Barriers to Hybrid Cloud Onboarding: A Large Enterprise View

I moderated a panel at the Open Networking User Group meeting held at UCSF Mission Bay San Francisco on April 26th, 2017, where the topic was Enterprise Workload Onboarding Challenges in Hybrid Cloud Environments. The panelists were Nivesh Gopathi of The Gap, Inc, Carlos Matos of Bank of America, Bruce Pinsky of Intuit, and Shafeeq Shaikh of GE Digital and Harmen Van der Linde of Citi.

 

The purpose of the panel was to distill the findings of a Hybrid Cloud Working Group, which discussed the various barriers to adopting a hybrid cloud, which is comprised of traditional on-premises resources along with one or more public cloud service providers. This group includes the members who work at the panelists’ firms as well as those from other industries such as finance, health care, industrial goods, logistics and delivery, pharmaceuticals, and retail.

Topics: Cloud Computing Cloud Platforms & Services

Enterprise Security Technology Consolidation

Look around the cybersecurity infrastructure at any enterprise organization and here’s what you’ll see – dozens and dozens of cybersecurity tools from just as many vendors. 

Now this situation wasn’t planned, it just happened. Over the past 15 years, bad guys developed new cyber-weapons to exploit IT vulnerabilities. Large organizations reacted to these new threats by purchasing and deploying new security controls and monitoring systems. This pattern continued over time, leading to today’s patchwork of security point tools. 

So, what’s the problem? Point tools aren’t really designed to talk with one another, leaving human beings to bridge the communications, intelligence, and technology gaps between them. Furthermore, each individual tool requires training, deployment, configuration, and ongoing operational support. More tools, more needs.

Topics: Cybersecurity cybersecurity skills shortage SOAPA

What the Dell will we all EMC in Vegas?

 In early May, we will have the first Dell EMC World. What expectations do I have; and what will I be looking out for?

Topics: Storage Dell EMC World

The Rise of No Code Development (Video)

For anyone who is following the world of enterprise application development, we are seeing more and more traction with the concept of no code development. No code development is the ability for line of business end-users to rapidly develop powerful applications with little to no actual code, through pre-built components and a visual interface. No code development is often supported by an underlying platform that provides the key components and features that can be repeatedly used in the applications.
Topics: Systems Management no code development

Cybersecurity Skills Shortage Impact on Technology Innovation

I continue to research and write about the ongoing global cybersecurity skills shortage. For example, ESG research indicates that 45% of organizations report a problematic shortage of cybersecurity skills today, more than any other area within IT.

Want more?  Here are a few tidbits from last year’s research project done in conjunction with the Information Systems Security Association (ISSA). In a survey of 437 cybersecurity professionals and ISSA members:

Topics: Network Security Cybersecurity ISSA SOAPA security operations and analytic platform

The Role of Standards in a Security Ops and Analytics Platform Architecture (Video)

In this second of a two-part video series, Mike Viscuso, Carbon Black CTO, and I pull on more SOAPA (security operations and analytics platform architecture) threads, including the role of SIEM in the next-gen SOC. Because it is in the context of SIEMs that we’ve seen the adoption of standard formats such as CEF and LEEF for alert propagation and STIX and TAXII for threat intelligence sharing, we explore not only the need for more such standards but the factors that lead to adoption. We then discuss user behavior analytics (UBA) data enrichened with other sensor data as an example of how a reference architecture like SOAPA makes data actionable, in this case to thwart the insider threat. We wrap up with a view into the future with respect to possible industry consolidation and the emergence of cybersecurity platforms to relieve point tool fatigue, a theme Mike challenges, noting the need for ongoing innovation to counter the motivated adversary. 

Topics: Cybersecurity SIEM SOAPA security operations and analytic platform

Looking Forward to Backing Up -- at Dell EMC World 2017

The Dell acquisition of EMC is complete.  Most of the leadership shifts and organizational realignments have happened.  The previously Dell Software data protection solution components have moved on under the Quest banner. In short, now that the dust has settled, Dell EMC’s data protection story is ready to move forward.

