But a big impediment in adopting cyber-infrastructure in most jurisdictions is the lack of financial incentives. The energy savings of cyber-infrastructure are usually earned by the facilities or estates department or rarely based on to researchers and educators. But initiatives like national Green Revolving Funds, funded by the national government such as the 10 million Salix pound program in the UK, and JISC/JANET programs to promote clouds, outsourcing and Green IT are starting to make a difference. More importantly universities such as Cambridge are developing programs to pass on energy savings to individual departments^†.

Another great example is the public-private partnership of London University and UNIT4 to offer shared outsourcing services to UK universities, as well as the recent JANET cloud brokering offering.

If these collocated facilities use green or renewable power, the carbon/energy savings for a university can be significantly greater than more traditional energy saving schemes such as changing light bulbs or adding insulation. Of course, advanced high speed R&E networks supporting Software Defined Networks and Hybrid optical backbones are critical for this vision.

Ultimately I think such initiatives can entirely underwrite the cost of such advanced networks by making Green Revolving Funds aware of the huge energy savings available by integrating advanced networks with clouds and outsourcing. Kudos to JISC/JANET for these forward thinking services.

^† Cambridge Shared Savings – A new case study from the JISC-funded RECSO Project, managed by Forum for the Future with inputs from SusteIT, describes the background, aims and working of the Electricity Incentive Scheme (EIS) that Cambridge University implemented in 2008/09 and has since developed. The Scheme encourages consumers of electricity across the University to maximise their energy efficiency through a system of financial incentives (both rewards and penalties) at a departmental level. It thus achieves the benefits of fully devolved energy budgets without the administrative and managerial implications that this could have involved. The Scheme saved an estimated £820,000 in energy costs in its first year. Although not targeted at ICT, it obviously provides general incentives to tackle its energy use — as evidenced by an Appendix which details how the scheme helped stimulate an innovative green data centre (PUE approaching 1.1) in the Department of Engineering (also featured in the presentations from our September 2011 workshop at Cambridge). (PDF)

Written by Bill St. Arnaud , Green IT Networking Consultant

In recent years, GRFs have become increasingly popular on campuses in the United States and Canada. The funds operate and are managed by the university, with loans issued to university departments or campus groups. As of February 2011, there were 52 active green revolving funds in the United States and Canada. These funds were traditionally earmarked for energy efficiency applications like changing light bulbs or boilers. But increasingly they are now being used for IT applications.

Most green initiatives involve ICT in some form or another. A good example is Iowa State University that borrowed $300 from the university GRF to install energy saving software on over 500 computers, which is projected to result in over $49,000 in annual energy savings for the university.

One GRF model, that is gaining popularity, is national or state based GRF funds like Salix in the UK which received over $10m pounds from the UK government. These funds are also being targeted to support IT energy reduction as for example the recent funding of 2 million pounds to University of St. Andrews.

Another model, that is being explored is where the NREN operates a national GRF, sponsored by the national/state government or collectively on behalf of the institutions. Network membership or users fees can then be deducted against the fund, if the institution undertakes activities to reduce their IT energy impact through the use of clouds, remote collocation, offloading campus network management, content peering and other such services.

CANARIE, through the Greenstar program in partnership with the Canadian Standards Association has developed process and procedures on measuring the detailed energy costs savings that are possible through such arrangements.

Some pointers:
Good Overview of Green Revolving Funds
JISC white paper: Using IT to go green at universities & revolving green funds: briefing paper
CANARIE-Greenstar-CSA document

Written by Bill St. Arnaud , Green IT Networking Consultant

Registry Services

In this instalment, we will explore the core functions of a registry. Being the registry operator for a TLD means offering services in conjunction with the TLD. While the registry can offer a variety of services, ICANN provides guidance on what constitute registry services:

1. those services that are both:
   
   1. operations of the registry critical to the following tasks: the receipt of data from registrars concerning registrations of domain names and name servers; provision to registrars of status information relating to the zone servers for the TLD; dissemination of TLD zone files; operation of the registry zone servers; and dissemination of contact and other information concerning domain name server registrations in the TLD as required by the Registry Agreement; and
   2. provided by the Registry Operator as of the Effective Date of the Registry Agreement, as the case may be;
2. other products or services that the Registry Operator is required to provide because of the establishment of a Consensus Policy (as defined above);
3. any other products or services that only a registry operator is capable of providing, by reason of its designation as the registry operator;
4. and material changes to any Registry Service within the scope of (A), (B) or (C) above. (Definition comes from .NET Agreement, as specified by the ICANN Board on 8 November 2005, http://www.icann.org/minutes/resolutions-08nov05.htm).

