ESG Blogs

As the ESG team gears up to attend Google NEXT, these are some of the hot spots we will be focused on:

• The first and most obvious will be to see what stakes Thomas Kurian is driving into the ground to help drive Google Cloud execution in the market and candidly to see how they intend to close the gap with AWS and Microsoft Azure.
• Google NEXT has historically scored an A on technology and a C on a clearly defined message and execution strategy into the enterprise. My observation is that attendees participate in Google NEXT because they see great things with the technology but have historically walked away without a clear path to simple things that are highly relevant to enterprise IT--e.g., virtual machine migration, basic cloud readiness assessment, and relevance of legacy IT that is anchored to on-prem infrastructure and process.

With Google Next 2019 coming up, there are a few items I’m looking forward to hearing about.

First and foremost, I’m excited to hear from the new GCP CEO Thomas Kurian and what his vision and plans are for the organization over the next 12-18 months. I think many in the industry understand some of the steps Google needs to make to become the cloud powerhouse it desires to be, with arguably the largest being a greater focus on hybrid cloud enablement. I think we caught a glimpse of that with the Alooma acquisition. I’m hoping to hear more about the plans for Alooma, where/how it will be integrated and some roadmap details on deeper integrations across GCP services.

Chinese military strategist Sun Tzu is quoted as saying, “if you know the enemy and you know yourself, you need not fear the results of a hundred battles.” In cybersecurity terms, this means knowing the cyber-adversaries and associated tactics, techniques, and procedures (TTPs) they use to attack your organization. Additionally, Sun Tzu’s quote extends to an organizational reflection where you must know everything about your technical, human, and even physical vulnerabilities in order to apply the best protection for critical assets.

Next week is Google Cloud Next. Are you ready? Before we get inundated with all the cloud news over the next few days, I thought I would take a moment and share the two questions that are framing my expectations for the event next week in San Francisco.

• What steps is Google taking to lead the IT and Business transformation? The cloud and innovative data services offered by Google are changing what is possible for businesses to achieve with their data. What is on the plate for 2019? And what should businesses be doing to position themselves to maximize what Google has to offer? How is Google helping them?

I spend a lot of time in the enterprise space but there's quite a bit going on in the SMB and the mid-market too, which are the hunting grounds of Unitrends.  I recently talked to Joe Noonan about Unitrends' strategy and focus. You can see this data protection conversation here.   

This week, Unitrends, now a  Kaseya company, launched an interesting new appliance that will help SMBs, mid-sized organizations, and MSPs with their data protection mandates. One of the challenges in many smaller organizations, or decentralized offices, is having local infrastructure for quick data/application recovery. 

This week, Pure Storage announced that it entered into a definitive agreement to acquire Compuverde. According to Pure Storage, the addition of Compuverde will expand Pure’s file-based storage capabilities, as well as its ability to support hybrid cloud deployments. Those are the basics, so let’s look at what all this means.

This is a move in the right direction, but only time will tell whether it is the right move for Pure.

There are very few things I know for certain. The future is often unpredictable. If there were two things, though, that I would be willing to bet almost any amount of money on, it would be:

Whip it good--as old friend Dimitri Vlachos from Devo stopped by the ESG video studio to kick off our 2019 SOAPA video series. If you are unfamiliar with Devo, the company describes itself as follows:

Devo delivers real-time operational and business insights from analytics on streaming and historical data to operations, IT, security, and business teams at the world’s largest organizations.

As organizations struggle with the complexity and number of security tools in use, the dream of an integrated platform seems convincingly like a good idea. Surely life would be less complex with fewer tools to manage, systems that were designed and built to work together, and fewer vendors to deal with. But there will be new challenges and tradeoffs to consider that will require some planning and effort.

Over the past few years, ESG has promoted the security operations and analytics platform architecture (SOAPA). Just what is SOAPA? A multi-layered heterogenous architecture designed to integrate disparate security analytics and operations tools. This architecture glues incongruent security analytics tools together to improve threat detection, and then tightly-couples security analytics with operations tools to accelerate and automate risk mitigation and incident response. After all, you can have great security analytics for investigations, threat hunting, and root-cause analysis, but this all means diddlysquat if you can’t use these analytics to make and execute timely incident response and risk mitigation decisions.

I remember giving a presentation when I first started working in cybersecurity in 2003 (note: it was called information security back then). I talked about the importance of good security hygiene, focusing on deploying secure system configurations, managing access controls, and performing regular vulnerability scans.