The PRIMERGY RX200 server gains pole position in VMware’s latest industry benchmark
We are pleased to announce that our PRIMERGY RX200 S6 rack server holds pole position in VMware’s new VMmark V2.0 industry benchmark, (which is now extended to measure servers on both performance and scalability for applications running in virtualized environments in a multi-host virtual environment).
The world-record holding RX300 S6 tops TCP-E price performance
benchmarks as Fujitsu claims top 4 spots
PRIMERGY RX rack servers have retained all three top slots in TPC-E price-performance tests for more than two months, making Fujitsu the first vendor to sustain triple top results in two and a half years. The RX300 S6 which is currently ranked 1st, holds the TPC-E benchmark world record for best price/performance in online transactional database processing (OLTP).
You may not want to think about your taxes until Tax Day on April 15, but online scammers are already plotting to separate you from your tax refund and your identity. Scams for the 2011 tax season include promises of tax credits for charitable donations to disaster relief in Japan, malware-laden Websites optimized for search engines, dangerous e-mail, and so-called 'likejacking' techniques found on the social network Facebook.
About 19 million people have already filed their taxes at home in 2011, an increase of almost 6 percent from the year previous, according to the Internal Revenue Service. Consequently, this time of year is ripe for tax-related online scams. Crooks know that taxpayers are looking for information on deductions and tax laws. They know that this is the time of year when taxpayers submit personal information online and store sensitive financial documents on their hard drives.
Jennifer Torode, a spokesperson for the security firm Sophos, says that most of us wait until the last minute to file our tax forms. Scammers know this and "take advantage over the next few weeks to find ways to lure frantic filers into their webs," she says.
Here are five tips to help you avoid getting ensnared by tax scammers this tax season.
1. Japan Quake Scam
Among the newest scams for 2011 are bogus e-mail messages promising a tax credit applicable to your 2010 tax return if you make a charitable donation to Japan earthquake relief, according to McAfee consultant and identity theft expert Robert Siciliano. "The scam is based on the ruse being similar to a real law passed last year regarding Haiti," Siciliano said. In January 2010, Congress passed the Haiti Assistance Income Tax Incentive Act that allowed taxpayers to contribute to Haiti relief from January 11 to March 1, 2010 and claim it on their 2009 tax return. So far, the government has not established any retroactive tax rules involving this year's relief effort for Japan.
Tip: You can find many earthquake relief scams online; however, it's not clear how prevalent this particular scam is. For more information on how to make tax-deductible donations safely and effectively, consult this notice on IRS.gov.
2. Gone Phishing
One of the most popular ways to scam people during tax season is to set up Websites that look as if they are an official IRS site or a legitimate tax preparation service. "We have seen some scammers pretending to be tax preparation services, abusing brand names such as TurboTax, to obtain people's personal details," said Richard Wang, manager for Sophos Labs.
Other sites are designed to trick you into downloading a PDF file laden with malware, according to Jeff Horne, director of threat research for the security company Webroot. Horne also warns that sites may try to sneak malware onto your machine using a technique called a "drive-by download." Such sites contain code looking for exploits in your browser that will enable them to download malware onto your system without your knowledge. Merely by using a vulnerable browser to visit a site, you can be victimized with bad guys wielding this technique.
Once tax-related malware is loaded on your machine, it can set up a keylogger to track everything you type into your computer, or it can search your saved documents for keywords related to tax season such as "social security" or "1040."
Tip: The best defense against drive-by downloads is to make sure that you always use the latest version of a modern Web browser, such as Google Chrome or Mozilla Firefox.
3. Black Hat SEO
One of the tricks that crooks use to lure victims into a scam is to optimize their sites for Google searches, a technique known as "black hat SEO" (the acronym stands for "search engine optimization"). Horne suspects that these sites use resources such as Google Trends and Google Insights to discover the types of tax-related searches people are requesting. Once criminals have figured out some of the more popular keywords for this year's tax searches it's not difficult for them to optimize their bogus sites for search engines.
Tip: "Never use search engines to search for tax documents," Horne said. Instead, go directly to the government site (such as IRS.gov, USA.gov, or an individual state government site ending in '.gov') to look for tax forms and other tax information.
Once you "like" the site, an external link will show up in your Facebook news feed with a scam message such as, "I just got $500 by using this free tax preparation service." Friends who see that message may be tempted to click the link leading them to a phishing site or a spam site looking to increase its ad revenue by generating Web traffic.Note, however, that some legitimate tax preparation services are promoted on Facebook by institutions such as universities as well by individual friends.
