ESG Blogs

In my ADD fugue state yesterday it turns out I missed the primary point of my primary reason for writing that blog. Service Expectations.

Yes, I know it's more unrelated elements than usual, but it's been a while.

Gamification, which is the use of game mechanics developed for video games in non-game software, used to bother me. Stripped of the marketing title, gamification is about behavior modification. The techniques such as badging, rankings, and levels are all a form of reward designed to affect our behaviors in some fashion or another. This is classic operant conditioning, pioneered by B.F. Skinner. Voluntary behavior can be modified through a system of perceived rewards and punishments so that the behavior is shaped in a certain manner. Gamification tries to do just this. It helps to shape behaviors in a direction that benefits the company deploying the software. A common place one finds gamification in business applications is in onboarding knowledge workers to new applications, shaping their ability to make use of the software through a series of rewards. Another area where gamification has taken hold has been in CRM and Sales Enablement systems to help drive behaviors that result in more sales revenues. Gamification shows up a lot in customer-facing applications especially social applications where peer interactions can be leveraged by the game mechanics. Typically, companies use game mechanics to engage customers and encourage them to buy products.

It wasn’t long ago that the annual RSA Security Conference was an oasis from mainstream IT. While CIOs were focused on business process automation, the RSA crowd was celebrating technologies like DLP, web security, and key management. Yup, security was an under-funded IT stepchild and the RSA Conference was still centered on bits and bytes.

That was then, this is now and cybersecurity is everywhere – newspapers, magazines, television news, etc. Off the top of my head, here are some of the big cybersecurity news stories from the first two months of 2013:

Sometimes I find it fascinating to step back and sit and listen. It is especially fun to sit back and listen (and people watch) at malls or airports. Over the past few years the tools we have at our fingertips for doing this digitally keep getting better and better allowing us to engorge ourselves with information. Taking the time to step back digitally and try to make sense of things, or look for patterns, and sometimes connect a few of the dots can provide some pleasure as well. The difference in the digital world is that the connections are easier to take out of context – which can be a bad thing.

I’d like to take a step back anyway and look at a series of recent events in the news to see if there is enough here to connect the dots:

Part of my job is to sit in my office and do research, which I enjoy quite a bit. Put in the earbuds, crank up Led Zep, analyze, and write all day. But probably one of the coolest parts of the job is getting to go and talk to customers. Sometimes this is a one-to-many endeavor like I’ll be doing next week in Vegas at VMWare’s Partner Exchange 2013. Other times it is getting to go talk to a customer face-to-face and sometimes it’s at a place that is just plain cool. This happened to me just this week as we got to go to One Summer St. in Boston MA to visit The Markley Group. I got to see a tour of their NOC, an OC-768 cable (with every other possible OC size), and several multi-megawatt generators up on the roof.

Markley has been providing close to 1M square feet of carrier grade data center space for over a decade. What is carrier grade? I’ve seen it defined as Five-nines availability with very short (sub 50 millisecond) failover. In layman’s terms, this means always available and failures are seamless and unnoticeable.

With the Oscar award ceremony completed, the information security industry rolls out its own red carpet for its annual celebrity event, the RSA Security Conference, next week. I’ve written before about the pervasive “buzz” topics I expect to hear about next week. Here are 5 subjects I’d like to discuss:

1. Security software architecture. Enterprise software is based on technologies like transaction processing, middleware, and web services that allow individual applications to integrate into an enterprise architecture. To gain scale and efficiency, the next-generation of security software must be built on a similar software architecture foundation. IBM, McAfee, and RSA Security get this. So does Tibco which is why it acquired LogLogic. Will any other vendors talk about security software architecture at RSA?
2. Algorithms. I am convinced that the industry is moving to an information-based model featuring big data security analytics. That said, CISOs don’t want to collect tens of terabytes of security data and then try to figure out what to do with it. The key to security analytics is a combination of stream processing, machine learning, statistical modeling, and nested algorithms. There is a lot of academic research in this area but little commercialization. Will vendors like Boeing/Narus, HP/ArcSight, SAIC, and Splunk get into this level of detail, or hand out tee shirts instead?
3. Visualization. Same thread as algorithms—security data visualization will move beyond pie charts and spreadsheets within the next few years. Oak Ridge and Pacific Northwest National Labs are doing a lot of work in this area. Will security vendors jump on the bandwagon?
4. The security skills shortage. I admit that I’ve done a lot of research in this area so it is near-and-dear to me. Call me crazy but I believe this is a crucial issue that no one is talking about. I tried to do so myself but my proposal was rejected by the RSA mucky-mucks. This is not a sexy topic but an under-staffed, under-skilled cybersecurity workforce is as big a threat as anything.
5. Hackers. This topic is better suited for Black Hat or Defcon but it should be an essential component of RSA as well. I expect cliché sound bytes describing how hacking is no longer the domain of adolescent whiz kids a la Matthew Broderick in WarGames (1983). Everyone gets this by now. What they don’t get is who the hackers are, how they are organized, and why they do what they do.

