E22 Development

It’s been nearly three months since RSA, the security unit of the storage giant EMC, disclosed that it came under an “extremely sophisticated attack” that was ultimately found to be targeted at compromising the SecurID tokens it sells to secure computer systems at large companies and government agencies.

Later, after RSA described how it was attacked, the defense contractor Lockheed-Martin found its systems under attack. EMC admitted that its technology was breached in the Lockheed incident, and has since offered to replace the tokens of affected customers. Long a lynchpin of computer security at many companies and agencies doing sensitive work, there’s no question that the reputation of the SecurID system has been hurt.

Since the first attacks against RSA were disclosed, many of those organizations that have relied on the tokens have been trying to figure out what to do, and whether or not they can still trust them. One of those organizations was the National Security Agency, the super-secret spy agency who sets IT security policies throughout the U.S. government’s intelligence and defense establishments.

The unclassified document below is an internal advisory from the NSA’s Information Assurance Directorate concerning its recommendations. If your company is among those coping with the headaches that are arising as a result of all this, I thought at the very least it would make for interesting and hopefully useful reading. Granted, this document was issued in March, which was before RSA came clean on the details of the attack, but it may prove useful nevertheless.

After the disastrous earthquake and ensuing tsunami and nuclear power crises hammered Japan earlier this year, conventional wisdom held that the worldwide tech economy would be similarly affected on two fronts: A supply chain disruption was likely, given the number of important components manufactured in Japan, and there would be a ripple effect resulting from a decline in tech spending in that country.

It turns out worldwide spending on IT by companies is proving surprisingly resilient given the circumstances, according to a new forecast by the market research firm Gartner. The firm expects overall tech spending to grow by 7.1 percent this year, representing an upward revision from a previous forecast of 5.6 percent.

In dollar terms that works out to a total forecast of $3.6 trillion. Of that, Gartner expects $419 billion to be spent on computing hardware, $268 billion on enterprise software, $846 billion on IT services, and $2.1 trillion on telecommunications. (It’s fun to type the word “trillion” and not be referring to federal spending.)

“It is a bit surprising that we have not seen a more significant impact on our global IT spending forecast as a result of the Japan earthquake and tsunami, but despite widespread concerns about disruptions to the supply of critical components in the initial aftermath of the natural disaster, there has not been a dramatic impact on overall IT spending,” Gartner’s vice president for research Richard Gordon said in a statement.

Spending on cloud services is a big factor in the forecast. Gartner says cloud-related spending is growing four times faster than IT spending, and will reach $89 billion this year. However, it’s informative to note that despite that intense growth, cloud spending amounts to less than three percent of the overall IT spend.

Even so, cloud category punches above its weight in importance. Gartner says that software-as-service applications — Salesforce.com is a classic example — account for about $10 billion, or about 10 percent of spending on enterprise software. More from Gartner here.

Microsoft caught up with the present today with the launch of Office 365, a suite of its well-known Office software tailored for the cloud.

Office 365 is an online-based service that shares similarities to Google Apps and Zoho, and it lets people collaborate on documents, spreadsheets and e-mail using a combination of subscription desktop software and web apps. Microsoft’s popular applications like Word, Excel, Exchange, and PowerPoint will now be able to be licensed month-to-month with an online version.

Pricing starts at $6 per user per month for small businesses. The cost for medium to enterprise-size businesses ranges from $10 to $27 per user per month. This is considerably more than competitor Google Apps, which is $5 per user per month no matter how big the company.

A lot of the cloud-based tools available in Office 365 were previously available under the less-friendly name Business Productivity Online Suite. 365 improves on those tools by updating Exchange Online and SharePoint Online to include the features of the 2010 desktop version whereas BPOS had its software bits based on the 2007 versions.

The online services that 365 specifically offers are Office Professional Plus, Exchange Online, SharePoint Online, Lync Online, and Office Web Apps. The set of Web Apps are slightly slimmed down versions of Word, Excel, PowerPoint, and OneNote that are accessible through a web browser.

Google’s similar Google Apps suite of cloud-based programs offers online e-mail, documents, spreadsheets, and more. Yesterday, Google Apps Product Manager Shan Sinha made the case on a company blog that Apps was a better overall product. Sinha’s main issues with 365 were that it wasn’t built for teams, it costs more, it only focuses on Windows-based platforms, and it has too much dependence on desktop software rather than being 100 percent in the cloud.

Each suite of apps has its own strengths. Google has an edge on price and the ability to work on all platforms, but Microsoft has the edge on familiarity and deep features like Excel formulas and macros. It will be fascinating to see what sort of adoption rate we see in the next year between the two services as more businesses invest in cloud-based systems and software.

Are you interested in checking out Office 365? Would you consider moving from Google Apps to try 365?

The analyst firm also emphasizes that building a private cloud is more than just adding virtual machines to physical servers