BYOD, Management and Security

This week’s Economist has a short article on mobile device security. Rightfully so, they recognize the security threat is data loss as opposed to malware. As discussed in previous posts, the BYOD challenge is about management of devices.  Data loss prevention is most effective when it is aware the device exists and is accessing, sitting or transmitting certain information when it should not be.

We have been asked recently about the potential growth in the BYOD space.  It won’t come from malware.  It will come from a proliferation of devices, from the common smartphone to the latest wearable, that is retaining and transmitting information the enterprise simply does not want transmitted. And please remember, data is not just spreadsheet attachments in an email,  more importantly it is video, taken innocently or not in the office, that poses data loss problems.

That is the threat of BYOD.

SDN and the Cloud – quick thought

If SDN, and it’s “sister” NFV, actually achieve the hype that has been circulating could we actually have a day where infrastructure cloud providers are really no longer “independently” purchased by the data center manager (or CMO, or COO, or whatever flavor of “business driven cloud consumer” you choose).  Instead, could we see a day where there are ecosystems in place such that the SDN management software has a direct link with specific cloud providers (e.g. one for compute, another for storage, etc.).  some have called that “real time infrastructure”.  My question though is – could, concurrently, each SDN ecosystem have an optimized set of API’s such that the SDN management software can dynamically provision and de-provision pre-determined, contractually bound, specific cloud sourced resources real-time, from a pre-selected cloud provider in that eco-system.

At that point, the data center manager really doesn’t care who the specific cloud provider is, assuming that the ecosystem has properly vetted that cloud provider.  If that is possible, then is it possible that one of the very large global infrastructure providers would own both ends (the SDN Management environment AND the cloud infrastructure services)?  Do IaaS cloud providers really then focus their attention on SDN developers, rather than data center managers?

The Cloud rains on a brittle market

Market trends gain strength from the correctness of their promises. Is it cheaper, faster, more secure? Dilute the promises and a forceful market becomes brittle. Crack a brittle market and revenue disappears.

By the way, what ever happened to Netbooks? Four years ago Netbooks were going to save the PC industry. Now they are gone, victims of the brittle market. IT departments loved Netbooks as their convenient answer to popular tablets. In a brittle market Netbooks were swamped by BYOD.

The market for enterprise computing equipment versus cloud services is in the brittle stage. The promises of the cloud gain strength while counter forces are losing at the flanks. This post is not about the cloud. This is about the market. Promises of lower cost, ease of use, scalable power are strengthening. The opposition is brittle and when it breaks the flow of dollars will shift dramatically.

The dollars in question are those spent by corporations on servers, storage and networking – the data center. Corporations buy name brand equipment. Cloud providers develop their own equipment and save money and by doing so. They also change the dynamic of revenue growth and profit generation in the IT market. A shift from corporate computing to the cloud means more than a redirection of dollars. It means a fundamental shift as cloud service providers challenge OEM equipment vendors in the development of new technology.

The cloud does to IT management what robots did to manufacturing so, naturally, there is internal management resistance. Management’s main and plausible objection has been security.  They also point to the increased cost of data connections. While conceding that these are crucial, and without in any way diminishing their importance, realize that one day security will be solved and the cost of data transport will continue to decline.  As this happens the brittle market will crack.

What happens then? Well, consider that Google, like all of the large scale cloud providers, does not use state of the art high end servers of the type you see at Interop. They optimize their cost, power consumption and space utilization with a vast array of commodity systems. On top of that, the Google file system competes directly with the value delivered by classic storage system vendors, demonstrating that cloud providers dilute the need for major manufacturers.

Imagine a world where pick up/ drop off laundry service was incredibly cheap and effective. Would you own a washer and dryer?

OCP and the Channel

As the Open Compute Project (OCP) matures, we are being asked from all corners of the channel – “what does it mean”.  (as a side note, why does the channel get so nervous with every technological evolution?  The channel is here to stay, whether it is cloud, or OCP.)

The OCP is about huge data centers buying commodity compute, storage, and network components that are built to a standard spec,and then the data center firm optimizing the integration and configuration for their own business.  

What this does to the channel is only upside.  Since these large data center players were bypassing the channel and going direct to the traditional server vendors in the past, the fact that the data center player is configuring their own data center does not hurt the channel since the business wasn’t going via the channel to begin with.

What this does for the vendors of servers, storage and compute, companies such as Dell, IBM, Cisco, EMC, Netapp, is perhaps a bit more eye-opening.  We would assume that these vendors will replace the lost opportunity for sales to these data center players with more activity within traditional enterprise and SMB customers.  And, these customers are serviced via the channel.  

At this point, we believe OCP will be good for the channel.  Strengthening and reinvigorating server, storage and networking vendor relationships to obtain the reach and revenue that is being lost as OCP takes hold in the large data center player markets.

The channel is about relationships, services, financing, go-to-market, tech expertise, logistics and enablement. The compute, storage and network vendors will, arguably, need more of these capabilities as their customer base evolves.

iOS or Android? The key option for your new car

Carmakers offer plenty of choices, but not the one we need – Android, or iOS. Look on the sticker of your new car and you’ll find a $1,000 to $2,000 option for an entertainment or navigation system that has less capability than your typical smart phone.

Nokia, Blackberry and Motorola have all learned the hard way that apps drive the device and the operating system drives the apps. On the other hand, new vehicles come with closed operating systems and a set of confusing and inconsistent manufacturer supplied apps.

I made two round trips from Florida to New Jersey in the last 60 days. My 2012 RAM 1500 pulled another car on a trailer without slowing down. The truck gets an A for acceleration, braking, comfort and sound system. Garmin navigation is excellent. The entertainment options all work, but the interface is quirky. Turn the knob? Or look for the button on the touch-screen? Big icons let you know you are listening to radio while a tiny font tells you what song is playing. Soon, they will make it illegal to read that tiny font while driving. Get a phone call and you have to wait until the system finishes telling you that you have an inbound call before it will answer.

Driving a Mustang convertible with a 5.0 and 6 speed manual transmission down the Blue Ridge Parkway is so wonderful that even the trooper who pulls you over has to smile. Maybe if I offer him a chance at the wheel I can avoid a ticket.

Of course, he might get a little peeved when the radio tells him his iPhone has too many songs to sync.  Everyone gets a chuckle at the ‘Send” and “End” prompts for phone calls. Wasn’t that how cell phones worked in the 90’s? The 5 gig hard drive is there for you to load a personal jukebox. But you can’t load mp3’s or iTunes, you can only rip CD’s. You still buy CD’s, right? Are these cars meant for old people?

