Despite insourcing efforts, the expansion of nearshore centers is not necessarily taking work away from offshore locations. Eric Simonson of the Everest Group discusses the five main drivers responsible for the rise in domestic outsourcing, why Indian providers dominate the domestic landscape and more.
IT service providers placed significant focus on staffing up their offshore delivery centers during the previous decade. However, over the past five years, outsourcing providers have revved their U.S. domestic delivery center activity, according to recent research by outsourcing consultancy and research firm Everest Group.
The American outsourcing market currently employs around 350,000 full-time professionals and is growing between three and 20 percent a year depending on function, according to Everest Group’s research.
Yet the expansion of nearshore centers is not necessarily taking work away from offshore locations in India and elsewhere. Big insourcing efforts, like the one announced by GM, remain the exception. Companies are largely sticking with their offshore locations for existing non-voice work and considering domestic options for new tasks, according to Eric Simonson, Everest Group’s managing partner for research.
We spoke to Simonson about the five main drivers for domestic outsourcing growth, the types of IT services growing stateside, why Indian providers dominate the domestic landscape, and the how providers plan to meet the growing demand for U.S. IT services skills.
Interest in domestic IT outsourcing is on the rise, but you say that that does not indicate any dissatisfaction with the offshore outsourcing model.
Simonson: This isn’t about offshore not working and companies deciding to bring the work back. That’s happening a bit with some call center and help desk functions. But, by and large, these delivery center setups are more about bringing the wisdom of global delivery into the domestic market. The fundamental goal is industrializing the onshore model vs. fixing what’s broken offshore.
Can you talk about the five main drivers behind their increased interest in locating stateside?
Simonson: The first is diversification of buyer needs. As buyers have to support new types of services, certain types of tasks may be better delivered nearshore rather than offshore.
Secondly, there may be a desire to leverage the soft skills of onshore talent. This occurs when you need someone with a certain type of domestic business knowledge or dialect or cultural affinity.
Thirdly, domestic sourcing can be a way to overcome the structural challenges associated with offshore delivery, such as high attrition and burn out in graveyard shifts.
Fourth, companies may be seeking to manage certain externalities like regulatory requirements of fears about visa availabilities. To some extent, these reasons are often not necessarily based on true requirements, but are a convenient reason to give for choosing to outsource domestically rather than the potential risks of offshore.
Finally, there may be client-specific needs that demand domestic solutions—a local bank that wants to keep jobs in the community or a company with no experience offshore looking to start the learning curve.
Within IT services, what types of work currently dominate the domestic landscape?
Simonson: Application development is most prominent, with 123 domestic delivery centers in tier-one and -two cities serving financial services, public sector, manufacturing, retail and consumer packaged goods clients. Just behind that is IT infrastructure in similar geographies focused on those verticals as well. There are 80 consulting and systems integration centers and 68 testing centers as well.
It’s interesting to note that while U.S.-based providers tend to operate larger IT service centers domestically, it’s actually the Indian providers that dominate the landscape.
security tools 1
Simonson: Traditional U.S.-based multinationals have captured more scale in individual centers and have been able to grow them, in some ways, more strategically. They’ve been able to set up shop in smaller tier-4 cities like Ann Arbor or Des Moines and have more proven local talent models.
But the majority of domestic centers are operated by India-centric providers. Part of that is driven by their desire to get closer to their customers. With application and systems integration work, the ability to work more closely with the client is increasingly valuable. And with infrastructure work, concerns about data and systems access have encouraged Indian companies to offer more onshore options.
In addition, some of the bad press they’ve received related to visa issues is encouraging them to balance out their delivery center portfolios.
But Indian providers are not necessarily staffing up their centers with American workers.
Simonson: Indian providers are more likely to use visas to bring citizens of other countries (predominantly India) into the country to work on a temporary or permanent basis in a delivery center. About 32 percent of their domestic workforce working in delivery centers is comprised of these ‘landed resources.’ Across all providers, landed resources account for six percent of domestic service delivery employees. However, tightening visa norms and higher visa rejection rates are making it more difficult for providers to rely on foreign workers.
You found that approximately 43 percent of the delivery centers are located in the South, with almost half of those concentrated in the South Atlantic. And Texas has more than fifty. Is that
simply due to the fact that it’s cheaper to operate there?
Simonson: Cheap helps. But equally important are overall population trends. The South is growing, while regions like the Northeast or Midwest are either stable or on the decline. If you look at where people are going to school or moving and where corporations are relocating their headquarters, it’s taking place from the Carolinas down through Florida and over through Arkansas, Oklahoma and Texas. Those states are also more progressive about attracting services businesses (although there are some exceptions outside of the south like North Dakota and Missouri).
Do you expect the domestic IT outsourcing market to continue to grow?
Simonson: Yes, service providers expect an increase in demand for domestic outsourcing services by new and existing customers, and plan to increase their domestic delivery capabilities by adding more full time employees to their existing centers and establishing new delivery centers. In fact, 60 percent of delivery centers are planning to add headcount over the next three years with India-centric service providers expected to lead the expansion.
Tier-2 and tier-3 cities, like Orlando, Atlanta and Rochester, are poised for the greatest growth, with tier-1 and rural centers expecting the least amount of growth.
Will the supply of domestic IT talent keep up with this increased demand?
Simonson: The pressure to find IT talent has led service providers to adopt a range of approaches to extend their reach and develop ecosystems of talent. Many have developed educational partnerships, creating formal and informal relationships with colleges and technical institutes. They’re also basing themselves in cities known for their quality of life and recruiting entry-level and experienced talent from elsewhere. It all impacts what communities they decide to work in.
All service providers will have to expand their talent pools, particularly in IT. Automation of some tasks could increase capacity, but doesn’t provide the higher-complexity skills that are most valued onshore.
The products we reviewed show good signs that encryption has finally come of age.
best tools email encryption 1
Recipients of encrypted email once had to share the same system as the sender. Today, products have a “zero knowledge encryption” feature, which means you can send an encrypted message to someone who isn’t on your chosen encryption service. Today’s products make sending and receiving messages easier, with advances like an Outlook or browser plug-in that gives you nearly one-button encryption. And the products we reviewed have features like setting expiration dates, being able to revoke unread messages or prevent them from being forwarded. (Read the full review.)
