ESG Blogs

This is an interesting week in storage — there's more to come that I can't share just yet but I can say that I am likely to type the word "mainframe" more this week than I have done in a long time prior! That'll make some older folks very happy as much of the intent of virtualization, convergence and clouds seems to be in line, at least conceptually, with what the mainframe was all about (now, there's a fine IT philosophy discussion to be sure!)

Day 1 of the 2016 RSA Conference. Vendors are still setting up their booths in the exhibition hall but the sessions have begun in earnest. Here are a few highlights of what I’ve heard so far:

Once upon a time, back in June of 2014, Apple released Swift. IBM and Apple announced their joint agreement around mobility one month later in July. And then life seemed to return to normal. While Apple developers and some IBM developers (those working on the 100 MobileFirst apps that IBM committed to delivering on iOS) understood just how useful Swift was, its impact was tempered because it was a client-side iOS-only language.

And then, everything changed. In December 2015, Swift was open-sourced by Apple. At the same time, Swift on Linux was also released after significant efforts during 2015 by Apple and IBM to craft server-side capabilities into Swift.

I like big data and analytics. This should not be a surprise to my dear readers. Yet I don't really like the complexity of most "solutions" on the market today. Too many moving parts to be bought from vendors or downloaded from open source, then deployed, configured, integrated, tested, and managed. You need teams of data scientists, data architects, data stewards, data analysts, database administrators, data warehouse managers, etc. Not to mention the infrastructure teams for servers, storage, networking, security. Nor the application developers. This blog isn't long enough to list everyone who should be involved, and by the way, we're still talking within the IT department itself. Try to engage every interested stakeholder in the lines of business, and you'll fill a stadium for the weekly status meeting on your big data initiative.

During his keynote at last year’s RSA Security Conference (titled: Escaping Security’s Dark Ages), Amit Yoran, president of RSA, lambasted the industry as failing its customers. In a related interview with Fortune Magazine, Yoran said, “let’s do things differently; let’s think differently; let’s act differently — because what the security industry has been doing has not worked.”

To be honest, I have mixed feelings about the state of the RSA Conference (RSAC). After attending for six years, I missed a year while focusing on public cloud infrastructure. Upon returning to the security industry and RSAC, I was thrilled to see how much the conference — and as a proxy, the industry — had grown with both South and North Hall jammed with vendor booths and overflow sessions scheduled in Moscone West.

But after a few days of weaving through the highways and byways of the Moscone Center attempting to digest and process a sea of vendor signage and the barrage of similar messaging, I realized that the security buyer and practitioner alike must find the noise level confusing, if not annoying. It must be the product manager in me always mapping feature-function to benefits and the marketer in me seeking to quickly grok what a vendor does and how it’s different.

"Loaded up and trucking" is the phrase that comes to mind when I reflect on last week's Spark Summit in New York City. There is a ton of activity and momentum around Spark as the focal point for big data and analytics. While this conference was still relatively small, it was clear attendees were keen to get their heads and hands on the latest code. While readily apparent that this is a relatively young technology space, that youthful energy and creativity is rapidly overcoming the rough edges. I only wish it felt a bit more mature, but we're getting there.

Just a week to go before the biggest cybersecurity event of the year, the RSA Security Conference in San Francisco. Building upon industry momentum and the dangerous threat landscape, I expect a record-breaking crowd from the Moscone Center to Union Square.

Just a quick blog today to plug a video that Jon Oltsik and I recorded recently to preview upcoming ESG research on next-generation endpoint security. If the topic sounds familiar, it should — Jon's going to be speaking about that research during his session at the RSA Conference in a few days.

Anyone remember the Crypto wars of the 1990s? Back in the early 1990s, the U.S. placed strict regulations on the exportation of cryptography and even put encryption technologies it on the munitions list as auxiliary military equipment. This restriction was a real burden to software firms like Lotus, Microsoft, and Novell as they wanted to offer data confidentiality and integrity features for PC users. Eventually the NSA offered a compromise by approving a weak 40-bit encryption algorithm for export purposes.

There is no shortage of shiny new mobility devices and applications, but filtering through how these innovations improve security, productivity and collaboration in the workforce is a major challenge for IT business leaders. We also have a very powerful, but difficult dynamic to solve as business applications and data coexist with personal apps and data on both COPE (corporate owned personally enabled) and BYOD (bring your own device) endpoint devices.

"Organizations will face a market in a state of transition as they evaluate solutions from both new and established vendors."

