I spent the last few days at AWS re:Inforce 2019, here in Boston. It was my first AWS event and I came away with a few strong impressions:
Insight
-
-
Extreme will be celebrating the 4th of July holiday with its latest acquisition, Aerohive. In what seems to be a trend for Extreme, it was able to pick up the company for a good price (especially when compared to other recent WiFi acquisitions). The big difference, however, is that in this case it did not just acquire the assets, but rather the whole company. Translation – this one should be a bit smoother, more predictable and hopefully lacking surprises! -
The big news in Las Vegas this week was HPE’s decision to go all in on “as a service.” Emboldened by its success with GreenLake, Antonio Neri announced the entire HPE portfolio would be available “as a service” by 2022. To be clear, HPE will continue to sell products via traditional CapEx methods, as well, offering its customers choice. Its premise is that it believes that cloud is not a destination, but rather it is an experience and so this announcement challenges the notion that cloud first equals public cloud only, and deliver the same cloud experience with Greenlake. The new “as a service” option will include subscription, pay-per-use and consumption models and fall under the GreenLake brand. -
The technology industry moves at a blistering pace. New shining stars of innovation emerge constantly. And leaders that once dominated the market landscape can quickly get pushed to the wayside.If HPE Discover 2019 showed me anything, it is that HPE will not be pushed around or aside. The company that has long claimed to be built on innovation has found its footing. HPE Discover 2019 was HPE’s message to the IT industry that the innovation has never stopped.
-
I recently had the opportunity to connect with Avon Puri, Rubrik’s CIO and Sveta Shandilya, Rubrik’s Head of IT Planning and Operations. The company has also recently made a significant IT hire in Rinki Sethi, who joined as CISO.
I was curious to know how a fast growing “digital-native” organization (i.e., 10 years or less of existence – Rubrik was founded in 2014) leverages its own technology and for what purposes. You know, the old “dog food” concept.
How do you go in five years from a few to over 1500 employees, keep introducing data protection solutions to the market, and make the whole thing work? (more…)
-
Before GDPR became official in May 2018, I heard a similar story from many CISOs. In the past, data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which data was considered as private and what could and could not be done with sensitive data.
GDPR changed everything. Data privacy is no longer a background legal project but rather a set of business-critical processes, and this impacted the cybersecurity team. CISOs were asked to utilize their operational expertise to help operationalize data privacy programs.
Not surprisingly, CISOs dragged the cybersecurity team along for the data privacy ride. According to a recent research report from ESG and ISSA, 40% of cybersecurity professionals surveyed say that the cybersecurity team has taken a significantly more active role around data privacy over the past 12 months while another 44% claim that the cybersecurity team is somewhat more active around data privacy during this timeframe.
Now it’s important to remember that cybersecurity pros aren’t exactly waiting around for things to do. In fact, the research indicates that 74% of organizations have been impacted by the global cybersecurity skills shortage, resulting in an increasing workload for the infosec team. Add data privacy responsibilities to the list.
Piling data privacy responsibilities onto an already overwhelmed cybersecurity staff comes with some risk. To mitigate this risk, cybersecurity professionals should receive appropriate data privacy training, roles and responsibilities should be well defined, all data privacy processes should be documented, and the cybersecurity team should have the proper data analytics tools to monitor program successes.
Unfortunately, this isn’t happening. The research indicates:
- 23% of survey respondents don’t believe they have received the right level of training for their tasks related to data privacy.
- 21% of survey respondents don’t believe that the cybersecurity team has been given clear direction around their responsibilities for data privacy.
- 17% of survey respondents believe that the cybersecurity team is generally uncomfortable with this new data privacy responsibility.
Too often, privacy and security are thrown in the same bucket, but this is a mistake. Data privacy is all about data classification and lifecycle management of sensitive data (i.e., who can access it, where it should be stored, how it should be destroyed, etc.). Alternatively, security teams are responsible for building, maintaining, and monitoring walls around sensitive data.
Yes, GDPR, the impending California Consumer Privacy Act (CCPR) will bring security and data privacy closer together, but this merger should be done carefully, not haphazardly. The ESG/ISSA data demonstrates that there’s a lot of work ahead to bring data privacy and security together in a way that mitigates risk and doesn’t disrupt ongoing processes.
-
Last week, I attended Cisco Live US in San Diego to hear the latest and greatest from Cisco executives and technology leaders. Following Cisco’s campus refresh a couple of months ago, the company continued to execute against its Intent-based networking imperative with a number of announcements aimed at making your network solutions smarter, simpler, and more secure.
-
In the cybersecurity world, we cheer when companies are as successful as CrowdStrike in their recent IPO. This kind of success helps fuel the energy level across the entire cyber industry, rising the tide for all who are focused on keeping the world safe from cyberattacks.
Winning in this market requires more than just a deep understanding of cyberattacks and how to stop them. It requires a deep understanding of what challenges organizations are facing as they strive to protect themselves while their attack-surface grows, amid a growing base of adversaries who are innovating at a pace that rivals many of the world’s most successful tech companies.
