by Steff Gelston

Trendlines from 5/01/08: New, Hot, Unexpected

Apr 29, 20089 mins

In this issue: Google and privacy; The wait for EMR; Online litter; Security and virtualization; CIOs seek smaller companies; and Fan-cooled PCs.

Google Gears Up Privacy Push

Google is working with other companies to push consumer privacy legislation in the U.S. Congress and will work with the Federal Trade Commission to fine-tune online advertising principles that the agency proposed in December, say the company’s top privacy executives.

Google is also reaching out to privacy advocates in an effort to allay concerns about its acquisition of online advertising vendor DoubleClick, company officials say.

Google has focused on three key principles: transparency of privacy policies, security of data and user choice, and control over data use, says Nicole Wong, Google’s deputy general counsel. “People don’t like binary choices about how to use data. They want to be [online] on their own terms.”

In March, Google hosted a meeting of the Consumer Privacy Legislative Forum, a group of companies focused on getting a consumer privacy bill passed by Congress. The group doesn’t expect legislation to pass this year but is working toward consensus on privacy issues. Google also plans to file formal comments about the FTC’s proposed privacy principles for online behavioral advertising, says Peter Fleischer, Google’s global privacy counsel. Google supports the FTC, Fleischer says, but it will raise some questions.

For example, the FTC has asked for comments on what constitutes “sensitive data” and whether it should prohibit its use. An anonymous search on Google for healthcare providers that treat AIDS may be sensitive, but it’s not personally identifiable, says Fleischer. In most cases, IP (Internet Protocol) addresses are not personally identifiable—websites cannot connect IP addresses to individuals in most cases.

The debate over personally identifiable information is the “hardest question” in privacy, Fleischer says. “There’s a gray area, and that’s what we’re struggling with,” he says. Asked if Google’s DoubleClick acquisition threatens people’s privacy, he says one issue was lost in the debate: DoubleClick doesn’t collect personally identifiable information when it serves ads.

Privacy groups unsuccessfully pushed the FTC to reject the DoubleClick deal, saying the combined company would hold massive amounts of personal data. Privacy advocate Jeff Chester, executive director of Center for Digital Democracy, met with Google in March. He praised Google for having “thoughtful” employees willing to discuss the issues but said it doesn’t seem to understand the privacy concerns that are part of the DoubleClick deal.

-Grant Gross

Diagnosis: EMR Implementation Lags

While electronic medical records (EMRs) have gained ground in recent years with physicians and patients, implementation of these systems still lags, according to a survey of the members of the College of Healthcare Information Management Executives (CHIME). More than 120 CIOs took part. The survey found that although 80 percent of respondents said their organization strongly encouraged or mandated electronic physician documentation for inpatient care, only 18 percent had implemented the technology. Of those who did, 55 percent reported that less than half of their inpatient physician documentations were completed electronically.

Forty-two percent of respondents said their preferred documentation process was a set of structured inputs—a paper list of symptoms, for example—using forms in templates. Other processes included the use of structured technology and transcribed dictation (29 percent) and mainly free text entered by the physician (17 percent), along with “other methods,” including templates with voice recognition, structured input using forms with dictation and a mix of free and structured text.

Fixed workstations with laptops and computers on wheels were the main tools used to capture patient information. Exactly half of the respondents who use technology to capture this data employ voice recognition software; 8 percent used handwriting recognition software. CHIME members also offered suggestions for a successful EMR implementation. These included keeping physicians involved in the development of the tools, the need to phase in an implementation versus just flipping a switch and ample training time for users.

-Jarina D’Auria

The Litter on the Internet

Between 1 percent and 3 percent of all traffic on the Internet is meaningless packets of information, used in distributed denial of service attacks (DDoS) to knock websites offline. This is the finding of Arbor Networks, a network traffic analysis company that recently looked at traffic flowing between more than 68 Internet service providers to see how much of it was malicious. “The thing that’s surprising is it’s consistently 1 to 3 percent,” says Danny McPherson, Arbor’s chief research officer. “It’s pretty significant.” To purchase the bandwidth that Arbor tracked in these DDoS attacks, a legitimate user would have to pay hundreds of thousands of dollars per month, McPherson says. That’s not a problem for criminals, however, who use the network connections of their victims to attack others.

DDoS attacks are attempts to overwhelm the victim’s servers with routine Internet messages. Attackers send so many packets that the victim’s computers are unable to do their regular job. This has become a common occurrence in recent years.

Studying the data from about 1,300 routers over 18 months, Arbor found that the tidal waves of SYN or ICMP (Internet Control Message Protocol) packets used in DDoS attacks rarely dropped below 1 percent of all traffic and could easily rise to 6 percent during peak periods. Attacks drop off during Christmas and New Year’s, perhaps while the attackers are “hung over or expending their spoils,” McPherson wrote in a blog posting.