Enterprise Strategy Group (ESG) has conducted interviews with dozens of enterprises that have navigated this market in transition en route to improving their endpoint security postures. What can we learn from those that have made the journey? Have they, in fact, reached their destination? My new article in Dark Reading shares a summary of our findings. Please plan to join my colleague Jon Oltsik who will be sharing more details in his next generation endpoint security presentation on Thursday morning at this year’s RSA Conference, now just a few weeks away.

Following up on my previous blog on network visibility, I want to distinguish pre-crime, in-crime and post-crime network-based cybercrime.

Pre-crime is like someone visiting you at home with an unexpected knock on your door. You: "Who's there?" Them: "Oh, I'm just here to pick up a package". You: "Not me. I didn't request that". Them: "Sorry, must be the wrong address." (They're thinking: "OK, this house is occupied, better not burgle them".)

As part of my research planning for 2016, I sat down with ESG VP John McKnight to talk about application development and deployment predictions for 2016. Containers have been receiving a lot of attention in the last 18 months. Given the concerns that exist over container security and manageability I would have bet against this prediction at the end of 2015.

I’ve spent the last week reviewing the President’s Cybersecurity National Action Plan (CNAP) first released on February 9. 

The President deserves a lot of credit for addressing some of the more esoteric details related to cybersecurity and national interest. I’ve seen two cybersecurity plans from the candidates so far, one from Governor Bush and the other from Dr. Carson (aside from John McAfee’s that is). The governor’s read more like a few statements rather than a real plan, while Dr. Carson’s was filled with a few high-level promises and some card deck shuffling. CNAP is far more detailed and inclusive than either of these two, demonstrating the administration’s cybersecurity depth and experience.

In my previous role as a mobile and digital strategist working with large enterprise customers, I often had the opportunity to speak with business leaders about a set of emerging technology forces that I called the “4th wave of mobile disruption.” Without going into too much detail here, the essential premise was that technologies such as IoT, wearables, augmented/virtual reality, and mobile transactions were following on previous waves (e.g. big data, cloud, social media) that would impact businesses across all industries.

2016 could be a boon year for hyperconverged vendors. As I covered in a recent blog/video, nearly 70% of IT respondents to ESG’s survey on hybrid cloud trends indicated they plan to adopt hyperconverged solutions. While this is clearly a bullish signal, one area that gives IT planners cause for concern is vendor lock-in. In fact, these same IT respondents cited “giving too much control to one vendor” and “vendor lock-in” as two reasons that might dissuade them from using hyperconverged technology. But what if a hyperconverged solution could allay these concerns by helping businesses eliminate hypervisor software lock-in? 

I’m looking forward to RSA Conference 2016 in San Francisco, and although I’m a networking analyst focused on core networking technologies, we must also be aware that networking is a critical component of security.  

For the same reason that you don’t want a security guard with really bad eyesight, you want good visibility in the network to understand what is going on. Obviously they often feed into other tools to provide detailed insight, but accessing the network packets is where it starts.

As part of my research planning for 2016, I sat down with ESG VP John McKnight to talk about application development and deployment predictions for 2016. PaaS and DevOps have both been around for a decade.

In the early 1900s, Henry Ford was intent on making the Model T an affordable car for the masses. To do so he had to figure out a way to vastly improve the company’s manufacturing efficiency in order to lower consumer prices. Ford’s solved this problem by adopting a modern manufacturing assembly line based upon four principles: interchangeable parts, continuous flow, division of labor, and reducing wasted efforts. 

Unlike businesses born in the digital or Amazon age, most traditional businesses are not planning to go all in on public cloud. Rather, many are planning to take a hybrid cloud approach, whereby some business workloads will be shifted into the public cloud, while other workloads will remain on-premises. The hope is that in doing so, businesses will save money by leveraging the economies of scale of public cloud infrastructure resources and regain focus on what they’re good at so they can be more competitive. Sounds great, but it’s easier said than done.

We continue to see a great amount of interest in combining “data protection” and “the cloud” – but also a great deal of confusion, in that there isn’t such thing as “the cloud.”

Chromebooks as a viable end point device? Why not?

One of the very interesting developments that I’m closely tracking is the use of Google Chromebooks in the enterprise. Google has nice traction and use cases in the education market, but it’s the potential growth in the enterprise that intrigues me, since the Chromebook could stand to be very disruptive alongside other laptop OEMs and could be the exact onramp that Google needs into the business environment.