Topics: Data Protection emc world Copy Data Management dell-emc Dell EMC World

The Good, Better, Best of Data Management (Video)

 

Data Management, meaning the maturation of data protection and data preservation that adds contextual insight based on the data and the enablement of re-use of the data for other purposes, is a journey that all of us are on – whether we know it or not.

  • Maybe you’re just trying to get “good” data protection and retention.
  • Maybe you’ve got “good” but are looking for “better” (and smarter) data preservation.
  • Or maybe you’ve got or are working through “better” but want the “best” – whereby you are not only doing data protection and preservation, but are unlocking new business value and usage scenarios for your otherwise dormant data (BC/DR, reporting/analytics, DevOps enablement, etc.) through what many in the industry now call “Copy Data Management."
Topics: Data Protection Copy Data Management

The Real Dangers of Assisted and Augmented Reality

 

Anyone who knows me knows that I am a big fan of using science, technology, and analysis to drive continuous improvement and efficiency. I can't help but calculate the time, cost, and relative value of different approaches. For example, "What if we switched to using just one kind of LED light bulb throughout the house and ordered dozens at once when they are on sale? Does that make it easier to replace them? Is the NPV of investing the capital in surplus discounted light bulb stocks now greater than the future cost and effort of making subsequent acquisitions?" This is a real thought process that I have had, debated, and defended recently. Aren't I fun to live with?

I also value self-reliance and simplicity and the ability to take apart mechanical things and repair them. In the last week I've disassembled and fixed our leaking Subzero refrigerator (blocked drain on the condenser drip pan) and our also leaking Frigidaire clothes washing machine (loose connection on the internal filler hose). I love my 40+ year old pickup truck and my 50+ year old Mustang all the more for their repairability. In general, parts are accessible, understandable, and often easily cajoled back into operation (like the corroded connection that occasionally reduces the alternator's ability to charge things). Bonus: Should I need them, replacement parts are often 10x cheaper than their modern equivalents, like $27 for a refurbished alternator for my old Mustang, versus $270 for the one on a modern BMW.  Kids love to ride in the old vehicles, too. "Wow, look I can turn this crank to raise and lower the windows, so cool!" To me, the understandability is a key part of the pleasure. With little effort you can see what each thing is doing and infer how it is doing it. My friends and I may not be able to design a carburetor, but we can take one apart and rebuild it.

So, I'm struggling a bit with the idea of applying machine learning and artificial intelligence technologies to everything around me. Google recently gave me a Google Home device; I'm not quite sure why. Maybe they wanted to give it more real world voice recognition training opportunities. Maybe they wanted me to write about it, as good social marketing. Maybe they wanted to hear how I'm advising their competitors, naughty, naughty. I don't like the idea of it listening to my conversations. My wife really doesn't like it listening to her. The kids adore it. It's something that I feel a natural affinity for anyway, having spent some time at a "smart home" startup a decade ago, which we'd now label "IoT" technology. Controls for our system were amazing stuff at the time, "I can text my home to check on the alarm system or control lights!" They were also frighteningly rudimentary: I had to TEXT my home to turn on my alarm system or control lights because "smartphones" and their app developer tools didn't exist yet. Now I can speak aloud and call up any song I want and have it play in any room, and read the actual lyrics, no matter how garbled the singer. Mondegreens are a relic of the past. I can ask "Hey, Google, why isn't my car charging?" and it suggests possible problems with the alternator. Then it gives me a link to a website for more information or YouTube videos showing how to do it. This is amazing stuff, available commercially today. So much more rewarding than scheduling an appointment with an "expert" mechanic at a dealership who may or may not get to the same fix, but will certainly charge me $150 per hour while he Googles it himself and then marks up parts prices by 50% or more. The point here (yes, there was a point here) is that technology has made it far, far easier and cheaper for anyone to access knowledge and learn how to do things. We can readily disintermediate supply chains and services. Anyone can now be an expert on any topic, on demand. This assisted or augmented reality for everyone is practically magic.
Topics: IoT Data Management smart home smart car

The Transition to NVMe: Accessibility Matters

Much has been said about the transformational benefits of flash storage. Over the years, I have spoken with many IT leaders on the benefits that their organizations have received after deploying flash storage. Over that time, my position has evolved from thinking it is a great technology to firmly believing that if you are not leveraging flash storage in at least some capacity, you are doing yourself and your organization a disservice. The benefits of flash technology are simply too transformative. Applications run faster and smoother, the rest of the data center becomes more efficient, service time is decreased, and resiliency is improved. The net takeaway is flash storage is good for business.