Bloomberg Businessweek had a commentary suggesting a startup wizard for new cars. Meanwhile a new iPhone comes with tiny pages containing government required safety messages like, “Don’t hold the power cord in your mouth while you plug it in.” Android and iOS  phones and tablets compete on how intuitive they are and how you don’t need a manual. Ford’s Mustang Sync manual is 100 pages. We don’t need a startup wizard. We need auto manufacturers to join this century.

Tonight, I will look through the manual again and see if I can figure out why my phone starts to play music automatically when the car starts. Step on the clutch, start the engine…take out the phone and stop iTunes…release the brake and drive away.

SEA: Geeks in the attack

When Tim Berners-Lee proposed a world wide web in 1989, did he expect modern conflicts, protests, and revolutions to include cyber violence? You can count on it today. CNN visuals of stone throwing crowds are invariably accompanied by geeks wreaking havoc behind the scenes.

The Syrian Electronic Army covers the flank of Assad’s regime by attacking blogs, opinion sites, news outlets, and anyone critical of their side. Recent victims of the SEA include the Financial Times, Associated Press, ITV London, Guardian, . . . the list goes on.

Google “SEA” and read about ongoing counter-efforts to deny SEA resources for their antics. While interesting, I believe the real kernel of courage in this story comes from the onion. Onion Inc’s Tech Blog details how the SEA hacked the onion. By disclosing their methods, Onion’s techs hope to help you avoid the same fate. Give it a read!

Companies deal with cyber vulnerabilities

Public companies are required to disclose risks to their business. Responding to Congressional pressure in 2011, the SEC highlighted cyber incidents as a category for future reporting. Since then we have seen a slow but steady increase in the number of reported incidents as well as the severity of the risk language.

The comments in current filings paint a vivid picture of corporate risk and provide considerable justification for increased investment in policy, practice and products to minimize exposure to cyber risk.

“Cybersecurity becomes an issue of global importance,” according to JP Morgan. Further,”Cybersecurity is a critical priority for the entire company, from the CEO on down. Cybersecurity is increasingly becoming more complex and more dangerous.”

Once burned, and even more vigilant today, EMC states “Cybersecurity breaches could expose us to liability, damage our reputation, compromise our ability to conduct business, require us to incur significant costs or otherwise adversely affect our financial results.”

Smaller is not safer in the cyber world. Here are a couple of examples showing the nature of risk events and the ongoing liabilities resulting from cyber incidents (click the links and scroll down to highlighted words):

• TJ Maxx endures ongoing expense to remediate theft of customer data.
• “SSS” learns that their customer data is in the hands of a competitor.
• Accuray Inc. has personnel data emailed to other internal employees.
• Dealertrack sued because their employee hacked another site.
• Euronet has ongoing expense due to theft of customer information.
• Genesco reports ongoing penalties due to criminal intrusion.

Cyber warnings for international travelers

Globe trotting execs are specifically targeted by cyber thieves, both the state sponsored actors and criminal types. Travelers from Australia, Germany, Japan, UK and USA are the favorite targets.

Now that you realize you have a target on your back, what should you do? Advice is available from many sources including several government agencies. Their first point is the obvious one – if you don’t need it don’t bring it. Consider trimming your electronic cargo to the minimum; go light and bring only what is absolutely necessary. Back up your systems and try not to bring critical intellectual property.

The US Office of National Counterintelligence  offers a short travel tips guide that every international traveler should review. You might expect warnings about  someone looking at your screen, beware of hotel wireless, etc but did you consider,” If a customs official demands to examine your device…. assume that it has been copied…?”

SDN Sizzle

It’s funny. It seems there are two sets of conversations around SDN, and perhaps around every new technology.

First, there are the business entities (vendors, disti’s, VAR’s, SP’s, end-users) who dismiss the general hype and then take their existing product set and re-position themselves within their general definition of the technology, basically pulling SDN (or VDI, or whatever) back in its evolutionary progression, and highlighting existing capabilities they have that “already do SDN, and have been for years”.
Second, there are the business entities that embrace the hype, define it in their own way (“spin”), and talk about how their new products will fit into their definition of the SDN hype.

It feels like those firms that are not marketing oriented, who are really engineering oriented, will fall into the first camp. These firms come across as defensive and there is a whiff of a threat that they cannot quite get their heads around. Conversely, the firms who understand the value of the hype and are trying to ride the wave in order to sell their products, fall into the second camp. Their threat is the risk of being exposed as a “fake” by the engineers of the first camp who dissect the second camp’s solutions such as they are, in the here and now, dismissing the marketing opportunity, all for the sake of truth in engineering.

I wonder if the first camp is going to lose. If not outright, might they lose a step or two?

Sizzle sells, whether it is perfume or routers.

BYOD: Powering the “Shield”

Regular followers of this blog know that BYOD (Bring Your Own Device) is a hot button issue of mine.  In recent posts, I’ve explored some of the challenges faced by the never-ending flood of personal devices in the workplace – security, compliance and management key among them.  But hopefully, I’ve also conveyed an enthusiasm for all BYOD has to offer.  More than a powerful enabler of productivity, it also helps employees be more responsive to customers.  When you think of it, this is every company’s goal. 

There are many strong opinions about BYOD, and I can take up more than a few blogs on the topic.  But the truth is – whether you love it or hate it – BYOD is here to stay and companies must be prepared to handle all it brings.

As a first step, companies must devise a strategy that specifically addresses security, compliance, and management.  It’s more than securing the individual device – but ensuring the actual network stays safe.  Going beyond security is addressing such things as mobile application management, or how enterprises ensure access to apps that improve employee productivity.  It’s also about application enablement – determining which apps to include in the mobile device toolkit — and then limiting those that pose a threat.  The biggest challenge is delivering all this functionality under one umbrella – in a cohesive package.

That’s why I’m so pleased to introduce BYODShield.

Today, Westcon announced our teaming with BlueCat and Fiberlink to provide an industry first – a subscription-based service delivering a multi-layered “shield” that specifically addresses security, compliance, and management issues created by personal devices in the workplace.  We’re tightly integrating formerly disparate network security and enterprise mobility offerings — packaging them alongside our deep GOLDShield technology pre- and post-sales support model – and creating an all-in-one solution.  It’s a service that virtually eliminates current and future headaches associated with provisioning, servicing, securing, and managing thousands of personal devices. 

