How the Cloud and Big Data Might Help Win the Hacker Wars

Art_gilliland_hp-feature

Hewlett-Packard’s senior VP and head of its Software Enterprise Security Products, Art Gilliland, is speaking today at the RSA Security conference in San Francisco. Security is turning out to be one of those small but bright spots within HP in its long, slow but encouraging turnaround effort. During last week’s earnings conference call, CEO Meg Whitman said that security products within the software unit experienced double-digit revenue growth.

Whitman didn’t get more specific, and yes, that growth would have to be off a small base relative to the rest of HP. But I’ve been sort of positive on security as an opportunity for HP for a while. Remember that over the last few years, HP has beefed up its security assets via acquisition: It has TippingPoint by way of its acquisition of the networking company 3Com, and it also bought ArcSight, a security software firm.

So with this in mind, I had a quick chat with Gilliland a few minutes before he was to take the stage at RSA.

Gilliland said it’s time for the security industry to start thinking about ways that it can disrupt the steps in the process that attackers follow as they break into corporate systems and steal data. “The industry needs to focus on the adversary in a little different way than it has in the past. We spend a lot of time on the actors themselves, and we don’t spend enough time focusing on the marketplace in which they participate. That marketplace behaves in a very specific way.”

Attackers, Gilliland said, are good at sharing and monetizing intelligence, much better, in fact, than the security industry itself. Because of that, he suggests a few things.

First, build new capabilities to disrupt the attackers’ processes at every stage. “We spend most of our budgets on literally one step of their process. We spend five times more on the break-in stage than we do on any other stage,” he said. Disrupt all the steps in that process, he argued, and you make it more costly and difficult for attackers to do what they do.

Big Data can help focus on the other two areas. The second piece is finding attackers while they still have access to the system — that is, after they’ve broken in but before they’ve made off with whatever it is they’re trying to steal. “That’s the most damaging stage, and so we need to focus more energy there,” Gilliland told me. “We need to find them after they’ve gotten in but before they’ve stolen any data. As an industry, we’re pretty bad at that.”

Finally, he’d like to challenge the industry to harness the cloud and big data technologies to build a security- and intelligence-sharing infrastructure. Such an approach would help companies share the expense, while benefiting from each other’s experiences. “We could use those technologies for collective security. We can collaborate together, and big data allows us to consume massive amounts of data. If we do that effectively, I think we can win.”

Advertisements

Autonomy Founder Lynch Blames Accounting Standards in HP Flap

Mike Lynch says Hewlett-Packard has a problem with math. The founder and former CEO of the British software firm Autonomy says that at least some of the $5 billion written off by Hewlett-Packard earlier this week can be attributed to differences in international accounting standards.

In an interview with Reuters, Lynch, who was dismissed from running Autonomy by HP CEO Meg Whitman in May, says he’s gone through the books of his former firm and has found that differences between the accounting standards observed in the U.S. and in the United Kingdom can account for at least some of the differences in how things are interpreted.

Lynch made similar comments in an interview with AllThingsD Tuesday, though he hasn’t sought to put any numbers behind the contention.

Like most U.S.-based companies, HP followed GAAP, the Generally Accepted Accounting Principles put out by the U.S.-based non-profit Financial Accounting Standards Board (FASB). As a U.K. company, Autonomy had adhered instead to the International Financial Reporting Standards (IFRS) maintained by the International Accounting Standards Committee.

Lynch has maintained that differences in how revenue is recognized under the two systems leave a lot of room for interpretation in some of the matters in which he and his senior managers stand accused. One relates to licensing revenue. When a company bundles the cost of a software license, service and support into a single ongoing contract, GAAP accounting rules are more strict than IFRS rules in how the payments are accounted.

Answering one of the big accusations by HP, Lynch acknowledged that, at least some of the time, Autonomy did sell desktop machines with Autonomy software installed at a slight loss. In those cases, the customer would agree to help Autonomy market its product and, in those cases, the losses were recorded as marketing expenses. HP says that these improperly recorded hardware sales inflated Autonomy’s revenue by as much as 10 percent to 15 percent prior to its acquisition by HP.

Another difference:Cases where Autonomy would sell its software through 400 middleman companies known as Value Added Resellers (VAR), who turn around and sell the software as part of larger package deals. In Autonomy’s case, some of those VARs included both IBM and India’s Wipro. Under IFRS rules, a sale to a VAR can be booked as revenue before the resale takes place. Under GAAP, it’s not revenue to Autonomy until the resale takes place.

Lynch has also said that once HP took over at Autonomy, its own practices and bureaucracy slowed things down. Salespeople were paid commissions to sell products that compete with Autonomy, he said, but not for selling Autonomy products. On top of that, he accused HP of jacking up prices on the Autonomy software by 30 percent, driving loyal customers away.

He also said in numerous interviews that HP had “ambushed” him with all this, and that he had no idea what was coming. That’s not quite true, according to sources in HP’s camp, who say that the company had a conversation with him in mid-June, after a former member of Lynch’s senior management team is said to have come forward as a whistleblower. “He has been aware since then that we had questions about all of this,” one source told me. HP execs considered his answers to their questions to be “not satisfactory at all.”

At that point, I’m told, communications between HP and Lynch and other former Autonomy executives ended. After CEO Meg Whitman hinted, in remarks at an analysts meeting in San Francisco in October, that more restatements might be coming, certain former Autonomy executives started calling around to friends and former colleagues still working for HP, trying to find out what was coming. They had reason to expect a sizable impairment charge. What has apparently caught Lynch, et al, by surprise, is the referral to the authorities in the U.S. and the U.K. for possible criminal investigation. In the U.S., the FBI is said to be taking the lead.

One observation: Lynch tells Reuters he hasn’t yet lawyered up, which, if he hadn’t said it, would be pretty obvious anyway. Any lawyer worth their fee would have advised Lynch to stop talking publicly about all of this.

(Image of Jon Lovitz as “Master Thespian,” circa 1985. Yes, I’m dating myself.)

RELATED POSTS:

  • The Red Flags That Were Obvious – To Some – In the HP-Autonomy Deal
  • Oracle’s Ellison Vindicated in Autonomy PR Flap by HP’s $8.8 Billion Writedown
  • Autonomy Founder Mike Lynch Rejects HP Charges, Alleges Mismanagement
  • What Exactly Happened at Autonomy?
  • HP Explains Its $8.8 Billion “Oops”
  • HP Beats Street Amid Sales Declines, Takes $8.8 Billion Charge
  • HP Names Microsoft Exec Robert Youngjohns to Run Autonomy
  • Search Under Way at HP for Autonomy’s Next Chief
  • Autonomy’s Mike Lynch Talks About Being HP’s Speedy Tiger Cub (Video)
  • Britain’s First Software Billionaire Now Reports to HP CEO Meg Whitman
  • Oracle Launches Exalytics Machine, Probably Ending Spat With Autonomy
  • Autonomy: When All Else Fails, Blame the Bankers
  • Mike Lynch to Oracle: Oh, You Mean Those Slides
  • Oracle: You Have a Very Bad Memory, Mr. Lynch
  • HP Reportedly Close to $10 Billion Buyout of Autonomy, PC Unit Spinoff
  • Will Oracle and Microsoft Bid on Autonomy?