is, did they meet their goals. And the answer is basically no, they didn't meet their goals. They over promised."

And that's the basic message Riley and others have for developers of Washington's data center: Keep expectations realistic. I'm Chris Lehman in Salem.

So, for all of you looking at Oregon for a state to put a data center. You can skip a trip to the Oregon state data center as I doubt you will hear this story.  Although it would be entertaining to hear an Oregon politician explain data center operations.

Read more

Why I didn’t live blog the Gartner data center conference

Originally I intended to live blog the Gartner to make observations.  I’ll write another post on the three things i got out of the event.

But for now here are the three reason I didn’t live blog the event.

  1. No photography is allowed.  If I can’t take pictures of presentation slides and the event, the content is much less interesting.  It is quicker and more effective to use pictures.
  2. Given Gartner’s protection of their IP and how they wanted their copyrights respected.  I was constantly asking what could I write about and not violate their copyright?  Safest thing was to not say much.  There were only 3 other media companies there, so there isn’t much media coverage.
  3. I found I wasn’t learning new things as much as hearing validation of ideas I have discussed in blog entries or personally.  So, what is the value of saying Gartner validated a concept discussed months if not years earlier?

So, I spent more time building my social network and met some great people that will help me write future blog entries.

Part of Gartner’s value is its social/business network of resources.  And for mass research, they are tops in IT.

What I did discover is the social network of innovative thinkers I get to discuss ideas with are 2 – 5 years ahead of Gartner. 

If you are going to smaller, you better be faster.

Read more