New Requirements for Security Monitoring

Today's information security threats are difficult to defend against. On the one hand, the volume of malware variants has gone through the roof over the past few years. On the other, targeted attacks have become more stealthy and damaging.

Topics: IBM Cybersecurity Cisco Information and Risk Management HP McAfee Security and Privacy SIEM ArcSight Juniper Networks RSA Solera Networks NetWitness Quest Software Tibco LogLogic Q1 Labs

HP, Kaminario, and Fusion-io/NetApp Contribute to a Busy Solid-State News Day

It was a busy day for sold-state storage news watchers. Three announcements grabbed my attention, but - such is the speed of things in this sector right now - I'm sure I will have missed one or two! Ironically there is so much news being generated about solid-state, that pretty soon I'll need a nice big tape drive to store all the information!

Topics: Storage IT Infrastructure

Advanced Malware Protection: Network or Host?

Large organizations have legitimate cause for concern. Malware creation and proliferation is increasing rapidly as cyber criminals and state-sponsored organizations create the next round of APTs, botnets, Trojans, and rootkits. What's more, we've entered the era of micro attacks designed to compromise a targeted organization, business unit, or individual.

Topics: Check Point Palo Alto Networks Fortinet Cisco Information and Risk Management Juniper Sourcefire FireEye McAfee Enterprise Software mobile Security and Privacy Security bromium Invincea Fidelis Bit9 Anti-malware Damballa APT advanced persistent threat Trend M Countertack

Software Development: Still Lacking Strong Security

Large organizations are buying next-generation firewalls, advanced malware detection/prevention systems, encryption software, and new types of security analytics tools. On balance, this is a good thing as they add more layers of defense to networks and host computers.

Topics: Microsoft Information and Risk Management Enterprise Software Security and Privacy SANS Veracode software assurance

What Do You Do When Twitter Is Down?

Far back in history when Twitter was new (about the same time the planets in our solar system formed), it was fun but not vital. At the time, it was the realm of college and high school student talking about what they had for lunch. Loss of service might make some investors nervous or pre-teen girls cry, but the effect on the halls of commerce was zero. Since those prehistoric times (around the beginning of the digital Bronze Age) Twitter and its cousin Facebook have become important marketing channels. They carry messages from marketers who craft them to their followers and friends and, if they’re lucky, messages of support back. It was at this point when Twitter and Facebook went from being consumer curiosities to real business tools, despite all the posts about cats.

The evolution of these social network services has brought us to another new level in their commercial usefulness and significance. Through a combination of new software tools and consumers just doing it anyway, the two most common social networking sites have become bona fide communications channels for sales, service, and support. Just as e-mail and the phone are, Twitter and Facebook have become channels for letting support know of a problem and sales know when someone is interested in buying something.

Topics: Social Enterprise

TransLattice: TED Redefines the "Distributed" in Distributed Database

TransLattice: TED Redefines the “Distributed” in Distributed Database

With all the early stage and open source not-strictly-relational database vendors spreading over the IT landscape, many with an eye towards Web 2.0 OLTP and Big Data, it becomes difficult to differentiate. We find plenty of new NewSQL options, and an even longer list of NoSQL options in its many variations (Graph, Columnar, document-oriented, etc.). I refer you to the reference work over at nosql-data.org for about as an exhaustive list as you are likely to find.

Topics: Cloud Computing Data Management & Analytics Enterprise Software Data Analytics

VMware Acquires Nicira to Bolster Software-Defined Data Center

VMware executives have been openly talking about the software-defined data center (SDDC), so it makes sense that they would acquire a company like Nicira which is focused on software-defined networking (SDN). I use that term as an umbrella to describe all the companies working to add programmability, open standards, and centralized control to the network. Nicira’s specific role in the SDN ecosystem is network virtualization. Nicira leverages a centralized controller and virtual switches to deliver network services that enable very large, very complex (read multi-tenant and heterogeneous), and highly virtualized environments to become more agile and flexible. Nicira didn’t debut its technology working on fringe use cases, they did it by tackling very complex cloud environments at some very large companies – NTT, ATT, and Rackspace, to name a few. For example, according to published reports, Nicira is helping NTT live migrate cloud data centers to avoid outages caused by the rolling blackouts Japan had been experiencing.