The guidebook cites some customary services:

1. Receipt of data from registrars concerning registration of domain names and name servers.
2. Dissemination of TLD zone files.
3. Dissemination of contact or other information concerning domain name registrations (Whois service).
4. Internationalized Domain Names, where offered.
5. DNS Security Extensions (DNSSEC).

which roughly translates to EPP, DNS, Whois, IDN and DNSSEC — the core well-known services.

Mapping it out

It helps to think about the registry in two parts: provisioning and publication.

	Provisioning	Publication
Customary Service Categories	1, 4, 5	2, 3
Services	EPP Policies IDN rules DNSSEC signing	DNS Whois Zone File Access Bulk Registration Data Access

Or, thinking in terms of an Input/output paradigm, the "Provisioning" subsystem, as we call it at Cloud Registry, encompasses the "input" and "processing" part of the equation; the "Publication" subsystem correponds to the "output" of a registry.

Why Should Applicants Care?

While all TLDs essentially perform the same core functions of accepting registrations and publishing info onto the DNS and Whois, etc., this is one of the main areas in which a gTLD applicant can distinguish itself from the competition.

Registry services are mostly covered by Question 23 of the Applicant Guidebook. Being a non-scoring question, applicants may defer to their technical operator to provide a boilerplate response. While likely to be safe, this will lead to a very unimaginative registry.

At the other end of the spectrum, applicants should be mindful of the Registry Services Review and not trigger an extended evaluation by RSTEP, which will incur additional costs and delay to the application approval process.

What about Critical Registry Functions?

Some have expressed confusion between registry services and the "five critical functions of a registry" stated in the guidebook: DNS, SRS, Whois, data escrow, DNSSEC. It's important to note that critical registry functions is a tangential topic that is mostly related to continuity and registrant protection in the event of a potential continuity threat.

Examples of Other Registry Services

Following are some examples of registry services beyond the basics:

• name reservation and correponding release / allocation plan
• registry lock service
• grace periods
• registrant verification or nexus requirements
• enhanced rights protection mechanisms
• any non-standard form of access to registry data offered to other parties such as law enforcements

The registry services offered by a TLD is a defining attribute, and should be one of the key strategies for any would-be applicant.

They tried and failed with UBB. Now they are at it again with "speed boost" technologies. The two technologies at question are Verizon's "Turbo” service and Roger's "SpeedBoost”. There are very few technical details, but it appears in the former case that users will be able to purchase additional instantaneous bandwidth to the detriment of other users on the same shared service. Whether this will make a difference to actual throughput is another matter because the slow video may be due to server problems and not network congestion. And if you are in elevator with very poor connectivity, you will unlikely get any faster download speed, no matter how many times you press the turbo button. But will Verizon give you a credit if you don't get the advertised speed boost? I doubt it. Similarly the Rogers' service, while still free, seems to imply faster speeds if they detect you are streaming a video, particularly from their own on-line service. Will users who are not streaming video, but using other real time applications get the same benefit such as VoIP or Telepresence? I doubt it.

The carriers continue to have this brain dead idea that bandwidth is a scarce resource — which is only true to the extent that were the ones who created this artificial scarcity. Building a business case around an artificial scarcity is as stupid as trying to make a premium market from air we breathe. Customers aren't interested in buying bandwidth or quality of service to enhance their user experience. Just as with electricity they want and expect that just about any appliance or application will simply work — with no need for special speed boosts and other gimmicks. Imagine negotiating with the electric utility for a little extra power when you needed to turn on your stove or TV.

It is last mile packet loss which has the biggest impact on the customer's user experience — NOT bandwidth or congestion. The Internet (TCP/IP) is designed so that packet loss is used as a signaling tool to reduce packet throughput. Regardless of where the packet loss occurs the Internet is designed to slow down any data stream, that is affected by a lost packet. However the rate to which a data stream is slowed down is greatly dependent on distance. This is why moving caching boxes as close as possible to the user affects end-to- end throughput, particularly if there is ongoing packet loss.

Although bandwidth and congestion can be a factors affecting packet loss, there are much more clever ways of reducing the impact of packet loss, especially in wireless environments. There are two much simpler solutions. The first is to locate caching/cloud servers as close as possible to the end users. Something that companies like Akamai and Google do already — at no charge to the carrier. Decreasing wireless distance from the wireless node is the other critical factor. This is why integrating WiFi with 3G/4G is so important.

