Tech Trends Archives

This Ain’t Your Father’s DR

The same bean-counters – excuse me, cost-conscious CFOs – who are forcing every part of IT to deliver more services for less are now reshaping disaster recovery.

As I recently reported for Computerworld, the days of dedicated “hot site” DR with banks of expensive servers and storage waiting around for a volcano to blow are long gone, except for the most mission-critical applications.

Most customers are more pragmatic. Some are using virtualization to quickly reshuffle production applications onto less-critical test or development environments in case of an outage, forcing the less-critical workloads to wait until the trouble is over. Others are providing limited uptime rather than immediate 24/7 coverage. If that means payroll has to work from 9 PM to midnight on Sunday night to process paychecks during the emergency, so be it.

Some vendors are claiming the cloud will finally bring DR to the small to medium sized businesses who until now couldn’t afford it. But I found some SMBs who are not only skeptical of security in the cloud, but turned off by the prices some vendors are charging on a per-server basis. If you’re marketing cloud-based DR. be ready to prove it delivers on ease of use, low cost and security.

Anyone claiming to provide cloud DR also must show how its lets customers monitor the health and security of their DR site. Across all sectors of IT, customers are demanding business-friendly reports and dashboards so they can constantly monitor the costs and the benefits of their internal and external service providers, and that also goes for cloud DR.

In this era of wired and cloud-centric everything, I was surprised to learn how many companies still back up data by physically shipping tapes or (increasingly) portable hard drives to remote locations. That is still more cost-effective, it seems, than spending big bucks on the replication software and huge network connections it would take to move today’s data stores over the network. As one user joked, “FedEx is still the largest-bandwidth network out there.” Obviously, lower-cost, easier or even automated options for replicating data over today’s networks are a good play.

A final note to cloud and DR marketers: The confusion around different types of cloud and DR is reaching crisis proportions. For example, sometimes the term “private cloud” means a virtualized, on-demand infrastructure within an organization’s own firewall rather than that of an external provider. Other times, it also means a customer’s dedicated hardware running at an external site. Sometimes “hybrid” means a mixed public/private cloud, and other times a mix of virtual and physical servers.

I’ve seen some reports that such confusion is spooking customers so much they’re throwing up their hands and delaying a purchase decision. That’s a disservice not only to you, but the entire market. Whenever you’re unsure if “everyone knows” what your definition of “cloud” means, the safest bet is to explain it anyway – as clearly and simply as you can.

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.

Easy Cloud Security: The Next Killer App?

Conventional wisdom has it that security fears keep the largest customers and their most critical applications away from clouds (at least public, multitenant providers such as Amazon.com)

But security isn’t the bugaboo it used to be. In fact, “security as a service” that matches the agility and ease of use of the cloud is a huge potential market current security vendors aren’t reaching. And therein lies potential opportunity for security vendors.

That was the message from customers, analysts and cloud providers at a dinner discussion hosted by security software and services provider StillSecure the other night in Boston. Customer surveys show security dropping as a barrier to cloud adoption by customers, said Carl Brooks, an analyst at Tier1 Research. Compliance, however, is holding steady as a major concern.

Security vs. Compliance

That rang a bell with many around my table, who lamented that security is a “nice to have” that companies are reluctant to spend on until they’ve been breached, while compliance is forced on them by outsiders such as regulators. They also pointed out that the security provided by cloud players such as Amazon is at least as strong as that most organizations can provide themselves, at least at the infrastructure level of servers and networks.

Application-level security is another story, though, and where cloud security (while achievable) is often too expensive and cumbersome. While businesses do want more “visibility” into security through dashboards and reports, the last thing they need are endless reams of log file data that don’t mean anything to them, said Brooks. Nor, said StillSecure Chairman and CEO Rajat Bhargava, do they want to manage security themselves.

Wanted: “Click and Go” Security

What they do want was described to me by David Greenstein, co-founder and CTO of startup Kibits, a mobile micro social-networking and information sharing platform. He wants “click and go” cloud security that allows him to instantly apply security policies to new servers as he spins them up in the cloud, without the need for manual configuration. As for reports, he only wants to receive alerts for an attack or vulnerability he needs to do something about. Trying to grow a company on a limited budget, he doesn’t want to spend any more time, money or effort than absolutely necessary for functions such as security that aren’t his core competence.

While there are “frameworks” for cloud development and deployment (a topic of an upcoming story I’m doing for Computerworld) no one around my table knew of a comparable framework for security. Larger security and systems management vendors, it seems, are either too busy solving security problems in current customer environments or not sufficiently clued in to the needs of the new, cloud-based corporate infrastructures.

