Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

IT partner of choice recognised for stellar 74% growth in sales of EMC products

Computacenter, Europe’s leading independent provider of IT infrastructure services and solutions, today announces that it has been named EMC Enterprise Select Partner of the Year at the EMC 2014 Business Partner Kick-off event. The award recognises year-on-year growth and excellence in collaboration with EMC. The award was presented to the team at BAFTA in London on the 25th of February. Computacenter has now been recognised with the award for three consecutive years, retaining it during 2011, 2012 and 2013.

“Closing an exceptional year for Computacenter and EMC, Computacenter nearly doubled its revenue year on year through a deeper and more integrated approach with enterprise clients,” said Kevin Sparks, UK District Manager for Service Providers, EMC. “Computacenter has embraced innovative selling across the EMC portfolio including, flash, Isilon® technology and EMC software, to existing and new clients to add business value and help to transform IT.”

Computacenter achieved 74% growth in sales of EMC products during 2013, a testament to the strength of the commercial relationship between the two organisations. Mark Chandiram, EMC Business Manager at Computacenter was also awarded the new EMC Special Recognition Award, commending him on his effort in driving EMC sales, his ability to execute and the significant part that he played in achieving positive results for both organisations.

“These awards are proof of our ability to deliver exceptional solutions to our customers whilst adding significant value to our partners,” says Neil Eke, Director, Datacenter & Storage, Computacenter. “We are delighted to be recognised for our ongoing partnership with EMC which is testament to the depth of capability we have across both sales and our delivery organisation. We look forward to continuing this momentum in 2014 and beyond, enabling users and empowering organisations.”

 

About Computacenter
Computacenter is Europe’s leading independent provider of IT infrastructure services. We advise customers on their IT strategy, implement the most appropriate technology from a wide range of leading vendors and manage their technology infrastructures on their behalf. At every stage we make our customers’ businesses sharper by removing cost, complexity and barriers to change across their IT infrastructures. Our corporate and government clients are served by offices across the UK, Germany, France, the Benelux countries, Spain and South Africa. We also serve our customers’ global requirements through our extensive partner network.

www.computacenter.com

IDG News Service — Much of the talk on the Web this week has focused on the Heartbleed security fiasco. Still unsure as to what's happening with Heartbleed and how it impacts you? Here's our quick-and-dirty guide.

What exactly is Heartbleed?

Heartbleed is a vulnerability in OpenSSL, an open-source implementation of the SSL/TLS encryption protocol.A When exploited, the flaw could expose information stored in a server's memory, including not-at-all-trivial things like your username, password, and other bits of personal data. Since OpenSSL is particularly popular among website administrators, a significant number of your favorite websites may be affected by Heartbleed--research firm Netcraft puts the number at half-a-million sites.

Should I panic?

Panicking is not terribly productive, and, since it involves a lot of running around like a chicken with your head cut off, potentially exhausting. That's no way to go through life. Still, this is a serious matter, and it'll require a little more action on your part than adapting a "this too shall pass" mindset.

...

http://www.cio.com/article/751366/Heartbleed_What_You_Need_to_Know_About_the_Security_Fiasco_in_3_Minutes_or_Less

Network World — The Heartbleed Bug, a flaw in OpenSSL that would let attackers eavesdrop on Web, e-mail and some VPN communications, is a vulnerability that can be found not just in servers using it but also in network gear from Cisco and Juniper Networks. Both vendors say there's still a lot they are investigating about how Heartbleed impacts their products, and to expect updated advisories on a rolling basis.

Juniper detailed a long list in two advisories, one here and the other here. Cisco acted in similar fashion with its advisory.

"Expect a product by product advisory about vulnerabilities," says Cisco spokesman Nigel Glennie, explaining that Cisco engineers are evaluating which Cisco products use the flawed versions of OpenSSL that may need a patch though not all necessarily will. That's because Cisco believes it's a specific feature in OpenSSL that is at the heart of the Heartbleed vulnerability and that it's not always turned on in products.

...

http://www.cio.com/article/751365/Heartbleed_Bug_Hits_At_Heart_of_Many_Cisco_Juniper_Products

IDG News Service — Website and server administrators will have to spend considerable time, effort and money to mitigate all the security risks associated with Heartbleed, one of the most severe vulnerabilities to endanger encrypted SSL communications in recent years.

The flaw, which was publicly revealed Monday, is not the result of a cryptographic weakness in the widely used TLS (Transport Layer Security) or SSL (Secure Sockets Layer) communication protocols, but stems from a rather mundane programming error in a popular SSL/TLS library called OpenSSL that's used by various operating systems, Web server software, browsers, mobile applications and even hardware appliances and embedded systems.

Attackers can exploit the vulnerability to force servers that use OpenSSL versions 1.0.1 through 1.0.1f to expose information from their private memory space. That information can include confidential data like passwords, TLS session keys and long-term server private keys that allow decrypting past and future SSL traffic captured from the server.