A good example of a carrier that "gets it" is Free.FR in France. Free.FR is redefining what the idea of a carrier in the 21st century is, thanks to these innovations I have been talking about and pioneered by R&E networks like SURFnet. Integrating a blend of Wi-Fi, 3G and its all-fiber backbone, Free will offer unlimited voice, texting and data over the mobile networks. Free.fr deploys their own set-top box for automatically sharing a portion of one's broadband connection via Wi-Fi with other Free.fr customers. Over five million set-top boxes means Free.fr has a free Wi-Fi cloud covering major cities such as Paris. Even when away from home, you can easily get broadband instead of resorting to an expensive 3G network. Their set top box will also allow extreme local caching, to further enhance the user mobile experience. This is the future of broadband. Not silly gimmicks like TurboBoost or SpeedBoost.

Written by Bill St. Arnaud , Green IT Networking Consultant

Cloud computing systems are complex, in the same way that nuclear power stations are complex — they also have catastrophic failure modes, but given cloud providers rely heavily on their reputations they go to great lengths to ensure continuity of service (I was previously the technical program manager for Google's global tape backup program so I appreciate this first hand). The best analogies to flash crashes are autoscaling systems making too many (or too few) resources available and spot price spikes, but these are isolated and there are simple ways to mitigate the risk (DDoS protection, market limits, etc.)

Fortunately this complexity is concealed behind well defined interfaces — indeed the term "cloud" itself comes from network diagrams in which complex interconnecting networks became the responsibility of service providers and were concealed by a cloud outline. Cloud computing is, simply, the delivery of information technology as a service rather than a product, and like other utility services there is a clear demarcation point (the first socket for telephones, the meter for electricity and the user or machine interface for computing).

Everything on the far side of the demarcation point is the responsibility of the provider, and users often don't even know (nor do they need to know) how the services actually work — it could be an army of monkeys at typewriters for all they care. Granted it's often beneficial to have some visibility into how the services are provided (in the same way that we want to know our phone lines are secure and power is clean), but we've developed specifications like CloudAudit to improve transparency.

Making simple topics complex is easy — what's hard is making complex topics simple. We should be working to make cloud computing as approachable as possible, and drawing attention to its complexity does not further that aim. Sure there are communities of practitioners who need to know how it all works (and James is addressing that community via GigaOm), but consumers of cloud services should finally be enabled to apply information technology to business problems, without unnecessary complexity.

If you find yourself using complex terminology or unnecessary acronyms (e.g. anything ending with *aaS) then ask yourself if you're not part of the problem rather than part of the solution.

Written by Sam Johnston, Director, Cloud & IT Services at Equinix

The DoE probably supports the largest concentration of HPC facilities in the world. I agree with the report that for traditional applications such as computational chemistry, astrophysics, etc. will still need large HPC facilities. But traditional computational intensive applications are becoming a niche market and increasingly many of these applications can now run on specialized commercial "HPC" clouds as for example Nimbix.

The biggest growth in demand for computing is not in computational intensive modeling but data intensive processing. New disciplines such as Astroinformatics, Matinformatics (real-time chemical analysis), Systems biology, Meta-genomics, Computational history, computational linguistics, etc. are the driving force for research computing. Most of these data intensive applications are loosely coupled and are ideally suited for using clouds.

While the growth of data intensive science and use of clouds is well recognized, it is still ongoing debate whether researchers should use in-house clouds or commercial facilities. The DoE report did an extensive analysis on the cost of commercial clouds versus in-house facilities. They compared the cost per compute core of an in-house facility versus that of a commercial provider. While I may argue with some of the assumptions in their analysis: for example they did not include cost of money or real estate in their analysis, nor did they use much lower spot market for commercial cloud pricing, I still agree that, in the near term, commercial clouds will be marginally more expensive than in-house facilities.

From a funding agency perspective, however, there is huge advantage of promoting commercial clouds over an in-house facility. Despite the higher per core costs, the elimination of up-front capital costs of using a commercial cloud is incredibly significant, especially in this time period of fiscal constraint. Any capital expenses that can be delayed or eliminated, and yet not impact the quality of the research, has a huge cost benefit to funding agencies. This is also advantageous to the researcher as well. Usually it takes several years to make a proposal, get approval, acquire and install a large HPC facility. With commercial clouds a researcher can start immediately to undertake their computational research. The upfront cost is very small and their time to market (i.e. publishing the results) can be much faster with a commercial facility. In fact some commercial clouds like Amazon and Azure offer a free pilot service to allow researchers and businesses to migrate their software to the cloud and shake out any possible kinks in their software.