AppRiver CipherPost Pro
Basically, you layer CipherPost Pro on top of your existing email infrastructure via a plug-in. It has mobile apps for iOS, Android, Windows phones and BlackBerry 10s that offer the ability to send and receive encrypted messages, but not attachments. To correspond with people outside your email domain, send a message with a Web link, which recipients click on and register with the system. The heart of the product is a special “Delivery Slip” sidebar that appears on the page as you are composing your message. This is where controls are located to enable message-tracking options, and to add an extra security layer. These are all nice features. If you have to send large attachments, then CipherPost should be on your short list.
DataMotion has a very mature offering that makes use of a gateway to process mail. Getting it set up will require a couple of hours, and most of that is in understanding the many mail processing rules. Users need to append a [SECURE] tag in the subject line to trigger the encryption process. You can also set up rules that will encrypt messages containing sensitive information. DataMotion doesn’t have any limits on the size of the user’s inbox. However, it does place a limit of up to 500MB worth of messages that can be sent in a user’s Track Sent Folder. Features include the ability to see exactly when your recipient opened the message and the attachment.
Voltage was recently purchased by HP and rebranded. The technology is an email gateway, software that sits on either a Linux or Windows server or in the cloud and inserts the encryption process between mail client and server. There are numerous add-on modules that come as part of this ecosystem. You administer the gateway via a Web browser, and there are dozens of options to set, similar to the DataMotion product. Voltage has a zero download client, as it calls its software that can be used to exchange messages with someone not on their system. While parts of Voltage are showing their age, the overall experience is quite capable, and the add-ons for mobile and Outlook/Office are quite nifty.
Hushmail for Business
Hushmail is the easiest of the products we tested to set up and use. There is no software to install on the client side; all mail is accessed via two ways: First, via a secure webmail client that connects to the Hush servers. This is the only way you can send encrypted email to someone who isn’t part of the Hush network. The second method is for users fond of their existing email clients and who are communicating with other Hush users. In this situation there is literally nothing for them to do: they make use of their existing client to send an encrypted message. Between the client and the Hush server, mail is encrypted using either SSL or TLS. Once it arrives on the server, it is then encrypted via PGP. Hush has a 20MB limit on attachment size, and this could be a deal breaker for some businesses.
Proton is one of the newer encrypted email services that have come along post-Snowden, with an emphasis on keeping your emails private. It makes a point of this by being based in Switzerland. However, the company is still building its product out and as a result it has a very simple Web UI for its client and admin tool. Proton uses double password protection. The first is used to authenticate the user. After that, encrypted data is sent to the user. The second password is a decryption key used to decrypt data on your device. Proton never sees that latter key so they do not have access to the decrypted data. On top of all this encryption, they also employ SSL connections so your data is encrypted across the Internet to and from their servers. There is no option for on-premises servers. While Proton is not really suitable for an enterprise deployment, it shows what the latest encryption products can deliver.
Of the products tested, Tutanota is the least reliable and least feature-laden. Tutanota uses a variety of clients to set up encrypted mail connections across your existing email infrastructure. There are no changes to your servers and you can continue using Outlook for sending unencrypted communications. We had some trouble with the installation, mainly because the software version has German instructions and installs the German version of .Net Framework. Once installed, though, the menus and commands are in English. Tutanota is based in Germany, which could be important for customers concerned about American email privacy. One of the distinguishing features is that its zero knowledge encryption process hides the message subject. Most of its competitors still send this information in the clear.
Virtru has a nice balance of plug-ins and mobile apps that support its easy-to-use encryption operations across a variety of email circumstances. If you have installed the necessary plug-in, when you want to send something, there is a small toggle switch on the top of the compose screen. Turning that on will bring up a “send secure” button to encrypt your message. There are tool tips that appear as you hover over the various options with your mouse, a nice touch. These include the ability to add an unencrypted introductory message that will introduce your recipient to the context of the message that you are sending, and why you want to encrypt the remainder of the message. You can also set when your message will expire or disable any forwarding for additional security.
Virtru also supports zero knowledge encryption, although it adds a separate activation step when a new user receives the first encrypted message.
Designed for developing economies, the Endless computer (which runs Linux) aims to deliver affordable and useful computing
Rural Mexico, the backstreets of Guatemala City, the outskirts of Mumbai; these aren’t places you find a lot of computers for one simple reason; most computers are far too expensive. What you do find are lots of TVs so why not build a cheap, flexible computer without a display? And ship it without a keyboard and mouse because those are items that can usually be sourced locally at low cost.
What would computers do for people in these places? They would deliver information, education, and opportunity. Record keeping for farmers, reading lessons for children, tools for creating and communicating … the potential for computers to improve the lot of millions of people is just waiting on the right gear and I think the right gear is what a new company, Endless, is about to launch.
The result of three years of development, the company’s eponymous machine is a slightly eccentric design which, I’m told, was very successfully tested in its target markets. The device uses an Intel® Celeron® N2807 1.7 GHz Dual-Core processor (burst speed 2.1 GHz) with 2 GB of RAM. It has an RJ-45 Gigabit Ethernet port, two USB 2.0 ports (front, lower rear), a USB 3.0 port (upper rear), stereo line out, and HDMI and VGA outputs.
There are two Endless models: The $169 version with 32 GB eMMC (embedded MultiMedia storage) and SD Storage, and the $229 version with a 500GB hard drive. They are both powered by 12V input (the included adapter handles 100V to 240V at 50Hz or 60Hz) and the versions draw 24W and 30W respectively. The 500GB hard drive version (the version I tested) also includes an integrated speaker, 802.11 b/g/n WiFi, and Bluetooth 4.0.
What sets the Endless apart from other low cost machines is Endless OS, a highly customized version of Ubuntu Linux with Gnome (and lots of other interesting technology such as Xapian and OStree) that not only handles TVs as output devices (it scales and formats video output for readability), but also includes a huge library of applications and educational content. This is important because in emerging markets the Endless system will be useful and well-featured even if you don’t have any kind of networking services available.
