Contents | Zoom in | Zoom out
For navigation instructions please click here
Search Issue | Next Page
September/October 2014
Te c h n o l o g y S o l u t i o n s f o r t h e E n t e r p r i s e
CONSUMERIZATION
OF IT
SECURITY
P. 9
USABILITY
P. 66
ENTERPRISE IT
P. 20
www.computer.org/itpro
Contents | Zoom in | Zoom out
For navigation instructions please click here
Search Issue | Next Page
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
GRADY BOOCH
Chief ScientistM
ngineering, IB
of Software E
F
O
S
R
A
T
S
K
OC
R
A
T
A
D
G
I
B
S
C
I
T
Y
L
A
AN
GREG ARNOLD
cture
Data Infrastru
dIn
irector, Linke
D
g
n
ri
e
e
in
g
En
GUIDO SCHROED
ER
plunk
f Products, S
o
t
n
e
d
si
re
P
Senior Vice
Analytics
a
t
a
D
ig
B
Don’t Let
that
!
w h a t do es
n
t
u
w
B
o
.
s
D
c
ti
analy
r ease
Bog You
of big data
cs help inc
e er a
analy ti
ys this is th iness? Can big data
a
s
out.
e
n
o
y
r
e
Ev
r bus
st it? Find
u
u
o
y
tr
u
d
n
o
y
a
n
u
o
m er s? C a
mean to y
tisfy custo
a
s
d
n
a
ts
profi
xperts
ock Star E
R
e
th
t
e
e
eering, IBM dIn
M
ware Engin
ke
of Soft
tor, Lin
c s)
ring Direc
f Scientist
e
ie
e
h
in
C
g
,
n
r of Analy ti
h
E
c
to
o
e
c
r
o
e
B
ir
tu
y
c
D
u
d
a
ix
tr
r
3 G
ta Infras
mer Netfl
Arnold, Da President, Ly ft (For
ts, Splunk
3 Gr eg
e
of P r oduc
t
ic
n
V
e
t,
id
o
s
li
e
u
r
Po
eP
Soft ware
3 Chris
Senior Vic
fficer, GE
O
r,
e
e
d
c
e nga)
e
n
o
ie
r
c
h
Sc
r CTO, K it
Data S
e
f
3 Guido
m
ie
r
h
o
C
(F
,
k
ll
u
e
e w D e nes
ngineer, D
3 Matt h
nguished E
ti
r vices
is
e
D
S
,
IT
is
v
t
Da
atalys
C
3 Mar k
,
tics?
O
E
C
,
m
Data Analy
ig
B
t
Rosenbau
s
u
r
T
3 Mike
an We
Ho w Far C
3 Panel:
analy tics.
Be ther
r s on
AL answe
E
R
e
th
r
e fo
r 2014
21 Octobe rium
ivic Audito
San Jose C
CA
San Jose,
NOW
REGISTER is in Effect!
Pricing
Early-Bird
in this
our Place
Y
e
v
r
e
s
e
R
vent
Sold Out E
Sure-to-be
/
g
r
o
.
r
e
t
u
comp
s
c
i
t
y
l
a
n
Data-A
big data
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Technology Solutions for the Enterprise
Editor in Chief
Editorial Staff
San Murugesan, BRITE Professional Services, san@computer.org
__________
Editorial Management: Shani Murray
Associate Editors in Chief
Editorial Product Lead: Bonnie Wylie,
b.wylie@computer.org
___________
Irena Bojanova, University of Maryland University College,
irena.bojanova@umuc.edu
______________
J. Morris Chang, Iowa State University, morrisjchang@gmail.com
_____________
Linda Wilbanks, US Department of Education, linda.wilbanks@ed.go
___________
Manager, Products & Acquisitions: Kathy Clark-Fisher
Cover Designer: Jennie Zhu-Mai
Department Editors
Publications Coordinator: ____________
itpro-ma@computer.org
Data Analytics: Seth Earley, Earley & Associates, _________
seth@earley.com
Director, Products & Services: Evan Butterfield
IT in Emerging Markets: Gustavo Rossi, Universidad Nacional
de La Plata, gustavo@lifia.info.unlp.edu.ar
_______________
Senior Manager, Editorial Services: Robin Baldwin
Associate Manager, Peer Review: Hilda Carman
IT Trends: Irena Bojanova, University of Maryland University
College, ______________
irena.bojanova@umuc.edu
Membership Development Manager: Cecelia Huffman
Business Development Manager: Sandy Brown
Life in the C-Suite: Joseph Williams, Seattle Pacific University,
josephwi@spu.edu
__________
Senior Advertising Coordinator: Marian Anderson
Mastermind: George Strawn, NITRD, gostrawn@gmail.com
___________
2014 IEEE Computer Society President
Securing IT: Rick Kuhn, US Nat’l Inst. of Standards and
Technology, ________
kuhn@nist.gov
Dejan S. Milojic̆ić, d.milojicic@computer.org
____________
Smart Systems: Karen Evans, KE&T Partners, _____________
karenevans@prodigy.net
CS Magazine Operations Committee
Editorial Board
Paolo Montuschi (chair), Erik R. Altman, Maria Ebling, Miguel Encarnação,
Dave Walden, Cecilia Metra, San Murugesan, Shari Lawrence Pfleeger,
Michael Rabinovich, Yong Rui, Forrest Shull, George K. Thiruvathukal,
Ron Vetter, and Daniel Zeng
Wesley Chou, US Department of Defense
Fulvio Corno, Politecnico di Torino
Vladimir Dimitrov, University of Sofia
Reza Djavanshir, Johns Hopkins University
Jinan Fiaidhi, Lakehead University, Canada
Robert R. Harmon, Portland State University
George F. Hurlburt, STEMCorp
Maria R. Lee, Shih Chien University
Sunil Mithas, University of Maryland
Jia Zhang, Carnegie Mellon University, Silicon Valley
Liang-Jie Zhang, Kingdee Int’l Software Group
CS Publications Board
Jean-Luc Gaudiot (VP for Publications), Alain April, Laxmi N. Bhuyan,
Angela R. Burgess, Greg Byrd, Robert Dupuis, David S. Ebert, Frank Ferrante,
Paolo Montuschi, Linda I. Shafer, H.J. Siegel, and Per Stenström
Writers: Access www.computer.org/itpro/author.htm.
Letters to the Editors: Send letters to _________
itpro@computer.org.
Subscribe: Visit www.computer.org/subscribe.
Subscription Change of Address: Contact address.change@ieee.org.
___________
Missing or Damaged Copies: Contact _________
help@computer.org
Reprints of Articles: Contact ___________
itpro-ma@computer.org.
Advisory Board
Jin-Fu Chang, President, Yuan-Ze University and Board Chair,
Institute for Information Industry, Taiwan
Wushow Chou (EIC Emeritus), North Carolina State Univ.
Karen Evans, KE&T Partners
Frank E. Ferrante, FEF Group
Thomas Jepsen, IT consultant
Simon Liu, US Nat’l Agricultural Library
H. Gilbert Miller, Noblis
Sorel Reisman (chair), California State Univ., Fullerton
Henry Schaffer, North Carolina State Univ.
George Strawn, NITRD
IEEE prohibits discrimination, harassment and bullying: For more information,
visit www.ieee.org/web/aboutus/whatis/policies/p9-26.html.
Published by the
______
R EUSE R IGHTS
1) IS NOT MADE FOR PROFIT; 2) INCLUDES THIS
IEEE ENDORSEMENT OF ANY THIRD - PARTY PRODUCTS OR SERVICES. AUTHORS
AND THEIR COMPANIES ARE PERMITTED TO POST THE ACCEPTED VERSION OF IEEE- COPYRIGHTED MATERIAL ON THEIR OWN WEB SERVERS WITHOUT PERMISSION, PROVIDED THAT THE IEEE COPYRIGHT
NOTICE AND A FULL CITATION TO THE ORIGINAL WORK APPEAR ON THE FIRST SCREEN OF THE POSTED COPY. A N ACCEPTED MANUSCRIPT IS A VERSION WHICH HAS BEEN REVISED BY THE AUTHOR
TO INCORPORATE REVIEW SUGGESTIONS , BUT NOT THE PUBLISHED VERSION WITH COPY- EDITING, PROOFREADING , AND FORMATTING ADDED BY IEEE. F OR MORE INFORMATION, PLEASE GO TO:
HTTP
:// WWW. IEEE.ORG/PUBLICATIONS_STANDARDS/PUBLICATIONS/RIGHTS/PAPERVERSIONPOLICY. HTML . PERMISSION TO REPRINT/REPUBLISH THIS MATERIAL FOR COMMERCIAL , ADVERTISING, OR
_____________________________________________________
PROMOTIONAL PURPOSES OR FOR CREATING NEW COLLECTIVE WORKS FOR RESALE OR REDISTRIBUTION MUST BE OBTAINED FROM IEEE BY WRITING TO THE IEEE INTELLECTUAL PROPERTY R IGHTS O FFICE,
445 H OES L ANE, PISCATAWAY, NJ 08854-4141 OR ____________
PUBS - PERMISSIONS@ IEEE.ORG. COPYRIGHT © 2014 IEEE. A LL RIGHTS RESERVED.
AND
R EPRINT PERMISSIONS: EDUCATIONAL
OR PERSONAL USE OF THIS MATERIAL IS PERMITTED WITHOUT FEE , PROVIDED SUCH USE:
NOTICE AND A FULL CITATION TO THE ORIGINAL WORK ON THE FIRST PAGE OF THE COPY; AND
3)
DOES NOT IMPLY
A BSTRACTING AND LIBRARY USE: A BSTRACTING IS PERMITTED WITH CREDIT TO THE SOURCE. L IBRARIES ARE PERMITTED TO PHOTOCOPY FOR PRIVATE USE OF PATRONS, PROVIDED THE PER- COPY FEE
INDICATED IN THE CODE AT THE BOTTOM OF THE FIRST PAGE IS PAID THROUGH THE COPYRIGHT CLEARANCE CENTER , 222 ROSEWOOD D RIVE , DANVERS, MA 01923.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
1
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Consumerization of IT
IN THIS ISSUE
16
Guest Editors’
Introduction: From
BYOD to BYOA,
Phishing, and Botnets
Seth Earley, Robert Harmon,
Maria R. Lee, and Sunil Mithas
20
28
34
41
Consumerization
in the IT Service
Ecosystem
Trust and Privacy
Exploitation in Online
Social Networks
Low-Cost
3D-Supported
Interactive Control
Enrique Castro-Leon
Kaze Wong, Angus Wong,
Alan Yeung, Wei Fan, and
Su-Kit Tang
Enrico Masala, Antonio Servetti,
and Angelo Raffaele Meo
Job Recruitment
and Job Seeking
Processes: How
Technology Can Help
Most available literature
on IT consumerization
focuses on current
practices. Exploring the
driving forces behind
consumerization is
essential, however, if
IT organizations are to
make sense of the current
dynamics of transformation and disruption and
formulate effective strategies in response.
This survey presents
the pitfalls of security
protection in online social
networks and identifies
common attack methods.
A harmless proof-ofconcept malware app
demonstrates the
vulnerability of online
social networks and the
significance of the user’s
mentality.
Devices for stereoscopic
vision are mostly used for
entertainment. The prototype device presented here
for 3D-video-supported
interactive control is based
on consumer devices and
open source software, paving the way for low-cost
general-purpose systems
for remote operation,
education, training, and
surveillance.
Paolo Montuschi,
Valentina Gatteschi,
Fabrizio Lamberti, Andrea Sanna,
and Claudio Demartini
This survey of current job
search and recruitment
tools focuses on applying a
computer-based approach
to job matchmaking.
The authors present a
semantic-based software
platform developed in the
framework of a European
project on lifelong learning, highlighting future
research directions.
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
September/October
2014
January/February 2008
Volume 10,
16, Number 1
5
Te c h n o l oSolutions
g y S o l ufor
tio
n sEnterprise
for the Enterprise
Technology
the
COLUMNS AND DEPARTMENTS
4 From the Editors
The Next Step for Learning Analytics
Jinan Fiaidhi
9 Securing IT
Securing BYOD
J. Morris Chang, Pao-Chung Ho, and Teng-Chang Chang
12 IT Trends
Optimizing Operational and Strategic IT
Stephen J. Andriole and Irena Bojanova
62 IT in Emerging Markets
Toward Open Government in Paraguay
Luca Cernuzzi and Juan Pane
66 Data Analytics
Usability for Internal Systems:
What’s the Payoff?
Seth Earley
70 Mastermind
Don Knuth: Mastermind of Algorithms
George Strawn
50
56
Cinema Cloud: An
Enabling Technology
for the Movie Industry
Deploying a Maritime
Cloud
Wai-Ming To, Linda S.L. Lai,
David W.K. Chung, and
Andy W.L. Chung
With the promise of high
definition and advanced
special effects, movie
theaters worldwide have
evolved from traditional
film projection to digital
cinema projection. The
Cyberport Digital Cinema
Cloud helps facilitate the
development of digital
entertainment in Hong
Kong.
27
40
IEEE CS Information
Advertiser Index
Kleanthis Dellios and
Dimitrios Papanikas
The authors offer a
roadmap for building a
Maritime Cloud, offering
virtual platforms, tools,
and data for the maritime
domain. They describe the
proposed architecture and
delivery models, evaluate
advantages and challenges,
and suggest future research
directions.
On the Web: computer.org/itpro
For more information on computing topics, visit the Computer
Society Digital Library at www.computer.org/csdl.
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FROM THE EDITORS
The Next Step for
Learning Analytics
Jinan Fiaidhi, Lakehead University
earning analytics is an
emergent field of research and practice that
aims to use data analysis
to inform decisions made on every
tier of the educational system.1 It
helps analysts decipher trends
and patterns from educational
big data—that is, huge sets of
student-related data—to further
the advancement of personalized, supportive higher education
applications.
L
Learning Analytics
Initiatives
Learning analytics is the third
wave of developments in instructional technology, which began
with the advent of the learning
management system (LMS) in
1991. The second wave integrated the LMS into the wider
educational enterprise by involving learners on social networks
(also known as the Web 2.0 wave).
During this third wave, learning analytics as a term has been
significantly popularized by the
Educause International Conferences on Learning Analytics and
Knowledge (LAK),2 which started
in 2011 (https://tekri.athabascau.
ca/analytics).
Learning analytics focuses on
collecting and analyzing data
from a variety of sources to provide information on what works
(and what doesn’t) with respect
to teaching and learning.3,4 This
helps educational institutions
improve their quality of learning and overall competitiveness.
Consequently, many research
communities have developed a
variety of promising initiatives,
Related Learning Analytics Research
S
ee the following for more information on learning analytics
research:
t
t
t
t
t
4
the Society for Learning Analytics Research (SoLAR)—
http://solaresearch.org/,
the Learning Analytics focus group at the University of Amsterdam—
http://learning-analytics.uva.nl,
the University of Melbourne Learning Analytics research group—
https://le.unimelb.edu.au/elearning/larg.html,
______________________________
the Social Media Lab at Dalhousie University—
http://socialmedialab.ca, and
Stanford University’s Transformative Learning Technologies Lab—
https://tltl.stanford.edu/project/multimodal-learning-analytics).
_________________________________________
IT Pro September/October 2014
Published by the IEEE Computer Society
models, and applications to improve learner success. For example, Santa Monica College’s Glass
Classroom initiative,5 introduced
in December 2012, aims to enhance student and teacher performance by collecting and analyzing
large amounts of data. Using realtime feedback of the student’s
performance, Glass Classroom
adjusts the courseware to meet
educational objectives.
Another example is at the University of Wisconsin-Madison.
Since May 2012, the university
has been working to develop a
data-driven “early-warning” system that faculty and advisors can
use to support student academic
success.6 The system will help
identify academically at-risk students, using nontraditional indicators that can be gathered early in
a student’s career, even at the beginning of a semester. The system
aims to intervene early, improve
students’ academic success, and
bolster the campus’s retention and
graduation rates.
Furthermore, many research
groups and societies are providing
excellent networks for researchers who are exploring the impact
of analytics on teaching, learning,
training, and development (see
the “Related Learning Analytics
Research” sidebar). In particular,
these groups and societies are
promoting several learning analytics models, which have been
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Table 1. Notable learning analytics applications.
Application
Purpose and data
Institution & URL
jPoll
This ubiquitous classroom polling and student-response
system engages students using a range of interactive
teaching situations. Originally developed as a replacement
for clicker-type technologies, it produces data based on
student opinions of teaching events.
Griffith University
http://navigator.nmc.org/project/jpoll
Moodog
This course management system provides a log analysis tool
to track students’ online learning activities. It provides
instructors with insight about how students interact with
online course materials, and it lets students compare their
own progress with others in the class. Moodog also provides
automatic email reminders to students, encouraging them to
view available materials that they haven’t yet accessed.
University of California, Santa Barbara
(An article with more information
appears elsewhere.7)
Equella
Equella provides evidence of appropriate curriculum
coverage, student engagement, and equity while students
are on clinical placement (which provides a clinical
education at an external facility).
University of Wollongong
www.pearsonlearningsolutions.com/
equella
____
E2Coach
This computer-based coaching system provides a model
for an intervention engine, capable of dealing with actionable
information for thousands of students. It’s currently being
used for a variety of applications in public health—from
cessation of smoking to losing weight.
University of Michigan
http://sitemaker.umich.edu/ecoach/
about_ecoach
_________
Signals
A system that takes course management system (CMS) data
(Blackboard data, in this case) into account in predicting
whether a student will succeed in a given course.
Purdue University
www.itap.purdue.edu/studio/signals
Sherpa
This course recommender system uses a service-oriented
architecture to guide students during registration to pick a
substitute class if their first choice is full (Phase 1). The second
phase provides administrators tools to send “nudges” to
students via portal messages, emails, SMS messages, and
text-to-speech phone calls. The third phase revamps the
student portal with a to-do list, news feed, and calendar,
pre-populated with enrollments and important dates.
South Orange County Community
College
www.socccd.edu/sherpa
developed to identify student risk
levels or success factors in real
time to increase a student’s likelihood for success and improve
learning.
Table 1 provides examples of
applications that are using
such learning analytics models.7
Higher education institutions
have shown increased interest in learning analytics as they
face calls for more transparency
and greater scrutiny of their student recruitment and retention
practices.8
Dealing with
Unstructured Data
The applications described in
Table 1 apply models of structured data, collected from student
interactions with the learning
system, to answer the following
questions:7
t When are students ready to
move on to the next topic?
t When are students falling behind in a course?
t When is a student at risk for not
completing a course?
t What grade is a student likely to
get without intervention?
t What is the best next course for
a given student?
t Should a student be referred to
a counselor for help?
These learning analytics applications use Web analytics, data
warehouses, and other data-management tools, measuring Web
traffic to assess and improve the
effectiveness of the teaching and
learning website. (They use clickstream data to record every page,
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
5
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FROM THE EDITORS
segment, or tag requested by the
learner.) Then, they extract knowledge from structured data and
store it in databases. You define
your learning categories up front,
so it’s simple to evaluate the status
of any given category; track trends
in a category; and compare how a
category relates to others across
time, geography, and so on.
Analyzing unstructured content,
however, is different. Unstructured content refers to documents,
emails, answers, responses, and
other objects (static or dynamic)
that are made up of free-flowing
text. Analysts, including Gartner
and IDC, predict that as much as
80 percent of data is unstructured.9
This data is a treasure chest of valuable information and insight, but
it’s notoriously difficult to manage.
Gartner defines unstructured data
as content that doesn’t conform to
a specific, predefined data model. It
tends to be the human-generated
and people-oriented content that
doesn’t fit neatly into database tables.10 Text is the classic and most
dominant example of unstructured
data.
Capturing and analyzing textual
data has changed how decisions
are made and resources are allocated in businesses, healthcare,
government, and many other fields.
However, text analysis hasn’t yet
made the impact on education that
it has made in other fields, even
though learners interact with instructors, other learners, and with
the course materials mainly using
text. The proliferation of textual
data in education is overwhelming,
because such data is being constantly generated via learning blogs,
emails, educational websites, learning objects repositories, and so on.
Although the amount of textual
data is increasing rapidly, learning
systems’ ability to summarize, understand, and make sense of such
data for improved learning remains
challenging.
6
Textual Analytics in
Learning
A finer level of understanding of
student opinions, answers, and
concerns can enable educators, researchers, and university leaders to
improve teaching and thus learning.11 Text analytics typically involves
tasks such as text categorization, text
clustering, summarization, and concept extraction. Employing learning analytics based on text analytics
helps promote automated intervention and reasoning about textual interaction. It also helps archive, filter,
search, and classify text.
Thanks to advancements in
textual analysis techniques and
other machine-learning technologies, systems like the IBM Watson
can defeat top human contestants
in Jeopardy (see www.ibm.com/
smarterplanet/us/en/ibmwatson).
_______________________
According to Seth Grimes,12 text
analytics adds semantics to identify features such as
t named entities (learning objects, learners, and so on);
t pattern-based entities (such as
email addresses);
t concepts (abstractions of entities);
t facts and relationships;
t events;
t concrete and abstract attributes;
and
t subjectivity in the form of opinions, sentiments, and emotions.
Learning analytics applications
enriched with the power of textual
analytics might also perform the
following smart capabilities and
services to empower the learner
and the learning system.
Annotate Sensitive
Information
In a learning system, you need to
communicate clearly and quickly
with learners. However, creating
screen recordings can be time
consuming and frustrating. You
need the ability to capture images
to get your point across. You also
need the ability to add or annotate
text and to blur out sensitive information on these images.
Categorize Groups
of Documents
This would let applications assign unseen text to one of the
predefined categories based on a
processing algorithm. There are
many kinds of models and strategies for text categorizations, but
generally, all algorithms could be
divided into the following groups:
t supervised categorization uses prior information regarding correct categorization for tested
documents;
t unsupervised categorization doesn’t
use any prior or external information, so decisions are made
internally based on predefined
logic or models; and
t semisupervised categorization combines some approaches from
the supervised and unsupervised text categorization.
Check for Relevant Live Feeds
Live feeds are different types of
feeds, which show all messages
that are relevant to a specific user
or topic.
Other Text-Based Services
Other potential text-based services include the following:
t classify entities via manual
training and automation,
t filter content by metadata and
threshold classification,
t generate high-level summaries
and detailed reports,
t discover top meta values and related concepts,
t recommend resources,
t analyze feedbacks and opinions,
t build topic models and generate
groupings,
t measure and validate results, and
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Students
Documents
Instructors
Learning analytics
Administrators
Third party services
providers
Linked data
(Structured data)
Curriculum
Users
Blogs
QA Staff
Database management system
Feeds
Institution (s)
Web analytics
Data
sources
Probes and monitors
Predictive engine
Search results
Social networks
Adaptation engine
Intervention engine
Feedback engine
Learning
management
system
Meta
engines
Content engine
Measurement engine
Clickstream
Web 2.0
Visualization
Crowdsourcing
Learning analytics
Visits
(Unstructured data)
Datasets
Predictions
Reflection
Goals
Machine learning
Text preprocessing
Statistical analysis
Summarization
Indexing
Empirical rules
Privacy
Clustering and classifications
Ethics
Critical thinking
competence
Methods
Tagging
Semantic analysis
Constraints
Logfile analysis
Interpretation
competence
Success/failure
measures
Policies
Data mining
Searching engines
NLP pipeline
Adaptation
Personalization
Intervention
Figure 1. A comprehensive learning analytics architecture.
t identify similar documents and
responses (possible plagiarism).
Text analytics applies a variety
of natural language processing
analysis techniques along with linguistics, statistical, and data-mining techniques to extract concepts
and patterns that can be applied
to categorize and classify textual
documents. It also attempts to
transform the unstructured information into data that can be
used with more traditional learning analytics techniques. Finally,
it helps identify meaning and relationships in large volumes of
information. However, there is no
single method appropriate for all
text analysis tasks.
earning analytics approaches must take several different perspectives and
accommodate different data sources. The ideal vision for learning
analytics is to integrate analytics
for both structured and unstructured data (mainly of textual nature). Figure 1 illustrates our bird’s
eye view of a comprehensive learning analytics architecture.
The main feature of this architecture is the component that deals
with unstructured textual data (and
natural language processing). Adding this to the existing components
(that is, to the learning management system, Web 2.0, social networking, and the learning analytics
for structured data) will strengthen
L
the power of the “meta engines” to
reliably assess students skills and
provide students with formative
feedback based on their learning
processes (their actual cognitive
and intellectual development while
performing a learning activity). By
adding a component that deals with
textual data, the meta engines will
be able to capture detailed information about teaching and learning.
For example, the predictive engine will
be able to record the progress of
certain critical-thinking processes
and predict the outcome.
Similarly, the content engine will
provide more focused information
and evaluations using the indexing
and content categorizations. The
adaptation engine will provide more
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
7
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FROM THE EDITORS
Editorial Board Changes
A
rnold Bragg has retired from IT Professional’s Advisory Board. We
thank him for his countless contributions to the publication, especially during his years as Editor in Chief.
T
homas Jepsen has retired from IT Pro’s Editorial Board and instead
will be serving as a member of the Advisory Board. We thank him
for his years of service and continued support.
—San Murugesan, Editor in Chief
Call for Issue Proposals
9.
10.
I
T Professional invites your theme proposals for its upcoming issues
in 2016. If you would like to see a topic of relevance covered or
wish to guest edit a theme issue, please send your proposal to San
Murugesan, Editor in Chief, at san@computer.org.
_____________
customized content delivery for individual students’ performance and
interests. The intervention engine will
let instructors and administrators
bypass the LMS to directly interact
with students. The feedback engine
will provide evaluations from other
meta engines (such as the predictive
engine) as feedback for students,
instructors, faculty, and administrators. Finally, the measurement engine will provide measures such as
the level of similarity between the
student’s solution and that of the
instructor.
There are many text analytics
tools and APIs that can be used to
build the learning analytics component that deals with textual unstructured data (such as LingPipe,
RapidMiner, Textanalytics, and
OpenText).13 Incorporating textual analytics into what we have
achieved so far in terms of learning analytics research and development will lay the groundwork for
redesigning educational institutions to teach 21st century skills.
References
1. NMC Horizon Report 2013, The New
Media Consortium, 2013; http://
____
net.educause.edu/ir/librar y/pdf/
HR2013.pdf.
_______
8
2. A.Cooper,“A Brief History ofAnalytics,”
JISC CETIS Analytics Series, Nov. 2012;
http://publications.cetis.ac.uk/wp_____________________
content/uploads/2012/12/Analytics_____________________
Brief-History-Vol-1-No9.pdf.
_________________
3. M. Brown, “Learning Analytics:
The Coming Third Wave,” Educause,
Apr. 2011; http://net.educause.edu/
ir/library/pdf/ELIB1101.pdf.
________________
4. K.D. Mattingly, M.C. Rice, and Z.L.
Berge, “Learning Analytics as a Tool
for Closing the Assessment Loop in
Higher Education,” Knowledge Management & E-Learning” An Int’l J., vol.
4, no. 3, 2012; www.kmel-journal.
org/ojs/index.php/online-publication/
article/viewArticle/196.
______________
5. L. Johnston, “The Glass Classroom,”
blog, 1 Dec. 2012; http://glassclass
room.blogspot.ca/2012/12/the-glass_____________________
classroom-big-data.html.
______________
6. “Learning Analytics Pilot,” University of Wisconsin-Maddison, Spring
2014; www.cio.wisc.edu/learning_________________
analytics-pilot.aspx.
___________
7. Zhang, H. & Almeroth, K. (2010).
Moodog: Tracking Student Activity in Online Course Management
Systems. Journal of Interactive
Learning Research, 21(3), 407–429.
Chesapeake, VA: A ACE, http://
____
www.editlib.org/p/32307/
_______________
8. M. Bienkowski, M. Feng, and B.
Means, “Enhancing Teaching and
11.
12.
13.
Learning Through Educational Data
Mining and Learning Analytics,” US
Department of Education and Office of Educational Technology, Oct.
2012; www.ed.gov/edblogs/technol_________________
ogy/files/2012/03/edm-la-brief.pdf.
____________________
“Six Reasons Businesses Need to Pay
Attention to Unstructured Data,”
IT Business Edge, 5 Nov. 2013; www.
___
itbusinessedge.com/slideshows/six______________________
reasons-businesses-need-to-pay_____________________
attention-to-unstructured-data.html
_____________________
“Gartner Predicts 2013: Business Intelligence and Analytics Need to Scale
Up to Support Explosive Growth in
Data Sources,” Gartner, 2013.
Unstructured Data Analytics: Unlock the
Treasures of Your Unstructured Content,
white paper, Filelytics, 2012, https://
____
www.filelytics.com/sites/default/files/
downloadable/Unstructured_Content_
______________________
Whitepaper.pdf.
________
S. Grimes, “An Introduction to Text
Analytics: Social, Online and Enterprise,” Text and Social Analytics Summit, workshop presentation, 2013;
www.slideshare.net/SethGrimes/
an-introduction-to-text-analytics_____________________
2013-workshop-presentation.
_________________
“Top 30 Software for Text Analysis
Text Mining Text Analytics,” Predictive Analytics Today, 2013; www.
___
predictiveanalyticstoday.com/top30-software-for-text-analysis-text_____________________
mining-text-analytics.
____________
Jinan Fiaidhi is a full professor and
graduate coordinator with the Department of Computer Science at Lakehead
University, Ontario, Canada. She is
also an Adjunct Research Professor with
the University of Western Ontario. Her
research interests are in collaborative
learning, learning analytics, and cloud
computing. More information about her
can be obtained from her website ____
http://
flash.lakeheadu.ca/~jfiaidhi. Contact her
________________
at _____________
jfiaidhi@lakeheadu.ca.
