BYOD, Management and Security

This week’s Economist has a short article on mobile device security. Rightfully so, they recognize the security threat is data loss as opposed to malware. As discussed in previous posts, the BYOD challenge is about management of devices.  Data loss prevention is most effective when it is aware the device exists and is accessing, sitting or transmitting certain information when it should not be.

We have been asked recently about the potential growth in the BYOD space.  It won’t come from malware.  It will come from a proliferation of devices, from the common smartphone to the latest wearable, that is retaining and transmitting information the enterprise simply does not want transmitted. And please remember, data is not just spreadsheet attachments in an email,  more importantly it is video, taken innocently or not in the office, that poses data loss problems.

That is the threat of BYOD.

SDN and the Cloud – quick thought

If SDN, and it’s “sister” NFV, actually achieve the hype that has been circulating could we actually have a day where infrastructure cloud providers are really no longer “independently” purchased by the data center manager (or CMO, or COO, or whatever flavor of “business driven cloud consumer” you choose).  Instead, could we see a day where there are ecosystems in place such that the SDN management software has a direct link with specific cloud providers (e.g. one for compute, another for storage, etc.).  some have called that “real time infrastructure”.  My question though is – could, concurrently, each SDN ecosystem have an optimized set of API’s such that the SDN management software can dynamically provision and de-provision pre-determined, contractually bound, specific cloud sourced resources real-time, from a pre-selected cloud provider in that eco-system.

At that point, the data center manager really doesn’t care who the specific cloud provider is, assuming that the ecosystem has properly vetted that cloud provider.  If that is possible, then is it possible that one of the very large global infrastructure providers would own both ends (the SDN Management environment AND the cloud infrastructure services)?  Do IaaS cloud providers really then focus their attention on SDN developers, rather than data center managers?

The Cloud rains on a brittle market

Market trends gain strength from the correctness of their promises. Is it cheaper, faster, more secure? Dilute the promises and a forceful market becomes brittle. Crack a brittle market and revenue disappears.

By the way, what ever happened to Netbooks? Four years ago Netbooks were going to save the PC industry. Now they are gone, victims of the brittle market. IT departments loved Netbooks as their convenient answer to popular tablets. In a brittle market Netbooks were swamped by BYOD.

The market for enterprise computing equipment versus cloud services is in the brittle stage. The promises of the cloud gain strength while counter forces are losing at the flanks. This post is not about the cloud. This is about the market. Promises of lower cost, ease of use, scalable power are strengthening. The opposition is brittle and when it breaks the flow of dollars will shift dramatically.

The dollars in question are those spent by corporations on servers, storage and networking – the data center. Corporations buy name brand equipment. Cloud providers develop their own equipment and save money and by doing so. They also change the dynamic of revenue growth and profit generation in the IT market. A shift from corporate computing to the cloud means more than a redirection of dollars. It means a fundamental shift as cloud service providers challenge OEM equipment vendors in the development of new technology.

The cloud does to IT management what robots did to manufacturing so, naturally, there is internal management resistance. Management’s main and plausible objection has been security.  They also point to the increased cost of data connections. While conceding that these are crucial, and without in any way diminishing their importance, realize that one day security will be solved and the cost of data transport will continue to decline.  As this happens the brittle market will crack.

What happens then? Well, consider that Google, like all of the large scale cloud providers, does not use state of the art high end servers of the type you see at Interop. They optimize their cost, power consumption and space utilization with a vast array of commodity systems. On top of that, the Google file system competes directly with the value delivered by classic storage system vendors, demonstrating that cloud providers dilute the need for major manufacturers.

Imagine a world where pick up/ drop off laundry service was incredibly cheap and effective. Would you own a washer and dryer?

OCP and the Channel

As the Open Compute Project (OCP) matures, we are being asked from all corners of the channel – “what does it mean”.  (as a side note, why does the channel get so nervous with every technological evolution?  The channel is here to stay, whether it is cloud, or OCP.)

The OCP is about huge data centers buying commodity compute, storage, and network components that are built to a standard spec,and then the data center firm optimizing the integration and configuration for their own business.  

What this does to the channel is only upside.  Since these large data center players were bypassing the channel and going direct to the traditional server vendors in the past, the fact that the data center player is configuring their own data center does not hurt the channel since the business wasn’t going via the channel to begin with.

What this does for the vendors of servers, storage and compute, companies such as Dell, IBM, Cisco, EMC, Netapp, is perhaps a bit more eye-opening.  We would assume that these vendors will replace the lost opportunity for sales to these data center players with more activity within traditional enterprise and SMB customers.  And, these customers are serviced via the channel.  

