There are Clouds out on the Verizon

I’ve been watching the cloud scene for a good number of years now and the first iteration of most of the clouds were, well, boring. I’d call these version 0.4 clouds on a good day. Basically they seemed to be made up of standard enterprise storage and servers, running VMware, single tenant except for the rare case of some ‘shared’ storage that was walled off by having the service provider (mostly Telcos) provision and attach storage to specific servers.

Then along came some advances in the software and hardware that actually enabled some basic multitenant capabilities. Of course with the new capabilities came a whole lot more competition as well. To differentiate themselves, some providers went down the acquisition route pretty early with Verizon being one of them (2011). They quickly acquired Terremark for their managed services and their beginnings of a cloud platform. In addition to Terremark, Verizon also acquired CloudSwitch, a cloud software technology that allowed companies to create hybrid clouds between on-premises data centers and public cloud providers as well as between public clouds.

Topics: Cloud Computing cloud VMware Private Cloud Infrastructure Hyper-V Verizon Public Cloud Service

Sprint’s and Clearwire’s completed acquisition by SoftBank will benefit US wireless consumers and the wireless industry

Like an addictive drug, the more bandwidth consumers get, the more they want, and the global mobile device electronics industry has thus far benefited the most. Mobile operators have benefited as well, but are facing a category 5 hurricane of mobile bandwidth demand in the next few years that could wipe out profits or deflate the mobile bubble. Sprint was looking particularly vulnerable with its unlimited data plans, but what can we expect going forward? Accelerated innovation.

Topics: Apple End-User Computing Endpoint & Application Virtualization IT Infrastructure Networking mobile Huawei Verizon

The Security Skills Shortage Is Worse Than You Think

I’ve written a lot about the security skills shortage but it is worth reviewing a bit of data here for context. According to ESG Research, 55% of enterprise organizations (i.e., those with more than 1,000 employees) plan to hire additional security professionals in 2012 but they are extremely hard to find. In fact, 83% of enterprises claim that it is “extremely difficult” or “somewhat difficult” to recruit and/or hire security professionals in the current market.

Given this data, it is fair to assume that many IT security organizations are short staffed and pushing the security team to its limits. As if this wasn’t bad enough, ESG data also points to 3 trends that exacerbate the security skills shortage further impacting the effectiveness of the precious few security personnel in place:

  1. Critical skills deficits. Along with the shortage of staff, many organizations report that their security staff lacks skills in critical areas such as network security, cloud computing/server virtualization security, mobile device security, and security analysis/forensics.
  2. Security staff time management. Large organizations indicate that one of their biggest problems is that their security professionals spend an inordinate amount of their time putting out fires. This limits the time for other more proactive security activities.
  3. Security tools complexity and lack of automation. Security vendors built tools rich in feature/functionality and designed for customization. Unfortunately, many large organizations don’t have the time or staff necessary to fine-tune them or develop expertise in their use.
Topics: IBM Cloud Computing Check Point Palo Alto Networks Private Cloud Infrastructure Information and Risk Management Sourcefire HP Dell McAfee Security and Privacy BYOD Raytheon Lockheed Martin trend micro Symantec saic CSC BT Verizon Unisys Server Virtualization security skills Public Cloud Service

Big Data Security Is Inevitable

There's been a fair amount of discussion about the fact that security analytics is becoming a big data problem. I participated on a big data security panel at RSA and I believe there were a few others on this topic as well.

Topics: IBM Big Data Hadoop Information and Risk Management HP Dell McAfee Enterprise Software Data Management Security and Privacy risk management NoSQL SIEM Data Analytics Symantec RSA log management Cassandra security analytics BT Verizon Unisys vulnerability management threat management Tibco

Security Services Continue to Grow -- In the Enterprise

In my last blog, I presented some data about the extremely critical but often ignored security skills shortage. While 55% of enterprise organizations (i.e., more than 1,000 employees) plan to add information security headcount this year, 83% say it is "extremely difficult" or "somewhat difficult" to recruit and hire these folks.

Topics: IBM Cloud Computing EMC Private Cloud Infrastructure Information and Risk Management HP Security and Privacy Security SIEM Symantec RSA CISO CSC BT mssp Verizon Unisys security services venture capital Server Virtualization security skills Public Cloud Service

Open Networking Summit 2012 Plays to a Packed House

This week I attended the Open Networking Summit in Santa Clara with 900 of my closest friends. Okay, maybe I am contributing to the hype around Software-Defined Networking (SDN) with a statement like that. It wasn't 900, there were only 899 in attendance (over 100 on a waiting list) and they were not all my friends, but I did meet a lot of really smart people and had a lot of great conversations. Those in attendance ranged from network engineers from large health care providers, senior executives from large service providers, hardware and software vendors, and more than a few venture capital and money management firms. The show seemed to be a good mix of speaking sessions that covered existing implementations, tools, vision for the future etc., as well as expo/demo time to review offerings and better understand the current state of commercially available solutions.

Topics: IT Infrastructure Networking HP Open Networking Summit Plexxi Vello software-defined networking SDN Intel Verizon ADARA Nicira OpenFlow NTT

We Need Security Standards like Mitre's Common Event Expression (CEE)

Over the past few years, I've been involved with a number of ESG Research projects all pointing to a few common problems. Even in the most sophisticated shops, security teams struggle to collect the avalanche of security data generated from different log files and tools, analyze this data in a proactive manner, or find the proverbial needle in the haystack indicating anomalous behavior.

Topics: Microsoft Cisco Information and Risk Management HP McAfee Security and Privacy SIEM Mitre ArcSight log management NIST Verizon Linux

Anticipating the Open Networking Summit

We are a few weeks away from the Open Networking Summit ( which will be held in Santa Clara April 16 through 18.

Topics: IBM Cisco IT Infrastructure VMware Networking Juniper HP ONS openstack BigSwitch SDN Verizon Nicira NEC VXLAN OpenFlow NTT QFabric Arista Networks