But it’s much more than a simple partnership.  Really, any distributor can do that.  We’ve successfully brought together BlueCat and Fiberlink to jointly write code exclusively for Westcon.  The functionality delivered by this deep collaboration can’t be found anywhere else.  We’re really proud of the result – integrating award-winning technology with our unsurpassed expertise in security and unified communications. 

When it comes down to it, BYODShield is about demystifying the complexities of managing and securing personal devices in the workplace.  Instead of trying to contain BYOD, we help you embrace it.  And it’s something you’ll see us do even more down the road.  Because the real future of distribution comes through offering resellers a consistent, unified, and integrated approach to solve their most complex technology challenges.  And a good distributor will tackle the integration and do the legwork for you – backing it with all services necessary to make it work.

Like anything new, BYOD is a scary proposition that can cause nightmares for any CIO… But before losing any sleep, take a step back and see what’s possible when leveraging the right tools.  And be sure to check out more about BYODShield at http://us.westcon.com/byodshield

 

BYOD 2.0

Westcon and Comstor continue to work with customers around the world in delivering BYOD solutions to the end-user community.  With any nascent technology, there are doubters as to the true need of securing the device, the network, and the enterprise via technologies such as MDM, NAC, and IPAM.

My point here is that the work done today by resellers and end-users in securing the environment against the onslaught of phones and tablets is a necessary rehearsal for what comes next.  Think Google Glass.  If an organization is not ready to secure itself against the current tablet/smartphone wave, how will it be ready for the more complex set of security challenges inherent in new devices such as Google Glass, that consume and generate significantly more information and pose new complications in terms of security and privacy.

Just like everything else, practice makes perfect – if you have an active, exercised  framework of policies and guidelines that can support the current BYOD phenomena, you will be that much more ready for the next wave of IP-enabled devices.  Wearable technologies such as Google Glass are coming.  Corporations currently relying on security frameworks from 5 years ago is like hoping your moat will keep away a Reaper Drone.

MAM, MDM & BYOD

I read an interesting article the other day from an analyst I greatly respect, but have to disagree with regarding MAM and MDM. At the risk of oversimplifying the technologies involved, MAM – Mobile Application Management – is a piece of software that allows an organization to present a customized appstore to their employees or customers.  MDM – Mobile Device Management – is a technology that allows an enterprise to manage the hardware, software, network access, and security profile of an employee/visitor’s mobile device (MDM is a big part of the BYOD security play).  Some MDM solutions have a MAM component.  In other words, within the MDM solution, there is the ability to present a customized appstore.

What I think is important to clarify is that though some MDM’s have MAM capabilities, MAM alone is not a way to secure an employee/visitor device.  MAM does not secure the hardware, software and network access within the mobile device.  MDM does.  

Don’t get me wrong.  You need both functionality.  My concern is that people acquiring a MAM solution should never think that they are actually securing the Mobile Device.  

IT presentations are not news articles

Is it me, or are we seeing more and more online IT journals doing powerpoint presentations instead of actual articles?
Each day, we all get emails of articles from various IT publications, and inevitably they hit on a topic that is timely and of serious interest within the organization. But, when I click on it, I end up with a fluffy slideshow of material that wouldn’t suffice for a real presentation, and apparently doesn’t suffice for a true article.

There are so many great IT journalists out there. I have spoken to many of them myself, and their depth of knowledge is impressive. How can we get more of these great journalists to write deep, informative articles? And how do we stop the presentations?

BYOD – Framework

BYOD – Bring Your Own Device

Our conversations with the channel (vendors, resellers, service providers, and systems integrators) around BYOD break into two categories – Security and Productivity. It sometimes helps to frame the categories of the conversation for our customers, and thought we would share some of that here…

Security
BYOD creates a number of security challenges and it sometimes help by breaking down the different ways to look at what needs to be secured:
1. Securing the actual device – We have been working closely with vendors and partners in Mobile Device Management (MDM). This is a very hot topic, and continues to see extensive growth. We are engaged with Mobile device management solutions in three different forms around the world – cloud based, appliance based and data center software based. Within MDM there are four areas of functionality to be assessed for any given solution – Hardware control, Software control, Network Services management and Security management.

2. Securing the network – Our focus here has been around Network Access Control. Reason being, our long-history in networking allows us to work closely with our partners to help them jump on NAC quickly. NAC was last really utilized when companies installed their guest wifi networks, and now that same type of concepts can be applied quickly for a BYOD zone within the wireless architecture as a quick “if you do nothing else, at least do this” type solution. In addition to NAC, IPAM is another area getting more and more activity with our channel partners. There are some excellent vendors who have focused on this market for years, and with BYOD, they now step back into the spotlight again.

3. Enterprise policies – Many of our security partners are working closely with customers on the development or enhancement of employee policy write-ups necessary as BYOD continues to grow. There is a global implication that companies really need to understand since the legal definition and acceptability of wiping a device, as an example, is different around the world.

4. Securing the Data at the source – in addition to the security capabilities that may be available with your MDM solution, organizations still must evaluate their Data Loss Prevention (DLP) policies and solutions. It’s obvious on paper, but sometimes not caught in the BYOD planning, that there has to be a review of the firewalls, WAN opt, Application Acceleration tools and appliances.

Productivity
1. Mobile Application Management – not to be confused with MDM, MAM is all about how the enterprise makes available apps that improve productivity of the employee who decides to utilize their own device. MAM helps the organization properly present to the employee the corporate developed apps as well as the 3rd party apps that are part of the “approved app store” that the enterprise wants to present to the employee.

2. Infrastructure – As organizations take on multiple devices per employee, it is only natural that the bandwidth of the network will need to grow. Wireless/Wired security, port size, and alternate network access technologies such as 4G/LTE and Femtocells are viable components of the new network architecture.

3. Application Enablement – so….about those apps….organizations will turn their developers loose on mobile app development, which is to be expected. But, in addition to those tools, there will be more and more utilities that organizations will incorporate into their toolbox. Two that we see becoming very popular are 1) tools that provide direct access to corporate data. Think of these as mini pipelines into select corporate databases with raw interfaces. And 2) Tools that convert existing corporate applications to fit alternate BYOD form factors such as tablets, phones and phablets.