While it’s based on open source projects, the Endless OS is not completely open source because it contains proprietary commercial code. The company’s open source philosophy is:
We embrace the principles of free and open-source software and acknowledge a great debt to it in creating Endless OS. Whenever we can, we work upstream and contribute back to open source. Although not everything we create can be open source, we release most components of our system under free software licenses. Many members of our core team have a long history with open source projects, and continue to be an active part of those communities. / You might notice that we maintain forks of many upstream packages. In most cases, this is because we submit our patches upstream and backport them to the stable versions that we ship.
Endless OS has been localized for a remarkable number of languages and installation is polished and simple. It was in the installation process I found the only issue I could identify in the whole system: I used a Vizio VP50 50-inch 720P HD Plasma TV via HDMI and when the setup asked me if I could see the menu bars at the top and bottom of the screen I clicked on “no” and the system adjusted the overscan. The result was that I could see a little of the menu bars but I had to go into the TV setup to fix the display. It’s a minor problem but Endless OS could do with a more comprehensive overscan adjustment system.
endless os appstore pt
In operation, the system is smooth, fast, stable, and easy to understand and navigate. The applications (which include both productivity software as well as games) and content on the 500GB version I tested are extensive and the system includes a huge amount of Wikipedia and the Khan Academy (if an Internet connection is available, the system will automatically download software and content updates). You choose what content and software you want from what is essentially a built-in app store.
Endless also makes information available for developers and while the operating system is only available on Endless’ own hardware all open source modifications are available on GitHub (the company notes that it may make the disk images available in the future which will likely spawn a wave of similar hardware products).
My only concern with the Endless system are that it doesn’t have a reset button or startup so if you forget your password there’s no obvious way to wipe and start again (I tried the usual way of entering Linux recovery mode – holding down shift at boot – but that didn’t work). A similar concern applies for a way to easily wipe the system, for example, if you were going to give your Endless computer to someone else.
So, who’s the Endless computer aimed at? Endless plans to sell their machines initially into markets such as Mexico and Guatemala where it should be a good fit for schools and colleges as well as the emerging middle class. What I think is really powerful about the Endless concept is the operating system and its focus on being useful even when there’s no Internet connectivity. If we can add to that mesh networking and good old sneaker net for updates and enhancements the potential for business and education in developing economies to get a computing boost is huge.
You can’t buy an Endless computer just yet (it’s due to ship in the near future) but you can register to be notified when it will be available.
The Endless computer gets a Gearhead rating of 5 out of 5.
Can a business-grade cloud storage service that doesn’t come from Google, Microsoft or Apple make it big in the enterprise? Here’s why Dropbox for Business makes a strong case.
Apple iCloud. Google Drive. Microsoft OneDrive. Box. Dropbox. Hightail (formerly YouSendIt). Online storage services have been a mainstream option for consumers for some time now. But as the business world wrestles with adopting cloud-based collaboration services, can a so-called independent company offer a competitive product to the business-centric offerings by Google
(Apps/Drive), Apple (iCloud for Work) and Microsoft (Office 365)?
To answer this question, we take a closer look at Dropbox, arguably one of the most popular online storage services today, with more than 400 million registered users as of July 2015. Though it went through some security missteps in its early days, Dropbox successfully leveraged its popularity and success with consumers to develop a credible business-grade service – Dropbox for Business – that was launched in April 2013.
Despite being priced at $15 per user per month – compared to $10 per month for Dropbox Pro – Dropbox says the service now has 100,000 customers around the globe. (Unfortunately for power users looking to make the switch to Dropbox for Business, the plan starts at a minimum of five users. This means that small companies with fewer than five users will have to pay the equivalent of $150 per user, or $750 per year.) So what does the more expensive Dropbox for Business offer over the nonbusiness version of the product?
dropbox for business – webinterface
Administrators will see an additional “Admin Console” option added their minimalistic Dropbox Web interface. Note also the additional Dropbox for “CIO.com.”
What you get is more than what you see
To be clear, Dropbox for Business builds off the basic Dropbox offering, which includes strong encryption, support for two-step authentication and the trademark simplicity of Dropbox. In addition, both “personal” Dropbox and Dropbox for Business accounts are supported by the official software clients – albeit separately; both can also be accessed from the Dropbox home page.
How the Dropbox app looks like on Android after signing in to Dropbox for Business.
This is where the similarity ends. Unlike Dropbox Pro, Dropbox for Business comes with a long list of capabilities that include unlimited storage (available upon request; users are initially allocated 1GB each), centralized billing, phone support and an Admin Console for administrators. The Admin Console is used to access a range of other capabilities and controls endemic only to Dropbox for Business:
Depending on industry vertical, some businesses may be more concerned about the possibility of data leakage due to “over-sharing” or accidental leaks. On that front, Dropbox for Business offers various ways that organizations can tighten the lid with such controls as the ability to limit the sharing of links to external parties, or the joining of shared folders outside of your organization.
In addition, administrators can also mandate that only one Dropbox account can be linked to each computer – though users would still be able to access their private Dropbox accounts from the Web. Ultimately, while the controls won’t stop a determined insider from leaking confidential data to competitors, they should go a long way towards preventing any unintended sharing of files.
Finally, organizations will be interested in such Dropbox for Business features as its comprehensive audit log, creation of groups, unlimited file recovery and integration with third party services, each of which are outlined below.
You can also specify a date range to download the entire Activity feed as a CSV file.
Dropbox for Business maintains a comprehensive feed of various activities under the “Activity” tab, ranging from the sharing and un-sharing of a folder, and the creating and sharing of links. Similarly, activities including those related to passwords, groups, membership, logins, admin actions, apps and devices are also logged.
Audit logs brings increased visibility and control over sharing and access of company data, and could be inordinately useful to trace data leaks, as well as to narrow down misconfigured devices. By being able to track permissions and apps that are linked to the Dropbox for Business account, administrators could also potentially find successful phishing attacks, and even identify data that’s been compromised.
It’s important to note that individual file edits, deletions and additions are not currently shown in the Activity feed reports, though a running history of edits, deletions and additions of all files can be viewed from the main Dropbox Events page.
