Why Information is like Cognac

Nectar of the godsWith apologies to Chuck Hollis at EMC and James Governor at RedMonk I decided to take a crack at this whole “Why Applications are like fish and Data is like Wine” meme by extending it to posit that Information is like Cognac. Now, I’m not usually one to kick a dead horse but I think that all the talk of Big Data has maybe obscured something that I view as a problem with Big Data: knowledge workers don’t consume data, they consume information. I see Big Data as a problem quite frankly, and the IDC Digital Universe Study put it in context. If Big Data is the problem, Big Information is the goal, and to get there we need automation and analytics. So if you’ll bear with me I’ll share how I think Information is like cognac.
Continue reading Why Information is like Cognac

Share

The ever expanding Digital Universe

IDC Released their 2011 Digital Universe Study and the results are pretty amazing: data is doubling every two years! This is the fifth year that the IDC has released this study and each year I continue to be surprised by the results, just when I think things have started to reach terminal velocity around data growth they accelerate more. Currently data growth is outpacing Moore’s Law, suddenly the phrase Big Data just doesn’t seem to cut it any more. There are all sorts of findings in the study and the repercussions for our industry will require many changes.

I recently wrote here about the need for automation in security, and Christopher Hoff has suggested some practical ways to get started here and has started an initiative around Security Automata here. This is one of the ways that the growth of data is impacting security, the very framework for how we approach protecting assets needs to change in light of the deluge of data. Continue reading The ever expanding Digital Universe

Share

Security needs Automation

"Automation in Industry"Recently there’s been some chatter about the role of automation in Security and whether it is appropriate or not as a business strategy much less a security strategy. Jeffrey Carr states that EMC’s wrong that automation is an efficiency and security necessity and that you shouldn’t automate because “An automated solution will never stop a customized attack because the attack was designed to circumvent it!” (his emphasis). First, if there’s one thing I’ve learned over the last twenty years you should avoid absolutes when talking about security. Second, not automating something because someone may develop a solution to defeat it is like not brushing your teeth because it may not prevent all cavities. This seems like cutting off your nose to spite your face. Jeffrey seems to conflate EMC recommending automation in security as a necessity for efficiency’s sake and abandoning all other security policies and methods. It certainly makes for good headlines, but I don’t think that people would read the three articles/whitepapers quoted and really think that EMC is going with an “automation is everything” approach. Continue reading Security needs Automation

Share

Join Us!

I’ve mentioned in the past just how much I enjoy working at EMC and since posting that I’ve been privileged to be able to continue hiring outstanding consultants and architects for EMC Consulting.  In addition to the satisfaction of having happy customers, being able to continue to grow the ranks of our talented organization is a real point of pride.  The Cloud and Virtual Data Center practice within EMC Consulting is currently hiring in North America and we are looking for flexible, creative subject matter experts who can help our customers achieve their aspirations while growing their careers within EMC.  I truly believe that EMC Consulting is the place for you if you are looking to help large companies plan and implement their next iteration of IT.  Please check out the positions listed below, or feel free to drop me a line at edward dot newman at emc dot com.

Southeast:
•    Sr. Practice Consultant – 61302   (4 open positions)
•    Practice Team Lead – 61306   (1 open position)
•    Practice Manager – 61301   (1 open position)
West:
•    Sr. Practice Consultant – 61314  (1 open position)
•    Practice Manager – 61315  (1 open position)
Central:
•    Practice Team Lead – 61316  (1 open position)
Northeast:
•    Sr. Practice Consultant – 60655 (3 open positions)
•    Practice Manager – 50999  (1 open position)

Applying to a position with EMC:
1.    Click on the following link – http://www.emc.com/about/jobs/index.htm
2.    Click on the “Apply Now”
3.    Enter the five digit req. number into “Requisition ID “ box
4.    Hit Search
5.    Check of the box and submit to position
6.    Candidates will need to register if they are not already in the system

Share

Trusted Cloud

More and more I’m hearing that it is no longer a matter of ‘if’ clients will use cloud computing in some way but a matter of ‘how’ and ‘when’.  Security is often listed as the number one concern regarding cloud adoption in surveys of EMC and VMware customers, and an informal poll at VMWorld reflected that as well.  Why the need for a Trusted Cloud?  Well by now people have figured out the benefits of cloud computing outside just the evangelist ranks and are looking to use it within their enterprises, authorized or not.  The “consumers” within the enterprise really want the provisioning, management and reporting promised by the cloud and they are willing to go around IT to get it in some instances.  So if “consumers” are already using cloud, and more and more of them want to be, we need to figure out a way to inject security and compliance into those services.  VMware’s been doing their part with the launch of the vShield security portfolio last week, but that is only part of the equation.  So what is the Trusted Cloud?  It’s a cloud that assures that the right people have access to the right services, applications and information via a secured infrastructure.