With a commercial facility researchers can scale their application as warranted without incurring any additional capital costs. There is no need for peer review to determine the resources that may be made available to the researcher. More importantly, because the incremental per core costs are very small, many other venues for funding for the computation facility are available, as opposed to the limited funding channels available for the purchase of an in-house facility. For example, some commercial organizations will broker their cloud infrastructure for little or no cost to university researchers, as opposed to commercial users. Many R&E networks are also negotiating significant bulk discounts for commercial cloud services on behalf of the R&E community.

Written by Bill St. Arnaud , Green IT Networking Consultant

2011 has been a significant year for the technology sector globally. Information technology is touching more people in more ways than ever before.

Developed markets will be considering a 2012 in which business innovation, competitiveness, and service differentiation are built on ubiquitous broadband, cloud computing, smarter mobile computing, and an increasing plethora of Internet-connected devices. By contrast, securing the technology future for developing markets demands that attention be placed on more fundamental issues.

Here are five key tech issues for the emerging markets in 2012.

Internet Infrastructure

The build-out of critical Internet infrastructure is critical to economic diversification and sustainable development. Initiatives to improve routing of domestic Internet traffic and provide new, more optimal routes for regional Internet traffic must be accelerated through the build-out of Internet exchange points (IXPs). One top of the exchange points must come expanded terrestrial and mobile broadband networks.

Implications: Internet service providers (ISPs), governments, and businesses must work together for a faster roll-out of national and regional infrastructure. This is the key to unleashing ICT-based innovations and spurring the market for digital content and mobile service delivery.

Incentive Regulation

The agenda for infrastructure development must be guided by informed government policy. This is particularly crucial in smaller economies where market size does not present sufficient incentive for private sector investment. Incentive regulation to improve the current weak frameworks for stimulating growth and protecting consumer interest in the ICT sector will be demanded by the private sector. At the same time, governments will increasingly recognize that national benefits of ICT-enabled growth are too important to leave to the private sector to set the implementation agenda. More stakeholders will call for ICT adoption to be set within a wider context of national development.

Implications: Regulators have to adapt more quickly to technology changes. They must take the lead in ensuring that market forces align to social development objectives. Done well, this can translate to increased business innovation, improved delivery of government services, and greater consumer choice.

Cybersecurity

Cybercrime will increasingly challenge resource-constrained businesses and governments. Businesses, especially those with large, high-value networks, like financial services providers and energy companies, will require greater support cover not just nationally but regionally. A coordinated approach is critical to guiding national action and ensuring consistency and compatibility of action among nations. If regional governments are to secure their information and communications systems, identifying and investing in a central point of coordination for cybersecurity must be a top priority.

Implications: Governments must put aside petty internal and intra-regional differences and cooperate fully to ensure that cybercrime does not disrupt already fragile local economies and markets.

Mobile Phones, Mobile Apps, Mobile Services

Growth in mobile computing uptake and the availability of mobile apps that address local needs will continue. It will be driven by consumer-focused apps, but eventually business apps will catch on. As smartphones proliferate and mobile providers upgrade their networks to provide customers with faster mobile broadband access, software developers will have greater incentive to build apps. The improved user experience resulting from faster mobile data plans means that consumers will also have greater interest and incentive to use mobile apps and services.

Implications: The education sector must evolve to supply the human resources needed to support, not only the creation of digital content, but the development of new, digitally driven innovation and enterprises. This will create opportunity in the private and NGO sectors for training and capacity building beyond the traditional approaches.

Open Data

As governments increasingly recognize the potential of open data, they will move to make their datasets publicly accessible. Progressive administrations will seize the opportunity to demonstrate their commitment to transparency and accountability. Of course, they will also benefit by shortening the timeframe of new service roll-out and shifting the burden to innovators and entrepreneurs.

Implications: A huge opportunity has opened for entrepreneurs, researchers, and society. More public awareness is needed to stimulate innovation, collaboration and, most important, more efficient, personalized services for citizens.

Onward to 2012

There is wide recognition of the value of building knowledge-based economies and of investing in technology-driven systems. These are fundamental to economic and national development. There is also no denying that the technology revolution is exposing antiquated infrastructure and institutional processes; testing the philosophy and approach to education; highlighting the imperative for new approaches to human resource development; and creating new, strategic challenges for business, education, and political leaders alike.

