IBM has announced new services and products designed to help customers address regulatory compliance requirements and meet pending deadlines from the federal government on regulations including HIPAA, USA Patriot Act, SEC, Basel II, and Sarbanes-Oxley. The offerings leverage IBM’s expertise in IT and business consulting services, software, open standards, and hardware, and will include the IBM Anti-Money Laundering Service, IBM Email Archive and Records Management Service, IBM DB2 Content Manager for Data Retention Compliance, IBM Lotus Workplace for Business Controls and Reporting, and IBM Tivoli Storage Manager for Data Retention. In addition, IBM plans to introduce compliance-focused solutions based on the company’s TotalStorage FAStT EXP100 (SATA-based) and TotalStorage Enterprise Tape Drive 3592 technologies. Finally, IBM plans to introduce new Data Retention Solutions and Asset Disposition Data Disposal - Disk Wipe Services to assist customers in dealing with their data lifecycle requirements. IBM’s initiative involves working with business partners including iLumin, IXOS, KVS, Northrop Grumman, NuGenesis, SearchSpace, Siemens, and VeriSign. No pricing or availability information was included in the announcement.
On the surface, IBM’s new solutions may appear to be a simple response to a growing commercial opportunity, but how that market has developed offers some critical insight to the company’s offerings. A recent bloom in the number of government and industry regulations, compounded by terrorist acts, corporate fraud, and digital identity theft have intersected improvements in commercial storage technologies to create the equivalent of a perfect storm of opportunities for IT vendors. What commercial shape those opportunities will take is a separate issue. While Write Once, Read Many (WORM) tape and optical technologies have long played roles as compliance-approved data archiving solutions, the emergence of ATA disk technologies has muddied the compliance waters a fair bit. EMC’s Centera product line was the first such solution to achieve compliance approval by the SEC and other agencies, and was beat up a bit by tape/optical solution vendors who lacked similar offerings. But the affordability of ATA (compared with higher end RAID storage) and its notably superior performance (compared to tape and optical) resonated in the marketplace. Indeed, while ATA-based solutions are unlikely to ever completely eclipse tape and optical technologies, they have carved out an entirely separate niche among enterprise customers. The inclusion of the SATA-based TotalStorage FAStT EXP100 Storage Expansion Unit in IBM’s announcement appears to corroborate this fact.
Is IBM simply following EMC’s lead into what most will agree is an increasingly lucrative sector? Not entirely. IBM’s ATA-based compliance solution is coming to market after Centera, but the company’s approach to regulatory compliance is notably systemic, leveraging a wide range of IBM infrastructure hardware, software, and service offerings. In fact, the essential strength of IBM’s approach lays in its flexibility and adaptability (with the help of IBM Global Services) to meet the highly variable needs of the company’s myriad customers. Initially, this should make these solutions particularly valuable to existing IBM customers who could potentially repurpose existing IBM hardware for their regulatory compliance needs. So does that guarantee the success of IBM’s new offerings? That really depends on when they become available and at what cost. The company’s announcement did not include pricing details, and was unclear concerning which solutions have been approved by regulatory agencies. Whenever those requirements are satisfied, we expect that competitively priced IBM offerings are likely to find success among customers who will need all the regulatory compliance help they can get.
This week SCO Group countered IBM’s arguments against SCO in August by directly challenging the validity of the General Public License (GPL), the legal foundation for Linux, as well as other open-source software. SCO asserts that among a lengthy list of legal failings and shortcomings within copyright, antitrust, and export control laws, the GPL violates the U.S. Constitution and is inherently unenforceable. SCO asserts this while continuing to ship some of its own products under the very same GPL. Meanwhile, Xandros, a desktop Linux ISV, has named a new chief executive and plans to release version 2.0 of its software on November 24. The Xandros release of Linux, once owned and developed by Corel, is built on the Debian version of Linux and includes the KDE graphical user interface.
Desktop Linux has been a difficult market to crack, in large part because of Microsoft's overwhelming dominance, and also due to a lack of bandwidth for established Linux companies such as Red Hat and SuSE Linux to develop a market and drive demand. Sun, through partnership with SuSE and with its own value-add desktop components, and Novell in its acquisition of Xiaman, are clearly ramping up to challenge Microsoft for the attention of corporate buyers moving to Web portal workspaces or with employees who do not need full-featured Windows computers. This trend has likely influenced Xandros in its decision to place a more market savvy hand at the helm to navigate to closer relations or perhaps acquisition by a more mainstream player. SCO also has a difficult “marketing effort” as it continues to offer its range of claims and violations, from code misappropriation, to invalid licensing, to potential derivative rights to Linux itself.
We understand the means and methods of the approach by Xandros to maximize its opportunities and get its product advanced, aligned, and associated with an emerging market trend. As for SCO, we wonder if this whole dog and pony show is a similar “advancement” effort, a search for deep pockets, now gone bad. SCO’s issues of intellectual property protection and license validity are clearly important and must be resolved, and we expected that the proprietary and open source business models would eventually clash and would require re-examination and resolution. However, we are continually amazed at its means and methods as the carnival-like atmosphere that seems to surround SCO and its approach to the problem expands. We are confused as to its plan, concerned as to its next assertions and alarmed as to its efforts potential industry impact. As both companies exercise their responsibilities to play “diving for dollars,” it is unfortunate that SCO’s new style of innovation is in publicizing court preparations as opposed to a Xandros effort at product advancement in the development lab. We hope SCO’s actions are not indicative of a trend in today’s maturing tech industry.
