5 Channel Ops: Verizon Said to Prep Terremark Sale, TWC Confirms Data Breach

Lorna GareyCase studies are a great way to demonstrate expertise while also giving back by educating peers. That’s why Channel Partners is launching a new Case Study Showcase initiative. In a nutshell, we’re inviting our community to share success stories; we’ll publish them on our site in a special section, and the best submissions in various technology categories will make it into quarterly digital issues and earn the principals a Showcase Champ logo.

A few tips on what makes a great case study: Focus on the business problem you solved. Include real metrics — did the customer save 50 percent on its monthly bill, or increase productivity by some demonstrable amount? Don’t just throw out a laundry list products used; also talk best practices, workarounds and policies the customer put in place. What features of the products you did deploy were most relevant? Show the reality, warts and all. No IT project is 100 percent successful. What issues did you run into? How did you overcome them? Consider sending us a video of the customer, if relevant. Length can be from 500 words on up to about 1,200. If you need more than that, maybe it should be two case studies.

Most important, write from the reader’s POV — in this case, peers, often with customers considering similar projects. Resist the urge to just say how great you are (though some horn tooting is expected) and instead focus on helping others achieve the same success.

Right now, we’re looking for mobility and security case studies in particular. You can download the form and send responses to me directly, or use our Web submission process.

Speaking of awards, last call is nigh for the 2016 Channel Partners 360° awards as well as our inaugural Cloud Girl Rising: A Woman to Watch award. Again, feel free to contact me for these forms.

Data Center Landscape Shifts

This week Reuters reported that Verizon has started the process to sell its Terremark data center business, which it hopes will fetch more than $2.5 billion. AT&T and CenturyLink also have facilities on the block. Meanwhile, our research partner 451 Alliance is out with some numbers on data-center spending. Among 1,179 members of the 451 Global Digital Infrastructure Alliance surveyed in November, 22 percent say their organization’s data center facility spending will increase over the next 90 days. But that’s not the whole story: Just 7.5 percent report that their organizations plan to open a new data center/IT site in the next 90 days versus 8.2 percent planning a closure. Data-center consolidation is on the rise. As to where spending is happening, by a wide margin, it’s cloud services, with 62 percent saying their companies will devote more budget to cloud in 2016 versus 3 percent decreasing. (Get this and other research by joining the Alliance; details are here.)

Mash these trends together and the outlook is an overwhelming amount of compute happening in a small number of mega data centers. What that means for the channel is a topic for our 2016 Cloud Partners stage. We’re penciling in educational and keynote sessions now; let me know your thoughts.

Breach Watch, 2016 Edition: And So It Begins

Time Warner Cable said this week that as many as 320,000 customers may have had their email passwords stolen. The culprit is malware that was either downloaded during phishing attacks or came in via a third party that stored customer information, including email addresses, according to Reuters. This may be the first big disclosure of 2016 – and it’s worth notifying customers – but you can bet it won’t be the last. In fact, AT&T and Ingram Micro security partner Lookout (which has its own partner program) just released a blog about mobile malware embedded in games that can gain root privileges and even survive a factory reset. Don’t expect even savvy customer end-users to spot them; the games often had high ratings and hundreds of thousands of downloads. Lookout researchers say the apps are capable of using compromised devices to download and positively review other malicious apps in the Play store by the same authors. Lovely.

Researchers even announced this week an open socket (now closed) in the supposedly ultra-secure Silent Circle Blackphone. “This vulnerability illustrates the breadth and depth of the attack surface on this and other devices,” wrote SentinalOne’s Tim Strazzere. “It also raises some important considerations for security professionals. First, even the most “secure” systems can be vulnerable to attacks. Second, the increasing proportion of third-party technology (hardware, drivers, software libraries, etc.) used in today’s devices makes detecting and remediating flaws more difficult than ever.” The company’s partner program comes with technical training.

A Not-So-Fine Hash

As of Jan. 1, public-trust certification authorities are no longer issuing SSL/TLS certificates signed with SHA-1 (Secure Hash Algorithm 1). For customers, nothing drastic is likely to happen in the near term because Microsoft and Mozilla have promised browser support through the end of this year, to the surprise of some security experts given that Mozilla had previously pulled support.