Advances in technology have exacerbated the vulnerability of states to externally developed and controlled intellectual capital. The central role of information and communications technology in modern society amplifies the debate on priority and significance of deliberately cultivating and securing indigenous intellectual capital.
From all indications, 2012 will be a continuation of the positive trends and innovations that gained momentum in 2011. The most forward-thinking, innovative organizations will continue to adopt and deploy technologies to improve efficiencies and better engage customers and citizens.

In 2012, these developments in emerging markets will require strong, ethical leadership to ensure that investment in technology is matched by commitment to equitable social development.

Written by Bevil Wooding, Internet Strategist, Packet Clearing House

"FedRAMP is a government-wide effort, and represents the efforts of the Department of Defense (DoD), the Department of Homeland Security (DHS), the General Services Administration (GSA), the National Institute of Standards and Technology (NIST), and the Office of Management and Budget (OMB), amongst many others."

Some key FedRAMP benefits include:

• Saves significant cost, time and resources — do once, use many times
• Improves real-time security visibility
• Supports risk-based security management
• Provides transparency between government and cloud service providers (CSPs)
• Improves trustworthiness, reliability, consistency, and quality of the federal security authorization process

The full policy meme is located here on CIO.gov website.

The same crisis in data volumes is also occurring in the climate modelling and other fields as well.

Research and Education (R&E) networks for many years have been warning about this coming data tsunami. For the most part they have the capacity and the tools to easily enable the transfer of these large data volumes. No commercial networks have this capability at this time. But the biggest problem is a lot of this data is not being generated by universities or R&E organizations but commercial facilities closely aligned with the R&E community. Numerous bioinformatics companies, like SoftGenetics, DNAStar, DNAnexus and NextBio, have sprung up to as they have found life sciences a fertile market for products that handle large amounts of information.

This poses a real dilemma for many R&E networks, especially those who receive public funding. They cannot be seen to be competing with the private sector (even though commercial networks do not yet have the capability or technology to deliver such data volumes), and in many cases their stated public policies do not allow them to connect commercial facilities. Compounding this problem is that most of the modern computational tools needed to analyse this data are only available on commercial clouds. Academic HPC facilities and university based cloud solutions generally cannot scale as quickly as commercial cloud providers in providing as many cores as required on demand to analyse this data. As well many grad students and many small innovative businesses are developing the necessary analysis tools to work only on the commercial clouds, as they are driven by the revenue opportunity of "click compute" models offered by many commercial cloud providers.

R&E networks are thus conflicted. Academic institutions and commercial organizations need access to commercial clouds to analyse this torrent of data — yet their acceptable use policy may prohibit the interconnection to commercial facilities, especially if the other end of the connection is also a commercial organization. This is where Open Lightpath Exchanges can play a critical role, much like the earlier NAPs played in the early day of the commercialization of the Internet.

Open LightPath Exchanges, by their very definition are policy free. That means anyone can cross connect to anyone else regardless of whether they are commercial organizations or academic institutions. Open LightPath Exchanges are being established all around the world and many more are expected to be deployed in the coming year. A good background paper on Open LightPath Exchanges "Open Exchanges for Open Science" can be downloaded here [PDF].

Written by Bill St. Arnaud , Green IT Networking Consultant

From the report: "The vast majority of the data center traffic is not caused by end users but by the data centers and clouds themselves undertaking activities that are largely non-transparent to end users — like backup and replication. By 2015, 76 percent of data center traffic will remain within the data center itself as workloads migrate between various virtual machines and background tasks take place, 17 percent of the total traffic leaves the data center to be delivered to the end user, while an additional 7 percent of total traffic is generated between data centers through activities such as cloud-bursting, data replication and updates."

Cisco Global Cloud Index (2010 - 2015) Infographic

Cisco YouTube Animation: How Big Will Cloud Computing be in 2015?

More on Cisco's Cloud Index can be found here.

"German organizations face considerable challenges in managing an ever-growing number of mobile devices on their networks including tablets and smart phones," said Reinhard Stüwe, Business Unit Manager, Security, Computacenter Germany. "They also face pressure to reduce network management costs and successfully deploy virtualization and clouds. BlueCat Networks' scalable, easy-to-use IP Address Management solutions will help our clients address these challenges, as well as implement and manage new technologies like IPv6. We selected BlueCat Networks as our IP Address Management vendor of choice based on the strength of their cloud-ready technology and the stability of their organization both locally and globally. BlueCat Networks is a recognized leader in IP Address Management and this is an ideal partnership that will enhance our portfolio of network management products and cloud-based services."