Selected CS articles and
columns are available for free at
http://ComputingNow.computer.org.
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
SECURING IT
EDITOR: Rick Kuhn, NIST, kuhn@nist.gov
________
Securing BYOD
J. Morris Chang, Iowa State University
Pao-Chung Ho and Teng-Chang Chang, Institute for Information Industry, Taiwan
n the corporate world, Bring
Your Own Device (BYOD) is
becoming increasingly common, changing how we work.
According to a 2012 Intel study of
3,000 IT managers and 1,300 users,
productivity is viewed as the biggest
benefit of BYOD.1 An IBM Flexible Workplace Study reported increases in productivity of 20 percent
or greater stemming from BYOD
practices—the equivalent of an extra
day of work per week.2 BYOD lets
employees use their personal device to work seamlessly across their
personal user space and enterprise
workspace instead of using multiple devices depending on business
need, location, and circumstances.
Yet today’s IT departments are
concerned with the popularity of
BYOD, because mixing personal
and enterprise data presents security threats to corporate proprietary
information. Enforcing the usage
of two different mobile devices—
one corporate and one personal—
could mitigate this threat, but this
strategy faces employee resistance
because it’s inconvenient. This creates a need for IT departments to
develop company security policies
that let employees access sensitive
resources using personal devices.
I
1520-9202/14/$31.00 © 2014 IEEE
The Challenges
Malware
In a survey of 2,100 individuals,
conducted by Webroot, 41 percent
said they use a personal smartphone or tablet for work purposes.3
Furthermore, 70 percent of those
smartphones and tables used for
work had no additional security
other than what was installed when
the employee first purchased the
device. According to another survey, 98 percent of employers claim
to have a mobile security policy in
place for accessing corporate data,3
yet BYOD users tend to choose usability over security when it comes
to selecting mobile applications.
Device security, malware, and enforcement are major security concerns raised by BYOD.
Another concern is malware. The
total number of known Android
malware samples increased more
than 10 times between July 2012
(about 45,000 samples) and January 2014 (about 650,000 samples).4
These malwares tend to steal personal information, issue premium
SMSs (which result in a fee for the
sender) for financial gain, or engage in denial-of-service attacks.
The malware might not specifically
target enterprise data, but it creates concerns about backdoor data
leakage for BYOD scenarios.
Device Security
Security issues arise at all layers—
including the network layer—but
the main issues are at the device
layer. Enterprise apps on a mobile
device can leave company data
on that device, presenting a major threat if the device is ever lost
or stolen. Furthermore, if the user
mixes personal and enterprise data,
it could lead to data leakage if company information is accidentally
sent to personal contacts.
Published by the IEEE Computer Society
Enforcement
Personal devices used for work are
part of the enterprise network, so
it’s essential to ensure that all mobile devices comply with enterprise
security policies. However, it’s difficult to enforce corporate policies
on personal devices. The problem
is exacerbated by the large variety of
device hardware and fragmentation
of the operating system. Moreover,
security policies can change from
time to time to cope with new security threats. Thus, effective security enforcement requires constant
updating of both corporate and
personal devices.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
9
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
SECURING IT
Secure Mobile Browsing
A
lthough a virtual private network can be an effective way to maintain corporate security, administrators can also let employees access
corporate intranet sites through the AirWatch Browser on employeeowned devices. A single sign-on and app tunneling lets users connect
the AirWatch Browser to enterprise intranets and third-party Web filters.
Current Solutions
The following solutions and practices can help address BYOD
security issues.
Security Policies
Typically, company BYOD policies include identifying which devices can be used in the company
network, listing both allowed and
banned apps, and describing classes of data that shouldn’t be stored
locally after being used by a mobile
app. Companies also implement
security policies (such as passwords
or screen locks) for all devices and
have strategies for lost or stolen devices and for when employees leave
the company.5 Furthermore, although a company might assume it
owns the apps and data, the device
owner might think differently.
The US White House published
a BYOD policy on August 2012
that presents three high-level suggestions for implementing BYOD
programs.6 The first suggestion is to
use virtualization to remotely access
computing resources at a corporate
facility, so corporate data isn’t stored
and corporate apps aren’t processed
on personal devices. The second
suggestion is to implement a walled
garden, so corporate data and apps
are processed separately from personal data. The final suggestion is to
apply limited separation, letting users
mix corporate and personal data on
a personal device while ensuring a
minimal level of security controls.
Mobile Device Management
Mobile Device Management
(MDM) tools are available commercially to manage mobile devices
10
and enforce company security policies on such devices. Vendors such
as VMware, MobileIron, and FiberLink provide MDM services specifically for BYOD.
Products, such as Maas360 by
FiberLink, typically use a device
enrollment process to register the
personal device into the MDM
program. This lets administrators
manage the devices remotely. It
might set customized authentication checkpoints on apps or data
or restrict certain device features
and settings. Some products (such
as AirWatch by VMware) also provide Mobile Application Management (MAM) and Mobile Content
Management (MCM) in addition
to MDM. They can also wipe the
device of enterprise content if necessary. Another technique—secure
mobile browsing—is discussed in
the related sidebar.
Separation Techniques
Techniques based on virtualization and on the operating system
(OS) to separate enterprise space
and personal space have shown
potential.
In a BYOD scenario, private
personal apps and data and important enterprise apps and data
are contained and running on the
same device. A BYOD design requires that the personal user space
in no way compromise the security of the enterprise workspace.
On the other hand, the enterprise workspace should in no way
compromise the privacy of the
personal user space. How to effectively separate the two spaces on
the same mobile device becomes
crucial for a successful BYOD design. Techniques, including virtualization, dual boot, and recently
proposed virtual mobile platforms,
can be used to achieve the separation goal. All of these techniques
have their own advantages and
drawbacks.
Vitualization. With hardware virtualization, hardware resources on
a mobile device can be multiplexed
to host multiple virtual machines.
A type 1 (T1) hypervisor runs directly on the system hardware and
provides a virtualized platform to
host multiple guest OSs (here, the
guest OSs would be the personal
OS and the enterprise OS). This
provides the best separation between the personal user space and
enterprise workspace. However,
this solution suffers from great
performance degradation due to
T1 overhead.
A type 2 (T2) hypervisor can also
be used to provide system separation. In this case, the hypervisor
runs on top of the original mobile
device OS, while the enterprise
workspace runs as a VM on the hypervisor. An example of this design
is the VMWare Mobile Workspace
(www.vmware.com/mobile-secure_______________________
desktop/overview).
This solution
____________
provides more flexibility and is
more user friendly, because the
user can simply install the hypervisor as an app in the original OS.
However, the enterprise workspace
will be at risk if the original OS is
compromised.
To enhance system performance,
OS virtualization can be used to
provide light-weight separation.
In this case, kernel-level device
namespaces are created to provide
data isolation and hardware resource (device driver) multiplexing,
allowing multiple virtual mobile devices to run on a single OS instance.
An example of this design is Cells
from Columbia University.7 OS virtualization can improve the system
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
performance compared to hardware
virtualization, but the adopter of
this technique should keep in mind
that both the personal user space
and enterprise workspace can be
compromised if an attacker targets
the OS kernel.
Dual boot. This possible solution
for device separation involves installing two OSs in different partitions on the same device. This
process is just like performing
traditional dual boots on desktops. Canonical provides a dual
boot app7 that modifies an Android device to let users switch between different OSs. OS dual boot
provides a clean separation, but
the long switching time degrades
usability.
phases. At the same time, they must
separate personal and organization data and clearly define device
requirements. Technologies that
support BYOD must be evaluated
based on performance, separation,
and usability. Management policies
for mobile devices and apps must be
inclusive, enforceable, and updated
ncluding BYOD security in corporate IT management policies is inevitable, and companies
must determine support capabilities,
educational needs, and deployment
www.whitehouse.gov/digitalgov/
bring-your-own-device.
7. C. Dall et al., “The Design, Implementation, and Evaluation of Cells:
A Virtual Smartphone Architecture,” ACM Trans. Computer Systems,
vol. 30, no. 3, 2012, article; ____
http://
doi.acm.org/10.1145/2324876.
2324877.
_____
To enhance system performance, OS virtualization
can be used to provide light-weight separation.
constantly. BYOD might come with
a high initial cost, but the payoff
should be worth it in the long run.
References
Virtual mobile platforms. The
Remotium Virtual Mobile Platform provides another way to
separate the personal user space
from the enterprise workspace
using the idea of remote control
(www.remotium.com).
This is
______________
similar to Microsoft Windows’ remote desktop connection. In the
Remotium solution, all enterprise
data and apps run in secure virtual
machines at Remotium’s or the
enterprise’s datacenter. Employees can then set up remote connections to the virtual machines
through a Remotium mobile client installed on each employee’s
mobile device. This is a simple and
effective approach to improve enterprise data security, because no
data is stored locally on the mobile
device. Note, however, that this solution requires a constant Internet
connection, and performance is
determined by the Internet speed.
I
1. “Insights on the Current State of
BYOD,” Intel, Oct. 2012; www.intel.
com/content/www/us/en/mobile______________________
c_____________________
omputing/consumerizationenterprise-byod-peer-research_____________________
paper.html.
_______
2. “Achieving Success with a Flexible
Workplace: 2012 IBM Flexible Workplace Study,” IBM Center for Applied
Insights, May 2012; http://www.
935.ibm.com/services/us/en/it______________________
services/workplace-services/flexible_____________________
workplace.
_____
3. “Fixing the Disconnect Between
Employer and Employee for BYOD
(Bring Your Own Device),” Webroot, July 2014; www.webroot.com/
shared/pdf/WebrootBYODSecurity
_____________________
Report2014.pdf.
__________
4. V. Svajcer, “Sophos Mobile Security Threat Report,” SOPHOS, 2014;
www.sophos.com/en-us/medialibrary/
PDFs/other/sophos-mobile-security_____________________
threat-report.pdf.
__________
5. J. Hassell, “7 Tips for Establishing
a Successful BYOD Policy,” CIO,
17 May 2012; www.cio.com/article/
2395944/consumer-technology/
______________________
7-tips-for-establishing-a-success_____________________
ful-byod-policy.html.
_____________
6. “Bring Your Own Device,” The
White House, 23 Aug. 2012;
8. “Announcing Ubuntu and Android
Dual Boot Developer Preview,” Ubuntu, 23 Dec. 2013; http://developer.
ubuntu.com/2013/12/announcing_____________________
ubuntu-and-android-dual-boot_____________________
developer-preview.
__________
J. Morris Chang is an associate professor at Iowa State University. His research
interests include cyber security, wireless
networks, and energy efficient computer
systems. He is a senior member of IEEE.
For further details, visit his webpage www.
___
ece.iastate.edu/~morris or contact him at
_____________
___________
morris@iastate.edu
Pao-Chung Ho is the Executive Vice
President of the Institute for Information
Industry, Taiwan. His research interests include embedded systems, database systems,
wireless communication networks, cybersecurity, and the Internet of Things. Contact
him at _________
pcho@iii.org.tw.
Teng-Chang Chang is a senior manager
in the Smart Network and System Institute
of the Institute for Information Industry,
Taiwan. His research interests include next
generation portable device, machine learning, and intelligent computer vision systems. Contact him at ___________
norman@iii.org.tw.
Selected CS articles and
columns are available for free at
http://ComputingNow.computer.org.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
11
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
IT TRENDS
EDITOR: Irena Bojanova, University of Maryland University College, _______________
irena.bojanova@umuc.edu
© Tadeusz Ibrom | Dreamstime.com
Optimizing
Operational and
Strategic IT
Stephen J. Andriole, Villanova School of Business
Irena Bojanova, University of Maryland University College
T matters more today than
ever before, with companies
focusing on how technology
can help develop new products and services; find and excite
customers; support seamless communication among employees,
customers, suppliers, and partners;
and provide a secure computing
and communications infrastructure. Companies’ dependency on
IT will only grow as more business
models and processes are digitized.
Strategic technologies—social media platforms, data analytics tools,
and location-awareness apps—can
help find and profile customers,
suppliers, and partners. Similarly,
cloud computing, biometric security, and virtual computing
technologies can provide effective
operational infrastructures.
Here, we explore seven operational and strategic technology
capabilities and management practices, which are shaping today’s enterprise IT systems and applications.
I
Rent as Much as Possible
Companies are increasingly renting technology. According to the
Gartner Group, “the use of cloud
computing is growing, and by 2016
this growth will increase to become
12
IT Pro September/October 2014
the bulk of new IT spending.”1 The
cost equation is more than compelling: it’s generally far less expensive
to rent technology from the cloud
than to buy and install IT. Cloud
delivery is also support-free: companies that lease hardware and software never have to fix things when
they break or crash and are no
longer in the hardware or software
business. Those renting are more
than 90 percent satisfied.2
Some companies are already leasing everything from their cloud
providers, including operational
technology—email, word processing, spreadsheets, security, database management, and enterprise
resource planning (ERP)—and
strategic technology—customer
relationship management (CRM),
location-based services (LBS), learning management systems (LMS),
and predictive analytics. Cloud
technologies are maturing, which,
coupled with a greater awareness
of the potential benefits (and limitations), is driving the accelerated
adoption of cloud offerings.3
One of the major strengths of
cloud computing is the freedom
it provides companies to focus on
their business models and processes.
Instead of worrying about network
Published by the IEEE Computer Society
latency and server maintenance,
companies can focus on innovation,
sales, and marketing, among other
revenue-generating activities.
This focus on revenue generation will be further supported by
developments in interoperability
between clouds, allowing companies to scale a service across disparate providers, while the service
appears to operate as one system.
Cloud federation will also support
revenue generation by interconnecting cloud services of different providers and from disparate
networks. This will let a provider
rent computing resources to other
providers to balance workloads
and handle spikes in demand.4
Encourage BYOD
The Bring Your Own Device
(BYOD) technology delivery model lets employees use whatever
technology they want—especially
if it reduces technology costs and
increases productivity.
Companies are offering annual
stipends to help reduce the cost
of the technology employees prefer. Over time, many companies
will dramatically reduce and then
completely eliminate their employee technology budgets.5
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
po
o
te
te c h s up
d
ce
er
%!
s
%!$
% %! "
% Business
operations
Se
%" %
%#
n
tio
el key b a n
a
lic
ot
p
Ap
m er s e r v i
H
to
% management
n
ck s c an
%
service
ns
S
to
io
a
ct
nd
n
Fu
tic k et b
ts
uc
od
rt
Pr
Rem
nt
e
or
ct
Data is now created by everyone—
vendors, customers, suppliers, partners, managers, executives, bloggers,
and anyone else who would like to
offer insights, solve problems, or
purchase products and services.
Organizing, analyzing, and managing all this data is an emerging core
competency.
The goal is real-time descriptive, explanatory, predictive, and
prescriptive data, information,
and knowledge about internal
and external processes and performance. The torrent of unstructured social media data has
overwhelmed conventional collection platforms: Google’s recent
unveiling of its Cloud DataFlow
Ev
Exploit Big Data Analytics
Cus
The objective is the thinnest,
most mobile devices possible. Although we still use desktops and
laptops, employees are increasingly using tablets, smartphones,
and other very “thin clients” to access local area networks, wide area
networks, virtual private networks,
and hosted applications, as well
as applications that run locally on
(some of) the devices. The economics are so powerful for thin
clients that we can expect the “fat”
corporate PC, and even the venerable laptop, to disappear from the
list of corporate technology assets.
BYOD will accelerate this trend.
There’s also a growing opportunity for businesses to exploit
the capabilities of wearables, such
as Google Glass, Apple’s iWatch,
and Plantronics’ Bluetooth headsets—among countless enabling
devices changing the way we
search, navigate, transact, and live
(see Figure 1). Next will be authentication pills and tattoos, and
the use of the human body for
data transmission.6 As the adoption of Internet of Things (IoT)
technology accelerates, wearables
will integrate, communicate, and
automatically transact.7
Figure 1. Opportunities for the business operations sector to exploit
wearables. (Source: Beecham Research. See the full chart at www.
____
beechamresearch.com/article.aspx?id=20.)
_____________________________
technology is one answer to the
challenge of real-time analytics—
and it’s validation of the role that
analytics will play going forward.8
To remain competitive, all companies will invest heavily in analytics
and business intelligence (BI).
Mine Social Data
Social BI assumes that there’s value in connecting people willing
or anxious to collaborate through
their affinity with friends, colleagues, associates, places, products,
and brands. Customer service and
new product releases are especially
vulnerable to twittering.
Companies now worry about
what’s being said about them on
Facebook, Twitter, Tumblr, Instagram, Trip-Advisor, and countless other social media sites. Some
companies just listen but others
extract meaning and purpose
from social content. Put another
way, companies need to not only
know what people are saying
about them, but why they’re saying what they’re saying—and the
response implications of the conversations on products, services,
and strategies. This is social BI.
Exploit Location Data
Location awareness fundamentally
alters business processes across
multiple functional areas, but especially in sales and marketing.
The key is to define location-based
services and discover what requirements the technology can satisfy.
For example, retailers have a vested interest in knowing the physical
location of their customers. They
want to know their customers’
movement patterns so they can
correlate locations with a variety of
attributes, such as time of day, age,
gender, wealth, and race, among
other variables. The next step is to
infer from that data precisely how
to engage that customer with the
right communications and offers.
Location-awareness thus fuels and
enables customer analytics.
The relationship between analytics, social media, and locationawareness is clear—and cumulative,
especially when location awareness
is integrated with BYOD, mobility, and cloud computing. Uber, a
rideshare, taxi, and taxi-alternative
app, is perhaps the perfect example
of this phenomenon (https://www.
________
uber.com).
Within minutes, Uber
_______
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
13
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
IT TRENDS
connects a customer (using a mobile phone) with the driver of a taxi,
private car, or rideshare program in
cities around the world.
Use Crowdsourcing
Expertise was never confined within the corporate firewall. While
companies hope to have the best
and the brightest employees solving their problems, there are always other qualified professionals
who don’t work at the company.
Today, we have the opportunity to
look to “the crowd” for help.
Vast amounts of data are being generated by in-house people
and devices, but there’s also lots of
data, ideas, and solutions available
from the crowd.7 Crowdsourcing
is a relatively new problem-solving
model. The Internet makes it possible to connect problem-creators
with problem-solvers instantly and
continuously. Small, medium, and
large companies solve problems
alongside individual contributors
and freelancers. But the definition of
“problems” is wide. In fact, there are
many crowdsourcing models that
companies can use to solve problems, perform specific tasks, and
even brainstorm. Innocentive (www.
___
innocentive.com) describes how
companies such as Coca-Cola, Unilever, Nokia, Anheuser-Busch, and
General Mills are using the crowd to
solve important problems.9
Federate
In the 20th century, technology
governance was largely about technology standards and centralized
control. As we moved into the 21st
century, governance shifted from
centralized to federated governance.
Control shifted because many of
the opportunity areas discussed
here—BYOD, crowdsourcing, social BI, and other technologies—are
impossible to centrally control.
More importantly, companies realize that trying to control IT from
a single desk makes little strategic
14
sense. Although everyone agrees
that the management of operational and infrastructure technology
should be coordinated and efficient
(increasingly by a cloud provider),
very few companies with multiple
lines of business believe that control
should include strategic applications
that the businesses need to compete.
This means that there will be
“technologists” on all of the business teams. It means that there will
be sales technologists, marketing
technologists, finance technologists,
customer service technologists, innovation technologists, and supplychain management technologists,
among others, who understand
both business processes and
models and current and emerging
digital technology—and the potential opportunities IT presents for
business activities. This is the new
face of federation.
Operational IT—a company’s
technology infrastructure—will
move. But unlike what we describe
today as “business partners,” infrastructure professionals will move
to internal “corporate auditing”
offices. They will pursue a threepronged agenda: architecture, infrastructure, and security. After
IT moves to auditing, operational
IT—responsible for infrastructure
activities such as email, storage,
back-up, and recovery—will do
what operational IT does best: deliver secure, recoverable basic services as cheaply as possible (again,
increasingly with cloud providers),
“audited” by external partners.
The auditing department is also
the best place to locate cloud and
applications service level agreement (SLA) negotiations and management. Because procurement is
often part of the larger audit team,
it’s a natural place to locate cloud
SLA management. The opportunity here is to reorganize technology activities to empower business
units through the federation of IT
rights and responsibilities.
T’s changing—again. But this
time, it’s not about bottom-up
enabling technology that satisfies old and “emerging” business
requirements. Today, IT is about
the integration of emerging business models and technologies. IT
is now an equal partner with the
business—and that partnership is
now permanent.
Perhaps the most intriguing aspect of IT’s new role is its organization and management. Cloud
delivery has fundamentally and permanently changed the relationship
between business processes and
models and current and emerging
technology. It’s also changed the
way companies acquire, deliver,
support, and measure IT. All seven
of the opportunity areas discussed
here can be pursued without internal IT bureaucracies or even
business unit budget constraints.
(That said, there will be some selected applications that traverse the
enterprise that will require at least
some federated, if not centralized,
governance.)
While the seven areas offer exciting possibilities, within five
years, there will be a whole new
set of possibilities. Technology will
continue to enable business models and processes, just as business
models and processes will stimulate the development of new technologies. The interplay between
business and technology will be
more complete and continuous.
Of course, concerns about security, privacy, trust, and control must
be taken seriously, and regulation
must occur at all levels.
I
References
1. “Gartner Says Cloud Computing Will
Become the Bulk of New IT Spend by
___
2016,” DABCC, 28 Oct. 2013; www.
dabcc.com/article.aspx?id=26469.
2. “Adoption of Cloud Computing
Continues Upward Trend as a
Mainstream IT Deployment Option,” Cloud Industry Forum, 2014;
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
http://cloudindustryforum.org/news/
_____________________
502-adoption-of-cloud-computing-
3.
4.
5.
6.
continues-upward-trend-as-a_____________________
mainstream-it-deployment-option.
____________________
S. Murugesan and I. Bojanova, “The
Rise of the Clouds: Progress and
Prospects,” Computing Now, Aug.
2014; www.computer.org/portal/web/
computingnow/archive/august2014.
_____________________
I. Bojanova, “Cloud Interoperability
and Federation,” blog, 8 Aug. 2013;
www.computer.org/portal/web/
Irena-Bojanova/content?g=597056
_____________________
4&type=blogpost&urlTitle=cloud_____________________
interoperability-and-federation.
___________________
“Cisco Study: IT Saying Yes to BYOD,”
Cisco, 16 May 2012; http://newsroom.
cisco.com/release/854754/CiscoStudy-IT-Saying-Yes-To-BYOD.
__________________
I. Bojanova, “Future of Mobility and
its Impact to Cloud,” blog, 28 Mar.
Computer Systems
Engineer:
M-F/8-5/40hr.wk. Design & develop solutions to complex interfaces b/t hardware &
software, operational & performance reqs. of
overall systems; define user & system objectives; assess compatibility, portability, scalability & cost of systems data, hardware, software
& emerging tech.; draft detailed org. reports;
propose design concepts/changes, project
schedules, budgets & integrate complete systems; create & reverse engineer SAP ECC6.0
Dialog Programs & Smart Forms; develop
queries for User Groups, Info. Sets; ALV; proficiency in tech. support for SAP environ (FI/
CO, MM, PP & SD, develop BAPIs, ABAP RICEF,
Dictionary), ORACLE, SQL & SAP Databases,
RFC Communication Mechanisms, ALE, IDOC,
Office 365, SharePoint & Crystal Reports. Req.:
B.S. in Computer Systems Engineering + 5 yrs.
of Computer Systems exp. Submit resume w/ad
copy to: Kim Tarzian, Rioglass Solar Inc., 13351
W. Rioglass Solar Rd., Surprise, AZ 85379.
2014; www.computer.org/portal/web/
Irena-Bojanova/content?g=5970564
_____________________
&type=blogpost&urlTitle=future-of_____________________
mobility-and-its-impact-to-cloud.
___________________
7. I. Bojanova, G. Hurlburt, J. Voas,
“Imagineering an Internet of Anything,” Computer, June 2014, pp. 72–77;
www.computer.org/csdl/mags/co/
2014/06/mco2014060072-abs.html.
_____________________
8. F. Lardinois, “Google Launches Cloud
Dataflow, A Managed Data Processing Service,” TechCrunch, 25 June 2014;
http://techcrunch.com/2014/06/25/
google-launches-cloud-dataflow-a_____________________
managed-data-processing-service.
___________________
9. “5 Examples of Companies Innovating with Crowdsourcing,” Innocentive, 18 Oct. 2013; www.innocentive.
com/blog/2013/10/18/5-examples_____________________
of-companies-innovating-with_____________________
crowdsourcing.
________
Stephen J. Andriole is the Thomas G.
Labrecque Professor of Business Technology
at the Villanova School of Business at Villanova University, where he teaches courses
in strategic IT, emerging technologies, and
innovation and entrepreneurialism. Contact
him at __________________
stephen.andriole@villanova.edu and
through LinkedIn.
Irena Bojanova is a professor and program director of Information and Technology Systems at University of Maryland,
University College. Read her cloud computing blog at www.computer.org/portal/
web/Irena-Bojanova.
___
____________ Contact her at irena.
bojanova@umuc.edu and through LinkedIn.
___________
Selected CS articles and
columns are available for free at
http://ComputingNow.computer.org.
CONFERENCES
in the Palm of Your Hand
Let your attendees have:
tDPOGFSFODFTDIFEVMF
tDPOGFSFODFJOGPSNBUJPO
tQBQFSMJTUJOHT
tBOENPSF
5IF DPOGFSFODF QSPHSBN NPCJMF BQQ
XPSLT GPS Android EFWJDFT iPhone
iPadBOEUIFKindle Fire.
'PS NPSF JOGPSNBUJPO QMFBTF DPOUBDU
$POGFSFODF1VCMJTIJOH4FSWJDFT$14
BU
cps@computer.org
__________
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
15
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
GUEST EDITORS’ INTRODUCTION
From BYOD to
BYOA, Phishing,
and Botnets
Seth Earley, Earley & Associates
Robert Harmon, Portland State University
Maria R. Lee, Shih Chien University
Sunil Mithas, University of Maryland
he consumerization of corporate IT
systems is a relatively recent development that has hit IT organizations
seemingly out of the blue. One day,
desktop computers were provisioned for users,
and applications were carefully vetted and controlled. The next thing CIOs knew, they were
dealing with laptops, smartphones, tablets, and
a raft of new tools and technologies that presented significant security, reliability, and IP
protection challenges.
Moreover, users have come to expect an information experience on par with that of their
personal lives. Google, Facebook, LinkedIn,
Twitter, Pinterest, Skype, and Dropbox are
examples of applications that have infiltrated
the enterprise’s IT infrastructure—whether as
an extension of personal productivity applications or as new social-engagement platforms
for the business side of the organization. Even
for organizations whose policies and firewalls have kept external applications out of
the internal information landscape, the game
has changed. Users have higher expectations
about the ease and speed of information access
and the user friendliness of systems required
for their jobs.
T
16
IT Pro September/October 2014
Clearly, new policies must be enacted and new
tools deployed to reduce risks and keep up with
growing user expectations, but balancing accessibility and security has proven to be a significant
challenge.
Redefining Enterprise IT
This issue of IT Professional touches on a number
of these topics. In “Consumerization in the IT Service Ecosystem,” Enrique Castro-Leon observes
that the trend has redefined IT in the enterprise:
“Consumerization has brought an inversion of
roles where now users are driving technology
adoption and change.” The consumerization of IT
is, in part, being pushed by a younger, more mobile
workforce comprising active users of new technologies and applications. Employees expect to use
their personal devices—and applications—at work,
which relates to the concept of BYOX—Bring Your
Own Device, Cloud, App, and Network. Instead of
new technology flowing down from the business
to the consumer, as it did with the desktop computer, the flow has reversed. The consumer market
often gets new technology before it enters (and is
fully leveraged by) the enterprise.
This blending of personal and business
technology is having a significant impact on
Published by the IEEE Computer Society
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
corporate IT departments, which traditionally
have governed, deployed, and controlled the
technology that employees use to do their
jobs. Consequently, IT departments must decide how to protect their networks and manage
technology that they perhaps didn’t procure
or provision.
Castro-Leon goes on to point out that users
and the employee community don’t share this
concern: they continue to use their devices as they
have in the past, and they expect them to work
equally well in corporate settings. Indeed, users
want their information experience to be seamless,
transparent, and portable, just as they do in the
rest of their world. Google, Apple, and Facebook—
you’ve spoiled our users forever.
More fundamentally, this drive for BYOD
and consumer-focused IT is emblematic of a
larger societal trend facilitated by technology.
There has been a shift to part-time, transient,
and specialized professional workers. Just as a
tradesman used to bring his or her tools to the
shop floor at the start of the industrial revolution, the independent contractors filling roles
in IT shops, as well as other professionals, are
now beginning to bring their own laptops and
devices.
Casto-Leon thus also explores how our economy has shifted to value networks and highly
interrelated trading partners. As organizations
provide infrastructure that’s in the cloud, and
as information systems transmit data across
multiple organizations in a value chain, the
boundaries of the enterprise shift and become
blurry—especially when software is consumed
through cloud-based and hosted application
providers. Castro-Leon describes the shift from
monolithic to componentized applications, then
to Web-services-based applications, service networks, and composite applications, which makes
apparent the natural evolution of and connection to BYOD and BYOA (Bring Your Own App),
especially as we enter the next evolution of the
Internet of Things.
Enforcing Security and Privacy
The flip side of the externalization of software
applications and functionality lies in the social component. Services architectures facilitate
human-to-machine and human-to-human interactions. The latter allows for opportunities
for the attackers to exploit vulnerabilities due
to human nature and the complexity of online
social networks, as discussed in “Trust and Privacy Exploitation in Online Social Networks,”
by Kaze Wong, Angus Wont, Alan Yeung, Wei
Fan, and Su-Kit Tang.
