Cybersec Pros Choose Their Top Enterprise-class Cybersecurity Vendors

Based upon lots of ESG research, some enterprise cybersecurity technology trends are emerging:

  1. Large enterprises are actively consolidating the number of vendors they do business with. This puts some of the point tools vendors at risk as CISOs sign up for enterprise licensing agreements and try to maximize ROI by using more tools from a few select vendors.
  2. Enterprises are seeking to integrate point tools into a cohesive technology architecture. Like ESG’s security operations and analytics platform architecture (SOAPA) concept, large organizations are actively integrating tools to bolster technology interoperability, improve security efficacy, and streamline security operations.
  3. All organizations need help. Yes, companies are still buying new security tools, but these new products are often accompanied by professional services. Additionally, many CISOs are now looking at cybersecurity through a portfolio management lens and figuring out which areas to outsource to MSSPs and SaaS providers.
Topics: IBM Cybersecurity Cisco McAfee Enterprise Symantec CISO

Network Security Challenges in the Enterprise

ESG recently published a new research report titled, Network Security Trends in the Era of Cloud and Mobile Computing. In this project, ESG surveyed 397 IT security professionals working at enterprise organizations (i.e., more than 1,000 employees) and asked a multitude of questions about their current and future network security policies, practices, and technologies.

Topics: Network Security Networking Information and Risk Management Security and Privacy Enterprise

An ESG Exclusive: The "Database Analytics Trends" Report

Here at ESG, we just put the finishing moves on our new Enterprise Database Trends in a Big Data World report, be sure to ask for it by name at your local newsstand if you aren’t already getting home delivery of all our research. This piece of work is part two of a grand trilogy (thrill-ogy?) in our data management research calendar along with the earlier Enterprise Data Analytics Trends and the upcoming Enterprise Big Data, Business Intelligence, and Analytics Trends reports.

The current installment looks at the pressures on existing databases, the practical science of database management, how organizations are re-thinking their strategies and technology selections, and the challenging dynamics of the discipline.

Topics: Analytics Enterprise Software Data Management database Enterprise

Cybersecurity Skills Haves and Have Nots

I’ve written a lot lately about the cybersecurity skills shortage. For example, 25% of organizations claim that they have a problematic shortage of IT security skills. On an industry basis, 36% of government agencies say they have a problematic shortage of IT security skills, followed by 29% of manufacturing companies, and 28% of financial services firms.

ESG often builds a segmentation model as part of its research projects to further analyze survey data. The segmentation model divides the total survey population into 3 distinct groups: Advanced organizations (i.e., those with the most cybersecurity resources and strong security policies and processes), progressing organizations (i.e., those with marginal cybersecurity resources and adequate security policies and processes), and basic organizations (i.e., those with fair/poor cybersecurity resources and inadequate security policies and processes). Typically, advanced organizations make up around 20% of the survey population, progressing organizations represent around 60% of the survey population, and basic organizations account for the remaining 20%.

Topics: Cybersecurity Information and Risk Management Security and Privacy Security Enterprise SANS skills shortage ISC2 NICE CISO NIST

2014’s Cloudy Predictions for the Enterprise

I’ve had a whole year now to meet many of the passionate folks who help lead great companies that make up the cloud technology community and have talked to numerous customers who are at different stages of their cloud implementations. I’m betting there is little breaking news here but I think it is still pointing out a few trends from last year that I think will persist in 2014:

