|By Kevin Nikkhoo||
|May 19, 2013 09:00 AM EDT||
The biggest eye-opener in Gartner's recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise.
“CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if CIOs adopt new roles and behaviors to find digital value.”
Most CIOs recognize that the future of enterprise IT lay not with sitting and writing code and patching servers, but rather one of strategic development and as an integrator of business goals: riding the sea change from a person plugging in cables to an analyst; from a compiler of stacks to a broker of business needs. For more, read my article Rethinking IT Using the Cloud as a Change Catalyst.
The Gartner survey of more than 2000 CIOs, was indeed fascinating -"Hunting and Harvesting in a Digital World: The 2013 CIO Agenda"- and one of the highlights was a wish list of Technology and Business Priorities for 2013. I, of course, was encouraged (yet not surprised) to see cloud computing, workflow, business intelligence and security on the list. Although they appear on separate wish lists, they represent the key transitions and challenges of the evolving paradigm CIOs must confront to keep their resources relevant and facilitate progress…it’s no leap that the successful achievement of any or all the items on the lists require a unification of technology, process and analysis.
Before you can say “Obvious Things, for $1000, Alex,” what I would like to do is highlight some specific tactics or advantages that integrate the Top Business Priorities with Top Technology Priorities. For this, I am advocating a holistic and unified security platform to demonstrate how a CIO can advance their agenda and ensure the smooth operation of their enterprise IT landscape.
First, the complete lists:
Rather than giving you an example of each line item, I will combine several elements because a strong cloud-based security program unifies several technologies and provides the necessary business priorities. This is not to say other technologies within the purview of the CIO don’t apply, but as this is a security blog, I will keep it within the context to illustrate that the attainment of several goals can be correlated from the cloud. For that let’s look at some of the common threads that stitch together these “wish” lists.
Better visibility (analytics & business intelligence/collaboration/better operation results)-With better visibility comes better, faster decisions based on relevant data. If you can see the giant asteroid speeding towards the planet, better visibility provides the time and the layers of input to devise multiple options to prevent disaster! Yet as so much data criss-crosses the enterprise in so many forms, formats, and shared ownerships; across so many applications for a multitude of purposes, it can be difficult (and resource-heavy) to monitor and fill vulnerability gaps. Many CIOs have invested in multiple technologies and processes to mitigate risk, however unless they are linked, or work collaboratively, it’s like hiring several children to plug dykes with their fingers. I’ve seen in too many companies that although they have the right intention, the left hand does not always know what the right is doing. There are simply too many devices, agendas, access opportunities and external and internal threats NOT to centralize and unify tools like SIEM, Log Management, single sign on and identity management. The idea here is that each controls a segment of enterprise security. By allowing them to leverage each other’s capabilities—to collaborate and communicate—under a centralized monitoring platform, you get contextual information that otherwise would take considerable more time and resourced expertise to compile, analyze and react.
Unification (centralization in real time), promotes three dimensional data (or 360 degree visibility) which, in turn, improves responsiveness and control. This allows you to deploy critical resources with pinpoint accuracy based on the full measure of intelligence and policy priorities. This is the key to better operational results.
Cost-effectiveness (efficiency/cloud computing/reducing enterprise costs). Security is not cheap. You should not nickel and dime costs when the smooth operation of your enterprise, your reputation amongst customers and partners, and the protection of your IP assets are at stake With that said, not only can security be affordable, but it can actually create ROI if deployed and managed intelligently. No one disputes the need to deploy something more than a firewall or password protection, but I understand that CIOs are now looking for better ROI on their existing poker hand. That’s where the cloud makes so much sense. By packaging (deployed and managed from the cloud) the 4 solution types mentioned in “better visibility,” CIOs avoid the dragging anchor of CapEx. In fact I have seen several case studies that show such an attachment strategy (adding pieces that are not currently an owned asset) operates at a savings that the subscription cost for the entire initiative is less than annual support and maintenance for on premise. So if acquisition costs are significantly manageable, what you are left with is enterprise capabilities that increase your efficiency to resource quotient.
The whole concept of efficiency is more than just saving money and getting more bang for your buck on a cloud computing solution. If the security protocols and processes are configured using a combination of internal resources and security-as-a-service expertise, you expand your sphere of effectiveness and “protect” more virtual territory using less resources. Efficiency is about doing things better while expounding a minimum of resources. The idea of on-demand scalability (to expand or contract immediately based on business needs and not budget dictates) is another resource, cost savings concept that cloud security offers that makes your initiative right-sized. Too often initiatives are weighed down by bloated costs like investments in hardware/servers, unused licenses and lost protection time while trying to develop and deploy more complex versions.
