ESG Blogs

One of the reasons that I have stayed in the Data Protection area within IT is that it never seems to be solved. Not that the technologies don’t keep getting better, but the workloads to be protected keep evolving and IT users’ requirements for faster and more agile recoveries continues to evolve. Even today, Data Protection seems to be top of mind for many CIOs and IT decision makers. In fact, in ESG’s annual IT Spending Intentions report for 2013, Improving Data Backup & Recovery was the #2 planned IT spend (it was tied for #1 in 2012’s report).

Said another way, IT is all about your data – so how are you protecting it? Relentless data growth, virtualization deployments, cloud strategies, consolidation initiatives, and more aggressive service level agreements are just a few of the major trends affecting data protection environments. Data protection is likely to se increased spending in 2013 in the areas of new tools and technologies, particularly those focused on data backup and recovery, BC/DR and regulatory compliance.

Keeping pace with the rapid rate of change in integrated computing platforms (ICPs), NetApp and Cisco aren’t wasting any time aligning innovation with the demands of its 2,400 customers. The days of do-it-yourself (DIY) builds are waning as more and more ICP vendors aim to make IT infrastructure easier to procure, manage, and maintain. Full details of this shift are described in ESG’s Market Landscape Report: Integrated Computing Platforms.

To accommodate the needs of a growing market, NetApp and Cisco are developing solutions for companies of various size and targeting new workloads, all while continuing to sweeten their ingredients. Knowing that one size fits all is not going to work inside IT organizations, NetApp and Cisco offer:

• FlexPod Datacenter. Availble for multiple use case in the enterprise IT data center and a service provider running a shared virtualized environment.
• FlexPod Express. FlexPod Express, which is designed to help IT clean house and aggregate workloads onto a single platform, targets down market.
• FlexPod Select. FlexPod Select is geared towards specialized environments in the enterprise data center.

Many people in the Data Protection field talk about “backups” like “insurance” – where you pay a little (cost and effort) so that you won’t have to pay a lot (lost data/productivity) when calamity strikes.

If that is how backup/recovery works, then what if you paid for it like insurance? Insurance wouldn’t be affordable if you paid in advance for the worst calamity possible (regardless of whether it happened or not) – but that is how you pay for backups, regardless of how much data you need to recover (or not).

Recently, Extreme Networks announced its global reseller partnership with Lenovo as well as its inclusion in the EMC VSPEX program. Both announcements highlight the ability to create integrated computing platforms (ICP) leveraging Extreme networking equipment. For more information on this, please see Mark Bowker’s Market Landscape Report, Integrated Computing Platforms. While the Lenovo and VSPEX announcements are technically separate entities, together, they mark what appears to be the beginning of an aggressive go-to-market approach from Extreme—both from a technology alliance point of view, and from a channel strategy perspective. Indeed, EMC has been partners with Lenovo for some time now and there will be synergies that Extreme can leverage.

Re: the Extreme Networks-Lenovo reseller alliance:

Last week while I was on vacation, Cisco was hard at work when it announced that it was buying Sourcefire for $2.7 billion. Now that I’m back, I’ve got to blog about this deal.

Before I get into the details, I have to give Cisco a lot of credit on this one. By grabbing Sourcefire, Cisco management was in effect admitting that information security needed to be a much bigger part of its overall strategy and that it couldn’t achieve this goal in a timely manner with its existing portfolio of security products. During CiscoLive (i.e., Cisco’s customer conference held in June), John Chambers confessed, “we are not our customer’s primary security vendor and that’s got to change.” This acquisition proves that Chambers is willing to put Cisco’s money where his mouth is. For a network hardware company, this decision took a lot of guts.

I wrote about the Amazon Effect in this CW article a few months back where I rambled about how its business model disruption that has the biggest impact to markets over time - positively or negatively. It's business model changes that upset the traditional way of doing things.

It isn’t easy being a start-up. First, the SDN future looked bright, promising start-ups an opportunity to unseat incumbent IP and Ethernet networking titans. Concerned network and cloud service providers had banded together to form the Open Networking Foundation (ONF.org – now at 100 members) to help define programmable networks with a separate, open control plane, initially based on a coincidentally like-minded university’s OpenFlow controller for an enterprise networking test bed. Facing the doom of rapid traffic growth with little new revenue (the classic ‘scissor’ diagram), the current NSP Capex model to scale networks needed to change or they would need to raise prices, potentially strangling the life from the mobile and Internet golden goose pair. And to take server virtualization to the next level, namely VM mobility, Cloud SPs need network virtualization and SDN to make them bandwidth dynamic and enable application calls for bandwidth on-demand. So venture capital flowed like milk and honey to eager SDN start-ups, all expecting to emulate Nicira’s very good fortune.

