Monday, May 28, 2012

The New Normal For Hard Drive Prices

Hard Drive Market Share (by units) & Consolidation CY2011
In our 2011 end of year message we touched on problems in the hard drive supply chain due to the serious flooding in Thailand starting late July 2011 and running through the rest of that year. At the time, the expectation would be that we would see prices return to normal in Q2 or 2012. It now looks like hard drive prices will not return to pre-flood levels. The evidence is that higher hard drive prices are "the new normal".

Consolidation in the hard drive industry, coupled with a prolonged period of low margins most likely means that prices will not return to their previous levels. So if you have been holding off on a storage upgrade, there is little incentive to keep waiting. The hard drive market has seen at least 2 rounds of mass extinction or consolidation over the last 20 years with tens of companies exiting the market, leaving just 3 manufacturers standing. Together Western Digital and Seagate have 87% of the market leaving Toshiba a distant 3rd. Nobody is investing $500M to build a new factory in order to lower their manufacturing costs and put one over on the other 2 guys.

While the take-up of SSDs continues in mobile devices (laptop, tablet), and they make an appearance in the enterprise as specialist devices or as a thin tier above enterprise SATA/SAS drives, "spinning rust" will continue form the bulk of all storage shipped in terms of Terabytes for as far out as anyone is brave enough to predict. Seagate has publicly stated it will be able to produce a 30-60TB 3.5-in. hard drive by 2020.

As an aside, anyone who has waited for a RAID5/6 rebuild on an array of full 1TB drives will know, increasing data density without increasing interface speed brings its own challenges, as does silent data corruption and the need to counter it . If you are worried about either of these problems then we can help you avoid them!

If you need to get more performance from your existing storage, or are struggling with data volumes, or if you simply require impartial advice ahead of making a purchase from one of the big storage vendors, we can probably help you. 360is has experience with environments of all sizes and have completed successful projects with most of the major vendors including  NetApp, EMC, Hitachi, HP, Sun/Oracle, Dell, 3PAR, Datacore, Westek, and Nexenta. Get in touch to get ahead of your storage problems.

Tuesday, May 08, 2012

360is Guide to Understanding, Commissioning, & Maximising Value from Penetration Testing or Security Assessments


Clients often contact us while weighing up the value of getting a Security Assessment or Penetration Test. Whether it's a recent breach, compliance obligation, the regulator, or auditors that trigger the inquiry, we find ourselves repeating similar advice during those initial conversations. Their questions may be familiar to you;
  • What exactly is a Penetration Test?
  • Is it any different from a “scan” or a “vulnerability assessment”?
  • What will it really do for us?
  • What do we do with the results?
  • How do I evaluate different companies offering this service?
  • Why can’t I get a consistent budgetary cost from the market?
We've recorded the answers to these questions and more in one place, using consistent language,  in a way that can be understood by both IT and non-IT professionals alike. Whether you are a systems administrator, or a CSO (more likely in the UK, IT Director/Manager) you will be able to use this guide to reduce the time taken to protect your assets, meet your business needs, and keep the customer/auditor/regulator/boss happy.
Aren’t there already countless guides, papers, and articles on Penetration Testing and security? Certainly. However, most of them are years old, focused on (or written from) a non-UK perspective, or are difficult for non-technical readers to understand. Our guide is different.
  • UK & European perspective: While you can find an abundance of articles discussing Penetration Testing within the context of HIPAA, SOX, and FISMA, scarcely a nod is given to UK and European regulations and standards. Hackers may not respect geography, but your organisation still has to.
  • Up to date: While technical details of vulnerabilities have changed, sysadmins, programmers, and engineers are still making many of the same mistakes now as when we did our first assessment in the mid 90s. However, language changes, an organisation’s view of IT changes, as do end-user working practices. This document reflects that, taking a contemporary view of the subject.
  • Non-technical: Couched in ordinary terms the business can understand, this guide avoids much of the technical jargon that makes other articles heavy-reading for those whom IT security is not their full time occupation. While the skills employed may be highly technical, we can’t lose sight of the business problems being solved.
We hope this guide will help many of our clients and future clients get the most from a Security Assessment/Penetration test (whether provided by 360is, our contemporaries, or your own IT security team):

Penetration Testing Guide, Part 1.
An Introduction to Penetration Testing. [PDF]
Penetration Testing Guide, Part 2.
Selecting A Penetration Testing Company. [PDF]
Penetration Testing Guide, Part 3.
Maximising Value From A Penetration Test. [PDF]
The Consolidated Penetration Testing Guide.
Parts 1,2, and 3 all in one document. [PDF]
Parts 1,2, and 3, text only, academic, no commentary. [PDF]

There will always be something missing from such a document; specific relevance to your particular situation. Get in touch to complete the picture. 360is is a company where you can talk to a client account manager who can get a consultant on the phone, without prior arrangement and without running the meter. Contact Us.

 Update 24-05-2012

For further information on 360is Penetration Testing Services, bookmark our Penetration Testing Homepage.