ESG Blogs

In my recent blog and video covering my predictions for infrastructure in 2018, I promised to return to the key themes, saying that I thought their simplicity could obfuscate their importance. So, here goes on adding a little more color to the first one.

The onward march from IT as infrastructure technology [back] to IT as information technology makes for memorable semantic fun…but it covers way more than that. Yes, it’s important to have IT focused on the overall delivery model, SLAs and – most important of all – the achievement of relevant business outcomes. However, the move of individual infrastructure elements somewhat out of the immediate spotlight and more into the (literal and figurative) IT shadows should never be interpreted as any lessening of the value associated with, or attributed to, these elements. Quite the reverse. As we increasingly rely on more integrated IT systems – convergence, cloud services, and software-defined being three common contemporary manifestations – so we inevitably also increasingly rely on those systems being “better.” In this context “better” does not necessarily mean things like price-performance – which remain nice-to-haves of course – but absolutely means things like reliability, ease of use, automation, and interoperability.

ESG conducted research on the cloud’s impact on network infrastructure, strategy, and support teams by surveying 300 IT professionals responsible for evaluating, purchasing, and managing networking technologies

We found out that 3 in 4 organizations are actively using a public cloud service today. So what are the IT initiatives that impact infrastructure spending? Obviously, the most important part is about using public cloud computing services , but also interesting is that data center interconnects between on-premises, colocation, and cloud environments are important. Other important issues include cloud security and connectivity to the public cloud, including WAN links used in remote offices.

With the global cybersecurity skills shortage hanging over them, CISOs are turning toward security automation and orchestration technologies to improve staff productivity. This is happening faster and wider than most people realize. According to ESG research, 19% of enterprise organizations have already deployed technologies for security automation and orchestration extensively, 39% have done so on a limited basis, and 26% are engaged in a project to automate/orchestrate security operations. 

So you have a decision to make: behind door number 1 is a huge, costly on-prem infrastructure that requires expertise across a bunch of different tools involved in the data pipeline for support, and ongoing management and maintenance. Behind door number 2, you have a no-upfront-cost cloud infrastructure that requires minimal expertise, and a single point of support and management. Which do you pick? There are a lot of considerations, such as performance, availability, and arguably most importantly, long-term cost. What is my overall data footprint and growth over the next 3-5 years? How much data does my organization process on a monthly basis? Is the cloud a final destination for my data sets? And that’s just the start. Now with that said, for organizations that are looking into becoming more data-driven as quickly as possible without a potentially massive upfront investment, I would like to be the first to say…welcome to the cloud my friend.

Over the last few years I’ve been fascinated by the ever-interesting cybersecurity market. It’s the latest wild, wild west of technology frontiers. It’s a massive market, that is perfect in many ways—for me and ESG at least. Maybe not so much for you poor folk trying to deal with it.

If you want to understand what’s happening with AI and cybersecurity, look no further than this week’s news. On Monday, Palo Alto Networks introduced Magnifier, a behavioral analytics solution that uses structured and unstructured machine learning to model network behavior and improve threat detection. Additionally, Google’s parent company Alphabet announced Chronicle, a cybersecurity intelligence platform that throws massive amounts of storage, processing power, and advanced analytics at cybersecurity data to accelerate the search and discovery of needles in a rapidly growing haystack. 

Jerry Skurla, CMO at Bay Dynamics, stopped by the ESG studio a few weeks ago to chat about SOAPA. In part 2 of our video, we discuss:

1. The role of machine learning. Enterprise organizations are embracing artificial intelligence for cybersecurity but remain confused about what it does and how they benefit. Jerry talks about machine learning and its ability to understand “normal” behavior. When it does find anomalies, they can be further categorized into benign or real issues. In this way, machine learning can help reduce all the noise in security operations – a welcome advancement.

A few years ago (2016), my esteemed colleague Doug Cahill and I spoke with 30 enterprise organizations on their endpoint security requirements and strategies. Based upon these discussions, we came up with a concept called the endpoint security continuum. 

On one end of the continuum lies advanced threat prevention. This software is sometimes referred to as “next-generation AV” because it uses technologies like machine learning and threat intelligence integration to improve the threat prevention capabilities of traditional AV products. 

ESG recently completed our annual IT spending intentions research in which the study gauged not only spending plans, but top of mind IT and cybersecurity considerations for economic buyers. With strengthening cybersecurity tools and process being the most important IT meta-trend, and cybersecurity the largest area of projected incremental spend, this video blog explores the dynamics that are driving cybersecurity priorities, including: 

In this video blog, ESG’s cybersecurity analysts, Jon Oltsik and myself, share some of the cybersecurity developments on our radar screen that we expect to be especially relevant in 2018 including: 

• Cloud computing chaos and how cloud services will become more prominent in addressing – and spawning – threats and vulnerabilities, including the need to better protect data resident in poorly configured AWS S3 buckets.