-
On-premises integration is vital to hybrid cloud strategies. Many organizations have an on-premises-first mindset as they begin to formulate their hybrid cloud strategies. According to Enterprise Strategy Group research into hybrid cloud trends, when asked to identify the most important consideration in these decisions, more than half cited seamless compatibility with their on-premises infrastructure. Furthermore, nearly three-quarters of organizations stated that it was critical or very important that public cloud service providers offer solutions that integrate with their on-premises environments.
The majority of organizations still view on-premises as important. In fact, nearly nine of ten organizations expect to have a significant (35%) or measurable (54%) on-premises environment in three years.
Clearly many organizations have an on-premises-first mindset as they begin to formulate their hybrid cloud strategies. When asked to identify the most important consideration in these decisions, more than half (51%) cited seamless compatibility with their on-premises infrastructure.
So, this makes sense considering the decades of on-prem IT infrastructure and process, but IT pros have to be careful not to just move a problem from point A to point B. Cloud consumption strategies should inspire innovation and opportunity to embrace cloud services…even for IT pros who have spent their lives in a data center.
From an IT vendor perspective, the hybrid cloud market is fired up. Traditional on-prem hardware infrastructure OEMs are scrambling not to be vaporized while public cloud hyperscalers like Microsoft Azure, AWS, and Google are all backing down on the on-prem footprint. The fascinating part is how approaches vary. Microsoft partners with traditional hardware OEMs to land Azure Stack integrated systems on-prem. AWS drives a semi-trailer truck into the parking lot for exabyte-scale data transfer and is backing the bus up to drop off Outposts into the on-prem data center. On the other hand, Google is standing out as the only vendor among the hyperscalers to beat the drum on multi-cloud support with Anthos, which is focused on container management.
Yes, on-prem is important, but the IT pros I speak with are closing data centers and shifting strategies toward cloud consumption models. The on/off-prem workload is in an unbalanced state while the center of gravity shifts toward public cloud consumption.
-
Given the increasing complexity and scale of IT environments, it is becoming clear that technologies like artificial intelligence (AI) and machine learning (ML) will be required for operations teams to effectively and efficiently manage these environments. This is especially true for the network in highly distributed environments, since it plays an integral role in connecting data centers, clouds, and edge environments. Cisco wants to make its intent-based networking (IBN) solutions smarter, simpler, and more secure by adding AI/ML and multi-domain integration. At this year’s Cisco Live in San Diego, Cisco announced its latest innovations for IBN, AI Network Analytics, along with tight domain integration and additional AI/ML support in DevNet.
-
Cisco held its annual customer event, CiscoLive, in San Diego this week, while hosting industry analysts like me at C-Scape. As part of the agenda, the Cisco security team provided details on its present position and future strategy. Here are a few of my takeaways: -
Sophos announced that it acquired Rook Security and entered the managed detection and response (MDR) market. Channel consideration was of paramount concern in the go-to-market strategy. Sophos’ entrance into MDR will help address a growing requirement in its customer base. Sophos must execute integration, customer retention, and partner success in lock step to achieve its “cybersecurity evolved” goal of creating “an intelligent, integrated system.”
Extreme will be celebrating the 4th of July holiday with its latest acquisition, Aerohive. In what seems to be a trend for Extreme, it was able to pick up the company for a good price (especially when compared to other recent WiFi acquisitions). The big difference, however, is that in this case it did not just acquire the assets, but rather the whole company. Translation – this one should be a bit smoother, more predictable and hopefully lacking surprises!
The big news in Las Vegas this week was HPE’s decision to go all in on “as a service.” Emboldened by its success with GreenLake, Antonio Neri announced the entire HPE portfolio would be available “as a service” by 2022. To be clear, HPE will continue to sell products via traditional CapEx methods, as well, offering its customers choice. Its premise is that it believes that cloud is not a destination, but rather it is an experience and so this announcement challenges the notion that cloud first equals public cloud only, and deliver the same cloud experience with Greenlake. The new “as a service” option will include subscription, pay-per-use and consumption models and fall under the GreenLake brand.
The technology industry moves at a blistering pace. New shining stars of innovation emerge constantly. And leaders that once dominated the market landscape can quickly get pushed to the wayside.
Before GDPR became official in May 2018, I heard a similar story from many CISOs. In the past, data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which data was considered as private and what could and could not be done with sensitive data.
In the cybersecurity world, we cheer when companies are as successful as CrowdStrike in their recent IPO. This kind of success helps fuel the energy level across the entire cyber industry, rising the tide for all who are focused on keeping the world safe from cyberattacks.
Cisco held its annual customer event, CiscoLive, in San Diego this week, while hosting industry analysts like me at C-Scape. As part of the agenda, the Cisco security team provided details on its present position and future strategy. Here are a few of my takeaways: