Leading Enterprise Organizations Have Established a Dedicated Network Security Group

When an enterprise organization wanted to buy network security equipment a few years ago, there was a pretty clear division of labor. The security team defined the requirements and the networking team purchased and operated equipment. In other words, the lines were divided. The security team could describe what was needed but didn’t dare tell the networking team what to buy or get involved with day-to-day care and feeding related to “networking” matters.

This “us-and-them” mentality appears to be legacy behavior. According to ESG research on network security trends, 47% of enterprise organizations now claim that they have a dedicated group in charge of all aspects of network security. Additionally, network security is done cooperatively by networking and security teams at 26% of organizations today but these firms insist that they are in the process of creating a dedicated network security group to supplant their current division of labor.

Topics: IBM Network Security Check Point Palo Alto Networks Fortinet Cisco IT Infrastructure Networking Information and Risk Management Juniper Sourcefire FireEye HP McAfee Security and Privacy Security

ESG Recap of Oracle OpenWorld 2014

This year’s Oracle OpenWorld has reflected some interesting bets on the future of databases, cloud, big data, and analytics, along with many other macro-trends like social, mobile, and Internet of Things (IoT).

Oracle is doubling down on positioning itself as a cloud leader with emphasis on “pluggable” databases that can be easily hosted multi-tenant on-premises or migrated to a public cloud with a single command line. Database-as-a-service or DBaaS is clearly a priority and it’s being complemented by more cloud-oriented middleware and many new SaaS offerings.

Topics: Storage Analytics Big Data Internet of Things Data Management & Analytics IT Infrastructure cloud Oracle OpenWorld IoT Enterprise Software mobile Compute database social Oracle

The Internet of Things (IoT)

I shall be expanding on this theme--the internet of things (IoT) over the next few years, as I find it to be the most interesting thing to happen not only in tech, but potentially in modern society, ever.

Topics: Cloud Computing Analytics End-User Computing Endpoint & Application Virtualization Internet of Things Data Management & Analytics IT Infrastructure IoT Enterprise Software mobile Compute Public Cloud Service

PernixData FVP 2.0: Not Your Grandfather’s Storage [Management]

PernixData just announced a new release of its core FVP server-side-storage management product as well as a number of product extensions. Of course, you can get all the specific details from its press release but it did make me consider how a company like PernixData is truly a manifestation of a significant change in the storage world. It represents that change by talking a lot about “decoupling” storage performance and capacity. While that’s technically true, what companies like PernixData really reflect is something bigger than that.

For years “storage” has been just that – a singular, monolithic, and only-somewhat-malleable entity. You get more or less of it, and it is more or less capable to deliver some level of performance. The original IBM term of “DASD” – Direct Access Storage Device (how quaint that sounds in today’s mobile and networked world eh!?) – gave way to “disks” and indeed in many parts of the IT world the terms “disk” and “storage” were actually synonymous….despite the existence of alternatives. But, anyhow, for decades we muddled along with what we had. It was the least-worst option in many respects – and this is said with no lack of respect for the brilliant engineering that drove HDDs from MBs to GBs to TBs. It has been quite a ride.

Topics: Storage IT Infrastructure

Permabit SANblox: Fitting More Bricks in Storage Buildings

Permabit just made a move that has the potential to be very interesting. It has taken its Alberio deduplication and compression abilities and packaged them into an appliance so as to be able to - essentially - retrofit data reduction capabilities to installed FC SANs. Of course data reduction is nothing new per se; various efforts have been made by the “mainstream” vendors for their “mainline” products over the last few years but without a huge success….although maybe because such efforts have not been wholeheartedly embraced at the sales tip of the spear, given that they almost certainly lead to lower capacity sales. However, as the saying goes, the times they are a’changing: Data reduction is cool, embraced and promoted by the newer vendors, and – with the cat thus firmly out of the bag – there is an undercurrent of pressure for it to be more widely available. There are few if any realistic reasons to not use it….well, except, ahem, for the fact that it ain’t available on most of the common products in use (and indeed still being sold) today.

Thus the new SANblox move by Permabit is intriguing - not to mention potentially lucrative - for a number of reasons:

  • Dedupe has for the most part been, until now, a key ingredient in the special sauce by which the all-flash vendors (especially) get to say that they can get their product cost down to a level similar to spinning drives; if existing FC SANs can now easily, and at low risk, add that same function then the price delta could be expanded again.
  • There’s a likely performance boost as much as the $$ motivation. And, also, of course the function will still work as and when users upgrade to other newer devices from their favorite vendors that have (oh yeah….) the Permabit software included.
  • Permabit is a proven piece of software- also it has made installation really easy while also providing HA via synchronous writes to ensure data safety. Its own testing shows data reductions typically run in the 4-6X range.....in other words, for many workloads you might only need 15-25% of the storage space you thought you needed. That’s no small improvement when you look at the cost of storage systems!
  • It has the ability to be a "pull" technology....as users get to know it can be done they might well exert pressure on their vendors to support it. Key products from major vendors such as EMC, NetApp, Dell, and Hitachi have already been qualified…..one cannot imagine that such traditional vendors are all 100% thrilled at the prospect of such pixie dust being sprinkled on their systems, but –equally – their pragmatism and desire for account retention could conceivably actually drive them to desire to sell less capacity!!
  • Why would vendors do that? Well....
    • they need more efficiency tools to stem and manage general storage growth; indeed getting more back-end efficiency might not translate to less revenue as users are likely to continue to spend the same budgets but be able to do more for those budgets. As always, there’s plenty of actual and nascent capacity growth to go around.
    • it's a bit like things such as vVols from VMware. As a “traditional” vendor you might not like it but you have to be seen to be a part of the contemporary world.
    • increasingly vendors are making - and going to make – more of their money from software and so squeezing more capacity out of the back end HDDs isn't as painful for them as it once might have been.
Topics: Storage IT Infrastructure deduplication compression

