ESG Blogs

25 years ago Netapp became the modern day bellwether of this metric - they acquired real paying customers at a clip heretofore unheard of. For the last 20+ years they maintained that bar.

I’ve noticed a shift in how vendors and some IT professionals have been talking about Social Enterprise, especially enterprise social networks. In the past, it was felt that social enterprise adoption, especially social collaboration adoption, was a bottom up process. Knowledge workers wanted to work together better but found that their tools were inadequate. Provide the tools and adoption would spread virally. The truth is, that didn’t happen. New ESG research on knowledge worker attitudes toward Facebook-like enterprise social networking tools shows how little impact knowledge workers see these tools having on their ability to collaborate or be productive.

Subsequently, there has been a shift in the messaging from vendors of these enterprise social networks. Now, we are being told, it’s really a top down affair. Upper management must make a commitment to change the culture of their organizations in order to see value from these social tools. Within this narrative, the cultural change will drive more innovation and productivity.

According to ESG research, 44% of enterprise organizations believe that their security data collection, processing, and analysis qualifies as “big data” today while another 44% believe that their security data collection, processing and analysis will qualify as “big data” within the next two years. Given this requirement and market opportunity, it is not surprise that IBM and RSA announced Hadoop-based big data security analytics platforms this week.

Yup, big data security analytics will become increasingly pervasive over the next few years but what about the rest of IT? Certainly IT operations teams could benefit from big data analytics for performance tuning, capacity planning, and SLA management. In fact, vendors like LogRhythm, Splunk, and Sumo Logic either market directly to IT operations or find that IT operations jumps onboard quickly once the security team deploys their analytics tools.

Here at IBM Connect 2013, IBM is taking great pains to get across two big ideas. First, that culture drives business. Culture and people are the real strategic value in a business. Because of this, IBM is providing a number of solutions that help to build and harness the human capital of a business and unlock that value. This is a key reason that they acquired Kenexa and continue to help customers to implement social collaboration in their organizations. The value of human capital extends to customers. Engaging customers as people and understanding and appreciating their culture are important factors in driving growth and IBM stands poised to assist.

Easily one of the most discussed topics with me in 2012 is how virtualization is changing data protection strategies.

I was changing the channels this weekend and landed on the local news. Before moving on, I happened to catch two “local” stories:

1. Citizen’s Bank, a fairly large regional bank based here in New England, was experiencing a Distributed Denial of Service (DDOS) attack. A group of Iranian hackers called the Martyr Izz ad-Din al-Qassam Cyber Fighters claimed responsibility.
2. The hacktivist group Anonymous hacked the website of the U.S. Sentencing Commission, (www.ussc.gov) to protest the prosecution and eventual suicide of Aaron Swartz.

Website defacement and DDOS attacks are nothing new but they have grown in numbers and sophistication over the past few years. In fact, hacktivism may represent a more pervasive type of threat than cyber crime or state sponsored cyber espionage. If someone doesn’t like you or your organization, or your firm is engaged in some unpopular activity, then you are more likely to suffer a cyber attack than ever. This situation will only get worse as hacking meets globalization.

For the most part, information security professionals understand this threat. In a recent ESG Research survey, 46% of security professionals claimed that political hacktivists posed the greatest cybersecurity threat to their organizations—more than organized crime, cyber espionage, or foreign governments.

Like it or not, hacktivism is a new form of political protest that could come from anyone or anywhere in the world. As a result of this reality:

Cloud, whether public or private or SaaS or PaaS, and big data, both point to more robust integration demand, from both IT and line of business. Informatica clearly grasps that market vision, and so given effective execution, there is no vendor better positioned to take advantage of such demand. In part responding to that demand, Informatica’s Q4 results suggest that they have emerged from an execution cold snap experienced during mid-2012. Q4 revenues and profits both nicely beat street estimates and INFA share prices jumped, reflecting rediscovered confidence.

What really caught ESG’s eye, however, can be found in the supplemental metrics, including (1) the pick-up in international deals and a (2) shift to more direct deals; whatever Informatica CEO Sohaib Abbasi did to remedy the weak European and sales execution issues of 2012, including bringing in John McGee as EVP of Worldwide Field Operations, seems to have worked. However, a more finely honed sales force is only as good as Informatica’s offerings, and while ESG appreciates how big data drives integration interest, cloud accounts for even more short and long-term integration demand.