Tip: Don't choose a tax preparation service on the basis of Facebook message attributed to a friend. At the very least, talk to the friend directly to confirm that he or she endorses the service.
5. Phony E-Mail
Despite a high degree of public awareness about the dangers of spam e-mail, online scammers find this method profitable enough to keep using it. One trick to watch out for is a message supposedly from the IRS asking you to download a tax form.Another is an attempt to lure you to a phony Website to claim a refund. Once you're at the site, you may fall victim to a drive-by download or the site may ask you to divulge your social security number in order to see details of your supposed refund.
Tip: The IRS will never send you an e-mail message with a request for your personal information or with tax forms attached.
Protect Yourself Tips
With so many scams going around, it's difficult to know how to keep yourself safe online. However, Horne identifies six steps that you can take to thwart the bad guys:
1. Before you do your taxes, make sure that your antivirus software is up-to-date. That way, your program will be on the lookout for the latest known threats.
2. Be careful about which browser you use when dealing with tax-related information online. Make sure that you are using the most recent version of your browser so that you have the latest security patches. Using Mozilla's Firefox running the popular add-on NoScript to defend against drive-by downloads is a good idea. And if you are among the 3 percent of online Americans still using Internet Explorer 6, dump it for the latest version of IE available for your operating system--or use a different popular browser such as Chrome or Firefox.
3. Never use a search engine to look for government documents. Instead, go directly to sites such as IRS.gov, USA.gov, or individual state government sites ending in .gov, and search for forms there.
4. Never open or download attachments included with messages claiming to be from the IRS. The wisest course may be to refrain from opening any unsolicited tax-related e-mail message, as some poisoned messages use HTML to exploit weaknesses in your browser and initiate a drive-by download.
5. Never do your taxes over an unencrypted wireless connection such as free Wi-Fi at Starbucks. At home, even if you use the latest wireless security encryption standards such as WPA2 there, you are better off breaking out the LAN cable and using a wired connection when dealing with sensitive financial information.
6. Once you're finished filing your taxes for this year, make sure that you move all of your tax-related files for safe keeping to a USB key, an external hard drive, or some other form of removable storage. Then wipe all tax files off your computer's hard drive. Tax-related malware may lurk online long after tax season is over, according to Horne. If you happen to get infected, and you've stored your tax forms in a special folder on your PC, it won't take much for a scammer to steal your identity.
One in 7 information technology companies have not reported data breaches or losses to outside government agencies, authorities or stockholders.
In addition, only 3 out of 10 said they report all data breaches and losses suffered related to intellectual property, while 1 in 10 organizations will only report data breaches and losses that they are legally obliged to report, and no more. Six in 10 said they currently "pick and choose" the breaches and losses of sensitive data they decide to report, "depending on how they feel about them."
Those were some of the key findings from a McAfee and Science Applications International Corp. (SAIC) survey that queried 1,000 technology managers in the U.S., United Kingdom, Japan, China, India, Brazil and the Middle East on questions about intellectual property and security.
The report, entitled "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency," said the main reasons for not disclosing data breaches are fear of media coverage, damage to the brand and shareholder value. "The admission of a significant vulnerability could flag other attackers so very few companies are willing to be public about intellectual capital losses," the report says (see "'Political' cyberattacks hit half of large companies").
John Dasher, senior director of data protection at McAfee, said that "losing some of your crown jewels" would in theory be considered a matter that should be disclosed to shareholders as important information of material interest or for other legal reasons.
"But most of them aren't reporting," says Scott Aken, vice president for cyberoperations at SAIC, who called the survey results surprising. Another finding of the survey, that about 25% of the organizations "had a merger or acquisition or product rollout stopped by a data breach," was also a surprise to Aken. "Sometimes companies don't know they had a data breach and only find out months later," he said. It disrupts operations.
The report also says the economic recession has impacted how organizations are looking at where they store sensitive data such as intellectual property, proprietary information and trade secrets.
"More than half of organizations studied are reassessing the risks of processing data outside of their home country due to the economic downturn, compared to 4 in 10 in 2008," the report states. Countries that have "leniency in privacy and notification laws" are attractive to organizations. But 9 out of 10 organizations that store sensitive information abroad do view some countries as safer than others. China, Russia and Pakistan were considered the least safe, while the U.K., Germany and the U.S. were seen as the safest.