Hopefully this gives you a framework for how to think about your BYOD project, and perhaps even a mini-checklist for you to use as you consider different aspects of the impact BYOD will have on your organization. This is by no means exhaustive, but has shown to be a good start for our resellers when they partner with Westcon and Comstor to provide BYOD solutions to their end-users.

SDN and potential schadenfreude

Yesterday’s acquisition of Nicira could be an important turn in the reality vs. hype of SDN.  But, as with many overhyped technologies, too many people look at the technology as the next “slayer of the big guys”.  It’s interesting to watch the media point out how this acquisition will put the entrenched network vendors such as Cisco on their heels.  Unfortunately, these media folks must have short memories, or just are not doing their homework.  The “big guys” have been on this for a while.  As an example, not an advertisement, check out Cisco’s investment in Insieme.  

Openflow, SDN and other versions of network virtualization will become more and more hyped in the coming months as more Nicira-type acquisitions take place.  And there is no doubt that the technology, as it matures, will be a disruptor. But, I wouldn’t underestimate the fact that the “big guys” are moving quickly as this technology evolves.  

It will be fun to watch, participate and compete as network virtualization matures. 

Clouding the Real Value of IT

Recently we went through a migration from one version of a cloud service to another version (an upgrade) with the same cloud provider.

This is supposed to be the glory part of the cloud.  As a CIO I didn’t have to staff up, invest $ in testing environments, and all those good things that “just happen” when you are in the cloud.  Well…guess again.

The funny part is, our IT organization has enough grizzled vets to know that it doesn’t matter what it is, it needs to be tested.  We asked the cloud provider ten ways from Sunday how to test the environment.  What came back was – it was tested and everything is ok.  Fool me once, shame on me.  I won’t get fooled again.  What I learned in this process, and am seeing elsewhere is that, unfortunately, the cloud providers don’t have the same grizzled-IT mentality.   Maybe the cloud provider just doesn’t want to invest in the test environments necessary to test properly.  I can tell you that within our organization we spend on average 10 times the dollar amount of the original software in testing (additional hardware, software, people, processes, etc.).  Until the cloud provider proves that they have a true IT mentality, I can never trust them again.

I now laugh twice as hard as I did before at any of the so-called guru’s that say that you won’t need IT because of the cloud.  You need IT people because they have been through the grinder, they know what life is like when you don’t plan, test, evaluate, plan, test again, do a mock, then UAT it and then move it to production.   IT people understand the criticality of planning, mitigating risks, planning for disasters, understanding the nuances of the data to be migrated, the api’s that have to be tested, etc.  And as for the platform itself, just because it’s in the cloud doesn’t mean that it’s been thoroughly tested for your needs.  So long as there are humans involved, you have to plan for the worst.

The long and short of it is this – no matter how big or small that cloud solution is – do not trust the cloud provider when they said “they tested it”.  As an old hero of mine once said – “Trust but verify”.

Skating to where the puck will be…

I don’t watch a lot of TV. No time really.  But there are two shows that I watch when I can. “Person of Interest” and “Hawaii Five-O”.  If you are in the tech space, I suggest you check these shows out.  Why? Because I think they give you a sense of where two major tech trends are headed.  Naturally, Hollywood takes liberties with technology realities, but the potential for Big Data in Person of Interest and the use of surface technologies (ie tables and walls as tablets) in Hawaii Five-O are reasonable examples of where those technologies are headed.

We are talking a lot about Big Data these days.  The Person of Interest show reveals a what-if scenario for the good and bad in harnessing Big Data.  But, in addition to the TV show, the concepts of Big Data highlight two discussion points.  First, with reference to Gelernter’s Mirror Worlds and the concept of LifeStreams, it seems that the cornerstone of this concept will be the harnessing of Big Data.  By “harnessing” I mean the software intelligence necessary to collate and correlate your personal, professional, private, public and social information in a manner that is relevant and contextual as needed.  Not just from a PC or a tablet, but from a myriad of devices that over time have more intelligence incorporated into their existing objects (back to the Internet of Things).  Obviously this requires more intelligence “printed” on to more objects (see previous post for a crazy idea), but the Person of Interest show begins to give you a sense for how that might naturally evolve.

Second, In a recent forum, I suggested that the “cloud” that everyone is talking about is not the end game in and of itself.  Yes, it drives down IT costs.  Yes, it creates agility for corporations.  But that is just the beginning. The cloud is that aggregator of chunks of big data, borne from the internet of things, that once intelligently harnessed can – potentially – become the breeding ground for the next wave of technology induced economic growth.

That brings me to the next TV show – Hawaii Five-O.  Putting aside for a moment that I cannot comprehend how a police department could afford the technology shown in Hawaii Five-O, the use of surface interface technology is impressive, and intriguing.  We know today that most of what they show works.  For example there are wine bars in NYC (e.g. Adour) that are using surface technologies today.  Moore’s law, among others, will drive down the cost, but why not come from the other direction.  Why not take the concept of the tablet today, and apply the technology to more surfaces, not just tables in a wine bar, or conference room tables in a police station.  Yes there is a huge opportunity for tablet growth, but I find it intriguing that it appears everyone is “chasing the iPad” rather than leveraging the tablet technologies (hardware and software) into more of the everyday devices that are part of our everyday lives. Perhaps an interim step between today’s tablets and tomorrow’s augmented reality?

So, can Person of Interest and Hawaii Five-O give us a flavor for what Big Data and next gen tablets/surface technologies will be doing for us in the next year or two?  Is that where the puck will be in two years, and should we be skating there, instead of where the puck is today?

HP Printer PC consolidation and the Internet of Things

Just a thought…could the consolidation of HP’s printing and PC business be considered a very early step towards fulfilling Gartner’s vision on the “internet of things”.  Will the printing business take on more intelligence in what they actually print, thus enabling devices to have intelligence (internet, location, etc.) “printed” on them?

Or is that just dreaming way too far ahead?

Westcon Security Forum (Part II)

As an update to my previous post  the Westcon Security Forums held last week were a great series of interactions amongst vendors, resellers, partners and Westcon.

The first 2 hours were presentations primarily covering two areas – Security Technology Trends and Executive Relevance Selling.  The Security Trends discussion covered 4 of the major security trends that we at Westcon are seeing in the market today:

1. Server Virtualization Security & Compliance
2. Cloud Security
3. Big Data and Security
4. NAC & BYOD

An introductory video here discusses 3 of the 4 topics, and I will get into the 4th – NAC & BYOD – in a followup post.