According to ESG research, 75% of organizations use public cloud services of one kind or another today. A majority (65%) use SaaS, 38% use IaaS, and 33% use PaaS. In terms of IaaS, Amazon Web Services (AWS) is still the king of the hill, but many large enterprises are implementing or kicking the tires on alternatives. Microsoft is pushing clients with enterprise client access licenses (ECAL) toward Office365 and Azure, IBM is winning SoftLayer deals with large customers, and Google Cloud Platform is gaining traction in the life sciences industry.

I’m a gadget geek at heart and I continue to be fascinated by how mobile devices and applications are driving enormous behavioral changes inside of businesses. I also have to sympathize for the IT professionals that have to balance an enhanced user experience with heightened security while they manage to maintain legacy applications alongside modernized applications. Not to mention the fact that managing desktops and laptops is a challenge; now there are more devices and many are not corporate owned. Yikes!

As part of my research planning for 2016, I recently sat down with ESG's VP of Research and Analyst Services John McKnight to talk about application development and deployment predictions for 2016.

It is fascinating to research and analyze how mobility strategies are changing employee behavior inside the corporate world. Senior business leaders recognize the value and strength in mobility while employees request improved access and enhanced collaboration & communication which all ultimately lead to improved productivity.

IT vendors are fanning the fire when it comes to transforming the way desktops, applications and data are delivered and secured.

Cisco announced it was acquiring Jasper, a an Internet of Things (IoT) platform provider for $1.4 billion (USD). How does a software platform for IoT benefit a networking vendor like Cisco? As I wrote in a prior blog looking back at Cisco Live, their focus for the future emphasizes the importance of architectures, solutions, and outcomes, as opposed to being a vendor of networking equipment, so this brings them one more step closer to creating an IoT architecture that's based on solutions (and not simply devices) and to put more weight on their software assets.

Just five weeks into 2016 and it’s already been a busy year for the cybersecurity industry. Here are just a few highlights so far:

I woke up the other day to discover that it was still February 2nd — clearly I'm trapped in the Groundhog Day loop. Must check my code for recursive logic. One symptom is having to make predictions about what will happen today based on what happened yesterday. I recently published a video to explore how the big data and analytics market is repeating some of the patterns of the past year, only more so.

As the title of this blog post implies, there seems to be a blurred line in the general rhetoric between “privacy” and “security”. These topics are not the same, and yet I see them lumped together all too often (ahem, CNN & Co). It's tough, however, to weave a coherent single narrative on the subjects, so let me present a few disparate points to help distinguish the two:

I had the opportunity to attend PTC’s ThingEvent in Boston last week, touted as the event that would allow us to “See Things in a New Way”. The event, held on January 28th at the Revere Hotel, was an intimate but well-produced extravaganza of live-streaming and live-demos.

There are many fundamental debates in data protection:

• Disk vs. tape vs. cloud
• Backups vs. snapshots vs. replication
• Centralized backup of ROBO’s vs. autonomous backups vs. cloud-BaaS solutions
• Unified data protection vs. workload-specific (e.g. VM/database) methods

On any given day, I could argue on either side of any one of them (for fun) in which I adamantly insist that these choices are not mutually exclusive nor definitively decidable with a unilateral best choice. Candidly, every one of those choices is best resolved somewhere with, “it depends”, and usually the right answer is, “and, not or.”

Happy 2016! Is that still allowed in February? Or, if you are like me, are you stunned that just over 8% of the year went by already!

Anyhow, while 'predictions' is an over-used word around this time of year, there's another 'P' word that has had more than its fair share of deployment in IT circles generally — and storage specifically — over the decades: the word is 'paradigm'. And especially shifts thereof! But sometimes cliches are cliches for a reason...

My colleague Doug Cahill and I are knee deep into a research project on next-generation endpoint security. As part of this project we are relying on real-world experience, so we’ve interviewed dozens of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) who have already deployed new types of endpoint security software.

Marvin Minsky, an artificial intelligence pioneer and co-founder of the M.I.T. Artificial Intelligence Lab, passed away on January 24th.

Artificial intelligence went into a period of reduced interest called the "AI Winter" after long being over-hyped. But more recently, AI has resurrected itself in different forms, finding its ways into everyday life through as self-driving cars or virtual assistants like the Amazon Echo, Google voice search, and Microsoft's Cortana. We must remember that Minsky's lab's efforts from the 1950's laid the groundwork for what we have today.