Next week is the first big IT conference of the year for me, IBM Connect. It used to be called Lotusphere but since the Lotus name is going away, so must the Lotusphere name. Such is the changing fortunes of technology brands. No matter what it is called, this is the conference for IBM Customers and Partners engaged in social enterprise (or social business in IBM parlance), web commerce, and lots of other end-user facing IT activities.

When Steve Bennett took over as CEO of Symantec, he promised to deliver a new corporate strategy within his first 6 months on the job. After discussing the company with customers, partners, investors, and analysts around the globe, Bennett and other executive managers unveiled its “Symantec 4.0” strategy yesterday afternoon.

Clearly a lot of the announcement was targeted at Wall Street with details about growth rates, margins, dividends, etc. I’m no expert in this area so I’ll leave the financial analysis to the 20-something Ivy Leaguers in lower Manhattan.

Before you start lobbing holy hand grenades at me, open your mind and read!

Based upon recent ESG research data, it is easy to conclude the big data security analytics is inevitable. In fact, large public sector and commercial organizations are already experimenting with technologies like Hadoop, Splunk, and PacketPig to bring the security and big data analytics world together.

As part of my professional new year's resolution, I plan on blogging...a lot. I'll be blogging about anything I can get my hands on. First on the list is Windows Server 2012. I recently completed my first phase of Server 2012 testing focused primarily on the new and improved storage and networking features. More specifically, I played with Storage Spaces, the Server Message Block (SMB) 3.0 protocol, Deduplication (yes, it's part of the OS now), Chkdsk, and Offloaded Data Transfer (ODX).

Do you know in your bones that serious big data analytics, not just BI, would truly help improve your company’s business model, processes, or stimulate your research discovery efforts, but don't quite know where to start? You would do well to give Cloudera, IBM, or Opera Solutions a call. All three of these big data vendors possess a plethora of products, services, and partnerships yielding more products and services, industry domain, and/or data science expertise, and in IBM's case even big data IT infrastructure and cloud. Any of these 3 suppliers will help you develop and implement a big data solution of considerable value for your organization, or even your entire industry. Do not, however, expect your big data effort to be inexpensive – even if you stick with Hadoop.

There has been a lot of talk about changes in who buys information technology. Many of the vendors I speak with have noticed that line of business or departmental managers – in other words, non-IT professionals – are becoming more involved in purchase decisions, especially software purchases. Now, I’ve been around the block long enough to know that a lot of what you hear from the field isn’t always all that real. We tend to overreact to recent events and see trends where there aren’t any. Often, losing a few sales deals in similar situations will make it seem like the same thing is happening everywhere even when it really is only a few deals.

That’s not the case here.

According to ESG Research, 47% of enterprise organizations collect 6TB of security data or more on a monthly basis to support their cybersecurity analysis requirements. Furthermore, 43% of enterprise organizations collect “substantially more” security data then they did 2 years ago while an additional 43% of enterprise organizations collect “somewhat more” security data then they did 2 years ago.

Just what types of data are they collecting? Everything. User activities, firewall logs, asset data, vulnerability scans, DNS logs, etc. Most enterprises aren’t collecting, storing, and analyzing large volumes of network packets (i.e., Full-packet capture or PCAP) today but they will increasingly do so in the future. Once this happens, security data volume collection will take another quantum leap.

In mid-2012, ESG found only about 10% of organizations working on “big data” projects using public cloud services and infrastructure in the context of the project in some fashion. Few companies ran production big data instances in the cloud and usage was experimental or for initial discovery purposes. Much has been written about security being an adoption hurdle for public cloud for enterprises, in fact security was cited as the #1 concern for big data projects too, a double whammy for cloud plus big data. The next greatest challenge cited for big data was integration, and SaaS apps typically ran in silos for the first decade of the 2000s; in the last few years, cloud demand for integration exploded and many SaaS providers were caught napping. Looking at the evidence from six months ago, it sure seemed bleak for big data on cloud.

