What to Expect from Giants of Console Gaming in 2015

Posted: March 20, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , | 1 Comment

gamer logoI’ve just finished a feature on the console gaming market which was just about as far out of my comfort zone as you can get.

Still, it’s always good learning about new areas of technology, so here’s what I have surmised over the past few days:

  • Sony and Microsoft rule the roost. Nintendo will never gain parity as long as its selection of third party titles is so poor.
  • Sony’s PS4 won 2014, but Xbox One hit back in the last two months of the year thanks to discounted pricing
  • Both of the big boys have copied each other’s strategy at times; in engaging with the gamer geek and “bedroom coder” community and in trying to tie up exclusive third party title deals.
  • There’s pretty much nothing to separate the two hardware wise, which is why there’ll be some increasingly aggressive deal-making going on with third party developers in the coming years.
  • As IDC Retail Insights head of Europe, Spencer Izard, told me, there are only two things gamers really care about: “how many of your friends are using my console and am I getting the best content.”
  • The future will eventually shift towards online downloads, although not until there’s a critical mass of users. Only then will the console giants feel they can take retailers on and undercut them on price with downloads.
  • In developing regions this shift will take far longer, as broadband infrastructure simply isn’t up to the hefty downloads necessary.
  • However, last year actually saw “a significant increase” in spending on digital transactions for games, according to IHS head of games, Piers Harding-Rolls. “Part of this is to do with the early adopters who are currently very active digitally on the latest consoles, part of this is to do with the day and date release of new releases alongside boxed product in the retail channels and part of it is to do with the ability to use more efficient monetisation models in the digital space,” he told me. “In this context we have seen more open ended spending opportunities emerge on consoles during the last few years driving up monetisation.”
  • The rise of smartphone and tablet-based gaming represents a real challenge to the console players
  • In China, like Korea, Sony and Microsoft have just been too late to make a difference. The market is either swamped with pirated clones or dominated by PC gaming. Regulators will also be hard to please in terms of software content.

And there you have it. All you need to know about console-based gaming in a few media friendly sound bites.

Beware the ‘Glocals’ if you’re Planning a Career in Asian IT

Posted: January 30, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , | Leave a comment

foxconn workerI’ve just finished a piece for IDG Connect looking ahead to job prospects in Hong Kong and China for ex-pat IT pros in 2015. As usual, it’s a mixed bag.

On the one hand the jobs market is booming and there are plenty of vacancies. The Harvey Nash CIO Survey of 2014, for example found 76% of Hong Kong and China CIOs were concerned about a technology skills shortage. A further 42% said they were planning to increase headcount last year and APAC MD Nick Marsh told me by email that he “expects to see that demand continue” this year.

Skills particularly in demand, he said, are big data, mobile, cloud and digital, although more traditional areas are also important. “Fundamental areas such as project management, enterprise architecture, and business analysis are still the top areas of skill demand,” he said.

Candidates with leadership capabilities and “exceptional communication skills” as well as those who can demonstrate an ability to innovate will be favoured.

However, Marsh also warned that employers in the region are increasingly likely to favour “glocals” – that is, locals who have overseas education and/or experience.

This is bad news for the ex-pat IT job seeker looking to land a plum job in China or Hong Kong.

“Candidates should focus on the strength of their understanding of the local market, customers, and their industry,” Marsh advised. “This understanding is critical, and without it they are likely to lose out to local or ‘glocal’ talent.”

More bad news came in the form of a recent Regus study on office stress in Hong Kong and China.

It found that in Hong Kong, working to deadlines (24%) was rated stressful by a far higher percentage than the global average (14%), while “colleagues” (11%) was more than double the global norm of 5%.

Unreliable or obsolete technology (26%) and a lack of staff (28%) were also major factors.

“When employees don’t have a good work/life balance, they feel overstretched, unhappy and, ultimately they become less productive,” Regus Hong Kong country manager Michael Ormiston told me. “Flexible working can alleviate some of the pressures that create stress, while at the same time reducing a company’s costs.”

Given that most employers in China and Hong Kong are putting ex-pats on local packages these days, a move out East is becoming less and less attractive to Western IT professionals. It might be worth staying put for the time being.

Cameron on a hiding to nothing if he really does want encrypted comms ban

Posted: January 15, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | Leave a comment

whatsapp logoThis week, prime minister David Cameron seemed to indicate that if he is elected this May he’ll do all he can to ensure strongly encrypted communications are banned in the UK.

Well, that’s the gist of what he said. More correctly, he made it clear that no form of comms should exist where, in extremis, the security services can’t eavesdrop on private conversations – to stop criminals, terrorists etc.