  1. Cloud = Public Cloud, nope, Private Cloud, nope, wait, Hybrid Cloud. Actually I think we are going to finally get back to the name ‘cloud’ and we’ll talk about it being on premises or off or both. While some technology companies only have a part of the ‘cloud’ solution and therefore can only talk about the part they have products and services for – there will be cloud companies that will be making sure they have good answers for the whole spectrum of delivery models and architectures and my bet on growth is with them.
  2. Cloud Service Providers – this year we’ll see CSPs offer more choice when it comes to services and platforms. CSP service catalogs will get richer and more diverse with a wide spectrum of pricing models. CSPs will be providing more tools or using partnerships to migrate apps to a cloud platform. I also think we’ll see more CSPs offering continued innovations in terms of baremetal services and containerized services. While baremetal has been around for a bit, the containerized stuff is interesting. One implementation I’ve seen takes a monster VM and carves it up into sub-VMs. Another allows a VM to move from cloud to cloud regardless of the virtualization technology, and yet another allows the VM to dynamically adjust in size no matter how it was provisioned (imagine the $ savings this could mean over hard sizing).
  3. Cloud Service Management – this is a wide spectrum of software components that sit above the hypervisor and handle orchestration and automation but also a whole lot more (governance, chargeback, SSO, federation, etc.). This past year we saw an explosion in this space. I started the year monitoring 22 companies and ended the year with over 30. Plus this year saw many CSPs come out with their own custom versions of CSP software such as Tier 3 which was acquired by CenturyLink. Also can’t forget to mention ServiceMesh being acquired by CSC and Dell’s purchasing Enstratius. This next year there will be more consolidation in this space as well as continued progression in terms of features and capabilities – e.g., IT workload supply chain management, inter-cloud/multi-cloud management, and continued innovation in operational analytics.
  4. Cloud Brokerages – this has been talked about for quite a while but this year I saw one company in particular doing what seems like a brilliant move in this space. Instead of focusing on creating a portal that masks the underlying service providers – these guys are the consumers of the cloud services and act as the agent from the CSP and end customers' perspectives. They make money by purchasing more and more services and they give the customer – migration, monitoring, and management services. Managed public cloud would be another way of thinking of it – only they have the skills to help migrate applications to the cloud.
  5. Managed Cloud – VARs and some interesting SaaS providers as well are providing managed private cloud. Simply put, they take the customer's data center – add cloud stuff to it (chargeback, service catalog, self-provisioning) and let the customer worry about provisioning and using the cloud resources instead of monitoring and managing them – on-premises. My gut is this will evolve to include public/hybrid as well.
  6. Security - We’ll see more cloud breaches and outages. Some of this will be just the rule of numbers at work (more clouds, more data in the clouds) and some of it is where we are in the maturity curve. Stuff is changing fast and not everyone is up to speed. That said we’ll also seem a continued improvement in cloud standards, security, and compliance offerings. The regulations are adapting to cloud and providers are driving the market hard for this business. Healthcare in particular has the whole Meaningful Use incentives driving more data sharing and you can be sure the major healthcare technology companies are not sitting still.
  7. Cloud Storage – usually not a very interesting topic – but when you think of all the mature and rich set of capabilities and the data growth rates still on a very vertical trajectory – storage companies will continue to move their IP to cloud platforms. Plus with the prices of memory continuing to come down – all the providers will have to have either pure SSD options or hybrid SSD and large/slow storage options. Oh and long term archive with compliance, search, analytics, etc., will be interesting to watch this year.
  8. Migrations – Some new players this last year in this space with some major announcements from several that have been doing this a while. Appzero, CloudVelocity, Racemi are just a few examples of companies tackling this problem. Plus the cool technology that Cloud TP announced late in the year – PaaSLane – which actually looks at your application code and makes recommendations on what cloud services need to replace existing code and how long it will take to do.
  9. PaaS – last year PaaS got a nice kick in the pants from companies like Pivotal and GE and I think we’re just getting started. It would be interesting to see partnerships from the cloud platforms to do the same thing as OpenStack only for PaaS.
  10. IoT - The Internet of Things is one of the most exciting and scary areas to me (as a guy who did doc work in privacy risk). Right now people are focusing on the connected home, car, and instrumenting our bodies but what happens when all those devices become a cloud of their own? and of course when all that data is stored in a cloud somewhere that (Bad Guys, Governments, Corporations) can harvest? Yet the allure of IoT is so compelling in terms of how these intelligent devices can improve our lives - whether it be our health, our learning, or our fortunes - IoT is going to be one of the most interesting phenomena's to watch and participate in this coming year.

I’m sure I forgot a thing or two … like Software-defined Everything and ITaaS – these are still chugging along with companies converting from their virtualized application stovepipes to shared resources and to a service orientation. This year will be a great year for cloud companies – and this year will be more about the success and failures the enterprise has in cloud than it will be about all kinds of new stuff. We’ve already seen a lot of innovation – now it is time to execute and see what really works and how it helps businesses be more agile and more successful.

Topics: Cloud Computing cloud Private Cloud Infrastructure Enterprise Cloud Service Management CSP Public Cloud Service

The Security Industry Remains Strong with Computer Science but Weak on IT

Last week, I was in Silicon Valley meeting with a parade of CISOs and security vendors. Business travel is no “day at the beach,” but these trips really help me keep up with the latest enterprise security challenges and potential technology solutions.

It was also nice to spend time in the Valley and re-charge my batteries toward the security industry. There was a lot of excitement out there as a result of business growth, VC investment, and the wildly successful FireEye IPO.

Topics: IBM Cybersecurity Cisco Information and Risk Management FireEye HP Dell Oracle Security and Privacy Security Enterprise SIEM E&Y Leidos Accenture CISO saic IPO Security Management CSC Unisys

Time for an EMC Update - Includes Video

Recently EMC held an event for analysts; while a lot of what is covered in such events is designed to prepare us and not yet to be shared, there are nonetheless thematic notes that can be mentioned. The video report included in this blog includes my 50,000 foot commentary; I also took the opportunity to conduct some brief update/highlight-type interviews with EMC execs that cover the main storage elements – VNX, Isilon, Enterprise, and the ‘newer stuff’ (in this case ScaleIO).

Topics: Storage EMC IT Infrastructure Enterprise Isilon ScaleIO

Gravitating to the Cloud

If you are a CIO/IT manager at an enterprise there seems to be a lot of promise but also hype when it comes to the cloud. And god forbid you get a real and consistent definition of what cloud is. That said, there are so many people talking about it and so many great ideas and offerings, there just has to be some reality in it all. Right?

Topics: Cloud Computing cloud Private Cloud Infrastructure SaaS Enterprise ITaaS Gravitant Public Cloud Service

Welcome to the Cloudy Enterprise

Hello there! If you haven’t heard, I’m the newest analyst at ESG focusing specifically on cloud, IT-as-a-Service (ITaaS), and the software-defined data center (SDDC). My bio’s listed on the site or you can find me on Linkedin as well so I won’t bore you with those same details.

Instead I’d like to share some other thoughts about where I’d like to take the blog and why I named it the way I did. So first, the name – I think the theme that is starting to really permeate the cloud world finally is enterprise. By enterprise I mean companies with 100-1000 employees or so and their adoption (rate, barriers, challenges, etc.) of cloud computing. In terms of where I’d like to take the blog – well, that one is easy. Wherever I want! Seriously, I just want to explore many of the topics that are being talked about by the customers.

Topics: Cloud Computing cloud Private Cloud Infrastructure Enterprise software-defined data center SDDC ITaaS Public Cloud Service