Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
wavedocter: Your screename implies you have a PHD in Wave? Are you being sincere? Jeff
wavedoctor: This is nirvana for Wave. Jeff
Nice find Taxi. The big sell here is the virtualization technology which simplifies management and LOWERS COST. Gotta have a TPM to secure the virtualization technology. If a company is already a Dell customer,virtualization would be a terrific reason to justify a server upgrade. Upgrading Dell servers is a great opportunity for Wave. Again, nice find. Jeff
http://www.serverwatch.com/news/article.php/3710556
"In addition to the new chips inside, Dell has added standard-based power-monitoring capabilities for controlling power consumption, added its Trusted Platform Module (TPM) for improved security, and updated Dell OpenManage to version 5.3 to provide customers with greater and more simplified control of data centers and virtual environments."
"Dell OpenManage 5.3, the company's systems management software, has been updated to provide advanced power monitoring and virtualization management features."
"Across the board, Dell is working on how to simplify IT," said Bounds. "We have a practice associated with virtualization. Our own IT shop has been taken down from 85,000 servers to 20,000 servers using virtualized environments, and we're applying that to customer bases as well."
Maybe MSFT 2008 changes NAC from a niche market to a major demand market in 2008? Jeff
"For customers to embrace the broader vision of NAC will take time, and the many "Johnny Come Lately's" putting pressure on the market aren't helping to foster realistic expectations, Shimel said.
"I'm not saying that these other types of behavior analysis and post-admission technologies aren't important to extending NAC, they are, but let's not lose sight of the fact that the initial NAC functionality was envisioned around access," Shimel said.
"Things have become terribly confusing for end users; any time you have an over-hyped niche like NAC you get a lot of people with business models that have failed jumping on the bandwagon," he said. "This corrupts the message as people try to make it their own, and there's probably no bigger poster child for that sort of problem right now than NAC." "
If income models and short term momentum is what has kept you invested in Wave then my closest Uncle is Warren Buffet... The reason you're invested is 99% Sprague speak and 1% momentum which is what the market is dictating currently (and in the past). What decision is there to make whether to sell for a tax credit or not?? I hope you were just plain being sarcastic with your post? If not, then you're truly off the hook man? Jeff
Rep and Senior Marketing Manager. An apple and orange. Do your Reps ever get quoted publically on behalf of Seagate?
Everybody posting on this board will go down in history as being wrong! Especially relating to timelines! At least these journalists were speaking with individuals who represent Seagate and IBM etc... I take their quote as something a little more solid then you going out on limb and claim it wont happen for "a long long time". Sheesh?! When was the last time you conversed with a spokesperson from Seagate or IBM about FDE deployment? If so, can you state your sources and quote them? They at least quoted their IBM source?
"The companies said that the approval of a Trusted Computing Group (TCG) security standard next year will resolve the issues around interoperability. But according to IBM senior marketing manager Allen Marin, "If you lose those [encryption] keys, you might as well throw the [storage] box away.""
beginning in 2008
http://searchstorage.techtarget.com/originalContent/0,289142,sid5_gci1276910,00.html
"Seagate said that beginning in 2008, all of its disk drives will ship with FDE, though the company claims users will have the option of not using drives in "locked" or encrypted mode. FDE drives must also be added to a "secure volume group" under a controller that supports the encryption."
You're missing the market demand....
That's correct my friend! If you can tie up some cash for another year then you're on the right path. It all comes down to whether you win and win big. That I will do. Patience and due dilligence is required along the way. Good luck. Jeff
Trusted Computing was still in Embryonic stage as of July 2006, but Data at Rest was in the Early Mainstream stage. I think this would indicate that Waves' best chance at significant revenues still lies with Dell/Seagate FDE for the immediate future!
NAC is still too early for meaningful revenues. I guess it's good Wave has many irons in the fire! There is a Hype Cycle for Information Security, 2007 if you got cash!
Interesting reading!