The second part of the presentations was on Executive Relevance Selling (ERS).  If you are not familiar with the concept, the guy to talk to is David McNicholas (David.McNicholas@westcon.com) who pretty much invented the concept as it relates to the channel.  David has created a comprehensive customer engagement process and platform that enables the reseller to talk to the customer about solutions from an ROI and business value perspective as opposed to just a technology discussion.  If you have not yet learned about ERS, I encourage you to reach out to David.  I am sure we will discuss it further in upcoming posts, but any of the posts you have previously read here regarding the process and approach of engaging the CIO and selling into IT is exactly aligned with what David teaches.  But, David makes it specific and actionable.

Will catch up further with you soon!

Westcon Security Forums

Just finished a great week of Westcon Security Forums.  The first one was held at the Testerossa Winery in Los Gatos, the second at the Old Red Museum in Dallas.

The Forums were broken into three parts – presentations, vendor discussion forums, and then “vendor speed dating” wherein attending resellers could visit, one on one, with their most important security vendors for exactly 7 minutes.  Then, the reseller would rotate to the next table for the next seven minutes.

I’ll update the post later with details on the presentations and the major topic of conversations throughout the sessions.

Books we have been reading

At a recent customer event, we were asked to list a few of the books that we have read recently.

• The Silicon Jungle: A Novel of Deception, Power, and Internet Intrigue-Baluja, Shumeet
• Launching The Innovation Renaissance: A New Path to Bring Smart Ideas to Market Fast-Tabarrok, Alex
• Race Against The Machine: How the Digital Revolution is Accelerating Innovation, Driving Productivity, and Irreversibly Transforming Employment and the Economy-Brynjolfsson, Erik, McAfee, Andrew
• Thinking, Fast and Slow Kahneman, Daniel
• The Great Stagnation: How America Ate All The Low-Hanging Fruit of Modern History,Got Sick, and Will (Eventually) Feel Better-Cowen, Tyler
• The Innovator’s Dilemma: When New Technologies Cause Great Firms to Fail-Christensen, Clayton M.
• Doing Both – How Cisco Captures Today’s Profit and Drives Tomorrow’s Growth-Sidhu, Inder
• The Big Switch: Rewiring the World, from Edison to Google-Carr, Nicholas
• The Black Swan: The Impact of the Highly Improbable-Taleb, Nassim Nicholas
• Staying Power: Six Enduring Principles for Managing Strategy and Innovation in an Uncertain World-Michael A Cusumano
• Cross the Chasm: Marketing and Selling Disruptive Products to Mainstream Customers-Geoffrey A. Moore

Westcon Goes “All-In” on Cloud Distribution

Recently, we’ve been talking to our vendor partners and customers about the cloud and the impact cloud-sourced IT services will have on the channel. There’s a lot of noise about cloud, and we’ve been working to harmonize that noise into a cloud services distribution strategy.  — one that will benefit all channel stakeholders, including Westcon Group.

In June, we deployed a cloud services aggregation portal in the UK, through which we began transacting cloud services business almost immediately. During this process, we learned a lot about what’s necessary to operationalize a successful cloud services distribution strategy. First, operational heavy lifting is required. Tacking this onto our existing business and expecting it to flourish is not an option; tight alignment with our sales, marketing and product management operations is a requirement, as is alignment with our procurement processes and IT systems. Second, the target keeps moving: new business models are emerging, new needs arise, and everyone (vendors and channel partners included) must figure it all out. The plane has already departed on cloud and there’s no time to stop and hit the reset button.  In striving to remain relevant to our channel partners, we’re changing the airplane’s navigation system in mid-flight!

At Westcon, we’ve been focusing on three key areas:

1. Identifying and investing in mature cloud markets
2. Helping resellers transition to one of any number of cloud-based business models
3. Developing new capabilities that (a) help vendors bring their cloud services to market, and (b) help resellers make the aforementioned transition to cloud

 Identifying and investing in mature cloud markets

As a VAD, Westcon knows we’re not able to be all things to all people.  Rather than simply filling our cloud services catalogue with all available services, we’re focusing on the most mature cloud services (i.e., market-ready), under the assumption these are easiest for partners to market and sell to customers. As other cloud services reach maturity, we’ll add them to our catalogue. This iterative approach maximizes our investment and forces Westcon to stay close to markets as they develop.

Helping resellers transition to one of any number of cloud-based business models

Partners all over the world continue to ask for our help. They want to know how to leverage their existing investments, whether those investments be in managed (data, voice) networks, security operations centers or systems integration capabilities. They want to know how cloud services can be added  to their portfolio of offerings, quickly and easily, and with minimal capital outlay. They want to know how Westcon Group lowers their barrier to entry, either by providing access to best-of-breed cloud services from across our global vendor portfolio they can resell to customers, or by providing converged infrastructure solutions (hardware and software) they can use to build IaaS platforms, enterprise private clouds or virtual private clouds. We are and will continue to provide this value to our partners.

Developing new capabilities to help vendors bring cloud services to market while enabling resellers make the cloud transition

Westcon is investing in the development of new capabilities that have not typically been considered the domain of “distribution. We’re doing this to lower our partners’ and customers’ barriers to entry to the cloud. Frankly, this is what’s most exciting about the opportunity. After all, how many times do you have the opportunity to define a market in the midst of such a fundamental shift? We’ve integrated some of these new capabilities into our cloud services distribution ecosystem, with more to follow  

Distribution is inherently a conservative industry. The cloud, however, enables us to explore new, uncharted territory. Our goal is to be the best and easiest distributor to transact business with, whether that business is cloud services, infrastructure products, professional services or a mix of all three; to realize that goal requires boldness of vision and expert execution of strategy and tactics. At Westcon, we’re “all-in” on both fronts.  Stay tuned to this blog for more on our cloud vision in the months to come.

Like Westcon Group, Carousel Industries is Bullish on Virtualization – and Teamwork

As a premier global distributor, it’s our responsibility to work closely with our partners to ensure the greatest success possible for their customers.  The
recent efforts of Westcon and Carousel Industries to virtualize our own data
centers has enabled our companies to give customers the perspective they need
to fully realize the benefits of with virtualization and cloud computing.
To elaborate more on this great success story — Kevin Gulley, Editor of Carousel Connect – discusses these efforts in further detail.