I’ll be hosting an EMC Live! webcast tomorrow on the topic and some best practices for beginning the implementation of the Trusted Cloud.  You’ve got to start with an analysis and rationalization of your application portfolio in order to understand how and where trust needs to be incorporated in your transformed environment.  The rationalized application portfolio feeds into your service portfolio analysis:  what are the appropriate application or service architectural models for your environment?  This is the basis for your cloud strategy and cloud sourcing model:  what are the services that I need to provide my customers and where can they be sourced from?  From here you define your services, policies and controls via ITIL or whatever framework you prefer, document them in your Service Catalog, and then publish them via a Service Portal.  The goal is to provide an end-to-end unified look and feel across the different delivery models with the trust attributes integrated into the environment.

Building the Trusted Cloud

If you’re interested in learning more please join me on September 9th at 11:00am EST for the EMC Live! webcast:

The GRC-Enabled Cloud

As cloud computing becomes more pervasive, one of the most important business questions concerns governance, risk, and compliance (GRC).

How can you achieve business agility and lower costs, while still ensuring that security and compliance issues are resolved?

Attend this webcast and you will:

Understand how to incorporate GRC considerations into the IT services provided by private cloud

Learn best practices from recent private cloud customer deployments by EMC Consulting

See how you can take advantage of private cloud initiatives to meet future requirements for GRC

Find out how defining IT services can help you incorporate public cloud capabilities into your private cloud without compromising security and compliance

Share

What a View!

It’s been a great VMWorld so far, and today’s announcements only add to all the buzz amongst the attendees.  I’ve always seen VDI and application virtualization as a way to extend the security, compliance, and availability of the data center out to the end users and VMware’s announcement of VMware View 4.5 with enhancements to security, “check in/check out” and an improved user experience helps further that vision.  Security and compliance has long been a key driver for the adoption of virtualized desktops and VMware delivers with the ability to combine RSA enVision, SecurID and DLP with guidance from an updated RSA SecurBook into your desktop solution.  I think that a ubiquitous and consistent end user experience is vital to the realization of Private Clouds regardless of whether the user is  on campus or not.  It’s not just about a product of course, although EMC and VMware together provide a very robust stack to build upon, you’ve got to approach your virtual desktop infrastructure as a transformation of the desktop, taking the design of the desktop, the virtual infrastructure acting as the delivery mechanism, deployment and migrations, application virtualization, security and systems management all into consideration for your solution.

Desktops have been a growing nightmare for IT organizations, so many different hardware profiles, OS builds, application portfolios, user communities, deployment methods, sprawl, process confusion and dubious security, not to mention spotty backup and recovery capability.  Security has long focused on the end-points as a way to control risk, I’m willing to bet we’ve got more laptops and desktops than we do routers.  And we hire very smart people and give them tools that may or may not meet their needs, a recipe for disaster really.  Desktop and application virtualization affords us the opportunity to do a global reset on a lot of that, pulling back data, applications, and profiles to the virtualized data center or Private Cloud giving your users a secure and compliant set of tools to do their work.  You’ve got to provide an environment that’s not only trusted, but also predictable, IT needs to understand the performance, scalability and interoperability of their virtual environment and application portfolio.

Layer into all of this the fact that many organizations are looking to move to Windows 7 and want that process to be easier than Vista and XP iterations were.  A holistic approach to desktop virtualization can leverage VMware View 4.5 to provide an easier upgrade path for the OS and the opportunity to do security right, building it in from the design of the solution rather than as a bolt-on after deployment.  The number of remote and mobile users is growing every year: security, compliance, systems management and performance concerns are growing along with them.  VMware View 4.5 and the tight integration with RSA’s security products running on top of EMC Proven Solutions for intelligent information infrastructure goes a long way in providing the foundation for an engaging, secure, and compliant end user experience, one of the key promises of cloud computing.