His comments have been widely criticised in the media and by the technology industry, and rightly so.

Although others including the FBI, US attorney general Eric Holder and even Europol have voiced concerns about encrypted communications, none have gone as far as Cameron – who is now apparently off to the US to try and get support for his plans from Barack Obama.

A few thoughts sprung to mind as I reported on this breaking story:

  • If Cameron thinks he can take on the might of Apple, Google et al over this, he’s mistaken.
  •  His comments are at odds with European security agency Enisa which has just released a document praising encryption and calling for MORE privacy enhancing technologies (PETs), not fewer
  • There’s no evidence that the Paris attacks would have been prevented if encrypted comms were banned
  • The UK’s burgeoning tech industry will suffer
  • UK business will react angrily if they can’t use strongly encrypted comms, as will UK entrepreneurs –  it’s sending out a dreadful signal to potential investors in our supposedly liberal democratic country. Also, these are exactly the sort of traditional Tory supporters Cameron needs on side.
  • If encrypted comms were banned, or backdoors were engineered into products so the security services could access them if needed, the bad guys would eventually find a way of exploiting them too.
  • Terrorists and criminals will continue to use encrypted comms, downloaded from regions where they are still legal.

Sophos global head of security research James Lyne summed up the whole farce neatly in comments he sent me by email:

“Even if regulation was brought in to force legitimate companies to use encryption the government (in extremis) could intercept, unless they plan to build a great firewall of China (but even bigger and better – or sinister) to prevent people getting their hands on open source tools available in other countries it isn’t going to stop the darker side of the net from using it,” he told me.

“At the end of the day, terrorists will use any tools at their disposal to communicate, so this is unlikely to solve the real problem. The intention behind the statement was likely a little different to the way in which it has appeared but the suggestion as it stands would do the UK more harm than good and clearly lacks insight into how the internet works or how such controls might be implemented.”

Did North Korea Really Hack Sony?

Posted: January 8, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , | Leave a comment

kim jong unNot for the first time, official law enforcement is at odds with certain sections of the information security industry on the attribution of a particularly high profile cyber attack.

The case, of course, is the destructive hit on Sony Pictures Entertainment which not only forced the movie giant to close its entire network for over a week, but also led to embarrassing internal documents and communications leaking online.

Oh, and the movie which is said to have started it all – The Interview – was virtually withdrawn from North American cinemas after distributors feared for the safety of movie-goers.

On one side it’s the Feds, who believe North Korea was responsible for the attack. On the other, industry players who believe a disgruntled insider – possibly with help from others – was to blame.

FBI director James Comey this week claimed that the hackers in question got “sloppy” a few times and forgot to use proxy servers to hide their true location, revealing IP addresses used “exclusively” by North Korea.

“They shut it off very quickly once they saw the mistake,” he added, according to Wired. “But not before we saw where it was coming from.”

The agency’s “behavioural analysis unit” has also been studying the Guardians of Peace – the group claiming responsibility – and deduced that it displays many of the psychological characteristics of North Korean operatives, he added.

The Feds have already claimed that some of the code in the malware used in this attack had been previously developed by Pyongyang, and that some of the tools used were also deployed in the DarkSeoul attacks of 2013.

So far so clear? Well, not quite according to security consultant and Europol special advisor, Brian Honan.

“What was interesting is director Comey also stated they have not yet identified the original attack vector. So this makes it even more difficult to attribute who is behind the attack and makes it more important that the FBI and Sony provide assurances regarding their attribution, particularly given that this attack is resulting in diplomatic action impacting international relations,” he told me.

“It would also be useful for many other companies to have sight of the IP addresses that were used in this attack so they can add them to their own defensive measures to prevent attacks from those IP addresses against their networks and systems.”

This scepticism has been echoed throughout sections of the information security sector – with experts claiming that attribution is tricky at the best of times and that the Feds would be wise to hold fire until a detailed forensic examination has been undertaken.

US security vendor Norse, for example, claimed last week that any evidence linking North Korea to the attacks was purely circumstantial and that an investigation it undertook pointed to the involvement of a former employee.

Part of its reasoning is that the names of corporate servers and passwords were programmed into the malware fired at Sony, which would indicate an insider’s involvement.

Another sticking point is the motivation of North Korea. If it did carry out the attack in retaliation for The Interview, which lampoons the Kim Jong-un regime, the Guardians of Peace online missives didn’t even mention the movie until the media began pegging it as the cause.

It certainly wasn’t mentioned when the group were trying to extort a ransom for the stolen data online.

In the end, we’ll have to assume the Feds have more up their sleeves than they’ve admitted to right now if we’re to be convinced about the link to Pyongyang.