Topics: Storage pure storage NVMe All-Flash Array

HPE Gets Nimble: Dollars, Distribution...and Differentiation

 So, as of this week Nimble is a part of HPE. In exchange for a billion dollars (plus taking on $200M of equity awards) HPE gets the hybrid and all-flash vendor that achieved a highly-respectable $402M in sales in its last fiscal year.

Topics: Storage Nimble HPE

Cybersecurity Skills Shortage Threatens the Mid-market

ESG conducts an annual global survey of IT and cybersecurity professionals, and this year’s survey included 641 global respondents. Each year, these respondents are asked to identify the area where their organizations have a problematic shortage of skills.  or the sixth year in a row, cybersecurity skills topped the list—this year, 45% of respondents say that their organization has a problematic shortage of cybersecurity skills. 

Topics: Cybersecurity cybersecurity skills shortage CISO NIST ISSA

Picking a Winner for the Best Cloud

Stop me if you've heard this one: five major cloud service providers walk into a bar. They make a bet that the one with the best enterprise cloud will get free drinks for life. The bartender tells them he already knows who will win. They are astonished as none of them has yet had a chance to boast about their server specs, cost per gigabyte, network quality, security features, uptime record, support teams, number of data centers, or any other common claim or metric. How can he possibly have predicted the outcome?

Topics: cloud Data Management Big Data Analytics

Expectations for Dell EMC World 2017: Is it One Company or Two?

Dell EMC World 2017, or DEW -- which I honestly hope does not catch on as the acronym/nickname -- is just around the corner. To prepare, I wanted to pull together a short summary of my expectations for the event.

With this event taking place only a few months after the 2016 event in Austin, it is difficult to have high expectations in terms of new technology or a new product introduction. But honestly, I have reached the point with Dell EMC that I expect new technologies to be there when the market needs them. If there isn’t a ton to announce this year due to the short time between this event and the last Dell EMC World, I expect there will be a larger announcement next year. That being said, Dell EMC could certainly surprise me. The combined firm has a wealth of smart engineering talent, so if any company could produce a few new offerings that quickly, it would be Dell EMC.

Topics: Storage cloud data storage dell-emc Dell EMC World

Data Makes the World Go Round...

...Or at least data can be used to model the Earth's rotational vectors and predict trajectory locations over time. A few things have got me thinking about the world of data and the data of the world. First, I watched "Hidden Figures" with my girls last night. Amazon's machine learning models accurately predicted that we would like this film and positioned it strategically on our suggested titles list. There was a lot to like, including worthy themes around:

  • Math, science, engineering, analytics, and computers.
  • Women earning respect for their ability to excel in these areas.
  • Minorities demonstrating that diversity in teams improves outcomes.
  • Healthy patriotism in the context of advancing human potential.
  • Strategic government funding of research and innovation.
  • and Kirsten Dunst (assuming that her inclusion here doesn't undermine all my previous points).
Topics: Big Data Data Management machine learning data set

Cybersecurity Remains an Elusive Business Priority

I’ve been remiss by not blogging earlier this year about ESG’s annual IT spending intentions research. The year 2017 continues to follow a pattern—cybersecurity is a high business and IT priority for most organizations. 

Topics: Network Security Cybersecurity endpoint security CISO cloud security cyber insurance

An EDR Perspective on Security Ops and Analytics Architecture (Video)

In this first of a two-part video series, Mike Viscuso, Carbon Black’s Chief Technology Officer, and I begin to explore the expansive topic of employing a security operations and analytics platform architecture (SOAPA) to operationalize security analytics. In addition to discussing the need for a reference architecture to address the complexity associated with gaining intelligence from telemetry across an organization’s attack surface area, Mike shares why Carbon Black invested in technical integrations with a variety of complementary cybersecurity technologies and the importance of rich endpoint detection and response (EDR) sensor data to enable essential use cases. We also discuss how the starting point for such integrations has changed and the central role both value-added resellers (VARs) and managed security service providers (MSSPs) serve in providing SOAPA implementations. We wrap things up by noting the purposeful nature of cloud computing as enabling technology for SOAPA solutions. Stay tuned for the second video in which we dig into other aspects of security operations and analytics.

