Is it time for two CISOs at enterprise organizations?

I was able to get out of snowy Boston this week to give a presentation on enterprise security to a Federal IT audience in Washington DC. As usual, I stated my opinion that enterprises are in the midst of a profound transformation with how they address cybersecurity risk. This change will require a new strategy around security technology and a new type of leadership from CISOs.

Topics: Cybersecurity

Will Software-defined Networking Bring a Change For The Better in 2015?

Ch-ch-ch-ch-changes, Turn and face the strange, Ch-ch-changes
  -David Bowie

Change may be an enduring theme in 2015. Geopolitically, economically, and of course, technologically. A quick scan of the day’s headlines only serves to confirm that changes (some quite scary) are rapidly taking place in each of these three areas. On a more personal level, 2015 has ushered in some very exciting changes as I joined the very talented ranks of the ESG team. As their newest IT infrastructure analyst, I’ll be focusing on how the software-defined data center (with a concentration on software-defined networking [SDN]) can help organizations transform or effect “change” to improve the vitality and health of their businesses.

Topics: Networking

Welcome Back, Veritas! The Truth Is Still the Truth

Today, Symantec announced that the Information Management (Data Protection) side of Symantec will be called Veritas Technologies Corporation (press release). Frankly, if they had chosen anything else, I would have been disappointed.

Topics: Data Protection

Enterprise Organizations Replacing Commercial Antivirus with Freeware

For the past 15 to 20 years, the vast majority of organizations install commercial antivirus software on just about every PC residing on their networks. This resulted in a multi-billion dollar industry dominated by five vendors:  Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro. AV security efficacy has come into question over the past few years, however, as cyber-criminals and state-sponsored hackers regularly use customized malware and zero-day attacks to circumvent AV and compromise PCs. 

Topics: Cybersecurity

You Can Prepare for Tomorrow's IT Disaster Today

This week, many of my colleagues are preparing for Winter Storm Juno. One of my compatriots actually warned his friends on Facebook that he was going to run around supermarket aisles telling folks “We’re all going to die!!

But seriously, it wasn’t that many years ago that IT folks would shrug their shoulders with the acknowledgement that “If you haven’t prepared for this months ago, there is no hope for you now.” And in every crowd, there would be some IT folks that quietly acknowledged that they never got around to preparing for a regional crisis or any other significant IT disruption. Those folks promised themselves that as soon as this weather pattern (or other pending calamity) was over, they would do better. And then the crisis passed and those IT folks spent the first few days afterward catching up on what slowed down during the storm, and then naively continued on without ever really changing their DR preparedness.

Topics: Data Protection

Oracle Re-engineers Big Boxes for the Data Center

Announced at a live event at the Oracle headquarters this week was a complete overhaul of the company's high-end engineered systems for the data center. These pre-integrated appliances have always been big and fast, with a big starting price to match, so it wasn't surprising to see them get bigger and faster. The interesting bit was how they also got cheaper. Or offer more price/performance value, if you prefer the spin.

Topics: Data Platforms, Analytics, & AI

Grading the President’s SOTU Cybersecurity Agenda

In the wake of the furor over the Sony Pictures attack, President Obama came out swinging in his State of the Union speech earlier this week. Not to be outdone, Senator Joni Ernst (R-Iowa) included a cybersecurity-centric sentence or two in the Republican’s response.

Yup, the President is finally rolling up his sleeves and proposing some Federal cybersecurity initiatives but are these the right actions? Allow me to offer my two cents by grading each of the proposals.

  1. Increased security/threat intelligence between the public and private sector (Grade = B-).  This is a new spin on the old “public/private partnership” that arises from time to time across a myriad of areas. Furthermore, Congress has been wrangling over this for the past few years – first with the Cyber Intelligence Sharing and Protection Act (CISPA) and more recently the Cybersecurity Information Sharing Act (CISA). 
Topics: Cybersecurity

Information Security Tops the List of Business Initiatives Driving 2015 IT Spending

Those of us in the cybersecurity community can name-drop dozens of data breaches from the last ten years, but the late 2013 breach at US retailer Target could be considered a game-changer.  In addition to the $148 million price tag, the CEO and CIO were both ousted in the wake of the cyber-attack.

Topics: Cybersecurity

Maximizing the Difference: A Better Way to Understand Developer Needs

In my last blog, regarding the 12 questions that separate PaaS leaders from laggards, questions 8 and 9 asked about what features developers wanted to see in PaaS products and what importance developers would attach to each of these features. The challenge was that I had a list of 20 features. Expecting a developer to reliably rank order 20 features is as likely as Larry Ellison getting married again. However, in the market research space, there is a type of discrete choice analysis named maximum-difference. Max-diff is an approach for understanding preference or importance. The reason max-diff warrants attention is that the scores generated are both linear and consistent. That means that if you have a list of features and feature A has a score of X and feature B has a score of say 2X, then feature B is twice as important as feature A. This added precision in understanding feature preference or importance makes portfolio analysis far easier, especially when comparing feature set costs with feature set preference. This precision also provides a reliable foundation for comparing the preference for one vendor relative to other vendors. For this reason, max-diff analysis is widely used to understand brand preference, customer satisfaction, feature preference, and message testing.

Topics: Cloud Services & Orchestration

Endpoint Security Activities Buzzing at Enterprise Organizations

Endpoint security used to be a quasi “set-it-and-forget-it” category at many enterprise organizations. The IT operations team would provision PCs in an approved, secure configuration and then install AV software on each system. Of course there were periodic security updates (vulnerability scans, patches, signature updates, etc.), but the endpoint security foundation was set and dry by then.

As Bob Dylan once sang, “the times they are a-changin." CISOs realize that these legacy endpoint security methods are no longer enough so they are thoroughly altering endpoint security across their organizations. 

Topics: Cybersecurity

IT Data Center Infrastructure Convergence Predictions in 2015

IT infrastructure is constantly riding the often tumultuous waves of consolidation and separation. A typical example would be the eras of mainframe, open systems, and PC computing. No surprise there. For the past three to five years, server virtualization has been a catalyst for data center consolidation, (even though for the most part, IT has mapped server virtualization initiatives to existing IT infrastructure choices, or, dare I say, legacy infrastructure). Regardless, as a result of the success and comfort level of virtualization in the data center and the simplicity of cloud solutions, IT infrastructure is rapidly evolving. Vendors are betting on a shift in thinking among customers where enterprises will no longer want to “accessorize” their existing systems, and will see the light when it comes to converged solutions. That said, be on the lookout for these highlights in 2015:

Topics: Converged Infrastructure

Top Five (ish) Storage Predictions for 2015

With the New Year upon us, it is time to make some predictions about 2015. If you have been paying attention recently, it will come as no surprise that the storage industry is in the midst of a dramatic transformation. With emerging technologies such as solid-state, software-defined storage, hyper-converged, and cloud storage all primed to increase adoption, 2015 is poised to be a fascinating year. Any of these new technologies could eventually disrupt the industry and change how companies do business. The coming innovations can almost help me forgive the fact that I won’t be riding around on a hoverboard (even though the next best thing looks like it may be in the works), let alone a flying car.

 With all this innovation underway, what will the storage industry look like in 2015? One of the things to remember when forecasting storage technology is that the market moves at a conservative pace. Protecting data is an important job and most organizations take that job very seriously, as such dramatic shifts can take a time to build up momentum. When they hit the tipping point, however, the industry can transition very quickly. All of the technologies mentioned above are building momentum, so which will reach the tipping point in 2015? Here are some of my predictions:

  1. Solid-state for everyone: I am not including this as a prediction, since saying solid-state will increase in adoption is about as risky as saying the sun will rise in the East. What I am going to predict, though, is that 2015 is the year we stop talking about solid-state as some sort of new emerging technology. It’s here, it’s fast, it getting more affordable, and nearly everyone is already using it.
  2. Vertical integration driving new storage players: With the rise of flash both in terms of adoption and affordability, flash suppliers are building more fabrication plants. And with all the investment, flash suppliers are starting to look like they may want a higher return. Additionally with the market demanding lower cost flash, vertical integration is one way to reduce prices. Whether through internal development or acquisition, such as SANdisk’s acquisition of Fusion IO last year, I expect that we will see more component providers entering the enterprise storage market.
  3. Showdown between hybrid cloud and cloud security concerns: Two ongoing trends will likely meet in a collision course this year. On one side the hybrid cloud--storage vendors have been talking about it for a while and have started offering multiple solutions designed to migrate data offsite, potentially lowering storage costs while maintaining the service levels of on-premises storage. One the other side, reports of data outages and security breaches with cloud solutions continue to dominate the media. While I expect a number of organizations to adopt a hybrid cloud architecture, I expect that the security concerns will be a major, if not the biggest, hurdle for those solutions to overcome and may even fuel demand for wholly on-premises content storage solutions in the near term.
  4. Software-defined storage will mean something: In 2015, software-defined storage will continue to dominate many industry headlines. And while I do not expect adoption to increase too significantly this year (maybe next year or 2017), I do expect we will all start to agree on what the term means. With multiple vendors leveraging the term for different offerings, confusion has been rampant. However, just as the greater familiarity with cloud technology allowed for a better consensus to emerge around the definition, I expect the industry to at least converge to some extent on a definition for software-defined.
  5. Server vendors will place more emphasis on hyper-converged: One area where software-defined storage could likely see an increase in adoption over the next 12 months could be in the form of hyper-converged solutions. And while a number of startups have led the change, I expect the server vendors, HP, Dell, and Lenovo, to start driving more of the adoption, whether the solutions are EVO:RAIL, reselling a partner's technology such as Nutanix, or something developed in-house.
  6. Start to investigate the software-defined data center hyper-scale model: This is the year hyper-scale (or the software-defined data center) solutions start becoming a discussion point. I don’t, however, expect the majority of organizations to start deploying or adopting these solutions any time soon. With many of the technology pieces already available for the non-Googles and non-Facebooks of the world to heavily leverage commodity hardware, I fully expect a vocal segment of the market to start asking, “why not me?” The complexity, however, is still on the high side for the typical enterprise, and that will hold back major adoption, but the pieces are there to start the investigation.
Topics: Storage