“Such information need not be shared with others as it would expose valuable intelligence sources, however knowing that is what is reinforcing the FBI’s claims would help those of us in the industry to accept those claims,” said Honan.

“The FBI do have very skilled technical individuals on the case which are no doubt supplemented by Sony’s own staff and any of the private computer security companies engaged by Sony. However, analysing log data and forensics takes a very long time so I would not be surprised to see additional details come out at a later stage.”

2015: the Year of the Mobile Messaging Wars

Posted: December 15, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , | Leave a comment

whatsapp logoI’ve just finished another piece for IT Pro in Hong Kong covering the intensifying battle between WhatsApp and the slew of Asian mobile messaging firms in the chasing pack.

It’s shaping up to be an exciting 2015 for those in the space as these platform players look to differentiate in an increasingly crowded market, while the telecoms operators struggle to recoup the cash they’re losing from decreased SMS and voice call revenue.

Canalys analyst Jessica Kwee was quick to point out the pressure these traditional telecoms players are under.

“SMS/texting in the traditional sense has been impacted greatly, especially as people see more value in messaging apps – as in many cases they are considered ‘free’ as they are part of the data plans,” she told me via email.

“Plus, messaging apps are also more flexible and can handle more than traditional texting – no character limits, and on opposite spectrum, you don’t feel obliged to try to use up the character limit either, so it’s easier to text something very short and quick. Also, there’s the ability to communicate in groups, send pictures, videos, voice notes, emoticons, etc.”

However, there are some opportunities for operators.

“People will increasingly rely on an always-on connection and not be able to just rely on wi-fi at home or at work, as they will want to be connected all the time,” Kwee explained. “So even though it is much more difficult to get people to spend a lot of money on expensive data plans, especially in price-conscious markets, it could be a compelling alternative where telecoms provide cheaper data plans to exclusively use such apps.”

Frost&Sullivan principal analyst, Naveen Mishra, added that adoption of mobile messaging apps has soared over the past 12-18 months thanks to their added functionality and free price tag.

“Increasing smartphone penetration and growing internet adoption is driving this usage. Emerging markets like India, are growing extremely fast, both in terms of adoption and usage,” he told me.

“Between May 2014 and Oct 2014, WhatsApp’s monthly active users grew from 50 million to 70 million, which is 10% of the total user base. The next 3-5 years are also looking very promising, as key emerging markets have large opportunities of growth. In India alone, there are over 930 million mobile subscriptions out of which only 70 million are current WhatsApp users.”

As for the various market players, success will come down largely to innovating with new features.

“All the OTT application companies are constantly trying to innovate, however the success of the application largely depends on the value a new feature brings in,” he said.

“Line has tied up with LG Electronics, where through its chat session, LG appliances can be activated and controlled. On the other hand, WhatsApp is working on a voice calling service, which is expected to be launched in early 2015.”

Censor much? What to expect from the Great Firewall in 2015

Posted: November 21, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , , | Leave a comment

chinese flagI’ve been speaking to anti-censorship organisation Greafire.org about online freedoms in China and what we’re likely to see in 2015. It makes for pretty depressing reading.

First of all, the app market will see an ever-tightening regulatory regime following new regulations passed in October, according to co-founder Percy Alpha.

“I fear that in the future, apps will be like websites, i.e you have to get a license before publishing any,” he told me by email.

Then there’s the current trend for Man in the Middle attacks as a way to monitor and block access to various online services and sites.

The Great Firewall has already tried this tactic on Google, Yahoo and iCloud to name but three. It’s the only way the authorities can see what people are up to once a site switches to HTTPS.

The smart money is apparently on more of these attacks in 2015, but increasingly focused on smaller sites so as to not arouse much media attention.

The Chinese authorities have also been going after Greatfire itself of late, proof the anti-censorship group must be doing something right.

Their mirrored sites, which allow users behind the Great Firewall view blocked content, have been a minor irritant to the authorities until now. But since last week Beijing upped the ante in two astonishing moves against the content delivery networks (CDNs) Greatfire uses.

The first resulted in EdgeCast losing all service in China – which could mean tens of thousands of sites affected. Then another swipe took out an Akamai subdomain also used by HSBC. The result? Its corporate banking services became unavailable. It just shows the lengths the Party is prepared to go to control the flow of information.

The last word goes to co-founder Charlie Smith:

“I think we will continue to see the kinds of crackdown we have seen this past year. I think that for a long time, many optimists have said, give the authorities some time, restrictions will loosen up and information will flow more freely. If anything, the exact opposite is happening – I’m not sure why people seem to make comments otherwise.