Hurdles and Opportunities 

Some of the hurdles to this “security as a service” include educating customers (especially small to mid-size businesses) about basics such as firewalls and the dangers of giving users root (or administrator) access to systems. Assuring compliance is even trickier given the vague requirements of regulations such as HIPAA (governing patient care) and Sarbanes-Oxley (protecting corporate financial information.) But given customers’ desire to cut costs, services that could boost both compliance and security could be a huge win.

But there does seem to be a market out there for automatic, policy-based, server and application layer security services that can be applied and monitored as easily as spinning up a server in the public cloud. What companies out there are offering such services we at the dinner haven’t heard about?

 

 

 

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.

Coffee With Bob For Those 25 Hour Days

Just checking Twitter once more before logging off...

Nothing makes me feel like a real industry expert than coffee with PR veteran Tim Hurley, who recently let me pontificate on his Web site about tech, PR and media trends in 2012. Based on a whole mess of reporting I’ve been doing for publications such as Computerworld and InfoWorld, and ongoing marketing work with clients in the cloud, storage and outsourcing areas, trends I managed to pick out of my cluttered mind include…

  • Cloud computing going mainstream
  • Not only apps, but everything IT, going mobile, and
  • The challenge of using social media to enrich customers’ lives rather than distract them to death.

Another big trend I keep seeing is internal IT staffs, and outsourcers, struggling to move up the fabled value chain and deliver innovation, and not just lower cost, to the business. This requires change not only in business models (how staff and outsourcers are measured and paid) but changes in mindset. Good luck doing that while cutting costs and keeping the wheels turning in a tough economy.

On the media/communications/PR/marketing world, I observed that content marketing is still struggling to prove its worth to the enterprise, as is social media. I also predicted, somewhat hopefully, that “content curation” (automatically gathering content from around the Web to push to readers) will turn out to be just another buzzword. Why so nervous? Because, despite claims to the otherwise, I think it  undermines my value proposition of creating unique, high-quality content. Hey, as Andy Grove once said, even paranoiacs have real enemies.

On the skills front, I recommend PR and marketing pros learn how to 1) work with social media without busting the budget or working 25 hours a day, 2) cost-justify these social media and content marketing efforts, and 3) develop a multimedia strategy that includes podcasts, video and Webinars easily viewable on mobile devices.

One of my predictions, that PR agencies that still focus on story placement in print pubs are missing the boat, has already been undermined by several PR pros telling me such placements still drive leads. They’re also very important to Indian-based outsourcing vendors, because in India the print trade press is still far more robust than in the U.S.

Let me know if I’m right or wrong on story placement, and if you have any great ideas for how not to work 25 hours a day.

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.

What Next: Cage-Free Disk Drives?

Make me really smile by paying me more than 60 cents an hour to make your toys.

In the wake of news reports of horrendous conditions at the Chinese plants that make Apple’s iPhone (and just about every gadget we love) ZDNet’s Adrian Kingsley-Hughes asked readers how much more they would pay for “ethical” consumer electronics – in other words, that were built in safe, humane working conditions.

It’s question that goes right to the core of our entire fast-changing, tech-happy, consumption driven IT business model. As I recently wrote for the Global Delivery Report site I edit, companies like Apple rely on China not just for lower costs, but the flexibility to, say, change out the screen on a phone at the last minute so customers get the absolute coolest product possible. If 8,000 workers in China must be roused out of bed to make the last-minute change, so be it.

What percent of the business and consumer tech market would be willing to pay a premium for an iPad, notebook or home router certified to be made in a factory that protected workers’ lives and paid them a decent wage? Maybe 10% of the market? 20%? If the experience of organic grocer Whole Foods is any guide, there are enough upper-income folks out there to support a decent business (or maybe a store within a store at retailers such as Best Buy) selling such guilt-free goods.

True, at Whole Foods (which some folks call “Whole Ppaycheck” due to its nosebleed prices) you get the benefit of supposedly healthier food along with the feeling you’re helping the environment and not exploiting farm workers. Maybe combining the “fair trade” promise with “Made Domestically” would be enough to separate you from more of your money.

As with Whole Foods (and, heck, with Apple) the key is marketing and presentation to a high-end audience. (Ever wonder why the boxes of cantaloupes are left unpacked in Whole Foods? Because it looks more rustic.) The “green” theme will have to go beyond the eco-friendly bamboo covers (less harmful plastic!) some computer makers already offer. I see pictures of smiling workers next to the higher-priced yellow price tag, offers to donate to the local school rather than an extended warranty at the checkout counter, and patriotic denim carrying cases to show you’re packing gear made in the good ol’ U.S.A.