Trade shows are trade shows so you have to expect high-level conversations, marketing hype, and generous distribution of alcohol. I admit I enjoy the lighter side or RSA, but I hope that the fun and frolic is balanced by serious discussions on an increasingly ominous subject.

Close on the heels of its winter cloud release, Informatica announced near immediate availability of Informatica Cloud Spring 2013 released (“Spring release”) on February 20th. Customers will be upgraded this Saturday, February 23rd. As I observed in a previous informatica-thaws-its-integration-cold-snap/index.html" target="_blank">blog on Informatica Cloud posted not even four weeks ago, Informatica continues to expand its portfolio of connectors and enhance the features of its templates, and this holds true for the Spring release as well.

Of particular interest in the Spring release are connectors covering Microsoft Dynamics, Amazon Redshift, Oracle CRM On-Demand, and Intuit QuickBooks. There is no obvious correlation between these new app connectors, but that is exactly the point—the breadth of Informatica Cloud’s integration portfolio is unmatched in the industry. It also exemplifies how quickly Informatica is moving to keep Informatica Cloud up-to-date; Amazon Redshift data warehouse service went generally available today and Informatica already offers a pre-release connector.

I used to work with a guy who was significantly overweight. I ran into him in the cafeteria one day and he mentioned that his doctor recommended that he eschew large lunches in favor of lighter foods like salads. He proceeded to the salad bar where he buried a few greens, onions, and tomatoes under a mountain of cheese, deli meats, and blue cheese dressing.

Bring Your Own Device (BYOD) initiatives are having a significant impact on organizations' campus and branch network environments. In fact, one could argue that BYOD is rapidly becoming BYO3 as employees bring smartphones and tablets to work along with a laptop and all these devices are most likely leveraging corporate or guest WiFi services. It is not uncommon for an enterprise to see wireless connections spike by thousands of devices after a major holiday or new product release. However, this can create significant issues for IT when trying to deal with a surge in connections and contain any security threats. Legacy networks that require separate management of wired and wireless environments only compound the problem.

As Bruce Springsteen once sang, “you can’t start a fire without a spark.” With this in mind, President Obama issued an executive order on cybersecurity this week. Will this truly be a spark?

To answer that question, it is worthwhile to start by describing what the executive order does. There are really three main points as the order:

1. Directs the Federal government (primarily DHS) to create a program for sharing non-classified cybersecurity intelligence with the private sector.
2. Asks NIST to create a set of standards and best practices for cybersecurity.
3. Suggests that the Feds create incentives to encourage private organizations to invest in cybersecurity.

2013 is certainly starting off well for companies in the software-defined networking (SDN) space--just this week we have witnessed both an acquisition and an investment as more vendors seek to take part in this emerging market.

In my role covering big data at ESG, nothing would please me more than to say I am covering the hottest area of IT. And perhaps from a hype perspective, big data is hot, but from an IT spending perspective, while decidedly warm, big data is not nearly number one. In ESG’s just published 2013 IT Spending Intentions Survey, which suggests around a 2% overall increase in IT spending (the mean came in at 1.99% for those of you who are statistically significant), the closest proxy to “big data,” specifically “improved data analytics…,” tied for 5^th place, among a longish list of “Business Initiatives with the Greatest Impact on IT Spending Decisions.” Note that if one only focuses on IT priorities not tied to business initiatives per se, BI/ analytics ties for 9^th place.

T5, with 24% of the 540 respondents citing “improved data analytics…” as one of their top ten business priorities impacting IT, isn’t bad. It actually maps well to our mid-2012 survey that showed about 40% of respondents – those with a more distinct focus on data management and analytics BTW – citing it as a top 5 priority. Suffice it to say that a healthy minority have been bitten by the big data bug, but not deeply enough to push large amounts of difficult to reallocate IT budgets into the analytics bug juice cup.