With spam now making up almost all e-mail traffic, there’s a considerable amount of junk clogging the Internet’s pipes. McPherson estimated that as much as 10 percent of the Internet’s traffic could be “raw sewage.”

-Robert McMillan

Plugging a Virtualization Security Hole

There’s no shortage of startup companies hawking virtualization management and security tools, but a new entrant, Altor Networks, has an interesting angle for IT leaders worried about virtualization security. Its debut product, the Virtual Network Security Analyzer, gives visibility into the data traffic between virtual machines—a security blind spot for people managing virtualized servers.

VMware and others have addressed myriad manage­ment and security features, but none offer visibility into or analysis of the traffic between multiple VMs. So while IT managers are able to get a look inside individual VMs, they have been blind to what one VM on one physical machine is trying to say to a VM on another physical machine. This presents real malware and compliance risks.

Altor has a unique offering, says Mike Montecillo, a security and risk management analyst with Enterprise Management Associates. “Gaining visibility into virtual networks has been difficult due to the fact that in most cases organizations are deploying physical appliances to monitor network traffic,” he says. Those appliances, designed to watch for risks on a physical network, don’t work with VMs. Nor can today’s firewall products see into virtual machine traffic.

Altor’s Virtual Network Security Analyzer will be sold as software inside a virtual appliance. “Our goal is to make the virtual network more secure than the physical,” says Altor CEO Amir Ben-Efraim. The software works with VMware ESX Server and will eventually support other major players, including Citrix XenServer and Microsoft. It will centrally collect data on all packets traveling between VMs and uncover risks such as port scans and unusual protocols. It also will create what Ben-Efraim calls a “baseline on your data center behavior,” then analyze traffic going forward, looking for unusual patterns.

-Laurianne McLaughlin

For Some CIOs, Small Is Beautiful

IT leaders are growing increasingly dissatisfied with their jobs. That’s a conclusion from executive search firm Harvey Nash’s latest survey of 258 CIOs, CTOs and senior- and mid-level IT managers.

They’re not unhappy because they’re not well-compensated. The survey shows that senior IT leaders’ base salaries are growing. They’re dissatisfied with their jobs because they see their influence waning.

According to the survey, the number of IT leaders who view their role as becoming “more strategic” within their companies had declined from 80 percent in 2007 to 69 percent this year. What’s more, the number of IT leaders reporting to CEOs is dropping, too. Only 29 percent of respondents call the CEO their boss. Finally, the number of respondents who are members of their companies’ executive management teams is also heading south, from 47 percent in 2007 to 37 percent.

Consequently, more CIOs are looking for a new job—28 percent, to be precise—and they’re more interested in joining smaller companies, says Anna Frazzetto, Harvey Nash’s vice president of technology solutions. “One thing I’ve noticed is that CIOs who are switching jobs are moving to smaller organizations, where they have more authority, more control and more power,” she says.

CIO magazine has also noticed a variety of IT leaders moving from big companies to smaller ones. Among them:

David Gutierrez was named senior VP and CIO of Protective Life. He most recently worked for ING Insurance Americas as regional CIO.

Michele Goins joined Juniper Networks as its CIO after serving as VP and CIO of HP’s imaging and printing group.

Tim Britt left his “uberarchitect” position at Harrah’s to become CIO and CTO at Las Vegas Gaming.

Mike d’Almada-Remedios gave up the CIO post at eBay and Shopping .com to join online realty company Move as its CTO

-Meridith Levinson

Hot Tech, Cool Chips

Fan-cooled PCs will soon be chillin’—and working faster. Researchers at Purdue University and Intel say they have developed heat dissipation technology that can significantly boost the performance of chip-cooling systems.

The researchers are developing ionic wind engines to work with current air-cooling technologies such as fans and heat sinks. The devices pass an electrical current to stir up stationary air molecules, leading to better airflow and dissipation of heat. “To date, we have demonstrated that the technology can enhance fan cooling by more than 200 percent,” says Purdue University professor Suresh Garimella, who is also a project researcher.

Current air cooling technology is attractive because of its cost advantages and ease of implementation. However, fans and heat sinks can’t manage all the heat chips generate. Ionic wind engines can be placed on a chip or a laptop to complement existing air-cooling technology to better manage heat dissipation, Garimella says. “The ionic wind technology we are developing is designed to work in addition to conventional fan-driven methods,” Garimella says.

Ionic winds are generated when electrically charged atoms stir up stationary air molecules. When a current flows from a negatively charged electrode to a positively charged one, it collides with air molecules, producing positively charged ions that move back toward the negatively charged electrodes, creating an ionic wind. When the ionic wind gets the air molecules moving, the airflow on the chip surface increases, leading to better heat transfer and dissipation.

The researchers are trying to miniaturize the millimeter-scale devices to micron-scale dimensions. “We are dealing with challenges to demonstrate the viability of the technology at the micro scale, and these must be overcome before the technology can be brought to market, at least for the chip-cooling arena,” says Garimella.

-Agam Shah