Nicira was also founded by some of the hottest SDN talent in the valley and had big name backers which in my humble opinion probably helped to drive the purchase price up to the reported $1.05 Billion. Martin Casado, Nick McKeown, Scott Shenker and a host of other talented members of the team will now join the VMware network team that has helped to pioneer virtual switching, VXLAN, and VCloud. VMware anticipates the combined talent pool will allow them to innovate SDDC solutions at an accelerated pace.

Topics: Cloud Computing IT Infrastructure Networking

JBuff's BYOD Experiment (part 3 of 4) Corporate Expectations

A while back, I decided to do an experiment on BYOD -- here are my results:

Topics: End-User Computing Data Protection BYOD consumerization of IT

Google and Informatica: Platform and Integration Rideshare with Big Data Driving

Google and Informatica: Platform and Integration Rideshare with Big Data Driving

Topics: Cloud Computing Data Management & Analytics Enterprise Software Data Analytics Public Cloud Service

SunGard On-Premise Managed Recovery is Coming

I love Ah-Ha moments followed by Heck-Yeah exclamations … when you hear about something new and yet so intuitive that you have to shout “Why haven’t folks always done this?!?” Maybe they didn’t do it in the past because the technology wasn’t there yet, or the economics, or whatever. But in IT, I am always jazzed when I get the chance to dig into one. Here are few of my favorites:

  • Item-level recovery from whole-VM based backups
  • Storage tiering that enables near-transparent scale-up and scale-out
  • Integrating snapshot recoverability into traditional backup UIs
  • Client-side deduplication using APIs from production workloads to the storage itself

There are others and none of the ones above apply to this blog post, but you get the idea. My most recent experience came from SunGard.

Earlier today, I was visiting with some folks from SunGard who were discussing a new service that they are bringing to market: MRP-OP. Managed Recovery Program (MRP) is one of SunGard’s foundational offerings of providing their infrastructure and expertise to ensure that your business can continue operations.

Historically, a lot of enterprise IT teams presumed that they didn’t need SunGard because:

  1. They deployed the applications and servers originally or are maintaining them now, so they understood their environment
  2. They owned more than one data center
  3. They were using replication technology between those sites.

So, let’s unpack those rationalizations:

I have already soapboxed on how “replication technology” does not equate to a “disaster recovery” capability (excuse #3) – replication is a means of data survivability, so that you can deliver real BC/DR.

See my earlier blog post on Your Replication is not my Disaster Recovery.

Just because you originally deployed those servers and applications and now ensure that they stay running (excuse #1) does not mean that you necessarily understand what it would take to get them from scorched earth to operational in a timely manner. And by the way, which ones really need to come up first (based on financial or operational assessments)? Most operational IT folks can’t answer that.

Check out Chapter 2 (free download) of my book on quantifying RPO/RTO using the BC/DR methods of BIA & RA to understand your TCO & ROI for data protection methodologies. Chapter 2 helps you calculate it, while Chapter 12 helps you map it to a BC/DR strategy and program.

But perhaps most important reality to point out – owning a secondary data center does not make you a disaster recovery expert (excuse #2).

With those realities in mind, SunGard is in the process of packaging their Managed Recovery services in a way that can be delivered when large companies do own two or more data centers, but those IT teams recognize that they are not in fact DR experts. The MRP-OP (on-premise) offering takes the business impact analyses, process development, and other true BC/DR expertise that SunGard offers and partners it with the operational IT folks in multi-site organizations.

For large companies with multiple sites and skilled operational IT folks, SunGard's MRP-OP appears to be a perfect scenario that meets companies' needs where they are instead of where traditional DR has always been -- so I will be watching as SunGard works to bring it to market later in 2012.