"Organizations are beginning to realize that successful virtualization and cloud computing initiatives are IP-dependent and must be built from the IP address up," said Paul Couturier, VP, Sales, Europe, BlueCat Networks. "IP Address Management is critical for simplifying and automating IP infrastructure and core network services. Our strategic relationship with Computacenter will help us meet the growing demand for IPAM in the important German market where Computacenter's network solutions and services have been particularly well received."

BlueCat Networks' appliance-based software solutions provide a purpose-built platform for IP Address Management (IPAM) and DNS/DHCP core services. Deployed at some of the most demanding and secure organizations in the world, BlueCat Networks' physical and virtual appliances help public and private sector organizations improve security, lower costs and increase IT efficiency. BlueCat Networks' solutions also allow organizations to securely manage change and growth with unsurpassed scalability and future-ready support for IPv6 and DNSSEC. For a free trial of BlueCat Networks' IPAM solution, visit http://pages.bluecatnetworks.com/FreeTrial.

About Computacenter

Computacenter is Europe's leading independent provider of IT infrastructure services. The company can advise customers on their IT strategy, implement the most appropriate technology from a wide range of leading vendors and manage their technology infrastructures on their behalf. At every stage Compuatcenter make its customers' businesses sharper by removing cost, complexity and barriers to change across their IT infrastructures.

Compuatcenter's corporate and government clients are served by offices across the UK, Germany, France, the Benelux countries, Spain and South Africa. It also serves its customers' global requirements through its extensive partner network. For more information, visit: http://www.computacenter.com.

That reminds me about the sovereign debt crisis that has been all rage for the last couple of months. Everyone reading the news knew that the budget deficits and the government debt levels were ballooned to unforeseen levels in the Western world during the financial crisis of 2008-2009. Yet most governments and mainstream economists didn't see that as a big deal. After all, if there really was a problem, they surely would have seen it. Inertia aside, I think there is a rather interesting connect between the sovereign debt crisis and the next generation of network implementations.

When looking at which organizations are spending the most money on information technology, Western governments come pretty high up on the rankings. For example, the US government has an annual IT budget of roughly 80 billion US dollars, which is an extremely high number when you compare it to for example Microsoft's annual sales of roughly 70 billion US dollars per year. Once Western governments start looking at ways to cut costs, there is a very good chance information technology budgets will go under scrutiny.

In fact, there is already an ample body of evidence of this happening. Governments around the world are embracing cloud computing initiatives in order to reduce the inflated expense in information technology. The Cloud First Mandate issued by the US Federal Government about a year ago is a prime example of this trend, with the goal of reducing the IT budget by 25% through consolidation. And while the US Federal Government is obviously the eight hundred-pound gorilla as far as IT expenditure is concerned, also the smaller monkeys in the sovereign zoo are looking for ways to shed the extra fat they have accumulated during their debt-financed banana extravaganza. And in this particular diet, the savings will be realized by doing more with less, a proposition that is at the core of virtualized and cloud-based computing.

Due to inertia, it will of course take a while before the consolidation train is charging ahead at full steam. But once we get beyond the tipping point, I think two things will happen. First, organizations will not stop their virtualization and clouding initiatives at applications, but rather continue all the way to core network services such as DDI as well as software-based routing. Second, the new consolidated computing environments will include IPv6 support as a standard feature in order to protect the investments that have been made. Given the spending power most Western governments still do enjoy, I would expect this trend to have a spillover affect across the IT industry, from government to enterprises to service provisioning, because ultimately everyone is in the seek of better value.

As to when exactly we will reach the tipping point, it's hard to say. But in the interim, every penny that is borrowed to finance public spending, will stretch out the consolidation rubberband aimed at more efficient use of computing resources. After all, governments like any other organizations these days depend on information technology, so jumping off the train in an attempt to maintain the status quo will not be an option.

Written by Juha Holkkola, Managing Director of Nixu Software

It's kind of ironic that today's innovation in desktop anti-virus isn't really happening at the desktop; rather it's occurring in the cloud. Today, the best performing desktop anti-virus products pass copies of suspicious files and URL's up to their vendors cloud for detailed analysis and, in response, down comes a diagnostic of the file that was analyzed. Several vendors have been doing this for a number of years, but have only recently been promoting the "cloud" part. Apparently people are more comfortable with the cloud nowadays — go figure.