At this point, we believe OCP will be good for the channel.  Strengthening and reinvigorating server, storage and networking vendor relationships to obtain the reach and revenue that is being lost as OCP takes hold in the large data center player markets.

The channel is about relationships, services, financing, go-to-market, tech expertise, logistics and enablement. The compute, storage and network vendors will, arguably, need more of these capabilities as their customer base evolves.

iOS or Android? The key option for your new car

Carmakers offer plenty of choices, but not the one we need – Android, or iOS. Look on the sticker of your new car and you’ll find a $1,000 to $2,000 option for an entertainment or navigation system that has less capability than your typical smart phone.

Nokia, Blackberry and Motorola have all learned the hard way that apps drive the device and the operating system drives the apps. On the other hand, new vehicles come with closed operating systems and a set of confusing and inconsistent manufacturer supplied apps.

I made two round trips from Florida to New Jersey in the last 60 days. My 2012 RAM 1500 pulled another car on a trailer without slowing down. The truck gets an A for acceleration, braking, comfort and sound system. Garmin navigation is excellent. The entertainment options all work, but the interface is quirky. Turn the knob? Or look for the button on the touch-screen? Big icons let you know you are listening to radio while a tiny font tells you what song is playing. Soon, they will make it illegal to read that tiny font while driving. Get a phone call and you have to wait until the system finishes telling you that you have an inbound call before it will answer.

Driving a Mustang convertible with a 5.0 and 6 speed manual transmission down the Blue Ridge Parkway is so wonderful that even the trooper who pulls you over has to smile. Maybe if I offer him a chance at the wheel I can avoid a ticket.

Of course, he might get a little peeved when the radio tells him his iPhone has too many songs to sync.  Everyone gets a chuckle at the ‘Send” and “End” prompts for phone calls. Wasn’t that how cell phones worked in the 90’s? The 5 gig hard drive is there for you to load a personal jukebox. But you can’t load mp3’s or iTunes, you can only rip CD’s. You still buy CD’s, right? Are these cars meant for old people?

Bloomberg Businessweek had a commentary suggesting a startup wizard for new cars. Meanwhile a new iPhone comes with tiny pages containing government required safety messages like, “Don’t hold the power cord in your mouth while you plug it in.” Android and iOS  phones and tablets compete on how intuitive they are and how you don’t need a manual. Ford’s Mustang Sync manual is 100 pages. We don’t need a startup wizard. We need auto manufacturers to join this century.

Tonight, I will look through the manual again and see if I can figure out why my phone starts to play music automatically when the car starts. Step on the clutch, start the engine…take out the phone and stop iTunes…release the brake and drive away.

SEA: Geeks in the attack

When Tim Berners-Lee proposed a world wide web in 1989, did he expect modern conflicts, protests, and revolutions to include cyber violence? You can count on it today. CNN visuals of stone throwing crowds are invariably accompanied by geeks wreaking havoc behind the scenes.

The Syrian Electronic Army covers the flank of Assad’s regime by attacking blogs, opinion sites, news outlets, and anyone critical of their side. Recent victims of the SEA include the Financial Times, Associated Press, ITV London, Guardian, . . . the list goes on.

Google “SEA” and read about ongoing counter-efforts to deny SEA resources for their antics. While interesting, I believe the real kernel of courage in this story comes from the onion. Onion Inc’s Tech Blog details how the SEA hacked the onion. By disclosing their methods, Onion’s techs hope to help you avoid the same fate. Give it a read!

Companies deal with cyber vulnerabilities

Public companies are required to disclose risks to their business. Responding to Congressional pressure in 2011, the SEC highlighted cyber incidents as a category for future reporting. Since then we have seen a slow but steady increase in the number of reported incidents as well as the severity of the risk language.

The comments in current filings paint a vivid picture of corporate risk and provide considerable justification for increased investment in policy, practice and products to minimize exposure to cyber risk.

“Cybersecurity becomes an issue of global importance,” according to JP Morgan. Further,”Cybersecurity is a critical priority for the entire company, from the CEO on down. Cybersecurity is increasingly becoming more complex and more dangerous.”

Once burned, and even more vigilant today, EMC states “Cybersecurity breaches could expose us to liability, damage our reputation, compromise our ability to conduct business, require us to incur significant costs or otherwise adversely affect our financial results.”

Smaller is not safer in the cyber world. Here are a couple of examples showing the nature of risk events and the ongoing liabilities resulting from cyber incidents (click the links and scroll down to highlighted words):