In addition to discussing issues around complex
privacy settings and the inconvenience caused by
enforcing security (which reduces sharing among
users), the authors observe that
t the strength of your security level is as weak
as that of your friend with the lowest level, and
t your data can be inferred even if you don’t
disclose it.
Furthermore, attackers have another significant opportunity to access user data: “An app
that looks like an interesting game might be
designed with the primary purpose of collecting your data. When installing such an app,
Online social networks present
a tremendous opportunity for
attackers to steal information,
spread viruses, and wreak havoc
on unsuspecting users.
you might have given the ‘game’ permission
(intentionally or unintentionally) to access your
profile, albums, and friends list.” Indeed, how
often do we casually give apps permission to access various information sources and systems
on our devices?
From malware to spam, scam, and phishing
(the authors site evidence that 70 percent of the
spam on Facebook leads to phishing websites),
to botnets, identity forgery, and excess permissions from application installation, online social
networks present a tremendous opportunity for
attackers to steal information, spread viruses, and
wreak havoc on unsuspecting users.
In case you think this is just theory, the authors present an experiment that illustrates five
attack approaches: malware, phishing, botnet,
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
17
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
GUEST EDITORS’ INTRODUCTION
identity forgery, and excess permission requests.
Although the experiment didn’t cause any harm,
the approach persuaded 97 percent of users who
installed the Facebook app to give the app permission to analyze their newsfeeds. In addition,
27 percent were tricked into a simulated upgrade
of a flash plug-in from a fake YouTube site, which
was potentially (not actually) malicious software.
The excess permissions allowed a social graph
containing almost 20,000 users, even though the
app was installed by only 276 people (with the
added bonus of social network analysis to identify hubs for more effective malware marketing).
Because users access their social networks on
the same devices that they bring to work, online
social networks can easily become a vector for
attacks on corporate data and system security
breaches.
Increasing yet Controlling
Accessibility
This issue also features related Data Analytics
and Securing IT departments, both of which
emphasize the need for enterprises to raise the
bar on usability and information access while
simultaneously establishing and monitoring
personal device usage, security, and access policies. These goals seem in opposition—on one
hand, increasing accessibility of information,
and on the other, controlling that accessibility
and dissemination. The trick is to use transparent approaches and a light touch, rather than
intrusive approaches that will only encourage
workarounds, by leveraging hardware monitoring and management technologies to isolate
corporate networks from malware and network
intrusions.
In addition to policy development, several classes of technology help IT organizations proactively
manage mobile device security threats, including
virtualization, walled gardens, and limited separation through a variety of mechanisms that allow
access of corporate and personal data on the same
device. Although these approaches are complex,
they provide viable mechanisms for dealing with
the inevitable mix of corporate and personal technologies, letting the enterprise reap the productivity benefits offered by BYOD while effectively
mitigating risks and threats.
The goal is to give users the information they
need, on the devices they use, from wherever they
18
work. That is the consumerization trend driven
by the macro forces of societal and technological
shifts.
he world has changed. This new world of
IT provides interesting opportunities and
challenges for organizations and IT professionals to deliver industrial grade “SAP-reliable”
services while keeping them “Google fast” and
“Apple simple.”1
T
Reference
1. H. McIlvaine, “SAP: Apple Simple, Google Fast,”
SAP News Center, 9 Nov. 2011; www.news-sap.
com /core-innovation-mobile-in-memor y-cloudsnabe.
____
Seth Earley is CEO of Earley & Associates (www.earley.
com).
He’s an expert in knowledge processes and customer
__
experience management strategies. His interests include customer experience design, knowledge management, content
management systems and strategy, and taxonomy development. Contact him at __________
seth@earley.com.
Robert R. Harmon is a professor of marketing and service innovation and Cameron Research Fellow at Portland
State University. His interests include IT-enabled service
innovation, technology marketing, and big data marketing.
Contact him at ___________
harmonr@pdx.edu.
Maria R. Lee is an associate professor in the Department of Information Technology and Management
at Shih Chien University, Taiwan. Her research interests include social media analytics, e-commerce, and
knowledge management. Contact her at _________
maria.lee@g2.
usc.edu.tw.
_______
Sunil Mithas is a professor at the Robert H. Smith School
of Business at the University of Maryland. His research
focuses on the strategic management and impact of information technology resources. Contact him at __________
smithas@rhsmith.
umd.edu.
_____
Selected CS articles and columns are available
for free at http://ComputingNow.computer.org.
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
CALL FOR PAPERS
39th Annual International
Computer, Software
& Applications Conference
July 1-5, 2015
Tunghai University
Taichung, Taiwan
www.compsac.org
COMPSAC 2015 Symposium on IT in Practice (ITiP)
COMPSAC is the IEEE Signature
Conference
on
Computers,
Software, and Applications. It
PZ H THQVY PU[LYUH[PVUHS MVY\T
for
academia,
industry,
and
government to discuss research
results, advancements and future
trends in computer and software
technologies and applications.
With the rapidly growing trend in
making computation and data both
mobile and cloud-based, such
systems are being designed and
deployed worldwide. However,
several challenges arise when they
are applied to different domains or
across domains. COMPSAC 2015
will provide a platform for in-depth
discussion of such challenges in
emerging application domains such
as smart and connected health,
wearable computing, internet-ofthings, cyber-physical systems,
and smart planet.
Important Dates:
January 17, 2015: Paper submissions
4HYJO!7HWLYUV[PÄJH[PVUZ
April 28, 2015: Camera-ready version
and registration due
This new COMPSAC symposium on IT in Practice (ITiP) is directed towards
the interests and needs of IT practitioners, application developers, IT
managers, and CXOs from business, industry, and government, as well
as academics and researchers. The symposium, co-sponsored by IT
Professional, is an interactive forum for sharing and gaining valuable
insights and experiences and for active engagement among technical
professionals around the globe. It aims to inspire professionals, executives,
and researchers to focus on diverse elements necessary to successfully
HYJOP[LJ[KLZPNULUNPULLYJVUÄN\YLHUKÄLSKHYHUNLVM0;HWWSPJH[PVUZPU
several domains. Topics of interest include the following:
Innovative & challenging IT applications
Deploying and managing large scale IT systems
Real world issues, concerns & challenges
Development & operational experiences
IT application design & validation
Emerging trends in enterprise IT
Strategic alignment of IT
IT workforce & IT workplace
Managing IT in practice
Opportunties & challenges of
C-level positions
Operational issues & insights
Crowd sourcing problems &
solutions
The research-practice nexus
IT-enabled business innovation
Case studies
Future perspectives
Authors are invited to submit original, unpublished research work and novel
computer applications in full-paper format. Simultaneous submission to other
publication venues is not permitted. The review and selection process for
submissions is designed to identify papers that break new ground and provide
Z\IZ[HU[PHSZ\WWVY[MVY[OLPYYLZ\S[ZHUKJVUJS\ZPVUZHZZPNUPÄJHU[JVU[YPI\[PVUZ
[V[OLÄLSK:\ITPZZPVUZ^PSSILZLSLJ[LK[OH[YLWYLZLU[HTHQVYHK]HUJLTLU[PU
[OLZ\IQLJ[VM[OLZ`TWVZPH[V^OPJO[OL`HYLZ\ITP[[LK(\[OVYZVMZ\ITPZZPVUZ
with a limited contribution or scope may be asked to revise their submissions
into a more succinct camera-ready format; e.g., workshop paper, fast abstract,
or poster to the main conference.
ITiP Symposium Co-Sponsored by:
Contact ITiP Symposium organizers
at cs_compsac-ITiP-2015@iastate.edu
_______________________
COMPSAC Sponsors:
www.compsac.org
COMPSAC Technical Co-Sponsors:
COMPSAC 2015 Local Host:
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
CONSUMERIZATION OF IT
Consumerization
in the IT Service
Ecosystem
Enrique Castro-Leon, Intel
Most available literature on IT consumerization focuses on current
practices. Exploring the driving forces behind consumerization is
essential, however, if IT organizations are to make sense of the current
dynamics of transformation and disruption and formulate effective
strategies in response.
T consumerization—also known as bring
your own device (BYOD)—refers to the practice of employees using mobile devices (such
as smartphones, tablets, or laptops) for work
activities in the workplace, at home, or while
traveling.1 BYOD can also involve bring your own
app (BYOA),2 and both practices are transforming IT by redefining its role in the enterprise. IT,
once a centralized technology purveyor, assessor,
and gatekeeper of information, is now becoming a facilitator in a more federated environment.
Consumerization has brought an inversion of
roles, where now users are driving technology
adoption and change.
This transformation hasn’t come without challenges,3 but it presents new opportunities for IT
departments to address requirements for increased
I
20
IT Pro September/October 2014
efficiency and nimbleness. BYOD practices can
also help organizations adapt to cultural change
and address the needs of the millennial generation,4,5 which expects devices to work and deliver
value in a corporate setting just as in a personal
setting. IT consumerization is thus a topic of interest to CIOs, CTOs, and solution architects alike.
However, most available literature focuses on
current practices—operational aspects1 or the
disruptive effects of BYOD policies.6 Exploring
the driving forces behind consumerization is an
essential exercise to make sense of the current
transformation and disruption dynamics and
ensure that IT continues delivering value to the
enterprise. Here, I briefly review two such forces—the changing relationship between workers
and employers and the redefining of enterprise
Published by the IEEE Computer Society
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
boundaries, both of which have been amply
documented.2,7 Then, I delve further to identify
a third, more fundamental force behind this
transformation—the move to a service-oriented
economy.
Revising the Worker-Employer
Relationship
The first force driving BYOD policies is the
changing relationship between workers and employers. The enterprise workforce has become
more diverse, especially in the wake of the financial sector’s 2008 crisis. In the last six years,
there’s been an increase in the number of transient staff8 —that is, contractors from workforce
augmentation agencies and service providers,
such as Volt and Kelly Services, as well as independent professionals and part-time employees.
The number of full-time employees—the traditional audience for IT services—is getting proportionately smaller,9 aided by the parallel trend
of cloud computing, which is the outsourcing of
infrastructure.
Members of this more transient workforce
bring their own tools. Relatively short tenures
mean that it’s not practical for these professionals to adopt the company’s existing tools and
processes. Temporary teams might bring tools
they’re comfortable with—such as tools for
project tracking and management or customerrelations management (CRM)—and use them
outside the IT department’s purview. Because
establishing a local infrastructure wouldn’t be
practical, such tools are usually based on software as a service (SaaS) and accessed through
mobile devices.
Even when corporate applications and data are
involved, employees entering the workforce, especially temporary employees, place less value on
corporate-issued tools and would rather use their
own devices—particularly if they’re temporary
employees.7 This puts an enormous amount of
pressure on IT departments to address these requests and support personal devices.
Redefining Enterprise Boundaries
The second force driving the consumerization of
IT is the rapidly shifting definition of enterprise
boundaries. Today, large corporations, such as
aircraft and automobile manufacturers, have
effectively become gigantic systems integrators
managing complex supply chains. Smaller companies follow the same dynamic to a lesser degree or participate in various supply networks.
A highly diverse community thus routinely accesses corporate applications and data. When application components or whole applications, such
as email messaging, get outsourced to the cloud,
the notions of what’s inside or outside the enterprise become blurry, with corporate processes
using resources beyond the traditional enterprise
perimeter.
In this environment, the diverse user community isn’t concerned about distinguishing
between internal and external resources; users expect to use the devices, data, and tools in
the same way they always have. Effectively, IT
no longer has control over devices that connect
with corporate data and applications. A heavyhanded approach to managing BYOD practices
will likely alienate users, who will ultimately
sidestep IT altogether. This quandary has no
A heavy-handed approach to managing
BYOD practices will likely alienate
users, who will ultimately sidestep IT
altogether.
simple solutions, but it’s important in understanding the dynamics behind this move to
consumerization.
Transitioning to a
Service-Oriented Economy
Both of the forces just described are in fact being
driven by a third, more fundamental transformation in the economy—the long-term and apparently irreversible transformation of the industry
moving away from a manufacturing- and product-centric focus. With globalization, the world
economy has instead become service-oriented.
For all advanced economies, the economic value
from financial, travel, legal, healthcare, and other
services exceeds that of manufacturing, agriculture, and extractive industries.
If we compare the GDP service component with
all other sectors as a metric, many countries made
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
21
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
CONSUMERIZATION OF IT
High-volume
servers
World
Wide Web
Shrink-wrapped
software vendors
Invented in 1989,12 the Web worked
because of three essential technology
components: HTML, URIs/URLs,
Desktop
PC computers
and HTTP, which allows informaIn-house
Service
tion exchange across the Web. Five
developers
networks
years later, the Web had been adopted
Independent
Laptop
across the world. The Web’s value is
software
SOA, corporate
computers
Cloud
in providing a universal, compatible
vendors
servicelets
service
human-to-machine interface that alproviders
lows access to data and applications
Third-party
across the Internet regardless of difservicelets
ferences in machine architecture.
The next step in technology evoluComposite
Mobile app
tion
occurred with the technical comcorporate apps
developers
(large IT)
munity’s realization that the Web was
Tablets
good not only for human-to-machine
API
manager
communication, but also for interopportals
Smart
erable machine-to-machine commudevices
nication. This realization led to the
SMB apps
development of Web services technol(small-scale IT)
ogy in the early 2000s. The services
came in two flavors: Simple Object
Consumer BYOD, BYOA
Sensor
Access Protocol (SOAP) and Repre(personal-scale IT)
networks
sentational State Transfer (REST).
Internet of Things
Finally, around 2007, service net(embedded IT)
works emerged, enabled by the ubiquitous adoption of the cloud. BYOD
Figure 1. The evolution of the service ecosystem, with main
is an example of a service network
milestones captured in the gold ovals. The left side shows the
application.
enabling hardware in blue, while the right shows in green the key
The gold ovals in Figure 1 repreactors that played a role in the service ecosystem’s evolution.
sent successive milestones in technology evolution, with enabling
hardware technologies shown in the blue boxes
this transition decades ago. For the US, it occurred
on the left and key actors shown in the green
in the years following the Second World War.10
boxes on the right. The Web allowed access to
According to the World Bank, in 2012, the service
increasingly large amounts of data stored in
sector represented about 79 percent of the US
high-volume servers by thousands and eventuGDP.11 Even for the People’s Republic of China—
ally millions of client computers—and today by
generally perceived as the premier manufacturing
billions of tablets and smart devices. As I now
country—the figure is 45 percent and increasing.11
describe, service networks’ emergence was initially facilitated by commonly accepted protocols
The Beginnings of Service-Oriented IT
and compatible software (including open source
The IT industry hasn’t been exempted from
software) running across Internet-connected
the transition to a service economy, but the remachines.
alignment started relatively late. The transformation to service-oriented IT, out of which
consumerization is a prime manifestation, can be
The Emergence of Service Networks
traced to three historical technology transitions:
Web services protocols allow programs and users
to access resources with just a URI. All negotiat the invention of the World Wide Web,
tion and handshaking between entities happen at
t the development of Web services technology, and
the time of access; this is called late binding. Witht the emergence of service networks.
out late binding, traditional systems required
Workstations
22
Web
services
Open source
software
vendors
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
Before
After
A1
A1
M
q
M
q
M
q
MqM
q
Corporate access
A3
A2
A3
A2
S7
S1
S5
S6
L1
L1’
L1’’
L2
L2’
L2’’
L3
L3’
L3’’
S2
S8
BYOD, BYOA access
S3
S9
S4
Enterprise perimeter
Cloud
Developer access
Figure 2. Transition from application stovepipes to service networks. Applications structured as vertical
stacks on the left get replaced by networks of service components on the right. Applications then must offer
multimodal access to employees using laptops, employees and temporary workers using their own devices,
and external developers, including mobile application developers.
significant context and configuration before any
information exchange was possible, introducing
considerable deployment overhead and restrictions. In order for these systems to work it was
necessary to compile all the source code together
or at least require that communicating entities
within the system use a narrow range of software
versions, possibly with components from the
same vendor. This state of affairs was obviously
unrealistic for Internet applications.
Systems that support late binding are said to
be loosely coupled. The traditional, strongly coupled application architectures mentioned earlier
must be assembled using a set of compatible
components. A new revision or a customization of an application might require a different
set of components, which might be functionally
equivalent but unable to function in both the
old and the updated environments. It’s also possible that one component can support only one
instance of the application, and therefore must
be replicated for each application instance. This
approach created unnecessary replication, bloat,
and complexity due to incompatible versions.
The availability of loosely coupled Web services allowed developers to factor out common
functions, which run as self-standing services.
An application needing the capability simply invokes that particular service.
In the initial state, in which strongly coupled
architecture was the norm—until early in the
decade of 2000—applications ran in stovepipes.
The left side of Figure 2 shows this initial state,
with three applications (A1, A2, and A3) that
each run a separate copy of the application on
dedicated hardware. With loosely coupled Web
services, capabilities common across multiple
stack instances are abstracted out in the form of a
service, implemented once, and accessed as a service. The duplicated stacks characterizing tightly
coupled, stovepiped applications morph into a
graph, with each node representing a coalesced
capability delivered as a service. The stovepipe
“forest” morphs into a service network (the right
side of Figure 2). Also, the enterprise perimeter
shrinks with fewer application instances, but
it also encompasses resources deployed in the
cloud. Finally, the re-architected application
must support multimodal access.
Each network node is a service component, or
servicelet, which is a self-standing application component accessible through a URI and discoverable
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
23
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
CONSUMERIZATION OF IT
through the Universal Description Discovery and
Integration (UDDI) registry using the Web Services Inspection Language (WSDL).
As Figure 2 shows, the three stack layers have
been re-architected as generic internal services
S2, S3, and S4 that can be sourced externally
(shown as S6, S8, and S9). Application A1 has
stringent security requirements and gets deployed with servicelets running in an internal
(private) cloud. Application A3 carries more
relaxed requirements and gets implemented as
a software-as-a-service (SaaS) application using
third-party sourced servicelets. Application A2 is
somewhere in between.
Servicelets are intended to be components
and thus might not be fully formed applications.
Today, servicelets typically run in a virtualized
environment hosted in a pool of servers. Operators can rebalance workloads across this pool by
managing how they’re launched or even by moving virtual machines around according to specific performance policies.
Service Component Externalization
and Composite Applications
Applications created from service components
are called composite applications; the architectural
style for building these applications is known as
a service-oriented architecture (SOA). As defined
in the mid-2000s, SOA’s primary goal is to radically reduce costs in IT delivery to the enterprise
by eliminating duplicate or redundant functions.
Specific functions are implemented just once
as a service, instead of instantiating a new copy
for every application. An example is Intel IT’s
Common Directory Information System (CDIS),
which is a repository of employee data. Applications that use employee data—such as payroll,
expense reporting, and the employee directory—
link to the CDIS.
Large organizations were the primary SOA
adopters. Because URIs are truly universal handles, it matters little whether the resource lives
inside or outside of the organization. IT departments thus realized that it wasn’t always desirable
or cost efficient to host generic services in house,
especially when such services were unrelated to
the organization’s line of business (as with email,
messaging, and even storage services).
The cloud’s emergence around 2007 was timed
perfectly to allow developers to realize the benefits
24
of service networks. A little-documented side effect of the transition to composite applications is
that, while service components might have begun
as in-sourced service components within enterprise boundaries, in reality, there were no fundamental reasons why they couldn’t be outsourced.
Applications such as payroll, expense reporting,
and job postings could be conveniently outsourced to third parties who could take advantage
of economies of scale to run the application at a
lower cost than if it were hosted in house.5
From Service Networks
to Consumerization
The externalization drivers just described were
purely economic: third parties offered servicelets
at a lower cost than the in-sourced equivalent due
to two factors. First, as hinted at earlier, providers specializing in a specific type of service could
develop skills and knowledge to build and deliver
these services more efficiently than corporate IT
departments. Second, a virtualized cloud infrastructure let IT amortize physical assets over a
larger customer base, which allowed economies
of scale well beyond that of a corporation’s few
internal clients. However, the involvement of
multiple parties has security and quality of service implications; solutions to such issues are
still works in progress (and beyond this article’s
scope). Still, the economics of composite applications are so compelling that these issues haven’t
deterred their deployment in areas in which the
risks are manageable.
The synergy between cloud and service networks
manifested in multiple back and forth movements
in offered capabilities. The first, as I described earlier, was the externalization of servicelets. A second
manifestation was in third parties offering fully
formed applications. Pioneering examples here include Web-based mail applications (such as Google
Mail and Yahoo! Mail) and Salesforce.com’s CRM
application. Figure 1 (center) shows how legacy
applications for large IT or corporate IT were reengineered as composite applications; initially,
the applications used internal servicelets, but they
eventually included third-party servicelets as well
when economics justified the replacement. As the
industry has experienced the learning curve with
composite applications, economies of scale have
been attained that have extended composite applications’ reach to audiences without the technical
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
savvy or deep pockets of large corporations. This
has gradually delivered service networks’ value to
small and medium businesses (SMBs) and individual consumers, ensuring their applicability for
small-scale IT and personal IT and leading to IT’s
democratization,13 as Figure 1 shows.
Servicelets have reached individual consumers
in the form of the thousands of applications available through Google Play, the Apple App Store,
and portals such as Dropbox. In this environment,
sales managers familiar with the Salesforce.com
CRM continue using their own accounts with their
teams, and team members use their personal tablet
smart devices to link to their manager’s account.
Assuming the IT department allows such practices, BYOA and BYOD is at this point achieved.
As Figure 1 shows, the appearance of API
manager portals14 facilitated this transition to
BYOD and BYOA. The underlying dynamic
is reverse externalization, in which in addition to
using external servicelets, organizations realize that exposing certain corporate applications
externally—both as servicelets and through selfcontained Web browser access—allows them to
activate additional revenue streams or increase
their marketplace presence. Examples include
travel reservation systems, supply chain networks, and shopping networks such as Amazon
or eBay, which have become the marketplace for
a vast network of sellers and resellers.
Such capabilities are accessible to third-party
developers through API manager portals that
make it relatively easy to build mobile front ends
to cloud capabilities. Front-end services have also
gone through a notable evolution, in which traditional PC Web access has been augmented to enable application access through mobile devices.
API managers become new integration points
of formerly internal functions hosted through
cloud service providers and hosting software
from independent software vendors. Mobile app
developers become the new integrators.
“Native” servicelets are intended to support
cloud-based composite applications. In practice,
however, it’s possible to “servitize” legacy applications, retrofitting them as servicelets by slapping an API on top of the application. Conversely,
software designed as a servicelet can be made to
behave as a self-standing application through a
thin GUI that calls the servicelet’s API (see the
right side of Figure 2).
The bottom line, as Figure 2 shows, is that
the re-engineered application must support
multimodal access—that is,
t traditional access by corporate employees,
t BYOD and BYOA access by the general public,
and
t app developers interacting through the company’s published interface in an API portal.
Once servicelets “escaped” into the wild as
third-party offerings available to any developer,
new business opportunities surfaced and developers started building applications that previously would have been created inside the enterprise.
Because the ecosystem involved is essentially the
whole computer industry, including corporate
and individual consumers, the rate of evolution
has accelerated quickly. Most new applications
don’t remain in use, but the ones that survive can
develop a customer base of hundreds of thousands in just a few months.
Consumerization developed in this context,
with a profound economic effect: expensive data
centers costing hundreds of millions to billions
of dollars delivered applications accessible to
consumers for at most a few dollars per month.
The audience for these applications grew from
a single corporate customer wanting a complete
solution stack built in-house to a few hundred
large corporations, which then grew to a few tens
of thousands of small and medium businesses
(SMBs) and then tens of millions of individual
users. Under the consumerization paradigm, individual users became familiar with these applications and brought them back to the enterprise,
completing a full circle.
A strong contributing factor here is the preferences of the millennial generation, which
is just entering the workforce and grew up in
this environment. From this perspective, it
makes perfect sense to continue this modality at work, using personal devices—whether a
mobile device or a PC client—to connect to the
cloud-based applications behind them. This
is what brings us to the notion of BYOD and
BYOA today.
What about tomorrow? BYOD is primarily
(and once again) human-to-machine interaction. There are inklings of a new circle starting
with machine-to-machine interactions in the
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
25
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
CONSUMERIZATION OF IT
form of an Internet of Things—that is, devices
such as printers, Web cams, and drones acting
as network nodes. Outsourced printers are becoming ubiquitous, with printers deployed on
premises, managed by a service provider as a
service, with the customer paying for the page
count.
hanges brought by IT consumerization
will likely redefine IT’s role. What we see
now is actually the proverbial tip of the
iceberg, driven by long-running trends of economics and technology evolution. The transition
to a service economy in advanced economies is
fundamentally changing relationships between
organizations and workers and, in the process,
transforming how IT is delivered to constituents.
Consumerization also reflects the blurring of enterprise boundaries, in part due to these changing
relationships.
So, do IT departments risk irrelevance, becoming the caretaker of an ever-shrinking core
of enterprise capabilities while business units
meet their own technology needs through thirdparty services? A risk, yes. A predestined outcome? Not necessarily, given the appropriate
strategy. Outcomes from prior crises have demonstrated that IT can transform itself and deliver
better business value to the enterprise than a freefor-all alternative. This occurred in the early
1990s, when the glacial rate of development and
deployment of mainframe-based applications led
business units to started running spreadsheets on
shrink-wrapped software outside of IT’s purview.
At that point, the industry adopted client-server
and three-tier architectures on volume servers. A
second crisis was the crash in demand after the
Y2K crisis ended. IT’s response was higher efficiencies through a restructuring of applications behind the service paradigm and taking advantage of
cloud technology. Consumerization is a reflection
of these economic efficiencies now reaching individual consumers, who might also be employees.
Finally, consumerization must be recognized
as a strategic trend; looking at it solely from a
tactical approach—as end points to be managed
and regulated, for example—would be ineffective. Organizations have an opportunity to rethink current processes and look for new value
vectors and partnerships with the business.
C
26
For example, with increasing process maturity,
BYOD and BYOA instances can be integrated
into current Business Process Model and Notation (BPMN) and Business Process Execution
Language (BPEL) activities to determine how
they dovetail into existing workflows, providing objective criteria to distinguish useful applications from the frivolous. Today’s state of
the art doesn’t allow an implementation of this
capability.
Rethinking current technology adoption strategies and putting retraining plans in effect won’t
be an easy path, but it will allow IT departments
to continue delivering value to the enterprise—
and therefore ensure its continued relevance.
References
1. Bring Your Own Devices Best Practices Guide: A Practical Guide for Implementing BYOD Programs at Your
Organization, Good Technologies/Dell Inc., 2012;
http://i.dell.com /sites/doccontent /business.smb/
sb360/en
/Documents/good-byod-best-practices________________________________
guide.pdf.
______
2. J. Bughin, A.H. Byers, and M. Chui, “How Social
Technologies Are Extending the Organization,”
McKinsey Quarterly, Nov. 2011; www.mckinsey.com/
insights/high_tech_telecoms_internet/how_social_
________________________________
technologies_are_extending_the_organization.
____________________________
3. C. Boulton, “Failed iPAD Experiment Shows BYOD
Belongs in Schools,” blog, The Wall Street J., 15 Oct.
2013; http://blogs.wsj.com/cio/2013/10/15/failed-ipad____________________________
experiment-shows-byod-belongs-in-schools.
__________________________
4. A.M. Cullen, “BYOA is the New BYOD,” blog,
MobileIron, 3 Aug. 2013; www.mobileiron.com/en/
smartwork-blog/enterprise-mobility-management________________________________
byoa-new-byod.
_________
5. E. Castro-Leon, J. He, and M. Chang, “Scaling
Down SOA to Small Businesses,” Proc. IEEE Int’l
Conf. Service-Oriented Computing and Applications, 2007,
pp. 99–106.
6. Justyn Howard, “Why BYOA is Killing Your Social
Media Efforts,” Huffington Post, 23 April 2013; www.
___
huffingtonpost.com/justyn-howard/bring-your-own________________________________
apps-social-media_b_3141414.html.
_____________________
7. The Consumerization of IT: The Next Generation CIO,
report, Center for Technology Innovation, PriceWaterhouseCoopers, Nov. 2011; www.pwc.com/us/
en/technology-innovation-center/consumerization________________________________
information-technology-transforming-cio-role.jhtml.
________________________________
8. Elizabeth G. Olson, “The Rise of the Permanently
Temporary Worker,” Fortune Magazine, 5 May 2011;
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
9.
10.
11.
12.
13.
14.
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
http://for
tune.com /2011/05/05/the-rise-of-the________________________________
permanently-temporary-worker.
___________________
W. Goodwin, “IT Departments to Shrink Dramatically Within Five Years as Cloud Takes Over,” ComputerWeely.com, 17 June 2013; www.computerweekly.
com/news/2240186146/IT-departments-to-shrink________________________________
dramatically-within-five-years-as-cloud-accelerates.
_______________________________
Z. Kenessey, “The Primary, Secondary, Tertiary and
Quaternary Sectors of the Economy,” Review of Income
and Wealth, vol. 33, no. 4, 1987, pp. 359–385.
The World Bank, Services, etc., Value Added (% of GDP),
World Development Indictors, 2009–2013; http://
____
data.worldbank.org/indicator/NV.SRV.TETC.ZS.
______________________________
History of the Web, World Wide Web Foundation;
www.webfoundation.org/vision/history-of-the-web.
E. Castro-Leon, J. He, and M. Chang, The Business
Value of Virtual Service Grids, Intel Press, 2008.
Leverage the Power of APIs to Turbocharge Your Mobile
Strategy, white paper, Intel, 2014.