The McAfee/SAIC report argues that the target of cybercriminals is shifting from stealing things like credit cards and Social Security numbers to sensitive and proprietary content that can be sold on the underground market to foreign competitors or governments
Discus Systems today launched a revitalised customer newsletter. A mixture of humour (The IT Support Guy), company news, what's happening in IT, and Damien's 'Tips 'n Tricks', the Diviner seeks to be engaging and informative.
Research in Motion announced today that users of Microsoft's Office 365 cloud service, which is expected to be available by 2012 and provide Exchange, Office, and other Microsoft technologies from a hosted environment, will support BlackBerry devices. Although there will be no monthly charge per user, businesses will still need to pay for a master BlackBerry enterprise service plan. RIM also said that Microsoft is now letting customers of Business Productivity Onine Standard -- Office 365's predecessor -- manage BlackBerrys with no monthly fee beyond the master service plan cost.
RIM will host the BlackBerry management service, interfacing with the Office 365's Exchange instance and its ActveSync policies. RIM says the available policies will be the same as available through RIM's standalone BlackBerry Enterprise Server, so users will not be limited to just Exchange's policy options.
[ Learn how to manage iPhones, Androids, BlackBerrys, and other smartphones in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter. ]
RIM also announced it was expanding its other cloud offerings, including making its free BlackBerry Protect tool more broadly available. The tool lets users lock or wipe a lost or stolen BlackBerry, as well as have it ring in a loud tone to help users find one hiding under a couch or in a deskful of papers. Apple offers a similar free service called Find My iPhone, and some Motorola Android devices have the same capability through its free MotoBlur service.
This article, "RIM to offer BlackBerry management via Office 365," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest developments in business technology news, follow InfoWorld.com on Twitter.
Read more about mobile technology in InfoWorld's Mobile Technology Channel.
With the theft of sensitive data about RSA's SecurID technology, large businesses should reassess the risks to the assets the two-factor authentication deployment is supposed to protect, a risk management expert advises.
"You have to ask yourself if you are a big enough shop that you could be a target," says John Pironti, president of IP Architects, a security consulting firm. That's because attackers who might make use of the stolen information will look for victims that have the richest cache of data to loot, he says.
GET THE DETAILS: The RSA Hack FAQ
Whereas before the theft businesses might have had a high degree of confidence that SecurID was a strong authentication protection, now they should consider that it might be compromised, Pironti says.
RSA hasn't detailed what was stolen, but the fact that the company made a public announcement -- including a filing with the Security and Exchange Commission -- indicates that some fundamental piece of the technology has fallen into attackers' hands, he says, and businesses need to take specific steps:
1. Update their threat and vulnerability analysis to elevate SecurID as a potential vulnerability. Many businesses regarded the technology as solid and not representing a significant source of vulnerability, Pironti says.
2. Pore over logs looking for failed login attempts using false user names.
3. Monitor failed SecurID attempts, something that might not have been done because the technology was trusted. In general, security personnel should pay more attention to the activities of employees using SecurID.
4. Consider alternatives to go to if it turns out SecurID has in fact been compromised. In that case businesses should start looking for a third factor for authentication such as smartcards, biometrics or digital certificates and perhaps consider migrating away from SecurID, he says.
Worst case: Thieves stole the master key to RSA's pseudo-random number generator and can manufacture phony ones to break into corporate networks, Pironti says.
So far there's no evidence that has happened, but if it does, businesses need to have a fallback plan for what they will do, Pironti says. "The system would still require a user name and password, but now you have reduced confidence that this is the person who they say it is," he says.
Because of the capital and operational costs of deploying SecurID, it is almost always used to protect access to businesses' most valued assets and high-value transactions, Pironti says, so anything protected by it is a likely target.
He leans toward believing the thieves stole something fundamental to how SecurID works, not something that could be used against particular customers or particular environments. Otherwise RSA would have kept the incident low-key, contacting only those customers affected. The general announcement indicates that any SecurID customer faces a new risk, he says.
He says he hasn't heard about any increase in compromised networks that are protected by SecureID. "There haven't been spikes in public breach activity," he says.
Pironti has been telling his clients that stealing core security technology is a prime target of attackers because that can undermine the security of vast amounts of data and transactions. "It's a great business opportunity from a hacker's standpoint," he says.
Read more about wide area network in Network World's Wide Area Network section.
Intel pre-launched its Sandy Bridge Xeon E3-1200 series of processors on Tuesday, letting the world know that it intends to dominate the new micro server market being created by SeaMicro, Dell, Tyan, Calxeda, and others.