But, due to the appeal of quick provisioning enabled by cloud providers offerings Hadoop-as-a-Service, and augmented by several analytics databases made available as-a-service, the latter half of 2012 saw a rapid changing of fortune for big data on the cloud. Mind you that full-scale cloud-based big data implementations remain few and far between—security, data movement, and integration all remain key concerns. But let’s face it, the notion of SaaS big data is every bit as appealing, in terms of provisioning and ease of access/distribution, as SaaS apps. Also, at least in some cases, IT departments found that the type of infrastructure required for Hadoop and parallelized analytics fit nicely into the notion of cloud elasticity.

While the Hadoop distribution vendors, large database and storage vendors, and established BI/analytics platform suppliers own much of the name brand notoriety in the world of big data (see this cool visualization from DataMeer for guidance), there are, in fact, a vast number of smaller solution providers contributing to the state-of-the-big-data-analytics-art. Because of those vast numbers, it is more difficult to narrow down the finalists in this category than any other; who were the specific solution providers in 2012 offering the most innovation and potential value for customers’ big data investments? Here are the three that impressed me the most in 2012:

Much of the Hadoop big data community traces its roots to R&D focused on search and indexing at places such as Yahoo and Google. LucidWorks has stayed true to those roots, working closely with and within the Apache Lucene / Apache SOLR project, and optionally melding those technologies with Hadoop to yield arguably the most efficient user experience to arm analysts and decision-makers with insights. Do you have business users and analysts who want to tap into their analytics and BI through that simple "search" box? Of course you do, and LucidWorks stands prepared to help you satisfy those masses of users. While LucidWorks is quick to initially install, it will require tuning before it starts to produce palpable insights, but once tuned, you would be hard-pressed to find a better one-to-many joining of search and analytics in the market place.

Without a doubt the 2012 winner in big data databases is HBase, the open source db used natively when you use Apache Hadoop. However, the goal here is to pick the commercial winners, disqualifying HBase. We need instead to pick from the pool of commercial Not Only SQL databases, but as this infographic suggests, Not Only SQL databases do not only deal with big data analytics use cases.

It’s January 15, which means I probably should have posted a blog on my security predictions for 2013. Here is a somewhat random list of things I believe will happen this year:

1. Visible increase in hacktivism. Hacktivists have a lot to build upon in 2013, including the tragic death of Aaron Swartz, some notable 2012 successes by Anonymous (e.g., OpVendetta), the trial of PFC Bradley Manning, etc. There is also a growing trend toward global hacktivism against domestic organizations and the U.S. government. I expect at least one major hacktivism incident per month this year.
2. Continued cybersecurity waffling on Capitol Hill. It took the financial sword of Damocles to get Democrats and Republicans to compromise on legislation to avoid falling off the fiscal cliff at the eleventh hour. Regrettably, cybersecurity legislation lacks a similar trigger. Given the volume of cybersecurity breaches, we should hear a lot of rhetoric from both parties but Washington has bigger fish to fry and legislators aren’t anxious for geeky debates about things they don’t understand. The wild card is a major cybersecurity incident. If this happens, expect lots of finger pointing and a reactive bill that serves as the cybersecurity equivalent of the USA Patriot Act. In short, we can expect inaction or bad action from Washington and nothing more.
3. A mobile malware whopper. Mobile malware increased more than 1,000% in 2012. Volume will continue to increase but mobile malware will make it to the front page of the Wall Street Journal this year for another reason. I believe we will see a really sophisticated and damaging mobile malware variant in 2013 that will scare the heck out of the security research community. Think of the mobile malware equivalent of Conficker. It may be something that is limited to a single mobile operating system like Android or Windows 8, or it may coordinate with PC-based malware in some type of distributed object-oriented malware architecture. Few people take mobile malware seriously but this attitude will radically change before we ring in 2014.
4. A rapid enterprise security transition. Okay, this one will take a few years to accomplish but 2013 will still be a tipping point. Get a few drinks into most CISOs and they will tell you how vulnerable their organization is to a cyber attack. This will be the year that they can no longer maintain this poorly kept secret. Expect CISOs to deliver bad and worse news to CEOs. The bad news is that they are completely under prepared and way behind. The worse news is that they need to invest in a new integrated data-driven (dare I say big data?) security infrastructure immediately. The cybersecurity emperor has no clothes and we have no time to debate about his wardrobe.
5. A boom year for security services. As CISOs rapidly design and build a real enterprise security architecture, they will realize that they don’t have the skills or staff needed for present day security requirements—let alone future strategy and deployment. Managed and professional security services to the rescue! Great news for the security eggheads at Accenture, CSC, HP, IBM, Lockheed-Martin, and Unisys.

