Virtuoso travel network picks Liquid Computing for data center

Virtuoso Ltd., an online network for luxury travel, recently chose a unified computing infrastructure from Liquid Computing instead of shopping for such technology from larger vendors, such as Hewlett-Packard Co. and Cisco Systems Inc.

"What made Liquid stand out was they had a background in the telecom industry and knew about [network] reliability," said Joel Chaplin, CIO for Virtuoso, in an interview. The company is based in Fort Worth, Texas, and has a data center in Seattle.

Virtuoso last year was researching ways to virtualize its data center, partly to prepare to increase its number of member users by 10 times in the next few years. Today, about 300 travel agencies with 6,000 travel specialists pay a membership fee to Virtuoso to use its network to match travel customers with a variety of tour suppliers for a range of exotic and luxury vacations.

"We needed a platform that would scale with the company as it grew, yet be more efficient and lower operating costs," Chaplin said. "We're a lean company with technology and don't have a lot of administrators, so it also had to be something easy to administer and deploy."

When the upgrade was first considered last year, Virtuoso had a "mish-mash of servers, including dozens of HP servers" and considered using HP for unified computing. Instead, it discovered Liquid, Chaplin said. "We knew the price point of Liquid would be lower than HP," he said. Cisco was expected to have a unified computing platform, but hadn't developed anything concrete, he added. Cisco's approach is only now rolling out to customers.

As it was, Virtuoso's investment with Liquid, based in Stamford, Conn., was less than $1 million, "still a big investment for us," Chaplin said. The company installed a LiquidIQ unified computing system for hosting its Web-based services for its travel network. Liquid calls LiquidIQ a "data center in a chassis" because it can integrate with NetApp Inc. to replace an assortment of server, network, storage and virtualization technologies. Virtuoso installed the first chassis in February, which went live in April, and expects to install a second chassis in the fall.

The changeover means that Virtuoso is on target to reduce its data center costs by 80%, with a smaller physical space, less power consumption and reduced administrative overhead. Already, a staff of five administrators has been reduced to two, he said.

The data center supports a sophisticated search engine that gives travel agents the ability to find suppliers for customized luxury vacations.

In addition to the expected savings with Liquid, and its background in telecom, Virtuoso found it could work easily with a smaller supplier.

"Liquid has paid attention to servicing our needs, and I could have gone with HP but there's no way I could call them up as often as I did," Chaplin said.

Analyst Zeus Kerravala of Yankee Group Inc. said Liquid's reputation is solid, even though he regards the vendor as a start-up with only a handful of announced customers for LiquidIQ.

"The technology from Liquid is more mature than Cisco has, and they've been selling it longer," Kerravala said. "HP's basically got a management front end, which isn't really the same."

The only worry with working with Liquid, like many smaller vendors, is their longevity, Kerravala added. "Liquid is an acquisition candidate for Juniper Networks, or IBM or even HP," he said. "The worry with using them would be if they went away. But as a start-up, there's no immediate harm in using their technology, and the benefit is that they can completely customize the product for a new customer."

Kerravala said Virtuoso's claim of an 80% reduction in space and power consumption is "completely believable ... unified computing is the next big trend in computing."

RSA chief: The job of security guy is not to be 'Doctor No'

Web 2.0 technologies and cloud computing are extending traditional enterprise network perimeters to the point that they are practically vanishing, says a report released this week by RSA, the security division of EMC Corp. The report further states that information security managers who understand the associated risks and learn how to manage them can help their companies adopt such technologies on their own terms.

The report also includes recommendations from 10 members of RSA's Security for Business Innovation Council, including chief information security officers from J.P. Morgan Chase, Motorola, eBay, Time Warner and RSA.

In this interview, RSA president Art Coviello talked about some of the report's key recommendations as well as other topics.

Why did RSA do this report? This report is about what we call the hyperextended enterprise, which is exactly what you think it would be. We are using the Internet as never before. There are more devices, there are far more Web applications and now with Web 2.0 and social networking, communication is instant and pretty constant.

Our dealings as businesspeople with customers, suppliers, partners, and even our own employees, has changed dramatically in just the last seven or eight years. The opportunity being created with technologies like virtualization and cloud computing is extending the perimeter out even more. It literally puts your IT infrastructure out of the company in many instances. So our research is on whether people have learned the lessons of the past, and if they are building security into the cloud computing environment. Unfortunately, we found out that they are not doing this as they should.

What are some the recommendations from the Security for Business Innovation Council in terms of what companies should be doing to enable cloud computing? The first recommendation is that if you are thinking of outsourcing applications and information and infrastructure then you ought to rein in the protection environment. See if there is a way to lessen the cost of security. Look at the kind of security measures you have, check them for cost effectiveness and see if there are redundancies.

[Another] recommendation is to proactively embrace new technologies on your own. The job of the security guy is not to be "Doctor No." It's not to say "you can't do stuff," but rather how you can embrace these technologies and how you can do it securely. You can never do security perfectly, but if you do it in the context of risk, you can minimize your exposure.

It also makes sense if you no longer have control of the physical infrastructure to shift from protecting the container to protecting the data. One would assume that the cloud provider is protecting the container and the physical infrastructure. Your job then is to shift from protecting the container to protecting the data and information itself. Once you go to a cloud environment, it really is about how you maximize the use of your applications and your information and how you ensure that the people who need it get access to it.

[Another recommendation] is really about protecting data with security techniques that allow you to monitor the flow of data in real time. Things like data-leak prevention technologies that are far more dynamic and are based more on content and behavior and looking for anomalies based on who is getting access, or who is using the data and how it is being used.

What impact has the recession had on information security budgets? Have they been as immune from cuts as some had expected them to be? Every budget has been impacted. There's no question about that. Relative to others though, security budgets have been impacted less. In our case we are gaining market share.

This year we had 10% year-over-year growth in Q1 and actually almost 11% from an order standpoint. Now that is down from last year, but it is still positive growth. I think a lot of high-technology companies would have been thrilled to report growth in Q1. If you were to look at our product lines, SecurID which is still a very significant portion of our business, is only flat to maybe slightly up and that would be expected because it is so employment dependent. We are not getting expansion inside existing accounts because people aren't adding lots of employees. Our security incident management business is growing at well over 30%, while our ID protection and verification suite is growing at about 40%, and our data leak prevention is growing at 80% or 90%.

Two years ago you had said that standalone security vendors are headed for extinction because vendors such as Microsoft, EMC and Cisco Systemd were integrating security functions into their own products. Do you still believe that will happen? I was wrong on time but not on direction. There really are only two significantly large independent companies that are totally security focused today, and that's McAfee and CheckPoint and they are anomalies.

Symantec now owns Veritas so they are as much an infrastructure company as they are a security company. And let's pick a category like data leak prevention. The three big players in that space - IronPort, Tablus and Vontu were all snapped up.

There continue to be innovative startups and lots of point products, but increasingly, especially in cloud environments, the ability [of customers] to absorb countless numbers of independent point products tends to be less and less. We see customers wanting to minimize the amount of vendors they have because the technology really needs to be baked in. It needs to be transparent and seamless in the environment. I'm not saying there won't be security products. But I am saying the infrastructure companies are going to need their own security products and technologies and will form partnerships as we are doing with the likes of Microsoft and Cisco.

What do you think about President Obama's plans to appoint a White House cybersecurity coordinator? I think it makes tremendous sense. I think the idea of having somebody coordinate policy and to lobby strongly on Capitol Hill for the requisite funding and changes to law is a good one and I think it is very necessary.