 If anything, I think the authorities will take censorship too far in 2015. They will push the Chinese over the limit of what they are willing to tolerate.”

China’s state-backed hacking plans for 2015

Posted: November 7, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , | Leave a comment

chinese flagI’ve just been putting together a piece for IDG Connect on tech predictions for China and Hong Kong in 2015. It’s always difficult to fit in all the comment I manage to get on these pieces, so here’s a bit more on the cyber security side of things, from FireEye threat intelligence manager Jen Weedon.

The long and the short of it is “expect more of the same” from China. The US strategy of naming and shaming PLA operatives ain’t really doing much at all.

“In the next six to twelve months, targeted data theft by China-based actors is likely to remain consistent with patterns we have observed in the past,” Weedon told me by email.

“We expect Chinese threat groups to conduct espionage campaigns that are in line with the Chinese central government’s political and development goals.”

So what exactly will these goals be in 2015? Well, according to Weedon we can expect data theft to focus on climate change and the tech sector.

“China’s ongoing pollution challenges provide strong incentive for threat actors to steal data related to technologies that can help China stem the environmental impact of its heavy reliance on coal,” she said. “We also expect cyber espionage activity against governments and policy influencers in the run-up to the 2015 UN Climate Summit as China seeks intelligence to enhance its negotiating position on global climate policy issues.”

As for the tech sector, China is stepping up its efforts to develop homegrown computing and semiconductor policies – ostensibly for reasons of national security, ie to close down the risk of NSA backdoors in US kit.

“As the country pursues these goals, we anticipate Chinese actors will leverage data theft to supplement knowledge acquired through legitimate channels such as joint ventures with experience foreign partners,” Weedon told me.

“We regularly observe China-based threat actors target firms engaged in joint ventures with Chinese enterprises.”

Territorial disputes in the South and East China Seas will also continue to drive cyber espionage activity, she said.

As for beyond that, we’ll just have to wait until after the National Development and Reform Commission (NDRC) outlines development priorities for the 13th Five Year Plan.

“As the central government solidifies its goals for the 2016 to 2020 timeframe, we expect further clues to emerge about which topics are likely to enter threat groups’ cross hairs in 2015 and beyond,” said Weedon.

It’s very much a question, therefore, not of whether China will continue its blatant state-backed cyber espionage campaigns, but where it will focus its considerable resources.

AWS an increasingly important tool for web app attackers

Posted: October 9, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , | Leave a comment

amazon web services logoIt should come as no surprise that the web application layer is one of the most vulnerable and highly targeted in any IT organisation. The latest report from Imperva I’ve just covered for Infosecurity Magazine, bears that out, and adds some interesting new insights.

Did you know, for example, that public cloud platforms like Amazon Web Services are increasingly being used by cyber criminals to launch such attacks?

According to Imperva, 20% of all known vulnerability exploitation attempts aimed at its customers came from AMS servers – that’s a pretty sizeable chunk.

Director of security research at the Israeli firm, Itsik Mantin, told me part of the reason:

“The ability of the attackers to utilize cloud services to mount their attack, makes it easier for them to carry out longer campaigns, and thus they can scan for more vulnerabilities in more pages in the target application,” he said.

Another point of note from the report is the continued growth in SQL injection attacks – up 10% since the last report – and the less well known Remote File Inclusion (RFI) attacks, which have increased 24%.

So what’s to blame? Well not necessarily bad coding, according to Mantin.

“Applications have become more complicated, with more pages and more functions, relying on more third-party modules that are hard to control, and thus the size of the attack ‘domain’ grows over time,” he explained.

Mantin also pointed out that the attack incidents analysed in the report included attacks that were detected and prevented.

“Thus the numbers in the research indicate more the attacker’s intention and less the vulnerability of the applications,” he said.

It’s finally time for governments to get all cloudy eyed.

Posted: September 24, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , | Leave a comment

cloudI’ve just finished a piece for a client charting the progress of cloud computing projects in the public sector around the world and I’ve got to say, it makes pretty miserable reading for the UK.

Despite the launch, to great fanfare, of the G-Cloud project a couple of years ago, awareness among public servants seems pretty low still and sales not exactly setting the world alight – G-Cloud vendors brought in £217m in July, rising to just under £250m the month after.

That said, we’re a small country, and things are looking up. The technology is mature enough and use cases are starting to spring up all over the place, which will speed adoption. However, long term outsourcing contracts are still impeding the development of cloud projects, according to Nigel Beighton, international VP of technology at Rackspace – a G-Cloud vendor.

“The public sector’s move to the cloud is still in its infancy, and I applaud what Liam Maxwell and the whole G-Cloud team are trying to do. But it will take time,” he told me via email.