Hype Cycle for Information Security, 2005
http://www.ementor.no/upload/Events/NO/Oslo/infosec%20-%20hype%20cycle2005.pdf
Hype Cycle for Information Security, 2006
http://cnscenter.future.co.kr/resource/security/consulting/imperva_1914.pdf
Cost concerns relate to the immediate need for a solution to a problem. I’m glad you posted your sentiments. Cost was the biggest reason I posted. When a company is ready to exceed forecast expenditures due to a “need”…. Then the market demand becomes just that…. DEMAND……. WE HAVE TO DO THIS NOW!!! Right? The demand is being communicated but not realized at this time. Period. Considering SKS’s sales cycle timeframes, I would be more inclined to accept Garters (they’re the experts anyhow) predictions at this point (for the very first time). Last half of 2008 and early 2009 for our dreams to finally begin to be realized. Jeff
A big unhappy for me. I work in management, sales, operations, and service, for a publically traded company. The sales cycle from the first appointment to close is too long in relation to the OBVIOUS market demand (which doesn't "demand" but "suggests"). For the very first time (in the ? years) since I've been invested in Wave I've realized that Gartner has this market down to a a tee.
SKS's response that Wave solution is a "checkbox" item in the market is a perfect example of what I'm posting here...
This was a horrible CC. Because the truth of the "true market" was finally conveyed from the mouth of SKS. I will hold at this juncture until the end of 2008. Because I can well afford too. Jeff
"Allot of hand holding"? "It's the right thing to do"? It's only the "right thing to do" if you have too.... That's how sales and service work. That's reality. When the market demand changes so will the "have too". Jeff
A significant statement was made in relation to the government contractor (50K seat) which has chosen Wave as a "prefered" vendor. Big difference between "prefered" and "mandatory" vendor. I think we can get a good pulse here of the market... I wont speculate my true opinion of the above but at this point my runway just extended SLOL. Those Gartner charts are becoming more realistic every day. Jeff
I like this part:
"So what happens when your fully encrypted disk breaks down? Don't look towards your standard recovery tools.
"A damaged drive cannot be booted and recovered with conventional recovery tools; you'll need a special boot disk supplied by the manufacturer," said John Girard, a vice president and distinguished analyst at Gartner.
It's a small but important reminder that when you implement a full-disk encryption system, don't underestimate your commitment. "When you implement full-disk encryption, all the procedures you follow as an organization for technical support and disk recovery have to change completely," Girard said. "If there's a problem, you can't start the operating system. You can't use normal disk recovery on the system.""
http://www.wave.com/products/eras.html
Let me take a stab at answering your question using a real life example...
I liken the TCG to our current day ISO:
ISO 9000
From Wikipedia, the free encyclopedia
ISO 9000 is a family of standards for quality management systems. ISO 9000 is maintained by ISO, the International Organization for Standardization and is administered by accreditation and certification bodies. Some of the requirements in ISO 9001 (which is one of the standards in the ISO 9000 family) would include:
a set of procedures that cover all key processes in the business;
monitoring processes to ensure they are effective;
keeping adequate records;
checking output for defects, with appropriate corrective action where necessary;
regularly reviewing individual processes and the quality system itself for effectiveness; and
facilitating continual improvement
A company or organization that has been independently audited and certified to be in conformance with ISO 9001 may publicly state that it is "ISO 9001 certified" or "ISO 9001 registered." Certification to an ISO 9000 standard does not guarantee the compliance (and therefore the quality) of end products and services; rather, it certifies that consistent business processes are being applied.
Although the standards originated in manufacturing, they are now employed across a wide range of other types of organizations. A "product", in ISO vocabulary, can mean a physical object, or services, or software. In fact, according to ISO in 2004, "service sectors now account by far for the highest number of ISO 9001:2000 certificates - about 31% of the total" - source: [1]
Advantages
It is widely acknowledged that proper quality management improves business, often having a positive effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of litigation.[4][5] The quality principles in ISO 9000:2000 are also sound, according to Wade,[6] and Barnes, [5] who says "ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive." Barnes also cites a survey by Lloyd's Register Quality Assurance that indicated ISO 9000 increased net profit, and another by Deloitte-Touche that reported that the costs of registration were recovered in three years. According to the Providence Business News [7], implementing ISO often gives the following advantages:
Create a more efficient, effective operation
Increase customer satisfaction and retention
Reduce audits
Enhance marketing
Improve employee motivation, awareness, and morale
Promote international trade
However, a broad statistical study of 800 Spanish companies [8] found that ISO registration in itself creates little improvement because companies interested in ISO have usually already made some type of commitment to quality and were performing just as well before registration.[4]
In today's service sector driven economy, more and more companies are using ISO 9000 as a business tool. Through the use of properly stated quality objectives, customer satisfaction surveys and a well-defined continual improvement program companies are using ISO 9000 processes to increase their efficiency and profitability.