Creating a group
Larger organizations will appreciate the Group feature in Dropbox for Business, and how it allows them to create departmental or project-level groups for easier collaboration. This feature makes it possible to share new information directly with an entire group instead of having to add each person individually – and likely missing some team members. Moreover, any new members that are added to a group will be automatically granted access to all shared folders to which the group has previously been invited.
You can also manage the permission of a Group as a single entity when it comes to granting editing or view-only access, while the ability to create Groups can be restricted by the Dropbox administrator, or be left open to everyone. When individual and group permission settings differ, Dropbox will always grant the permissions that grant users with the highest level of file or folder access.
The many versions saved of this feature as it was being written. In this case, you can see that cloudHQ is used to cloud sync from a different online storage service to Dropbox.
security tools 1
One of the most powerful capabilities reserved for Dropbox for Business is undoubtedly its automatic storing of all versions of a file, as well as the ability to recover deleted files. In fact, it’s this author’s opinion that Dropbox for Business currently offers the best versioning support among the top cloud services.
Specifically, there is no limit to the number of versions that are saved, and versioning does not contribute your account’s total storage cap – which is unlimited anyway. Similarly, there are no time limits on when deleted data can be recovered.
While this feature certainly shouldn’t supplant a proper offline backup and disaster recovery strategy, storing multiple versions of a single file can be help users, groups and companies quickly recover from editing mistakes, whether the mistake is noticed hours, days or even weeks later.
Third-party enterprise integration
Dropbox for Business also stands out due to the many third-party apps and services that are built on top of the Dropbox for Business API. The API essentially gives developers access to the members, groups and audit log data for a particular Dropbox for Business deployment.
While there are too many for an in-depth evaluation in this space, a few categories stand out:
Data loss prevention (DLP). For organizations that require better tools to manage sensitive data stored on Dropbox for Business, services like CloudLock and Elastica promises enterprise-class DLP with auditing and compliance functionality.
Identity management. Larger organizations or those using Active Directory can rely on cloud services such as Microsoft Azure AD or third-party offerings such as Centrify and Meldium to keep their Dropbox for Business managed and authenticated in a seamless fashion.
eDiscovery. Integration with industry leading tools (Nuix, Splunk) makes it possible for administrators to respond to litigation, arbitration and regulatory investigations involving files stored on Dropbox for Business. The comprehensive Activity feed data is automatically collected and visualized to help businesses better understand activities related to sharing, devices and security.
Of course, there are also the many third-party apps and services that work perfectly fine with the Dropbox platform without relying on the Dropbox for Business API. For organizations that are already on Dropbox for Business, this translates into usability and flexibility that is not matched by other cloud storage services.
If you’re planning to buy a new smartphone this year, but haven’t bought one yet it might be better to wait a bit longer: Apple, Samsung Electronics and OnePlus are all expected to launch new models in the next couple of months.
Here are some of the models you should see during the second half of the year:
MORE: 10 mobile startups to watch
While most of the products on this list (and their specs) are just rumors, Chinese smartphone maker OnePlus has been busy detailing its 2 model, which will be launched on July 27.
So far, OnePlus has revealed the phone will have a fingerprint sensor and be powered by Qualcomm’s Snapdragon 810. The company is using an upgraded version of the processor, v2.1, that isn’t susceptible to the overheating issues that the first version reportedly suffered from, it said.
OnePlus has also said the 2 will be the first high-end smartphone with a USB-C port, which is meant to be an all-in-one solution for power, video, and data delivery using a single cable with a reversible connector. There are already laptops that use the technology.
Some things OnePlus is still keeping some things under wraps, including what the 2 will look like and cost.
Just like OnePlus, Dutch company Fairphone has started to build some hype for its second product. The goal is to build a smartphone that won’t easily break and can be easily repaired.
Hardware specs include a Qualcomm Snapdragon 801 processor and a 5-inch, Full HD screen. The camera has an 8-megapixel resolution and there is 32GB of storage that can be expanded using a microSD card. The LTE smartphone also has 2GB of RAM and two SIM slots. The operating system will be Android 5.1.
The Fairphone 2 will be available for pre-order before the end of August, and then ship during the following couple of months.
Samsung Galaxy Note 5
A new Galaxy Note model arriving during the second half of the year has become a bit of a tradition. A launch at the IFA trade show in the beginning of September looks likely. With the fifth version Samsung needs to step up its game if it wants to compete more successfully with Apple’s iPhone 6 Plus, the upgrade of which before the end of the year is also a forgone conclusion.
Anticipated improvements include a new design that follows in the footsteps of the Galaxy S6. The Note 4 was with its metal frame and plastic back was a step in the right direction. But the metal frame and glass back on the S6 looks classier Another reported upgrade is a screen that’s slightly larger than the Note 4’s 5.7-inch display, with a 2K or 4K resolution.
LG G4 Pro
Launching a high-end smartphone during the second half of the year would be a departure for LG. That strategy has worked well for Samsung with the Galaxy Note family, so LG might want to emulate that to boost sales instead of just relying on dropping the price tag of the G4.
The G4 Pro is rumored to have some really impressive specs, including a 5.8-inch, 1440 by 2560 pixel screen, a 27-megapixel main camera, 4GB of RAM and Qualcomm’s Snapdragon 820 processor.
Most of the parts to build a phone with those specs are shouldn’t cause LG much of a problem. The big question mark is whether the Snapdragon 820 will be ready for use in a smartphone before the end of the year. LG was the first to announce smartphones powered by the Snapdragon 808 and the 810, so the company is a likely candidate to be among the first to get its hands on the new model.
Apple iPhone 6s and 6s Plus
The iPhone 6 and 6 Plus with its bigger screens have been unmitigated successes. The challenge for the company this year will be to come up with upgrades to continue to build on that success.
Cameras are one aspect the company is expected to focus on with the iPhone 6s and 6s Plus. Upgrading the current 1.2-megapixel front camera makes a lot of sense since competing products launched this year have at least 5-megapixel cameras. To what extent an upgrade of the main camera to a reported 12-megapixel resolution will result in better image quality remains to be seen. The new models are anticipated to have a faster processor, more RAM and a speedier LTE connection.
It has been a few years since we last looked at single sign-on products, the field has gotten more crowded and more capable.
