I spent a few days with Trend Micro last week at its Insight event here in Boston. While Trend is a $1 billion + global cybersecurity vendor, too many cybersecurity professionals still think of Trend as an Asian-based AV player. This perception is completely antiquated however, as Trend now offers:

• A tightly-integrated next-generation endpoint security suite. There’s a lot of industry rhetoric out there proclaiming Trend as a legacy AV vendor. Don’t believe it! Yes, Trend Micro’s endpoint security product has been around forever but the company has continuously enhanced its technology to keep up with the latest requirements. Most recently, Trend added machine learning for pre- and post-execution prevention/detection of 0-day malware which puts it on par with the next-generation endpoint security crowd. Oh, and Trend also offers its own EDR functionality as well. Armed with its new product, Trend’s layered endpoint defense should meet the security efficacy and operational efficiency requirements of even the most demanding enterprises.

In this ESG Video Capsule, I discuss my impressions from Dell EMC World 2016.

Arguably, nothing in the last decade has been more revolutionary in IT than virtualization.

Generally, IT events are pretty subdued affairs. Some good meetings, some good dinners, some boring breakout sessions, and lots of overly ethusiastic marketing claims. IBM's World of Watson was exceptional. The videos felt like days of Superbowl commercials on Watson. Every buzzword was covered: cloud, mobile, social, IoT, open source, analytics. Bingo! Brand name customers dutifully trotted out on stage. IBM said the company's own brand value statement should be "humble genius" but I didn't see much evidence of either attribute. This was the most over-the-top, over-produced brag fest I've seen in years of IT conferences.

We’ve all heard or read the rhetoric that “cybersecurity has become a boardroom issue.” I certainly agree that we are trending in this direction, but is this true today or nothing more than marketing hype?

 
It’s less than two months since the deal went final and it’s obvious that Dell and EMC weren’t waiting for the official starting gun to actually….well, y’know, hold hands and all that. But now they are officially off and running and…..well, y’know, procreating and planning their lives together as a unit.

There were a lot of smiling corporate faces in the Austin Convention Center last week – dare I say relaxed even, although I suspect that was more about relief than a sign of less stress or lower work levels (knowing both entities I also suspect that many employees of both organizations will find that statement rather droll!). It’s way too early to tell whether the completed “big stuff” (a high end vision and immediate compelling progeny) and the completed “small stuff” (business cards, emails and conference bridges in brand on Day 1) is testimony to a wondrous level of completed “middle-sized-stuff” transformation or actually is camouflage for a lot of “middle-sized-[most important]-stuff” left to do. Either way the curb-appeal of this new IT vendor mansion is hard-to-deny.

As the old adage states: People are the weakest link in the cybersecurity chain. This is a problem because strong cybersecurity depends upon both individual skills and organizational collaboration between cybersecurity, business, and IT groups. 

To use another analogy, cybersecurity is a team sport. If the cybersecurity team doesn’t communicate and collaborate well with other groups within an organization, it will be difficult if not impossible to stay current with what’s needed for security incident prevention, detection, and response.

"Let the Transformation Begin" was the mantra of the first Dell EMC World and that theme rung true in a variety of ways. While Dell Technologies seeks to transform the IT industry, it must also embrace its own internal transformation. First, let’s discuss the show itself. While it was still in Austin (for the last time it appears), influences from the former EMC World were everywhere. Michael Dell, obviously, led the company's message, but the general sessions embraced the impressive production value that we have come to expect with Jeremy Burton, Dell Technologies’ newly appointed CMO. Attendance seemed to have shot up as well. While I don’t have the official numbers, after the first general session it was obvious Dell EMC World had simply outgrown the capacity of the Austin Convention Center, something that could not have been said of Dell Worlds in the past.

 I wrote a movie review of “Lo and Behold” in Network Computing and toward the end of the article, I wrote that “I applaud NetScout's courage in undertaking an effort with no obvious direct payback.”  That led me to think of any non-obvious direct payback. 

I considered how this movie influences the audience to realize the importance of networking to society.  Obviously, a firm with a large customer base and revenue will benefit as networks are increasingly relied on because a rising tide lifts all boats.  However, that will benefit any networking vendor—whether it’s a market giant such as Cisco, or a smaller firm that does not directly compete with NetScout, such as Arista.

One needs to examine the segment NetScout is in, which is application and network performance management for enterprise and service providers, and in security through their Arbor Networks security division. NetScout is not alone in that segment, but given its leadership in this segment, it will probably garner a proportional benefit as organizations become more aware of the performance management.

David Bunnell, the founder of PC World, PC Magazine, and Macworld passed away in Berkeley, CA on October 18^th, 2016, at the age of 69. 

Bunnell was an entrepreneur and social activist who represented the spirit that drove the  personal computer revolution that had its origins in the mid 1970s.

The promise of using personal computers, in contrast to centrally controlled and managed, and to some extent, cloistered, computers that were inaccessible to the masses, was considered a catalyst for social change, since computers were the gateway to accessing information, and through information, power.

