Black Hat 2017: Disruption in the Wind

Such blogs typically offer 3 or 4 takeaways from seminal industry events; I have one from Black Hat 2017—disruption of core cybersecurity markets is in the air.

Topics: Cybersecurity Black Hat

The U.S. Versus China with Flash Memory Stuck in the Middle

I normally don’t mention politics. My expertise is in technology and business, so I like to stick to those topics. But, an article in the Wall Street Journal today caught my eye. It is well worth a read, if you get a chance.

It a nutshell, the article describes growing tensions between the U.S. and China in response to Chinese firms attempting to acquire U.S semiconductor vendors and technology. According to the article, “Big U.S. players like Intel Corp. and Micron Technology Inc. find themselves in a bind—eager to expand in China but wary of losing out to state-sponsored rivals.” I cannot talk to the nuances of the geo-political landscape, but what I do know is flash memory, and this tension doesn’t look good.

Topics: Storage Intel All flash Micron

“Dev-Test” in the Cloud Can Mean Ops as Well as Apps

There are some very common usages that one finds for the public cloud when it comes to business IT; along with data protection and long-term archival storage (and, yes, increasingly but not ubiquitously, there are production applications), one of the most oft-mentioned uses for the cloud is that of Dev-Test.

It is easy to see why – it can be viewed as a safe sandbox to play in, with no realistic danger of contaminating your production data. Meantime there are resources that are as flexible (whether in terms of scale, type, or speed of implementation) as your budget allows. And perhaps most important of all, of course, when you’re done, you’re done; just wrap up the project, and check out of the IT hotel.

Now, just as you're expecting it, there’s actually no “but” to this blog; instead there’s an “and”….

Topics: Storage applications operations public cloud dev-test

A Quick Talk with Yousuf Kahn, CIO of Pure Storage: High Performance Flash Is Powering Digital Business Transformation (Video)

With Flash Memory Summit a few weeks away, now is a good time to reflect on how flash technology has transformed business as well as our everyday lives. The wealth of digital products and services available today as well as the ever increasing value of business insights gathered through analytics would likely not be possible without flash storage technology. And if it were possible, it would be way too costly. The bottom line is that the modern business is built on data, and the speed at which that data can be accessed and understood directly impacts business success. Flash storage technology is a huge step forward and continued innovation in this space will further propel digital businesses in the future.

Topics: Storage All flash pure storage Flash Memory Summit

Looking Forward to VMworld

VMworld is coming at us fast. I always approach VMworld with mixed feelings. First, I love it because it gives me the opportunity to talk with lots of people on the vendor and IT professional fronts. It's one of the best and biggest trade shows I attend. It is a veritable who's who in the IT technology infrastructure world, and for both vendors and those that manage IT infrastructure. But I hate it because it marks the end of summer. It's back-to-school season, and even though I don't have kids, I somehow still think of back-to-school season as the end of fun times and the beginning of work - and it turns out it's the same in the tech world! This is the beginning of fall trade show season, which means less time at the beach, more time on the road, and the beginning of cooler weather. But enough of that - let's talk about my VMworld expectations and why I am really looking forward to the show. 

Topics: VMware VMworld Converged Infrastructure hyperconverged infrastructure

Cybersecurity Skills Shortage: Profound Impact on Security Analytics and Operations

I’ve written a lot about the cybersecurity skills shortage over the past 5 years. For example, ESG research indicates that 45% of organizations claim to have a problematic shortage of cybersecurity skills. 

Topics: Cybersecurity cybersecurity skills shortage SIEM CISO network security analytics network security operations

Anticipating Black Hat 2017

I’ve been looking forward to this year’s Black Hat event in Las Vegas for several months. In my mind, Black Hat has become the industry’s premier event for digging into cybersecurity technology.  RSA seems to be leaning toward business development and Sand Hill Rd. schmoozing these days.

Topics: Cybersecurity Black Hat

As the Storage Industry Converges on VMworld, HPE and NetApp are Poised to Make Noise

It’s the middle of summer. While for some that means time for a well-needed vacation, for those of us in the enterprise storage industry, it means that VMworld is just around the corner. Over the past few years, VMworld has become the premier multi-vendor storage industry event. While there is some debate on whether that status may be up for grabs over the next few years, VMworld still serves as an opportunity to take stock of the latest in storage innovations and capture a glimpse of how storage vendors' strategies are progressing with their customers.