Core competency focus (enterprise growth, legacy modernization, innovation) This is about working smarter. The reality of maintaining security across your enterprise is that the skills required to monitor, protect, update, respond, report and comply does not exist within one dedicated person, but 1/10th of 10 different people. Within a tenuous economy it is not a stretch to say IT has been the focus of a great deal of job fusion as many companies are forced to pare down staffs.
Many companies without the means to hire a large and experienced staff have found that outsourcing to an MSP (managed service provider) is a sound management decision. Taking this one step further, when you consider outsourcing features such as security-as-a-service or policy-as-a-service options, you create new benefits of security expertise (continuous tribal knowledge) without additional man hours or expense. Not only does this allow precision budgeting, but more importantly allows you to prioritize and focus on your company’s core competency. As CIO, your job transforms from resetting passwords and patching updates to applications to finding and supporting new ways to expand your business through technology.
Improved automation: (customer retention, Improving IT applications and infrastructure)Unified cloud based security makes it easier to manage users. Through automated provisioning and multi-level authentication, not only is it easier for your customers to do business with you, but you maintain their ongoing trust by being a proper steward of their private and sensitive information. More so are the behind-the-scenes policies and procedures enforced by a system that is looking at information) in real time) beyond log ins or passwords. By leveraging various aspects of identity and access management with that of SIEM’s intrusion detection and Log Management’s historical archiving, a unified system can automatically understand behavior patterns (adaptive risk) of users. Just because a log in has the right user name and password (which could have been stolen from a malware implant that records keystrokes) doesn’t mean it is the user. Using situational context, the system “sees” that the last 100 log ins came from an IP address in Provo, Utah…but this one is coming from overseas at 3am and is trying to access information not often viewed. The improved automated policy now sends an alert to the analyst who can put a block in place and shut down the incursion.
But automation keeps your infrastructure in good working order too. Not only does it help maintain whichever industry compliance regulation you company is required to follow, but through automatic provisioning controls what your internal users can do and see. Joe gets hired as a sales exec. As soon as he is added to Active Directory or LDAP and his role is identified, he is given a certain view of the network. And the reverse happens immediately once he leaves the company; removing the threat of sabotage or data theft or an access vulnerability left open to exploit.
Facilitating productivity (Legacy modernization, mobile tech, retaining workforce) The highest goal for any CIO is to find ways to make the enterprise more resilient, stronger and to fulfill its needs. Going back to mapping behavior patterns (as discussed above), another benefit of unified cloud based security is that it allows a CIO to see not just the negative tendencies (and vulnerabilities that keep you up at night), but the way employees work. Using technology, how can the CIO improve productivity? Tablets, phones and other personal devices? The best applications and solutions? The trick is to examine the needs and then broker the best way to facilitate the need without compromising security.
In the case of new applications, a variety of solutions can be designated across the enterprise and directed at specific users through rule and responsibility-based provisioning. This way access is controlled to only those who need to see certain features and the data is secure from unauthorized sources. In terms of BYOD, each company must make a decision on what these devices are allowed to access—from email to ERP data—and what is the policy on securing the individual devices.
Some analysts see 2013 as a tipping point in terms of technologies. This includes mobile, analytics, big data, social and cloud technologies. The CIO needs to be ready for this paradigm change.
One of the more salient points from the Gartner survey stems from the fact that only 43% of technology’s true business potential is being exploited to give companies a competitive edge. This, Gartner says, can’t continue, and if IT is to remain relevant in an increasingly digital world then there will have to be a substantial increase in this percentage.
Where this Gartner survey refers to cloud computing in general, this blog could apply to virtually any cloud-supported strategy. It’s a big fluffy cloud out their and the 21st century needs to take full advantage of the agility and manageability the cloud provides. Move beyond the hype. Go beyond the buzzwords and the flavors of the month and see how a virtualized strategy improves your productivity, vision-to-reality proposals and your bottom line. To this, I am saying that cloud-based security needs to be incorporated as part of this sea-change so that any sized company in any industry may realize the long term benefits of achieving the priorities noted on the Gartner lists. The features, functions, capabilities and reliability have matured to where they can easily and effectively support the vision of any forward-thinking CIO.
