Business Tech

IBM said Monday that it has acquired database security firm Guardium.

Guardium is a leading vendor in monitoring and protecting databases for large enterprises. In addition to securing the data and watching database activity, Guardium's technology can automate certain tasks to assist businesses with regulatory compliance, said IBM. Big Blue expects the acquisition to help its customers better shield their critical databases against both external and internal threats.

Guardium can check for specific patterns and anomalies when information is accessed, said IBM, allowing enterprises to maintain the integrity of their data. Guardium's technology can also detect fraud and unauthorized access to a database by way of an enterprise application, such as a company's ERP or CRM software.

"Organizations are grappling with government mandates, industry standards and business demands to ensure that their critical data is protected against internal and external threats," said Arvind Krishna, general manager of IBM Information Management, in a statement. "This acquisition is another significant step in our abilities to help clients govern and monitor their data, and ultimately make their information more secure throughout its lifecycle."

Guardium, a privately held company based in Waltham, Mass., will be integrated into IBM's Information Management Software portfolio.

Big Blue hasn't been shy about buying companies this year to increase the scope of its business services. In July, the company picked up analytics and information forecaster SPSS for $1.2 billion. With security a vital need for its customers, IBM also acquired security provider Ounce Labs around the same time.

Financial terms of the Guardium deal were not disclosed.

Peter Klein, Microsoft's new CFO

(Credit: Microsoft)

Microsoft Chief Financial Officer Chris Liddell is leaving the company at the end of the year, the company announced Tuesday.

Liddell has been Microsoft's CFO since 2005, but the past 18 months have been especially long, as Microsoft debated whether to acquire Yahoo and navigated the choppy waters of the recession with its first-ever companywide layoffs. He will be replaced by Peter Klein, who had been serving as CFO of the company's Business Division, which develops and sells Microsoft Office.

In a statement, Liddell said he was looking to do something with his career beyond serving in the chief finance role.

"Chris and his finance team have accomplished a great deal over the past four and a half years. The team is deep and strong, and has an excellent record of building value for our shareholders," CEO Steve Ballmer said in prepared remarks distributed by Microsoft.

As of the close of Tuesday's stock market, the value of Microsoft's stock had increased by 18 percent since Liddell made his debut as CFO.

This story was clarified on Wednesday to reflect that the layoffs referenced above were Microsoft's first companywide layoffs. In the past, the company has cut jobs in specific units.

Hewlett-Packard on Monday reported fourth-quarter earnings that were in line with a preliminary release last week, when the company announced plans to acquire 3Com.

For the quarter, the company reported earnings of $1.14 per share on $30.8 billion in sales. Analysts had been expecting $1.13 per share on $30.4 billion.

For the full year, the company reported earnings of $3.85 per share on sales of $114.6 billion.

Looking ahead, the company forecast earnings of $1.03 to $1.05 per share on sales of $29.6 billion to $29.9 billion for the first quarter--which would include the holiday season....

Read more of "HP reports Q4; raises outlook for 2010" at ZDNet's Between the Lines.

Cloud computing is luring more businesses with its promise of minimal maintenance and low costs. But are companies putting their data at risk?

A new, free report released Friday by the European Network and Information Security Agency (ENISA) outlines the benefits and potential pitfalls of cloud computing. Based on an ongoing survey, the 123-page report, "Cloud Computing: Benefits, Risks and Recommendations for Information Security" (PDF), also offers recommendations to businesses on how to minimize the risks of entrusing their data to a cloud provider.

The benefits of cloud computing as described by ENISA are clear. Business content and services are always available. Companies can reduce costs by not overspending on the capacity of their own data centers. They can also scale up or down, depending on the services they use, and pay for those services only as needed. Internal IT is freed up by not having to implement or maintain certain hardware or software.

As more businesses hop onto the cloud, IDC expects worldwide spending on cloud services to hit $17.4 billion, revving up to $44.2 billion by 2013.

But cloud computing poses certain key risks.

"The picture we got back from the survey was clear," Giles Hogben, editor of the ENISA report, said in a statement. "The business case for cloud computing is obvious--it's computing on tap, available instantly, commitment-free and on-demand. But the number one issue holding many people back is security--how can I know if it's safe to trust the cloud provider with my data and in some cases my entire business infrastructure?"

Though cloud-service providers promise 24-by-7 availability, their data centers can go down. Security is out of the hands of the customer, who must place trust in the service provider. Customers become dependent on a single provider and may face challenges if data and services need to be migrated to a different provider. By entrusting data to the cloud, companies could face risks and challenges from regulatory audits. Further, some cloud providers may not fully and properly delete data even if a customer requests it.

In its report, ENISA outlines measures companies can take when dealing with cloud-service providers.