How boring, but cost reduction initiatives, business process improvements, security and compliance stand ahead of data analytics, which tied with mobile computing. What happened to big data, isn’t it the IT initiative that will forever alter the competitive landscape of business and government? Here are the three primary reasons why budgetary reality flies in the face of big data hype:

1. Enterprises all already have BI, and many already have analytics: Radical investments in big data are discretionary. On average, only 36% of the total available IT budget is slated for new initiatives. Therefore, many enterprises will ingest big data one bite at a time and look to their existing BI/analytics vendor(s) first to see if they can help.
2. Fear of personnel costs and complexity: There is a not easily swatted away belief that big data requires specialty engineers and data scientists. Those engineers and scientists are in short supply, and therefore costly. Most enterprises, thus, have fingers crossed that vendors are shifting to simpler and more productive big data solutions that tap more into existing IT and business skill sets. I can confidently report that simplification, productivity, and adding enterprise features like security, audit, backup, DR, and tools for analysts versus scientists and engineers are towards the top of the list of almost every big data vendor.
3. Fear of failure: CIOs lose their jobs for not keeping the lights on. Few get displaced because they fail to reinvent the business. While CIOs remain under pressure to strategically help the business, the CEO’s most terse reactions towards the CIO happen when e-mail goes down, when primary internal transactional systems are so slow that LoB management complains, when customer facing and/or revenue generating solutions are not up to snuff, or in the worst case scenario, when compliance solutions fail to meet audit or forensic requirements. Why should, therefore, a CIO stick her or his neck out on big data when the neck is already exposed in the day-to-day business IT environment, and under budgetary scrutiny from the CFO?

I am not saying that the big hype of big data of 2012 will entirely be squashed during 2013. In fact, improved data analytics made the biggest jump between 2012 and 2013 in terms of business initiatives impacting IT spending. In addition, business intelligence/data analytics is most commonly cited as the workload most responsible for storage capacity growth, and ESG definitely sees lines of business and marketing taking on more share – albeit incrementally only - of the budgetary load for IT initiatives. Given all of that, 2013 will be an excellent year for big data. But crazy claims like big data will augment the IT workforce by 25% over the next two years, or that big data will grow from a $5b to $50b in 5 years, and other wacky market sizing and forecast exercises need zapping. Thankfully, ESG’s IT spending survey for 2013 helps take the inaccurate creep out of big data forecasts, but also clarifies that big data will do more than merely crawl along.

When it comes to cybersecurity and public policy, I’m as big a cynic as anyone. Why? From a historical perspective, cybersecurity issues were first recognized during the Bush administration (41, not 43). Over the subsequent 20+ years we’ve experienced misinformed rhetoric, overlapping agendas, and inaction, but little meaningful progress.

Now I realize the President has some higher priority issues to deal with and that cybersecurity is neither sexy nor universally understood. That said, however, there is no denying that things are getting progressively worse. Just this week, congressman Mike Rogers (R, Michigan), stated that he believed that 95% of private sector networks are vulnerable and most have already been attacked.

Well of course I picked my words in the title to get some attention. When I say ‘snapshots’ I’m not talking in terms of instant-storage-system-replication, but I’m talking more about a snapshot of the flash storage market. It has to be one of the most dynamic market segments I can recall seeing…. every day you turn around, something else has happened. So any snapshots are instantly out of date. This blog is a bit more like looking at the family album for 2013 so far (of course I’m sure I’ll have missed plenty but I’m not trying to be a news service, more aiming to convey the types and breadth of changes that are occurring.

• Landscape Pictures – what’s clear is that there is a lot of vendor consolidation (see below) and an increasing trend towards solid-state being used as either a cache and/or as a dynamic tiering tool. There are still plenty of known start-ups vying for attention (whether all-flash or hybrid) and another tranche of stealth players yet to be seen. There’s a river of VC money running through this busy landscape, and a forest of hundreds of PBs of installs and deals.
• Family Get-Togethers and Marriages – in terms of new link-ups Violin purchased GridIron; the latter probably needed a suitor - as the inline appliance model hasn’t gained traction – but nonetheless it brings some very impressive ‘smarts’ to Violin in terms of learning algorithms to speed applications. Also ‘married’ earlier in the year were Imation and Nexsan – and that was followed pretty quickly by news of the much-enhanced NST5000 hybrid system. While the ceremony for Intel taking the hand of Nevex happened in 2012 it felt like more of an elopement, and so the first many will have heard of their joint status was the announcement of the arrival of the first child – Intel CAS (cache acceleration), showing the vendor's determination to play in the new generation of ‘enabled’ flash, not merely the commodity side of things. Finally the news of a link-up between Seagate and Virident might not be a full marriage but they probably changed their Facebook pages to ‘in a relationship’….and the $40m welcome investment from Seagate will no doubt help as the new couple attempts (along with many others such as Intel and EMC) to take server-based PCIe market-share away from FusionIO.
• Close Ups – Taking a look at a handful of individual poses: Whiptail continues to make good progress – sometimes quieter than some, it has been in the game all along, and is heading towards having shipped 4PB of its all-flash arrays! Another all-flash player, the erstwhile TMS, got married to IBM last year, and announced 1PB shipped in just Q4. Meantime in the hybrid space, Nimble just ‘came of age’ in reaching a $100m annual run rate. All these numbers are impressive – and while they would be eclipsed by the revenue $ and shipments of the big oligarchs in the storage family – their significance is that, as a whole, they demonstrate where the world is heading. Not to be out-done the ‘big-boys’ are all making moves too: for instance, just this week IBM’s XIV enhanced its SSD caching, and EMC is expected to deliver its XtremIO offspring later this year. It’s also worth noting that ‘hybrid’ is beginning to mean more than just SSD + HDD….a new entrant this year is Marvell with its DragonFly DRAM + SSD. Expect more solutions that mix various solid-state media types and software functionalities as the year progresses – all of which will benefit too from the better/cheaper/faster media and devices themselves that are due to be unveiled in the coming months.