Topics: Data Protection SunGard disaster recovery

Analyzing VMware's Acquisition of Nicira

While the dust isn't even close to settling, I've had some time to ponder VMware's acquisition of Nicira and discussed the deal with ESG networking guru Bob Laliberte.

Topics: Cloud Computing Microsoft Endpoint & Application Virtualization Cisco IT Infrastructure VMware Private Cloud Infrastructure Networking Information and Risk Management Oracle Security and Privacy Citrix software-defined networking SDN Nicira Brocade Public Cloud Service

Cybersecurity Legislation and APTs

We are entering a new phase in the lengthy cybersecurity legislation saga. Last Thursday, Senators Lieberman (I-CT), Collins (R-ME), Rockefeller (D-WV), and Carper (D-DE) introduced the revised Cybersecurity Act of 2012 out of the Homeland Security and Government Affairs Committee. Old name, but the new bill (S.3414) is a true compromise. Rather than mandating that critical infrastructure organizations comply with a DHS cybersecurity framework, the new bill provides incentives to organizations that comply with cybersecurity best practices voluntarily. Furthermore, the new bill borrows from the best of the Republican-sponsored alternative, SecureIT Act, as well as some of the more palatable measures outlined in the controversial CyberInformation Sharing & Protection Act (CISPA).

As of today (Monday, July 23, 2012), there is no schedule for debate or a vote, but President Obama already declared his support for the new bill and publicized his opinion in the Wall Street Journal.

Topics: Cybersecurity Information and Risk Management Security and Privacy cybercrime APT advanced persistent threat president obama cybersecurity legislation

A Funny Thing Happened…In Storage!?

The sight of an EMC-branded taxi last weekend while on vacation in London reminded me of a recent series of events that are just too good not to relate. There are clearly greater forces at work in this industry – not to mention Machiavellian marketing minds – than I usually imagine!

So, the first part of this saga was my trip to EMC World in Las Vegas in late May. As usual I printed my boarding pass before I headed to the airport (I’m still not comfortable with those bar-code readers for your smart phone at security….they seem very fickle). I can’t say I usually spend much time reading the ads on the boarding pass – in fact usually I “print without offers”- but this time my eye was drawn to the quarter-page ad that simply announced “Oracle Beats EMC”. Of course it’s hard for the eye to miss any Oracle ad as its choice of font-size is always simple – 10 to 20X the size of whatever else is near! Being a bit simple I just assumed it was a coincidence that I got that ad….but of course, once I turned up at the event, I found that I was one of many. Now that’s target marketing – rather brilliant eh!?

Topics: Storage IT Infrastructure

Fast & Easy Virtualization Solutions from Microsoft

Since joining ESG close to a year ago, I've stayed quiet on the blogging front. Let the more seasoned, industry experts (bigger geeks than I) do the blogging and I'll just ride their coattails. They have the experience, which means they have the answers to any and every question. With that said, I do have a lot of information to share, whether it’s about new IT products or recent test results from the latest ESG Lab publications. I'll be updating you about cool IT products and offerings from various vendors that ESG Lab (and me in particular) have gotten our hands on and played with.

Topics: Endpoint & Application Virtualization IT Infrastructure Private Cloud Infrastructure ESG Lab

A Multitude of Mobile Security Issues

The Black Hat USA conference takes place next week. If it's anything like RSA and Interop, there will be a fair amount of discussion about BYOD and mobile device security. Yup, a lot of hype but this is a topic worth discussing as nearly every enterprise organization and CISO I speak with is struggling here.

Topics: Apple Microsoft End-User Computing Check Point MDM Cisco Information and Risk Management McAfee mobile Security and Privacy google BYOD android Good Technology Juniper Networks Black Hat trend micro Symantec Anti-malware Interop MobileIron DLP RSA Security Conference iPad

VMware Builds Bridge to Cloud with DynamicOps

DynamicOps, originally spun out of Credit Suisse’s IT unit in ’08, is a Massachusetts-based cloud service provider that specializes in cloud automation solutions for managing IT services across hybrid environments. These environments include: VMware-based public and private cloud, physical infrastructures, multiple hypervisors, and Amazon Web Services.