“Over the past few years the cloud has matured and grown, and is now able to do just about everything you need it to do. For public sector agencies that are yet to make the move to the cloud, one of the main benefits is that it offers great flexibility and that they won’t be locked into one provider. There are also many parts of the sector that are hit with large peaks in their service at certain times of the year, and they could really benefit from a pay as you go, or utility, cloud-model.”

Over in China there is no such reticence, mainly because many public sector bodies have no existing legacy contracts/infrastructure to encumber them. I remember EMC’s Greater China boss saying as much a couple of years ago in Hong Kong and it’s still true, according to Frost & Sullivan’s Danni Xu.

She said the central government threw RMB 1.5bn (£150m) at public sector cloud development in the five major Chinese cities in 2011. Then local governments – many with more money than some countries – followed suit: witness Guangzhou Sky Cloud Project, Chongqing Cloud Project, Harbin Cloud Valley Project and Xian Twin Cloud Strategic Cloud Town Project. An ecosystem similar to that which has grown up in the UK, US and elsewhere, has developed around this new investment, she told me.

“The formation of a more complete cloud ecosystem has benefited local enterprises and local government in many ways. With plenty of cloud offerings available in the market, the public sector itself has also emerged as an important spender for cloud services, among the various vertical sectors,” Xu said.

“For instance, the Ningxia municipal government works with AWS on building a large-scale data center in the region. Meanwhile, it will also leverage Amazon’s platform to deliver e-government services in the future.”

Forrester analyst Charlie Dai counselled that most public sector projects in China are still private cloud based, at least when it comes to SoEs.

“The government is also trying to strengthen the control and regulate the market,” he added.

“The China Academy of Telecommunications Research of the Ministry of Industry and Information Technology (MIIT) launched official authorisation on trusted cloud services (TRUCS) for public cloud early this year.”

Quelle Surprise.

What is obvious, in China as in the UK and elsewhere, however, is that we’re only at the beginning of a very long journey. Whether it takes 10 or 50 years, the cloud is ultimately where governments around the world will look to in order to work more productively and deliver public services more efficiently.

Is NATO about to make cyber war a reality?

Posted: September 3, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | Leave a comment

nato meetingThis week I’ve been looking at the news that NATO’s set to ratify a new cyber policy which first made public back in June. So far, so boring you might think.

Well, actually this one is pretty significant in that it seeks to extend Article 5 – the collective defence clause that if someone strikes at one NATO member they strike at them all – to the cyber world.

In doing so NATO is going further than individual governments in trying to establish international principles that a cyber attack can be considered the same as a traditional military strike.

However, the chances of the alliance actually invoking Article 5 are pretty slim – as KPMG cyber security partner Stephen Bonner told me it has only happened once before, after 9/11.

“The reality is that few cyber attacks are likely to be of sufficient scale and impact to justify invoking Article 5 – and they would not happen in isolation from a broader deterioration in international security. In other words, if there was a state attack then it would have a broader context,” he added.

“This announcement is primarily a rhetorical point which is possibly aimed at having a deterrent effect.”

That said, I think it’s still an important step.

Some might argue that the lack of clarity around what would be considered an act of cyber war kind of diminishes its value, but as McAfee director of cybersecurity, Jarno Limnéll, told me, this is the right thing to do tactically.

“I think this is wise policy, spelling out a clear threshold would encourage adversaries to calibrate their attacks to inflict just enough damage to avoid retaliation,” he argued.

Elsewhere, consultancy BAE Systems Applied Intelligence also welcomed the news.

“Cyber criminals do not respect national boundaries so protecting national interests will require increasing international cooperation,” a spokesperson told me by email.

“It is therefore encouraging to see the increasing priority which cyber is being given in NATO’s agenda. This complements multiple other initiatives nationally and internationally to address a growing security risk and help secure the systems we are increasingly reliant on.”

The new policy will not just concentrate on collective defence clause, of course, and BAE also welcomed the increasing focus on intelligence sharing between member countries and with the private sector.

Whatever the efficacy of NATO’s move, it once again underscores the increasing importance being attached to cyber channels by politicians and military leaders.

As Limnéll said, these are necessary steps given the relative immaturity of the industry.

“We have to remember that we are just living the dawn of the cyber warfare era and the ‘cyber warfare playbook’ is pretty empty,” he told me.

“Most of the destructive cyber tools being developed haven’t been actively deployed. Capabilities to do real damage via cyber attacks are a reality but fortunately there has not been the will to use these yet. However, that is one option, as a continuation of politics, for countries nowadays.”

← Older Entries
Newer Entries →