So, anybody who has business to business experience knows just how important it's for a company to be "ISO Certified". In fact, one would typically see large banners posted on the outside and inside of a company that was ISO certified. I'm sure there are other more expert individuals who post here who can better break down the reasons why companies desire to be ISO certified but I believe legal liability has to be in the top two or three reasons.
Auditing plays a critical role in determining certification. Auditing determines whether a company would be liable or not.
Auditing (ISO)
Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment, to verify that the system is working as it's supposed to, find out where it can improve and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgments.
Under the 1994 standard, the auditing process could be adequately addressed by performing "compliance auditing":
Tell me what you do (describe the business process)
Show me where it says that (reference the procedure manuals)
Prove that that is what happened (exhibit evidence in documented records)
How this led to preventive actions was not clear.
The 2000 standard uses the process approach. While auditors perform similar functions, they are expected to go beyond mere auditing for rote "compliance" by focusing on risk, status and importance. This means they are expected to make more judgements on what is effective, rather than merely adhering to what is formally prescribed. The difference from the previous standard can be explained thus:
Under the 1994 version, the question was broadly "Are you doing what the manual says you should be doing?", whereas under the 2000 version, the question is more "Will this process help you achieve your stated objectives? Is it a good process or is there a way to do it better?".
The ISO 19011 standard for auditing applies to ISO 9001 besides other management systems like EMS ( ISO 14001), FSMS (ISO 22000) etc .
We can all agree the liability associated with a lost HD is tremendous and is becoming more significant each day as it relates to public humility and financial liability. Therein lies the market for FDE and I believe ERAS will provide a critical component (auditing) to lessening liability. So much so that the TCG is integrating the auditing functions for FDE into their standards. And this might be a stretch... What if it becomes an ISO standard as well?
Let's also not forget that the TCG is requiring: "Any device that implements the TCG Storage Specification will be supported by the work of the Subgroup." See post #153596 I just dont see another competitive server product which will be able to support the standard? Not in the near future at least.
Jeff
Nice find Mundo!!!
Micro, front page of the Seagate site and click "HOT NEWS":
Already posted..
http://www.seagate.com/www/en-us/
SCOTTS VALLEY, Calif.-October 15, 2007-Seagate Technology (NYSE:STX) today announced it is collaborating with others in the storage and security industry to extend its hardware-based, Full Disk Encryption (FDE) technology to its entire portfolio of enterprise-class hard drives. Providing data center managers with the best possible protection for data-at-rest is a significant advancement for security of the world’s enterprise data centers. The Trusted Computing Group (TCG) is establishing a security protocol for communicating with these self-encrypting hard drives, and the IEEE 1619.3 is creating a key management standard to ensure that this new technology will have interoperability. Among the major storage industry players actively involved are IBM, LSI, and Seagate.
Seagate this week is also demonstrating the performance and security capabilities of enterprise drive-level FDE at Storage Networking World. The demonstrations underscore the value that FDE technology brings to storage system administrators tasked with protecting against breaches of data that can occur in drives and systems that have been repurposed, decommissioned, disposed of, sent for repair, misplaced or stolen.
“Many organizations are considering drive-level security for its simplicity in securing sensitive data through the hardware lifecycle from initial setup, to upgrade transitions and disposal,” said Eric Ouellet, vice president, Secure Business Enablement, Gartner. “Drive disposal in particular has always been one of the most challenging elements of the data security lifecycle. Even with secure disposal processes in place, misplacement, mislabeling and theft still do occur which can result in significant losses, penalties and fines. Eliminating the risk of compromise from the source is one approach that can significantly reduce the complexity of managing sensitive data.”