The acquisition further enhances VMware's value proposition to service providers with heterogeneous hypervisor—and ultimately cloud—platform solutions. DynamicOps enables VMware to expand support beyond the development and delivery of software utilized only for its own cloud platform – hmmm -- if they do this, things could get interesting, quickly. I’m thinking primarily about the prospect of partnering with Amazon… I’m not sure Azure will make the initial list.

Topics: Cloud Computing Public Cloud Service

Summer Thoughts On Orchestration, Automation, and Cache

Topics: Storage IT Infrastructure

Boiling the Ocean of Control Points in the Hadoop Big Data Market

First a Nod to Datameer and Mr. Popescu for the Diagram Above
For the past few weeks my mind has swirled around the question, "What are and who owns the control points in the Big Data market?" Why? Customers, investors, and the suppliers themselves need to understand who has or may accrue market power in Big Data.

Fortunately I spotted a pertinent tweet by Alex Popescu who (1), using a script, had captured basic partnership data in the Big Data space, and (2) with that data created a compelling Big Data partnership visualization using Datameer, resulting in the diagram above. For more info see The Hadoop Ecosystem Relationships, and yes, I downloaded the Datameer tool and played with the visualizations, but frankly couldn't improve on Alex's. Though not a perfect control point metric, certainly, for a Big Data supplier "how many partnerships do you have" reflects on one's influence in the Big Data ecosystem. Thus the diagram offers a jumping-off point to consider control points in the Hadoop Big Data market.

Topics: Cloud Computing Storage Data Management & Analytics IT Infrastructure Networking Enterprise Software Compute Data Analytics Public Cloud Service

JBuff's BYOD Experiment (part 2 of 4) Getting Started

A while back, I decided to do an experiment on BYOD -- here are my results:

Topics: End-User Computing Data Protection

Dell Acquires Quest to Expand Software Capabilities

Dell recently formed the Software Group in an effort to increase its solutions portfolio with Dell-owned intellectual property and I suspect to take a more active role in the way organizations are thinking about transforming application and desktop delivery. Quest on the other hand has made numerous acquisitions over the years, but has struggled internally with its go to market strategy. Quest’s family of software solutions and technologies align well with Dell’s software strategy, and with the acquisition, add critical components to expand Dell’s software capabilities in systems management, security, data protection, and workspace management.

I would first look to see what Dell does with the Quest acquisition in the area of application and desktop delivery. Quest One Identity and Access Management solutions will blend with SonicWall and SecureWorks security products, and Quest’s Performance Management solutions will complement its Clerity Solutions and Make Technologies acquisitions. Quest also has some interesting workspace management solutions, i.e., Quest vWorkspace that may be the sleeper in this acquisition. VMware has Horizon, Citrix has project Avalon, and now Dell is about to own a very compelling set of capabilities to flexibly deliver similar features not locked to a single solution. This may be exactly what customers are looking for. The question is: will they turn to Dell for it?

Topics: Cloud Computing End-User Computing Endpoint & Application Virtualization Dell Quest Virtualization

JBuff’s BYOD Experiment (part 1 of 4) Acquisition Challenges

A while back, I decided to do an experiment on BYOD -- here are my results:

Topics: End-User Computing Data Protection mobile BYOD Bring Your Own Device

Play The IT Percentages To Be A Winner

In my last blog, I covered some of the news from, and impact of, IBM’s Edge Event and Smarter Storage announcement. I deliberately withheld a few notes that I took at the event because I wanted to ensure that both that last blog, and now this one, would get some attention in their own right.