Enrique Castro-Leon is an enterprise architect and technology strategist with the Intel Data Center Engineering
Group. His research interests include enterprise IT solution integration, cloud and service engineering, and internal
processes for organizational transformation under emerging
service paradigms enabled by cloud computing. He is the lead
author of The Business Value of Virtual Service Grids:
Strategic Insights for Enterprise Decision Makers
(Intel Press, 2008) and Creating the Infrastructure
for Cloud Computing: An Essential Handbook for
IT Professionals (Intel Press, 2011). Castro-Leon has a
PhD in electrical engineering from Purdue University. Contact him at enrique.g.castro-leon@intel.com.
__________________
Selected CS articles and columns are available
for free at http://ComputingNow.computer.org.
EXECUTIVE STAFF
PURPOSE: The IEEE Computer Society is the world’s largest association
of computing professionals and is the leading provider of technical
information in the field.
MEMBERSHIP: Members receive the monthly magazine Computer,
discounts, and opportunities to serve (all activities are led by volunteer
members). Membership is open to all IEEE members, affiliate society
members, and others interested in the computer field.
COMPUTER SOCIETY WEBSITE: www.computer.org
Next Board Meeting: 16–17 Nov. 2014, New Brunswick, NJ, USA
EXECUTIVE COMMITTEE
President: Dejan S. Milojicic
President-Elect: Thomas M. Conte; Past President: David Alan Grier;
Secretary: David S. Ebert; Treasurer: Charlene (“Chuck”) J. Walrad; VP,
Educational Activities: Phillip Laplante; VP, Member & Geographic
Activities: Elizabeth L. Burd; VP, Publications: Jean-Luc Gaudiot; VP,
Professional Activities: Donald F. Shafer; VP, Standards Activities: James
W. Moore; VP, Technical & Conference Activities: Cecilia Metra; 2014
IEEE Director & Delegate Division VIII: Roger U. Fujii; 2014 IEEE Director
& Delegate Division V: Susan K. (Kathy) Land; 2014 IEEE Director-Elect &
Delegate Division VIII: John W. Walz
BOARD OF GOVERNORS
Term Expiring 2014: Jose Ignacio Castillo Velazquez, David S. Ebert,
Hakan Erdogmus, Gargi Keeni, Fabrizio Lombardi, Hironori Kasahara,
Arnold N. Pears
Term Expiring 2015: Ann DeMarle, Cecilia Metra, Nita Patel, Diomidis
Spinellis, Phillip Laplante, Jean-Luc Gaudiot, Stefano Zanero
Term Expriring 2016: David A. Bader, Pierre Bourque, Dennis Frailey, Jill
I. Gostin, Atsuhiro Goto, Rob Reilly, Christina M. Schober
Executive Director: Angela R. Burgess; Associate Executive Director &
Director, Governance: Anne Marie Kelly; Director, Finance & Accounting:
John Miller; Director, Information Technology & Services: Ray Kahn;
Director, Membership Development: Eric Berkowitz; Director, Products &
Services: Evan Butterfield; Director, Sales & Marketing: Chris Jensen
COMPUTER SOCIETY OFFICES
Washington, D.C.: 2001 L St., Ste. 700, Washington, D.C. 20036-4928
Phone:
GFax: +1 202 728 9614
Email: ___________
hq.ofc@computer.org
Los Alamitos: 10662 Los Vaqueros Circle, Los Alamitos, CA 90720
Phone:
GEmail: help@computer.org
_________
MEMBERSHIP & PUBLICATION ORDERS
Phone:
GFax:
GEmail: help@computer.org
_________
Asia/Pacific: Watanabe Building, 1-4-2 Minami-Aoyama, Minato-ku, Tokyo
,;,9G$3:90
GFax:
G
Email: ____________
tokyo.ofc@computer.org
IEEE BOARD OF DIRECTORS
President: J. Roberto de Marca; President-Elect: Howard E. Michel; Past
President$0?0=*&?,0.60=; Secretary: Marko Delimar; Treasurer:
John T. Barr; Director & President, IEEE-USA: Gary L. Blank; Director
& President, Standards Association: Karen Bartleson; Director & VP,
Educational Activities: Saurabh Sinha; Director & VP, Membership and
Geographic Activities: Ralph M. Ford; Director & VP, Publication Services
and Products: Gianluca Setti; Director & VP, Technical Activities: Jacek
M. Zurada; Director & Delegate Division V: Susan K. (Kathy) Land;
Director & Delegate Division VIII: Roger U. Fujii
revised 23 May 2014
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
27
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
CONSUMERIZATION OF IT
Trust and Privacy
Exploitation in
Online Social
Networks
Kaze Wong, Macao Polytechnic Institute
Angus Wong, The Open University of Hong Kong
Alan Yeung and Wei Fan, City University of Hong Kong
Su-Kit Tang, Macao Polytechnic Institute
This survey presents the pitfalls of security protection in online social
networks and identifies common attack methods. A harmless proof-ofconcept malware app demonstrates the vulnerability of online social
networks and the significance of the user’s mentality.
nline social networks let users keep
in touch with families, friends, and
colleagues in an easy and convenient
way, but they also present various security risks. Large-sale online social networks
have become very popular owing to advances in
network and mobile technologies.1,2 Their popularity has, in turn, drawn the attention of attackers and intruders, who want to exploit this large
population to spread malware or steal personal
information. Some online social networks, such
as Facebook, LinkedIn, and Google+, require
users’ real identity. Online social networks also
preserve a great amount of users’ confidential
and financial information, including credit card
information.
O
28
IT Pro September/October 2014
There are two major types of attacks in online
social networks. The first is accomplished by
exploiting security loopholes in the networks,
and the second is accomplished by abusing trust
among users. The second type can sometimes
be easier to accomplish, because humans aren’t
always cautious. We focus here on this type of
attack, discussing the pitfalls of the security in
social networks and popular attack methods that
exploit the user’s trust. We also present a proofof-concept Facebook app to demonstrate the
risks in social networks.
Security Pitfalls in Social Networks
Online social networks involve many services,
stakeholders, user behaviors, and business
Published by the IEEE Computer Society
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Related Work in IT Pro
t
considerations, resulting in a complicated security
paradigm with the following pitfalls.
t
Confusing and Complicated Settings
Social network companies are looking for ways to
make money. They’re introducing new products
and services, such as video advertising, multimedia
streaming, and automated photo tagging, and are
trying to expand payment services. They’re also
attempting to debut mobile tools and apps to
exploit the fast-growing mobile market.
Such endeavors might make the social network
look more versatile and state of the art, but they
might also complicate the network and make it
more difficult to ensure there’s a unified strategy
for controlling privacy and security.
Convenience over Security
Enforcing security measures can result in higher
operational costs and lower performance, but
social network providers are likely even more
concerned with any inconveniences the security
measures cause in terms of users sharing content
or developers distributing apps. Such inconveniences can hinder attempts to obtain a bigger
market share.
Consequently, the default privacy settings in
social networks are commonly set to a level favorable for sharing (and thus less secure).
t
t
t
K.W. Miller and J. Voas, “Who Owns What? The
Social Media Quagmire,” IT Professional, vol. 14,
no. 6, 2012, pp. 4–5; doi: 10.1109/MITP.2012.116.
M. Chau et al., “A Blog Mining Framework,”
IT Professional, vol. 11, no. 1, 2009, pp. 36–41;
doi: 10.1109/MITP.2009.1.
J.R. Michener, “Defending Against User-Level Information Exfiltration,” IT Professional, vol. 14, no. 6,
2012, pp. 30–36; doi: 10.1109/MITP.2011.112.
A.K. Jain and D. Shanbhag, “Addressing Security
and Privacy Risks in Mobile Applications,” IT Professional, vol. 14, no. 5, 2012, pp. 28–33; doi: 10.1109/
MITP.2012.72.
R. Jain and D. Sonnen, “Social Life Networks,” IT Professional, vol. 13, no. 5, 2011, pp. 8–11; doi: 10.1109/
MITP.2011.86
networks can sometimes require more than just
a technical solution.
New Incentives for Attackers
User data is essential for many business opportunities, which presents incentives for various
The strength of your security level is
as weak as that of your friend with the
lowest level of security.
Friends’ Influence on Privacy Control
Your data’s security also depends on the security settings of the friends with whom you
share content. For example, even if you have a
high security setting, if you share your content
with friends, and one of your friends is hacked,
your data will be exposed to the attacker. Thus,
the strength of your security level is as weak
as that of your friend with the lowest level of
security.
Inferred Information
Even if you don’t disclose your information,
it can be inferred by analyzing your and your
friends’ shared content. For example, suppose
that you haven’t entered any personal information in your profile. However, if your friends
tell Facebook that they are from college ABC,
and in many of your group photos, you’re with
those people at the college, then you’re probably
from the same college. Ensuring privacy in social
attacking or intrusion activities. The data—user
profiles, posted text messages, shared pictures, or
“like” actions—can be harnessed to help advertisers better market their products.
Various apps and people thus use different approaches to try to collect as much data from you
as possible. One way to achieve this legitimately
is to have your permission. In fact, an app that
looks like an interesting game might be designed
with the primary purpose of collecting your data.
When installing such an app, you might have
given the “game” permission (intentionally or unintentionally) to access your profile, albums, and
friends list.
Common Attack Methods
Here, we introduce possible attack methods for
online social networks, which we used in our
proof-of-concept Facebook app.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
29
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
CONSUMERIZATION OF IT
Malware
Identity Forgery
Malware is malicious software that appears in the
form of codes/scripts or other kinds of software.
Hackers can use it to collect sensitive user information. Hackers can spread malware in online
social networks by sharing malicious URLs that
direct users to third-party websites, where the users are asked to download a (malware) file. If a user
downloads and executes the file, he or she will become infected and will in turn send the same malicious URLs to his or her friends. For example,
a malware named “Ice IX” has stolen credit card
information from many Facebook users.3
Identity forgery happens when an attacker accesses someone’s private information and uses it
to pretend to be that person. It occurs not only
in real world but also in online social networks.9
Spam, Scams, and Phishing
Because of the trust relationship among users of
online social networks, these networks are effective places for advertising, phishing, and scamming in the form of spam. Social spam can cause
traffic overload, result in a loss of trust,4 as well
Social spam can cause traffic overload,
result in a loss of trust, as well as
consume system bandwidth and
compromise user patience.
as consume system bandwidth and compromise
user patience.5 Besides advertising, phishing
can also take advantage of the privacy leakage
in online social networks. More than 70 percent
of the spam on Facebook advertises phishing
websites.6
Botnet
A botnet is formed by compromising a number
of computers on the Internet. Attackers can control botnets by sending messages through online social networks.7 Elias Athanasopoulos and
his colleagues performed an experiment to turn
Facebook into a botnet.8 They developed an application that would export HTTP requests to a
victim host. In an estimate of their botnet’s firepower, they claimed that if an attacker deployed
a malicious app with millions of users, the victim
host would have to serve hundreds of Gbytes of
unwanted data per day.
30
Excess Permissions
People can access online social networks using
smartphone apps. Before installation, these apps
ask users for certain permissions, such as access
to contacts or photos stored on the phone, although some permissions aren’t actually necessary for the provided function.
Another form of excess permission is requested
by third-party apps on online social networks. For
example, people can use third-party apps on Facebook to play games or share photos and videos.
Some apps request access to the personal data of
the user’s friends or request permission to post
messages on user’s behalf. This can be dangerous
if the apps use the data in unlawful ways, and it
can lead to privacy leakage.
Our Proof-of-Concept Facebook App
In our experiment, we first created a proofof-concept Facebook app, which is a harmless
malware. Our app is a social game bonus collector, which automatically collects game bonuses
shared by friends of the user. By default, after
installation, a Facebook app can access a user’s
name, gender, networks, and friend list. Our app
requests three extended permissions from the
user:
t FNBJM—permission to obtain the user’s email
address;
t SFBE@TUSFBN—permission to read all posts (status updates, pictures, or links) in the user’s
newsfeed; and
t QVCMJTI@BDUJPOT—permission to, on the user’s behalf, publish posts on the user’s wall, comment
on others’ posts, and “like” posts published by
others.
(See http://developers.facebook.com/docs/
for more
information.)
The app seemingly has two main functions: analyze the newsfeed and present a tutorial. By reading
the user’s newsfeed, the app can filter game bonus
posts and extract the links to claim the bonuses au-
reference/login/extended-permissions
____________________________
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Facebook
database
ss
ck
ce
ba
Ac
ed
Fe
Feedback
Access
tomatically. After claiming the game bonuses, the app posts to the user’s wall to
Attacker’s
advertise the app to others. A video tudatabase
Fake video website
App API
k
ac
torial, which redirects users to a videodb
e
Fe
s
Link
sharing website, teaches people how to
es
cc
A
Use
Facebook app
use the app.
App engine
Call
program
However, in reality, the app is imApp user
Our facebook app
Control
plicitly performing additional tasks. It
Attacker’s server
Facebook server
accesses the user’s friend list to conAttacker
struct a social graph and analyze the
various relationships. It also reads the Figure 1. System diagram of our proof-of-concept experiment. The
user’s newsfeed to analyze not only the diagram includes malware, phishing, botnet, identity forgery, and
user’s posts but also his or her friends’ excess permissions activities.
activities. Finally, the “watch tutorial”
function redirects users to a bogus
In our proof-of-concept Facebook app, the
website that looks similar to a well-known corfive attacking methods discussed earlier were or
porate website, where users are asked to upgrade
could be used. The malicious app, with excess
a browser plug-in before watching the video. The
permissions granted by users, can
download link then points to a malicious file.
Figure 1 shows the system architecture of our
t obtain users’ email address so attackers can
proof-of-concept program, in which we’re actspam them,
ing as an attacker. The server is fully controlled
t post to users’ wall on their behalf so the app
by us (the attacker). The Web server (www.ni______
can attract other users, and
hacking.com)
_________ is used to host a fake website that
z read all posts in users’ newsfeed for information
can do phishing and spread malware. The applianalysis.
cation server is used to host our Facebook app
program, which we refer to as the 'BDFCPPL BQQ
In addition, the fake YouTube site can lead to
FOHJOF.
phishing and botnet attacks.
Operations
Here, we outline the operations of our proof-ofconcept experiment.
First, we post a link to the app on our Facebook
walls, recommending the app to our friends (see
Figure 2a). When our friends see it and click on
the link, the installation process starts. During the
process, some access permissions are requested
(see Figure 2b).
In our app, users can choose the “analyze newsfeed”
function, as shown in Figure 2c. The function will
be provided to users, but meanwhile, our app can
secretly reads all posts from the users and stores
them in our (attacker) server for data analysis.
Or, if users choose the “watch tutorials” function,
they’re redirected to a fake YouTube site, where
they’re asked to upgrade a browser plug-in to
watch the video tutorials (see Figure 2d). When the
users click on the download link, the system links
to a malicious malware. (In our system, we just link
to the download page of Adobe Flash so that users
aren’t actually attacked.)
Results and Discussions
Our experiment shows how privacy can easily be
violated:
t user feeds can be obtained and harnessed;
z friends lists can be obtained to perform social
network analysis or to build a larger pool of
potential victims;
z phishing can be done by redirecting to a bogus
site to further steal users’ data; and
t malware can be downloaded to affect users’
computers.
As of this writing, 276 people have installed
our app. Of those, 97.1 percent have selected the
“analyze newsfeed” function, and 27.20 percent
have downloaded the potentially malicious software.
Furthermore, based on the friends lists secretly taken
by our app, we could build a social graph containing
19,763 people, representing a large pool of potential
victims. More importantly, we could analyze
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
31
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
CONSUMERIZATION OF IT
(a)
(b)
(d)
(c)
Figure 2. Screenshots of our proof-of-concept Facebook app: (a) posting an app recommendation
to the wall, (b) the malicious app requesting some permissions, (c) the app reading all posts in
the users’ newsfeeds while “analyzing” the newsfeed, and (d) a user being redirected to a fake
YouTube site.
this social network to identify the hub (the most
important person), allowing for better marketing or
more targeted attacks.
ur experiments have shown that people
grant permissions without always understanding what an app can do with them.
Users granted permission to our app mainly because they thought the app recommended by
us should be trustworthy. Clearly, trust can be
abused, creating opportunities for attackers.
What happens if someone steals your identity and
posts a malicious app to your wall?
By taking a few countermeasures, users can
avoid attacks such as the one outlined in our
experiment. Before installing an app, users
should carefully check what permissions the app
requests. If unnecessary or excessive permissions
are requested, users shouldn’t install the app.
O
32
Furthermore, users should
t be mindful when the app is trying to redirect
them to another site, because bogus sites can
be well disguised;
z validate the URL to avoid accessing phishing
sites (in our app, the URL of the redirected video
site is www.ni-hacking.com, so even though the
website looks like a YouTube site, users should
be able to identify it);
z review their privacy and security control settings
periodically, because social networks often add
new features and services that can introduce
loopholes and opportunities for attackers; and
t periodically check the information that third
parties are accessing.
Users tend to trust the content of requests
in social networks, due to their inherent
trust of their friends and the social network
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
platform. However, users need to understand
that attackers can easily exploit this trust,
despite the technical aspects of their security
settings.
UIFHPWFSONFOU)JTSFTFBSDIJOUFSFTUTJODMVEF*OUFSOFUTZT
UFNT OFUXPSL JOGSBTUSVDUVSF TFDVSJUZ BOE TPDJBM OFUXPSL
BOBMZTJT8POHIBTB1I%JO*5GSPNUIF$JUZ6OJWFSTJUZ
PG)POH,POH$POUBDUIJNBUBLZXPOH!PVILFEVIL
______________
Acknowledgments
Alan Yeung JT BO BTTPDJBUF QSPGFTTPS JO UIF %FQBSUNFOU
PG&MFDUSPOJD&OHJOFFSJOH$JUZ6OJWFSTJUZPG)POH,POH
BTXFMMBTBDPOTVMUBOUJODPNQVUFSOFUXPSLJOHBOEDPN
NVOJDBUJPO TZTUFNT GPS HPWFSONFOU BOE DPSQPSBUF DMJFOUT
)JTSFTFBSDIJOUFSFTUTJODMVEFOFUXPSLJOGSBTUSVDUVSFTFDV
SJUZ NPCJMF DPNNVOJDBUJPO TZTUFNT BOE *OUFSOFU DBDIJOH
TZTUFNT:FVOHJTBMTPBDUJWFJOQSPWJEJOHDPOTVMUBODZTFS
WJDFTUPMPDBMJOEVTUSZJOUIFBSFBTPGDPNQVUFSOFUXPSLJOH
BOEDPNNVOJDBUJPOTZTUFNT)JTDMJFOUTJODMVEFHPWFSONFOU
BHFODJFTBOEMJTUFEDPNQBOJFT$POUBDUIJNBUFFBZFVOH!
______
DJUZVFEVIL
_______
5IJTXPSLXBTTVQQPSUFECZUIF.BDBV4DJFODFBOE5FDIOPMPHZ
%FWFMPQNFOU'VOE"
References
1. K.Y. Wong, “Cell Phones as Mobile Computing
Devices,” *5 1SPGFTTJPOBM, vol. 12, no. 3, 2010,
pp. 40–45.
2. K.Y. Wong, “The Near-Me Area Network,” *&&&
*OUFSOFU$PNQVUJOH, vol. 14, no. 2, 2010, pp. 74–77.
3. E. Protalinski, “Ice IX Malware Tricks Facebook Users
to Enter Credit Cards Details,” ZDNet, 3 Apr. 2012;
http://www.zdnet.com/blog/security/malware-tricks________________________________
facebook-users-into-exposing-credit-cards/11297.
______________________________
4. A.A. Hasib, “Threats of Online Social Networks,” *OUM
+ $PNQVUFS 4DJFODF BOE /FUXPSL 4FDVSJUZ, vol. 9, no. 11,
2009, pp. 288–293.
5. F. Benevenuto et al., “Detecting Spammers and
Content Promoters in Online Video Social Networks,”
*OUM"$.$POG3FTFBSDIBOE%FWFMPQNFOUJO*OGPSNBUJPO
3FUSJFWBM(SIGIR 09) 2009, pp. 620–627.
6. H. Gao et al., “Detecting and Characterizing Social Spam
Campaigns,” 1SPD UI "OO $POG *OUFSOFU .FBTVSFNFOU,
2010, pp. 35–47.
7. R. Singel, “Hackers Use Twitter to Control Botnet,” 8JSFE,
13 Aug. 2009, www.wired.com/threatlevel/2009/08/
botnet-tweets.
________
8. E. Athanasopolous et al., “Antisocial Networks:
Turning a Social Network into a Botnet,” *OGPSNBUJPO
4FDVSJUZSpringer, 2008, pp. 146–160.
9. J. Kim, “Identity Hijacking on Social Media,” blog,
Oct. 2012; www.futureofsocialnetwork.com/2012/10/
identity-hijacking-on-social-media.html.
________________________
Wei Fan JTBEPDUPSBMTUVEFOUJOUIF%FQBSUNFOUPG&MFD
USPOJD&OHJOFFSJOHBUUIF$JUZ6OJWFSTJUZPG)POH,POH
)FSSFTFBSDIJOUFSFTUTJODMVEFDPNQMFYOFUXPSLTBOETPDJBM
OFUXPSLBOBMZTJT'BOIBTBO.1IJMJOFMFDUSPOJDFOHJOFFS
JOHGSPNUIF$JUZ6OJWFSTJUZPG)POH,POH$POUBDUIFSBU
GBOXFJGX!HNBJMDPN
_____________
Su-Kit Tang JTBMFDUVSFSBUUIF.BDBP1PMZUFDIOJD*OTUJ
UVUF .BDBV )F JT BMTP BGGJMJBUFE XJUI UIF *1W /FUXPSL
3FTFBSDI-BCPSBUPSZJOUIFJOTUJUVUF)JTSFTFBSDIJOUFSFTUT
JODMVEF UIF TFDVSJUZ PG *1W OFUXPSL QSPUPDPM PQFSBUJPOT
USVTUBOEQSJWBDZJTTVFTJOPOMJOFTPDJBMOFUXPSLTBOEQFS
GPSNBODFJNQSPWFNFOUJOBEIPDSPVUJOHVTJOHOFUXPSLDPE
JOH5BOHIBTB1I%JODPNQVUFSTDJFODFGSPN4VO:BU4FO
6OJWFSTJUZ$IJOB$POUBDUIJNBUTLUBOH!JQNFEVNP
____________
Selected CS articles and columns are available
for free at http://ComputingNow.computer.org.
Kaze Wong JTBSFTFBSDIFSBUUIF.BDBP1PMZUFDIOJD*O
TUJUVUFBOEBHSBEVBUFTUVEFOUJOFMFDUSPOJDBOEJOGPSNB
UJPOFOHJOFFSJOHBUUIF$JUZ6OJWFSTJUZPG)POH,POH)F
IBT GJOJTIFE B OVNCFS PG MBSHFTDBMF HPWFSONFOUGVOEFE
QSPKFDUTPO*OUFSOFUTFDVSJUZ)JTSFTFBSDIJOUFSFTUTJODMVEF
OFUXPSLTFDVSJUZDPNQMFYOFUXPSLTRVFVJOHTZTUFNT*O
UFSOFU DPNQVUJOH BOE NPCJMF DPNQVUJOH $POUBDU IJN BU
LB[FDZXPOH!HNBJMDPN
_______________
Angus Wong JT UIF QSPHSBN MFBEFS PG UIF &OHJOFFSJOH
4DJFODFTUFBNJOUIF0QFO6OJWFSTJUZPG)POH,POH)F
IBT VOEFSUBLFO B OVNCFS PG OFUXPSLSFMBUFE QSPKFDUT GPS
www.computer.org/itpro
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
33
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: ADVANCED VIDEO TELEOPERATION
Low-Cost
3D-Supported
Interactive Control
Enrico Masala, Antonio Servetti, and Angelo Raffaele Meo, Politecnico di Torino, Italy
Devices for stereoscopic vision are mostly used for entertainment. The
prototype device presented here for 3D-video-supported interactive
control is based on consumer devices and open source software, paving
the way for low-cost general-purpose systems for remote operation,
education, training, and surveillance.
or decades, researchers have been experimenting with real-time multimedia services with 3D technology support. Such
services have been used in specialized
contexts—such as in the entertainment industry,
for teleoperation, and in critical applications—but
have mostly relied on special-purpose hardware.
Given recent advances in 3D technology and the
increasing diffusion of low-cost 3D devices in
the consumer market—including 3D TVs, mobile phones, and gaming devices—wouldn’t it be
great if we could use these ordinary devices to
build low-cost 3D communication systems?
We started this line of research in 2012, motivated by the need to add a low-cost stereoscopic
remote-control module in a research project developing an open source framework for real-time
F
34
IT Pro September/October 2014
teleoperation. In fact, researchers have demonstrated that teleoperation is an application area
that stands to benefit greatly from stereoscopic
vision (see the “Related Research in 3D Remote
Control” sidebar). 3D images can enable better
perception of depth characteristics in the environment—especially in terms of the relative
object distance—thus enhancing precision and
reducing the time needed to complete tasks involving remote robot piloting and manipulation.
Of course, for each type of application, it’s necessary to verify that the achievable quality-of-experience—which might be bounded by the limited
capabilities of consumer-grade hardware—meets
the application constraints and user expectations.
Our goal was to study and design a 3D teleoperation prototype offering good performance at a
Published by the IEEE Computer Society
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Related Research in 3D Remote Control
he use of 3D vision for teleoperation is a very
active research field,1 because it has been shown
that 3D viewing technologies might provide users
with higher depth perception. As expected, some
tasks benefit more than others from a better comprehension of distance,2 such as teleguide and obstacle
localization. However, even in demanding situations
such as in emergency applications, teleoperation
with 3D vision typically improves remote-control
performance.3
John McIntire, Paul Havig, and Eric Geiselman have
reviewed the literature investigating human factors
that have implications on task performance when
stereoscopic 3D displays are used.4 The tasks include
judging absolute and relative distances, finding and
identifying objects, navigating and manipulating objects in terms of position, and performing orientation
and tracking.
Researchers have also investigated acquisition
and visualization technologies. For example, work
has shown that, using efficient algorithms, correctly
calibrated stereoscopic images provide a guaranteed
depth perception.5 Other work has assessed the performance achieved using different viewing technologies during remote-control operations, providing
results in terms of usability while comparing 3D and
2D viewing, 3D and virtual-reality displays, and robot
sensors.6
Studies have also addressed the problem using
simulation. For example, researchers performed a
pick-and-place task in a simulated virtual environment
using three different systems: multiple 2D displays, a
3D perspective display, and a 3D stereoscopic display.7
Although the gain in performing simple tasks was
limited, introducing a stereoscopic display resulted in
better performances than the perspective display for
highly difficult tasks.
Finally, Salvatore Livatino and Giovanni Muscato
were interested in the effect of video feedback latency,
T
relatively low cost (less than US$1,500). Here, we
highlight the issues involved in designing such a
system and present a prototype that demonstrates
the feasibility of the low-cost approach, showing
its cost-performance tradeoff. The results pave the
way for the development of many new interactive
real-time systems in different application domains.
COTS and Open Source Solutions
To reach our goals, we focused our attention on
consumer off-the-shelf (COTS) hardware and
so they performed usability studies that substituted
real video images with synthetic images from robot
laser data.8 The authors observed that by using a
technique to minimize the amount of bandwidth (and
delay) required for the transmission, they could significantly reduce the amount of time spent performing a
given task, thus improving system usability.
References
1. S. Livatino et al., “Mobile Robot Teleguide Based on
Video Images,” IEEE Robotics & Automation, Dec. 2008,
pp. 58–67.
2. D.R. Tyczka et al., “Study of High-Definition and
Stereoscopic Head-Aimed Vision for Improved
Teleoperation of an Unmanned Ground Vehicle,” Proc. of
Society of Photo-Optical Instrumentation Engineers (SPIE)
8387, May 2012, article no. 83870L.
3. J.Y. Chen et al., Effectiveness of Stereoscopic Displays for
Indirect-Vision Driving and Robot Teleoperation, tech.
report, Army Research Lab in Aberdeen, Aug. 2010.
4. J.P. McIntire, P.R. Havig, and E.E. Geiselman, “What
Is 3D Good For? A Review of Human Performance on
Stereoscopic 3D Displays,” Proc. of Society of PhotoOptical Instrumentation Engineers (SPIE) 8383, May 2012,
article no. 83830X.
5. M. Ferre et al., “3D-image Visualization and Its
Performance in Teleoperation,” Proc. 2nd Int’l Conf.
Virtual Reality (ICVR 07), 2007, pp. 22–31.
6. S. Livatino, G. Muscato, and F. Privitera, “Stereo Viewing
and Virtual Reality Technologies in Mobile Robot
Teleguide,” IEEE Trans. Robotics, vol. 25, no. 6, 2009,
pp. 1343–1355.
7. S.H. Park, The Effects of Display Format and Visual
Enhancement Cues on Performance of Three-Dimensional
Teleoperational Tasks, PhD dissertation, Dept. of Industrial
Eng., Texas Tech University, 1998.
8. S. Livatino and G. Muscato, “Robot 3D Vision in
Teleoperation,” World Automation Congress (WAC), June
2012, pp. 1–6.
open source software. COTS components cost
much less than dedicated hardware, but they can
have (slightly) lower performance.
The scientific literature and open source domain offer many algorithms and reference
implementations for problems in the fields of
communication, visualization, stereoscopy, and
so on. The downside of open source versus commercial software again relates to performance.