These last two trends are bound to lead to a lot of M&A activity as large security players such as Check Point, Cisco, McAfee, Symantec, and Trend Micro fill in product gaps, create enterprise security software architectures, and add services capabilities. Smaller hot security vendors like Cyber-Ark, FireEye, Invincea, LogRhythm, and Palo Alto Networks could be scooped up by Memorial Day.

As I mentioned above, the one wild card in 2013 is a major cybersecurity attack. Something that really gets people’s attention—a gas pipeline explosion, an interruption of a financial market, an attack on a power grid, etc. If this happens (and it could) the whole cybersecurity arena will take on a very different identity.

It is time to close the door on 2012 and open the door into 2013 in the realm of big data. While many such closings and openings have already been published, I decided to wait until we had fresh 2013 spending intentions data, which just came in. Subscribers will be able to access the data later this month in a report entitled 2013 IT Spending Intentions Survey. I also wanted to clear my head from the holidays in order to look backward and forward with a fresh perspective. Therefore, every day this week I will take a segment of big data and will render a final 2012 reckoning with a related 2013 prognostication in the order of: Monday – hardware, Tuesday – database, Wednesday – software solution, Thursday – cloud, and Friday an overall “ingest to insight” 2012 big data vendor of the year and macro-trends for 2013.

2012 Big Data Hardware Vendor of the Year Finalists: Cisco, EMC, Oracle

After fits and starts, Cisco broached the converged infrastructure market in 2012 with a well-thought out approach of spanning the market through a variety of targeted partnerships and packages. In the big data space, it produced several UCS offerings specifically for Cloudera, Greenplum (EMC), Microsoft, Oracle, and SAP big data solutions. Cisco also took big data steps to work with integration vendors such as Informatica and Talend, “Not Only SQL" database vendors such as MarkLogic, and stepped forward as one of the handful of certified SAP HANA resellers. Cisco put itself squarely on the big data map, perhaps to surprise of many competitors, during 2012.

It is a little difficult to find clear boundaries between EMC the storage vendor (especially Isilon in the big data context), EMS the information management company, EMC the big data platform company (Greenplum), and EMC the parent of the world's most important virtualization vendor (VMware), but suffice it to say that EMC has placed itself into play as a key strategic supplier for big data in a big way. While the natural reaction to EMC, in terms of hardware, is to focus on storage, the EMC Greenplum Data Computing Appliance (DCA) was one of the first and most well-designed dedicated big data appliances. While sales execution may not have quite measured up to EMC’s own standards, I found it telling that EMC really "gets" big data by the fact that DCA is equally as optimized for memory as for storage.

Oracle, in one of the more talked-about moves in the industry during 2012, added its Oracle Big Data Appliance to its list of engineered systems, and promises to offer its appliance "as a service" through its cloud in the near future. About a year ago, Oracle Big Data Appliance, by not just adding Cloudera software but also the recently updated Oracle NoSQL database and open source R, pioneered a new standard for how to craft a big data appliance. My only wish is that Oracle had tossed in their Hadoop connector gratis versus a paid-for add-on. In 2013, Oracle may need to respond to big data plus data warehouse in the same appliance because of the likes of Teradata, but regardless, many of those who raised eyebrows early in 2012 at the Oracle Big Data Appliance are now part of the following herd.

Winner: Cisco, for not only creating a thoughtful vision and plan for big data infrastructure, but also and more importantly executing on it in both direct and indirect channels during 2012.

Virtual computing infrastructure is still a new theme—a new technology—throughout IT. One might think that this sort of solution should’ve been around for a lot longer than it has, but really, I think it's been a remarkable and surprisingly quick progression to get to the point where companies can now deploy their entire ecosystems with one purchase, and one installation.