Since we last looked at single sign-on products in 2012, the field has gotten more crowded and more capable. For this round of evaluations, we looked at seven SSO services: Centrify’s Identity Service, Microsoft’s Azure AD Premium, Okta’s Identity and Mobility Management, OneLogin, Ping Identity’s Ping One, Secure Auth’s IdP, and SmartSignin. Our Clear Choice test winner is Centrify, which slightly outperformed Okta and OneLogin. (Read the full review.)
Centrify Identity Service
Centrify has put together a solid single sign-on tool that also has some terrific mobile device management features. If you are in the market for both kinds of products, this should be on your short list. The admin user interface is well thought-out. Set up was quickly accomplished. Multi-factor authentication settings are located in the policy tab for users and in the apps tab for individual apps. The MFA choices are numerous, including email, SMS texts and phone calls, and security questions. Centrify comes with dozens of canned reports, plus the ability to create your own using custom SQL queries.
Microsoft Azure Active Directory Access Control
Earlier this year Microsoft added Azure Active Directory to its collection of cloud-based offerings. It is difficult to setup because you tend to get lost in the hall of mirrors that is the Azure setup process. It is still very much a work in progress and mainly a developer’s toolkit rather than a polished service. But clearly Microsoft has big plans for Azure AD, as its new Windows App Store is going to rely on it for authentication. If you already are using Azure, then it makes sense to take a closer look at Azure AD. If you are looking for a general purpose SSO portal, then you should probably look elsewhere.
Okta Identity and Mobility Management
Okta tied for first place in our 2012 review and it remains a very capable product. Okta’s user interface is very simple to navigate. Okta has beefed up its multi-factor authentication functionality. It now offers a mobile app, Okta Verify, as a one-time password generator. It also supports other MFA methods. Okta has its own mobile app that can provide a secure browsing session and allow you to sign in to your apps from your phone. It contains some MDM functionality, although it is not a full MDM tool. Reports have been strengthened as well, but reports only show the last 30 days.
OneLogin was the other co-winner of our 2012 review and while it is still strong, its user interface has become a bit unwieldy. OneLogin has numerous SAML toolkits in a variety of languages to make it easier to integrate your apps into its SSO routines. It also has specific configuration screens to set up a VPN login and take you to specific apps. OneLogin’s AD Connector requires all of the various components of Net Framework v3.5 to be installed. Once that was done, it was a simple process to install their agent and synchronize our AD with their service. OneLogin has 11 canned reports and you can easily create additional custom ones.
Ping Identity PingOne
Ping began as on-premises solution with PingFederate, but now offers cloud-based PingOne, web access tool PingAccess and OTP soft token generator PingID. Multi-factor authentication support is somewhat limited in PingOne. You can use PingID or SafeNet’s OTP tokens. If you want more factors, you have to purchase the on-premises Ping Federate. Reports are not this product’s strong suit. The dashboard gives you an attractive summary, but there isn’t much else. Ping would be a stronger product if consolidated their various features and focused on the cloud as a primary delivery vehicle. If that isn’t important to you, or if you have complex federation needs, then you should give them more consideration and look at PingFederate.
Of the products we tested, SecureAuth has the most flexibility and the worst user interface, a combination that can be vexing at times. SecureAuth is the only product tested that has to run on a Windows Server. The interface is supposed to get a refresh later this year, but the current version makes it easy to get lost in a series of cascading menus. The real strength of SecureAuth always has been its post-authentication workflow activities. SecureAuth’s MFA support is strong, featuring a wide selection of factors and tokens to choose from. This is a testimonial to its flexibility.
SmartSignin has been acquired by PerfectCloud and integrated into their other cloud-based security offerings. They now support seven identity providers (Amazon, Netsuite and AD) with more on the horizon and more than 7,000 app integrations. The identity providers make use of SAML or other federated means, and come with extensive installation instructions. This is a little more complex than some of its competitors. When it comes to MFA support, SmartSignin is the weakest of the products we reviewed. They are working on other MFA methods, including SMS and voice, but didn’t have them when we tested. Also, MFA is just for protecting your entire user account, there is no mechanism for protecting individual apps.
There’s a lot more to it than just how many apps you can put in a box
Name a tech company, any tech company, and they’re investing in containers. Google, of course. IBM, yes. Microsoft, check. But, just because containers are extremely popular, doesn’t mean virtual machines are out of date. They’re not.
Yes, containers can enable your company to pack a lot more applications into a single physical server than a virtual machine (VM) can. Container technologies, such as Docker, beat VMs at this part of the cloud or data-center game.
VMs take up a lot of system resources. Each VM runs not just a full copy of an operating system, but a virtual copy of all the hardware that the operating system needs to run. This quickly adds up to a lot of RAM and CPU cycles. In contrast, all that a container requires is enough of an operating system, supporting programs and libraries, and system resources to run a specific program.
What this means in practice is you can put two to three times as many as applications on a single server with containers than you can with a VM.
In addition, with containers you can create a portable, consistent operating environment for development, testing, and deployment. That’s a winning trifecta.
If that’s all there was to containers vs. virtual machines then I’d be writing an obituary for VMs. But, there’s a lot more to it than just how many apps you can put in a box.
Container problem #1: Security
The top problem, which often gets overlooked in today’s excitement about containers, is security. As Daniel Walsh, a security engineer at Red Hat who works mainly on Docker and containers puts it: Containers do not contain. Take Docker, for example, which uses libcontainers as its container technology. Libcontainers accesses five namespaces — Process, Network, Mount, Hostname, and Shared Memory — to work with Linux. That’s great as far as it goes, but there’s a lot of important Linux kernel subsystems outside the container.
These include all devices, SELinux, Cgroups and all file systems under /sys. This means if a user or application has superuser privileges within the container, the underlying operating system could, in theory, be cracked.
That’s a bad thing.
Now, there are many ways to secure Docker and other container technologies. For example, you can mount a /sys file system as read-only, force container processes to write only to container-specific file systems, and set up the network namespace so it only connects with a specified private intranet and so on. But, none of this is built in by default. It takes sweat to secure containers.