...

http://www.cio.com/article/751362/Website_Operators_Will_have_a_Hard_Time_Dealing_with_the_Heartbleed_Vulnerability

I don’t think I’ve ever seen the reaction to an Internet security problem like the reaction I’m seeing with the Heartbleed bug. I expected to get email messages from security experts, but not the volume that has been coming in. Then I logged on to Facebook, and my feed was in pandemonium. People are totally freaked out by the news of this vulnerability, but I’m not sure which concerns them more: That their personal information may be compromised or that they are going to have to change a lot of passwords.

Let’s take a deep breath and get some points straight. I reached out to a number of experts to get their insights into this issue.

First, we should all take this very seriously. For those who may not understand what the Heartbleed bug is, the Heartbleed bug website explains it clearly:

...

http://www.itbusinessedge.com/blogs/data-security/keeping-our-fingers-on-the-pulse-of-the-heartbleed-bug.html

If I had a top ten list of PR models, it would be Tesla and Elon Musk. He got a bum review in the New York Times and his damage control strategy was to demonstrate that the reviewer was less than honest. I thought no way could he win that battle. He did. The US government, typical of government-by-headline, launched a safety investigation against the cars after a battery fire caused lurid news stories. What did Tesla do? Used the opportunity to make it clear to the world just how safe their cars actually are. Lemons to lemonade. (I blogged on these stories earlier–just enter Tesla in the search on this blog).

...

http://ww2.crisisblogger.com/2014/04/tesla-provides-classic-example-of-how-to-head-off-bad-news/

Computerworld — A federal court in New Jersey this week affirmed the Federal Trade Commission's contention that it can sue companies on charges related to data breaches, a major victory for the agency.

Judge Esther Salas of the U.S. District Court for the District Court of New Jersey ruled that the FTC can hold companies responsible for failing to use reasonable security practices.

Wyndham Worldwide Corp. had challenged a 2012 FTC lawsuit in connection with a data breach that exposed hundreds of thousands of credit and debit cards and resulted in more than $10.6 million in fraud losses.

...

http://www.cio.com/article/751343/FTC_Can_Sue_Companies_Hit_with_Data_Breaches_Court_Says

CIO — As government CIOs begin consolidating their agency data centers, they should leave the forklift in park.

That was the message senior officials in the government IT sphere delivered in a panel discussion on how to maximize return on investment through overhauling the sprawling federal data center apparatus — which numbers well into the thousands of facilities.

Its not enough simply to pack up one set of servers and reshelf them in another location. Government IT leaders stress that any data center overhaul cannot simply be an IT-driven initiative that amounts to a check-box exercise. The process should entail a considered engagement with the business lines of the agency, they say.

...

http://www.cio.com/article/751332/Government_CIOs_Face_Data_Center_Consolidation_Challenges

Network World — The Heartbleed Bug, basically a flaw in OpenSSL that would let savvy attackers eavesdrop on Web, e-mail and some VPN communications that use OpenSSL, has sent companies scurrying to patch servers and change digital encryption certificates and users to change their passwords. But who's to blame for this flaw in the open-source protocol that some say also could impact routers and even mobile devices as well?

A German software engineer named Robin Seggelmann of Munster, Germany has reportedly accepted responsibility for inserting what experts are calling a mistake of catastrophic proportions into the open-source protocol OpenSSL used by millions of websites and servers, leaving them open to stealing data and passwords that many think has already been exploited by cyber-criminals and government intelligence agencies.

"Half a million websites are vulnerable, including my own," wrote security expert Bruce Schneier in his blog, pointing to a tool to test for the Heartbleed Bug vulnerability. He described Heartbleed as a "catastrophic bug" in OpenSSL because it "allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software." It compromises secret keys used to identify service providers and encrypt traffic, he pointed out. "This means anything in memory--SSL private keys, user keys, anything--is vulnerable."

...

http://www.cio.com/article/751342/Who_s_to_Blame_for_Catastrophic_Heartbleed_Bug_

By staff reporter

Security experts consider the Heartbleed bug to be a very serious issue, and one that will require action by most Internet users – not just for businesses – bringing the topic of information security home for web users everywhere.

“It's a pretty significant bug, particularly since it impacts popular open-source web servers such as Apache (the most popular web server) and Nginx,” explains ISACA director of emerging business and technology, Ed Moyle. “One significant area that has been covered less in the industry press is the impact this issue could have outside of the population of vulnerable web servers. Now clearly, the impact to web servers is a big deal. But consider for a moment what else might be impacted by this.”

In other words, he explains, consider the impact on embedded systems and "special purpose" systems (like biomed or ICS). “OpenSSL has a very developer-friendly license, requiring only attribution for it to be linked against, copied/pasted or otherwise incorporated into a derivative software product. It is also free. This makes it compelling for developers to incorporate it into anything they're building that requires SSL functionality: everything from toasters to ICS systems, medical equipment, smoke detectors, remote cameras, consumer-oriented cable routers and wireless access points. It's literally the path of least resistance as a supporting library/toolkit when developing new software that requires SSL.

...

http://www.cirmagazine.com/cir/Information-security-hits-home-with-Heartbleed.php