Topics: Storage Netapp VMware VMworld Nimble HPE Simplicity

VMworld – What I’m Intrigued To See

We all know that VMware changed the world of IT. Most of the way that change was effected is pretty obvious – a layer of software to make more effective and more efficient use of computing platform resources. While virtualization wasn’t new to IT, it had never been used so broadly or ubiquitously. And, yes, VMware’s offering has continued to get broader and more comprehensive, covering all the major elements of IT infrastructure – software joined with custom/partnership hardware as appropriate to deliver storage and networking capabilities along with the good-‘old’-server virtualization. 

Topics: Storage VMware VMworld

What to Watch About Systems Management & DevOps @ VMworld 2017

It's always an exciting time as we start looking at the end of summer and the approach of VMworld. This year will be 10 years since I went to my first VMworld. I've seen VMworld grow massive over the years and shift venues back and forth from San Francisco to Vegas, back to SF, then back to Vegas. I know I'll always miss Cannes, although the Palais des Festivals wasn't the roomiest venue. The show is now tougher for me as my kids are now going to school and I have to miss the first day of the year.

Topics: VMworld DevOps Systems Management

Cybersecurity Operations: More Difficult Than It Was 2 Years Ago

ESG just published a new research report titled, Cybersecurity Analytics and Operations in Transition, based upon a survey of 412 cybersecurity and IT professionals working at large midmarket (i.e., 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organizations in North America and Western Europe.

The data is quite interesting, to say the least, so look for lots of blogs from me over the next few weeks on a myriad of security operations topics we covered in this project. Furthermore, my esteemed colleague Doug Cahill and I are hosting a webinar this Wednesday, July 19. Feel free to attend, more details can be found here

When I do end-user research on cybersecurity topics, I usually ask respondents a basic question: How are things today compared to 2 years ago? This research project was no exception and, as it turns out, 27% of survey respondents say that cybersecurity analytics and operations is much more difficult than 2 years ago while another 45% say that cybersecurity analytics and operations is somewhat more difficult today than 2 years ago.

Topics: Cybersecurity big data security analytics SIEM CISO security operations network security analytics SOC

Midyear Check-in on Data Protection Initiatives in 2017 (Animated Infographic)

At the halfway point in 2017, it seems appropriate to revisit the continued momentum around investing in better, more agile, more reliable, likely cloud-enhanced data protection. Early each year, ESG publishes its IT Spending Intentions report, where we look at where organizations are intending to invest their budgets. 

In each of the six years that I have been at ESG, “Data Protection” in one or more forms is among the top of one or more priority lists. 

Topics: Backup Data Protection BC/DR (business continuity/disaster recovery)

ESG Cybersecurity Research and a Preview of Black Hat USA 2017 (Video)

In this video blog, my colleague Jon Oltsik and I discuss some of the insights from ESG’s cybersecurity research we expect to be topical at Black Hat USA 2017, including:

  • The challenges and solutions around security operations and analytics and the need for a security operations and analytics platform architecture (SOAPA).
  • The constant state of change in the endpoint security landscape in which organizations regularly re-evaluate processes, technologies, and vendors.
Topics: Cybersecurity hybrid cloud SOAPA security operations analytics platform Black Hat 2017

SOAPA Interview With Rick Caccia of Exabeam- Part 2 (Video)

Old friend and Exabeam CMO, Rick Caccia, returned for some additional banter around SOAPA. Part 2 of our video discussion features:

  1. A discussion about market confusion around machine learning/artificial intelligence for security analytics. Rick explains that AI depends upon pre-built use-cases and that customers must understand what they are (and aren’t) buying when they look at this technology.
  2. How user behavior analytics (UBA) evolves into SOAPA. Rick outlines the transition he’s seeing in the market and how customer needs are driving Exabeam’s architectural R&D.
Topics: Cybersecurity SOAPA security operations and analytics

Is the "Silver Lining" of Clouds Just Free Money for Some [of Your] Vendors!? (Video)

 

The video below pretty much says it all: while the value of public clouds - most often as a part of the growing 'hybrid IT' model - is indisputable for the majority of IT organizations, there are some vendors that have seen the opportunity to capitalize at users' expense. Those wanting to make a quick buck are likely driven by a desire to make the cloud look artificially more expensive than it is, as much as a desire to protect revenues....but either way it is insidious. It is insidious for two reasons: obviously it is just wrong, but also it is another example (like the bad kid that gets the whole class detention!) of the minority spoiling things for the majority.