Like Westcon Group, Carousel Industries is Bullish on
Virtualization – and Teamwork

At Carousel Industries, we understand the value of teamwork. That’s why we partner with the best and brightest IT vendors in the industry, including Westcon Group. So when they asked us to pull together a guest blog post for the Westcon blog, we were thrilled.  Westcon Group shares our passion for using technology to drive business value, whether it’s through unified communications, data center solutions, infrastructure or security.

And like Westcon, Carousel also “eats its own dog food” when it comes to technology by finding ways to use it effectively on our own internal networks. One recent success story we share is virtualization technology.

To keep up with our rapidly growing requirements for data center resources, in early 2010 Carousel set out to execute on a server virtualization strategy in our Exeter, R.I. headquarters. The idea was to provide greater application functionality and flexibility, especially for mobile users, while giving us some breathing room for expansion and lowering power and cooling costs.

The results have exceeded expectations.  We replaced 100 physical servers with just five machines for peak periods and three for nighttime hours. All told, we’ve virtualized more than two-thirds of our enterprise server infrastructure thus far. As a result, we’re saving lots of money on power, cooling, IT support and operational costs.

Westcon Group has gone even further, as it’s one of the few companies that has virtualized 100% of its server infrastructure. And it is likewise getting some big benefits, as outlined in this story from InformationWeek, which quotes Bill Hurley, CTO and Executive VP of Westcon Group:

The new virtualized environment requires fewer system administrators to manage, saving on managed services expenses, lowered the cost of data center consolidation, and lowered electricity consumption in the new digs. Hurley said getting to 100% virtualized has saved Westcon $1.1 million over a two-year period. He now runs 350 virtual servers on the 22 UCS blades, with some blades hosting only 3-4 virtual machines and some hosting 25-30.

Virtualization is about more than cost savings, as Bill highlighted during a recent CIO Tech Talk he did with us. The technology lays the foundation for lots of other applications that help Carousel and Westcon Group drive more business value, including unified communications, mobility solutions, security and, in particular, cloud computing.

We learned quite a bit during the course of our virtualization project – so much so that we wrote a white paper called “Best Practices in Data Center Virtualization” to share our experiences. One of those best practices is to make good use of expert resources and technology partners.

If you need help with your virtualization project, you’d do well to leverage the expertise and resources of a partner like Westcon Group. For years, Carousel has benefited from the experienced team at Westcon; we encourage you to do the same.

GPN, GPS and Distributor-as-an-agent

One of the great things about being in distribution is  the ability to deliver products and services that can simultaneously generate excitement and create value for both our customers and our vendors.

Westcon prides itself on its global capabilities.  We truly believe that our ability to deliver on the needs of our local customers and simultaneously meet the requirements of our customer’s global deployments really gets to the heart of what Westcon and Comstor is all about.  We have been delivering this capability for a number of years through our Global Procurement Service (GPS) which eliminates much of the complexity normally associated with global logistics.  These complexities are usually in the areas of global trade, customs and duties, tax recoverability, audit, compliance, global staging and configuration, and the ability to manage complex global projects from a single “global desk”. Comstor’s GPS handles this for the reseller.  This gives our customers a single point of contact, consistent global discounts and pricing, a single global contract with consistent credits and terms, local relationships, in-country fulfillment, and local invoicing in 60+ countries.

What gets really exciting is when you can bond together that capability with creative offerings from world-class vendors and technologies that focus on solving end user global business requirements while empowering local
resellers to leverage our global footprint.

One of the poster-children for global technologies is video conferencing.  Not just to drive down the costs of travel (which is a great) but more importantly, to help accelerate the business growth and effectiveness of end users as they globalize their business processes.  Telepresence technologies produce greater business value not just for those firms that are already global but also as a tool to accelerate the maturation of firms who wish to move from “national” to “global”.
As an organization specifically built and operated to distribute Cisco products and services, Comstor is now working with Cisco to leverage our GPS
capabilities and simultaneously create more value for the reseller.  This is what today’s GPN announcement is all about.

The Comstor-Cisco GPN announcement is based on the concept of “distributor as an agent”, which allows customers to better utilize Cisco partner resources to service their global requirements.  Focusing on the Telepresence technologies,
the GPN program basically empowers the reseller to work with their customer’s
headquarters to centralize design and purchasing decisions for the global solution whilst utilizing Comstor and Cisco’s global reseller partner base for local
delivery of the products and services that make up the global solution.  All parties get the Comstor inherent advantage associated with our GPS capabilities as described above.

As the CTO and CIO for Westcon and Comstor there is nothing more rewarding than knowing Comstor’s systems and processes are being leveraged by vendors such as Cisco to help our reseller partners successfully embrace their customer’s ongoing march towards globalization.  Now Comstor and Cisco have a program that can really give the authorized reseller the ability to act globally and locally at
the same time.  It’s always exciting when every member of the channel can work in synch on creative offerings wherein everyone wins.

Cloud Dynamics

We’ve been spending a significant amount of time on two cloud fronts (no pun intended).  First, helping companies understand their potential role and opportunity in the cloud, and second, how they can participate in this burgeoning marketplace without over-committing capital.

Westcon has begun the build out of our cloud platform wherein we continue our role as a distributor.  In the case of the cloud, we see our role as the distributor of cloud services to resellers, systems integrators and service providers globally.  Our partners can then utilize the Westcon cloud platform to provide those cloud services to their end-users/customers. The focus is on education and awareness in addition to the actual technology.  Our platform brings together offerings and markets.  What we will not do is compete with our customers or vendors who are interested in building out the infrastructure necessary for the actual cloud offering.  The Westcon platform is in production in the UK and is now being rolled out globally.  The platform is exciting, and we will have more formal announcements in the near future, but just as interesting and exciting is the ebb and flow in clarity of roles and opportunities within the cloud marketplace.

In the cloud, the traditional vendor to disti to serviceprovider/reseller to enduser dynamic can be turned upside down.  Traditional service providers are now building out infrastructure to house their cloud offerings, while traditional manufacturers/vendors are looking to their customer base to invest and house the necessary infrastructure to “manufacture” the cloud offering.  Not quite, but it almost feels like they are swapping roles within the channel. Some vendors are drawing a line, stating that they want to compete in the cloud, but only as a supplier of hardware and software.  And these vendors are approaching their customer base in a quest to have their customers “manufacture” the cloud service, based on the vendors technology.  This puts the capital onus on the customer base.  So, creative financing becomes more and more critical as these companies do not want to risk that much capital on an unproven market.  Distribution can, and is, stepping into the breach, sometimes quite creatively, to provide potential financing options.