SeaMicro is making a lot of noise about its Atom-based SM10000 machines, which cram 512 cores into a 10U chassis, and Tyan and Dell are already offering single-socket, Xeon-based micro servers that slide into rack enclosures more densely – and more cheaply – than commercial blade servers.
Calxeda, which is building ARM-based micro servers, said yesterday that it would be able to put 120 servers, with a total of 480 ARM cores, into a 2U chassis using a micro server design that includes an on-chip fabric interconnect.
None of these machines is a volume product yet, and none is suitable for all workloads. But Intel wants everyone to know that the impending Xeon E3-1200 series chips, as well as next year's Xeon and Atom processors, are a perfect fit for micro servers.
That said, the Xeon E3-1200 chips and the Cougar Point C202 and C204 chipsets previewed today are not just for micro servers. They can be used in any single-socket server, be it a rack, tower, blade, or micro rack/blade hybrid machine.
These forthcoming Xeon chips come out of Intel's Data Center Group, which designs and makes server and workstation processors, chipsets, and networking chips. They are only available for servers, according to an Intel spokesperson. Single-socket workstations will apparently use different parts, likely because they'll have embedded graphics processors unlike the server variants of the Xeon E3-1200s previewed today. The workstation chips will probably also offer customers the option of having more cores and discrete, external graphics cards, too.
There are seven Xeon E3-1200 chips, six with four cores and one with only two cores. There is one high-end 95 watt part and four 80 watt parts. Two of the chips, which sport the L designation, are low-voltage parts probably of most interest to those interested in micro servers. The two-core version, the E3-1220L, spins at 2.2GHz and only dissipates 20 watts using Intel's thermal design point (TDP) metric for gauging power consumption and heat dissipation. The four core version, the E3-1260L, runs at 2.4GHz and warms up to 45 watts.
All of the new chips support the second generation of Intel's Turbo Boost technology, which lets a core's clock run faster if the other cores are not busy doing too much work. All of the chips have two DDR3 memory channels and support four memory slots for a maximum of 32GB of main memory – which is fine for a single-socket server, micro or otherwise. Memory chips only run at one speed, 1.33GHz.
All of the chips but the E31220 have HyperThreading support as well, which virtualizes each core such that the operating system or hypervisor running atop of the chip sees two instruction streams for every core, helping each chip get more work done on multithreaded jobs.
In a conference call Tuesday with analysts and journalists, Boyd Davis, general manager of marketing at the Data Center Group, revealed neither the chips' pricing nor a precise launch date, but did say they would be out in "the next few weeks." The official launch will likely be just ahead of or during the Intel Developer Forum event in Beijing on April 12 and 13 – but Davis wouldn't say. All of the chips, including the 20 watt and 45 watt parts, are in production now.
In the second half of this year, Intel will kick out another Sandy Bridge part that will be rated at 15 watts, and the company is working on a variant of the Atom processor that has 64-bit addressing, VT-x virtualization electronics, and ECC memory scrubbing that will launch in 2012 and that will deliver sub-10 watt thermals.
As far as Intel is concerned, micro servers are just one of a number of "density optimized" machines for which it needs to create chips: half-height blade servers, half-width rack server nodes, and micro servers that cram a dozen or two servers into a chassis that provides shared power and cooling for the nodes. In a sense, these micro server enclosures are like tiny rack servers in their own right, extracting the shared components out of the machines for more power efficiency and density.
In this sense, they are merely rack servers done right.
Intel understands that people are excited about micro servers using Atom, ARM, and other processors, but Davis says it is important not to get carried away because "wimpy nodes" are not for everyone.
"We are pretty excited about the micro server category for very specific workloads," explained Davis, "but 97 per cent of the volume we sell to cloud service providers today are for two-socket servers." And these tend to use regular Xeon EP processors.
That said, Intel thinks that micro servers will find a home at many companies, and could account for as much as 10 per cent of the server-chip opportunity for Intel in the next four to five years. These machines, explained Davis, are good for basic content delivery, lightweight Web serving (particularly for static content), basic email and online application serving, and low-end dedicated hosting where companies still want a whole physical server to themselves.
Intel also trotted out Gio Coglitore, director of Facebook Labs, the arm of the social media giant that tests out future code on iron to see what kinds of servers it needs, who made a case for what he called "realization" of servers – that's as opposed to virtualization.