Anyhow, take a look at the video first, and then take a look at your invoices too....just to be cautious and sensible.

Topics: Cloud Computing Storage

Applications Drive Hybrid Cloud, With On-Premises Being the Key to Hybrid, Not Public Cloud (Video)

Terri McClure, ESG's Senior Analyst for Cloud Infrastructure, and I did an ESG 360 video about the hybrid cloud research that I have conducted.  Two key points that came out of that research were the following:

  • Hybrid cloud is about applications and the infrastructure that supports them, not just about infrastructure, servers, and VMs. An application-centric view is the cornerstone of hybrid cloud and vendors need to recognize and adjust for this. This doesn't mean that infrastructure doesn't matter anymore, but the management and optimization of hybrid cloud workloads needs to be done at the application level, not the infrastructure.
Topics: hybrid cloud public cloud Systems Management on-premises

The Internet of Identities (IoI)

Everyone is talking about IoT these days and for good reason – there are already billions of devices connected to the global Internet and some researchers are predicting 50 billion by 2020. This alone will make CISOs' jobs more difficult, but security executives face many other associated challenges as well:

Topics: Cybersecurity IoT identity and access management micro-segmentation SDP Internet of Identities

Long Term Data Retention is Evolving – Are You? (Video)

It seems like every few months, a new regulation or mandate pops up to remind people to 1) keep their data longer and/or 2) delete it as soon as necessary. Those two edicts are not contrary to each other as long as you do them in that sequence; first, understand your retention requirements and then delete data beyond that retention date. But there is sooooo much more to it than that, since not all data has the same regulatory or operational retention benefits or requirements. 

If you haven’t seen it already, please check out my earlier vBlog on “The Good, Better, Best of Data Management

Topics: Data Protection Archiving Copy Data Management Long-Term Data Retention

Cisco Ramps Up Security With Intent-based Networking

Encrypted Traffic Analytics and SD-Access integrate security into the enterprise network.

Security is a big part of Cisco's new intent-based networking strategy. The key security pieces are Encrypted Traffic Analytics and Software-Defined Access. The details of hardware support such as the Catalyst 9000 switches aren't as important as how the new architecture provides a new way for enterprises to approach security by integrating it into the network.

Topics: Cisco Networking SDN Intent-based networkng

At .NEXT, Nutanix Says It’s Time For a 'Real Hybrid Cloud' (Video)

 

Nutanix held its user conference - .NEXT – last week in Washington D.C. If it felt a bit cult-like that was only in the good sense, as befits an organization with NPS scores over 90% for three years running (that is ethereal territory).

As many other vendors are running hard, hoping to catch Nutanix and steal/borrow its “HCI cloak,” so it is running just as fast to try to ensure that spot is vacant by the time any others get there. It spent the conference explaining and promoting the malleability and expansion of its “Enterprise Cloud” approach.

Some key takeaways from, and comments about, the event can be found in the ESG On Location video that my colleagues Terri McClure, Brian Garrett, and I shot while there.

Topics: Storage nutanix .NEXT

CiscoLive and Cybersecurity

I spent a few days at CiscoLive, Cisco’s annual user conference, last week in steamy Las Vegas. As a cybersecurity professional, I really filtered out a lot of other content to focus on all things infosec. Here are my observations:

Topics: Cybersecurity Cisco CiscoLive CISO

Cisco Intent-Based Networking Brings SDN to the Enterprise

Automation platform promises to make software-defined networking a reality for campus networks.

At Cisco Live, networking pros heard a lot about Cisco's new intent-based networking strategy and technologies. On the surface, the technologies look like an evolution of Cisco's existing enterprise network products. Intent-based networking was actually available with Cisco's ACI platform, Digital Network Architecture (DNA). It was announced in March 2016, and the Catalyst 9000 family of switches is a version of the venerable switch. New technologies include software-defined access and encrypted traffic analytics.

However, we need to focus on the bigger picture rather than the individual products. Altogether, they're actually a long-awaited realization of software-defined networking branching out beyond the data center and finding its way into the enterprise.

Topics: Cisco Networking SDN