The publications were not direct vehicles for social activism, but they celebrated the new ecosystem that enabled computing that was “owned” by the masses, out of the control of the then dominant computer makers and those who bought and operated them. You choose what software to load. You choose what peripherals to buy. You choose where and when to use them. It was not “the man” who controlled them.

Consumer Reports is a widely respected publication. It recently published a list of privacy recommendations that I think does not represent good cybersecurity best practices for the mainstream users they service.

I want to put in a disclaimer that this list is not part of an article published as a result of their testing service, which are typically written with care. This list is a set of recommendations from security experts.  

But the very fact that this list is published in Consumer Reports does need, in my opinion, to pass the criteria of whether it is worthwhile for their readership.   

They are usually good at meeting the needs of their audience, but they have missed the mark in the past, such as piling on to the Toyota sudden acceleration hysteria as reported in Malcolm Gladwell’s Revisionist History podcast.

In addition, the list of 66 ways to protect privacy is way too long. Not that they are all bad, but I wish they prioritized the most important ones.  I list the worst offender, as well as a few simple ones that people ought to consider. I list them based on the hint number in the magazine and website.

One phrase that I heard often from Red Hat was how they commoditized some layer of the infrastructure, such as commoditizing GNU/Linux. 

I understand what they are trying to say, and this is in reference to operating systems that are not based on open source, such as Windows or various flavors of UNIX, which were the only game in town. But with the rise of open source, Red Hat made these systems supported and available for enterprises.

However, the phrase “commoditizing” bothers me. In a strict sense, it means that it’s fungible, or capable of being substituted for one another.  For example, pure gold is fungible. I mostly don’t care if it’s an ounce of gold mined from one mine or another. There are common parts to GNU/Linux distributions, namely the Linux kernel, but that does not make the entire distribution a commodity. There are many items layered on top.

New ESG/ISSA research indicates that cybersecurity professionals value competitive compensation, a strong cybersecurity culture, and business management commitment to cybersecurity.

As we know, there is an acute shortage of cybersecurity talent available on a global basis. For example, previous ESG research from 2016 reveals that 46% of organizations say they have a “problematic shortage” of cybersecurity talent at present.

Unfortunately, the cybersecurity skills shortage goes beyond headcount alone. According to a recently published report from ESG and the Information Systems Security Association (ISSA), cybersecurity teams can be in a constant state of flux due to issues with employee satisfaction, a lack of adequate training, and staff attrition. The report also exposes the fact that 46% of cybersecurity professionals are actually recruited to pursue new job opportunities at least once per week! In other words, if your cybersecurity people aren’t happy, they won’t be around long. 

VMware announced a VMware Cloud on AWS solution (still as a Technology Preview). I want to examine what this means, as some aspects are similar to what’s already available, and the implications of the new parts.

The ability to run VMware Cloud off-premises isn’t new, and VMware itself has a vCloud Air offering, and a vCloud Air Network provided by its partners.  We also saw a preview of VMware Cross-Cloud architecture at VMworld that offers services across multiple clouds.

Therefore, let’s look at key areas of an VMware Cloud on AWS offering and dissect them one by one to see where alternatives exist and where there may be unique benefits in the long term.

Today, Lenovo and Nimble Storage announced a joint partnership, furthering the capabilities and the reach of both companies. The near–term product offering that results from the partnership will be Lenovo’s ThinkAgile CX converged system available on October 28th, with Nimble providing the storage element. From a business perspective, the deal makes so much sense for both companies; the real question may be what took them so long.

First, let’s start with the obvious benefits. Lenovo gets access to Nimble’s Predictive Flash technology for its converged offering, rounding out its storage portfolio and adding a larger scale converged offering to pair with its existing hyperconverged solutions from the partnership with Nutanix. Nimble Storage gains access to Lenovo’s substantial enterprise sales channel. While the immediate impact will likely be a boost in revenue for both companies, this partnership looks like it goes beyond the simple reselling of technology.

We all know that cloud computing is elastic. If you need more resources, it’s easy to add capacity. It’s not infinite capacity, but it is easy to add capacity on demand compared to the traditional way of procuring, racking, and stacking servers, storage, and networking equipment.

However, computer hardware alone does not a solution make. There is a need for operating system software, application software, and most importantly, some people who get actually do the hard work to make this work.  

Some parts may be automated, such as operating system installation and provisioning software, but there are tasks that simply cannot be automated. This actually puts one in a quandary – if you need to scale capacity elastically during times of heavy demand, how do you scale the people? It’s not like surge pricing in Uber where people will magically come out of the woodwork due to increased demand. Even if there are extra staff available in the IT department, they may not have relevant skills or certifications.

Given that it’s national cybersecurity awareness month, I hope that all cybersecurity professionals are familiar with the Cybersecurity Canon. For those that are not, the goal of the cybersecurity canon is as follows:

To identify a list of must-read books for all cybersecurity practitioners – be they from industry, government or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.               