New Research Data Indicates that Cybersecurity Skills Shortage To Be a Big Problem in 2015

Like all other industry analysts, I offered my prognostications for 2015 in my blog way back in 2014.  Prediction #1 on my list:  Widespread impact from the cybersecurity skills shortage.

Topics: Cybersecurity

The Year Ahead in Data Storage

One of the few things one can foretell safely every year is that there will be an onslaught of predictions articles, blogging, and general prognostication from about mid-December through to about that point in January when we all think it’s got a bit too late to say “Happy New Year”! 

I would hate to buck that expectation!

Topics: Storage

What Should the 114th Congress Do About Cybersecurity in 2015?

It’s 2015 and the GOP-dominated 114th congress returns to Washington tomorrow.  After years of maintaining a hands-off approach toward cybersecurity, the new Republican-led Congress is poised to jump all over this issue – mostly because of the December data breach at Sony Pictures and the subsequent brouhaha over the release of the now infamous movie, The Interview.

While no one was voting for anything in late December, there were a few consistent cybersecurity themes coming from Congress:

  1. Blame the President.  Senator John McCain (R-AZ), the incoming chair of the Senate Armed Services Committee, blamed the Sony Pictures data breach on the Obama administration, citing a lack of leadership on national cybersecurity.  Note that this is the same Senator McCain who sided with the Chamber of Commerce in 2012 in blocking the passage of Cybersecurity legislation that had bipartisan support in the Senate Homeland Security and Government Affairs (HSGAC) committee. 
  2. Declare a Cyberwar Against North Korea.  Before exiting Washington, retiring Congressman Mike Rogers (R-MI) and others have suggested that the U.S. should declare a cyberwar on North Korea and take out its ability to launch another cyber-attack on the U.S.  I guess no one told the Congressman about North Korea’s minimal attack surface or explained how the IP protocol works to him.
  3. Push for public/private security intelligence sharing.  This one has some legitimacy as there is an actual bill (Cyber Information Sharing Act aka CISA) that was moving through the last congress.  While it may be a good idea to share intelligence, this is no panacea for curing our nation’s cybersecurity ills.  Furthermore, CISA will never gain popular support without some additional privacy protection. 
Topics: Cybersecurity

Top Trend Predictions for Big Data in 2015 (Part III)

One always feels a bit meta- when discussing analyst predictions about predictive analytics. This is part 3 in my continuing series of posts on what’s coming in 2015 for big data. If you missed the earlier ones, don’t worry, they are preserved for posterity here and here

7. More vertical and line of business applications. While so many big data technologies today are positioning themselves as generic intelligent data platforms, the really interesting parts are likely to be the more specialized use cases. “One size fits all” is a fine concept, unless it means extensive tailoring is required to make it actually fit. An increasing number of companies are bucking this default and instead building applications or tools that address more specific markets or tasks. The Hive takes this as an investment thesis, while vendors like Peaxy, Tidemark, and New Relic have each defined a focus that will take them deeper in their respective markets.

Topics: Data Platforms, Analytics, & AI

Top Trend Predictions for Big Data in 2015 (Part II)

Welcome back. If you missed Part I of the predictions, due to holidays and champagne, well, just clicky here.  Else, read on to hear more about what is 100% guaranteed to happen in the world of big data this year.

Topics: Data Platforms, Analytics, & AI