BEST OF ECT NEWS

Keeping the Desktop Dream Alive: Q&A With Jim Zemlin, Part 2

This story was originally published on June 21, 2011, and is brought to you today as part of our Best of ECT News series.

Keeping the Desktop Dream Alive: Q&A With Linux Foundation’s Jim Zemlin, Part 1

Where is Linux going? For Part 2 of this interview, LinuxInsider continued speaking with Linux Foundation Executive Director Jim Zemlin to discuss Linux in a wider variety of technologies, new programs intended to make it easier for businesses to switch to open source computing, and open source’s ability to compete in the consumer mobile space.

LinuxInsider: During your speech at the Open Source Business Conference, you said that one of the reasons Linux is growing is that it saves money. But from your examples — companies that make and sell products such as Samsung, LG and Sony, and your mentioning the ability to monetize product in ever-decreasing time spans — you’re talking about manufacturers and high-tech businesses. What about non-high-tech businesses, like medical devices, for instance? Apple is pushing hard there with the iPad.

Jim Zemlin:

In general, Linux has the No. 1 market share in the embedded systems world, whether it’s MRI scanners or any other type of high-end medical device.

In terms of medical solutions that require tablet computing, the IT infrastructure in hospitals in most cases can’t be described as cutting-edge, and we’ll have to first see that type of technology really mature.

What I will say about the medical industry is, if you look at what has created large productivity gains in many segments of the economy, it’s things like knowledge sharing, the ability to access your data from anywhere and at any time. In that case, Linux has done pretty darn well because it powers the severs and allows software companies to own their own intellectual property.

Let’s take a non-high-tech marketplace like power production — let’s use power companies. They’re basically setting up smart grid technology to meter people’s [electricity] consumption on a 15-minute incremental basis so they can manage power patterns and make sure the grid is allocating energy effectively.

If you’re polling 12 million customers’ power usage every 15 minutes, you’re polling millions of transactions that have to be centralized, stored and analyzed, then have the data pushed out. You have power meters, servers that store and analyze the data, high-performance computers to crunch the data. In all those categories, Linux is either the No. 1 operating system or the fastest-growing operating system.

We’ve seen Linux do something unheard of in other operating systems in that it moves from one segment to another, and as it does, it dominates those segments. In high-performance computing, Linux went from zero percent market share to over 90 percent in less than 10 years.

LIN: Let’s look at what the problems are in the Linux space. One, the need for a universal application and media warehouse that companies can tap when they want to bundle their applications with media, video, carriers and billing. A white-label iTunes App Store, if you like. What would this require? Some kind of template that companies can purchase and adapt to their requirements with a few lines of code, similar to the way Internet entrepreneurs customize generic shopping carts for their websites?

Zemlin:

There’s a number of things. One is that different firms — carriers or manufacturers or PC makers — want to participate in the app store economy in some way. When you have a closed platform like Microsoft or Apple or any of the proprietary platforms where the app store is controlled by a single entity, the on-ramp and off-ramp for that store will be monetized by that single entity.

Right now, Apple is in a massive way that entity, so what firms are looking it is, how can I have my own app store? And they find that the components that make up an app store — testing apps for compatibility with the device the app will run on, or integrating with a carrier billing system, or setting up the credit card process — are complicated things to do.

A third-party provider could set that up as a service and allow a turnkey approach to creating white-label app stores for all kinds of different devices.

There’s an example of this from Intel — it’s called “AppUp,” and that’s a decent example of where you have somewhat of a turnkey app store solution where developers can upload their apps to the AppUp infrastructure that can push out the apps to the white label stores it supports.

That may be better characterized as the app warehouse approach. There’s a lot of opportunity there, and I think it’s something people should be exploring.

LIN: A second problem is license compliance. The problem isn’t a legal one, it’s a process issue, you said at OSBC. The Linux Foundation is providing a host of tools and processes to help people comply with licensing requirements. What tools and processes? Are you talking about the Linux Foundation and FossBazaar‘s Software Package Data Exchange?

Zemlin:

Yeah. When you have open source components within a product — let me back up — today if you have a dedicated supply chain, you use a product data management product or some sort of supply chain management product to have data about your bill of materials across your supply chain. You get different components from different suppliers, they’re getting integrated into a factory somewhere, and so on and so forth.

Currently there are no tools or standards for passing a bill of materials about software data packages. Software products now are made up of thousands of different components from various projects, and they all come together in an innovative solution.

The ability to track that I wouldn’t characterize as a problem, but a learning curve that the industry is going through right now. So the best way to think about it is, there’s overwhelming advantage for cost and time to market in using open source, but that comes with the small price that the licensing process is complex across the software supply chain, and the Linux Foundation and FOSS are working to deal with that.

LIN: How about the Open Compliance Program? What’s the lowdown on that? SPDX is one of the six elements of the OPC; how far along is the OPC towards completion? After all, if SPDX won’t be released until August, it’s not likely that OPC is anywhere near completion.