Companies must perform risk assessments, comparing the potential risks of storing data in the cloud with keeping files in an internal data center. Companies must also compare different cloud providers to narrow the list and then obtain service-level assurances from selected providers. Further, customers should clearly specify which services and tasks will be handled by internal IT and which by the cloud provider.

The report includes a checklist and detailed questions that customers can use when shopping for a cloud provider.

With the right provider, data can be safe and secure in the cloud. In fact, security with a cloud provider can be even more robust, flexible, and quicker to implement than when done internally. ENISA Executive Director Udo Helmbrecht noted in a statement: "The scale and flexibility of cloud computing gives the providers a security edge. For example, providers can instantly call on extra defensive resources like filtering and re-routing. They can also roll out new security patches more efficiently and keep more comprehensive evidence for diagnostics."

AT&T has unveiled its latest cloud-based offering, which lets businesses grab more computing capacity when they need it.

The company announced on Monday its Synaptic Compute as a Service, designed to let IT staffers store and maintain internal applications and data via AT&T's cloud. Capacity and availability can be ramped up when needed, especially if a company's own data center resources become taxed, AT&T said.

The service is designed is to help businesses save money by not having to maintain full network capacity year-round if demand only shoots up during certain times of the year. AT&T said that businesses can seamlessly access the software and content they need, whether stored internally or out on AT&T's network cloud.

Synaptic Compute "provides a much-needed choice for IT executives who worry about over-building or under-investing in the capacity needed to handle their users' traffic demands," Roman Pacewicz, senior vice president of strategy and application services for AT&T Business Solutions, said in a statement.

AT&T plans to introduce the service before year's end. Initially, it will be available only in the U.S.

Though cloud computing has grown in popularity among enterprise customers, concerns exist about both security and reliability. AT&T said that it has built security on top of its cloud layer, so that it is fully integrated. The company also expressed confidence in its track record of reliability, both in its own data centers and in its hosting and network businesses.

Since last year, AT&T has focused more on the industry push toward cloud computing for its customers. In May, the company announced its first Synaptic Services feature--Synaptic Storage as a Service--which lets customers access data on AT&T's cloud as needed, paying only for the storage they use.

SINGAPORE--In a year, most enterprises will have the choice to "get rid" of Microsoft Office if they so choose, suggests Dave Girouard, president of Google's enterprise division.

Girouard said in an interview here with ZDNet Asia that he expects Google's online suite of applications, Google Docs, to reach a "point of capability" next year that it will serve the "vast majority's needs."

He acknowledged that Docs is currently "much less mature" than Google Mail or Calendar. "We know it. We wouldn't ask people to get rid of Microsoft Office and use Google Docs because it is not mature yet," he said.

But this is expected to change in about a year, after the company's introduces another "30 to 50" updates.

Read more of "Google: Firms can 'get rid' of Office in a year" at ZDNet Asia.

The cost benefits of virtualization are well-documented, allowing enterprises to significantly reduce the space and electrical power required to run data centers and streamline the management of an ever-growing number of servers.

Virtualization also provides means for expedient scalability. Given today's economic climate and cost-cutting mandates, it is not surprising that analyst firm Gartner recently predicted that 50 percent of workloads will run inside virtual machines by 2012.

What many organizations fail to understand, according to Amir Ben-Efraim, CEO of virtualization security provider Altor Networks, is that collapsing multiple servers into a single one with several virtual machines inside eliminates all firewall, intrusion detection, and other protections in existence. Physical security measures literally become "blind" to traffic between VMs, since they are no longer in the data path.

This echoes comments made by Gartner analyst Neil MacDonald, who wrote in a recent presentation titled "Securing the Next-Generation Virtual Data Center" (subscription required), that "most virtual machines you deploy will be less secure than the physical systems they replace," and that "virtualization will radically change how you secure and manage computing environments."

VMware recently launched a partner program to help ISVs develop solutions certified as "VMsafe." VMsafe provides API sharing through a secure container, enabling partner companies to access virtual environments. This virtual security technology provides fine-grained visibility over virtual-machine resources, including monitoring every aspect of the system with the ability to address previously undetectable viruses, rootkits, and malware before they can infect a system.

I spoke to Ben-Efraim to better understand the issues around VM security and for what users should be on the lookout. According to him, there are two common approaches that use existing methods to secure virtual-network traffic: using VLANs to separate and control communication between VMs; and taking software-based firewalls and running them as agents on each VM. Unfortunately, both of these approaches fall short.

VLAN segmentation extends the notion of LAN resource segmentation to include VMs. The approach essentially requires that VMs, which can naturally be grouped (i.e. by function or user base), be isolated from other VMs by use of virtual switches and routing (i.e. the human resources VLAN contains HR-serving VMs). However, VLAN segmentation is not a permanent solution to securing environments because of networking complexities, performance degradation, and security limitations of the approach, Ben-Efraim said.