Still, there are some important considerations to mull over prior to purchasing these all-in-one solutions.

When friends and colleagues ask me how they can learn about cybersecurity, I provide the following advice. Rather than read textbooks or something like Network Security for Dummies, I recommend that they read a few of the more popular and recent titles from Amazon. I’m talking about books like Richard Clarke’s Cyberwar, Joseph Menn’s Fatal System Error, or Mark Bowden’s Worm. All of these are entertaining and insightful.

It is with this mindset that I recommend that anyone interested in cybersecurity read the book, Kingpin, by Kevin Poulsen. I don’t know Kevin but he is well qualified as an author. He himself is an ex-hacker, a security expert, and a regular writer for wired magazine.

Dad is turning 70, so the clan is surprising him by showing up with 87 kids to ruin his quiet vacation. 70 may not seem like much to you, but in the Duplessie gene pool, it is nothing short of a miracle. Our hearts tend to explode around 45-50 in this family (yep, just turned 49, nice knowing you...). The US debt counter has nothing on the Duper Cholesterol Meter.

One of the trends I’ve been watching is the emergence of social networking sites as customer communications channels. Social networking is where a good number of consumers (meaning people who buy things) talk about what they want and what they like. Younger people especially use these outlets as a primary communication platform, preferring to leave a comment on Facebook or to tweet on Twitter instead of sending e-mail or picking up the phone.

Social networking also provides a platform for amplification of content and messaging. Sharing is inherent in these platforms and amplification can happen at almost no cost. All that sharing also generates an enormous amount of information about customers, what they like, what they like to buy, how they want to buy, etc

At a major global announcement event today, SAP announced availability of its SAP HANA database for its SAP Business Suite. SAP co-founder and SAP supervisory board chairman Dr. Hasso Plattner outlined the motivation, the history, and some of the project details associated with the announcement. In net, SAP will offer an "extremely competitive" (from a pricing perspective) "rapid deployment solution" planned for release next month (February), with the goal of having customers go live in six months or less—targeting both existing and new customers for SAP Business Suite running on SAP HANA.

This announcement is clearly an emotional one for SAP, littered with quotable quotes, such as

• "... as big a change as the introduction of R/3 20 years ago" - Dr. Plattner
• "Why is speed so important? One reason. Mobile" - Dr. Plattner
• "... a network of networks of realtime business is the vision." - Vishal Sikka, SAP Executive Board
• "In my 20 years in SAP I have never seen such innovation." - Rob Enslin, Head of Sales

Early 2012 saw ESG turn up the focus and attention paid to the unchartered world of integrated computing infrastructures. Though only 24% of companies are currently using these types of solutions, that number is expected to swiftly rise due the added level of convenience, feature-rich platforms, and little to no sacrifices required by integrated computing providers. As we head into 2013, and what will surely be another tumultuous year for our industry, ESG feels strongly that this genre, if you will, of IT infrastructure, will continue to grow and diversify into additional market segments.

I’ve been writing about the pervasive IT security skills shortage for the last few years and will continue to do so in 2013. I don’t know why this critical issue doesn’t receive more attention—you can mass produce antivirus software but until we can clone CISSPs, the security skills shortage will have an increasing impact on the state of cybersecurity.

Here is an example of the scope of the security skills shortage. ESG research asked 257 security professionals working at enterprise organizations (i.e., more than 1,000 employees) to identify their biggest incident detection challenges. Here are a few of the results:

• 39% said that their biggest incident detection challenge was a lack of adequate staffing in the security operations/incident detection/response teams
• 28% said that their biggest incident detection challenge was that sophisticated security events have become too hard for us to detect (i.e., lack of the right skills)
• 28% said that their biggest incident detection challenge was that their organizations lack the right level of security analysis skills needed.

Shed building 101:

In 2013, ESG fully expects that server virtualization will remain a top priority of many IT organizations and of vendor go to market strategies. But, what was once a one horse hypervisor race has truly become a climb up a management stack that takes advantage of virtualization at multiple tiers.

