|By Kevin Nikkhoo||
|May 19, 2013 09:00 AM EDT||
The biggest eye-opener in Gartner's recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise.
“CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if CIOs adopt new roles and behaviors to find digital value.”
Most CIOs recognize that the future of enterprise IT lay not with sitting and writing code and patching servers, but rather one of strategic development and as an integrator of business goals: riding the sea change from a person plugging in cables to an analyst; from a compiler of stacks to a broker of business needs. For more, read my article Rethinking IT Using the Cloud as a Change Catalyst.
The Gartner survey of more than 2000 CIOs, was indeed fascinating -"Hunting and Harvesting in a Digital World: The 2013 CIO Agenda"- and one of the highlights was a wish list of Technology and Business Priorities for 2013. I, of course, was encouraged (yet not surprised) to see cloud computing, workflow, business intelligence and security on the list. Although they appear on separate wish lists, they represent the key transitions and challenges of the evolving paradigm CIOs must confront to keep their resources relevant and facilitate progress…it’s no leap that the successful achievement of any or all the items on the lists require a unification of technology, process and analysis.
Before you can say “Obvious Things, for $1000, Alex,” what I would like to do is highlight some specific tactics or advantages that integrate the Top Business Priorities with Top Technology Priorities. For this, I am advocating a holistic and unified security platform to demonstrate how a CIO can advance their agenda and ensure the smooth operation of their enterprise IT landscape.
First, the complete lists:
Rather than giving you an example of each line item, I will combine several elements because a strong cloud-based security program unifies several technologies and provides the necessary business priorities. This is not to say other technologies within the purview of the CIO don’t apply, but as this is a security blog, I will keep it within the context to illustrate that the attainment of several goals can be correlated from the cloud. For that let’s look at some of the common threads that stitch together these “wish” lists.
Better visibility (analytics & business intelligence/collaboration/better operation results)-With better visibility comes better, faster decisions based on relevant data. If you can see the giant asteroid speeding towards the planet, better visibility provides the time and the layers of input to devise multiple options to prevent disaster! Yet as so much data criss-crosses the enterprise in so many forms, formats, and shared ownerships; across so many applications for a multitude of purposes, it can be difficult (and resource-heavy) to monitor and fill vulnerability gaps. Many CIOs have invested in multiple technologies and processes to mitigate risk, however unless they are linked, or work collaboratively, it’s like hiring several children to plug dykes with their fingers. I’ve seen in too many companies that although they have the right intention, the left hand does not always know what the right is doing. There are simply too many devices, agendas, access opportunities and external and internal threats NOT to centralize and unify tools like SIEM, Log Management, single sign on and identity management. The idea here is that each controls a segment of enterprise security. By allowing them to leverage each other’s capabilities—to collaborate and communicate—under a centralized monitoring platform, you get contextual information that otherwise would take considerable more time and resourced expertise to compile, analyze and react.
Unification (centralization in real time), promotes three dimensional data (or 360 degree visibility) which, in turn, improves responsiveness and control. This allows you to deploy critical resources with pinpoint accuracy based on the full measure of intelligence and policy priorities. This is the key to better operational results.
Cost-effectiveness (efficiency/cloud computing/reducing enterprise costs). Security is not cheap. You should not nickel and dime costs when the smooth operation of your enterprise, your reputation amongst customers and partners, and the protection of your IP assets are at stake With that said, not only can security be affordable, but it can actually create ROI if deployed and managed intelligently. No one disputes the need to deploy something more than a firewall or password protection, but I understand that CIOs are now looking for better ROI on their existing poker hand. That’s where the cloud makes so much sense. By packaging (deployed and managed from the cloud) the 4 solution types mentioned in “better visibility,” CIOs avoid the dragging anchor of CapEx. In fact I have seen several case studies that show such an attachment strategy (adding pieces that are not currently an owned asset) operates at a savings that the subscription cost for the entire initiative is less than annual support and maintenance for on premise. So if acquisition costs are significantly manageable, what you are left with is enterprise capabilities that increase your efficiency to resource quotient.
The whole concept of efficiency is more than just saving money and getting more bang for your buck on a cloud computing solution. If the security protocols and processes are configured using a combination of internal resources and security-as-a-service expertise, you expand your sphere of effectiveness and “protect” more virtual territory using less resources. Efficiency is about doing things better while expounding a minimum of resources. The idea of on-demand scalability (to expand or contract immediately based on business needs and not budget dictates) is another resource, cost savings concept that cloud security offers that makes your initiative right-sized. Too often initiatives are weighed down by bloated costs like investments in hardware/servers, unused licenses and lost protection time while trying to develop and deploy more complex versions.
Core competency focus (enterprise growth, legacy modernization, innovation) This is about working smarter. The reality of maintaining security across your enterprise is that the skills required to monitor, protect, update, respond, report and comply does not exist within one dedicated person, but 1/10th of 10 different people. Within a tenuous economy it is not a stretch to say IT has been the focus of a great deal of job fusion as many companies are forced to pare down staffs.
Many companies without the means to hire a large and experienced staff have found that outsourcing to an MSP (managed service provider) is a sound management decision. Taking this one step further, when you consider outsourcing features such as security-as-a-service or policy-as-a-service options, you create new benefits of security expertise (continuous tribal knowledge) without additional man hours or expense. Not only does this allow precision budgeting, but more importantly allows you to prioritize and focus on your company’s core competency. As CIO, your job transforms from resetting passwords and patching updates to applications to finding and supporting new ways to expand your business through technology.
