Business · Cloud · Data

Delphix smartly reduces the friction to access data

Screen Shot 2018-04-17 at 10.00.57 AM

Today’s CIO is looking for ways to untap the potential in their company’s data. We have heard the phrase that data is the new oil. Except that data, like oil, is just a raw material. Ultimately, we need to refine it into a finished good which is ultimately where the value resides.

At the same time, enterprises are concerned with regulatory and compliance requirements to protect data. Recent data breaches by globally-recognized companies have raised the concern around data privacy. Historically, the financial services and healthcare industries were the ones to watch when it came to regulatory and compliance requirements. Today, the regulatory net is widening with the EU’s General Data Protection Regulation(GDPR), US Government’s FedRAMPand NY State DFS Cybersecurity Requirements.

Creating greater access to data while staying in compliance and protecting data sit at opposite ends of the privacy and cybersecurity spectrum. Add to this the interest in moving data to cloud-based solutions and one can quickly see why this is one of the core challenges for today’s CIO.

DELPHIX REDUCES THE FRICTION TO DATA ACCESS

At Tech Field Day’s Cloud Field Day 3, I had the opportunity to meet with the team from Delphix.

Fundamentally, Delphix is a cloud-based data management platform that helps enterprises reduce the friction to data access through automation of data management. Today, one-third of Fortune 500 companies use Delphix.

Going back to the core issue, users have a hunger for accessing data. However, regulatory and compliance requirements often hinder that process. Today’s methods to manage data are heavily manual and somewhat archaic compared with solutions like Delphix.

Delphix’ approach is to pack up the data into, what they call, a Data Pod. Unlike most approaches that mask data when it is shared, Delphix masks the data during the intake process. The good thing about this approach is in removing the risk of accidentally sharing protected data.

In terms of sharing data, one clever part of the Delphix Dynamic Data Platform is in its ability to replicate data smartly. Considering that Delphix works in the cloud, this is a key aspect to avoiding unnecessary costs. Alternatively, enterprises would see a significant uptick in data storage as masked data is replicated to the various users. Beyond structured, transactional data, Delphix is also able to manage (and mask) databases, along with unstructured data and files.

THE CIO PERSPECTIVE

From the CIO perspective, Delphix appears to address an increasingly complicated space with a clever, yet simple approach. The three key takeaways are: a) Ability to mask data (DB, unstructured, files) at intake versus when pulling copies, b) ability to smartly replicate data and c) potential to manage data management policies. Lastly, this is not a solution that must run in the corporate data center. Delphix supports running in public cloud services including Microsoft Azureand Amazon AWS.

In Summary, Delphix appears to have decreased the friction to data access by automating the data protection and management processes. All while supporting an enterprise’s move to cloud-based resources.

CIO · Cloud

Three key changes to look for in 2018

wCZ2RdwyTCyFbOHFQBg4RQ

2017 has officially come to a close and 2018 has already started with a bang. As I look forward to what 2018 brings, the list is incredibly long and detailed. The genres of topics are equally long and cover people, process, technology, culture, business, social, economic and geopolitical boundaries…just to name a few.

Here are three highlights on my otherwise lengthy list…

EVOLVING THE CIO

I often state that after spending almost three decades in IT, now is the best time to work in technology. That statement is still true today.

One could not start a conversation about technology without first considering the importance of the technology leader and role of the Chief Information Officer (CIO). The CIO, as the most senior person leading the IT organization, takes on a very critical role for any enterprise. That was true in the past, and increasingly so moving forward.

In my post ‘The difference between the Traditional CIO and the Transformational CIO’, I outline many of the differences in the ever-evolving role of the CIO. Those traits will continue to evolve as the individual, organization, leadership and overall industry change to embrace a new way to leverage technology. Understanding the psyche of the CIO is something one simply cannot do without experiencing the role firsthand. Yet, understanding how this role is evolving is exactly what will help differentiate companies in 2018 and beyond.