Zemlin:

We run the OPC — the standard, SPDX, training that shows people how to comply with OS licenses, tools which allow people to manage their software bill of materials, a set of best practices we have on our websites, and knowledge sharing, which is the FossBazaar facility, and a sixth component …

LIN: Who will enforce OPC? Or is it essentially self-policing because companies don’t want to be caught in breach of license?

Zemlin:

The enforcement is making sure that people comply with their licenses; this is simply a set of processes, training and tools to deal with the tremendous shift from the old way of proprietary licensing to a new way of using software which is predominantly based on open source.

LIN: At the OSBC you said the Linux Foundation’s perspective, and you believe it’s also Microsoft’s perspective, is we would like to see changes. Where and how does Microsoft come into this picture vis-a-vis the Linux Foundation, given that it’s never looked very kindly upon Linux? Or are you referring to the patents Microsoft claims it holds on different processes in Linux?

Zemlin:

I think we were speaking around patent reform. I think everyone in the tech industry related specifically to software would like to see a higher bar in terms of quality for patents issued around software because the lack of quality leads to a lot of needless litigation.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

LinuxInsider Channels

BEST OF ECT NEWS

The Cybersecurity Outlook for 2021 and Beyond

Cyberattacks in the first half of 2021 have escalated globally to affect virtually every industry. Earlier this year TechNewsWorld spoke with cybersecurity experts about the expanding threat landscape, imminent threats, and what can be done to counter the ongoing offensives against the IT systems of companies, organizations, and government agencies.

This story was originally published on Feb. 16, 2021. As a result of its popularity, it is brought to you today as part of our Best of ECT News series.

Some cybersecurity experts agree with a report by Cybersecurity Ventures and expect financial damages from cybercrime to reach $6 trillion by the end of this year. Industry studies show that cyberattacks are among the fastest-growing crimes in the United States.

Cyberattacks are absolutely on the rise. Based on everything we know and every single analyst we have spoken with, there is no doubt that attacks are increasing, according to Robert McKay, senior vice president, risk solutions at Neustar.

“Cybersecurity experts predict that in 2021 there will be a cyberattack incident every 11 seconds. This is nearly twice what it was in 2019 (every 19 seconds), and four times the rate five years ago (every 40 seconds in 2016),” he told TechNewsWorld.

The rapidly growing increase in cyberattacks worldwide comes at a hefty cost for businesses in order to better protect their computer networks from intrusions. Cyberattacks not only are increasing in frequency, but they are costing victims larger financial losses.

The Growing Price of Cyber Risk

Worldwide, cybercrime cost businesses, government agencies, and consumers in general more than $1 trillion in 2020, according to the data analyzed by researchers at Atlas VPN. That is around one percent of the global GDP.

While $945 billion was lost to cyber incidents, $145 billion was spent on cybersecurity. Those costs increased by more than 50 percent compared to 2018, when over $600 billion was spent to handle cybercrime.

But twenty percent of organizations worldwide have no plans on how to protect against cybercrime events, according to the Atlas VPN report. That leaves a gaping hole in networks for cybercriminals to extend their attack strategies to steal even millions of dollars more.

The only sure defense, warn cybersecurity experts, is to step up efforts to pass legislation that bolsters technological defenses. That may be the only way to alter the course of ongoing cyberattacks.

Despite all the efforts into protecting systems and data, cloud breaches are likely to increase in both velocity and scale, said John Kinsella, chief architect at Accurics about his company’s 2020 summer research report on the State of DevSecOps.

“This [analysis] comes as cloud breaches have been rampant over the last two years. More than 30 billion records have been exposed as a result of cloud infrastructure misconfigurations,” he told TechNewsWorld.

In order to keep pace with an evolving economy that requires more digital transformation, organizations must place cyber resilience and the practice of DevSecOps at the top of their priority list, he added.

Not Just in the Clouds

Much more results in the growing pace of cyberattacks than rampant migration to cloud storage and misconfigured cloud infrastructure. Still, misconfigurations in cloud infrastructure lead to data exposure and are among the biggest concerns for cyberthreats facing business and government agencies today, noted Kinsella.

Nearly 98 percent of all cyberattacks rely on some form of social engineering to deliver a payload such as malware or ransomware. One of the most successful attack formats cybercriminals use regularly to initiate a social engineering attack is through phishing emails. Therefore, threat actors distribute malware via email approximately 92 percent of the time.

Cloud use and the continued stampede to cloud services is not going away. That ongoing shift in computing practices must be managed with more vigilance.

COVID has accelerated organizations’ digital transformation. Therefore, the ability to set up workloads in the cloud and get them through compliance and security challenges is in demand, noted Mohit Tiwari, co-founder and CEO at Symmetry Systems.

“Part of the reason is that the workloads that had resisted moving to the cloud were exactly the highly regulated ones, and the forced move out of on-site data centers managed by IT staff is driving up demand for cloud-based compliance and security skills,” he told TechNewsWorld.

Thus, cloud-based security techniques will be vital in the fight to curtail the worsening cybersecurity landscape. These include learning to work with cloud-native identity and access management (IAM), he noted.