At Juniper Networks’ recent NXTWORK customer summit and analyst day, the major announcement was Software Defined Secure Networks (SDSN), a platform for policy, detection, and enforcement for every element of the network. This has been covered in the press and on Juniper’s web site.  The photo to the left includes Rami Rahim (CEO),  Jonathan Davidson (EVP), and Mike Marcellin (CMO) during the analyst day Q&A.

Equally interesting was Juniper’s long-term vision for an automated network, which they called a self-driving network. In the same way automated cars may start to take over many manual driving tasks, so too might automated networks take over manual networking tasks. This vision, which happens to go by the same three letters as Software Defined Networks, is ambitious. At the closing session, Pradeep Sindhu, Founder, Vice Chairman, and CTO presented a view of the state of the network, and Dr. Kireeti Kompella discussed the self-driving network.

When it comes to the cybersecurity skills shortage, ESG research reveals the following:

• 46% of organizations claim that they have a “problematic shortage” of cybersecurity skills. This represents an increase of 18% compared to 2015. 
• A vast majority (87%) admit that it is “very difficult,” “difficult,” or “somewhat difficult” to recruit and hire cybersecurity professionals.

Yup, there is a definite shortage of cybersecurity professionals available so recruiters are tripping over each other as they try to poach talent from their existing employers. According to a recently published report by ESG and the Information Systems Security Association (ISSA), 46% of cybersecurity professionals are solicited to consider other cybersecurity jobs by various types of recruiters at least once per week! This situation has led to salary inflation and massive disruption. 

It’s a common trait among cybersecurity professionals: When they meet each other, discuss their qualifications with prospective employers, or print their business cards, there is often an alphabet soup of initials by their names, specifying the many certifications they’ve achieved.

At last week’s Hitachi Strategy Session the essence of the event was made very clear up front: ”You're not going to get boxes and roadmaps - it's business strategy." For some vendors – and this isn’t a pejorative comment, just a statement of fact – “strategy” actually means that those of us in the audience are simply going to get higher level messages about the importance of, and their intention to, provide better boxes and roadmaps!  But here the different corporate strategy of Hitachi was front, center, and crystal clear.

Senior Hitachi executives Kojima-san (who leads its Insight group) and Otsuki-san (who heads the US operations) kicked off the event with a reminder of Hitachi’s history and corporate ethos….that wasn’t significant just because it’s a stark contrast to many other vendor organizations in this business; but instead also because it served to remind us that the strategy Hitachi now promotes is actually more of a public manifestation and route-to-market alignment with what this organization has really been about for its more-than-a-century of life. This video from the event (in which I am joined by my colleague Terri McCure and Hicham Abdessamad, the CEO/President of Hitachi Consulting) summarizes what this is all about.

I’ve written about and researched the cybersecurity skills shortage for many years. For example, ESG research indicates that 46% of organizations claim to have a “problematic shortage” of cybersecurity skills this year – an 18% increase from 2015.

Of course, I’m not the only one looking into the cybersecurity skills shortage. For example:

• According to Peninsula Press (a project of the Stanford University Journalism Program), more than 209,000 U.S.-based cybersecurity jobs remained unfilled, and postings are up 74 percent over the past five years.
• Analysis of the U.S. Bureau of Labor Statistics indicates that the demand for cybersecurity professionals is expected to grow 53 percent by 2018.

Some people may think all major public cloud providers are alike in their network capabilities. Amazon Web Services, Microsoft Azure, and Google Cloud offer direct connections between data centers and their cloud through AWS Direct Connect, Azure Express Route, and Google Cloud Direct Peering (or VPN), respectively. At a superficial level, all systems seem similar. In practice, there are significant differences between cloud networks, and from Google’s view, that stems from how the network is run.

Live from New York, if just a bit Off Broadway, were the O'Reilly AI conference and Strata & Hadoop World shows last week. These events were fascinating as character studies of overlapping technology stars. AI is now the fresh faced celebrity, if a bit immature, raring to get a big break, while Hadoop has become recognized as always delivering a solid performance, but may be fading a bit in glamour.

Starting with the AI conference then. This was a stunningly cool event. The stuff being done with machine learning, deep learning, neural networks, etc., is incredible. A well-trained AI can accurately process rough inputs, analyze to build complex models, and predict all manner of outcomes. In an instant. Except it's all still rather hard to use and could benefit from some better packaging and integration with other IT technologies. If there is a shortage of general data scientists, I wonder how many people can really master machine learning as it's presented today. Can we say "user interface?" That aside, we are on the cusp of some truly remarkable things. Though AI may still struggle to do some tasks my 10-year old tackles effortlessly, at the same time it can process phenomenally more info and find hidden patterns. And it's fascinating how an AI thinks, perceiving the world in fundamentally different ways than us meat. This space is ripe for massive growth, if we can get the tech accessible to more than a handful of companies, universities, and government labs.

So, it is hard not to have fun with word repetition at times - so here are a few insightful insights from Insight, NetApp's annual customer and partner conference that was held last week. My actual theme for this commentary is about NetApp's surprises - simultaneously both the existence and lack thereof! But before digging into that a little more, take a look at this ESG On Location video that Steve Duplessie and I recorded at the event.