While Coglitore would not talk specifically about the server and network topology of the Facebook workloads, he said that Facebook had big back-end databases, memcached servers front-ending these databases, and then Web servers fielding-up pages. Because of the way the company has coded its applications, they do not lend themselves to running atop hypervisors, Coglitore said, and added that while Facebook has not yet deployed micro servers, it had tested them at the node level and said that it was possible that it might deploy micro server machines in late 2011 or 2012.
And for those who think that Facebook workloads might work well on 32-bit architectures, Coglitore is having none of that. "For us, 64-bit is crucial because we are not going to port our code down to 32-bits," Coglitore said.
Coglitore also said that adding lots of memory to servers was important for Facebook's performance, so 32-bit machines' 4GB limit would be inappropriate, whether they are Atom or ARM chips. The Cortex-A15 ARM chip, by the way, will have a funky 40-bit memory addressing scheme that may help, but it's not clear when ARM Holdings will push up to 64-bits with its designs.
Instead of doing load-balancing within a data center atop hypervisors, Facebook does load-balancing across nodes in a data center, which have redundant data. It then, if need be, does failover of physical machines across data centers. With this already working, and running as lean and mean as Facebook can make it, it's no wonder that the company just wants some compact servers that burn as little juice as possible to run the simpler parts of its workloads.
Facebook is a big buyer of bespoke servers made by Dell's Data Center Solutions unit, and it seems likely that if anyone wins the micro server contract at Facebook, it will be Del with a variant of the Viking chassis and Dragon servers that the company was showing off last September.
Intel doesn't want to step on the enthusiasm some are showing for the Atom processor, but at the same time the company still thinks that most micro servers will use Xeon E3s, not Atoms. "We're super excited about what SeaMicro is doing with Atom, but we think we can do better," Davis said.
SeaMicro has been very clear that it will use whatever chip that its customers want in its SM10000 server designs, and has said that it can plunk in Xeon, Opteron, or ARM processors into its boards and hook them into the network fabric it created for the SM10000, no problem. It would not be at all surprising to see a Xeon E3 variant of the box soon, and well ahead of next year's ECC-enabled Atom processor.
Educational institutions and social networks are the worst when it comes to leaving their Web sites exposed to known vulnerabilities, with health care and banks doing the best, according to a study by WhiteHat Security.
According to its 11th annual Web Site Security Statistics Report, 71% of schools have unpatched software vulnerabilities on their Web servers all the time, while 58% of social networking sites always have such vulnerabilities. By contrast, 14% of health care organizations and 16% of banks have unpatched vulnerabilities all the time. The average for all business sectors was 44%.
IN DEPTH: What do security auditors really think?
Banks also showed well in the percentage that had vulnerabilities less than 30 days per year, with a measure of 51%. Financial services was No. 2 with 22%, the report says. The average was 16%.
WhiteHat's data was drawn from 400 businesses who outsource Web site vulnerability management to the firm.
Banks did well in the overall number of vulnerabilities they had during the year, with an average of 30. The average for all business sectors was 230. Retail stores faced the highest number of vulnerabilities with 404, WhiteHat says.
"While no industry approached anywhere near zero for an annual average, banking, health care and manufacturing performed the best out of all the industries with 30, 33 and 35 serious vulnerabilities respectively per Web site during 2010 for a rough average of 2.5 or so vulnerabilities per month," the WhiteHat report says. "On the opposite end of the spectrum, Retail, Financial Services and Telecommunications, whose Web sites had the most reported issues, measured 404, 266 and 215 serious vulnerabilities per site -- or between 18 and 34 per month."
Simply being exposed doesn't accurately indicate the likelihood a site will suffer an attack, the report says. Some types of vulnerabilities appear more often. For example, the chances that information leakage and cross-site scripting vulnerabilities show up on a Web site are 64%; the chances for content spoofing are No. 3 with 43%, the report says.
The other seven vulnerabilities in the top 10, in order, are cross-site request forgery, brute force, insufficient authorization, predictable resource location, SQL injection, session fixation and abuse of functionality, WhiteHat says.
The time it takes to fix vulnerabilities once they are identified is a key measure of site security, WhiteHat says. Banking does best there, with half of its vulnerabilities remediated within 13 days. Telecommunications sites are the worst, with it taking 205 days to remediate half of its Web site vulnerabilities, the report says. The average across all businesses is 116 days.
"From a risk management perspective, if the organization is a target of opportunity, perhaps a goal of being at or above average is good enough," the report says. "If, however, the organization is a target of choice, either ASAP or being among the fastest is more appropriate."