The only thing that’s missing is some obessed visionary, a la Steve Jobs or Whole Foods’ own John Mackey to make it happen. If you read this and get rich, throw me a few shares of stock to show how ethical you are. In the meantime, I gotta get back to work so I can afford the guilt tax on my next cell phone.

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.

Advanced cloud computing customers, and providers, are moving beyond the first conversations around security and cost to more sophisticated models of virtual compute, storage and network resources delivered over the Web. These include tested and reliable “productized” cloud services, detailed conversations about how much security is “enough” for specific cloud services in specific industries, and even new models for sharing liability.

But reaching this next level of cloud value will require new thinking from both cloud providers and customers. That was the subject of a Q&A I did recently with backup vendor eVault’s “Expert’s Corner,”, based on recent stories I’ve done defining a cloud security checklist and exploring, whether and where, there’s a cloud silver lining for outsourcing firms. (Editor’s note: Please disregard the “BS” before each of my answers. Ouch!)

i365: In your blog, you note that customers are demanding “more ‘productized’ cloud services that can be rolled out in a predictable, consistent way” and that providers are increasingly delivering commoditized services. There are obvious advantages to this trend from both the customer and provider’s standpoint, but do you foresee any drawbacks to the growth of this “pre-tested, pre-integrated, and pre-priced” service model? What will the better service providers to do ensure quality is not compromised?

BS: The key success factor here is how well both the cloud vendor and the customer can identify which services are actual “commodities” and can be delivered (and purchased) as a “black box” without customization or configuration. Vendors need to do the right amount of market research to understand which services are common enough that a critical mass of customers will buy them, and that can be cost-effectively packaged to run on the most common hardware and software platforms. It is also, of course, up to customers to look “under the hood” enough to assure they are getting the services they need (including reliability, performance and up-time.) Even in “commodities” such as notebook computers, cleaning services and payroll services, not all providers are created equal. The best service providers will base their services on industry standard “best practices” such as those from ITIL, and will test them under real world loads. This may raise costs, but you get what you pay for, even in commodity services.

i365: Your “Cloud Security Checklist” in Computerworld reflects the need for dialogue between cloud customer and service providers. To what extent do you think these dialogues take place?

BS: My guess is that it happens fairly often, and around fairly specific metrics, with the larger customers who already have security standards and processes. Smaller firms who themselves lack strong security policies or skills are more likely to trust either the service provider to ensure “good enough” security, or trust the provider’s larger customers to demand a level of security that will protect smaller customers also. This is risky – every customer should understand their individual “must haves” in security protection (especially around areas such as protecting customer data, or assuring critical regulatory compliance) rather than trust either the vendor or its larger customers.

i365: You note that security “remains the big bug-a-boo supposedly scaring the biggest enterprises from the cloud.” Do you foresee data security as remaining one of the biggest challenges in cloud computing? How will the issue of data security change over time?

BS: From my reporting, the biggest challenge is for cloud providers to explain that adequate levels of security are as possible in the cloud as within the enterprise, as long as the provider uses the proper technology AND processes. Customers, for their part, need to understand how much risk they are running by providing their own security, and that the issue isn’t public cloud vs. private cloud, but understanding and addressing the most critical risks.

Over time I see the focus shifting to the specifics of how security is implemented, and how it relates to business needs, rather than whether it is implemented in a public, private or hybrid environment.

i365: You also comment that there is “a lot of opportunity for differentiation and innovation as the cloud matures.” What key trends do you think cloud providers will continue to innovate and differentiate around?

BS: They include:

 1) Specialized offerings for vertical markets, built with an understanding of the specific needs of say, retail vs. financial services vs. industrial customers.

2) Innovative models for handling liability, which in many cases service providers now push back to the customer. For example, a group of large customers in financial services may pool their business and steer it to a large (even semi-captive) public provider who can, by also pooling the risk, assume the liability for security breaches at an affordable level.

3) A move to provide not only IT services (such as servers) or applications (such as CRM) but also full-fledged business services, such as accounts payable or invoice management. This is a way for business process outsourcers to move into the cloud market and, potentially, into higher value-add services.

4) More real-time reports and analysis for the customer of where their data is being processed and stored, especially for those (such as in the EU) who face geographic limits on where they may store their data.

5) And, finally, a greater variety of offerings, ranging from “black box” services for customers who only need a given level of performance and uptime, to more configurable services for customers who need to, for example, control server or storage configuration for compliance or security reasons.

i365: Thanks Bob.