If you want a PDF of this article, feel free to get it HERE. This is a direct d/l!
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
Jul. 25, 2016 05:45 AM EDT Reads: 1,343
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
Jul. 25, 2016 05:00 AM EDT Reads: 2,001
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to imp...
Jul. 25, 2016 04:15 AM EDT Reads: 2,389
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
Jul. 25, 2016 03:45 AM EDT Reads: 2,152
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...
Jul. 25, 2016 01:45 AM EDT Reads: 1,217
SYS-CON Events announced today that MangoApps will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device.
Jul. 25, 2016 01:30 AM EDT Reads: 1,249
Basho Technologies has announced the latest release of Basho Riak TS, version 1.3. Riak TS is an enterprise-grade NoSQL database optimized for Internet of Things (IoT). The open source version enables developers to download the software for free and use it in production as well as make contributions to the code and develop applications around Riak TS. Enhancements to Riak TS make it quick, easy and cost-effective to spin up an instance to test new ideas and build IoT applications. In addition to...
Jul. 25, 2016 12:30 AM EDT Reads: 1,875
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
Jul. 25, 2016 12:15 AM EDT Reads: 2,489
"We've discovered that after shows 80% if leads that people get, 80% of the conversations end up on the show floor, meaning people forget about it, people forget who they talk to, people forget that there are actual business opportunities to be had here so we try to help out and keep the conversations going," explained Jeff Mesnik, Founder and President of ContentMX, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jul. 24, 2016 11:30 PM EDT Reads: 1,268
“delaPlex Software provides software outsourcing services. We have a hybrid model where we have onshore developers and project managers that we can place anywhere in the U.S. or in Europe,” explained Manish Sachdeva, CEO at delaPlex Software, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jul. 24, 2016 11:00 PM EDT Reads: 1,503
From wearable activity trackers to fantasy e-sports, data and technology are transforming the way athletes train for the game and fans engage with their teams. In his session at @ThingsExpo, will present key data findings from leading sports organizations San Francisco 49ers, Orlando Magic NBA team. By utilizing data analytics these sports orgs have recognized new revenue streams, doubled its fan base and streamlined costs at its stadiums. John Paul is the CEO and Founder of VenueNext. Prior ...
Jul. 24, 2016 10:45 PM EDT Reads: 1,988
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effi...
Jul. 24, 2016 10:00 PM EDT Reads: 1,959
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm ...
Jul. 24, 2016 09:45 PM EDT Reads: 2,127
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
Jul. 24, 2016 09:00 PM EDT Reads: 2,467
Big Data engines are powering a lot of service businesses right now. Data is collected from users from wearable technologies, web behaviors, purchase behavior as well as several arbitrary data points we’d never think of. The demand for faster and bigger engines to crunch and serve up the data to services is growing exponentially. You see a LOT of correlation between “Cloud” and “Big Data” but on Big Data and “Hybrid,” where hybrid hosting is the sanest approach to the Big Data Infrastructure pro...
Jul. 24, 2016 07:45 PM EDT Reads: 1,857
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
Jul. 24, 2016 07:30 PM EDT Reads: 1,700
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jul. 24, 2016 07:30 PM EDT Reads: 2,062
With 15% of enterprises adopting a hybrid IT strategy, you need to set a plan to integrate hybrid cloud throughout your infrastructure. In his session at 18th Cloud Expo, Steven Dreher, Director of Solutions Architecture at Green House Data, discussed how to plan for shifting resource requirements, overcome challenges, and implement hybrid IT alongside your existing data center assets. Highlights included anticipating workload, cost and resource calculations, integrating services on both sides...
Jul. 24, 2016 07:00 PM EDT Reads: 1,933
"We are a well-established player in the application life cycle management market and we also have a very strong version control product," stated Flint Brenton, CEO of CollabNet,, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jul. 24, 2016 06:45 PM EDT Reads: 1,766
Unless your company can spend a lot of money on new technology, re-engineering your environment and hiring a comprehensive cybersecurity team, you will most likely move to the cloud or seek external service partnerships. In his session at 18th Cloud Expo, Darren Guccione, CEO of Keeper Security, revealed what you need to know when it comes to encryption in the cloud.
Jul. 24, 2016 05:00 PM EDT Reads: 2,368