Benefits of Drive Level FDE in the Enterprise
Many organizations, including storage vendors IBM and LSI, who have closely evaluated how encryption in the data center can best be done to guarantee performance, manageability, security and compatibility while minimizing complexity, have concluded that encryption belongs on the disk. Acting in its interests to secure U.S. Government data, the National Security Agency (NSA) has also identified this as a desirable solution.
“The need for enterprise administrators today to be sure that all corporate data is secure across the infrastructure is becoming an increasing priority,” said Barry Rudolph, vice president of Disk Storage Solutions, IBM. “Natively securing data at rest within the disk drives is the next step in the evolution of securing storage media that physically leave the secure confines of the datacenter, and we look forward to collaborating with Seagate and utilizing our industry leading key management and security solutions to enable drive level full disk encryption across the enterprise.”
“Data-at-rest encryption is an important topic in the industry,” said president and CEO Abhi Talwalkar, LSI Corporation. “Although it can be implemented through many techniques, the preferred implementation method for external systems is through encryption at the HDD level. LSI is pleased to be working with other industry leaders and standards organizations to develop and deliver the most effective, standards-based encryption technology in the market.”
Drive-level FDE security provides a range of superior benefits for protecting an enterprise system’s data-at-rest when compared to current software and hardware encryption tools. Among them are:
Performance — Because the encryption engine is in the disk drive’s controller ASIC and matches the drive’s maximum port speed, encryption won’t slow a system down. And because it is in the drive itself, its performance automatically scales every time storage is added in the data center. With FDE at the drive level, performance problems are solved because the encryption functions are done automatically, at full interface speed, within each and every drive in the system.
Compatibility — Drive-level FDE technology is supported by the security protocol developed through the TCG, an organization consisting of membership of more than 50 participating companies, including all hard drive manufacturers. Key management standards to insure interoperability are being established via the IEEE 1619.3. All major storage system providers are participating in IEEE 1619.3.
Manageability — The IT user does not need to escrow the encryption key to maintain data recoverability because the encryption key is in the drive. There is less of a need to decrypt and re-encrypt the data to maintain security, because the encryption key does not leave the drive. This frees the storage administrator from having to schedule and conduct this performance throttling activity.
Security — This self-encrypting drive technology delivers a new standard of security for data-at-rest encryption. Cipher text is never exposed. There are no clear text secrets anywhere on the drive, and an attacker is assumed to have complete knowledge of the secrets’ design and location. The drive can self power down after a predefined number of authentication attempts. Access control credentials are separate from the encryption key. An attacker cannot alter the firmware – firmware downloads are protected. Seagate has put no back doors in the drive. In fact, the drive is locked and inaccessible to anyone without full authorization.
“The fact that the NSA has been such a strong supporter and active participant in the TCG’s efforts around standards for device-level FDE speaks volumes,” said Bill Watkins, Seagate CEO. “We’ve listened very carefully to their advice and requests, worked closely with others in the TCG organization, and we’re excited about the opportunity to deliver on this new technology collaborating with industry leaders such as IBM and LSI. It feels good to play a major role in solving a very real problem for IT end users for improved enterprise security.”
Seagate plans to deliver enterprise-class drives with FDE to customers in 2008. For more information about Seagate and its own family of security solutions, visit www.seagate.com/security.
About Seagate
Seagate is the worldwide leader in the design, manufacture and marketing of hard disc drives, providing products for a wide-range of applications, including Enterprise, Desktop, Mobile Computing, Consumer Electronics and Branded Solutions. Seagate’s business model leverages technology leadership and world-class manufacturing to deliver industry-leading innovation and quality to its global customers, and to be the low cost producer in all markets in which it participates. The company is committed to providing award-winning products, customer support and reliability to meet the world’s growing demand for information storage. Seagate can be found around the globe and at www.seagate.com .
Seagate and Seagate Technology are registered trademarks of Seagate Technology LLC. The Wave logo is a trademark or registered trademark of Seagate Technology LLC or one of its affiliates. All other trademarks or registered trademarks are the property of their respective owners. One gigabyte (GB) is equal to one billion bytes when referring to hard drive capacity. Computer operating systems may use different standards of measurement and report lower capacity. In addition, some of the listed capacity is used for formatting and other functions, and thus, will not be available for data storage.