Adobe Systems expects to cut 680 full-time employees, or about 9 percent of its global workforce, as the company tries to align costs in the face of lagging sales.

The layoff, which was disclosed Tuesday in a regulatory filing with the U.S. Securities and Exchange Commission, marks the second wave of job cuts in the past year. In December, the company said it would slash 600 jobs amid less-than-anticipated demand for its recently launched Creative Suite 4 series of products.

The cuts will affect only those workers who were Adobe employees before the $1.8 billion acquisition of Web analytics firm Omniture in September. They are separate from an earlier-announced 9 percent workforce reduction within the Omniture unit, which had about 1,200 employees at the time of the acquisition.

Adobe, which is best known for its Photoshop and Illustrator software titles, said it expects to record about $65 million to $71 million in pretax restructuring charges.

"Adobe is restructuring its business to align costs with its fiscal 2010 operating plan and budget, the company's three-year strategic priorities, and the realities of the business environment, as well as to ensure its ability to continue investing in long-term growth opportunities," Adobe said in a statement.

In September, Adobe reported that its fiscal third-quarter profit fell 29 percent amid declining sales.

The European Commission on Monday formally dug in its heels over Oracle's planned acquisition of Sun Microsystems, but Oracle accused the regulatory body of "profound misunderstanding" in a rebuttal that declared its intention to fight the opinion.

The regulatory body issued a statement of objections about the merger, according to a Securities and Exchange Commission filing from Sun Microsystems. The open-source MySQL database software is the sole issue of concern in the matter, Sun said in the filing.

"The Statement of Objections sets out the Commission's preliminary assessment regarding, and is limited to, the combination of Sun's open source MySQL database product with Oracle's enterprise database products and its potential negative effects on competition in the market for database products," Sun said in the filing.

Oracle, though, fired back immediately, saying the objection "reveals a profound misunderstanding of both database competition and open-source dynamics." And indicating that other technologies are in limbo during the European deliberations, Oracle said, "Oracle's acquisition of Sun is essential for competition in the high-end server market, for revitalizing Sparc, and Solaris and for strengthening the Java development platform."

Meanwhile, the U.S. Justice Department reiterated its stance that the acquisition isn't anticompetitive. But given the gulf between Oracle and EC perspectives and Oracle's unwillingness to spin the MySQL software group off, it appears the matter won't be resolved soon.

MySQL is open-source software, meaning anyone may see, modify, and distribute the human-readable source code that underlies the software package computers actually run. Oracle's core database product is proprietary, meaning they don't grant those freedoms. MySQL is used widely at Facebook and Google among other companies, and competes to some extent with Oracle's existing products, arguably indirectly by expanding into newer markets to which Oracle's software isn't as well-suited.

Oracle castigated the commission in its statement:

It is well understood by those knowledgeable about open source software that because MySQL is open source, it cannot be controlled by anyone. That is the whole point of open source.

The database market is intensely competitive with at least eight strong players, including IBM, Microsoft, Sybase and three distinct open-source vendors. Oracle and MySQL are very different database products. There is no basis in European law for objecting to a merger of two among eight firms selling differentiated products. Mergers like this occur regularly and have not been prohibited by United States or European regulators in decades...

Sun's customers universally support this merger and do not benefit from the continued uncertainty and delay. Oracle plans to vigorously oppose the Commission's Statement of Objections as the evidence against the Commission's position is overwhelming. Given the lack of any credible theory or evidence of competitive harm, we are confident we will ultimately obtain unconditional clearance of the transaction.

The Justice Department, which is in Oracle's camp, detailed its reasoning in a statement from Deputy Assistant Attorney General Molly Boast of the Justice Department's Antitrust Division.

And though Boast pointed to the department's "strong and positive relationship on competition policy matters" with the EC, she also said, "At this point in its process, it appears that the EC holds a different view. We remain hopeful that the parties and the EC will reach a speedy resolution that benefits consumers in the commission's jurisdiction."

The Justice Department reasoned that there are other database packages available and that open-source projects can be forked by those who disagree with corporate sponsors' handling of the software.

"Several factors led the (Justice Department's antitrust) division to conclude that the proposed transaction is unlikely to be anticompetitive. There are many open-source and proprietary database competitors. The division concluded, based on the specific facts at issue in the transaction, that consumer harm is unlikely because customers would continue to have choices from a variety of well established and widely accepted database products," Boast said. "The department also concluded that there is a large community of developers and users of Sun's open source database with significant expertise in maintaining and improving the software, and who could support a derivative version of it."