“Those looking after cloud-based security need to broadly learn to manage infrastructure through structured programs, instead of shell scripts pieced together. As networks and application tiers become ephemeral, the most important persistent asset for any enterprise will likely be their own and their customers’ data. So data-security on the cloud will be a major theme going forward,” he cautioned.

Providing Cloud Cover

The world pandemic has hastened the cyber intrusions. So has complacency and poor training among office workers and inadequate IT surveillance.

Organizations need to consider a balanced approach to training their employees and investing in automation tools to minimize the risks of cyberattacks, offeredBrendan O’Connor, CEO and co-founder at AppOmni. Extensive training and around-the-clock manual monitoring are not necessary when the right automation tools can complement the IT staff as they build up their skill set.

“IT workers specializing in security need to shift their focus to supporting the new model of business many enterprises are adopting. Some enterprises are shifting their business model to focus on virtual workforce, de-emphasizing the need to secure office networks,” O’Connor told TechNewsWorld.

In other cases, offices are being eliminated altogether. IT workers need to change their focus from traditional network security of a campus/office to application security of the work-anywhere model, he continued.

“With the employee location and devices under constant flux, organizations will rely on the consistency and security of cloud service applications. IT workers should look to the management and security of these SaaS (software as service) applications as the new skills and technology to embrace,” O’Connor said.

Looming Threats

Over the next year, ransomware will continue to be the biggest threat and financial risk to enterprises, observed Joseph Carson, chief security scientist and advisory CISO at Thycotic. Most organizations should be very concerned about ransomware as the biggest cybersecurity challenge and threat, he advised.

“Organizations should prioritize to invest in security solutions that help reduce the risks and also plan and test an incident response plan to help ensure the business is resilient to high-risk attacks,” he told TechNewsWorld.

Ransomware continues to evolve into more than just a security incident. Cybercriminals now seek data breaches with organized cybercrime groups to steal the data before they encrypt on corporate servers. Companies are not just worried about getting their data back but also who it gets shared with publicly.

Cybercriminals use ransomware to target anyone, any company, and any government including hospitals and transportation industries at a time when they are under extreme pressure, Carson added.

Another major cybersecurity attack trend focuses on the protective tools and security vendors within the industry, noted Brandon Hoffman, chief information security officer at Netenrich. The tools that the industry relies on and their providers are becoming more targets for attacks.

“It is a big concern because practitioners need tools they can depend on for detection and defense. By crippling or repurposing the very tools meant to thwart these attempts, the adversaries stand to gain a complete upper hand in the ongoing battle to combat cyber threats,” Hoffman told TechNewsWorld.

“The attacks targeting security organizations and vendors were always high up on the adversary list, but success begets further success.”

Fighting the Battle

The trust factor is an internal battle of sorts between security vendors and the corporations hiring them for cyber protection. That trust must be constantly reassessed, suggested Tim Wade, technical director of the CTO Team at Vectra AI.

“Strategically, security practitioners must continue to pivot away from preventative-based security architecture into resilience-based security architecture,” Wade told TechNewsWorld.

That is where the focus shifts to accepting the reality that things will go wrong, but when they do, the impact is minimized through rapid detection, response, and recovery, he added. Vendors and suppliers have always been lucrative targets for adversaries.

Many of the cyberattackers belong to organized criminal gangs that are sanctioned by foreign nations. The best defense such adversaries is acknowledging that you cannot stop them. But then focus on making their lives as difficult as possible, Wade said.

Cybersecurity Higher Education

One of the often unspoken ways of safeguarding against cybersecurity assaults is through education. This approach goes beyond teaching company workers to be better aware of safe computing ideals. Rather, recruiting the next crop of computer specialists to pursue a degree in cybersecurity.

Cybersecurity prospers because so many professionals come from different backgrounds and skill sets, noted Heather Paunet, senior vice president at Untangle.

“Groups who are traditionally marginalized in other industries, when pivoting or starting a career in cybersecurity, can benefit from multiple industry-leading organizations offering certification programs,” she told TechNewsWorld.

The emerging field of cybersecurity is a very viable career path, noted Michael Kaczmarek, vice president of product management at Neustar. Industry reports show that the number of unfilled cybersecurity jobs is expected to grow by 35 percent.

“Given the increases in attacks and the changes in tactics used by bad actors and organizations, cybersecurity will most certainly be a career choice that will see net employment for the long term,” he told TechNewsWorld.

The demand for cybersecurity jobs has certainly increased in the past year, agreed Dov Lerner, security research lead at Cybersixgill. A career path in the field is a great choice for someone interested in IT and security.

“An increase in the number of tools utilized increases security operations and analytics complexity and requires an increase in personnel. However, according to a recent ESG survey, nearly 70 percent of security teams say it is difficult to recruit and hire additional SOC (security operations center) staff,” Lerner told TechNewsWorld.

Security analysts have the opportunity to impact more than just their specific industry. Cybersecurity reaches into the world of politics, economics, and other sectors of the world. While breaking into the field can be challenging, it is incredibly rewarding, he concluded.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Best of ECT News