SUSE LINUX has announced the release of Openexchange Server 4.1, a Linux-based communication and groupware solution that will be available in November. The recommended retail price for SUSE LINUX Openexchange Server 4.1 is U.S. $1,240 and includes a base license for ten groupware clients and an unlimited number of email clients. Also, this week SUSE LINUX announced it has joined ObjectWeb, an international consortium focused on open-source middleware. ObjectWeb targets alternative solutions to proprietary products addressing ebusiness, EAI, data connectivity, grid computing, and enterprise messaging. ObjectWeb's middleware includes application servers, components, frameworks, and tools. Examples include: JOnAS, an open-source implementation of J2EE specification; JORAM JMS, a Message Oriented Middleware; and Enhydra, a Java/XML Application Server.
Red Hat has done a good job of consolidating its top position in the Linux operating system market and using that position to trumpet the arrival of Linux in the enterprise. In doing so, Red Hat has helped to create an opportunity for further Linux and open source expansion in the enterprise. SUSE is taking advantage of this opportunity with betting that it can entice those same customers who gave Linux a try to check out Openexchange Server and for less than the cost of a corporate PC loaded with all the bells and whistles, it in many cases is certainly worth a peek. SUSE is not hanging all their open source hopes in one basket. As a corporate member of ObjectWeb, SUSE LINUX will gain access to ObjectWeb’s open source middleware components and platforms such as JOnAS (Java One Open Source Application Server), a pure Java server based on the Java 2 Enterprise Edition (J2EE) specification and Enhydra. This provides a ready resource of Java developers who are likely to be favorable towards Linux.
So the question is, can Linux become more than just an operating system? Is it viable enough to become a platform in and of itself to support open platforms for key enterprise areas such as middleware, application servers, and groupware? Or is it better served as an alternative platform for existing ISVs to port their often proprietary applications over to? The later seems counter-intuitive to the reason for going to Linux in the first place. Similarly with Java, Linux can run the risk of overselling itself and expanding too far too fast without an infrastructure to support it. Yet at the same time even a murmur of interest from customers could spur some much needed innovation and competition in the middleware and groupware space and open up new areas for the Linux open source community to direct its efforts.
The Security firm @stake announced this week that it has discovered three security issues related to the Macintosh OS X 10.2.8 as well as earlier versions of the OS. As a result, @stake issued a series of security advisories. The first one warned against a buffer overflow vulnerability that could possibly allow an attacker to crash or control the computer in question. A second advisory warned against a vulnerability that could grant attackers file system access, and a third warned against a vulnerability that could allow attackers to overwrite and read files that could compromise authentication data. @stake said it had been working with Apple for approximately a month concerning the security vulnerabilities. Apple has not yet released a patch for these vulnerabilities, but said upgrades in the new Mac OS X Panther operating system would address these vulnerabilities. The cost of that upgrade is $129.
While security vulnerabilities are nothing new in the world of IT, news of such events usually concern Microsoft desktops and servers. Such a preponderance of alerts focused on Windows should come as no surprise, considering that the company’s Windows franchise accounts for something north of 90% of the desktop market. Over the past few months particularly, Microsoft-specific security vulnerabilities — taken individually and cumulatively — have led many observers to decry what they see as the company’s unwillingness to proactively make their products safe to use in an increasingly hostile networked environment. Some of this dissatisfaction has merit, but it also has to be noted that criminal hackers like to focus on targets that will delivers the largest celebrity or financial reward. So long as its dominant position on the desktop continues, Microsoft is likely to suffer a proportionately larger number of attacks.
With this latest news of Apple’s vulnerabilities, we are once again reminded that all operating systems have features that potentially can leave unseen doors open to the unscrupulous computer geek. While Apple is offering a resolution of the problems @stake discovered only in the form of an OS upgrade, at least at this point, we have to wonder about the wisdom of not providing patches to older versions of the OS. Based on the near fanatical devotion of Mac users, perhaps the company’s decision will not further erode Apple’s small desktop market share. If that is the case, the company could be guilty of making a shrewd — albeit less than honorable — business decision that ironically echoes the sort of brazen indifference many Mac users ascribe to Microsoft. Whatever the case, we would not recommend that companies offering alternatives to Apple and Microsoft adopt such a cavalier attitude. We would argue that the Linux vendors attempting to cross the great divide to a sizable desktop presence should take a lesson from Microsoft and not Apple in this instance, as politically annoying as that must seem in the David versus Goliath gestalt of the Open Source desktop market. To date, Microsoft has been aggressive in issuing security patches as soon as vulnerabilities appear and has not used such events to push a wholesale OS upgrade per se, as Apple seems to be doing. For companies working toward a more viable Linux desktop, two things seem very clear to us. A larger Linux desktop presence will lead to greater numbers of hacker attacks, and the viability of desktop Linux will in a large degree be determined by which path Linux vendors choose in their response. Will it be Trick, or Treat?
Numbers this large are hard to comprehend but the implications of the UC Berkeley report should not be hard to understand. Regardless of whatever widgets any IT company produces, a natural byproduct will be data that has to be stored and managed for the indefinite future. As more and more electronic communications are deemed legal documents by the courts and regulatory agencies, there is no reason to assume that growth rates for required storage will slacken at any time in the near future. The astronomically high amount of data sent over the Internet and other communications systems ensures that data storage will continue to be a growth industry, especially when one considers the increasing importance of email communications in legal disputes.
All of this is good news for storage companies, of course.
Demand for their products and services will continue or expand in the
foreseeable future, or in perhaps any future. The mountains of data created
each year — with extraordinary year-to-year growth rates that eclipse the