Financing the capital investment required to build out cloud platforms is becoming another important component in the infancy of the cloud industry.  These issues are quite complex, and will take time to mature.  Hence our belief that we are still very, very early in the cloud era, with many unique opportunities in front of every player in the channel.

Hot, Not Hot, and Be On The Lookout For….

Hot

– Flat network – already discussed in earlier posts, but continues to remain an early, “going to get hotter”, topic. Each of the vendors is, or has, recently made significant announcements about their converged Ethernet/fabric/2-tier/1-tier offerings.  Driven in large part by the need for a data center network with lower latency, optimized for virtualization, the network is the data center, and the data center is the network.

– Data Center to Data Center networking – really a subset of the above, but there are nuances such as WAN Acceleration technologies specifically designed for DC to DC as opposed to DC to Campus. This nuance will become more and more of a marketing issue for those better positioned as opposed to those perhaps not really in that DC-to-DC space.

– SBC’s – starting to get the recognition of their importance relative to their role in UC. They can be considered the switch/firewall equivalent for VOIP/UC. As companies and the public overall migrate to VOIP and SIP, SBC’s become critical. Expecting steady growth with an inevitable over-hype by the media once they understand the technology in the next few months.

– Cloud failures – the stories will remain hot for a while. In addition to service failure there will be offering failures – established vendors pulling out of initial cloud forays.

Not Hot

– Cloud success stories – this will take a backseat for a while, but cloud successes will definitely continue nonetheless.

Be on the lookout for:

– Virtualization security – as vendors continue to realize the exposure that virtualization presents, more and more messaging and positioning will appear. The exposure is two-fold. First, the obvious – a new layer in the stack introduces new opportunities for bad people to do bad things. But second, perhaps not as obvious, is the governance associated with the potental consolidation of previously physically separate servers/applications/data onto one single physical server. The IT group doing the consolidation may not recognize the compliance risks they are introducing.  And potentially even more interesting, the hypervisor doesn’t have a mechanism to process business rules associated with the company’s compliance or regulatory policies yet.

– POE – probably not the most exciting discussion point, but POE dedicated vendors have technologies coming out that can help support the powering of all the new video demand going on in the network. This is especially important for the growth of outdoor video/signage (think stadiums and traffic). Many of the vendors embed POE, but some of it is “just enough” and really does not provide the flexibility companies will need as they grow their video usage.

– Tablet Videoconferencing – there is definitely the potential for a schism to appear. I think it is already appearing. We could end up with high end videoconferencing rooms and many low-end video conferencing end points being tablets. The issue over video quality is over. Pretty much every device now has HD capabilities. With the growth of tablets, I pads or Android, the consumerization of IT is forging some new paths in video and UC.

Identity and Access Management (IAM)

The ability of an organization to rapidly search, identify and verify who is accessing the systems is a critical aspect of meeting security and compliance requirements for the organization.

An Identity and Access Management (IAM) solutions tool is often deployed in order to achieve these goals.

In its simplest form, IAM ensures the right people get access to the right resources at the right times for the right reasons.

Technology is only one the components of IAM. Both processes and supporting tools are critical elements of an efficient IAM strategy.

I will concentrate on the technology aspect of IAM. In particular I will focus on the Single Sign-On piece in this blog . Future blogs will attempt to look at other IAM technologies.

Broadly, IAM comprises the following technology components:

• Authentication: Traditional way of authentication is by means of username and password. There are products that provide methods that are stronger than passwords.
• Authorization: Grants and enforces access
• Enterprise Single Sign-On: Enable users to authenticate once and then be subsequently and automatically authenticated to other target systems.
• Federated Identity Management: Enables identity information to be shared among several and across trust domains.
• User Provisioning: Includes creating, modifying and deleting user accounts and privileges.
• Web Access Management: offers all of the above for Web-applications.

Enterprise Single Sign-On (ESSO)

Let us for a second imagine a home that comprises of at least 15 rooms (mine is much less) and each room is always locked with a set of keys. Including the main entrance, there will be at least sixteen different keys required to gain access to all of the rooms. The more rooms one needs access to, the more keys one would need to carry.

Life will be much easier for the home owner and anyone that requires access to multiple rooms if there was a master key that can open all the doors (that one have permission to).

Take this analogy and apply it to the IT network;

• House = IT network
• Rooms = Applications on the network
• Person = Username
• The Key(s) = Password

To gain access to any IT network, one generally requires a username and password. The system combines the username and password to represent the identity of the person requesting access to the network.

Gaining access to the network does not necessarily mean that one have access to all the applications on the network. For example access to the HR applications will be restricted to only the HR personnel and this will usually mean another set of username and password.

The more applications you have, the more username and password to manage. Managing a distributed security issues associated with duplicate identity stores is a nightmare for both the end users and IT administrators.

The concept of a master key on the IT network, known as Single Sign-On, is one way of addressing the issue of multiple usernames and passwords.

Single Sign-On (SSO), sometimes called Enterprise Single Sign-On (ESSO) enables users to access all their applications with a single password.

Originally, SSO was to be achieved by developing all applications and tools to use a common security infrastructure with a common format for authentication information.

Creating a common enterprise security infrastructure to replace a heterogeneous infrastructure is without question the best technical approach. However, the task of changing all existing applications to use a common security infrastructure is very difficult.  In addition there is a lack of consensus on a common security infrastructure.

SSO solution as we have it today is implemented more like a proxy; you have the SSO application usually placed between the resource to be accessed and the user (identity) who needs to access the resource.

All applications that use the SSO as a proxy, will have given the SSO application “authorisation” to check users’ credentials on their behalf.  The SSO application will also have a record of all the different permissions and access levels of every authenticated user.

Some Benefits of SSO

For end users

• Only one password to remember and update, and one set of password rules.

For (IT) operations

• A single common registry (directory) of user information.
• A single common way to manage user information.

Security advantages

• Easier to manage and protect common registry.
• Easier to verify user security information and update when necessary rather than tracking down all operational systems. This is particularly valuable when users move to new roles with different access levels.
• Common enterprise-wide password and security policies.
• Users less likely to write down passwords since they only have to remember one.

The key to a successful implementation of SSO is planning. It is crucial that organisation choose the right solution; one that will scale and seamlessly integrate with the other IAM components.