And this...
https://www.trustedcomputinggroup.org/groups/storage/
Trusted Storage Key Management Services Subgroup FAQ
June 2007
Q. What is the Key Management Services Subgroup (KMSS)?
A. The TCG Storage Specification, made publicly available mid-June 2007 by the Storage Workgroup,
provides a variety of mechanisms that can be used to define and manage cryptographic keys. The
Storage Workgroup has formed a Key Management Services Subgroup to provide a specific method to
manage those keys necessary for use in the environment defined by the TCG Storage Specification.
Q. What is the purpose of the subgroup?
A. The Key Management Services Subgroup builds upon existing TCG technologies and philosophies
and focuses on key management issues with respect to the TCG Storage Specification. Any device that
implements the TCG Storage Specification will be supported by the work of the Subgroup.
Q. What are the goals of this Subgroup?
A. The Subgroup has multiple goals, including:
• Develop a uniform approach to managing keys across a variety of storage devices.
• Define an extensible set of key management operations to nurture and sustain encrypted data
and its associated keys.
• Define key management audit operations that may be required to securely record all key
management operations.
• Leverage existing protocols and techniques:
o Support the TCG Storage Specification
o Secure Communications
o Authentication
o Discovery
o Any existing and applicable standards
• Define procedures, protocols, and client APIs as needed to implement these goals.
Q. What is IEEE P1619.3 and does it overlap with the work of the TCG Key Management Services
Subgroup?
A. P1619.3 deals with broader key management issues, as defined by its charter: “… defines methods for
the storage, management, and distribution of cryptographic keys used for the protection of stored data.”
TCG will focus on key management as it relates to the TCG Storage Specification and devices supporting
that Specification.
KMSS and P1619.3 are cooperating to avoid overlap. A number of vendors participate on both KMSS and
P1619.3.
And this of course which I believe is the only Server tool which will work across ALL FDE HD's:
http://www.wave.com/products/eras.html
ERAS Key Components
ERAS Benefits
Remote management of TPM systems and Trusted Drives.
Integrated with Active Directory.
Centralized security policy control and auditing for risk assessment and regulatory compliance purposes.
MMC, scripting, or command line operations.
TPM remote management including:
TPM enrollment, ownership, and enablement
TPM user management
Password management and reset
Delegation of owner rights to users
Detailed TPM system information
Trusted Drive remote management including:
Initialization and administration
Password management, control and recovery
User management
Pre-boot authentication setup
Re-commissioning and de-commissioning of drives
Trusted Drive recovery
These aren't just dots my friend. Until I see another product out there which will provide the same key functions across all FDE products then I'm remaining bullish on Wave executing fully in the FDE market which is sure to come in 2008. jeff
Micro, I appreciate your reply. I did follow the chain of posts on the other board relating to FDE. As always, Doma is exactly right with his real time snapshot of where Wave ETDM is currently bundled and how much. Dell's $7 per drive agreement with Wave shows their commitment to the technology. Especially when one considers which PC OEM holds the lions share of the government business. Not to mention CM's recent postings on the NSA and FDE.
But the bigger questions we have to ask ourselves are... Will there be a market for central server management of FDE HD's? If so, how quickly will that market grow? Will NAC / TNC take off next year and if it does what role will ERAS play within the NAC / TNC technology? In other words, who has the server products that CAN manage ALL the endpoints?
http://www.wavesys.com/products/eras.html
So far, all signals are a go for next year (FDE / NAC / TNC) IF you believe what Microsoft, Intel, DELL and Seagate are saying and doing. I've read nothing which says otherwise.
It all boils down to one question...
If you had never bought a share of Wave in your life and you know what you know now about every aspect of the technology, immediate or potential market, Wave financials and YES Wave leadership... Would you buy Wave shares today?
If the answer is no and you own Wave shares then I would suggest an exit plan to ease your finacial and emotional anxiety.
If the answer is yes and you own Wave shares then I would quit crying and realign my investment thinking and emotion.
The wonderful fact about this investment is that the light is at the end of the tunnel one way or the other. The journey is going to either be completely over or a new journey will begin with share price appreciation over the next two quarters. Wave will make significant money off of Seagate FDE or they wont?! Virtualization technology will be big next year and the TPM will be a critical component in securing virtualization technology or the TPM will not be so critical?