Topics: Cybersecurity SOAPA security operations and analytic platform EDR endpoint detection and response

SOAPA Services Opportunities Abound

Security operations is changing, driven by a wave of diverse data types, analytics tools, and new operational requirements. These changes are initiating an evolution from monolithic security technologies to a more comprehensive event-driven software architecture (along the lines of SOA 2.0) where disparate security technologies connect via enterprise-class middleware for things like data exchange, message queueing, and risk-driven trigger conditions. ESG refers to this as a Security Operations and Analytics platform architecture or SOAPA.    

When speaking, or writing about SOAPA, I often compare this evolution to an analogous IT trend in the 1990s. Way back then, large organizations abandoned standalone departmental applications in favor of a more integrated software architecture, ERP. This transition resulted in a new generation of business applications acting as a foundation for greater automation, efficiency, and profitability.

Topics: Cybersecurity CISO mssp managed security services SOAPA

Database Forecast: Cloudy with Increasing Chances

ESG has recently published an overview on IT market adoption of cloud-based databases. Shall we just call them cloudbases? Perhaps not. A major trend is emerging. While relatively few are choosing cloud as their primary mode of deployment, majorities are currently running at least some of their production workload in the public cloud. Attitudes and adoption vary considerably by age of company (and age of respondent!), reflecting how deeply entrenched traditional on-premises offerings and processes may be for different businesses. How many, how many, and how much, you ask? ESG research subscribers can read the full report here.

Topics: Cloud Computing Big Data Data Management

People, Process, and Technology Challenges with Security Operations

These days, it’s tough for any organization to keep up with cybersecurity operations. Why? Well the bad guys are pretty persistent for starters, launching a blitzkrieg of attacks and new types of exploits all the time. 

Okay, hackers are relentless but we’ve always known this and their behavior isn’t likely to change anytime soon. What’s really disturbing, however, is that a lot of problems associated with cybersecurity are based upon our own intransigence. And organizations aren’t struggling with one issue, rather, cybersecurity operations challenges tend to be spread across people, processes and technology. When it comes to security operations, it’s kind of a ‘death by a thousand cuts’ situation. 

Topics: Cybersecurity SIEM network security operations ISSA SOAPA SOC

The New McAfee

I’ve worked with McAfee for a long time – from its independent days, during the Network Associates timeframe, through financial issues, back to McAfee and the go-go Dave DeWalt era, and finally as Intel Security. 

Topics: Network Security Cybersecurity McAfee endpoint security SIEM cloud security

Cloudera Builds Strength and Agility

Haters gonna hate on Hadoop, but they've confused 'tween growing pains with weakness. The broader Hadoop ecosystem continues to mature at a very healthy pace. Even if the players are starting to outgrow the labels of "Hadoop" and "big data," leading companies in this sector will continue to build on what is now established to be a strong core. Perhaps most prominent among these young varsity athletes is Cloudera.

Cloudera has long enjoyed the popular attention of the market. More than 1,000 customers use Cloudera in more than 60 countries today. Technology vendors and channel partners have associated themselves with the cool kid. At last count, Cloudera has over 2800 partners, and that number includes 450 ISVs, of which 388 are certified, bringing 184 partner-developed solutions, of which 120 have been verified in production, and 44 are available in a ready-to-roll solutions gallery. Meanwhile big names like Intel and Michael Dell have provided significant scholarships to fund the company's development.

Topics: Data Management & Analytics Data Management Cloudera IPO big data and analytics

Micro-segmentation Projects Span Enterprise Organizations

Micro-segmentation is nothing new. We started talking about the concept a few years ago, with the onset of software-defined networking technologies like OpenFlow. More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads.

Topics: Network Security Cybersecurity SDN nfv micro-segmentation