However, with suitable modifications and component selection, open source software offers
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
35
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: ADVANCED VIDEO TELEOPER ATION
Wireless access point
Encoding and
transmission
software
Teleoperated machine
equipped with stereoscopic camera
Receiver and
decoding
software
PC with 3D video card, stereoscopic monitor
and 3D shutter glasses
Figure 1. A block diagram of a 3D video transmission chain suitable for remote teleoperation
systems. A stereoscopic camera mounted on the teleoperated machine wirelessly transmits to a
receiver suitable for 3D vision.
good-performance, low-cost solutions that the
final installer can customize to address the specific implementation and its goals.
Furthermore, while designing our system, we
focused on simplicity of use and customization.
We also wanted to create an open-platformbased design and use widespread standards for
coding and communication. Although our current solution is only a prototype, we hope it stimulates further research and investments in this
research area.
Architecture Design
A generic structure of a teleoperation system
based on real-time 3D video feedback has two
main parts: a mobile streaming node equipped
with a stereoscopic camera, and a client application for 3D visualization (see Figure 1).
The transmitter node is located on the teleoperated machine so that the capture device can record the vision of the area from the device’s point
of view. The system’s core must process the captured images so that a timely robust transmission can occur through a wireless channel to the
remote operation side. On the receiver side, the
software reconstructs and renders the 3D image
from the received data on a graphic display device in a format suitable for stereoscopic vision.
The key point for successful system operation
is to guarantee low end-to-end latency, which is
36
a fundamental requisite to achieve a good realtime interaction experience.1
Issues with a Consumer-Level Solution
The deployment of consumer-level solutions for
remote-control 3D video systems is made difficult by constraints that relate to the high cost
of industrial-grade components and to the use
of proprietary, closed systems. As noted earlier,
to enable consumer-level solutions at a reduced
cost, we investigated the feasibility of using
COTS hardware components, integrated using
open source software frameworks. In doing so,
we prioritized the following issues.
First, we wanted to find a mobile device with
suitable resolution and highly responsive output
of the captured images. For this reason, we excluded still-picture cameras. We also wanted to
reduce the video encoding latency using appropriate encoding algorithms.
Next, we wanted to make the system sufficiently robust to some packet losses—an event
possible in any communication scenario that can
severely affect the user’s perceived video quality.
As we will see later, suitable choices of encoding
algorithms and related configurations can help
address this issue.
Finally, we wanted to render the stereoscopic
video using a technology widely supported in an
open source environment.
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
HTC Evo 3D
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
2
Android 2.3 +
custom
software
1
Wi-Fi
Bill of materials:
1. HTC Evo 3D:
2. Wi-Fi router:
3. Nvidia Quadro 4000
4. Nvidia 3D vision kit
5. Stereoscopic monitor
Total:
$ 480
$ 60
$ 700
$ 90
$ 200
3D Visualization
(3D display+glasses)
$ 1,530
4
5
3
Linux decoder with
Nvidia Quadro 4000
(3D w/ openGL @120 Hz)
Figure 2. System architecture and components. A mobile phone with stereoscopic capabilities
wirelessly transmits to a computer that can render 3D video using active glasses. The total cost of the
system is approximately US$1,500.
Component Selection and Evaluation
The previous considerations led us to develop
the building blocks of our proposed teleoperation system based on real-time 3D video feedback (see Figure 2 and the related video at http://
____
youtu.be/5zApDO3wSq4,
__________________ which also shows the
components).
Our prototype includes the following five key
components.
A stereoscopic camera. We used a commercially available 3D mobile phone (HTC Evo 3D) that
let us achieve, at a moderate cost, stereoscopic
vision, portability, a battery-operated power supply, and wireless communication. In field experiments, we experienced a latency between 150 and
200 ms in the best conditions. This is slightly
higher than the ideal requirement (less than
150 ms), but it’s probably the most efficient solution that the COTS market can currently provide. In fact, this loss of performance is the price
to pay for keeping the overall system cost low.
We also evaluated other solutions, such as 3D
cameras, but the majority of them either didn’t
let us transmit video in real-time, or the format
(such as the Digital Video format) required further processing and thus increased system cost,
complexity, and latency.
Encoding and transmission software. We developed a custom-built open source encoding and
transmission software specifically for the HTC
Evo 3D phone to minimize encoding and transmission latency.
Networking hardware. We used standard networking hardware—a commercially available
802.11 access point for transmission over a standard Wi-Fi channel.
Receiver and decoder software. We custom
built open source receiver and decoder software
on top of the Linux OS and openGL libraries.
Stereoscopic hardware support. We used a standard desktop computer with stereoscopic hardware
support, including a graphics board, a monitor,
and an infrared emitter device for the active glasses.
The identified solution for supporting hardware
openGL is based on an Nvidia Quadro 4000 graphics board, which provides a direct connection from
the video card to the infrared emitter device without
the need for specific driver support in Linux (see the
specifications at www.nvidia.com/object/product______________________
quadro-4000-us.html).
_______________ This greatly simplified the
management of stereoscopic issues in the receiver
but also increased the final system’s cost.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
37
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: ADVANCED VIDEO TELEOPER ATION
Alternative Solution
38
Because Nvidia doesn’t officially support 3D visualization for the Linux environment, we could
have implemented a cheaper solution (for approximately $900) using an experimental driver
that’s publicly available on the Internet (http://
____
sourceforge.net/projects/libnvstusb).
__________________________ The driver lets you work with much cheaper video cards
by synchronizing the infrared emitter using the
USB connector. However, we didn’t pursue this
solution, because it doesn’t currently provide stable performance.
or right) and the library automatically handles
all visualization issues, including alternating left
and right views on the screen at the correct frame
rate and synchronizing with the shutter glasses.
Our choice was to rely on open source software
at the underlying level, but the whole system can
be easily ported and extended to any platform.
The transmitter is written partly in Java and partly in C (compression routines), while the receiver
is standard C code using sockets, threads, and
openGL—a set of libraries available on the vast
majority of platforms.
System Implementation
Results
Much of our time was spent developing a video
transmission application that could achieve performance comparable to more expensive professional solutions while relying only on low-cost
COTS devices. The application (available at http://
____
media.polito.it/itpro)
______________ consists of both a transmitter and a receiver part. We implemented the video transmission on top of the Android platform
(www.android.com) using both Java code and our
optimized routines for video compression, compiled in native code to improve performance. To
achieve maximum robustness against data loss
and minimum latency, we implemented the video
codec, which segments images in independently
decodable subareas, to allow pipeline processing
and better error resilience.
Due to the strict latency constraints, it’s not
possible to retransmit data; however, encoding
and packetization is designed so that the content
of each single packet that has been successfully
received can be decoded and presented to the
user, because no packet depends on other ones
for decoding. Missing data is estimated using a
frame-copy concealment technique. Data is sent
using the standard RTP protocol2 with a header extension that simplifies recovery in case of
packet losses.
On the receiver side, the software features a
multithreaded architecture that decouples the
packet reception and decoding from data visualization so that the interaction with the devicerendering engine doesn’t affect the time required
to process the input data. For the visualization
part, we used the openGL library (www.opengl.
org/sdk), including its extension for stereoscopic
visualization. Therefore, the developer needs to
draw data only on the correct frame buffer (left
We tested the system in a practical scenario designed to investigate a set of factors that could
affect the operator’s performance in remote
teleoperation—in particular, the latency of the
video feedback for effective control and the quality of the stereoscopic images for effective 3D
perception.
The chosen components and system design already take latency and image size into account.
Nevertheless, because these two factors conflict
with each other, care should be taken to correctly
balance the two components. For example, the
more we increase image quality, the more we
burden system latency and thus reduce usability.
Figure 3a shows the total amount of delay introduced by the different components of the
communication chain: acquisition, processing,
transmission, and rendering. First of all, an intrinsic lower bound in the overall delay is given
by the sum of the camera acquisition latency, the
rendering screen refresh rate, and the network
transmission time. In our setup, this delay accounted for approximately 130 ms and was the
same for any system configuration we tested. Second, we tested whether the time required for image compression—which depends on the device’s
computational capabilities—heavily influences
the maximum frame rate that can be achieved.
The latency measurements with the different
image-quality configurations showed that the request for high quality strongly affects the time required for the image-compression process. This
behavior limits the achievable frame rate and, in
turn, increases the total end-to-end delay. For
example, with a frame resolution of 416 u 240
pixels, we were able to encode video at 20 to 22
frames per second, while with a frame resolution
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
400
350
Latency (ms)
300
250
200
150
100
50
0
(a)
1. Low quality
(416 x 240)
2. Medium quality
(640 x 352)
Intrinsic
3. High quality
(1280 x 720)
(b)
Setup dependent
Figure 3. System prototype: (a) the quality versus latency tradeoff in the test scenario and (b) the 3D vision
prototype performing the test.
of 640 u 352 pixels, we achieved 14 to 18 fps; with
1,280 u 720 pixels, only 3 to 5 fps was possible.
We designed an experiment with the smartphone camera mounted on a radio-controlled toy
car and asked users to perform an alignment task
using the 3D vision system and the car remote
controller (see Figure 3b and the related video at
http://youtu.be/1Olg1oV2fIs).
User feedback confirmed that the frame rate
allowed by the maximum resolution configuration was too low to effectively drive the car,
because its overall latency (more than 300 ms)
highly impaired user reactivity to the car movements. On the contrary, users preferred the first
two setups—even if the image quality was lower—
because their latency was within 200 ms—a
value still considered satisfactory for interactive
communications.3 In particular, because the difference in latency between the first two setups
wasn’t really perceivable, almost all users preferred the second setup (640 u 352). However,
recent findings suggest that further quality reductions might not significantly impair the ability to perform given tasks.4 This could pave the
way for adaptively choosing codec and coding
parameters, thus varying quality if necessary, depending on the network bandwidth availability.
Moreover, we also considered the case of
transmission over the wireless Internet. Experiments show that the system can work with the
video qualities shown in Figure 3a using between 800 and 1,700 kbit/s. These rates have
been experienced using a 3G connection with a
packet loss rate lower than 1 percent. However,
latency is approximately 80 ms higher compared
to Wi-Fi, and packet-delay variation (jitter) was
up to 30 ms, which delays the visualization of
some frames. Latency has an impact mainly on
the system’s perceived responsiveness, while jitter makes the video feedback subject to very short
freezes that can be annoying.
In general, the results of the evaluation process indicate that the system can be applied in a
context of remote teleoperation where real-time
video feedback requirements can be somewhat
relaxed by trading off costs with latency. With
this setup, we expect that low-cost 3D visualization systems will become popular in myriad new
contexts, from domotics and disability assistance
to gaming and entertainment. Further studies
are in development, with the aim of increasing system timeliness, even for the high-quality
video setup.
uture work might include additional optimizations to enhance the user experience. For
example, dropping the open source requirement in favor of proprietary software libraries will
let us reduce processing time by exploiting specific
hardware support for video acceleration. At the
same time, the system’s total cost can be significantly reduced using much cheaper 3D video cards
not yet supported by open source software.
F
References
1. J.C. Lane et al., “Effects of Time Delay on Telerobotic
Control of Neutral Buoyancy Vehicles,” Proc. IEEE
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
39
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: ADVANCED VIDEO TELEOPER ATION
Int’l Conf. Robotics and Automation (ICRA 02), vol. 3,
2002, pp. 2874–2879.
2. H. Schulzrinne et al., RTP: A Transport Protocol for RealTime Applications, RFC 3550, July 2003; http://tools.
ietf.org/html/rfc3550.
3. One-Way Transmission Time, ITU-T recommendation
G.114, May 2003.
4. E. Masala and A. Servetti, “Performance vs. Quality
of Experience in a Remote Control Application Based
on Real-Time 3D Video Feedback,” Proc. 5th Int’l
Workshop on Quality of Multimedia Experience (QoMEX
13), 2013, pp. 28–29.
Enrico Masala is an assistant professor at Politecnico di
Torino, Italy. His main research interests include the development of algorithms for quality optimization of communications over packet networks, wireline and wireless, with
a particular emphasis on multimedia and specific contexts
such as 3D video and dynamic adaptive HTTP streaming.
Contact him at enrico.masala@polito.it.
______________
Antonio Servetti is an assistant professor at Politecnico
di Torino, Italy. His research focuses on speech/audio
processing, and real-time multimedia communications.
With the advent of video and audio support in HTML5,
his interests include also multimedia Web applications
and HTTP adaptive streaming. Contact him at antonio.
servetti@polito.it.
__________
Angelo Raffaele Meo is an emeritus professor at Politecnico di Torino, Italy. He has been involved in numerous
national projects in computer engineering, investigating a
broad range of topics, including switching theory, hardware
design, signal processing, speech analysis and synthesis, and
pattern recognition. He also served as the president of the
Academy of Sciences of Torino and as the president of the
Italian government commission entrusted with the task of
promoting open source in the Italian Public Administration.
Contact him at ________
meo@polito.it.
Selected CS articles and columns are available
for free at http://ComputingNow.computer.org.
ADVERTISER INFORMATION
Advertising Personnel
Marian Anderson: Sr. Advertising Coordinator
Email: _______________
manderson@computer.org
Phone: +1 714 816 2139 | Fax: +1 714 821 4010
Sandy Brown: Sr. Business Development Mgr.
Email _____________
sbrown@computer.org
Phone: +1 714 816 2144 | Fax: +1 714 821 4010
Southwest, California:
Mike Hughes
Email: _______________
mikehughes@computer.org
Phone: +1 805 529 6790
Southeast:
Heather Buonadies
Email: _______________
h.buonadies@computer.org
Phone: +1 973 304 4123
Fax: +1 973 585 7071
Advertising Sales Representatives (display)
$GYHUWLVLQJ6DOHV5HSUHVHQWDWLYHV&ODVVLÀHG/LQH
Central, Northwest, Far East:
Eric Kincaid
Email: ______________
e.kincaid@computer.org
Phone: +1 214 673 3742
Fax: +1 888 886 8599
Northeast, Midwest, Europe, Middle East:
Ann & David Schissler
Email: ______________
a.schissler@computer.org, d.schissler@computer.org
______________
Phone: +1 508 394 4026
Fax: +1 508 394 1707
40
Heather Buonadies
Email: h.buonadies@computer.org
_______________
Phone: +1 973 304 4123
Fax: +1 973 585 7071
Advertising Sales Representatives (Jobs Board)
Heather Buonadies
Email: h.buonadies@computer.org
_______________
Phone: +1 973 304 4123
Fax: +1 973 585 7071
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
CLOUD COMPUTING
FEATURE:
SEMANTIC TECHNOLOGY
Job Recruitment
and Job Seeking
Processes:
How Technology Can Help
Paolo Montuschi, Valentina Gatteschi, Fabrizio Lamberti,
Andrea Sanna, and Claudio Demartini, Politecnico di Torino, Italy
This survey of current job search and recruitment tools focuses on
applying a computer-based approach to job matchmaking. The
authors present a semantic-based software platform developed in the
framework of a European project on lifelong learning, highlighting
future research directions.
ob seeking and recruiting processes have
drastically changed during the past decade. Today’s companies are exploiting
online technology (job portals, corporate websites, and so on) to make job advertisements reach an ever-growing audience. However,
this advantage can create a higher post-processing burden for recruiters, who must sort through
the huge amount of résumés and curricula vitae
received, often expressed in different languages
and formats. Similarly, job seekers spend considerable time filtering job offers and restructuring
their résumés to effectively communicate their
strong points and address the job requirements.
Consequently, job recruiters and seekers often
use various special-purpose tools, such as job
J
1520-9202/14/$31.00 © 2014 IEEE
aggregators (including www.jobrapido.com and
1
www.indeed.com)
and social networks (includ____________
ing www.linkedin.com, www.glassdoor.com, and
2
www.jackalopejobs.com).
To further optimize se_________________
lection processes with respect to processing time
and accuracy, job portals such as Monster (www.
____
monster.com) and Jobnet (www.jobnetchannel.
com)
___ have started to develop advanced search
engines to automatically sort résumés based on
job offer requirements. These approaches could
exploit, among others, supervised and unsupervised learning, software agents, and genetic algorithms.3–8 Nonetheless, creating such tools is
a complex task that requires identifying which
variables influence the user’s final choice and defining ad-hoc ranking algorithms.
Published by the IEEE Computer Society
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
41
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: SEMANTIC TECHNOLOGY
Computer-Supported Job Matchmaking Techniques
omputer-supported job matchmaking has been
explored using different methods.
C
Supervised Learning-Based Techniques
These methods exploit a set of training data to identify an inferred function that can predict the output
value for each input element.
Decision trees. Predictive models that represent the
output (the leaves) as the result of a combination of
input variables (the internal nodes). This approach has
been used to predict which job offers published online
are relevant for a job seeker.1
Neural networks. These data modeling tools can
represent complex input/output relationships by mimicking the human brain’s behavior. This technique has
been applied to matchmaking.2
In this case, job candidates (chromosomes) are recombined to find better chains (individuals) optimizing the
allocation of human resources to job positions.
Software Agents
These (semi)autonomous entities can accomplish (automated) tasks for users, such as collecting job offers
or résumés.6
Semantic Approaches
These methods target the creation of self-descriptive
and machine-understandable contents on the Web by
adding appropriate knowledge on complex networks
of relations among domain concepts. Semantic approaches let machines perform automatic processing
over big and heterogeneous data by mimicking human reasoning processes.7
References
Unsupervised Learning-Based Techniques
These methods use unlabeled data to distinguish
between and explain key features.
Ant colony optimization. This metaheuristic reproduces
the behavior of ants, who deposit an evaporating pheromone while searching for food to communicate with the
colony. Other ants won’t cover previously explored long
paths, thus avoiding the convergence to locally optimal
solutions. This method is used to identify the variables
with the strongest impact on the selection process.3
Cluster analysis. This statistics approach aims to
create clusters of objects by maximizing similarities
within a group and dissimilarities among objects
belonging to different clusters. It has been used to
support personnel assessment (in terms of identifying
lateral moves or promotions, for example) by identifying “families” of employees within a company.4
Genetic Algorithms
These heuristics were inspired by Darwin’s theory
about natural evolution, where a starting population
(individuals) evolves by changing its properties (chromosomes). This approach could be used by a company that aims to fill some job positions, starting with
internal or pre-screened external candidates.5
Furthermore, solving the job matchmaking problem—that is, finding the best match between job
offer and demand—isn’t only a matter of processes
and algorithms but also of the software system’s usability, especially for those with limited computer
skills. In this respect, semantic technology can
42
1. C.I. Muntean, D. Moldovan, and O. Veres, “A Data
Mining Method for Accurate Employment Search on
the Web,” Proc. 2010 Int’l Conf. Communication and
Management in Technological Innovation and Academic
Globalization, 2010, pp. 123–128.
2. I. Ryguła and R. Roczniok, “Application of Neural
Networks in Optimization of the Recruitment Process for
Sport Swimming,” J. Medical Informatics & Technologies,
2004, pp. 75–82.
3. N. Sivaram, “Ant Colony Optimization to Discover the
Concealed Pattern in the Recruitment Process of an
Industry,” Int’l J. Computer Science and Eng., vol. 2, no. 4,
2010, pp. 1165–1172.
4. D.L. Denning, N.E. Abrams, and M. Bays, “Personnel
Assessment Specialist Job Analysis: Interpretation and Use
Report,” Int’l Personnel Management Assoc. Assessment
Council, 1995; http://annex.ipacweb.org/library/psjoban.pdf.
5. F. Herrera et al., “Solving an Assignment-Selection
Problem with Verbal Information and Using Genetic
Algorithms,” European J. Operational Research, no. 119,
1999, pp. 326–337.
6. K. Sugawara, “Agent-Based Application for Supporting
Job Matchmaking for Teleworkers,” Proc. 2nd IEEE Int’l
Conf. Cognitive Informatics, 2003, pp. 137–142.
7. C. Bizer et al., “The Impact of Semantic Web
Technologies on Job Recruitment Processes,” Proc.
Wirtschaftinformatik, 2005, pp. 1367–1381.
help,9 because the computer-based job matchmaking process can be configured to mimic humanlike interaction and reasoning. In this article, we
present a semantic-based software tool used for job
matchmaking (see also our introductory video at
http://youtu.be/yi9gNd_9g8E). First, however, we
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Semantic Technology
emantics—the study of the meaning of words and
sentences—is often associated with disciplines
such as philosophy, communication, and semiotics.
For IT, the concept of semantics started to be extensively used in 2001 with the coining of term the
Semantic Web, which represented the revolutionary
passage from a Web of documents to a Web of data.1
Today, semantics is exploited in different contexts, ranging from Web searches to various knowledge-intensive scenarios, such as natural language
processing, bioengineering, and forensics. The
aim is to produce more accurate answers/solutions
to questions/problems. In fact, traditional search
engines could sometimes fail to return the results
expected because of the logical operators used in
the query or the broad or ambiguous meaning of
words chosen. For example, while searching for
java photos, results might contain websites hosting
pictures of the “Java island,” as well as resources to
manage images in the “Java programming language.” Semantic technology aims to address the
dilemma by labeling data with information related
to its meaning and context, such as the specification that within webpages or in the user’s query, the
word “Java” refers to the Indonesian island and not
to the object-oriented programming language.
S
review the role of technology in today’s job recruitment and job seeking processes, showing how job
matchmaking is an application area that stands to
benefit from semantic technology.
Semantic Job Matchmaking
By leveraging machine-understandable models of
the target domain, semantic-based systems can
handle a variety of both structured and unstructured content, expressed in many languages, with
different degrees of completeness, and in varying
levels of detail. A semantic-based job matchmaking system can improve job matchmaking in numerous ways.
First, it can help job recruiters express job
requirements in flexible ways, ranging from
template-based forms to natural-language descriptions. Similarly, job seekers can flexibly express skills in their résumés.
Second, a context-aware semantic-based system
can improve the user experience through better
human-computer interaction. By applying contextual information, the system can help recruiters revise their position postings to better advertise their
Moreover, with semantics, relations among
concepts can be specified. A semantic-based search
engine might manage incomplete queries and show
pictures of other islands related to Java because they’re
located in the same archipelago.
The knowledge management capabilities of semantic
technology rely on the existence of suitable models, such
as taxonomies and ontologies, to express the meaning
behind the information handled. The models self-differentiate the relations managed. For example, taxonomies
usually represent hierarchical classifications of concepts
using trees of “is a” relations (“Java is an island,” for example). Within semantic-based processing, taxonomies
are often replaced by ontologies. An ontology, defined
as a formal, explicit specification of a shared conceptualization,2 is meant to model a variably shaped network
of relations by also recording properties about concepts
(such as “Java is the most populated island of Indonesia”
or “Java is located between Sumatra and Bali”).
References
1. T. Berners-Lee, J. Hendler, and O. Lassila, “The Semantic
Web,” Scientific Am., vol. 284, no. 5, 2001, pp. 34–43.
2. T.R. Gruber, “A Translation Approach to Portable
Ontology Specifications,” Knowledge Acquisition, vol. 5,
no. 2, 1993, pp. 199–220.
requirements, and it can help job seekers revise
their résumés to better promote their qualifications.
Third, job offers and demands can be automatically matched—and a ranking of positions
and candidates obtained—by considering concepts that aren’t explicitly mentioned in the job
offers and résumés but that are semantically related to the terms that are used.
Finally, systems can suggest ways to improve
such rankings—for example, through companywide training or individual certification. (For
more information, see the “Computer-Supported
Job Matchmaking Techniques” and “Semantic
Technology” sidebars. You can also see a related
video at http://youtu.be/OGQ26dM_KjQ.)
There are a variety of approaches you can use
to develop such a semantic job matchmaking system (see Figure 1a). However, regardless of the approach used, development should occur in three
major phases (see Figure 1b).9–12 The first phase
should be devoted to creating a shared data model
(a sort of “common language”) that defines standards for representing the information relevant for
job recruitment and job seeking contexts in the
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
43
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: SEMANTIC TECHNOLOGY
Automatic Semi-automatic Manual
By merging
existing
formalizations
From scratch
ch
Brief indicator
Reference level
Semantic similarity
Supporting info
(a)
1. Creation of the
formal shared model
2. Annotation
3. Matchmaking
(b)
Java
Résumé
wn:Word
wn:Word
rdf:type
wn:inSynSet
wn:Noun
Cat
wn:word
wn:WordSense
wn:hasSense
wn:lexicalForm
Dog w
Name, surname
Curriculum vitae
wn:SynSet
wn:WordSense
wn:hasSense
wn:lexicalForm
wn:word
Possessed knowledge
wn:inSynSet
wn:SynSet
rdf:type
wn:Verb
Relations to other word
Relations to other synsets,
senses, such as antonym such as hypernym, hyponym
Taxonomies and/or ontologies
Personal information
First name, Surname
Address
Telephone number
E-mail address
Nationality
Date of birth
Sex
Work experience
Dates
Occupation or position held
Main activities and responsibities
Employer’s name and locality
Business or sector
Acquited LO
Java
Nationality
Jane Doe
40 Grafton way, London, WC1E 6DX
+44 20 1234567
jane.doe@email.com
British
06/10/1974
Female
Date
Assigned
definition
An island in
Indonesia
01/01/2002 – 31/12/2010
Bartender
Preparation of beverages and aliments
The british pub
Service
Knowledge of cafeteria operations
Knowledge of elements of oenology
Knowledge of elements gastronomy
Knowledge of recipes for preparing snacks and fast meals
Ability to apply techniques for preparing snacks and fast meals
Ability to use tools for beverages preparation
A platform-independent
object-oriented
programming language
Learning
outcomes
Annotated profiles
An island in
Indonesia
Object-oriented
programming language
A platformindependent
object-oriented
programming
language
A programming
language
Searched
Found
Object-oriented
programming language
Java
Match
(c)
Figure 1. Development of a semantic job matchmaking system. (a) The various approaches used for
development, (b) the three phases of development, and (c) the final results.
semantic knowledge base. This resource-intensive
step usually involves domain experts (“knowledge
engineers”) and results in the creation of domainspecific taxonomies or ontologies (see Figure 1c).
A second phase targets annotation, where information provided by users (in job advertisements
and résumés) is “augmented” with meta-information derived from the taxonomical and ontological
models defined in the previous step. The annotation can be carried out automatically, semi-automatically, or manually. Different investigations can
be done to find a reasonable mix of automation and
user involvement, though the effort is often comparable to that of constructing the model itself.9
A third phase is devoted to defining the algorithms for measuring the semantic distance
among concepts and actually computing the
match. At this stage, the relations among concepts
used for the annotation of résumés and job offers
are navigated and weighted to evaluate similarities
among competences possessed and required.
The final result produced by such a system depends on the matchmaking algorithm exploited,
the quality of the model defined, and the accuracy
of annotations made. Currently, the research is almost equally focused on the three phases, with the
aim of finding effective solutions for an improved
44
formalization, annotation, and computation of the
match, while at the same time reducing the human workload and user expertise required.
Use Case: The LO-MATCH Platform
The Learning Outcome (LO)-MATCH platform
(www.lo-match.polito.it) is a practical example of a
semantic-based matchmaking system (see a demo
of the system at http://youtu.be/l7j-7_5gFVU).
It was developed as part of the MATCH project
(http://match.cpv.org) and co-funded by the European Commission under the Lifelong Learning
Program (http://eacea.ec.europa.eu/llp), which aims
to support learning opportunities during all stages
of life, from early childhood through to old age.
With LO-MATCH, recruiters can advertise open
positions and match them with résumés posted by
job seekers to find potential candidates to interview. Similarly, job seekers can insert information
related to previous education or work experiences,
match the information with job offers published by
recruiters, and receive a ranked list of job positions.
In our platform, the match between offer and
demand is computed by considering the words
in user achievements (or requirements) as well
as the associated semantics—that is, the metainformation derived from suitable taxonomical
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
and ontological models. This way, dependencies
on how information in résumés and job postings
has been written are relaxed. In fact, a semantic
system can operate beyond pure keyword-based
comparisons, possibly enabling the exploration of
partially matching contents expressed in different
ways—for example, in another language, with different words, or with varying levels of detail.
System Design
While designing and implementing LOMATCH, we paid particular attention to the following requirements:
t simplify the interactions and make the technological details transparent to users, and
t be flexible and provide valorization and acknowledgment of all experiences listed by job
seekers or requested by recruiters.
We also made two key choices. First, we constructed the semantic model using the core concept of a
learning outcome, which is what the European Commission is using to create a common language to
easily translate across different countries, systems,
and sectors what an individual knows, understands,
and has accomplished in completing a learning process. We thus modeled résumés and job postings as
collections of knowledge, skills, and competence
elements, either acquired during formal or informal learning experiences or required for a given
position. LO-MATCH is one of the first attempts
to put into practice European strategies for lifelong
learning in the context of job matchmaking.
Second, we relaxed the dependencies on the
existence of an a priori strict language to formalize the domain. Although the richness of taxonomical and ontological models contributes to
determining the effectiveness of semantic approaches, their design and maintenance costs
can be very high. Moreover, sometimes defining
complex relations among model elements can be
even counterproductive. For example, what is the
actual relation between programming and debugging abilities? Is it always correct to assume that if
an individual can write a software program, then
he or she can also debug it (or vice versa)?
Ontology Development
To create the LO-MATCH ontology, project
partners started by identifying domain experts
who could populate the LO-MATCH repository
with learning-outcome-based statements belonging to professional profiles possibly owned
or searched by job seekers and recruiters.
Next, this information was automatically related to the WordNet semantic thesaurus (http://
____
wordnet.princeton.edu),
where words were
__________________
grouped in sets of synonyms, or “synsets,” with
each one expressing a distinct concept, linked by
both lexical and semantic relations.
A further ontological layer was overlapped in
the platform repository by identifying key components—such as action verbs, knowledge objects, and context elements—and linking them to
WordNet synsets.