A few things I do know today:
- Seagate is a top tech company making money hand over fist and Bill Watkins himself has said numerous times that the FDE technology will encompass all lines of Seagate HD's in 2008. Steven Sprague didn't say that, it was the CEO of Seagate.
- Intel is rapidly becoming a virtual platform company. Every new platform launched by Intel anymore is a virtual platform. It just so happens there's a TPM on EVERY one of those platforms? Who knew? Right? Maybe some of us are wondering if Intel plans to use those TPM's for something?
- From my understanding, Wave provides the key ingredient (secret sauce?)to both secure and manage both of the above technologies.
Jeff
I hear you and understand your veiwpoint. But, the CEO's representing the major OEM's have to protect their rep and brand. They can't put their name behind a technology that may fail. It has to win and win big. Even when they know it will work they still have to sell it. So much that the market is crying for it. It's about winning big. Bill Watkins knows he has a winner with FDE. He has only just begun to put his personal name on this technology. He would NEVER do that unless he knew for a FACT he had a winner in the tech market. That's big! Big CEO's all have BIG ass EGOs. Their rep and name are everything. Bill knows the future. Bill knows FDE is the next big thing. He's willing to give millions and maybe a billion to make billions more and secure his brand and name.
Ottelini is in the process of tranforming Intel from a chip to a platform company. The new Intel platform is a VIRTUAL platform. The ONLY way you can secure virtual technology is with the TPM. We all know what Wave does here. ALL Intel virtual platform technology has and will have Wave. Period. Ottelini is putting his name and rep on this technology and again Wave is the key ingredient to secure his name and brand. Brand is secured by money. The money will arrive with the market that is forged by demand and the brand. CEO's like Otellini and Watkins spend millions to know the demand to support the brand. Lets hope the money was spent well and the intelligence is there to make us rich.
Again, still looking for the "appetizer to hold you over" and "the main course is yet to come". SKS still appeazing the brightest(who may have the most money)to keep their dollars invested in Wave. Maybe the attitude of the brightest is the guage SKS is using to rate his own performance? If that is true then maye we will be making some money here soon?
In other words, SKS is the master at keeping investor $'s. He has executed a major aspect of his job. Bottom line is he has kept his company and dream afloat. He must be a genius to have done this for so very long (endured the tech bubble bust and a market crash when most failed to survive). Just think, some of the smartest people we know of who post on these boards and are still invested are finally admitting to themselves what Sprague speak TRULY means (after 10+ years). We now have definitions! Thank you Gokite! All would agree with those definitions! Yet, those very same people still believe that "Wave needs to still get through the next few quarters to break even without diluting shares more." Another testament to how well he does his job!!
If Wave went BK tomorrow... SKS still kept his company in business for 10+ years, kept his dream alive 10+ years and drew a nice salary to support his family for 10+ years. All of the Wave employees drew a salary and lived a dream. Not to mention he probably could make a phone call to Otellini, Micheal Dell, Bill Watkins or just about any other major OEM and land a multi six figure position. Many of his employees would be marketable as well considering the trusted computing market that is forming up here.
Yes, Wavoids would be the only ones to get the shaft. But would we be getting shafted by SKS or ourselves? I say neither. It will be what it will be.
Personally, I have 10's of thousands of shares and if Wave went BK tomorrow then I would appreciate the dream I got to live for 10 years and move on. No victims here. Would I be clinically depressed for a week? Sure! Would my investor friends seek to have me knocked off? Absolutely! I suppose I’ll consider that thought when the dirt flying off the shovel is hitting my face when I’m half conscience.