The basic rule is that you’ll need to treat containers the same way you would any server application. That is, as Walsh spells out:
Another security issue is that many people are releasing containerized applications. Now, some of those are worse than others. If, for example, you or your staff are inclined to be, shall we say, a little bit lazy, and install the first container that comes to hand, you may have brought a Trojan Horse into your server. You need to make your people understand they cannot simply download apps from the Internet like they do games for their smartphone.
OK, so if we can lick the security problem, containers will rule all, right? Well, no. You need to consider other container aspects.
Rob Hirschfeld, CEO of RackN and OpenStack Foundation board member, observed that: “Packaging is still tricky: Creating a locked box helps solve part of [the] downstream problem (you know what you have) but not the upstream problem (you don’t know what you depend on).”
Breaking deployments into more functional discrete parts is smart, but that means we have MORE PARTS to manage. There’s an inflection point between
To this, I would add that while this is a security problem, it’s also a quality assurance problem. Sure, X container can run the NGINX web server, but is it the version you want? Does it include the TCP Load Balancing update? It’s easy to deploy an app in a container, but if you’re installing the wrong one, you’ve still ended up wasting time.
Hirschfeld also pointed that out container sprawl can be a real problem. By this he means you should be aware that “Breaking deployments into more functional discrete parts is smart, but that means we have MORE PARTS to manage. There’s an inflection point between separation of concerns and sprawl.”
Remember, the whole point of a container is to run a single application. The more functionality you stick into a container, the more likely it is you should been using a virtual machine in the first place.
So how do you go about deciding between VMs and containers anyway? Scott S. Lowe, a VMware engineering architect, suggests that you look at the “scope” of your work. In other words if you want run multiple copies of a single app, say MySQL, you use a container. If you want the flexibility of running multiple applications you use a virtual machine.
In addition, containers tend to lock you into a particular operating system version. That can be a good thing: You don’t have to worry about dependencies once you have the application running properly in a container. But it also limits you. With VMs, no matter what hypervisor you’re using — KVM, Hyper-V, vSphere, Xen, whatever — you can pretty much run any operating system. Do you need to run an obscure app that only runs on QNX? That’s easy with a VM; it’s not so simple with the current generation of containers.
So let me spell it out for you.
Do you need to run the maximum amount of particular applications on a minimum of servers? If that’s you, then you want to use containers — keeping in mind that you’re going to need to have a close eye on your systems running containers until container security is locked down.
If you need to run multiple applications on servers and/or have a wide variety of operating systems you’ll want to use VMs. And if security is close to job number one for your company, then you’re also going to want to stay with VMs for now.
In the real world, I expect most of us are going to be running both containers and VMs on our clouds and data-centers. The economy of containers at scale makes too much financial sense for anyone to ignore. At the same time, VMs still have their virtues.
As container technology matures, what I really expect to happen, as Thorsten von Eicken, CTO of enterprise cloud management company RightScale, put it is that VM and containers will come together to form a cloud portability nirvana. We’re not there yet, but we will get there.
CEO Nadella’s influence, platform-agnostic approach cited
Microsoft so far this year has been the most acquisitive company in enterprise IT, snapping up at least four firms on top of four others that it bought in the last two months of 2014. And while the buyouts might at first glance appear scattershot – we’re talking text analysis, calendaring and digital pen startups among others — there does seem to be a grand plan here.
Our regularly updated Enterprise Networking & IT Acquisition Tracker shows through the first calendar quarter that Microsoft has announced more than twice as many buyouts as any other company (not that all acquisitions are immediately made public and taking into account that our tracker is focused on enterprise-related acquisitions — Google has bought at least four consumer-oriented companies).
Microsoft (NASDAQ: MSFT) is starting its 40th year on a real buyout tear, fleshing out its mobile, cloud and big data/analytics offerings through acquisitions as it moves forward on big initiatives such as Windows 10 and its new Spartan browser. According to the company’s own Acquisition History chart — see a condensed and sortable version at the very end of this article — Microsoft has not gobbled up five companies in a quarter since 2008 when it bought 9 firms, not many of which most people would recall. Caligari or Credentica anyone?
Of the hundreds of TED talks available online, many are geared toward helping people view life in a new
Microsoft finished 2008 with 16 announced buyouts, the most of any year included in its Acquisition History tracker, which goes back to 1994. Wikipedia keeps a list that dates back to 1987, but few purchases were made between then and ’94. Other than for its largest deals, Microsoft is cryptic about how much it pays for companies, requiring those interested to ferret through its SEC filings for clues.
So, Microsoft is on a record-breaking M&A pace for calendar year 2015 — its fiscal year starts in July and ends in June — and all of the deals so far have possible enterprise IT implications. The rundown: LiveLoop is involved in PowerPoint collaboration; Equivio makes text analytics/e-discovery software that could bolster Office 365; and open source company Revolution Analytics promises to bring R programming to more IT shops. It has also been widely reported that Microsoft is buying Israel’s N-trig, which sells digital pens for devices like the Surface Pro 3 tablet (If the N-trig deal is in fact true, three of Microsoft’s last nine deals would have involved Israeli firms). One other deal, Microsoft’s acquisition of iOS/Android calendaring app maker Sunrise, is a consumer-focused pact on the surface but an investor says Sunrise had business use cases in mind.
Microsoft is also rumored to be a front-runner to buy social news reader Prismatic, which would not appear to be an enterprise-related buy.
As Fortune wrote recently, “Microsoft is buying startups people love…”
We reached out to Microsoft a week ago to discuss the spending spree with their M&A personnel and we will either update this article or create a new one if they do get back to us. In the meantime, we got feedback from industry watchers and investors, all of whom credit CEO Satya Nadella and his “new” Microsoft for heading aggressively down the acquisition path.
“Right now is a great time for Microsoft to be buying startups,” says Forrester VP and Principal Analyst J.P. Gownder (@JGownder). “Companies in some of these fields, like machine learning (Equivio), are solving really specific problems in computational intelligence, and would require Microsoft to staff up big teams to catch up. In other cases, the company purchased is already a key partner [such as heavily reported but unconfirmed N-trig buyout]. And in yet other cases, they are receiving IP that applies to their cross-platform strategy to deliver iOS and Android apps (as with Sunrise). These are all well-considered, smart acquisitions.”