When Biogen Idec considered a move to the cloud, cost savings was not the primary concern. For a biotechnology company that lives and dies by its research division, the ability to quickly spin up computer resources for its scientists was far more important.
A pioneer in treatments for multiple sclerosis, Biogen Idec needed to quickly assign computing resources to support its researchers. Yet, provisioning servers and applications to new projects requires a lot of planning, effort and support, says William Hayes, director of IT for the R&D section's decision support group.
"One of the things that was a challenge for us is to get servers deployed so we can use them," Hayes says. "It takes anywhere from weeks, for virtual servers, to months, for physical servers."
[For timely cloud computing news and expert analysis, see CIO.com's Cloud Computing Drilldown section. ]
The company's foray into cloud promises to change that, he says. Using an enterprise cloud gateway from CloudSwitch, the company can securely allocate new servers within a few minutes and at half the cost of using internal infrastructure, says Hayes.
1. First Wins Will Be Quick
In fact, the company has reduced the time to create a new server to less than ten minutes, he says. An IT manager can log into a Web site and create a Red Hat server or an Ubuntu server within a few minutes. Because the research groups have such disparate demands, the flexibility of quickly creating instances of different types of servers is a huge benefit, Hayes says.
"We tend to need a lot of throwaway servers of different sources, and in a lot of cases we need nonstandard servers," Hayes says.
The need for quickly-provisioned resources is common among companies that focus on R&D, says Ellen Rubin, founder and vice president of products at CloudSwitch, a startup that focuses on easing access to cloud resources, especially for companies with legacy apps.
"These companies often can't get the physical IT resources quickly enough," she says. "Cloud is an inherently attractive thing for these companies."
2. Paying for Cloud Can Be Tricky
One downside to many cloud services, such as Amazon's EC2, it their relatively inflexibility in terms of payment. It may seem odd, but many companies do not allow recurring payments through credit-card accounts.
Like many firms, Biogen Idec works on a purchase order basis; the IT department does not have a credit card that they can use to pay large recurring expenses. That created a problem when signing up for an account with Amazon's Elastic Computing Cloud service.
"You have to be very creative in how you pay Amazon," Biogen Idec's Hayes says. "We have actually contracted with an outside firm to pay Amazon and then bill us."
The lesson for many IT managers is that, while cloud technology highlights advances in delivering affordable and flexible computing to companies, many companies internal processes are much slower to advance. Getting accounting departments to change their policies to handle computing resources as operational expenses, rather than capital expenditures, will take a while, he says.
3. Per-Server Cost Savings Add Up
While Biogen Idec was not searching for a way to reduce the cost of provisioning researchers with computing resources, the savings helped sell Hayes on the benefits of cloud computing. Moreover, when implementing well-tested services to production servers, the cost savings mattered more than agility, he says.
While Hayes would not discuss the costs of Amazon's service and the licensing costs of CloudSwitch, the cost for a fully-provisioned virtual server in the cloud was less than half that of a physical server over a period of three years. In addition, the ability to only pay for a server during work hours, as opposed to paying operational costs every day, reduces the expense even more, he says.
"I'm still astounded by how cheap this is," he says.
4. Protect Against Accidental Shutdown
Yet, companies that put critical data in the cloud should beware that they could be setting themselves up for a serious business disaster. While denial-of-service attacks--such the revenge attacks inspired by the controversy surrounding Wikileaks--are a major concern, simply failing to pay your bill could result in being disconnected from critical data, says Hayes.
"The cloud computing services, if you don't pay the bill, they will shut you down," Hayes says. "It is kind of hard to explain to your company that because finance could not pay the bill on time that you have a lot of interesting personal computers sitting on people's desktops."
The lesson for CIOs, Hayes says, is whether a company's infrastructure depends on cloud computing or co-location facilities, the firm that manages your information technology controls your servers.
5. Security Not All Good or Bad
One reason that Biogen Idec chose to use CloudSwitch to manage its cloud infrastructure is because the firm worried about putting its research data on servers rubbing shoulders with other servers in Amazon's cloud. CloudSwitch adds a middleware layer that encrypts all data that travels outside a company's network and gives managers a single view of their resources, both from internal networks and from the cloud.
While placing data outside the corporate firewall makes any IT security manger nervous, Hayes says that Biogen Idec's security group is "fairly comfortable" with the technology.
"You don't get a 'this is good' or 'this is bad,'" he says. "You get a degree of goodness and badness."