There you go! And we’re not even at Valentine’s Day yet – maybe there’ll be move love in the flash air as a result of that. One thing is for sure….between the time that I wrote this and the time that you’re reading it, something changed in the solid-state market!

If you are a CIO/IT manager at an enterprise there seems to be a lot of promise but also hype when it comes to the cloud. And god forbid you get a real and consistent definition of what cloud is. That said, there are so many people talking about it and so many great ideas and offerings, there just has to be some reality in it all. Right?

Last week Cisco rolled out its unified wire and wireless solutions to better address challenges created from BYOD initiatives during Cisco Live in London. This week it is announcing a slew of new additions to its Unified Data Center Strategy that include additions to the Nexus switch family, an expansion of Cisco ONE strategy, and a new cloud connect solution. Makes one wonder about what they will announce next week....

Just 3 weeks until the annual RSA Security Conference geek-fest in San Francisco. Should be a good one since the economy is doing okay, VCs are throwing money around and organizations are increasing security budgets. Oh, and let’s not forget that the NY Times and Wall Street Journal just reported major security breaches.

I’ve attended the RSA show for the last dozen years or so. Over that time period, the show has morphed from a down-in-the-packets security technology expo to a run-of-the-mill industry trade show chock full of hype and cluelessness. Heck, vendors and PR pros provide their marketing collateral by distributing USB thumb drives throughout the Moscone Center! That’s like handing out packs of Marlboros at an Oncology convention.

After 30 years or so Michael Dell is taking his baby private again. Good for him.

When I hear the expression used, “We are trying to change the tires while the car is still moving,” I cringe. Even the most efficient tire changers in the world, the NASCAR pit crews, still require the vehicle to come to a full stop. Wall Street doesn’t allow full stops. Dell, while having done quite well turning its business model towards wider IT systems and services, based mainly on a slew of enterprise IT oriented acquisitions, initially punctuated by the purchase of Perot Systems over three years ago and underscored by the addition of ex-IBM and ex-CA Technologies turnaround specialist John Swainson in 2012 to run software, isn’t quite a NASCAR pit crew.

Today’s announcement of the pending leveraged buyout clearly is intended to give Mr. Dell the room and time he needs to take his foot off the quarterly brakes without the spreadsheet-toting stare of Wall Street handing out traffic violations. The drama of the largest privatization in the history of information technology may not quite have ended, however, because the deal still needs to go through a long list of approvals, with Dell allowing for a healthy six month window before close.

Hello there! If you haven’t heard, I’m the newest analyst at ESG focusing specifically on cloud, IT-as-a-Service (ITaaS), and the software-defined data center (SDDC). My bio’s listed on the site or you can find me on Linkedin as well so I won’t bore you with those same details.

Instead I’d like to share some other thoughts about where I’d like to take the blog and why I named it the way I did. So first, the name – I think the theme that is starting to really permeate the cloud world finally is enterprise. By enterprise I mean companies with 100-1000 employees or so and their adoption (rate, barriers, challenges, etc.) of cloud computing. In terms of where I’d like to take the blog – well, that one is easy. Wherever I want! Seriously, I just want to explore many of the topics that are being talked about by the customers.

As a former New Yorker and regular reader of the New York Times, I was appalled when I read about the recent security breach yesterday. Appalled but not surprised. Regardless of the security talents and controls implemented at the NY Times, the bad guys were easily able to find a back door or open window and get inside.