In 2018, we start to see the emerging role of ‘Transformational’ CIO in greater numbers. Not only does the CIO see the need for change, so does the executive leadership team of the enterprise. The CIO becomes less of a technology leader and more of a business leader that has responsibility for technology. As I have stated in the past, this is very different from that of the ‘CEO of Technology’ concept that others have bandied about. In addition, there is a sense of urgency for the change as the business climate becomes increasingly competitive from new entrants and vectors. Culture and geopolitical changes will also impact the changing role of the CIO and that of technology.

TECHNOLOGY HITS ITS STRIDE

In a similar vein to that of the CIO, technology finds its stride in 2018. Recent years have shown a lot of experimentation in the hopes of leverage and success. This ‘shotgun’ approach has been very risky…and costly for enterprises. That is not to say that experimentation is a bad thing. However, the role of technology in mainstream business evolves in 2018 where enterprises face the reality that they must embrace change and technology as part of that evolution.

Executives will look for ways to, mindfully, leverage technology to create business advantage and differentiation. Instead of sitting at the extremes of either diving haphazardly into technology or analysis paralysis, enterprises will strike a balance to embrace technology in a thoughtful, but time-sensitive way. The concept of ‘tech for tech sake’ becomes a past memory like that of the dialup modem.

One hopeful wish is that boards will stop the practice of dictating technology decisions as they have in the past with mandating their organization use cloud. That is not to say cloud is bad, but rather to suggest that a more meaningful business discussion take place that may leverage cloud as one of many tools in an otherwise broadening arsenal.

CLOUD COMES OF AGE IN ALL FORMS

Speaking of cloud, a wholesale shift takes place in 2018 where we pass the inflection point in our thinking about cloud. For the enterprise, public cloud has already reached a maturity point with all three major public cloud providers offering solid solutions for any given enterprise.

Beyond public cloud, the concept of private cloud moves from theory to reality as solutions mature and the kinks worked out. Historically, private cloud was messy and challenging even for the most sophisticated enterprise to adopt. The theory of private cloud is incredibly alluring and now has reached a point where it can become a reality for the average enterprise. Cloud computing, in its different forms has finally come of age.

 

In summary, 2017 has taught us many tough lessons in which to leverage in 2018. Based on the initial read as 2017 came to a close, 2018 looks to be another incredible year for all of us! Let us take a moment to be grateful for what we have and respect those around us. The future is bright and we have much to be thankful for.

Happy New Year!

Cloud

Four expectations for AWS re:Invent

zD82bkYyQdKmZW4oSNxakg

This week brings Amazon Web Services’ (AWS) annual re:Invent conference where thousands will descend upon Las Vegas to learn about cloud and the latest in AWS innovations. Having attended the conference for several years now, there are a number of trends that are common at an AWS event. One of those is the sheer number of products that AWS announces. Aside from that, there are a number of specific things I am looking for at this week’s re:Invent conference.

ENTERPRISE ENGAGEMENT

AWS has done a stellar job of attracting the startup and web-scale markets to their platform. The enterprise market, however, has proven to be an elusive customer except for a (relatively) few case examples. This week, I am looking to see how things have changed for enterprise adoption of AWS. Has AWS found the secret sauce to engage the enterprise in earnest?

PORTFOLIO MANAGEMENT

Several years back, AWS made a big point of not being one of “those” companies with a very large portfolio of products and services. Yet, several years later, AWS has indeed become a behemoth with a portfolio of products and services a mile long. This is a great thing for customers, but can have a few downsides too. Customers, especially enterprise customers, tend to make decisions that last longer than the startup & web-scale customers. Therefore, service deprecation is a real concern with companies that a) do not have a major enterprise focus and b) have a very large portfolio. Unfortunately, this is where AWS is today. Similarly, to date, AWS has not done much in the way of portfolio pruning.

HYBRID CLOUD SUPPORT

For the enterprise, hybrid is their reality. In the past, AWS has taken the position that hybrid means a way to onboard customers into AWS Public Cloud. Hybrid, a combination of on-premises and cloud-based resources can be a means to onboard customers into public cloud. The question is: How is AWS evolving their thinking of hybrid cloud? In addition, how has their thinking evolved to encompass hybrid cloud from the perspective of the enterprise?

DEMOCRATIZATION OF AI & ML

Several of AWS’ competitors have done a great job of democratizing artificial intelligence (AI) and machine learning (ML) tools in a means to make them more approachable. AWS was one of the first out of the gate with a strong showing of AI & ML tools a few years back. The question is: How have they evolved in the past year to make the tools more approachable for the common developer?

BONUS ROUND

As a bonus, it would be interesting if AWS announced the location of their 2nd headquarters. Will they announce it at re:Invent versus a financial analyst call? We shall see.

In summary, AWS never fails to put on a great conference with a good showing. This year should not disappoint.

CIO · Cloud

3 ways enterprises can reduce their cybersecurity risk profile

IMG_5834

If you are an executive (CIO, CISO, CEO) or board member, cybersecurity is top of mind. One of the top comments I often hear is: “I don’t want our company (to be) on the front page of the Wall Street Journal.” Ostensibly, the comments are in the context of a breach. Yet, many gaps still exist between avoiding this situation and reality. Just saying the words is not enough.

The recent Equifax breach brings to light many conversations with enterprises and executive teams about shoring up their security posture. The sad reality is that cybersecurity spending often happens immediately after a breach happens. Why is that? Let us delve into several of the common reasons why and what can be done.

ENTERPRISE SECURITY CHALLENGES

There are a number of reasons why enterprises are challenged with cybersecurity issues. Much of it stems from the perspective of what cybersecurity solutions provide. To many, the investment in cybersecurity teams and solutions is seen as an insurance policy. In order to better understand the complexities, let us dig into a few of the common issues.

Reactive versus Proactive

The first issue is how enterprises think about cybersecurity. There are two aspects to consider when looking at how cybersecurity is viewed. The first is that enterprises often want to be secure, but are unwilling or unable to provide the funding to match. That is, until a breach occurs. This has created a behavior within IT organizations where they leverage breaches to gain cybersecurity funding.

Funding for Cybersecurity Initiatives

Spending in cybersecurity is often seen in a similar vein as insurance and comes back to risk mitigation. Many IT organizations are challenged to get adequate funding to appropriately protect the enterprise. It should be noted that no enterprise will be fully secured and to do so creates a level of complexity and cost that would greatly impact the operations and bottom line of the enterprise. Therefore, a healthy balance is called for here. Any initiatives should follow a risk mitigation approach, but also consider the business impact.

Shifting to Cybersecurity as part of the DNA

Enterprises often think of cybersecurity as an afterthought to a project or core application. The problem with this approach is that, as an afterthought, the project or application is well on its way to production. Any required changes would be ancillary and rarely get granular in how they could be applied. More mature organizations are shifting to cybersecurity as part of their core DNA. In this culture, cybersecurity becomes part of the conversation early and often…and at each stage of the development. By making it part of the DNA, each member of the process is encouraged to consider how to secure their part of the project.

Cybersecurity Threats are getting more Sophisticated

The level of sophistication from cybersecurity threats is growing astronomically. No longer are the traditional tools adequate to protect the enterprise. Enterprises are fighting an adversary that is gaining ground exponentially faster than they are. In essence, no one enterprise is able to adequately protect themselves and must rely on the expertise of others that specialize in this space.

Traditional thinking need not apply. The level of complexity and skills required is growing at a blistering clip. If your organization is not willing or able to put the resources behind staying current and actively engaged, the likelihood of trouble is not far way.