Taking a targeted approach for the implementation of a virtual desktop infrastructure to the most sensitive or highest change environments, like app/dev, is a good way to make use of the enhanced capabilities of VMware View 4.5 and the integration with RSA.  Providing access to a dev/test environment via VDI is a great way to amp up security and compliance if you’ve got a lot of development initiatives always underway or you’re working with offshore resources.  You can extend the security and compliance of a cloud service by making it accessible only via a VDI client, all data now lives in the cloud, secure and available.  Developers, or consultants, working on multiple projects?  Multiple VDI sessions rather than multiple laptops or desktops.  Gain successes and efficiencies and continue to expand the deployment of your VDI solution on their strength and ever important word of mouth.  At EMC we’ve talked about the concept of Information Lifecycle Management for a long time: get the right information, to the right people, at the right time, with an optimized cost structure.  Well RSA takes that concept and extends it with their integration with VMware View 4.5: allow the right people access to the appropriate data via a trusted infrastructure.

Share

EMC World 2010

The first two days of EMC World 2010 have been that familiar and welcome mix of hectic and inspiring. This is my fourth EMC World and I continue to get to increase my level of participation year after year. I started with on presentation, then a presentation and a BoF session, then added participation in the analysts section and the inaugural blogger’s lounge and this year all of that plus the media session and the executive track. I am continually amazed by the level of participation of our executives, customers and partners. This year I’m lucky enough to share in the experience of having the area I spend the most amount of my time and energy on, the Private Cloud, be the organizing theme for the entire conference. Talk about feeling front and center. I’ve heard from analysts, the press present, customers and our partners that our messaging this year has incredible cohesiveness and vision. I certainly can’t take credit for that but am happy to hear that it is enabling those attending to get even more out of the event. The continued integration of our social media efforts into the conference as a whole is really paying off from what I can tell, an incredible number of hits to the micro sites, tons of Twitter traction, live blogging and even Joe taking part in a video blog from the Cube! Very cool stuff.

It would seem that having the conference in Boston has really amped up the media and analyst coverage, which I think is great. I had so many good, thoughtful conversations with the media this afternoon and am grateful for all the time they dedicated to my little corner of EMC. We really had some top notch reporters and thought leaders engaged with us from the press, I’m looking forward to seeing the output from the sessions this afternoon.

I’ll be dedicating a future post to some of the key announcements soon, I’m really excited about the possibilities they open up for cloud enablement and how our portfolio continues to grow. All in all I think this has been the best EMC World yet and I hope to get to run into you at the remaining sessions or to get your feedback via the comments or Twitter.

Share

Strategies for Private Cloud Initiatives

Later this week I’ll be presenting as a part of our EMC Live! webcasts on Building Strategies for Private Cloud Initiatives. I’ve been thinking more about what EMC’s Private Cloud vision means and how it is being implemented by our customers.¬† The initial idea of Private Cloud being a destination, part of a linear progression does a bit of a disservice to the whole concept of cloud computing and the control and choice offered by these new models.¬† Many companies are already thinking about Private Cloud as an approach to balancing their IT Service portfolio across internal and external resources based on criteria like cost and risk.¬† In my opinion, and I think EMC’s strategy and approach on Private Cloud bears this out, Governance, Risk Management and Compliance (GRC) is what makes the Cloud private.

Organizations have had a portfolio approach to IT for quite some time, now the various components within that portfolio might have started out as Mainframe, Open Systems and x86 in their own data center, or it could’ve been App Dev/Test and Pre-Prod in their data centers and Production at a hosting facility, and many, many other permutations.¬† Until recently there have always been pretty significant differences between those IT Services in the Portfolio and usually different management interfaces, organizations, reporting, etc. associated with each of them.¬† I posit that an integrated GRC framework with a Unified Service Portal not only bind the portfolio together and provides commonality in terms of how IT’s customers provision, manage and report on their services, but that they provide the framework for efficiency, control and choice which are the hallmarks of EMC’s Private Cloud vision.¬† This allows, as the portfolio matures and the GRC framework becomes more integrated, the CIO to deliver against the CEO’s expectations of cost reduction, the CISO/CLO’s expectation of a secure and compliant environment and his or her own expectation for more automation and transparency.¬† The goal then becomes not having only one method of computing achieved via a linear transformation of IT, but rather a portfolio of services delivered via several methods that is balanced for cost and risk with the ease of consumption and transparency of the public cloud and all the security and compliance associated with the data center.