Finally, the domain experts reviewed and finetuned this model.
System Deployment
We deployed a simplified user interface, targeting
real-world users, enabling both the elicitation of
acquirements or requirements and the computation of the match. Figure 2 shows some screenshots of how a job seeker can use the platform.
When a new résumé or a job offer is entered
into LO-MATCH, the system complements it
with additional information derived from the underlying knowledge base. Among possible operations in this and later phases, job recruiters and
seekers can browse annotated profiles or perform
a free text search and receive suggestions to better define required expertise (for the job posting)
or personal experience (for the résumé). This
feature strongly relies on the semantic-similarity
properties among learning outcomes and it is
aimed at filling possible information gaps and
asymmetries throughout the process.
In our design, semantic similarity plays a central role in computing the match between job
offers and demands:
t Starting from WordNet and the profiles knowledge base, semantic similarity is determined from
concepts found and their network of relations.
t Job seekers and recruiters can flexibly tune the
weights of the relations influencing the match,
moving from pure keyword-based search to the
full exploitation of semantic relations potential.
t The final outcome of the matchmaking is a list of
companies and candidates that better match candidates’ characteristics and recruiters’ requests,
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
45
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: SEMANTIC TECHNOLOGY
Selection of learning outcomes
Job offers rank
Comparison of required
learning outcomes
(left) with possessed
ones (right)
Figure 2. The LO-MATCH platform interface. The job seeker chooses learning outcomes that better
describe him- or herself. The platform presents a ranked list of matching job offers by showing
possessed learning outcomes that match up with those required by the position.
each linked to a semantic similarity-based score
as well as to its distance from the corresponding
expectations and needs.
The last feature is particularly useful for both
user groups:
t Job seekers can get hints about missing competences to increase their chances of being hired
by a given company.
t Recruiters can quickly and easily examine the
different résumés, as well as identify candidates’
46
weak points, needing monitoring and reinforcement once hired.
Figure 3 shows a simplified example of how
learning outcomes are compared in LO-MATCH.
Learning outcomes possessed by job seekers are
annotated (dotted line) according to the WordNet
semantic thesaurus (central sphere), containing
concepts (keyword boxes) and relations among
them (solid lines among boxes).
Assuming that a recruiter is looking for an individual who can “autonomously exploit current
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
apparel software applications,” the
platform could suggest a candidate
who can “draw dresses manually”
(because of the relation between “apparel” and “dresses”) as well as someone who can “use, under supervision,
CAD applications for the fashion industry” or “develop technical drawings using a PC program” (because of
the relations between “software,” “PC
program,” and “CAD,” among others). Once heterogeneously shaped
contents have been brought to a
common understanding, semantic
distance between concepts can be exploited to provide the recruiter with
ranked results so he or she can make
a final decision.
To work out design sketches
by hand
To autonomously exploit
current apparel software
applications
Semantic
thesaurus
sketches
by hand
apparel
software
manually
drawings
To draw
dresses
manually
Recruiter
PC program
draw
Job seeker
(JS)
CAD
dresses
To use under
supervision CAD
applications for
the fashion
industry
Developing technical
drawings using a PC
program
JS
JS
S
JS
Testing and User Feedback
In the MATCH project, the LO- Figure 3. Comparison of annotated learning outcomes in LO-MATCH.
MATCH platform represents the Learning outcomes possessed by job seekers are annotated (dotted
technological tool supporting a broad line) according to the WordNet semantic thesaurus (central sphere),
job placement methodology aimed at containing concepts (keyword boxes) and relations among them
fostering the growth of cross-national (solid lines among boxes).
and -cultural occupational opportunities in Europe. A piloting phase
shared the same professional experiences—
was carried out, focused on migrants. Although
mainly as house or hotel cleaners, cooking assismigrants are often qualified for available positants, health and social care operators, or shop
tions, their previous learning in their home counassistants. Most of them also had previous fortry might be only partially acknowledged abroad.
mal learning at the secondary or vocational level.
Furthermore, migrants might have difficulty inThe platform let operators link both formal and
teracting with job centers and hiring staff in the
nonformal learning to professional profiles reclanguage of the receiving country.
ognized in the receiving country. For migrants
Consequently, during piloting, the role of the
without any previous experience, the platform
platform was twofold. First, it enabled the deindicated ways to fill the education and training
velopment of an accreditation procedure for
gaps by showing learning outcomes most frerecognizing, validating, and certifying prior
quently requested for the available positions.
learning—that is, for constructing the migrant’s
Résumés were then matched against job offers
professional dossier (including the résumé) and
published by 54 employers and job agencies from
issuing a corresponding vocational certificate.
the various participating countries. In almost all
Second, it was used to implement the matchmakcases, the one-stop shop experience was followed
ing by comparing certified learning outcomes
by an interview at the employer premises (with the
with annotated job offers.
hiring staff confirming the validity of the platThe methodology was implemented in “oneform-based selection process) or with the suggesstop shops”—that is, platform-enabled job cention of (further) education or training actions.
ters managed by the Chambers of Commerce
During piloting, several issues were raised about
and training institutions of six project countries.
platform usability that should be addressed before
There, from February to December 2012, qualilarge-scale exploitation. One issue was related to
fied operators provided guidance and coaching
the requirement to operate either in English or in
to more than 100 migrants. Almost all of them
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
47
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: SEMANTIC TECHNOLOGY
the profile original language (because of the underlying ontology). Also, some employers complained about the need to insert data into “yet
another platform.” A further problem related to
the constrained set of reference profiles, which
limited the expressive power of résumés. The last
issue was the lack of a way to record evidence of
previous formal and nonformal learning.
The project formally ended in March 2013,
and there are plans to further address these issues and prepare the platform for “prime time”
use. Such plans include introducing computersupported translation functionalities, extending
the ontology, and implementing suitable data integration strategies to automatically feed into the
platform data coming from external repositories
of national and sectorial profiles and job offers.
ob matchmaking is an important issue in
today’s global, distributed, and heterogeneous job market. Future research should
be tailored to reduce the dependency on experts
and users by developing automatic strategies for
a seamless integration of existing profiles, résumés, and job advertisement repositories with
matchmaking platforms. Additional research and
implementations could also be targeted to further
strengthen system flexibility, identify suitable approaches for fully exploiting existing standards
and classifications, and define and implement
validation methodologies to evaluate and check
the effectiveness and performance of automatic
job matchmaking techniques.
J
3.
4.
5.
6.
7.
8.
9.
10.
Acknowledgments
This work has been partially supported by the MATCH “Informal and non-formal competences matching devise for migrants
employability and active citizenship” project (510739-LLP-12010-1-IT-GRUNDTVIG-GMP). This project has been funded
with support from the European Commission. This document reflects only the authors’ views; the Commission can’t be held responsible for any use that might be made of the information contained
herein. We thank the anonymous reviewers for their comments.
11.
12.
Facebook and LinkedIn,” Proc. Int’l Conf. on Supporting
Group Work, 2009, pp. 95–104.
C.I. Muntean, D. Moldovan, and O. Veres, “A Data
Mining Method for Accurate Employment Search
on the Web,” Proc. 2010 Int’l Conf. Communication and
Management in Technological Innovation and Academic
Globalization, 2010, pp. 123–128.
I. Ryguła and R. Roczniok, “Application of Neural
Networks in Optimization of the Recruitment Process for Sport Swimming,” J. Medical Informatics &
Technologies, 2004, pp. 75–82.
N. Sivaram, “Ant Colony Optimization to Discover
the Concealed Pattern in the Recruitment Process of
an Industry,” Int’l J. Computer Science and Eng., vol. 2,
no. 4, 2010, pp. 1165–1172.
D.L. Denning, N.E. Abrams, and M. Bays, “Personnel Assessment Specialist Job Analysis: Interpretation and Use Report,” Int’l Personnel Management Assoc.
Assessment Council, 1995; http://annex.ipacweb.org/li_________________
brary/psjoban.pdf.
___________
F. Herrera et al., “Solving an Assignment-Selection
Problem with Verbal Information and Using Genetic
Algorithms,” European J. Operational Research, no. 119,
1999, pp. 326–337.
K. Sugawara, “Agent-Based Application for Supporting Job Matchmaking for Teleworkers,” Proc. 2nd IEEE
Int’l Conf. Cognitive Informatics, 2003, pp. 137–142.
M. Fazel-Zarandi, M.S. Fox, and E. Yu, “Ontologies
in Expertise Finding Systems: Modelling, Analysis,
and Design,” Ontology-Based Applications for Enterprise
Systems and Knowledge Management, IGI Global, 2013,
pp. 158–177.
M. Mochol, H. Wache, and L. Nixon, “Improving the
Accuracy of Job Search with Semantic Techniques,”
Proc. 10th Int’l Conf. Business Information Systems, 2007,
pp. 301–313.
B. Ionescu et al., “Semantic Annotation and Association of Web Documents: A Proposal for Semantic
Modelling in the Context of E-Recruitment in the IT
Field,” Accounting and Management Information Systems,
vol. 11, no. 1, 2012, pp. 6–96.
H. Lv and B. Zhu, “Skill Ontology-Based Semantic
Model and Its Matching Algorithm,” Proc. 7th Int’l
Conf. Computer-Aided Industrial Design and Conceptual
Design, 2006, pp. 1–4.
References
1. R. Applegate, “Job Ads, Jobs, and Researchers:
Searching for Valid Sources,” Library & Information
Science Research, vol. 32, no. 2, 2010, pp. 163–170.
2. M. Skeels and J. Grudin, “When Social Networks
Cross Boundaries: A Case Study of Workplace Use of
48
Paolo Montuschi is a professor of computer engineering
at Politecnico di Torino, Italy. His research interests are in
computer arithmetic, architectures, graphics, electronic publications, and semantics and education. He is an Associate Editor-in-Chief of IEEE Transactions on Computers and
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
member of the steering committee of IEEE Transactions
on Emerging Topics in Computing. He is the Chair of
the Computer Society Magazine Operations Committee and
a member of both the IEEE PSPB and PSC. He is a Fellow of
IEEE, a Computer Society Golden Core Member, and a life
member of the International Academy of Sciences of Turin.
Please visit his personal page at http://staff.polito.it/paolo.
montuschi/
paolo.montuschi@polito.it.
______ and contact him at _______________
Valentina Gatteschi is a research assistant at Politecnico di
Torino, Italy. Her research interests are in semantic processing.
Gatteschi has a PhD in computer engineering from Politecnico
di Torino. Contact her at valentina.gatteschi@polito.it.
________________
Fabrizio Lamberti is an assistant professor at Politecnico
di Torino, Italy. His research interests include computational
intelligence, semantic processing, distributed computing,
human-computer interaction, computer graphics, and visualization. Lamberti has a PhD in computer engineering from Politecnico di Torino. He is an IEEE Computer
Society member and IEEE senior member. Please visit his
personal page at http://staff.polito.it/fabrizio.lamberti and
contact him at ________________
fabrizio.lamberti@polito.it.
Andrea Sanna is an associate professor at Politecnico di
Torino. His research interests include computer graphics,
virtual reality, parallel and distributed computing, scientific visualization, and computational geometry. Sanna has
a PhD in computer engineering from Politecnico di Torino.
He is a senior member of ACM. Please visit his personal
page at http://sanna.polito.it and contact him at ____
andrea.
sanna@polito.it.
_________
Claudio Demartini is a professor at Politecnico di Torino, Italy, where he teaches information systems and innovation and product development. His research interests
include software engineering, architectures, and Web semantics. He is a senior member of the IEEE and a member
of the IEEE Computer Society and the Academic Senate
of Politecnico di Torino. Please visit his personal page at
http://staff.polito.it/claudio.demartini/ and contact him at
claudio.demartini@polito.it.
________________
CALL FOR ARTICLES
IT Professional seeks original submissions on technology
solutions for the enterprise. Topics include
z
z
z
z
z
z
z
emerging technologies,
cloud computing,
Web 2.0 and services,
cybersecurity,
mobile computing,
green IT,
RFID,
z
z
z
z
z
z
z
social software,
data management and mining,
systems integration,
communication networks,
data center operations,
IT asset management, and
health information technology.
We welcome articles accompanied by Web-based demos.
For more information, see our author guidelines at
www.computer.org/itpro/author.htm.
WWW.COMPUTER.ORG/ITPRO
______________________________________
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
49
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: CLOUD COMPUTING
Cinema Cloud:
An Enabling Technology
for the Movie Industry
Wai-Ming To and Linda S.L. Lai, Macao Polytechnic Institute, China
David W.K. Chung, Hong Kong Cyberport Management, China
Andy W.L. Chung, XNT, China
With the promise of high definition and advanced special effects,
movie theaters worldwide have evolved from traditional film projection
to digital cinema projection. The Cyberport Digital Cinema Cloud helps
facilitate the development of digital entertainment in Hong Kong.
lthough the movie industry invests
heavily in developing sophisticated
tools and techniques for producing
special effects, paradoxically, movie
distribution continues to rely on the traditional
mode of physical distribution. In the past, studios produced authorized copies in the form of
roll film. Currently, studios produce authorized
copies in digital form that are stored on hard
disks. Copies are distributed to authorized movie
theaters through a secure delivery system, and
the keys are sent via email. The key is a coded file
made specifically for each theater that controls
the digital projector regarding which version of
the movie will be played within a specific period.
The entire physical distribution process involves
duplication, transportation, and validation—
which can take days to weeks to complete.
A
50
IT Pro September/October 2014
Furthermore, digital movies are demanding
on computer systems. In a digital movie, projection resolution is represented by the horizontal
pixel count, usually in the 2K (2,048 u 1,080
2.2 megapixels) or 4K format (4,096 u2,160 8.8
megapixels). Thus, even in the 2K format, a fulllength, 90-minute movie with subtitles requires a
storage capacity of 75 to 150 Gbytes, whereas in
the 4K format, the same movie requires a storage
capacity of 360 to 900 Gbytes. At 24 frames per
second, the bandwidth for real-time playback of
a video is approximately 21 to 42 megabits per
second for the 2K format and 100 to 250 Mbps
for the 4K format.1 Hence, companies such as
Barco, Christie, Kinoton, NEC, and Sony have
developed special digital cinema projectors. In
addition, some companies, such as Barco, Dolby,
Doremi (partnering with NEC), GDC, Qube, and
Published by the IEEE Computer Society
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Satellite
Sony, have supplied servers that are
transmission
responsible for the control and automation of an entire multiplex.
Digital cinema
Nevertheless, the cost and technipackages (DCPs)
cal knowledge for installing, operatDCC network
International
ing, and maintaining such a complex
network
system are high. The future cost of
Live alternative
upgrading the system could be even
content
higher. Deploying cloud computing can help minimize the investment from movie theater operators
while enhancing the workflow. In
particular, using cloud computing
Digital cinema 1
as a framework that enables conveDigital cinema 2
Digital cinema 3
nient, on-demand network access to
a shared pool of configurable com- Figure 1. Schematic diagram of Cyberport’s Digital Cinema Cloud
puting resources (for example, wired (DCC). The DCC serves as a hub that receives, transmits, and
and wireless networks, servers, stor- manages the broadcasting of movies and events securely.
age, applications, and services) can
offer greater flexibility and reliability
to users—that is, movie distributors
and theater operators.2
transferring and replicating large-size digital files
over WANs presents challenges using traditional
With funding provided by the Film DevelopTCP-based replication tools. The latency and
ment Council of Hong Kong, in 2010, Hong Kong
packet loss created over long distances disrupt
Cyberport Management initiated and managed a
replication over TCP. Based on the trial tests,
pilot project called the Digital Cinema Exchange.
TCP’s throughput dropped to less than 10 perThe project aimed to establish Cyberport’s Digicent of the maximum amount possible, and the
tal Cinema Cloud (DCC) and deploy its services
round-trip time (RTT) increased to 300 millisecto all movie theaters in Hong Kong and possibly
onds, representing a 5 percent packet loss.
parts of mainland China.
In the DCC, we adopted heterogeneous networks and various network protocol technologies,
Configuring a Cinema Cloud
such as forward error correction and multicasting
Cyberport’s DCC is a platform as a service that
via IPv6, to overcome these problems and restricoperates in a private cloud environment. Figtions. By connecting DCC and multiple theaters
ure 1 shows the system architecture of Cyberas a virtual private network, the system achieved
port’s DCC.
a low RTT, with less than 5ms latency. The use of
Figure 1 illustrates that the DCC receives digiIPv6 multicast applications also greatly reduced
tal cinema packages and alternative content (see
network resources and traffic loading. In terms
the related sidebar) via a satellite link or an interof communication bandwidth, DCC can easily
national network and then distributes the conhandle 100 to 350 Gbytes in the JPEG2K format
tent to local digital movie theaters. Cyberport is
for a movie, and up to 50 Mbps for stereoscopic
equipped with a 10-gigabits-per-second back3D content in MPEG-2 or MPEG-4 format for
bone network, whereas most Hong Kong digilive movie signal to multiple theaters.
tal theaters subscribe to a 100 Mbps high-speed
broadband connection to Cyberport’s DCC. As
of February 2014, 48 local theaters with 206
Digital Theaters in China
screens are streaming movies from the DCC, up
The film and movie theater industries have enfrom 11 local theaters with 60 screens in 2010.
joyed significant growth in China, even under the
Cyberport established a centralized digital-asthreat of the rise of home entertainment via the
set-management system to manage different meInternet.3,4 In 2013, China’s box office takings
dia files in a secure environment. Nevertheless,
surged by 27.5 percent to ¥21.8 billion.5 Out of
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
51
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: CLOUD COMPUTING
Alternative Content
lternative content refers to events and programs other than movies—such as operas,
musicals, stage performances, rock concerts,
and sports—that can be projected in digital
cinemas, particularly in stereoscopic 3D format.1
This type of content represents a new source
of revenue for the cinema industry. According to Chris McGurk, chairman and CEO of US
Cinedigm Digital Cinema, alternative content in
digital movie cinemas could be a US$1 billion
business worldwide. 2
In Hong Kong, Cyberport’s DCC has broadcasted live events to cinemas, including more
than 20 sports games in stereoscopic 3D format
and 30 Japanese pop concerts in 2D format in the
past two years. At one time, two live pop concerts
were transmitted simultaneously to theaters via
the multicast networks—that is, multiple-content
to multiple-location screening. Although the
A
revenue generated from alternative content is low
compared with the traditional movie box office,
the growth potential is tremendous, because
people who don’t have the time or desire to travel
might be interested in watching overseas live
events on big screens, preferably in stereoscopic
3D format.
References
1. European Digital Cinema Forum, “The EDCF Guide
to Alternative Content in Digital Cinema,” 2008;
www.edcf.net/edcf_docs/edcf_alt_content_for_
dcinema.pdf.
_______
2. “Cinedigm CEO: Alternative Content in Movie
Theaters Could Be A $1 Billion Business,”
The Hollywood Reporter, 15 Mar. 2012; www.
___
hollywoodreporter.com/news/cinedigm________________________
alternative-content-1-billion-business-chris__________________________
mcgurk-300763.
_________
Number of cinema screens in China
to be 20,285 by the end of April 2014,
implying that, on average, 17 movie
20,000
Others
theater screens are opening each day.
195
Digital
18,000
Figure 2 shows the total number of
3D Digital
3,891
movie theater screens grew in China
16,000
from 2007 to 2013.6 The figure in14,000
dicates that the number of digital
893
screens (2D and 3D) increased from
12,000
2,725
700 in 2007 to 4,100 in 2010, then to
10,000
18,000 in 2013.
893
8,000
Figure 3 shows the number of
14,109
3,038
movie
theater screens in the US.7 The
6,000
2,156
total number of screens increased
9,500
4,000
slightly from 38,975 in 2007 to 39,783
3,123
2,080
3,297
2,827
in 2013, whereas most digital screens
5,355
2,000
2,020
900
(3D and 2D) were used to replace an670
618
700
82
130
0
alog screens from 2007 to 2013. The
2012
2013
2009
2010
2011
2007
2008
number of digital screens accounted
Year
for 92.5 percent of all US screens
in 2013.
Figure 2. Number of movie theater screens in China. The number of
In comparing the information predigital screens (both 2D and 3D) increased from 700 in 2007 to 4,100
sented in Figures 2 and 3, the number
in 2010, then to 18,000 in 2013.
of screens in China is approximately
45.7 percent of that in the US. On the
other hand, China’s population is approximately 1.35 billion, whereas that of the US
these earnings, ¥12.8 billion were revenues from
is 0.31 billion. Thus, the number of people per
local movies and ¥9 billion from foreign films. At
screen in the US is 8,000, whereas this number
the end of 2013, China had 18,195 movie theater
in China is 74,200. The number of movie thescreens, around 99 percent of which were digiater screens in China is expected to have annual
tal. The total number of screens was estimated
52
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
double-digit percentage growth over
the next decade as it follows a logistic
growth curve.4
In realizing the rapid development
of digital movies and digital theaters
in mainland China, Cyberport’s DCC
is actively testing the reliability, flexibility, and scalability of cloud infrastructure. Moreover, Cyberport has
met with China’s content providers
to discuss streaming alternative content to Hong Kong and other regions
or streaming movies and alternative
content to mainland China.
Number of cinema screens in the U.S.
40,000
2,981
6,533
35,000
13,959
30,000
25,000
24,812
34,342
33,319
Using cloud technology in the movie
industry presents clear advantages, as
illustrated in Table 1.
19,570
31,815
20,000
22,319
12,686
15,000
6,898
10,000
5,000
0
4,149
3,646
986
2007
4,088
1,427
2008
The Digital Cinema Cloud
Advantages
3,289
2009
Others
14,483
7,837
12,935
2010
Year
2011
Digital
13,559
2012
2013
3D Digital
Figure 3. The number of movie theater screens in the US. The total
number of screens increased slightly from 38,975 in 2007 to 39,783 in
2013, whereas most digital screens (2D and 3D) were used to replace
analog screens from 2007 to 2013.
One obvious advantage of the DCC
is that it lowers the cost and difficulty of film animation sequences, which can
be particularly expensive due to the amount of
computing power they typically require.8 Using
cloud computing servers for film animation is
justified, given the periodic nature of animation
production as well as the occasional need to
procure an extensive amount of power, which,
as Qi Zhang, Lu Cheng, and Raouf Boutaba
noted, is one of the main strengths of cloud
computing.8
In addition to these technological advantages,
accessing and licensing creative productions,
such as movies and songs, will become easier.
Daniel Gervais noted that cloud computing
offers the advantage of enabling significantly
easier distribution of works directly to theaters
and allows for better tracking of the distribution of these works.9 Furthermore, he argued
that film studios must embrace this technology
rather than try to maintain control of distribution through physical devices, as has been
attempted in recent years, because consumers
are increasingly unwilling to accept this type of
restriction on their media use.9 Gevais states
that using cloud-based distribution approaches can enable better control of media, such as
films, and offer fewer distribution points than
are currently used; as such, the potential for
loss of property rights will be restricted, and
the extent of intellectual property loss will be
controlled.
Concerns
Cloud technology isn’t without its drawbacks for
the movie industry. One of the most important
concerns is the management and control of intellectual property. Intellectual property is one
of the main issues in contractual relationships
for cloud computing, because cloud computing
is inherently more open and more prone to jurisdictional and other legal issues (although not
necessarily more prone to data security breaches) than self-hosted or on-site computing services. The potential for an intellectual property
breach should not be overstated. As one report
noted, “75 to 80 percent of intellectual property
breaches are a result of attacks made inside the
company.”10 Based on this figure, the greatest potential problem for intellectual property
will actually not be from the cloud computing
services.
Additionally, auditability and privacy can be added to cloud services, and highly sensitive data can
be retained in-house, to prevent breaches. However, privacy and protection of intellectual property
remain pertinent concerns. Other concerns must
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
53
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: CLOUD COMPUTING
Table 1. Key benefits of adopting the Digital Cinema Cloud.
Group receiving benefits
Benefits
Film distributors and producers
Secure centralized storage in Hong Kong
Minimized risk of movie piracy with centralized digital-watermark technology
Reduced delivery time and cost
Reduced risk of physical damage during delivery
Theater operators or owners
Reduced cost of international bandwidth
Shorter delivery time and lower associated costs
Greater flexibility for show times
Lower running costs in the long-term
Post-production companies
(particularly those in Hong Kong)
Less time spent transferring files between companies for footage production
Enhanced efficiency for a number of post-production processes
Audience
Simultaneous worldwide releases of major feature films
Opportunities to participate in overseas live events
Enhanced quality of experience
Those with special needs can enjoy films and live events using personal
headsets
be considered for cloud computing when applied
to the movie industry. Some of the problems generally include cost of services, service quality and
reliability, and the potential that the provider could
go out of business (which could constrain the
availability of existing data). These concerns grow
even larger with customer lock-in, which constrains the ability of the user to move out of the
provider’s services.
Cinema Cloud Opportunities
One of the major opportunities for theaters
using digital screens and cloud distribution is
that cloud computing enables efficient storage
and streaming of ultra-high-definition (UHD)
media formats. Okung-Dike Ntofon, Dimitra
Simeonidou, and David Hunter discussed the
emergence of future media technologies such
as 4K and 8K technologies, which can be classified as UHD.11 They noted that these formats are significantly higher definition, but
also have significantly higher size and quality
of service requirements. To overcome these requirements, Ntofon, Simeonidou, and Hunter
proposed the implementation of an Advanced
Media Services Cloud, which can be deployed
over optimal networks.11 The development of
this cloud will enable digital and cloud media
producers to deliver higher quality media to
consumers in their homes or other locations,
although success is dependent on the implementation of appropriate optical networks
and the adoption of UHD technology at the
consumer level.
54
However, theaters using digital screens and
cloud computing also offer opportunities to
challenge the current industry model. Inexpensive cloud computing means that independent
filmmakers can extensively use CGI and special
effects in their films—an opportunity previously only afforded to big-budget studio films.12
Gregory Graham has also noted that film production and distribution has been substantially
eased for independent filmmakers since the introduction of cloud computing, offering them
a much easier avenue to reach viewers as well
as theaters.12 Thus, cloud computing offers an
opportunity to change the fundamental nature
of the film industry by realigning the productive power of major studios and independent
outfits.
lthough digital transmission of the
movie content has been available for
more than 10 years,13 the large-scale
deployment of digital screens has only occurred
recently due to 3D blockbusters. In China, a
number of movie production companies are
currently working on 3D movie projects, and
Cyberport’s DCC will help them present their
movies to audiences in a more secure and effective manner.
The movie industry presents opportunities for
IT growth—in particular, through the deployment of cloud-based services, ranging from digital archiving to high intensity processing, B2B
monetization, and business analytics.14 Indeed,
A
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
Hewlett-Packard has launched the HP Public
Cloud to explore opportunities brought by the
rapid growth of IT use in the entertainment industry, including movies.15
Acknowledgment
A grant (RP/ESCE-01/2013) from the Macao Polytechnic Institute supported this research.
References
1. “The EDCF Guide to Digital Cinema Mastering,”
European Digital Cinema Forum, 2007; www.cinema
technologymagazine.com/pdf/EDCF%20Mastering29
pageswithcubelogo.pdf.
______________
2. W.M. To, L.S.L. Lai, and A.W.L. Chung, “Cloud
Computing in China: Barriers and Potential,”
IT Professional, vol. 15, no. 3, 2013; doi:10.1109/
MITP.2012.64.
3. L.S.L. Lai and W.M. To, “The Emergence of China
in the Internet Market,” IT Professional, vol. 14, no. 1,
2012; doi:10.1109/MITP.2012.16.
4. L.S.L. Lai and W.M. To, “Internet Diffusion in China: Economic and Social Implications,” IT Professional, vol. 14, no. 6, 2012; doi:10.1109/MITP.2012.65.
5. “China’s Box Office Takings Surge Since 2002,” China Daily, 6 June 2014; usa.chinadaily.com.cn/business/2014-06/06/content_17568703.htm.
________________________
6. “The Development of Movie Industries in China” [in
Chinese], The Administration Center of Digital Film
Content, 2014; www.dmcc.gov.cn/publish/main/175/
2014/20140109170500645862417/201401091705006
________________________________
45862417_.html.
__________
7. “Theatrical Market Statistics—2013,” Motion Picture Association of America, 2014; www.mpaa.org/
wp-content/uploads/2014/03/MPA
A-Theatrical________________________________
Market-Statistics-2013_032514-v2.pdf.
_______________________
8. Q. Zhang, L. Cheng, and R. Boutaba, “Cloud Computing: State of the Art and Research Challenges,” J. Internet Server Applications, vol. 1, no. 1, 2010;
doi:10.1007/s13174-010-0007-6.
9. D. Gervais, “The Landscape of Collective Management Schemes,” Columbia J. Law and the Arts, vol.
34, no. 4, 2011; http://works.bepress.com/daniel_
gervais/35.
______
10. M. Creeger, “Cloud Computing: An Overview,” 1 June
2009; http://queue.acm.org/detail.cfm?id=1554608.
11. O-D. Ntofon, D. Simeonidou, and D. Hunter,
“Cloud-Based Architecture for Deploying UltraHigh-Definition over Intelligent Optical Networks,”
Proc. 16th Int’l Conf. Optical Network Design and Modeling
(ONDM), 2012; doi:10.1109/ONDM.2012.6210201.
12. G. Graham, “Storm Fronts and Filmmaking: Cloud
Computing Regulation and the Impact on Independent Filmmakers,” Pittsburgh J. Technology Law and
Policy, vol. 13, 2012; http://tlp.law-dev.library.pitt.edu/
ojs/index.php/tlp/article/view/109/114.
_______________________
13. European Digital Cinema Forum, “The EDCF Guide
to Alternative Content in Digital Cinema,” 2008;
w w w.edcf.net /edcf_docs/edcf_ alt _content _for_
dcinema.pdf.