If you’d like to discuss how to communicate your thought leadership on cloud to the market, email me or call at 781 599-3262. 

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.

ExtraHop Takes Agentless Approach to App Management

By Robert L. Scheier

Users don’t much care about all the hops an application goes through from server to disk to external cloud to private cloud — they just want stuff to happen quickly. That’s why ExtraHop counts something like 60 competitors in the application performance management space.

The 100-person startup, co-founded by alumnus of performance management mainstay F5 Networks and boosted by $19 million in venture capital funding, thinks it can beat them all (and the legacy management vendors as well) with an approach it claims is dramatically less expensive, easier to install, and provides more in-depth information.

Its Application Delivery Assurance system takes a “network-based” approach to application management, sitting off-line as a physical or virtual appliance. It examines every network packet that has been jumbled out of order by the TCP/IP protocol over the network, reconstructs the stream, strips out the data relevant to performance monitoring and discards the rest.

Through a combination of behavioral analysis and identifying information contained within the data steam itself, ExtraHop can identify all physical and virtual network components (except for Fibre Channel SANs) so it reflects changes to the IT infrastructure continuously and without the use of high-maintenance agents.

“When we get packets off the wire, we put them back together. It you look at it packet by packet, you miss the big picture,” says Tanya Bragin, Senior Product Manager. “There’s lots of transactions among multiple packets.” Putting the packets back in order, and reconstructing the transaction among them, allows ExtraHop to understand which applications the packets relate to, and even descriptions of database errors that can slow performance, or what schema elements were accessed within the database.

One new feature ExtraHop touts are Application Inspection Triggers, which it says can be used to perform real-time analysis for scenarios such as security auditing to tracking how much traffic is coming from iPhones – or even different versions of the iOS operating system.  

Another use of triggers is tracking unauthorized reads of documents or folders stored on NAS. That’s of potential huge interest for security and audit professionals, although Bragin says security isn’t a key target market right now.

Rather than a full-fledged tool to remediate problems, ExtraHop serves as “the ultimate triaging tool,” says Director of Marketing Justin Baker. “We can alert you to any issue, and tell you exactly where to look” to find and fix the problem, he says.  And unlike competitors, he says, ExtraHop can deliver true 10Gbits per second of data to its analysis engine.

Pricing ranges upward of around $50,000, depending on the number of required appliances and their capabilities, which Baker says is as little as one-eighth that charged by its competitors. This is definitely a buy for medium to large companies with complex, dynamic environments such as Alaska Airlines.

ExtraHop is somewhat more suited for monitoring private than public clouds, says Bragin, especially since some public private cloud providers won’t let customers tap the network traffic ExtraHop requires. Within a customer’s own environment, though, its physical appliances can identify virtual machines and even monitor traffic among VMs on a physical host, which is often a blind spot for security and application management tools.

ExtraHop is still in growth mode, with about 100 customers, close to 100 employees and “growing close to 400 percent per year” with undisclosed revenues, said Baker. In-depth troubleshooting, ease of use, no agents to manage – and a low price – make ExtraHop worth watching if it can deliver on its promises.

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.

VMware continued its march up-market last week with the release of three new product suites that put it into direct competition with mainline management vendors such as BMC and even smaller enterprise vendors.

The enhancements to its vCenter Operations suite, and the new VMware vFabric Application Management and VMware IT Business Management suites, seek to speed the deployment, operations and management of virtualized cloud environments by spanning traditional IT silos such as development, operations and infrastructure.

VMware has 3 goals for the new offerings. The first is to build more policy-based automation into the development, deployment and operation of virtualized cloud environments. The second is to bring together formerly separate disciplines such as the creation of applications, their deployment and their ongoing management. The final aim is to allow IT to move from being a “builder” of applications and services to a “broker” of services that might come from inside the organization or be built outside.

In some cases, VMware is more tightly integrating capabilities that formerly required “bolt on” tools, says Ramin Sayar, VP of Products & Strategy, Virtualization & Cloud Management. In other cases, For example, the VMware vCenter Operations Management™ Suite gains deeper integration with VMware vCenter Capacity IQ™ and VMware vCenter Configuration Manager. In other cases, such as with the IT Business Management Suite, it is using technology acquired by buying another company (Digital Fuel) to move into the “business services” management space already claimed by traditional management vendors such as BMC, which is allegedly a partner.

 

The vFabric Application Management Suite will help customers combine and streamline work previously done by development and operations staffs, while vFabric AppDirector “will standardize and automate the release/deployment of applications to any cloud through easy-to-create blueprints with standardized templates, component libraries, and deployment workflows,” the company says.

VMware also claim it will allow customers to easily see which IT components support which specific applications. That makes it easier to determine which might need upgrading and which are redundant or are no longer needed – a capability also provided by enterprise architecture vendors. Sayar says the capabilities VMware provides are easier to use, integrated with their other management tools and are free.

The enhancements speak well to customer needs for more policy-driven automation, and even the use of template server and service configurations, to drive down the cost and time required to deliver IT as a utility. Customers will also welcome the ability to manage private, public or “hybrid” clouds from a single console, even though many are only now edging cautiously out of their own data centers into hybrid clouds.

Some of the bigger, non-technical issues vendors must tackle are lingering concerns over security, such as those I addressed in a recent Computerworld story, as well more general control and compliance issues. Then there is the cultural change required for a CIO, and their staffs, to move from being builders (real men code, you know) to mere bean counters weighing terms and conditions from the internal staff vs. an outsourcer.

Finally, for vendors, I suggest being careful with how they explain and differentiate their offerings. Management spans a lot of functions, and so do services (IT services such as database and authentication? Business services such as underwriting or order entry?) Trying to re-use established terms like “services” too many times makes the listeners eyes and brains glaze over. Using more specific words in product descriptions, such as “Service Delivery Manager” or “Service Operations Manager” will make it clearer.

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.

(One reason I’ve been off-line lately is a busy travel schedule, including to Guadalajara, Mexico, in my role as editor of the Global Delivery Report. Thought you’d be interested in some of the sights and sounds…)

From the 22nd floor of the Presidente Guadalajara hotel, I heard the loud popping of explosions. Not to worry; it was only early celebrants of the country’s Independence Day. And, maybe the popping of a few more of my preconceptions about Mexico’s self-proclaimed “Silicon Valley of Mexico.”

Downtown area

The description is not exactly accurate: Guadalajara has robust manufacturing and fashion industries along with the IT manufacturers and service providers who have been in town for close to 40 years. And Guadalajara, its own backers admit, lacks the rich web of venture capitalists and angel investors who keep Bay Area geeks in Jolt cola and office space.

But if sheer drive and vision and talent are the ingredients for a start-up haven, Guadalajara is a cake that’s ready to bake. Some anecdotal proof points from a jam-packed 24 hours in the city:

  • Seeing rows of students – equipped with not only desktop PCs, but Bloomberg financial data terminals – studying stock valuations on the immaculate Tec de Monterrey college.
  • Finding even more multimedia and animation startups hatching at the Centro Del Software tech incubator than I did six months ago, with yet more crowded rooms of 20-somethings feverishly creating digital creatures on drawing tablets.
  • Good outdoor charging stations? These Tec de Monterrey students do.

    Trying to find a place to sit in the hotel lobby among a swarm of local anesthesiologists checking their smartphones and iPads for appointments.

  • Hearing two stories in as many hours about owners of traditional Guadalajara-area manufacturing businesses investing in tech start-ups or moving into professional services to boost their margins while reducing their risk.
  • Running into an engineering student at a Starbucks who, in his spare time, opened a seafood restaurant in the historic downtown. In his other spare time, he got a close to $1 million investment for a start-up trading in, of all things, avocados.

Locals are increasingly talking of how, in the last five or six years, the amount and quality of arts and culture in Guadalajara has exploded, largely focused in the Tlaquepaque sector near downtown. Some of it is definitely not my style (one half of our film crew is working on an ambitious multimedia project involving zombies, as an analogy for the unthinking masses on social networks.)

On the eve of Mexico's Indepence Day, still hard at work in a software incubator.

But the point is that such edgy entertainment and ideas are what draw a young, skilled workforce to an area, and also help them think outside of the box for the next big idea.

And that “is Mexico safe” question, which everyone asked me, again, before this trip? Still a non-issue, at least in Guadalajara and at least right now. The engineering student says he regularly works till the wee hours at his restaurant, with little fear. I tried walking across the street for dinner, but ducked back in terror – not from crazed drug lords in gun-laden SUVs, but the ubiquitous Nissan taxicabs zooming past at lethal speeds.

Look for deeper coverage of all these trends in the Global Delivery Report in the coming weeks and months. But the first day of my second visit to Guadalajara hit me like a hammer: The talent, drive, education, leadership and amenities required to create a creative and technical hot spot are crystallizing faster than ever.

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.
 Page 5 of 6  « First  ... « 2  3  4  5  6 »