There has been an understanding held by those inside the storage industry for some time now that enterprise storage is a software business. To those on the outside, though, it has looked like a hardware business. People see the mass of HDDs, SSDs, controllers, enclosures, power supplies, etc, and think "I am buying hardware." But inside the industry, vendors have known for decades that what separates the winners and the losers has long been the software.

There are two primary problems with managing identity:

• Fractured user authentication across networks, applications, and devices.
• Organizational gaps between IT operations and information security.

Businesses can no longer compromise security for user experience and should look to strengthen security while improving productivity. Doug Cahill and I share our insights into how companies have the opportunity to improve their security posture while embracing mobility.

Bay Dynamics CMO, Jerry Skurla, stopped by ESG to discuss how the company participates in security operations and analytics platform architecture (SOAPA). In part one of our video, Jerry and I discuss:

Kodak recently announced a blockchain copyright platform, KODAKOne, at CES 2018. Is it a me too product? Does it have a real business use case, and can it succeed?

Amidst the euphoria on cryptocurrency and ICOs, it is worthwhile going back to understand the practical uses for distributed ledgers and cryptographically secured blockchains to see where they can provide true business value.

There always is tension between highly curated platforms like an Apple iPhone and an open system such as Android. The same argument was made to compare an Apple Macintosh with Microsoft Windows. What matters most? A wide range of choices (Windows or Android) or a narrow but predictable behavior (Mac or iPhone)? Must there be a trade-off? Why can’t an open platform also provide predictable behavior? Windows today pretty much has good compatibility across a range of apps (the sole exception probably being high performance games) but that was not always the case. Early days of Windows was fraught with unpredictable behavior ranging from device compatibility to app compatibility. That has mostly disappeared...

Each year, ESG does an annual global survey on the state of IT – the business value of IT, new IT initiatives, areas of concern, etc. This year’s research is based upon a survey of 620 IT and cybersecurity professional across all industries, with respondents working in North America and Western Europe.

ESG asks respondents to identify areas where they have a “problematic shortage” of skills on an annual basis. Once again in 2018, survey respondents say that cybersecurity represents the biggest area where their organizations have a problematic shortage of cybersecurity skills. The #2 response was IT architecture/planning, and the #3 response was server/virtualization administration.

The global cybersecurity skills shortage won’t ease anytime soon. In fact, there’s ample evidence to suggest that things are getting worse (more on this point soon). So, what can organizations do to bridge the skills gap? Rely on service providers for help. 

The impact of the Meltdown and Spectre vulnerabilities is having a reach that exceeds any of recent memory. From servers to desktops, tablets to phones, and Intel to AMD & ARM, these security vulnerabilities impact systems and devices across the entire spectrum of computing.

Networking becomes more relevant. I refer to this as my Theory of Network Relevancy.

Microsoft recently announced its plans to acquire Avere Systems, and some moves almost make too much sense. The synergy between Avere’s technology and public cloud services has made the company a somewhat obvious target for some time now. While some have commented that the presumptive acquirer might have been Google, an early investor in Avere, strategically Microsoft makes a little more sense to me. Of the major public cloud providers, Microsoft appears the be the most open to embracing a hybrid cloud world. With other public cloud providers, often it seems like their perspective is that all of IT is divided into two groups; those that are 100% on the public cloud, and those that will be.

We sometimes see predictions of potential news items this time of the year, but those can be hard to act upon. In a prior post, I discussed major trends, and I now complement that with a list of things to do (i.e., a suggested New Year's resolutions list).

Get up to speed on SD-WAN, cloud connectivity, and network automation.

For over a year now, I’ve written about a burgeoning security technology initiative that ESG calls a security operations and analytics platform architecture (SOAPA).  Here’s a link to original blog I posted about SOAPA back in November 2016. 

Passwords. They’ve always been an ongoing IT issue, but that subject is becoming exceptionally serious as organizations strive to support a rapidly growing mobile workforce using ever-increasing numbers of devices, and consuming more and more applications from external cloud platforms. Passwords are:

• Easily forgotten and easy to guess.
• Used across multiple devices and locations resulting in an expanded attack surface.
• A significant expense and drain on IT resources.
• Difficult to enter on mobile devices.

Happy 2018 everyone – let’s hope that this is a good year for cybersecurity professionals and global cyber safety. 

Of course, an organization’s cybersecurity success is often a function of the effectiveness of the CISO. A strong CISO can mean the difference between functional cybersecurity and constant chaos.