CEO Nadella has indeed been a force behind Microsoft’s approach, Gownder says.
“Satya Nadella is driving a new Microsoft forward: One that is more agile, more attuned to customer needs, and less entrenched in the platform wars. He wants to deliver an experience for Windows that customers will ‘love’ (not tolerate), in his words, while also empowering Microsoft to deliver software and services on non-Windows platforms. To accomplish these goals, he needs the traditionally contemplative, slow Microsoft organization to move more quickly. So these acquisitions flow naturally from the new mindset, and bode well for Microsoft’s future (even if a lot of work remains to be done).”
Rob Go (@RobGo), co-founder and partner at Sunrise investor NextView Ventures, concurs.
“Microsoft has had a history of growing its product and talent base for many years. But under Satya Nadella, what we are seeing is a company moving with renewed strategic focus and conviction. One major theme that ties together many of these
acquisitions is a newfound respect for the ecosystem that surrounds the company’s software and hardware products. From an ethos that was much more protective and silo-ed, Microsoft is making major moves in extending their software onto other companies’ platforms (leading productivity apps on IOS and Android like Sunrise and Acompli, a platform-agnostic file viewing service like LiveLoop, third-party integrations with Dropbox, etc).”
ted talks logo
Six TED Talks that can change your career
Jack Gold (@jckgld), principal analyst and founder of J. Gold Associates, describes Microsoft’s moves as both offensive and defensive, and a good use of a cash hoard that hovers around $90 billion even if the company is just scooping up qualified professional staff additions.
“Nadella has refocused Microsoft on becoming innovative again, after a significant number of years where it mainly coasted,” he says. “The acquisitions signal a willingness to go outside for tech it doesn’t have, but thinks it needs to be competitive long term with Google, Apple, IBM, Samsung, etc. Further, it signals that it’s full blown into going to the cloud, after its lukewarm thrusts under the previous management. That’s the offensive side.”
Defensively, look for Microsoft to consume valuable startups and other companies going forward before Google, Apple and others do, Gold says. “As for what this means for enterprise, I see Microsoft’s newfound willingness to go after tech outside its four walls as a refresh of its earlier years where it was an innovator” with Office, Exchange and Windows, he says.
While none of Microsoft’s latest deals would be characterized as blockbusters – unlike billion-dollar-plus transactions in recent years for Nokia’s phone business, Skype and even Minecraft maker Mojang – the startups being stockpiled could pay big dividends for the company and its customers.
I used the Acer Chromebook 15, which boasts the largest screen of any Chromebook, and I’m not entirely sure how I feel about it yet.
Over the past few months I’ve had the opportunity to review two laptops. Both of them being… rather beefy: the Chromebook Pixel and the Dell M3800. These two machines are powerhouses – sporting extremely high-resolution screens and high-end processors – with price tags to match. But then, this past week, the delivery man dropped off an entirely different category of laptop: the Acer Chromebook 15.
The model I have here is the CB5-571-C09S, sporting a 15.6-inch display (with a 1080p resolution), an Intel Celeron CPU (at 1.6GHz), 4GB of RAM, and a 32GB SSD. All of which costs $350 retail.
I’m going to come right out and say it – I’ve had a difficult time figuring out exactly how I feel about this laptop.
On the one hand, it has a huge display, the biggest of any Chromebook ever made. It may not come even close to the resolution of Google’s Pixel, which rocks 2560×1700, but the Acer’s 15.6-inch screen makes the Pixel’s sub-13-inch screen look tiny by comparison. This is a big freaking laptop screen.
See also: A Linux user tries out Windows 10
The screen quality, it should be noted, is pretty nice. The viewing angles aren’t quite as good as the Pixel (or the Dell M3800’s 4K display), but it’s not bad either. And, considering the massive price difference between the Acer and those other laptops ($350 for the Acer vs. over $2,000 for the Dell and over $1,000 for the Pixel), that reduction in quality is actually not as dramatic as you might expect.
The guts of the machine (CPU, RAM, and hard drive) are all excellent… for a $350 machine. If you sit down and compare the specs of this relatively gargantuan-sized Chromebook against a Pixel, you will be disappointed. But when you remember that you can buy three of these Acer laptops for the cost of a single Pixel, things start to look (a lot) more interesting.
Is the Acer Chromebook 15 a speed demon? No. It isn’t exactly decked out with the latest and greatest i7 processor. But it’s no slouch, either. In fact, I very rarely experienced any sluggishness with this machine. Even with a large number of tabs open and Google Play Music streaming some tunes in the background, the entire system was peppy and responsive.
See also: Dell’s Ubuntu-powered M3800 Mobile Workstation is a desktop destroyer
And, let’s be honest, in a Chromebook that’s really what you care about: lots of Chrome tabs, background audio, and playing either a YouTube or Netflix HD video clip. This little Acer (did I just call this mega-sized laptop “little”?) can handle all of that without slowing down in the slightest.
The battery life is pretty solid as well. Acer claims around nine hours of battery life. I drained the battery (from completely charged down to nothing) in around eight hours. But that was fairly heavy usage with music playing in the background the majority of the time (one does want to rock out while reviewing hardware, after all). Eight hours of battery life on a gigantic 15.6-inch screen seems really solid to me.
So, what’s the problem? It sounds like I’ve just described a pretty doggone great laptop at a super low price. If I stopped right there, purchasing this Chromebook is a no-brainer.
But, instead of stopping there, let’s talk about the build quality for a minute.
When I first unpacked the box, and pulled out this large white laptop, I was struck by something… profound.
This machine is… profoundly plastic.
The model I have here is white. Solid white. With a subtle crisscross embossing patterning covering the entire outside.
The plastic isn’t the fancy kind of plastic, either. It’s the kind of plastic that many of my toys from the 1980’s were made with. The kind where, when you tap on it with your fingernail, it makes that distinct “just tapped on a plastic toy” sound. In other words: it feels cheap.