In the meantime, It’s a good thing I’m 110% sure (as sure as I am that I’ll be turning 41) that Wave will win. We will win. No doubt in my mind. When will we win? Now, what I know and what I think I know are two different things. Obviously. Jeff
Wave will stay independent. I think you are mistaken about the driving force behind what Wave management is truly about... You think money and I think evolution. I also believe it will be extremely tough to acquire Wave considering the % of shared owned by Wave longs, management and Wave employees. Not an easy endeavor to acquire a company such as Wave with the limited outstanding shares and who owns those shares. Jeff
On the other hand.... I worked for a 17 billion dollar company that adopted the newest technologies to keep a step ahead of the competition. There are short term sales installs and long term sales installs in ANY industry with ANY technology. If the technology is a no brainer relating to profitability and technological advancement then the sales to install cycle can be quick. Not quarters and years. Weeks. Depends on the company and the commitment to change. Jeff
No kidding. If SKS wasn't so busy traveling the world for the last 8 years spreading a message that the entire world has just accepted called Trusted Computing then he may have had more time to work out. I'm pretty sure some of these same posters who ridicule his weight are probably obese considering the time they spend sitting on their tails posting the garbage they do day in and day out.
The writing is on the wall... The "big bang" in February and Seagate FDE mainstream in 2008. Should be enough for me since I doubled down YET another year. It's a wrap. Jeff
No kidding! Barge, where art thou? Jeff
Boy, whoever said the shares I didn't buy last Friday would cost me more this week sure was right! Still happy to have more anyhow. Jeff
Only 1000 shares have filled thus far... I'll wait ten more minutes and edit my order. Jeff
I just put in a limit order for 5500 shares at 1.62. We'll see if it fills? More on Tuesday! Jeff
Barge: Wave Owning the client side is exactly why Wave will be around for years to come. The difference between me choosing between fully cashing out on the rise or staying invested for the next decade or two. Pretty important point for Wave investors to consider and understand. Jeff
Much like the Cheveron deal a couple years ago. Jeff
bbigtim: So when would you project HP to offer the Seagate FDE drives? We know they will right? When do you think they will? When they do, what's your opinion relative to switching to Wave's product offering? Jeff
Barge: Again you're dead on here. The fact is, HP hasn't lost a dime of revenue or a tenth of % of market share to Dell for not going with Wave's full TPM software solution as of yet. In fact, the've surpassed Dell as the #1 pc OEM in the world even though Dell went with Wave's TPM's software solution over a year ago?! HP still has some time before they will be required to jump on board and ride the Wave. HP IMO has played the timing of this perfectly thus far. We know they're a founding member of the TCG and they know exactly what they need to do and when to take advantage of the new Trusted Computing market which is sure form up here soon. I wouldn't go as far as to claim HP and Dell are timing anything "together" but I would be amazed if HP gave Dell even a month head start on the TC market once it began to generate any reasonable revenues. That includes FDE. Competitive companies fighting in a new competitive market. Nothing new here. Jeff
Barge: I completely share your opinion and always have. CM's recent posts on set top boxes.... Where Intel (Intel viiv) and Microsoft (Microsoft spotlight, Xbox 360) seem to be heading with their new technologies.... The High Def factor as it relates to subscriber based downloadable content.... I'm with you that Steven has never taken his eye off the ultimate prize. Will FDE make you and I feel better in the meantime? Absolutely! But at the end of the day I still believe there will be a service offered (probably from one or both of the above companies) that everybody will simply have to have. Could it be offering movies that open to market to be downloadable the very same day their released to theaters? Who knows? But it sure looks as if almost all the required products are already (or soon to be available) to make this scenario very feasable. Jeff
New wave: I completely agree. FDE will be big and will bring the much needed short term revenues but Microsoft Server 2008 will be thye cake rather than the icing. Jeff
Virtualization will become a major reality with Microsoft Server 2008. Wonderful seeing all the VT components come together. Awesome seeing Wave as the tie that binds. Jeff
Compliance ‘Laggards’ Face Most Financial Risk from Data Loss, Report Shows
July 20, 2007 - Linda McGlasson
Risk Management
The latest report by the IT Policy Compliance Group finds that nine of ten companies are exposed to financial risk from data losses and thefts that can be cost-effectively avoided. The report, “Why Compliance Pays – Reputations and Revenues at Risk,” finds the majority of the 475 firms surveyed must contend with six to 17 business disruptions and five to 22 instances of losses or thefts of sensitive information each year. Those firms with the best IT compliance results have, at most, two disruptions annually.
“There are two real key findings from this ongoing report for financial institutions. We are finally able to quantify publicly reported data losses, (this data was also checked from historical databases as well). Financial risk for losing data is absolutely huge, compared to the amount of money being spent on compliance and data protection,” said Jim Hurley, a senior research manager for Symantec and senior director of the IT Policy Compliance Group.