“For Firefox users with unfiltered access to the Internet, this change probably went unnoticed, since there simply aren’t that many new SHA-1 certs being used,” wrote Richard Barnes, Firefox security lead. “However, for Firefox users who are behind certain ‘man-in-the-middle’ devices (including some security scanners and antivirus products), this change removed their ability to access HTTPS websites.”

Chrome will also keep up support, with warnings. Apple has yet to weigh in.

The SHA-1 cryptographic hash function is definitely vulnerable, and most security experts advise switching customers to the new, and widely supported, SHA-2 algorithm much sooner than year’s end. There’s no time like the present, and this isn’t anything to ignore; CloudFlare has an in-depth explanation. And, while modern browsers mostly support SHA-2, the same cannot be said for OSes. I’m looking at you, Windows XP SP2. If you have customers still clinging to XP, this is one more bullet point in the case to upgrade.

In other Web application security news, channel-friendly security provider High-Tech Bridge is offering free API linking to the company’s gratis SSL security testing service, which it says verifies the security of SSL/TLS implementations on any website or Web app against PCI DSS and NIST guidelines and industry best-practices. Simply enter a customer’s URL, and High-Tech Bridge checks for compliance. With the new API, you can also validate any service that relies on SSL data encryption, even non-HTTPS instances. That includes email servers, which may be overdue for a checkup.

Amazon Takes Aim at Outlook, Gmail

After quietly plugging away at its WorkMail email and calendaring system for the past year or so, this week Amazon released the product to general availability, and Joe Panettieri has the inside scoop that Amazon is working on a partner program specifically for WorkMail.

The entirely cloud-based product costs $4 per user, per month for 50GB and sports native Outlook compatibility, encryption with keys manageable by partners or IT using AWS’ KMS, Active Directory integration and more. End users can access WorkMail from Microsoft Outlook clients on Windows and Mac OS X as well as from any mobile device that supports ActiveSync — that is, pretty much any device.

WorkMail will be particularly attractive to customers that have offices or customers in Europe — or are just concerned about U.S. government surveillance. At issue for global customers is the recent invalidation of the EU’s Safe Harbor provision, which allowed U.S. companies to store EU citizens’ data on U.S. soil after self-certifying that they comply with Europe’s more stringent data protection standards. With WorkMail, IT can specify in which AWS region the organization’s data will reside.

The product still lacks journaling, which is a drawback for enterprise customers. However, Amazon says it’s working on archiving capabilities. Maybe they’ll be ready at the same time as the partner program?

Bits & Bytes

Partners that support retail customers may want to check out Nick Bradley, practice leader of the Threat Research Group at IBM Security, and Michelle Alvarez, threat researcher and editor for IBM Managed Security Services, at a webinar on Jan. 21 from 11 a.m.-12 p.m. ET. They’ll discuss findings from IBM’s 2015 Cyber Security Intelligence Index for Retail report. Topics on the agenda include a look at common weak points in retailer networks and how cybercriminals are responding to the introduction of chip cards.

This week, 100-percent channel-driven IaaS and hybrid-cloud provider Faction announced that it’s using Level 3 Communications’ Cloud Connect Solutions at its Denver, Chicago and New York/New Jersey cloud locations. Level 3 will be a preferred network provider underlying Faction’s Layer 2 Direct Connect offering, which the company says allows customer networks to interconnect with Faction’s cloud without the need to redesign subnets or topologies.

Finally, from the “shut up and take my money” department, Oculus Rift this week opened pre-orders for its $599 virtual reality headset. VR was a big theme at CES this week as well. Samsung’s Gear headset is about $199, and Google’s Cardboard offering is just $20. I was able to try out the latter with an Android phone over the holidays to experience being part of a Star Wars battle. Motion sickness aside, it’s not at all difficult to see possibilities for a range of business uses. Partners could help realtors offer VR tours of high-end properties, hospitality firms could show off their facilities and companies could develop immersive training for employees. CIO outlines some projects now underway.

Follow executive editor @LornaGarey on Twitter.

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 53062