14. “Cloud Computing for the Media and Entertainment
Industry,” IBM, 2010; http://www-304.ibm.com/
easyaccess/fileserve?contentid=224012.
________________________
15. C. Winter, “The Media & Entertainment Industry
Drives Cloud Innovation,” 2013; www.hpcloud.com/
blog/media-entertainment-industry-drives-cloud________________________________
innovation.
_______
Wai-Ming To is a professor in the School of Business at
the Macao Polytechnic Institute, China. His research interests
include environmental management and total quality management. To has a PhD in structural dynamics from Imperial College London, UK. Contact him at wmto@ipm.edu.mo.
___________
Linda S.L. Lai is an associate professor in the School of
Business at the Macao Polytechnic Institute, China. Her research interests include knowledge management and electronic
commerce. Lai has a PhD in information management from
Lancaster University, UK. Contact her at sllai@ipm.edu.mo.
__________
David W.K. Chung is the chief technology officer of Hong
Kong Cyberport Management, where he is responsible for
IT&T services operations and technology center management. His research interests include cloud computing and
knowledge management. Chung has a PhD in engineering
management from the City University of Hong Kong. Contact him at ________________
davidchung@cyberport.hk.
Andy W.L. Chung is the founder of XNT, a company
specializing in creative digital applications, phone games,
and cloud applications. His research interests include environmental modeling and game design. Chung has an MSc
in environmental engineering and management from the
Hong Kong University of Science & Technology. Contact
him at _______
info@xnt.hk.
Selected CS articles and columns are available
for free at http://ComputingNow.computer.org.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
55
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: CLOUD COMPUTING
Deploying a
Maritime Cloud
Kleanthis Dellios and Dimitrios Papanikas, University of Piraeus, Greece
The authors offer a roadmap for building a Maritime Cloud, offering
virtual platforms, tools, and data for the maritime domain. They
describe the proposed architecture and delivery models, evaluate
advantages and challenges, and suggest future research directions.
ociety depends on physical, cybernetic,
and network infrastructures to provide information and communications
technology (ICT) services and systems
and to interact with numerous complex and heterogeneous IT systems. Nowadays, the need for
modern ICT systems is particularly apparent in
the transportation sector, including the maritime
domain,1 which includes a complex digital environment for coordinating numerous entities, such
as ports, ships, port authorities, maritime and insurance companies, and government ministries.
The EU Maritime Transport Strategy recognizes
the critical role of ICTs for increasing productivity,2
but the involved parties—from participating enterprises to governments and standardization bodies—face numerous challenges when it comes to
ensuring the standardization, interoperability, and
S
56
IT Pro September/October 2014
availability of information.3 Because the maritime
environment comprises numerous heterogeneous
IT systems hosting a wide range of e-services,
managing unlimited I/O information and data,
cloud computing technology offers a possible solution. Here, we explore how traditional maritime IT
systems could be expanded to develop and deploy a
harmonized maritime cybernetic environment—a
Maritime Cloud that is able to host cross-border
and trustworthy e-maritime services.4
The Maritime Domain
We can group the various maritime entities and
assets as follows:
t UIF QIZTJDBM FOWJSPONFOU—port infrastructure,
facilities, authorities; maritime and insurance companies; shipping and cargo industry,
Published by the IEEE Computer Society
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Maritime cloud architecture
Virtual switch0-management
Virtual switch2-VM PortGroup
Virtual machines workloads balance
Hypervisor n
Hypervisor 1
Virtual security
manager
Backup
appliance
Cloud
portal
Virtual switch - 2 GbE
High availability virtual machine
monitoring
Virtual LAN
10GbE Ethernet channel
High throughput - low latency cluster interconnection
Storage pool & appliance
GbE NIC 1
Cluster file system
GbE NIC 2
SSD + SAS
Figure 1. IT architecture design of the Maritime Cloud stack.
manufacturers, and suppliers; government
ministries; the financial and banking domain;
linked transportation infrastructure; and human
resources; and
t UIFDZCFSOFUJDFOWJSPONFOU—infrastructure (buildings, ships), platforms (servers, networking terminals, databases), telecommunication systems
(networking terminals, satellites, geographic
information systems), software and manuals
(information and data), e-services (applications, frameworks, test environments), other
equipment (such as fire alarm and extinguisher
systems and surveillance systems), internal
(administrators, personnel) and external users
(port authorities, maritime companies), and objects (ships, cargo).
Because the maritime environment consists of such
a heterogeneous variety of hardware and software
without any middleware solution for managing
big data, adopting new technologies is becoming a
major burden for the maritime domain. Although
cloud computing technology is still evolving, it
could help manage big data and integrate new
technologies. Most users are already interacting
with cloud-enabled services (that is, email, social
media, online gaming, and mobile applications),
and new datacenters are continuously being built
to improve IT agility,5,6 resulting in reduced energy
consumption and carbon footprints.7,8
In fact, the US Navy successfully adopted the
cloud computing concept in 2011, creating a private cyber environment, exploiting land, marine,
and aerial technological resources as well as dynamic, static, and collaborative infrastructures and
shared computer systems and resources.9 Building a cloud model for the commercial and enterprise maritime environment to help manage the
complexity and heterogeneity of distributed and
decentralized infrastructures and integrate existing services would reduce management effort via
geographically remote networks. It would also deliver services and provide access to data, enhancing operational capabilities and improving the
way in which IT supports the modern e-maritime
domain.
Constructing the Maritime Cloud
The Maritime Cloud stack is based on the proposed architecture of unified cloud entities, as
described by Lamia Youseff 10 and widely adopted
by IBM. Figure 1 depicts the proposed Maritime
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
57
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: CLOUD COMPUTING
Cloud architecture and stack, comprising the
following five layers.
Hardware Layer
The hardware layer is the physical hardware and
firmware, including the maritime IT infrastructure
and physical facilities forming the backbone of the
Maritime Cloud stack. It can be used in cases of
government organizations or ministries investing
in datacenters and IT infrastructure. It includes
servers and storage solutions.
For example, storage solid state drives (SSDs)
provide a reliable, high-performance serial attached SCSI (SAS) storage solution. The SAS
interface with SSDs is used for I/O-intensive,
demanding enterprise environments such as the
maritime domain, high-performance computing, video on demand, and large-scale datacenters
for other mission-critical applications. A virtual
switch can also be included in this layer as part
of the server firmware. Datacenter management
and power consumption optimizations are also
included.
Kernel Layer
The kernel layer is responsible for memory management, process management, task scheduling, and disk management. Yet kernels are often
overlooked, despite being one of the most critical
pieces when creating a cloud architecture. This
layer includes the software interface for hosting
three major components: the hardware, guest
systems, and console operating system. It adds
a management interface for the interaction of
the core server system and the virtual machines
(VMs) running on the server. It provides the software kernel (to be implemented as the OS kernel), a hypervisor (virtualization manager), VM
monitoring, and cluster middleware.
Infrastructure Layer
This fundamental layer provides resources to the
other layers of the stack, including applications.
The Maritime Cloud services of this layer can be
categorized into
t DPNQVUBUJPOBM SFTPVSDFT (infrastructure as a service, or IaaS), including virtualization concepts
(that is, paravirtualization and hardware-assisted virtualization) for providing computational resources to Maritime Cloud users;
58
t EBUBTUPSBHFBTBTFSWJDF (DaaS), letting Maritime
Cloud users store their data and access them
anytime from anywhere; and
t TDIFEVMFEBOESFMJBCMFDPNNVOJDBUJPODBQBCJMJUZBTB
TFSWJDF (CaaS), including traffic isolation, dedicated bandwidth, communication encryption,
and network monitoring.
The data storage helps administrators develop
virtual storage class data services, offer scalability, and present a choice of storage protocols,
all with better throughput to meet storage requirements. A distributed storage manager enables VM load balancing based on storage I/O
and capacity within a cluster VM, with the VM
workload balance based on CPU and memory
resource utilization. The virtualized high-performance cluster system provides storage virtualization optimized for VMs and efficiently
stores the entire VM state in a central location
that supports virtualization-based distributed
infrastructure services. Tiered storage allows
the entire system to consolidate and deploy different types of storage within the same networkattached storage-based system.
The communication capability includes the
network interface controller (NIC) acting as
the base of the entire selected network protocol stack, allowing communication between the
physical layer and data link layer among groups
of the same LAN and large-scale network communications through routable protocols (that
is, IP). NIC virtualization provides information
on NIC functionality for the virtualized 10-Gb
Ethernet (GbE) channel. It allows sharing a single 10-GbE network port, and its virtual Media
Access Control provides statistics per server on
transmitted and received (Tx/Rx) traffic. The
Link Aggregation Control Protocol for gigabit
interfaces configures the GbE port channels,
allowing bundling of multiple GbE links into a
single logical interface on a router. It is defined in
the IEEE 802.3ad specification as aggregation of
multiple link segments.
The virtual switch is the software program that
allows one VM to communicate with another; it
actually inspects the data packets before passing
them forward. The hypervisor or the VM monitor
(VMM) acts as the software-based virtual datacenter for delivering, providing, and consuming
services, and it offers automated storage services.
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Platform Layer
This layer uses IT automation to integrate service
provisioning and allow administrators and architects to develop complex automation tasks, also
delivering service-level agreements (SLAs) for
all applications. It supplies the Maritime Cloud
stack’s software developers with programming
framework environments and APIs to develop and
deploy Maritime Cloud interactive and scalable
applications.
Application Layer
This is the top layer of the Maritime Cloud stack.
Here, users access the deployed services provided
through the Maritime Cloud portals.
forms, the databases, and the development tools
(for example, Java runtimes and webservers). Because not all cloud models are appropriate for
the e-maritime ecosystem, and because maritime
entities have different requirements and expectations, developers need to capture and consider
requirements before designing, creating, or using
a Maritime Cloud platform model. For example,
e-maritime environments usually host, store,
and exchange information to provide maritime
participants with e-services, so interoperability
and security are major challenges at all levels of
an appropriate delivery of a Maritime Cloud platform model design.
Software as a Service
Delivery Models
The following Maritime Cloud delivery models
are based on National Institute of Standards and
Technology definitions.
Infrastructure as a Service
Maritime IaaS is the bare infrastructure on which
maritime IT requirements will be deployed, as
previously described, in the Maritime Cloud
hardware, kernel, and infrastructure layer of the
Maritime Cloud stack. The M-IaaS delivery model is responsible for providing server, storage, networking, and load-balancing services, and system
management.
The Maritime Cloud infrastructure architecture can be designed using the existing maritime
IT without excluding the hardware components
of other organizations or companies related to the
maritime sector. Existing maritime IT infrastructure and systems can be refurbished and fully
utilized.
Platform as a Service
Maritime platform as a service (M-PaaS) is the
premium infrastructure and united platform that
provides tools and facilities for designing, developing, testing, deploying, and hosting maritime
application solutions and services. Developers
can create fully customizable e-maritime platforms while integrating existing systems and
following business models and standards. Furthermore, M-PaaS enables database integration,
security, scalability, storage, and management.
The crucial modules in a Maritime Cloud environment are the operating systems and plat-
Maritime software as a service (M-SaaS) is the
delivery model where all maritime software, applications, and services are provided on demand.
As the final component of the Maritime Cloud
delivery model, it can lead to the creation of
new cross-border and trustworthy e-maritime
services. M-SaaS is replacing the NIST-defined
SaaS model in the Maritime Cloud delivery
model, so that all involved maritime entities can
collaborate under the same Maritime Cloud and
use the same proposed Maritime Cloud architecture and stack.
Numerous e-maritime services can be included in the M-SaaS layer, including
t vessel services that deliver e-information and
vessel authentication and monitoring (via RFID
and geographic information systems);
t cargo services that deliver e-documentation
and cargo authentication (again, via RFID and
geographic information systems);
t logistics services that provide logistics operations such as e-orders, e-invoicing, e-payments,
and e-reservations;
t multichannel communication (Wi-Fi, VPN)
services that communicate with all maritime
entities; and
t integration services that deliver customs declarations and controls (for example, taxes and
penalties) and offer e-health and e-tourism
support.
Each one of these Maritime Cloud delivery models and services can also be parameterized to
meet the maritime domain’s needs.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
59
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
FEATURE: CLOUD COMPUTING
Cyber Ocean Deployment
Cloud computing technology can be exploited for
building various types of Maritime Cloud models
in order to deploy them in the maritime domain
and offer e-maritime cloud services worldwide.
Private Maritime Clouds can be limited to specific purposes, serving only the Maritime Cloud
architects and developers at a regional level, and
within the limits (and JEFOUJUZ BDDFTT NBOBHFNFOU
restrictions) of the Maritime Cloud platform’s
users.
Developers can also create community Maritime
Clouds by expanding the capabilities of private
Maritime Clouds and allowing them to be used by
other parties with similar interests, target groups,
and policies (that is, security, privacy, certification, and accreditation). A community Maritime
Cloud can be deployed at the national, regional, or
worldwide level, offering cross-border e-maritime
services accessed by the same entities as in the
private Maritime Cloud but also by suppliers and
end-user partners. Moreover, Maritime Clouds
can provide unlimited access through public Maritime Cloud portals for the general public to access
maritime services. The public Maritime Cloud can
be deployed at the national, regional, or worldwide
level, offering cross-border e-maritime services to
clients and customers.
Finally, a hybrid cloud is a combination of the
previous types. In a future maritime hybrid cloud,
models can be deployed to offer e-maritime services to the general public but also consolidate
legacy applications and data designed for all sides
of the maritime spectrum.
Benefits and Risks
Of course, any decision about diving into the cyber ocean and using the Maritime Cloud must be
based on a detailed analysis of potential benefits
and risks.
If properly designed and implemented in the
maritime domain, cloud computing offers numerous benefits. A Maritime Cloud can provide
increased operational management, improved asset utilization (that is, servers), and improved productivity, especially in application development. It
can achieve energy efficiency and proper human
resource management, and reduce the time and
cost of maintenance and management of IT resources. Users get rapid access to Maritime Cloud
services.
60
A Maritime Cloud also offers efficient optimization of valuable storage, enabling continuous improvement and agility. In addition, by
enhancing maritime mobility with network scalability, it can provide an efficient network load
balance. It can contribute to a stable e-maritime
environment, scale up the number of supported end users, and satisfy their requirements.
Emerging technological trends like BYOD (bring
your own device) can be combined, utilized, and
implemented into standardized processes and
methods of certification and accreditation of a
Maritime Cloud environment.
Green IT (energy-efficient computing) is
part of the IT life cycle and environment, both
physical and cybernetic. By efficiently managing virtualized resource pools and optimizing
application performance, a Maritime Cloud can
minimize energy consumption in datacenters.
Environmental protections can help users adopt
eco-friendly approaches and technologies. By
reducing the IT infrastructure, adopting a Maritime Cloud architecture, or recycling the life of
already existing maritime IT infrastructures, users can also reduce energy costs and system footprints (that is, servers and datacenters) inside a
maritime environment.
Having fewer application licensing costs, better server utilization, less infrastructure costs,
more efficient data storage, less energy use, easy
and free application development and testing,
and instant e-maritime service provision makes
it possible for Maritime Cloud developers to reduce costs and create immediate profit as a vital
benefit and advantage for the maritime domain at
any level—regional, national, and global.
However, despite the initial success of cloud computing, a significant number of risks exist, because
cloud infrastructures and platforms in their current
form don’t employ standardized methods of storing
user data and applications. Issues to be addressed
include the so-called CIA triad—confidentiality,
integrity, and availability—regarding users’ privacy,
data security, legacy system performance, and disaster recovery, and the transition issues that arise
when establishing, maintaining, sustaining, and
managing a new Maritime Cloud environment.
The security, privacy, and trust issues involving Maritime Cloud data migration, management, portability, and interoperability, along with
secure data and application storage, all affect the
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
Maritime Cloud stack and architecture. Maintaining forensics, information management,
and reporting while implementing continuous
monitoring for intrusion detection triggers and
diagnostics must be under continuous consideration, especially when interacting with highmobility, limited-bandwidth, and long-latency
environments.
he adoption of cloud computing technology can revolutionize the maritime domain,
enabling a collaborative environment offering cross-border e-maritime services to all participants and users, and providing reliable information
and immediate processing. IT professionals and
experts can take advantage of highly efficient
cloud infrastructures while increasing agility.
On-demand, ubiquitous network access and location-independent resource pooling are exactly
what the maritime domain needs. In addition,
large-scale infrastructures can lower energy use
and emissions by using cloud computing technology. The maritime deployment models we’ve
presented can be implemented at any level to deliver a variety of innovative e-maritime services.
However, it’s essential to develop a standardized migration strategy for moving to the Maritime Cloud. This will require generating a new
set of e-maritime cloud services to solve interoperability issues among cross-border maritime
standardization bodies, organizations, and working groups—such as the International Maritime
Organization (www.imo.org), the European
Maritime Safety Agency (www.emsa.europa.eu),
and the European Commission’s Innovation
and Networks Executive Agency (http://tentea.
ec.europa.eu/en/about_us/organisation)—leading
___________________________
to a universal maritime policy. Topics such as security, data interoperability, SLAs, and mobility
are open issues for future research work.
T
References
1. “Transportation Systems Sector-Specific Plan: An Annex to the National Infrastructure Protection Plan,”
US Dept. of Homeland Security, 2010; www.dhs.gov/
xlibrary/assets/nipp-ssp-transportation-systems-2010.pdf.
________________________________
2. “Maritime Transport Strategy 2018,” European Commission, Jan. 2009; http://ec.europa.eu/transport/
themes/strategies/2018_maritime_transport_strategy_
________________________________
en.htm.
____
3. “National Plan to Achieve Maritime Domain Awareness,” Air University, Oct. 2005; www.au.af.mil/au/
awc/awcgate/uscg/mda_plan.pdf.
____________________
4. K. Dellios and D. Polemi, “Maritime Clouds for the
European Ports,” 1SPDUI1BOIFMMFOJD$POG*OGPSNBUJDT
(PCI 12), 2012, pp. 422–426.
5. D. Wyld, .PWJOHUPUIF$MPVE"O*OUSPEVDUJPOUP$MPVE
$PNQVUJOHJO(PWFSONFOU, IBM Center for the Business
of Government, 2009; www.businessofgovernment.
org/sites/default/files/CloudComputingReport.pdf.
6. V. Kundra, 4UBUFPG1VCMJD4FDUPS$MPVE$PNQVUJOH, white paper, CIO Council, May 2010; http://cio.gov/wp-content/
uploads/downloads/2012/09/StateOfCloudComputing
________________________________
Report-FINAL.pdf.
___________
7. A. Berl et al., “Energy-Efficient Cloud Computing,”
$PNQVUFS+, vol. 53, no. 7, 2010, pp. 1045–1051.
8. 4NBSU&OBCMJOHUIF-PX$BSCPO&DPOPNZJOUIF*OGPSNBUJPO"HF, tech. report, Climate Group, 2008; www.
____
smart2020.org/_assets/files/02_Smart2020Report.pdf.
9. D. Perera, “Navy Embraces Cloud Computing,” 'JFSDF(PWFSONFOU*5, 13 July 2011; www.fiercegovernmentit.
com/story/navy-embraces-cloud-computing/201107-13#ixzz1iz116Lqm.
_____________
10. L. Youseff, M. Butrico, and D. Da Silva, “Toward a
Unified Ontology of Cloud Computing,” 1SPD (SJE
$PNQVUJOH &OWJSPONFOUT 8PSLTIPQ (GCE 08), 2008,
pp. 1–10; www.cs.ucsb.edu/~lyouseff/
CCOntology/
_________________________
CloudOntology.pdf.
____________
Kleanthis Dellios JTB1I%DBOEJEBUFJOUIF%FQBSUNFOU
PG *OGPSNBUJDT BU UIF 6OJWFSTJUZ PG 1JSBFVT )F SFDFJWFE
BO .4D JO BEWBODFE JOGPSNBUJPO TZTUFNT GSPN UIF TBNF
VOJWFSTJUZ)JTSFTFBSDIJOUFSFTUTJODMVEFDPNQVUFSTFDVSJUZ
CJPNFUSJDUFDIOPMPHZFHPWFSONFOUBOEJOUFMMJHFOUUSBOTQPSU TZTUFNT %FMMJPT JT B DFSUJGJFE *4.4 "VEJUPS *40
*&$
$POUBDUIJNBULEFMMJPT!VOJQJHS
__________
Dimitrios Papanikas JTB1I%DBOEJEBUFJOUIF%FQBSUNFOU PG *OGPSNBUJDT BU UIF 6OJWFSTJUZ PG 1JSBFVT )F SFDFJWFEBO.4DJOBEWBODFEJOGPSNBUJPOTZTUFNTGSPNUIF
TBNFVOJWFSTJUZ)JTSFTFBSDIGPDVTFTPOTPGUXBSFFOHJOFFSJOHJOGPSNBUJPOTZTUFNTTFDVSJUZWVMOFSBCJMJUZBTTFTTNFOU
BOEQFOFUSBUJPOUFTUJOHUFDIOPMPHZ1BQBOJLBTJTBDFSUJGJFE
*4.4 "VEJUPS *40*&$ $POUBDU IJN BU
QBQBOJL!VOJQJHS
___________
Selected CS articles and columns are available
for free at http://ComputingNow.computer.org.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
61
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
IT IN EMERGING MARKETS
EDITOR: Gustavo Rossi, Universidad Nacional de La Plata, gustavo@lifia.info.unlp.edu.ar
_________________
Toward Open
Government in
Paraguay
Luca Cernuzzi, Universidad Católica Nuestra Señora de la Asunción, Paraguay
Juan Pane, Centro de Estudios Ambientales y Sociales (CEAMSO), Paraguay
araguay, with its population of approximately
6.8 million, has one of
the lowest gross domestic products (GDPs) per capita of
Latin America.1,2 Furthermore, IT
penetration in the country is quite
low. As of 2012, only 27.08 percent
of individuals used the Internet—
the lowest percentage in South
America—and only 29.48 percent
of households had a computer.1
The private IT market, independently from the government’s
efforts to promote IT, has grown
remarkably in the last two decades. It first grew in the mobile
telecommunication industry, then
the growth moved into the financial market, and it’s now affecting other industries, including
agriculture.
Academia is also supporting IT
growth. Currently, 34 universities
offer 46 computer science programs
and a few professional-oriented
master’s programs in IT. There
are also some promising research
groups (two universities offer doctoral programs in IT). However, in
the absence of an effective national
quality-control system, the quality of university programs varies.
P
62
IT Pro September/October 2014
Therefore, although there are some
highly skilled IT professionals, it’s
still difficult to find enough local
personnel to cover the demand of
the growing market.
In the last few years, the central
government has put IT on its policy
agendas. The goal has been to introduce IT-based solutions to improve
public administration processes;
deliver quality public services; and
improve transparency, citizen participation, and accountability. In April
2012, Paraguay joined the Open
Government Partnership (OGP;
www.opengovpartnership.org),
which helps countries make their
governments more “open, accountable, and responsive to citizens.”
Here, we outline Paraguay’s journey toward open government (or ogovernment) and the technical and
organizational challenges it faces.
Moving Beyond
E-Government
In 1997, Paraguay implemented a
metropolitan network to connect
105 government agencies via a national Internet-based virtual private
network (VPN). However, the communication infrastructure wasn’t
enough to improve processes and
Published by the IEEE Computer Society
services, because the accompanying
IT solutions were developed in isolation, often by foreign companies.
On several occasions, high-quality
software solutions, deployed by foreign teams, failed due to the lack of
local support (the solutions weren’t
sustainable). Moreover, significant
effort was required to make these
isolated solutions interoperable.
In 2010, the government decided to design a “master plan” for
information and communication
technology (ICT) and, two years
later, it created an ICT secretary
position. Part of its master plan was
to emphasize the use of free software. Yet despite advances in the
infrastructure and the creation of
an ICT master plan to modernize
government processes and better
empower citizens, challenges still
remained. In particular, the government struggled to do the following:
t apply citizen-centric approaches to system development,
t improve local capabilities for
technology development and
support, and
t improve information availability and accessibility for all
stakeholders.
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Table 1. The 5-Stars Open Data Standard (http://5stardata.info).
The latter introduces the challenge of open data, which enables
transparency and is the foundation of open government.
Open Government
The o-government philosophy fosters a more horizontal and democratic way of governing, which
benefits citizen participation, promotes transparency and strengthens technology with the aim of
improving the quality of public services. The key components to any
o-government initiative are transparency, participation and collaboration, and accountability.
Transparency
Transparency refers to openness
of information about government
activities and decisions in a way
that is comprehensive, timely,
and accurate, following open data
standards. Transparency is the
key enabler for citizens to understand the workings of their government, and it’s important in
preventing and detecting corruption and inefficiencies in government services.
Participation and
Collaboration
Participation and collaboration
lead to citizen engagement and
empowerment, which are essential for effective governance and
policy making. This allows public
opinion to influence how the government works, which helps improve the delivery of services.
Accountability
Accountability is the process by
which citizens can hold the government responsible for its management of public goods.
Open Data
Open data, which is the base of
transparency, refers to data or content that “is open for anyone to freely
use, reuse, and redistribute… subject
No. of stars
Deployment scheme
Example
1
Make the information available online
PDF files
2
Use structured data
Excel files
3
Use nonproprietary formats
CVS files
4
Use URIs
Http://data…
5
Link the data to related data
Hyperlinks
only, at most, to the requirement to
attribute and/or share-alike” (http://
____
opendefinition.org).
____________ Interoperability
and re-use is achieved by following standards such as the 5-Stars
Open Data Standard, defined by
Tim Berners-Lee (see Table 1).3
The higher the number of stars,
the more re-usable and interoperable the data will become; however,
the technical effort needed will also
be higher. Considering that different institutions in the government
have different technical capabilities,
there should be a tradeoff between
high-level standards and available
resources when opening data.
There are several benefits to open
data. First of all, in terms of government, open data is a key enabler
for transparency, citizen participation, and accountability. Second,
it fosters innovation, the discovery
of new knowledge, and improved
services. Third, some estimate that
open data could have an economic
benefit of up to US$3 trillion, resulting from increased efficiency,
the development of new products
and services, and cost savings from
higher quality products.4
Furthermore, the costs of developing government data visualization can be outsourced to
interested stakeholders. Projects
such as WhereDoesMyMoneyGo.
org and OpenSpending.org are
examples of how the government,
by publishing budgets in a reusable format, enabled effective visualization tools by third parties.
O-Government Challenges
The challenges for an optimal
implementation of o-government
in Paraguay, starting from transparency, span several dimensions,
but for the most part, success will
depend more on political willingness than technical capabilities.
Fortunately, citizen- and government-led initiatives aim to address
the following challenges.
Legal
Despite an Article in the Paraguayan National Constitution that
states that all individuals have the
right to receive truthful, responsible, and unbiased information,
and that all sources of public-sector information should be freely
available, the most important legal challenge for o-government
in Paraguay is to create a law that
regulates access to public-sector
information. Furthermore, there
are no legal definitions of publicsector information, data, or datasets, or of open data.
Recent developments, such as
the Supreme Court decision to
grant access to information regarding the salaries of public officials, and the partial approval of a
Public Sector Information Access
Law, show there’s a high degree
of interest by both the lawmakers
and the public in overcoming current legal challenges.
Organizational
There’s also a need for proper organizational tools and procedures
for releasing public data. The Administrative Law of Paraguay only
allows public officials to do what’s
explicitly permitted; anything else
is forbidden and subject to legal
consequences. This implies that
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
63
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
IT IN EMERGING MARKETS
in the absence of organizational
procedures for releasing public
sector information, public officials aren’t allowed to publish
data.
Another challenge is the insufficient number of experts available
to work on the technical and legal aspects of opening data. The
final challenge refers to the lack of
knowledge about o-government
principles that sometimes creates
a resistance to change by public
officials.
Technical
The government must select open
data standards that foster transparency and help create technological
tools, such as forums and feedback
mechanisms for collaborative consultation processes that support citizen engagement and community
to create and maintain an informed
community that can actively participate in o-government initiatives
using the available legal and technological tools.
Considering this, Tim Davies
used Berners-Lee’s standard to
create a set of principles, called
5-Stars Open Data Engagement,5
that guide the process of opening
data:
1.
2.
3.
4.
5.
be demand driven (),
provide context (),
support conversation (),
build capacity and skills ()
and
collaborate with the community ().
The idea of this principle is that
an informed community can guide
the process of opening technically
The challenge is to create and maintain an
informed community that can actively participate
in o-government initiatives.
management. However, it should
also provide an IT infrastructure
that can guarantee continuous
availability of such tools.
Furthermore, Paraguay needs
to create tools such as catalogs,
indexes, and search and navigation mechanisms that help
citizens find and use open data.
Such data should include metadata that specifies the spatial and
temporal validity to make the
semantics of each piece of information explicit. Interoperability
must also be ensured at the vocabulary, schema, metadata, and
data levels.
Adoption
Adoption deals with creating awareness of o-government and of how
citizens and public officials can use
open information. The challenge is
64
correct data, maximizing the adoption of standards and open data.
o ensure the sustainability
of o-government programs,
Paraguay must guarantee
local availability of capabilities
and resources—which requires
having qualified IT staff in government, academia, and the private sector. To facilitate this, in
academia, we’re working to build
a transnational triple-helix system,6 which, by fostering and promoting the interchange of competences, personnel, and skills
among countries, should lead to
mutual growth. We must prepare
PhD students to lead the transformation process, and we must create higher-education partnerships
and collaborations on common
T
problems and share knowledge regarding how such a collaborative
system might work.
References
1. “ICT Eye,” Int’l Telecommunications Union, 2013; www.itu.int/
ITU-D/ICTEYE/DisplayCountry.