What advantages are there to using the "cloud" for anti-virus protection? Here are just a few that I've pulled from various literature I happened to come across:

• Scalability – the ability to keep pace with the ever-increasing volume of new malware.
• Efficiency – instead of analyzing the same piece of malware on ten thousand desktop computers, why not do it just once?
• Improved engines – there's only so much technology you can push down to a desktop. Advanced malware detection needs sophisticated automated analysis and dissection technologies that are too big to run side-by-side with Microsoft Excel.
• Global visibility – there are numerous advantages in being able to see a new piece of malware early on in its lifecycle. Having thousands or millions of "sensors" (i.e. customer deployments) means that there's a steady flood of timely material to analyze.
• Zero-day detection – the ability to employ sophisticated analysis engines that specialize in "edge case" malware detection makes it easier to spot those real zero-day threats.

Hidden within these anti-malware analysis clouds lie each vendor's latest innovations. That said, at the end of the day we're still talking about desktop anti-virus as a protection platform — with a software component installed upon the customer's (aka "victims") computer — which is worth a gripe all of its own. In a nutshell though, desktop anti-virus suffers from three critical problems:

1. Desktop anti-virus runs upon a desktop operating system, side by side other applications. There are too many ways in which the attacker can inject their malware onto the victim's computer and slip under the anti-virus product's protective gaze.
2. The bad guys have access to all these products and simply QA their latest malware samples to ensure that it evades. The malware they send out has already been proven to evade detection.
3. If the bad guys have physical access to your protection technology, they'll always be able to subvert and evade it.

An obvious remedy to these problems is to remove the protection elements from the bad guys grasp. In particular, move it off the desktop.

Despite the obvious advantages of using the cloud for malware analysis, I find it stupefying that some folks have only taken a half-way step in moving off the desktop and onto a dedicated network appliance — without making the logical leap to cloud-based malware analysis.

To be sure, there are a lot of products on the market that specialize in in-situ automated malware analysis. Earlier this year I discussed the canned sandboxing techniques that various vendors supply and a more detailed side-by-side comparison of the various Next Generation Anti-Virus [PDF] products. But, at the end of the day, why oh why would you want to run poisonous, evasive and downright dangerous criminal (and state-sponsored) malware inside your own organization's network? It's like setting off fireworks while you're still indoors!

Luckily, over the last couple of weeks though there's been substantial advancement in this area. Multiple security vendors are now adding advanced cloud-based malware analysis and disassembly to their network protection platforms. Basically augmenting their in-situ network detection systems with real-time advanced malware analysis — and doing it in such a way that it'll scale with the threat, provide the highest detection and analysis capabilities, and do it all without increasing the appliance cost.

Last week Palo Alto Networks (PAN) announced their new WildFire cloud-based anti-malware defenses, and this week Damballa launched their free (included in the latest release of Damballa Failsafe) cloud-based malware analysis platform. (Disclaimer: I am employed by Damballa, Inc.) I'm sure that there will be a handful of additional announcements from other vendors over the next few months.

While cloud-based malware analysis is obviously the way to go in dealing the advanced (and advancing) nature of the threat, I think there are still a bundle of questions that the industry will need to somehow figure out how to answer. In particular, as with most things "cloud", it's often a little foggy as to what's going on behind the scenes.

A key question going forward is going to relate to the apples-to-apples comparisons between the various cloud-based malware analysis platforms and their capabilities in identifying and dissecting the latest threat advances. I suspect that vendors are going to have to open the kimono a little more — perhaps providing insight in to what overriding technologies they employ (e.g. virtual machines, emulators, bare-metal, KVM automation, etc.) when executing their malware analysis and maybe even the pedigree of the folks tasked with supporting and innovating within that cloud framework.

In the future, customers are going to have to figure out which anti-malware cloud is better than the other. In the meantime though, it would appear that Next Generation Anti-Virus is finally proceeding down a path that actually makes an impact on malware-based cybercrime and targeted attacks.

Written by Gunter Ollmann, VP of Research at Damballa

Early federal steps to formalizing regulation of private sector IT security are already underway with different approaches being taken by different agencies. For example, the Department of Defense is employing a FISMA-based approach in a rulemaking that would require contractors "to implement adequate security measures to safeguard unclassified DoD information...." The proposed rule would mandate that the "information security program shall implement, at a minimum, the specified National Institute of Standards and Technology (NIST) Special Publication (SP) 800 — 53 security controls..."