When you open the lid and look at the keyboard, the initial impression is a positive one. The keyboard is certainly full laptop-sized. Typing on the keys feels good… for the most part. Typing aggressively on the keyboard – which I tend to do – results in a sound not unlike banging on a small plastic drum. Or, if you had an original Nintendo Entertainment System, the sound when you knocked on the top of it. That “hollow plastic shell” sound. That’s the sound that banging on this keyboard makes. It’s not loud, and it’s not obnoxious, by any means. But it sounds cheap.
That’s a weird thing to say in a laptop review, I know. “It sounds cheap when you tap on it.” But it’s true. And it’s noteworthy. And it begins to make me realize why this laptop is available at such a cheap price.
Also… the screen bends. A significant amount. And rather easily. If you open the laptop (lift the screen up) and put just a small amount of pressure on the bottom of the bezel around the screen, it bends noticeably. This issue seems to pertain mostly to the display half. The keyboard half feels far sturdier and doesn’t seem to suffer from any bending or rigidity issues.
Interestingly, there are two things that do not feel quite as “cheap.” The trackpad (which has a good feel and a distinctive “click” to it when pressed) and the speakers (which are large, with visible plastic grating covering them, that produce quite decent sound for this price range of a laptop). Two components that, often, even expensive laptops don’t do well. So big high-five to the Acer crew there.
So, to sum up: on the one hand, this laptop sports the largest screen on any Chromebook and packs enough muscle to stand toe-to-toe with most other Chromebooks. But, on the other hand, the build quality reminds you that you only paid a fraction of the price that you would for a “premium laptop.”
Would I recommend this laptop to someone? You know what… yes. Yes, I would.
If you want a Linux-powered Chromebook with a big freaking screen… this is the Chromebook for you. I can literally put a Chromebook Pixel in front of the Acer’s screen and it doesn’t even come close to blocking the view.
It’s also an incredibly good deal. For $350, I could lug this laptop around with me and not worry too much about banging it up. I could break one and buy an identical replacement, and still have save several hundred dollars over buying a Pixel.
So, yes. The Acer Chromebook 15 is a good machine with an interesting place in the market. I’m glad Acer is making it and I can think of some people who would truly enjoy using it for the price.
But what would really interest me is if Acer were to come out with a premium version of this Chromebook. Made with metal instead of plastic. With a beefier processor and more storage. But still, of course, keeping a huge (for a laptop) 15.6-inch screen, I could see that machine really turning some heads (including mine). Even if it cost two to three times as much.
Perhaps a “Surface Pro 4” will debut at the same time or soon after Windows 10 launches. Here’s what we’d like to see in the Surface Pro 4.
Surface Pro 4
Microsoft’s Surface Pro 3 has become a surprise hit, bringing in more than $900 million in revenue, according to industry analysts, and generating such enthusiasm that fans are looking forward to the next version. The Surface Pro 3 was designed to present Windows 8.1 at its best, so it’s expected that its successor will serve as a showcase for Windows 10, which could come out as early as this summer. Perhaps a “Surface Pro 4” will debut at the same time or soon after Windows 10 launches. Here’s what we’d like to see in the Surface Pro 4.
031615 surfacepro4 2
A better camera.
In our review of the Surface Pro 3, we found that its rear camera was unable to focus on objects within a few feet of it. That’s unfortunate because it means you cannot use it to capture an image of a sheet of paper with text on it. For the Surface Pro 4, we hope it has an improved rear camera that would easily let us do this. This would make the tablet even more appealing in an office environment or for work-related tasks if you can use it to quickly snap images of documents
Another keyboard option.
Generally, we like the Type Cover: Surface Pro 3’s keyboard (sold separately) that also serves as a protective cover for the tablet. However, the keys can feel slightly mushy if you don’t type with your fingers curved and wrists raised. For the Surface Pro 4, Microsoft may want to consider offering a second keyboard with keys more like a traditional notebook. The design should have sturdy hinges so that the Surface Pro 4 can attach to it (perhaps by strong magnets) without the need for propping the tablet up by its built-in kickstand, which is what has to be done now with the Surface Pro 3 when using the Type Cover.
A (slightly) larger screen
Speculation has it that the Surface Pro 4 might come in two screen sizes, possibly 8 inches and 14 inches. Microsoft considered releasing a 7 inch Surface Pro 3, but cancelled it. For the fourth Surface, the company may be wise to repeat this strategy. We like Surface Pro 3’s 12-inch diagonal size and 3:2 aspect ratio, because it approximates the dimensions of an 8.5-inch-by-11-inch sheet (though just a bit smaller). To continue making the Surface appeal to the business market, the Surface Pro 4 should have a screen that’s perhaps a little bit larger to match the size of a standard business letter.
Processors that run cooler.
The Surface Pro 3 is available running an Intel i3, i5 or i7 processor, but there have been reports of the i7 model running too hot and therefore glitching out. Fortunately, it’s likely that the Surface Pro 4 will use the new Intel Core M line — powerful processors which were designed for slim, mobile devices, and they don’t use fans.
Continued compatibility with Windows desktop apps
The first two generations of Surfaces were available in two varieties: with processors that could run standard Windows desktop applications (the Surface Pro), and ones that could only run only Windows Store apps (Surface.) This was certainly confusing to customers, so Microsoft wisely didn’t release a “Surface 3.” This made the Surface Pro 3 a unique item onto itself, lessened brand confusion, and met buyers’ expectations. So the fourth generation Surface should not include a “Surface 4.”
More software for the digital pen
The Surface Pen is great; sketching and writing with it on the Surface Pro 3’s display conveys a close sensation of using an ink pen on paper. The tablet doesn’t include much software specially designed for it, except for the OneNote app which implements a UI to make using it with the Surface Pen easier. So we’d like to see more applications for the Surface Pen, such as a tool that can take your PDFs or Word documents and let them be signed by someone using the Surface Pen.
Finally, don’t mess with its good looks.
We really like the Surface Pro 3’s case — its smooth flat surfaces machined from magnesium feel cool to the touch, and even the hinge mechanism of its kickstand gives a sense of solid mechanical design when you pop it out to prop up the tablet. Perhaps the Surface Pro 4 will be slightly thinner and lighter (the Surface Pro 3 is 0.36 inches thin and weighs 1.76 pounds), but overall we see little that needs to be improved.