IBM is not only a very large organization but it is very connected to the business side of things through its extensive IGS engagements, its Smarter Planet desires, and its long-standing client relationships. Therefore, as one has come to expect from IBM, it painted a broad and convincing ‘backdrop’ canvas to the need for change – not just assertions, but research. I wanted to highlight a handful of these because they make (depending on your viewpoint) either very scary, highly refreshing, or truly motivational reading (perhaps all 3 if you are a very capable vendor or a very open-minded IT manager?!). Here are the key points:

  • 23% of IT projects are over time and over budget!!
  • Only 20% of IT organizations can (or do) allocate 50% or more of their budgets to innovation.
  • ‘Analytically savvy’ organizations are 2.2 times more likely to outperform their peers.
  • And amongst global CEOs, IT is – for the first time – viewed as the #1 external pressure on their achievement of business success; while 80% of CEOs expect more complexity in that regard, less than 50% believe that their organization has a plan to cope.
Topics: IBM IT Infrastructure

Big Data Security Is Inevitable

There's been a fair amount of discussion about the fact that security analytics is becoming a big data problem. I participated on a big data security panel at RSA and I believe there were a few others on this topic as well.

Topics: IBM Big Data Data Management & Analytics Hadoop Information and Risk Management HP Dell McAfee Enterprise Software Security and Privacy risk management NoSQL SIEM Data Analytics Symantec RSA log management Cassandra security analytics BT Verizon Unisys vulnerability management threat management Tibco

Lobsters with a Side of Virtualized Storage Performance

If you're in the IT industry and you live in New England and you haven't heard about the Summer Slam, you should definitely consider attending this awesome event. If you've attended in the past, you've experienced the value of hanging out with your peers at one of the largest regional IT end-user groups in the country. Besides the knowledge that you gained from presentations from industry experts and vendors at the show, I'm sure you appreciated the great lobster boil that's free for qualified IT users. During my 11:00 session, you’ll learn about trends, technologies, tips, and tricks from the field based on ESG Lab hands-on testing in virtualized environments. And you’ll leave with a list of freely available storage benchmarking tools, best practices, and benchmark results with a goal of optimizing storage performance in your virtual environment.

Topics: Cloud Computing Storage IT Infrastructure Private Cloud Infrastructure Virtualization ESG Lab Server Virtualization virtualized storage systems

Big Data Strategy

‘It was easy to cover up ignorance by the mystical word “intuition.”’ Foundation’s Edge, 1982, Issac Asimov

Business-driven Outburst of Demand for Analytics AKA Big Data
More than ever, businesses and non-profits crave meaningful, timely, and actionable information, preferably on a continuous basis if possible. One victorious analytics project is not the objective; one good project begets the desire for more projects plus a deeper desire for increasingly real-time analytics.

Topics: Big Data Data Management & Analytics Enterprise Software Data Management Data Analytics Big Data Analytics

The Social Premium

Large and mid-sized enterprises have generally tried to roll out Social Enterprise software broadly across their organizations. In the recent ESG Social Enterprise Adoption Trends report, 70% of IT professionals surveyed said they rolled out social communication tools company-wide and 65% said the same for social collaboration tools. This makes sense given the nature of the Social Enterprise. The more end-users that participate, the better the benefits derived from the software.

Topics: Enterprise Software Social Enterprise

The Advanced Malware Detection/Prevention Market

I've been thinking a lot about the Advanced Malware Detection/Prevention (AMD/P) market lately. This market is most often associated with Advanced Persistent Threats (APTs) and vendors like Countertack, Damballa, FireEye, Invincea, and Trend Micro.

Topics: Cybersecurity Endpoint & Application Virtualization IT Infrastructure Networking Information and Risk Management FireEye Security and Privacy malware Mandiant trend micro Invincea cybercrime Damballa APT advanced persistent threat SSL Countertack

First Impressions of Windows 8

I originally had intentions to work with Windows 8 in the Fall of 2012, but I'm glad I got started sooner. I admit that I am a gadget guy, but I am also more importantly always looking for more ways to be more efficient, save time, and have a more enjoyable user experience. I am a pretty simple use case as I primarily use Word, PowerPoint, Outlook and a web browser, but stability, reliability and mobility are a big deal to me. I had been using a laptop, tablet, and smartphone, all of the non-Windows type, until I switched over to a Samsung 700T running Windows 8. The initial experience has me excited and here is why:

Topics: Microsoft End-User Computing mobile