THREE WAYS TO REDUCE CYBERSECURITY RISK

While the risks are increasing, there are steps that every enterprise large and small can invoke to reduce their risk profile. Sadly, many of these are well known, yet not as well enacted. The first step is to change your paradigm regarding cybersecurity. Get proactive and do not assume you know everything.

Patch, Patch, Patch

Even though regular patching is a requirement for most applications and operating systems, enterprises are still challenged to keep up. There are often two reasons for this: 1) disruption to business operations and 2) resources required to update the application or system. In both cases, the best advice is to get into a regular rhythm to patch systems. When you make something routine, it builds muscle memory into the organization that increases the accuracy, lessens the disruption and speeds up the effort.

Regular Validation from Outsiders

Over time, organizations get complacent with their operations. Cybersecurity is no different. A good way to avoid this is to bring in a trusted, outside organization to spot check and ‘tune up’ your cybersecurity efforts. They can more easily spot issues without being affected by your blind spots. Depending on your situation, you may choose to leverage a third-party to provide cybersecurity services. However, each enterprise will need to evaluate their specific situation to best leverage the right approach for them.

Challenge Traditional Thinking

I still run into organizations that believe perimeter protections are the best actions. Another perspective is to conduct security audits with some frequency. Two words: Game Over. While those are both required, security threats today are constant and unrelenting. Constant, evolving approaches are required today.

As we move to a more complicated approach to IT services (SaaS, Public Cloud, Private Cloud, On Premises, Edge Computing, Mobile, etc), the level of complexity grows. Now layer in that the data that we view as gold is spread across those services. The complexity is growing and traditional thinking will not protect the enterprise. Leveraging outsiders is one approach to infuse different methods to address this growing complexity.

 

One alternative is to move to a cloud-based alternative. Most cloud-based alternatives have methods to update their systems and applications without disrupting operations. This does not absolve the enterprise from responsibility, but does offer an approach to leverage more specialized expertise.

The bottom line is that our world is getting more complex and cybersecurity is just one aspect. The rate of complexity and sophistication from cybersecurity attacks is only growing and more challenging for enterprises to keep up. Change is needed, the risks are increasing and now is the time for action.

CIO · Cloud

The difference between Hybrid and Multi-Cloud for the Enterprise

Cloud computing still presents the single biggest opportunity for enterprise companies today. Even though cloud-based solutions have been around for more than 10 years now, the concepts related to cloud continue to confuse many.

Of late, it seems that Hybrid Cloud and Multi-Cloud are the latest concepts creating confusion. To make matters worse, a number of folks (inappropriately) use these terms interchangeably. The reality is that they are very different.

The best way to think about the differences between Hybrid Cloud and Multi-Cloud is in terms of orientation. One addresses a continuum of different services vertically while the other looks at the horizontal aspect of cloud. There are pros and cons to each and they are not interchangeable.

 

Multi-Cloud: The horizontal aspect of cloud

Multi-Cloud is essentially the use of multiple cloud services within a single delivery tier. A common example is the use of multiple Public Cloud providers. Enterprises typically use a multi-cloud approach for one of three reasons:

  • Leverage: Enterprise IT organizations are generally risk-adverse. There are many reasons for this to be discussed in a later post. Fear of taking risks tends to inform a number of decisions including choice of cloud provider. One aspect is the fear of lock-in to a single provider. I addressed my perspective on lock-in here. By using a multi-cloud approach, an enterprise can hedge their risk across multiple providers. The downside is that this approach creates complexities with integration, organizational skills and data transit.
  • Best of Breed: The second reason enterprises typically use a multi-cloud strategy is due to best of breed solutions. Not all solutions in a single delivery tier offer the same services. An enterprise may choose to use one provider’s solution for a specific function and a second provider’s solution for a different function. This approach, while advantageous in some respects, does create complexity in a number of ways including integration, data transit, organizational skills and sprawl.
  • Evaluation: The third reason enterprises leverage a multi-cloud strategy is relatively temporary and exists for evaluation purposes. This third approach is actually a very common approach among enterprises today. Essentially, it provides a means to evaluate different cloud providers in a single delivery tier when they first start out. However, they eventually focus on a single provider and build expertise around that single provider’s solution.