____________________
aspx?code=PRY#jump.
______________
2. “Measuring Latin American GDP,”
World Economics, Jan. 2014; www.
___
w
o r l d e c o n o m i c s. c o m / Pa p e r s /
_____________________
Measuring%20Latin%20American%
_____________________
20GDP_7fbab7d6-44fd-4f40-b4bb____________________
233fb5aeaab5.paper.
___________
3. T. Berners-Lee, “Design Issues:
Linked Data,” World Wide Web Consortium (W3C), 2010; www.w3.org/
DesignIssues/LinkedData.html.
__________________
4. J. Manyika et al., Open Data: Unlocking Innovation and Performance with
Liquid Information, McKinsey Global
Inst., 2013.
5. T. Davies, “5-Stars of Open Data En___
gagement?” blog, 21 Jan. 2012; www.
timdavies.org.uk/2012/01/21/5-stars_____________________
of-open-data-engagement.
_______________
6. H. Etzkowitz et al., “UniversityIndustry-Government Interaction:
The Triple Helix Model of Innovation,” Asia Pacific Tech Monitor, vol. 24,
no. 1, 2007, pp. 14–23.
Luca Cernuzzi is a professor at the
Universidad Católica Nuestra Señora de
la Asunción, Paraguay. Contact him at
lcernuzz@uca.edu.py.
____________
Juan Pane is an open data consultant at
the Centro de Estudios Ambientales y Sociales (CEAMSO), Paraguay, and a lecturer
at the Universidad Nacional de Asunción.
Contact him at ___________
jpane@pol.una.py.
Selected CS articles and
columns are available for free at
http://ComputingNow.computer.org.
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Technology Solutions for the Enterprise
2015
Editorial Calendar
January/February
July/August
IT Security
Data Analytics
Richard Kuhn, US National Institute of Standards
and Technology
Morris Chang, Iowa State University
Tim Weil, Coalfire Systems
Seth Earley, Earley & Associates
Jinan Fiaidhi, Lakehead University, Canada
Vladimir Dimitrov, University of Sofia
Maria R. Lee, Shih Chien University
March/April
September/October
IT-Enabled Business Innovation
Wearable Computing
Robert Harmon, Portland State University
Haluk Demirkan, University of Washington
Irena Bojanova, UMUC
Maria R. Lee, Shih Chien University
May/June
November/December
Internet of Everything
Smart Systems
Irena Bojanova, UMUC
George Hurlburt, STEM Corp
Jeff Voas, US National Institute of Standards and
Technology
Fulvio Corno, Politecnico di Torino
Robert Harmon, Portland State University
For more information, see
www.computer.org/itpro/cfps
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
DATA ANALYTICS
EDITOR: Seth Earley, Earley & Associates, seth@earley.com
_________
Usability for
Internal Systems:
What’s the Payoff?
Seth Earley, Earley & Associates
onsumer applications
are raising the bar
when it comes to usabilit y expectations,
and such expectations are being
carried over into corporate environments. IT organizations thus
should be paying close attention
to elements that make internal
systems and applications intuitive
and easy to use. But what’s the
justification for doing so? Easier
access to information doesn’t
provide business value unless
there’s a corresponding improvement in efficiency or a new capability. Organizations are often
hard pressed to justify the significant investments required to
address enterprise-wide applications when the outcome is uncertain and the payoff unclear.
For external applications, the
stakes are far more clear. A user
experience arms race is taking
place in the marketplace—with
multibillion dollar rewards for
those who get it right. For the ones
left behind, failing to measure up
can mean lost opportunities and
market share or, in more extreme
circumstances, it can lead to irrelevance in the eyes of customers.
C
66
IT Pro September/October 2014
Focusing on External Apps
Usability and the user experience are key differentiators for
pure-play Internet businesses. Although they sound similar, there’s
a significant difference between
the two concepts. The user experience entails everything that a
user sees, feels, and thinks about
an organization. Usability is more
about the mechanics of a site or
application. Can users get to the
information they need with minimal friction? Can they accomplish
their tasks easily and elegantly? Is
the site intuitive?
Measuring Usability
Usability is measured by articulating tasks for target users to accomplish and letting them execute
those tasks in the application or
website—whether on a desktop,
laptop, tablet, or smartphone. The
success of those tasks and the ease
with which they’re executed (along
with some other metrics such as
number of false paths or restarts)
become aggregated across user
groups and multiple scenarios to
develop usability measures.
Complexities arise when considering that different users have
Published by the IEEE Computer Society
different levels of fluency with
technology or might have different educational and cultural
backgrounds. Therefore, an important part of usability is selecting the correct demographic for a
user group. For Internet retailers,
for example, the target users are
defined through market research
and by capturing data and indicators about current customers
and extrapolating to understand
desired customers. User groups
are screened as part of the study
design and set up.
Personas—archetypical customer composites representing characteristics of a target user—are used
to get into the mind of the users
to imagine how they might react.
Personas are typically given a name
for easy reference—“Bob” might
represent a 25-year old tech-savvy
college graduate who lives alone
and is interested in martial arts.
The seemingly trivial or unrelated
details help round out the type of
person that system designers think
“Bob” is. This way, they can make
design choices they believe would
suit him.
Some of this conjecture is
more art than science, but most
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
enterprises dealing with a broad
range of user types on their public
commerce-focused websites find
personas to be extremely valuable.
The point is that a deep, rich understanding of the customer can
be represented in model development. Taking this a step further,
usability specialists, marketers,
and business analysts build libraries of scenarios for personas
that describe a “day in the life”—
the tasks and activities that these
“personas” engage in while going
about their business. Use cases
can be defined or derived from
scenarios and provide yet another
level of detail around user understanding. These use cases can be
more along the lines of task descriptions than the strict use cases developed for system testing.
Formal test use cases for system
functionality are derived from
task descriptions.
When placed into the online
context, each step of a task typically requires interaction with data
and content or the ability to locate
a particular piece of information.
Therefore, this process of understanding users—from the macro
level down to the detailed task and
use case level—defines content
access, information management,
and functional requirements.
Understanding the
User Experience
The user experience is a broader
concept. It typically begins with
awareness and brand perceptions.
Once a user becomes interested
in a product or service—whether
through word of mouth, social
media, a newspaper article, an
email communication, or a Web
search—engagement can begin in
any number of ways.
If the company has a physical
presence, the user (now a potential
consumer) might walk into a store.
He or she might do more research
online and get more information
from a third-party site, a friend on
Facebook, or the company site itself. Each one of these mechanisms
creates a perception on the part of
users that impacts what they do
next. At some point, they might
decide to make a purchase. If this
takes place online, the architecture
of the website and its ease of use
have a direct impact on whether
the individual follows through
with the purchase. Conversion is
an important metric for online retailers; however, it is merely the final step in a potentially long chain
of events.
Imagine a scenario in which an
organization has spent millions of
dollars on its website and tested
the usability until it was optimized
across all of the target audiences.
The organization has spent all of
its resources on the site and didn’t
leave enough money for call center training and support systems.
A new customer who has a problem with shipping or billing that
poorly integrated. The call center
isn’t aware of marketing’s new offer. Billing hasn’t heard about and
adjusted for the upcoming service
outage. Customer support doesn’t
have the latest fix for the problem
that cropped up with the newest model. Online offers are out
of synch with items in the store
because of delays in getting all of
the systems updated with the correct information. The customer
experience, also referred to as the
“customer journey,” is then taking place over rutted roads with
detours and snarled intersections,
poor and confusing signage, and
dead ends.
Linking Internal and
External Performance
Analytics and big data play a crucial role in the customer experience. We now have data streams
that are emitted as “exhaust” from
every process. Internal systems can
measure the performance of the
Conversion is an important metric for online
retailers; however, it is merely the final step in
a potentially long chain of events.
can’t be resolved online might call
the company, get placed on hold
or transferred multiple times, become disconnected, or reach a
poorly trained offshore representative who can’t solve the problem.
News of this experience reaches
discussion boards, Twitter, Facebook, and the company’s community of users. Clearly, the site’s
excellent usability can’t overcome
this terrible user experience.
Although exaggerated, this type
of scenario is happening across
thousands of organizations. In
this scenario, parts of the user
experience are broken. Legacy
systems that are stitched together
have evolved over time and are
various departments supporting
each stage of the customer journey—learning about the product
or service (marketing), purchasing
(sales) and receiving (shipping and
logistics) the product, enjoying
the defect-free product (service),
handling the billing and payment
component (finance), and providing additional post purchase repairs or services (support). This
model might vary somewhat based
on the industry, product, and service, but for the most part, it’s fairly
universal. At each step, internal department and process performance
can be measured via financial measures, key performance indic ators,
and dashboards.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
67
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
DATA ANALYTICS
An external set of metrics referred
to as the voice of the customer
(VOC) consists of surveys, pointof-sale feedback, website comments, service calls, complaints,
feedback to call centers, social
media commentary, and discussions. This input is mostly in the
form of unstructured data, which
requires text analytic methodologies
to derive insights. User reactions
and feedback can also be derived
from online behaviors—for example, clickstream analysis can track
when users are attempting to locate information or are interacting
with specific Web content.
Because website and e-commerce investments have obvious
links to sales and conversions,
content that directly supports the
customer experience receives a
great deal of attention and resources. However, because the customer experience consists of a chain
of interactions, poor internal user
experiences and the consequent
inefficiencies in internal systems
can’t help but have a downstream
impact on the customer experience. This chain of interactions is
increasingly taking place on mobile devices. Many retailers view
mobile devices as being part of a
behavior pattern (rather than as a
marketing channel) and as a way
to bridge the physical and virtual
worlds. As such, the rise of “omnichannel” communication, engagement, and commerce requires
that the value chain of interactions—the customer journey—be
smooth and consistent.
Omnichannel marketing thus
means understanding that customers might start on one device
and then move to another or end
up at a physical location. Furthermore, content and communications should be the same whether
in a newspaper, on a radio ad, on
a mobile application, on a website,
or in the store itself. Customer
service systems and floor sales
68
associates all should have the
same information and key content for supporting the customer.
Internal systems and processes
need to be integrated and continuous so that the customer receives
consistent messaging, offers, and
functionality, creating an overall
positive, friction-free experience.
Dashboards can be designed using text analytics to correlate VOC
data with internal process performance. Dashboards containing
operational analytics from financial
systems and business intelligence
applications are nothing new.
Associating external user data harvested from various sources with
internal operational metrics can
provide a real-time scorecard of
how internal enterprise processes
affect external user perceptions.
Broken and inefficient internal
processes have an impact on downstream and external processes.
Making the Investment
The challenge is to improve internal processes across the enterprise to create greater efficiencies
that will then enhance the customer journey.
Implement Master
Data Management
Programs such as master data
management (MDM) and semantic integration can greatly improve information flows and ease
of integration across departments,
systems, and processes. MDM
requires a significant investment
of time, money, and attention to
fix data inconsistencies at their
source so that downstream applications and stakeholders can trust
data quality and not go through
costly data cleansing activities.
Semantic integration helps different stakeholders in the enterprise
“speak the same language” and
use consistent terminology.
All organizational environments change over time. Systems
and processes grow organically to
solve problems, applications might
be deployed from various vendors
who develop their tools using different mental models, and modern
corporations grow through acquisition. Change is ongoing, so this
problem never goes away. The only
way to address it is to put into place
organizational structures whose
sole purpose is to continually rein
in the chaos and invest the energy
needed to reverse information and
system entropy.
Tame Unstructured Data
Users’ higher expectations for
greater levels of quality and usability in corporate information
systems require that IT organizations overinvest where they have
traditionally underinvested. IDC
estimates that 90 percent of information is unstructured.1 Yet
unstructured information management remains the stepchild
of IT organizations, because the
impact on critical processes isn’t
directly observed. Poor information hygiene for unstructured
information is insidious, because
it grinds down internal processes
slowly over time, reducing the
ability to quickly react and adapt.
Process improvement begins
by examining those systems that
directly and indirectly support
the customer and assessing places
where terminology is inconsistent
or causes friction points due to incorrect or outdated architectures.
Content, process, and application
audits, along with domain modeling, can reveal where clashes
in terminology, ambiguity, poor
data quality, and manual integration choke points cause the
greatest pain and problems with
customer-facing processes. Interventions can then be prioritized to
remedy these problems using enterprise information architecture
development approaches and validating design by testing scenarios,
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
tasks, and use cases with the usability methodologies previously
described.
of adaptability, agility, and greater
customer intimacy.
Build the Infrastructure
t a recent conference on
retail systems and processes, the presenter asked
“Who has completely integrated
their back-end information?” No
hands were raised. “Who has
clean data for personalization?”
Again, no one raised their hand.
“We are all in this together,” she
concluded. CIOs might think this
is a retail and e-commerce story,
but it’s not. Every organization
will be transforming at least some
of its processes through digital
capabilities. We are, indeed, all in
this together.
Achieving meaningful results requires that this process be conducted at the enterprise level.
For many IT organizations, that
doesn’t sound feasible. After all,
how can we document scenarios
and use cases for thousands of
activities? The answer is that you
don’t document all of them—only
critical processes that allow for
extrapolation of organizing principles to validate an enterprise
framework.
Much of this work is infrastructure—part of the cost of doing
business. Foundational work of
this type is required for higher
value functionality. It needs to be
justified by articulating the vision
A
Reference
1. D. Schubmehl, “Unlocking the
Hidden Value of Information,”
IDC, 15 July 2014; ______
https://idccommunity.com/groups/it_agenda/
_____________________
business-analytics-big-data/unlocking_
_____________________
the_hidden_value_of_information.
_____________________
Seth Earley is CEO of Earley &
Associates (www.earley.com). He’s an
expert in knowledge processes and customer experience management strategies.
His interests include customer experience
design, knowledge management, content
management systems and strategy, and
taxonomy development. Contact him at
seth@earley.com.
__________
Selected CS articles and
columns are available for free at
http://ComputingNow.computer.org.
%2=8-1)%2=;,)6)%'')77
DIGITAL MAGAZINES
Keep up on the latest tech innovations with new digital magazines from the IEEE Computer Society. At more than 65%
off regular print prices, there has never been a better time to
try one. Our industry experts will keep you informed. Digital
magazines are:
1
1
1
1
1
1
Easy to save. Easy to search.
Email notification. Receive an alert as soon as each digital magazine is available.
Two formats. Choose the enhanced PDF version OR the
web browser-based version.
Quick access. Download the full issue in a flash.
Convenience. Read your digital magazine anytime, anywhere—on your laptop, iPad, or other mobile device.
Digital archives. Subscribers can access the digital issues
archive dating back to January 2007.
Interested? Go to www.computer.org/digitalmagazines
to subscribe and see sample articles.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
69
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
MASTERMIND
EDITOR: George Strawn, NITRD, gostrawn@gmail.com
____________
Don Knuth:
Mastermind of
Algorithms
George Strawn, NITRD
ome algorithms make for
“better” programs than
others—that is, programs
that execute in less time
or require less memory. How can
we quantify differences to determine which algorithms are better?
No one has done more to answer
this question than Don Knuth,
who has been called the “father of
the analysis of algorithms.”
In his precollege days in Milwaukee, Knuth already showed
signs of having a special talent, and
his performance as an undergraduate at Case Institute of Technology was so outstanding that the
faculty awarded him a concurrent
master’s degree. He undertook
graduate study in mathematics
at Cal Tech and received his PhD
in 1963. Knuth remained on the
Cal Tech faculty until 1968, when
he moved to Stanford University,
where he remains to this day as an
Emeritus Professor.
In 1962, while still a mathematics graduate student, Knuth
decided to write a book on programming languages and compilers—subjects for which he was
already an important contributor.
The first eight chapters would
S
70
IT Pro September/October 2014
cover computing “preliminaries,”
and the last four chapters would
deal with his intended subjects.
However, as he gathered material,
he noticed that the book was becoming very long. He decided that
a thorough treatment was better
than a brief one, so the “preliminaries” became a series of books
that defined the analysis of algorithms. The series was called
The Art of Computer Programming,1
because Knuth viewed computer
programming as an art as well as
a science. Three volumes containing the first six chapters were published between 1968 and 1974 (the
latest editions of these volumes
were published in 1997 and 1998).
Remarkably, the first part of volume 4 wasn’t published until 2011!
Here, I describe some of the
content of the first three volumes, indicate one reason for the
publishing hiatus, and report on
Knuth’s intentions for the future
of the series.
Volume 1: Fundamental
Algorithms
The basic concepts covered in
Chapter 1 begin with assembling
the mathematics and statistics
Published by the IEEE Computer Society
used throughout the volumes to
analyze algorithms. The analyses
include both the memory requirements and the execution time of
the algorithm. Regarding execution time, Knuth tackles both the
worst-case time, which depends
on worst-case input, and the average-case time, which depends on
the statistical distribution of possible inputs.
After laying out the math,
Knuth defines a hypothetical
computer called MIX and then
discusses assembly language programming in MIX. Even in the
late 1960s, assembly language
programming was starting to go
out of fashion, but he defended
the choice as required for a careful analysis of run time. He also
gave a high-level description of
each algorithm to be analyzed. Finally, he defined an MIX simulator, so that MIX programs could
be run as well as written.
The information structures described in Chapter 2 proved to be
the basis for many of the following texts on algorithms and data
structures. The basic information
structures presented are linear lists
and trees. The implementation
1520-9202/14/$31.00 © 2014 IEEE
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
techniques considered are sequential and linked allocation. Among
other names, a sequentially allocated linear list is also called an
array. Trees are often implemented by linking the subtrees to the
parent nodes by pointers. Various
combinations of these structures
and implementation techniques
provide the foundation for constructing complex data structures.
However, the emphasis needs to
be on the operations to be applied
to a given data structure. That is,
the best way to implement a data
structure depends on the mix of
operations expected to be used in
the application.
Chapter 2 ends with a discussion of storage allocation methods: techniques for carving out a
bit of memory in which to create
a data structure. Unfortunately,
even today, one of the notorious
mistakes programmers make is
failing to check for “buffer overflow” when allocating space for
new data (that is, allocating space
beyond that reserved for the purpose). Nefarious hackers often
use this flaw to insert malicious
code into a computer.
Volume 2: Seminumerical
Algorithms
Random number generation is the
subject of Chapter 3. Knuth made
clear he was discussing pseudorandom sequences: deterministic
but with characteristics of randomness. Determinism was important, because programs could
then be debugged and otherwise
rerun with the same (pseudo)random sequence as input. Because
modeling and simulating physical
systems were—and are—such important computing applications,
and because such simulations
often involve random selections
from a distribution of values, doing the randomization correctly
can be the difference between a
good simulation and garbage.
Knuth analyzes the linear congruential method, Xi 1 (a u Xi b)
mod c. That is, the next random
number, Xi 1, is computed from
the previous random number, Xi,
and is the remainder of dividing
the expression (a u Xi b) by c. If
a, b, and c are carefully chosen, this
simple technique returns a pseudorandom sequence of numbers
uniformly distributed between zero
and one. He then shows how such a
sequence can be turned into a random sequence from any number of
other probability distributions.
Computer arithmetic is the subject of Chapter 4. One clever reviewer of Volume 2 said, “Oh, no!
I don’t want to know that much
about computer arithmetic.” However, some computer programmers
need to understand how to connect abstract numerical operations
file to be sorted fits into the computer’s main memory. External
sorting is required when disks or
tapes are necessary to hold the file.
Knuth says that sorting algorithms
were among the first to be developed for the earliest computers. He
suggests that the study of sorting
algorithms can teach us much more
than sorting. For example, it can
teach us how to analyze algorithms
and how to approach a computing problem from many directions.
One of the slowest internal sorting
algorithms described is called bubble
sort, and one of the fastest is called
quick sort. Knuth’s analysis shows
that quick sort would, on average,
require approximately six minutes
on a one gigaop computer to sort
a list of a billion numbers. Bubble
sort, on the same computer, would
require approximately 192 years!
One of the notorious mistakes programmers make
is failing to check for “buffer overflow” when
allocating space for new data.
with real computers (hence the
designation as seminumerical). For
example, how should exponentiation be implemented? If one naively assumes that computing x64
requires 63 multiplications (that’s
the way it’s defined), then reading
this chapter would be instructive.
If the variable x is replaced by the
value x2 six times, the result is x64,
so it actually requires only six multiplications. A slight generalization
of this squaring process works for
raising a number to any integer
power. If there are n bits in the exponent, the algorithm requires at
most 2n multiplications.
Volume 3: Sorting
and Searching
Sorting, the subject of Chapter 5,
is divided into internal and external
sorting. Internal sorting is when the
Searching is the subject of
Chapter 6, and it’s divided into
three techniques: searching by
comparison of keys, digital searching,
and hashing. Searching by comparison of keys in an ordered file of
n keys never takes more than log2
n searches. In digital searching, the
search key is considered to be a
sequence of small numbers, which
act as indices into arrays that contain pointers to the part of the file
where the key might be found. In
hashing, the key is considered as
a single number. In one hashing
method, the key is divided by the
length of the array that contains
the keys. The array length should
be chosen as a prime number, and
the remainder of the division then
produces a random index into the
array where the key will be located,
with no searching required.
computer.org/ITPro
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
71
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
MASTERMIND
Two keys occasionally hash to
the same index, called a collision,
and Knuth discusses collision resolution techniques. Each of these
search methods can be used for
both internal and external searching applications. As with sorting,
a good algorithm will underlie a
speedy search, which Google and
other search engines can achieve.
TeX and Metafont
One reason for the long publishing pause between Volume 3 and
the first part of Volume 4 was that
Knuth got interested in improving the technology to typeset his
books. Type setting had started to
go digital in the 70s, but was immature. Finding no digital system
up to his standards, he decided to
create one. Perhaps the fact that his
father had owned a small printing
business gave him a leg up for this
project. He called it TeX, taken
from the Greek letters tau epsilon
chi and pronounced “tech.”2 One
enthusiastic observer called it the
greatest advance in printing since
Gutenberg, and it was honored
by the printing, publishing, and
scholarly communities alike.
In a related development, he
created Metafont,3 a system for developing digital fonts, and he used
it to define a font he called Computer Modern for use in his books
(and elsewhere). TeX was under
development for several decades
and has now been stabilized in a
final version. A new packaging of
TeX, called TeXML, provides an
XML front end to the TeX system.
nuth retired early (in 1992
at the age of 54), because
he thought that he would
need about 20 years of full-time
work to complete The Art of Computer Programming. He now projects that Volume 4 (with chapters
on combinatorial searching and
recursion) and Volume 5 (with
chapters on lexical scanning and
syntactic techniques) will be completed by 2020 (when he will be
82). He states the following on his
webpage (http://www-cs-faculty.
stanford.edu/~uno):
_____________
K
After Volume 5 has been completed, I will revise Volumes
1–3 again to bring them up to
date.... Then I will publish a
“reader’s digest” edition of Volumes 1–5, condensing the most
important material into a single
book. And after Volumes 1–5
are done, God willing, I plan
to publish Volume 6 (on the
theory of context-free languages) and Volume 7 (on compiler
techniques), but only if the
things I want to say about those
topics are still relevant and still
haven’t been said. Volumes 1–5
represent the central core of
IT Professional (ISSN 1520-9202) is published bimonthly by the IEEE Computer Society. IEEE
Headquarters, Three Park Avenue, 17th Floor, New York, NY 10016-5997; IEEE Computer Society Publications Office, 10662 Los Vaqueros Circle, PO Box 3014, Los Alamitos, CA 907201314; voice +714 821 8380; fax +714 821 4010; IEEE Computer Society Headquarters, 1828
L St. NW, Suite 1202, Washington, DC 20036. Annual subscription: $49 in addition to any
IEEE Computer Society dues. Nonmember rates are available on request. Back issues: $20 for
members, $143 for nonmembers.
Postmaster: Send undelivered copies and address changes to IT Professional, Membership Processing Dept., IEEE Service Center, 445 Hoes Lane, Piscataway, NJ 08854-4141.
Periodicals Postage Paid at New York, NY, and at additional mailing offices. Canadian GST
#125634188. Canada Post Publications Mail Agreement Number 40013885. Return undeliverable Canadian addresses to PO Box 122, Niagara Falls, ON L2E 6S8, Canada. Printed
in the USA.
Editorial: Unless otherwise stated, bylined articles, as well as product and service descriptions, reflect the author’s or firm’s opinion. Inclusion in IT Professional does
not necessarily constitute endorsement by the IEEE or the Computer Society. All submissions are subject to editing for style, clarity, and space.
computer programming for sequential machines; the subjects
of Volumes 6 and 7 are important but more specialized.
Regardless of its incomplete
status, many people have judged
The Art of Computer Programming
to be the most monumental series
of books on computer programming. For example, at the end
of 1999, it was named one of the
best 12 physical-science monographs of the century by American
Scientist.4 Knuth has also received
numerous honors, including the
Turing Award (1974) and the National Medal of Science (1979).
I’ll leave the final word to Bill
Gates, who is quoted on the jacket
of the third edition of Volume 1 (Addison-Wesley Professional, 1997) as
saying, “If you think you’re a really
good programmer... read [The] Art of
Computer Programming... You should
definitely send me a résumé if you
can read the whole thing.”
References
1. D.E. Knuth, The Art of Computer
Programming, Volumes 1–4A, 1st ed.,
Addison-Wesley Professional, 2011.
2. D.E. Knuth, The TeXbook, 1st ed.,
Addison-Wesley Professional, 1984.
3. D.E. Knuth, The Metafont Book, 1st
ed., Addison-Wesley, 1986.
4. P. Morrison, “100 or So Books
that Shaped a Century of Science,”
___
Am. Scientist, Nov/Dec 1999; www.
americanscientist.org/bookshelf/
_____________________
pub/100-or-so-books-that-shaped_____________________
a-century-of-science.
_____________
George Strawn is director of the National Coordination Office for the Networking and Information Technology Research
and Development Program (NITRD).
Contact him at _____________
gostrawn@gmail.com.
Selected CS articles and
columns are available for free at
http://ComputingNow.computer.org.
72
IT Pro September/October 2014
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
2015
Richard E. Merwin
Distinguished
Service Award
CALL FOR AWARD NOMINATIONS
Deadline 15 October 2014
ABOUT THE MERWIN AWARD
The highest level volunteer service award of the Computer Society for
outstanding service to the profession at large, including significant
service to the Computer Society or its predecessor organizations.
ABOUT DICK MERWIN
Dick Merwin was a pioneer in digital computer engineering who
participated in the development of the ENIAC, MANIAC and
STRETCH computers. Despite a busy and productive technical
career, Merwin found time to be active in professional societies,
including the Computer Society, ACM and AFIPS. His generosity
of spirit and genuine helpfulness was an important element in the
progress of the computer profession.
STEPHEN L. DIAMOND
AWARD
2014 Richard E. Merwin
Distinguished Service Award
A bronze medal and $5,000 honorarium are awarded.
PRESENTATION
The Richard E. Merwin Award is presented at the Computer Society’s
Annual Awards Ceremony.
For distinguished leadership
and service to the IEEE,
IEEE Computer Society and
the Computing profession.
REQUIREMENTS
This award requires 3 endorsements.
AWARDS HOMEPAGE
NOMINATION SUBMISSION
www.computer.org/awards
Nominations are being accepted electronically
http://www.computer.org/portal/web/awards/merwin
CONTACT US
awards@computer.org
________________
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
M
q
M
q
M
q
MqM
q
Technology Solutions for the Enterprise
THE WORLD’S NEWSSTAND®
DOMAINS | MAIL | HOSTING | eCOMMERCE | SERVERS
NEW
HOSTING
POPULAR APPS - NOW EVEN BETTER!
WordPress & Powerful App Platforms!
Supports over 140 popular apps including WordPress,
Drupal™, Joomla!™, TYPO3, and more
Q Security & version upgrade notifications
Q Trial version available for all applications
Q App Expert Support
Q 1&1 CDN powered by CloudFlare™ and 2 GB
guaranteed RAM for peak performance
Q
Powerful Tools
PHP 5.5, Perl, Python, Ruby
1&1 Mobile Website Builder
Q NetObjects Fusion® 2013 included
Q
Q
Successful Marketing
Facebook® advertising credits
Listing in business directories
Q 1&1 Search Engine Optimization
Q 1&1 E-Mail Marketing Manager
Q
Q
COMPLETE
PACKAGES
State-of-the-Art Technology
FOR PROFESSIONALS
Maximum availability (Geo-Redundancy)
Q 300 Gbit/s network connection
Q
All Inclusive
1 FREE domain: .com, .net, .org, .biz, .info
Unlimited Power: webspace, traffic, mail accounts, MySQL databases
Q Secure e-mail addresses with virus and spam protection
Q Linux or Windows operating system
Q
Q
1
TRIAL
30 DAY MONEY
BACK GUARANTEE
1
MONTH
FLEXIBLE PAYMENT
OPTIONS
0
Starting at
$ .99
per month*
®
1
CALL
SPEAK WITH AN
EXPERT 24/7
1 (877) 461-2631
* Offer valid for a limited time only. The $0.99/month price reflects a 12-month pre-payment option for the 1&1 Basic Hosting Package. Regular price of $5.99/month after 12 months.
Some features listed are only available with package upgrade. Visit www.1and1.com for full promotion details. Program and pricing specifications and availability subject to change
without notice. 1&1 and the 1&1 logo are trademarks of 1&1 Internet, all other trademarks are the property of their respective owners. ©2014 1&1 Internet. All rights reserved.
Rubik’s Cube® used by permission of Rubik’s Brand Ltd
1and1.com
Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page
Technology Solutions for the Enterprise
M
q
M
q
M
q
MqM
q
THE WORLD’S NEWSSTAND®