I’ve geared my presentation for Thursday to address some tactical approaches to implementing such a strategy with achievable early successes to build momentum for the adoption of the model.¬† I’d welcome discussion, questions, another perspective via the comments, engagement via Twitter or on the webcast session.

Please feel free to register here and join in the conversation:

EMC Live Webcast:
Create an Architecture and Roadmap for Your Private Cloud

Thursday, May 6, 2010
8:00 am PT / 11:00 am ET / 15:00 GMT

Register Today!

The private cloud vision has captured the attention of enterprise IT leaders and strategists because it promises unprecedented economies of scale and dramatically improved business agility.

EMC Consulting experts can help you find the best path to the private cloud by leveraging virtualization, pooling enterprise resources, and adopting a service-oriented model.

Attend this webcast and learn how to:

  • Identify the key attributes of a private cloud architecture
  • Establish a business case for private cloud
  • Develop a high-level architectural plan for private cloud
  • Transform operations into a service-oriented, self-service model
Share

Private Cloud is the new paradigm

Everybody’s talking about Private Cloud these days, and I think that’s great. There have been a number of really good posts and articles about it lately and I think the more people writing and thinking and implementing Private Cloud strategies and ideas the better. An informative and frankly tactically -in the best sense of the word-focused article I’ve enjoyed is A Private Cloud is Called IT by Mike Fratto over at Network Computing.

Mike, thankfully, begins by defining terms stating that a Private Cloud is one which is “wholly hosted in your data center”. I think this is the most realistic definition at the moment and my hope is that soon we will be able to extend that to be one that is managed, provisioned, secured and is compliant as if it was wholly hosted in your data center. I think he’s underestimating some of the benefits of the Private Cloud at this point versus an IaaS solution primarily because I’ve yet to see an apples to apples IaaS offering. The service levels, availability, performance, etc. just don’t exist to compete against a Private Cloud. The cost savings associated with Private Cloud are dramatic when done at scale, and I certainly haven’t seen many organizations doing IaaS at similar scales, it’s just not realistic at the moment. That being said the savings disparity between the solutions is a temporary one, the Public Cloud solutions will catch up, as will the bandwidth capabilities to allow massive migrations to them. In the meantime, the next 18 to 36 months in my opinion, Private Cloud certainly is the way to go, better savings, better security, better compliance, and more easily implemented and more importantly more easily migrated to. Let me add the caveat again, at scale! Taking 1 application, a set of call center users, a dev environment, etc. is not at scale. I’m talking entire lines of business, entire data center, or class of applications. Mike is absolutely on in regards to the steps required to get you to an automated data center, or Private Cloud and nails the reason for doing so: “leaving you with more time to work on more interesting tasks”. Or to put in my vernacular: allowing your engineers and architects to work on innovation and new offerings for the business rather than keeping the lights on. There are many studies out there that show that IT spend is focused mostly on keeping the lights on, some estimates are as high as 75%, and not on innovation and new services for the business.

Private Cloud is the new paradigm of IT, it’s not a sea-change, or a bolt from the blue, but I believe the next evolution of enterprise IT. Mike does a great job listing out several key steps specific to his realization of an automated data center that help enable the Private Cloud. His are very focused on the Infrastructure component of the transformation required. I think that there are two other key components in the transformation to Private Cloud: Applications, what is my right-sized Application Portfolio, what is my cloud sourcing strategy for those rationalized Applications, and how can I develop new Applications that benefit from the new paradigm; and Governance, what are the policies and processes required to manage the new paradigm, what do I automate, how do I secure the environment, what is the fewest number of IT controls I can implement to be compliant and what is the unified console that provides be the transparent insight into my environment from resource management, risk and compliance perspectives. It’s important to make progress against the Application, Infrastructure and Governance components in a relatively lock step fashion, getting too far out ahead in the maturation and implementation of one of the components leads to poor benefits realization efficiency and can actually cause the other areas to regress.

Share

The Web at 20!