With the ever growing list of security and compliance rules and regulations, the adoption of IAM technology amongst organization of various sizes will continue to grow.

Tablets for the Execs

I have an iPad.  I love it for home use.  And I think it has some significant value in business today.  But the one thing that I don’t understand is the value of an iPad for senior executives. 

Often, senior executives are traveling on planes.  The iPad’s form factor is ideal for this.  And, most senior exec’s live in their email.  They get so much of it.  What confuses me is that if your email platform is Exchange (and I believe the same holds true for Notes) you cannot delete email or move email into folders if you are using an iPad on a plane without wifi.  I am guessing Apple will fix that some day, if they actually think it is a flaw.  But it is really important for senior execs to be aware of this gap in functionality. And, for the exec to understand that it isn’t up to IT to “fix it” – we can’t.

For a CIO, one of the toughest challenges is helping senior executives keep their email managed properly.  Their inboxes can get huge fast, and even with the proper policies and archiving capabilities, senior execs must still aggressively manage their emails almost every minute of the day.  Ideally, being on a plane is a perfect time to tidy up their inbox.  The iPad’s form factor is perfect for that.  Just be aware that if your execs ask for an iPad that they understand the limitations.  It won’t help you help them.

PS – although not an advertisement for Android – my Xoom does allow me to manage emails completely on a non-wifi plane.

CIO Empathy

Last week I attended a small, informal breakfast for CIO’s, mostly located in the New York City area.  The event was well run, with no hidden agenda, and was genuinely about getting CIO’s to talk about their challenges and foster stronger relationships.  We talked about business alignment, challenges with mobile technology (Apple, Android, and enterpise access), security, social networking, fostering innovation, the concept of IT as a profit center, and the day to day joys and misery of being a CIO.  It was about 2 hours.

After the session, I went back to my office and later that afternoon met with my boss for a weekly one on one.  He mentioned in the meeting I seemed more upbeat than I have in a while.  We have been in the midst of some very, very complex projects, and there have been some extremely high highs, and extremely low lows, and I tend to be more impacted by the lows than the highs.  So I have been pretty worn out.  But, I have to say, after that breakfast with the other CIO’s, I have been feeling better.  And, I guess it was noticeable to my boss.  I was more positive in my thinking, comfortable with talking about some good news, and looking at some of the challenges in a more positive light.  I joked with him that I had just come from this CIO breakfast and realized that there are others out there who have just as many problems, or worse, and that the breakfast was a bit like therapy.

The day after that, I read this article from one of the bloggers at HBR and it really hit home.  The blog is on empathy, and how a leader can utilize empathy to be a better leader.  It is a great article.  But it also got me thinking about the CIO breakfast, and that once in a while you just need to talk to some peers who aren’t trying to sell you anything, aren’t trying to “fix it for you”, but have the look in their eye that says, “yeah, I know what you mean”.

The point of this post isn’t so much to talk about a great breakfast meeting or a great article on leadership and empathy.  The point is, that for the channel, there is a great opportunity for you to create this type of environment for your customers – getting them together informally, in small groups of similar backgrounds – to discuss their issues in a non-sales/non-solve-it-now, kind of environment.  The company that ran the breakfast was relatively new to me, but I am now a loyal friend or partner.  They didn’t sell me anything, but they helped me out alot more than they realized.  These types of sessions can be relatively cost effective for you to have with your customers.  You won’t see a dime in the immediate term, but you should expect (if you pick the right mix of participants) to see a stronger, longer, deeper relationship over the long-term.

What is a Private Cloud ???

I recognize that the media has moved the term “cloud computing” into an over-hyped state.  But, as a CIO, I also know that there is real value in utilizing the cloud.  The “Public” Cloud.  What has me concerned is that the media is now calling everything “the cloud”, breaking it into public cloud services and private cloud services and I think I am missing the point with “Private Clouds”.

The categories of “cloud services” are, in simple terms:

1. Infrastructure as a service(IAAS) – this is the “storage as a service” or “compute as a service” type offerings.

2. Platform as a service(PAAS) – this is the Amazon EC2 or Microsoft Azure type offerings.

3. Software as a service(SAAS) – this is the Salesforce.com type offerings.

One of the most appealing aspects of the cloud is that the cloud concept is based on a “pay by the drink” model.  You only pay for what you use.  When you’re not using it, you don’t pay – like a utility.

But this is where the benefit of the private cloud seems to break down.  It breaks down on two levels: First, as a CIO do I have or want to invest in having the capability to provide my enterprise with a pay-by-the drink model and the associated billing functionality and; Two, even if I had the capability, do I really want to have that as the model for my enterprise IT service?

The above presumes that when one talks about a private cloud they are not just talking about virtualization.  Virtualization is a great opportunity to more effectively and efficiently manage the data center.  Westcon’s data center is 100% virtualized.  We are a big proponent and find great value in virtualization.  And, the underlying principle that accelerates cloud offerings really is virtualization.  But, by definition a private cloud is more than just a virtualized data center.  The CIO delivering a private cloud has to provide the abovementioned cloud services while doing so with a pay-by-the-drink billing capability, competitively priced.

There has to be more.  For example, even if tomorrow the CIO made IAAS/PAAS/SAAS offerings available to his or her business units with a pay-by-the-drink usage tracking and billing capability, are the internal business units prepared to take on the responsibilities associated with consuming such services.  I know it’s been very fashionable to question the value of IT, but the truth of the matter is that every well-managed firm utilizes IT to compete more effectively.  Can the CIO compete with the public cloud offering on price, and still provide the competitive value inherent within a business-process savvy internal IT organization. Few CIO’s can compete with Google or Microsoft on price.  Therefore the CIO is then left with monetizing the infrastructure sitting in the enterprise’s data center.  And, the CIO must either monetize the business process services inherent within IT or dismantle those services.  This will not create value for the enterprise.  And I doubt the CFO wants to hear about all the capital infrastructure write-offs the CIO would need to incur to become price competitive.

There is no doubt that the public cloud can create value for the CIO and the enterprise.  But it requires proper planning, and its value in the short term is incremental.  But the concept of the private cloud is different.  It requires a substantial upheaval within the IT organization as well as within any business unit that relies on the IT organization.  It is unclear to me where the cost/benefit is within that internal upheaval.

Then again, if the private cloud is really just virtualization, then let’s just call it virtualization, and reinforce the value of virtualization’s benefits.