A very different approach to private sector cybersecurity has been taken by the Federal Reserve with respect to debit card transactions. The agency's interim rule for debit card cybersecurity/fruad prevention takes a non-prescriptive approach to regulation. In making their decision the Federal Reserve explained that "[s]pecifying, and limiting the set of, technologies for which issuers recover their costs may weaken the long-term effectiveness of these technologies." Although the non-prescriptive route offers financial service firms greater flexibility, one downside is that the rule, which is part of a price cap proceeding, effectively limits the resources card issuers are able to spend on security.

The Securities and Exchange Commission (SEC) is taking a reporting-based approach to private sector cybersecurity. The SEC's new guidance states that "cybersecurity risk disclosure provided must adequately describe the nature of the material risks and specify how each risk affects the registrant." Moreover, a publicly traded company "may need to disclose known or threatened cyber incidents to place the discussion of cybersecurity risks in context." Meanwhile, the FBI is taking a very different approach to cybersecurity by calling for a secure, limited access alternative internet to support critical government and corporate functions.

Agencies' approaches to cybersecurity risk management are being driven by their different statutory responsibilities and authorities rather than reflecting regulatory mechanisms which have been tailored to the needs to different industries. Although a one-size-fits-all federal attitude toward cybersecurity regulation is not necessarily beneficial, neither is an ad hoc modus operandi.

Instead, there is a need for a national dialog to ventilate cyber-regulatory issues, preferably prior to additional regulatory and legislative activities. Stakeholders which would need to be represented in the dialog include agencies with technical expertise, such as NIST, regulatory agencies including the independent ones (FCC, FERC, etc), various industry sectors including small business representatives, state and local governments, civil society, academia, and major trading partners. NIST's Risk Management Framework could help provide structure to the discussions.

One of the most important issues that needs to be explored is what entities would potentially be subject to regulation. "Critical infrastructure" is a convenient term to describe entities which may be cyber-regulated but not one which has well defined boundaries. For example, development of the Smart Grid could mean that home internet connections may be considered as critical infrastructure and subject to security regulation. Thus, there could be security-related regulation of everything from the design of home appliances to the use of home computers.

The twin issues of liability and accountability also need to thoroughly explored before new cybersceurity regulations are developed. If a regulated company experiences a security breach, who is at fault from a regulatory compliance viewpoint? The company? Their IT vendors? The company that wrote the software program containing a vulnerability that was exploited? The possibilities for liability and blame-shifting are endless. All that's clear at this point is that everyone from code writers to cloud vendors may be subject to federal cybersecurity regulation.

The possibilities for IT security conformity assessment requirements are also open-ended. Possibilities include Sarbanes-Oxley style independent audits and certification by senior corporate officers as well as numerous alternative mechanisms.

The sooner a broad-based structured dialog begins, the better. An Interactive Public Docket such as FISMA Focus could serve as an inclusive, transparent mechanism facilitating the dialog. Principles which should govern development of cyber-regulation, including cost effectiveness, should be the first discussion topic.

Written by Bruce Levinson, Senior Vice President, Regulatory Intervention

The new HA model introduces support for Virtual IP (VIP) address option, providing a simplified alternative to external load balancers running in front of Hot-Standby (HSB) replicated pair of Nixu NameSurfer server instances. By allowing communication with highly available Nixu NameSurfer DDI management platform through a VIP, only a single IP address needs to be configured into the integrated DNS secondaries and remote DHCP server instances. Coupled with an enhanced service guard and a watchdog that actively monitors the health of the HSB server pair, the new version is ideally suited for organizations with stringent Service Level Agreements (SLA).

Nixu NameSurfer Suite 7.0.2 also includes new dashboard widgets and several subtle usability enhancements in its IPAM module. The goal of these changes has been to simplify network managers' lives and to further reduce the Operating Expense associated with DDI. Nixu Software expects to continue this work in all the upcoming Nixu DDI product releases.

Juha Holkkola, the Managing Director of Nixu Software commented: "Last summer, we introduced the motto "In Control. At Peace.". The latest Nixu NameSurfer release shows that it is not an empty promise. Nixu Software is there to make DDI environments extremely reliable and easy to manage, so whenever we see opportunities for optimizing these areas, we spare no effort."

Find out more about Nixu NameSurfer Suite and download a free evaluation.