In the end, I find that the reasons that enterprises choose one of the three approaches above is often informed by their maturity and thinking around cloud in general. The question many ask is: Do the upsides of leverage or best of breed outweigh the downsides of complexity?

Hybrid Cloud: The vertical approach to cloud

Most, if not all, enterprises are using a form of hybrid cloud today. Hybrid cloud refers to the vertical use of cloud in multiple different delivery tiers. Most typically, enterprises are using a SaaS-based solution and Public Cloud today. Some may also use Private Cloud. Hybrid cloud does not require that a single application spans the different delivery tiers.

The CIO Perspective

The important take away from this is to understand how you leverage Multi-cloud and/or Hybrid cloud and less about defining the terms. Too often, we get hung up on defining terms more than understanding the benefits from leveraging the solution…or methodology. Even when discussing outcomes, we often still focus on technology.

These two approaches are not the same and come with their own set of pros and cons. The value from Multi-Cloud and Hybrid Cloud is that they both provide leverage for business transformation. The question is: How will you leverage them for business advantage?

CIO · Cloud · Data

Why are enterprises moving away from public cloud?

IMG_6559

We often hear of enterprises that move applications from their corporate data center to public cloud. This may come in the form of lift and shift. But then something happens that causes the enterprise to move it out of public cloud. This yo-yo effect and the related consequences create ongoing challenges that contribute to several of the items listed in Eight ways enterprises struggle with public cloud.

In order to better understand the problem, we need to work backwards to the root cause…and that often starts with the symptoms. For most, it starts with costs.

UNDERSTANDING THE ECONOMICS

The number one reason why enterprises pull workloads back out of cloud has to do with economics. For public cloud, it comes in the form of a monthly bill for public cloud services. In the post referenced above, I refer to a cost differential of 4x. That is to say that public cloud services cost 4x the corporate data center alternative for the same services. These calculations include fully-loaded total cost of ownership (TCO) numbers on both sides over a period of years to normalize capital costs.

4x is a startling number and seems to fly in the face of a generally held belief that cloud computing is less expensive than the equivalent on-premises corporate data center. Does this mean that public cloud is not less expensive? Yes and no.

THE IMPACT OF LEGACY THINKING

In order to break down the 4x number, one has to understand legacy thinking heavily influences this number. While many view public cloud as less expensive, they often compare apples to oranges when comparing public cloud to corporate data centers. And many do not consider the fully-loaded corporate data center costs that includes server, network, storage…along with power, cooling, space, administrative overhead, management, real estate, etc. Unfortunately, many of these corporate data center costs are not exposed to the CIO and IT staff. For example, do you know how much power your data center consumes and the cost for real estate? Few IT folks do.

There are five components that influence legacy thinking:

  1. 24×7 Availability: Most corporate data centers and systems are built around 24×7 availability. There is a significant amount of data center architecture that goes into the data center facility and systems to support this expectation.
  2. Peak Utilization: Corporate data center systems are built for peak utilization whether they use it regularly or not. This unused capacity sits idle until needed and only used at peak times.
  3. Redundancy: Corporate infrastructure from the power subsystems to power supplies to the disk drives is designed for redundancy. There is redundancy within each level of data center systems. If there is a hardware failure, the application ideally will not know it.
  4. Automation & Orchestration: Corporate applications are not designed with automation & orchestration in mind. Applications are often installed on specific infrastructure and left to run.
  5. Application Intelligence: Applications assume that availability is left to other systems to manage. Infrastructure manages the redundancy and architecture design manages the scale.

Now take a corporate application with this legacy thinking and move it directly into public cloud. It will need peak resources in a redundant configuration running 24×7. That is how they are designed, yet, public cloud benefits from a very different model. Running an application in a redundant configuration at peak 24×7 leads to an average of 4x in costs over traditional data center costs.

This is the equivalent of renting a car every day for a full year whether you need it or not. In this model, the shared model comes at a premium.

THE SOLUTION IS IN PLANNING

Is this the best way to leverage public cloud services? Knowing the details of what to expect leads one to a different approach. Can public cloud benefit corporate enterprise applications? Yes. Does it need planning and refactoring? Yes.

By refactoring applications to leverage the benefits of public cloud rather than assume legacy thinking, public cloud has the potential to be less expensive than traditional approaches. Obviously, each application will have different requirements and therefore different outcomes.

The point is to shed legacy thinking and understand where public cloud fits best. Public cloud is not the right solution for every workload. From those applications that will benefit from public cloud, understand what changes are needed before making the move.

OTHER REASONS

There are other reasons that enterprises exit public cloud services beyond just cost. Those may include:

  1. Scale: Either due to cost or significant scale, enterprises may find that they are able to support applications within their own infrastructure.
  2. Regulatory/ Compliance: Enterprises may use test data with applications but then move the application back to corporate data centers when shifting into production with regulated data. Or compliance requirements may force the need to have data resources local to maintain compliance. Sovereignty issues also drive decisions in this space.
  3. Latency: There are situations where public cloud may be great on paper, but in real-life latency presents a significant challenge. Remote and time-sensitive applications are good examples.
  4. Use-case: The last catch-all is where applications have specific use-cases where public cloud is great in theory, but not the best solution in practice. Remember that public cloud is a general-purpose infrastructure. As an example, there are application use-cases that need fine-tuning that public cloud is not able to support. Other use-cases may not support public cloud in production either.

The bottom line is to fully understand your requirements, think ahead and do your homework. Enterprises have successfully moved traditional corporate applications to public cloud…even those with significant regulatory & compliance requirements. The challenge is to shed legacy thinking and consider where and how best to leverage public cloud for each application.

Business · CIO · Cloud

Google Next Expectations, A CIO’s Perspective

This week is Google’s Next conference in San Francisco and all eyes are on Google to gain insights to their direction, activities and plans around cloud. That being said, there are a few specific things I am looking for here at Next.

POSITIONING IN THE CLOUD

As a public cloud provider, Google faces stiff competition from Amazon AWS, Microsoft Azure along with a bevy of others. In today’s public cloud marketplace, only the top contenders will take the majority of the spoils. Driving to be a top contender takes focus, a solid understanding of the marketplace, having the right message and going after the right target with the right product mix.

Google does have an uphill climb, but also a pile of resources to leverage. The question will be: Does Google have the right combination of items to secure their place in the public cloud market? Where are they today and what is coming down the road? And possibly more importantly, what is their perspective on the public cloud market and where they fit? 

ENGAGING THE ENTERPRISE

Generally speaking, there are two types of customers in the public cloud space: The web-scale/ startups and the enterprise customers. At this point, Amazon AWS has secured their place with the web-scale/ startups. However, a key to securing ones place in the public cloud market is by going after the yet-to-be-tapped, massive enterprise market. And while that may sound straightforward, it is anything but.

The enterprise market is incredibly complicated, yet, highly lucrative. In order for a company to successfully tap into the enterprise market, it needs to navigate a minefield of issues. Two specific items I am looking for at Next include how well Google is ‘speaking the language’ of enterprise and how well they are building relationships. The key here is in their ability to speak the language of enterprise in order to build relationships with enterprises. Initial indications are that they have struggled with this point.

MEETING IN THE MIDDLE

Google is a sophisticated company with incredibly powerful solutions. Those solutions can offer Google a significant advantage over competing solutions. However, without addressing the challenges outlined above, those very solutions could end up with a limited number of customers.

The enterprise must be key to Google’s strategy moving forward. In order to secure their place, they will need to demonstrate they can meet somewhere in the middle between where they are and where the enterprise currently sits.