Dot Hill - A Video Look Behind the Engineering Scenes

Storage isn't all about the IOPS and TBs. It has to work, be usable, and indeed get to its place of use along the same roads (with the same potholes and construction) as anything else.

Topics: Storage IT Infrastructure Mark Peters Dot Hill

HDS bought Sepaton ... now what?

Have you ever known two people that seemed to tell the same stories and have the same ideas, but just weren’t that into each other? And then one day, BAM, they are besties.

Sepaton was (and is) a deduplication appliance vendor that has always marketed to “the largest of enterprises.” From Sepaton’s perspective, the deduplication market might be segmented into three categories:

  • Small deduplication vendors and software-based deduplication … for midsized companies.
  • Full product-line deduplication vendors, offering a variety of in-line deduplication, single-controller scale-up (but not always with scale-out) appliances from companies that typically produce a wide variety of other IT appliances and solution components … for midsized to large organizations.
  • Sepaton, offering enterprise deduplication efficiency and performance to truly enterprise-scale organizations, particularly when those organizations have outgrown the commodity approach to dedupe.
Topics: Storage IT Infrastructure Data Protection JBuff Information and Risk Management HDS Sepaton deduplication

ESG Recap of VMworld 2014

The ESG analyst team headed into a VMworld 2014 with a list of vmworld-2014-top-questions-esg-analysts-hope-to-have-answered/index.html" target="_blank">questions and was met with the high energy of the event the moment we all deplaned at SFO. Each of the individual analysts' key takeaways are included below, following these general observations:

Topics: Cloud Computing Storage EVO IT Infrastructure Data Protection VMware Private Cloud Infrastructure Information and Risk Management channel partners VMworld Public Cloud Service

VMworld 2014 - ESG's Event Video Insights

VMworld was, as ever, massive - and remains one of the foundational IT events of the season. As is our wont, the attending ESG analyst team videoed its key, immediate insights live at the event. In the video blog that follows, I am joined by my colleagues Jason Buffington, Mark Bowker, Kevin Rhone and Scott Sinclair. In just six minutes you can get a broad yet succinct summary of some key takeaways from - and thoughts about - this year's event. VMW '14 was notable for the tone of the keynotes as much as the technology news, and for posing questions as much as providing answers...making it an intriguing installment of this ongoing series. Enjoy the video....

Topics: Cloud Computing Storage IT Infrastructure Data Protection VMware Private Cloud Infrastructure Information and Risk Management Enterprise Software Compute VMworld ESG on Location

Enterprise Security Professionals Speak Out on SDN Use Cases for Network Security

At this week’s VMworld shin dig in San Francisco, many networking and security vendors will crow about software-defined security and software use cases for SDN. Some of this rhetoric will be nothing more than industry hype while other banter may prove to be extremely useful in the near future.

Yes, there are many interesting ways that SDN could work to enhance network security. That said, which SDN/network security use cases are really compelling and which could be considered second-tier? ESG research asked this specific question to security professionals working at enterprise organizations (i.e., more than 1,000 employees) as part of a recent ESG research report, Network Security Trends in the Era of Cloud and Mobile Computing. Here are the top 5 SDN use cases for network security:

  • 28% want to use SDN to help them selectively block malicious traffic to endpoints while still allowing normal traffic flows. In this case, SDN would be tied into malware detection appliances like those from Cisco, FireEye, Fortinet, Palo Alto Networks, or Trend Micro.
  • 28% want to use SDN to improve network security policy auditing and conflict detection/resolution. Here, SDN could be used to aggregate and manage network segmentation, for example.
  • 23% want to use SDN to centralize network security service policy and configuration management. Similar to the use case above but in this case, SDN could be used to align network security policy with server virtualization (i.e., vCenter, MS System Center), cloud (i.e. AWS, OpenStack, etc.), or orchestration platforms (i.e., Chef, Puppet, etc.).
  • 23% want to use SDN to automate network security remediation tasks. Think “self-defending networks” here. Based upon the latest threat intelligence, a firewall/SDN controller combination could generate new firewall rules on the fly. Firms like Norse, Vorstack, or Webroot could act as the security intelligence brains tied into SDN in this use case.
  • 23% want to use SDN to implement more granular network segmentation for network security. Think micro-segmentation where specific users, sessions, or flows could communicate across a point-to-point VPN. For example, HyTrust works with Intel TXT to offer fine-grained segmentation aligning workloads with particular servers and trust zones.
Topics: Cloud Computing IT Infrastructure Networking Information and Risk Management Security and Privacy