Some things can manage to be both a surprise, and yet also strangely unsurprising, simultaneously… this, of course, is because everything is a matter of perspective. From one perspective, therefore, the fact that Imation will be writing a $105M check (plus another $15M of stock) to purchase a primary storage company will only be a surprise to those people—which frankly, could be quite a few!—who were not aware of Imation’s declared strategic intent to become a broad-portfolio midrange storage vendor. From another perspective, the fact that Nexsan has been bought by Imation (you can hear the “who!?” or, more likely, the “why?” from here) could well have caused a few New Year’s eyebrows to be raised.

A quick primer for those that need it:

• Imation is a $1.3B erstwhile 3M spin-off, that has a well-recognized global brand that has been focused—at least until relatively recently—on consumer data storage products as well as being a leader in enterprise tape media. Recent acquisitions have gradually changed that, as the company seeks to transform and move itself into more lucrative adjacent markets. The Nexsan purchase also signals an internal realignment to drive this new focus.
• Nexsan is developer and provider of disk-based storage systems (with toes in the solid state, software, cloud, and archive markets, too). Although VC-backed, it is operationally and financially self-sufficient, with 2011 revenues of $82M. With genuinely good IP, a maniacal customer-care focus and channel commitment, Nexsan has over 30k systems installed at over 11k end-users.

Most of us celebrate a "new" year by hashing up some false resolution to an "old" problem. So do most businesses.

Happy New Year, world! Like many of my fellow bloggers and analysts, I’ll have my own set of security predictions for 2013 soon. One thing I can easily surmise however is that cybersecurity will become more dangerous and more sophisticated this year just as it has in the past.

I realize that most people focus their new year’s resolutions on weight loss, exercise, or money management but I firmly recommend a few cybersecurity improvements as well. Here is a shortlist of some quick fixes and lifestyle changes that can help you better protect your system, identity, and other valuable data in 2013.

1. Change your passwords. There’s lots of research to indicate that most people use simple passwords or choose one strong password and use it all the time. Neither one of these practices is safe. As you access your online accounts this January, change every password, use a string of 7-10 characters, and make each one unique. Henceforth, repeat this process often depending upon the value of the account. While this is a good best practice, don’t believe for a second that you are protected as the whole user name/password model is extremely vulnerable and due for some type of replacement. See this excellent Wired magazine article for more details on why passwords are the cybersecurity equivalent of bringing a knife to a gun fight.
2. Change your security software settings. I’m assuming you are running Internet security software on your system. If so, go into the system settings and check your protection level. In many cases, security software provides three options (low, medium, and high), with medium being the default. Change this setting to high or whatever other label your security software vendor uses for maximum protection. Many people believe that this maximum setting will slow system performance but if your PC is 2 years old or newer, you shouldn’t notice a difference.
3. Explore other software security options. I’ve found that most users really never look at the capabilities built into their Internet security software. This is a crying shame and it leaves users far more vulnerable than they could be. Security software from vendors like Kaspersky Lab, McAfee, Symantec, and Trend Micro (amongst others) have built-in features for things like proactive defense, password management/storage, virtual keyboards, automated malware quarantine, etc. Take the time to see what options are available and start using those that will enhance protection without getting in your way.
4. Delete old software. PCs, smartphones, and tablets are just about the only things we buy that come loaded with stuff we don’t want and will never use. Most people just ignore this garbage on their systems but stale software could be vulnerable to an attack. Take the time to get rid of it.
5. Manage the white flag. If you are using Windows 7 (and perhaps Vista though I’m not sure), there is a little white flag icon on the bottom right of your system. When you mouse over it, it says, ‘solve PC issues.’ When you see this flag, take the time to remediate these problems. It’s not there by accident.
6. Explore system utilities and security add-ons. In addition to seeing what features you already have in your security software, you may want to add some additional capabilities. For example, registry cleaners can help detect rogue registry settings that may indicate the presence of malware. Note that they won’t clean up the malware but they may delete a registry key that the malware depends upon. You may also want to look at browser sandboxing tools and evaluate some Advanced Malware Detection/Prevention (AMD/P) endpoint security tools from vendors like Invincea, Malwarebytes, and Sourcefire. These tools are generally used in work environments but some vendors offer consumer versions as well.