“The second key finding is, and we stumbled onto this by accident, is the relationship between compliance and data loss. How well (or poorly) a company does compliance, and how well (or poorly) they’re doing on data loss, we found a relationship between the two,” Hurley noted.
“I expected a normal distribution, a normal spread like what we see in the rest of the world of compliance. But it’s a one to one mapping between the two. At first I thought the numbers were skewed, but we checked them and they are right. I expected a different distribution, but across the entire universe of companies, this distribution rings true,” Hurley said. The companies that are doing well in compliance efforts are suffering far fewer data loss events and base business disruptions.
Notably, Hurley said, financial and accounting service industry sees more “compliance laggards.” This number is higher by about 5 percent of the rest of population at large. “The banking industry matches the entire population, they don’t do any better or any worse than the rest of the industries in the survey,” he explained.
Key Findings
Most organizations are exposed to financial risk from data loss and theft
Nine out of ten firms are not leveraging compliance and IT governance procedures that could help mitigate financial risk from lost or stolen data. Benchmark results include:
Lagging organizations—2 out of 10—have the most to gain.
Normative organizations—7 out of 10—can reduce substantial financial risk.
Leading organizations—only 1 out of 10—are well positioned.
Compliance leaders have the fewest business disruptions
Firms with the best IT compliance results have the least business downtime from IT security events. Findings show:
Compliance leaders have only two or fewer disruptions annually from IT security events.
Compliance laggards experience 17 or more disruptions a year from IT security events.
Compliance leaders have the least data loss and theft
Firms with the best IT compliance report the fewest data losses. Results include:
Compliance leaders have two or fewer data losses or thefts of sensitive data annually.
Compliance laggards have 22 or more data losses per year.
Probability of a financial loss: Not if, but when
Financial loss will occur with data loss and theft. The question is when and by how much. The probability of making the front page of the paper for a data loss or theft is:
Once every three years or sooner for compliance laggards
One every 42 years or later for compliance leaders
Financial risk and loss are significant enough to manage
The expected financial risk for publicly disclosed data loss and theft is matched by limited actual experience. Financial risks include:
An 8 percent decline in the market value of a share of stock for publicly traded firms
An 8 percent loss of customers
A temporary decline in revenue of 8 percent
Additional costs for litigation, notification, settlements, cleanup, restoration, and improvements averaging $100 per lost customer record
Returns are high
Due to high financial risk and relatively low spending on compliance and data protection, returns on spending for compliance and data protection are high:
Start at about 100 percent on the low end
Easily exceed 1,000 percent for higher returns
Best practices to improve results: Follow the leaders
The benchmarks identify practices being implemented by leaders that dramatically improve IT compliance results, markedly reduce business downtime from IT security events, substantially reduce incidents of data loss and theft, and reposition these firms for lower financial risk. Such practices include:
Implementing more of the appropriate IT controls
Reducing control objectives, making it easier to communicate, measure, and report
Establishing higher standards for performance objectives
Encouraging a culture of operational excellence in IT
Monitoring, measuring, and reporting controls against objectives at least once every two weeks
Allocating more funds to control automation
Even if not disclosed publicly, the likelihood that a data breach generates negative publicity is proportionally higher for companies with poor IT policy compliance programs. The report finds the probability of making headlines for a data loss or theft is once every three years for compliance laggards, but only once every 42 years for compliance leaders.
“The report itself validates what companies have been striving to accomplish. All too often companies are implementing controls more from a compliance standpoint than from a due diligence standpoint. But taking the results of this report, it validates the justification that companies are looking for when they spend money on compliance controls,” said Rocco Grillo, managing director at Protiviti, a technology risk consultancy.
“When you can bring this type of validated data to the table, this is the type of data that your executives are looking for. Most IT organizations already know where their vulnerabilities exist, but it’s the cost of the countermeasures that is the struggle. By having data like this to substantiate it, it establishes a business case for spending,” Grillo concluded.
This new research from the IT Policy Compliance Group also includes several recommendations for developing and implementing more effective IT policy compliance controls, and is available at www.itpolicycompliance.com.