Improved automation: (customer retention, Improving IT applications and infrastructure)Unified cloud based security makes it easier to manage users. Through automated provisioning and multi-level authentication, not only is it easier for your customers to do business with you, but you maintain their ongoing trust by being a proper steward of their private and sensitive information. More so are the behind-the-scenes policies and procedures enforced by a system that is looking at information) in real time) beyond log ins or passwords. By leveraging various aspects of identity and access management with that of SIEM’s intrusion detection and Log Management’s historical archiving, a unified system can automatically understand behavior patterns (adaptive risk) of users. Just because a log in has the right user name and password (which could have been stolen from a malware implant that records keystrokes) doesn’t mean it is the user. Using situational context, the system “sees” that the last 100 log ins came from an IP address in Provo, Utah…but this one is coming from overseas at 3am and is trying to access information not often viewed. The improved automated policy now sends an alert to the analyst who can put a block in place and shut down the incursion.
But automation keeps your infrastructure in good working order too. Not only does it help maintain whichever industry compliance regulation you company is required to follow, but through automatic provisioning controls what your internal users can do and see. Joe gets hired as a sales exec. As soon as he is added to Active Directory or LDAP and his role is identified, he is given a certain view of the network. And the reverse happens immediately once he leaves the company; removing the threat of sabotage or data theft or an access vulnerability left open to exploit.
Facilitating productivity (Legacy modernization, mobile tech, retaining workforce) The highest goal for any CIO is to find ways to make the enterprise more resilient, stronger and to fulfill its needs. Going back to mapping behavior patterns (as discussed above), another benefit of unified cloud based security is that it allows a CIO to see not just the negative tendencies (and vulnerabilities that keep you up at night), but the way employees work. Using technology, how can the CIO improve productivity? Tablets, phones and other personal devices? The best applications and solutions? The trick is to examine the needs and then broker the best way to facilitate the need without compromising security.
In the case of new applications, a variety of solutions can be designated across the enterprise and directed at specific users through rule and responsibility-based provisioning. This way access is controlled to only those who need to see certain features and the data is secure from unauthorized sources. In terms of BYOD, each company must make a decision on what these devices are allowed to access—from email to ERP data—and what is the policy on securing the individual devices.
Some analysts see 2013 as a tipping point in terms of technologies. This includes mobile, analytics, big data, social and cloud technologies. The CIO needs to be ready for this paradigm change.
One of the more salient points from the Gartner survey stems from the fact that only 43% of technology’s true business potential is being exploited to give companies a competitive edge. This, Gartner says, can’t continue, and if IT is to remain relevant in an increasingly digital world then there will have to be a substantial increase in this percentage.
Where this Gartner survey refers to cloud computing in general, this blog could apply to virtually any cloud-supported strategy. It’s a big fluffy cloud out their and the 21st century needs to take full advantage of the agility and manageability the cloud provides. Move beyond the hype. Go beyond the buzzwords and the flavors of the month and see how a virtualized strategy improves your productivity, vision-to-reality proposals and your bottom line. To this, I am saying that cloud-based security needs to be incorporated as part of this sea-change so that any sized company in any industry may realize the long term benefits of achieving the priorities noted on the Gartner lists. The features, functions, capabilities and reliability have matured to where they can easily and effectively support the vision of any forward-thinking CIO.
If you want a PDF of this article, feel free to get it HERE. This is a direct d/l!
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Mar. 25, 2017 01:30 PM EDT Reads: 1,654
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, will posit that disruption is inevitable for c...
Mar. 25, 2017 01:15 PM EDT Reads: 2,021
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Mar. 25, 2017 12:45 PM EDT Reads: 1,848
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
Mar. 25, 2017 12:45 PM EDT Reads: 1,640
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Mar. 25, 2017 12:30 PM EDT Reads: 5,047
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
Mar. 25, 2017 12:30 PM EDT Reads: 1,146
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
Mar. 25, 2017 12:00 PM EDT Reads: 892
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Mar. 25, 2017 11:15 AM EDT Reads: 1,511
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buyers...
Mar. 25, 2017 11:00 AM EDT Reads: 3,531
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
Mar. 25, 2017 10:45 AM EDT Reads: 2,063
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
Mar. 25, 2017 10:00 AM EDT Reads: 2,906
SYS-CON Events announced today that SD Times | BZ Media has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and commercial UAV markets.
Mar. 25, 2017 09:15 AM EDT Reads: 4,206
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
Mar. 25, 2017 08:30 AM EDT Reads: 2,026
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Mar. 25, 2017 08:00 AM EDT Reads: 4,072
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Mar. 25, 2017 08:00 AM EDT Reads: 14,009
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
Mar. 25, 2017 06:45 AM EDT Reads: 2,788
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Mar. 25, 2017 03:00 AM EDT Reads: 5,774
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Mar. 25, 2017 12:15 AM EDT Reads: 1,757
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
Mar. 25, 2017 12:00 AM EDT Reads: 669
TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets. By creating abundant, high-quality editorial content across more than 140 highly targeted technology-specific websites, TechTarget attracts and nurtures communities of technology buyers researching their companies' information technology needs. By understanding these buyers' content consumption behaviors, TechTarget creates the purchase inte...
Mar. 24, 2017 10:15 PM EDT Reads: 4,242