But then the sleeping networking giants (a.k.a good shepards, or jolly ranchers?) stirred when they saw their cash cow herds at-risk to the new start-up wolves. Should they armor their cash-cows or might a scarecrow do? On April 8^th, 2013 OpenDaylight was launched. From ODL’s mission: “At this early stage of SDN adoption, the industry acknowledges the benefits of establishing an open, reference framework for programmability and control through an open source SDN solution. Such a framework maintains the flexibility and choice to allow organizations to deploy SDN as they please, yet still mitigates many of the risks of adopting early stage technologies and integrating with existing infrastructure investments.”

Shifts in IT consumption trends typically require a corresponding transition in the way that IT is sold and delivered to the business. A real time example of this is the development and adoption of integrated computing platforms (ICPs). ESG dives into extensive detail into this market in its recently published market landscape report: Virtual Computing Infrastructures, wherein ESG investigates how this relatively nascent consumption model (roughly three years since VCE formed and developed Vblock) impacts both how vendors innovate and go to market as well as how IT procures and designs infrastructure.

After the terrorist attacks of 9/11, intelligence agencies and law enforcement organizations in Washington realized they had a problem. Federal agencies had pockets of intelligence spread all over the place and needed to consolidate them into massive data repositories. Additionally, the feds needed help sorting through the noise to find nuggets of true intelligence value.

Recently, ESG completed a research study of Corporate Knowledge workers from small, medium and enterprise companies across North America. One of the key findings of the research was the changes in how applications are purchased by end-users, and the tremendous impact this will have on the way vendors and their partners sell to that new class of buyer. Note: More than 40% of our respondents are now either influencers or decision makers!

I get to talk to a lot of companies – literally hundreds a quarter. Sometimes I have a hard time understanding the value proposition, other times it hits me right away. Sometimes I struggle with the definitions of things. Take for instance the NIST Cloud tenet – "broad network access." Really? Isn’t that kinda obvious? The original use of the term "cloud" was always used to refer to the networks that connected companies to the Internet and to their other locations. Today’s use of broad networks access of course has evolved – now it means something more like "able to connect from any device to any service via the Internet." I think we can go further with that – why not say broad data access? We don’t really connect over the network for the sake of using the network – we have some information destination in mind.

That brings me to one company that provides broad data access – Actifio. Most people think of them as a data protection company – and yup they are definitely all that. But after the briefing I had with them last week – I had the light bulbs go off and I really do see a lot more – I see a cloud company providing broad data access.

Around 2004, Cisco introduced a new technology initiative called Network Admission Control (now commonly referred to as Network Access Control or NAC). Back then, NAC was really in response to the recent wave of Internet worms where one compromised user PC could log on to the corporate network and subsequently infect the whole enchilada. NAC was seen as a way to alleviate this threat by authenticating (i.e., 802.1X) and inspecting PCs before providing Layer 3 network access.

Most organizations do not gain a competitive advantage or drive revenue based on their server, storage, and network implementations; they accelerate growth through improved business processes and well-planned application implementations, which in turn drive productivity. Nutanix is driving this concept home with its technology and go-to-market strategy.

Like an addictive drug, the more bandwidth consumers get, the more they want, and the global mobile device electronics industry has thus far benefited the most. Mobile operators have benefited as well, but are facing a category 5 hurricane of mobile bandwidth demand in the next few years that could wipe out profits or deflate the mobile bubble. Sprint was looking particularly vulnerable with its unlimited data plans, but what can we expect going forward? Accelerated innovation.

ESG has been tracking, researching, and speaking with numerous IT customers and vendors about the transition in consumption model from DIY (do-it-yourself) to turnkey approach to infrastructure procurement. The benefits are hard to ignore and the advantages ultimately boil down to a smarter and better way to do IT. ESG has published multiple reports on the topic, including our most recent Market Landscape Report: Integrated Computing Platform. The report covers the different approaches to ICP (integrated computing platforms): benefits, drivers, future market trends, and coverage of 12 of the major IT vendors participating in this rapidly growing space.

A couple of my colleagues, Mark Bowker and Perry Laberis, recently published a Market Landscape Report about Integrated Computing Platforms. The report goes into a lot of detail on what the components are (management software, compute, storage, & network), who the players are (12 of them), how they are categorized, and what they offer. Interesting to note that the number of VMs supported ranges from 100 to 12,000 and I suspect those numbers will continue to climb over time.

In contrast, the software world seems to be headed in the opposite direction when it comes to convergence. Every week there seems to be a new announcement for a new piece of the software puzzle. The software-defined products continue to be announced for all three components of the infrastructure stack, the management elements alone number at least 10 different functions for cloud service management (detailed in my Cloud Service Management market summary report), and the major cloud eco-systems continue to add modules/functionality.