The most recent edition of EMC’s ON Magazine contained a whole series of articles and musings celebrating the Web at 20 years and imagining what the next 20 years will bring for it. The EMC Community of bloggers has taken this meme and shared a number of very cool stories and ideas. I’ve been tagged by Christine Christopherson, one of our very talented user experience designers, to contribute my story and ideas for the future of the Web. Like my fellow EMC’ers I’ll be addressing the following three questions:

How has the web changed your life?
How has the web changed business and society?
What will the web look like in 20 years?

How has the web changed my life?
I was a research assistant in the Physics Department at the University of Notre Dame during the summer of 1991 working with Prof. Carol Tanner’s team researching Optical Atom Traps. The lab I was working in was not too far away from the computer lab with the recently acquired NeXT workstations. These things were exceedingly cool as up to that point I’d only been exposed to Apple II’s in my rudimentary programming classes and rather clunky IBMs that my Dad got through work. There was a team at CERN that was doing very similar work to the ND team and they were publishing their notes and results to an internal system utilizing the CERN httpd server, which funnily enough ran very well on NeXT. At this point I’d never heard of Tim Berners-Lee or his grand vision, it was simply regarded as the next wave of Physics documentation management. I remember being a little dismissive of it at that point, mostly because I was just in love with lab notebooks and couldn’t see how a computer would be better than that.

I forgot about httpd for two years until I was a software engineering student at the Illinois Institute of Technology and got reacquainted with the very nascent Web. I discovered Yahoo and all this new content that was coming online and played around with the W3C httpd server more, learning about HTML and UNIX administration in the process. The Web changed my life because it was the gateway drug to Solaris and Irix I must be honest. I became a UNIX snob, thrilled by the power of the Sun Sparcs and SGI Indys running their server daemons and databases. The Web and the openness of its communication lured me away from the closed systems that I had been programming for, after seeing the power of the Web there was no way I was going to sit in a cube and code 1 function or class for some humongous software package for three years. I became a Web administrator at Chicago Kent College of Law supporting the Circuit Court and the paperless law school and from there I went into consulting for first the Web, then intranets, then Data Centers until finally I was running operations for MyPoints.com, one of the top 10 web properties in 1999 and 2000. I learned a lot along the way about connecting people and ideas and have been able to develop a much more expanded vision of the power and purpose of systems and I am very grateful.

How has the web changed business and society?
Let me count the ways, they are legion. The power of the web to bring people and information together is exactly what drew me to it. It’s changed the way that I do just about everything, from shopping and learning about new products to finding information, teaching my daughters, watching movies and TV and interacting with my friends and peers. I think it is great the way that many companies are expanding their use of the Web, engaging their customers, learning what they expect of the products and services, how they’re being used, how they could be improved and allowing customers to get together to share even more about themselves around a shared passion or interest facilitated by that company. The Web has even changed product design, more and more companies crowdsourcing their designs or creating contests via the Web to develop new products. Nike has done a great job of this allowing everyone to design their own custom shoes and hosting design competitions online. Awesome stuff. Web-enabled customer forums help people get answers, best practices, unvarnished opinions and new contacts all in one place. EMC has done a ton of work in this area and I’m proud of the communities we’ve built for our customers. Gina Minks blogs often about our communities and has done a ton of work setting them up and managing them.

What will the Web look like in 20 years?
Well there certainly has been a lot written about the future of the Web and Technology but I’ll add my 2 cents. I am very much in the school of Neal Stephenson and his views presented in Snow Crash and The Diamond Age. The Web will become more immersive and more pervasive, if that’s even possible. I’m not sure if Virtual Reality will really take hold, but there certainly is a lot of potential there. I think the biggest differences we’ll see is around search and the ability to federate searches and be able to more quickly integrate and analyze the results a la Wolphram|Alpha on steroids. We’ll also see a lot more integration of location aware and other context based integration into search and content presentation. I’m especially excited by the possibilities of more integration of open-source and crowd-source design like that at Local Motors and in the Makers by Cory Doctorow. I guess I’d sum it up by saying ubiquitous access, high bandwidth, context aware natural language search and analytics with data privacy and even more by the way of integration of social networks and academics etc. Needless to say I am excited to be a part of the continued transformation.

At this point I’d like to tag that font of information Christopher Kusek aka CXI and Kathrin Winkler who I hope will talk about the Web and sustainability in 20 years!

Share