With the 4^th now behind us, EMC announced its acquisition of Aveksa, an Identity and Access Management (IAM) vendor focused on identity governance.

Easily one of the most revolutionary changes to IT over the past few years has been server virtualization.

Like many of my industry peers, I’ve been writing and speaking a lot about big data security analytics. The general hypothesis is that status quo security processes and technologies no longer provide adequate protection against voluminous, sophisticated, and targeted threats, so we need better security analytics to understand what’s happening in real-time. With improved situational awareness, we can accelerate incident detection and response.

Okay, this makes sense as a theoretical concept, but what exactly is the “big data” behind big data security analytics. In my mind, big data security analytics solutions will reach their true potential when they collect, process, analyze, and correlate data related to:

1. Network behavior. We’ve been travelling down this road for a long time but much work remains. To really understand network behavior, you have to know about devices, applications, protocols, IP addresses, users, typical behavior, etc. We used to collect security device and network logs to figure this out. Now we are collecting ever-growing volumes of other network data including NetFlow, IP packet capture, application profiling, and we are also likely to see a further blending of security data and network operations data in this realm (Think Click Security, Lancope, NetWitness, Solera Networks, etc.). Still, a 10gb network pipe moves approximately 15 million packets per second so security analytics at the network level will continue to be a challenge. The key success factors to me are context (i.e. what’s going on “up the stack”) and algorithms (i.e. detecting anomalous network behavior “up and down the stack” accurately in real time).
2. Security intelligence. Researchers have always set up network honeypots to look at threats “in the wild,” but they used this data to create antivirus signatures or author research reports. This pattern changed over the past few years as security vendors like Blue Coat, Kaspersky Lab, Trend Micro, and Websense integrated on-premises security products with cloud-based intelligence to bridge the gap between detection and prevention. Big data security analytics platforms are joining the party now, consuming real-time threat intelligence that can then be correlated with data gathered internally for better decision making. To make this process as efficient as possible, threat intelligence vendors should support the Structured Threat Information Expression (STIX) and Threat Information Exchange (TAXII) standards for threat data enumeration, syntax, and transport protocols being developed by DHS and Mitre.
3. Network state. Okay, this is the ugliest of the triplets. By network state I mean the assets connected to the network, their current configurations, their histories, status changes, etc. Oh, and we also need to know which users are behind these devices. Yes, I realize we already collect most of this data but we do so through an army of disparate management tools. Try getting a complete view – it’s a mess at many organizations. In a perfect world we need more than simple information about individual devices; we need a complete picture of network connections in order to understand and address systemic risk across all of IT.

Today, Nokia announced it was buying-out its telecom equipment manufacturer (TEM) partner Siemens AG for about US$2.2b, reported as a good deal for Nokia and part of a Siemens refocusing on higher growth industrial markets. Unlike Nokia and its handsets, Nokia Siemens Networks (NSN) has been profitable since downsizing last year, but the joint venture didn’t get any takers when shopped to private equity firms (who likely tried to first shop it to the likes of Cisco, HP and/or Oracle). NSN was formed in 2007 and has about 60,000 employees focused on keeping people connected in over 150 countries world-wide. Last year, NSN sold it optical fiber business to Marlin Equity Partners and fixed broadband access assets to Adtran. Siemens Enterprise Communications still holds a big stake in Enterasys, an enterprise networking player formed from Cabletron.

Primarily a mobile broadband player, NSN is a leader in 4G/LTE mobile radio, following Ericsson and followed by Huawei and Alcatel-Lucent (who announced their ‘Shift Plan’ two weeks ago) in average share. Huawei’s critical network infrastructure equipment traction has been slipping in some developed nations due to unresolved security concerns, giving NSN and others an opportunity to maintain current radio equipment margins. And the tide continues to come in for 4G/LTE global network build-outs, raising all ships. But more cost-effective network scaling is needed to support more bandwidth without more revenue from end-users, and virtualizing/automating what can be appears to be the key for network operators.

As I’ve written many times, the age of big data security analytics is already upon us. In fact, 44% of large organizations characterize their security data collection, processing, and storage activities “big data” today, while another 44% believe that their security data collection, processing, and storage activities will become “big data” within the next two years (Source: ESG Research Report, Emerging Intersection of Between Big Data and Security Analytics, November 2012.)

While the age of big data security analytics may be here however, most enterprises face a growing conundrum. On the one hand, they need big data security analytics to make more informed decisions about what’s happening and what to do. On the other hand, they don’t have the staff, skills, or processes in place to handle big data analytics – let alone reap any of the potential benefits.