What The White House Cybersecurity Proposal Means: Don't Miss Jonathan Penn's Take

If you're in the habit of checking out only the Security & Risk Professionals blog, you might have missed Jonathan's takeaways over on the Vendor Strategy side: What The New White House Cybersecurity Proposal Means For The IT Security Industry, Businesses, And Consumers. Interestingly, he puts consumers in both the "winners" column and the "losers" column. Read the post to see why, and feel free to share your thoughts with us on these matters!

“Big Data” Technology: Getting Hotter, But Still Too Hard For Most Developers

“Big Data” is coming up more often on the agendas of key vendors as well as some of the more-advanced users of information management technology. Although some of this increased activity reflects PR calendars – companies promote new offerings in the Spring – there’s more than that going on. The range of design patterns that fall under this large umbrella are genuinely on the increase in a wider range of usage scenarios, driving continuing innovation from both technology providers and users. In part because of the frequent use of open source technology such as Apache Hadoop to implement “Big Data,” this is the type of innovation the industry most needs at this early stage of the market. A few key data points:

Read more

ERP Grows Into The Cloud: Reflections From SuiteWorld 2011

Cloud computing continues to be hyped. By now, almost every ICT hardware, software, and services company has some form of cloud strategy — even if it’s just a cloud label on a traditional hosting offering — to ride this wave. This misleading vendor “cloud washing” and the complex diversity of the cloud market in general make cloud one of the most popular and yet most misunderstood topics today (for a comprehensive taxonomy of the cloud computing market, see this Forrester blog post).

Software-as-a-service (SaaS) is the largest and most strongly growing cloud computing market; its total market size in 2011 is $21.2 billion, and this will explode to $78.4 billion by the end of 2015, according to our recently published sizing of the cloud market. But SaaS consists of many different submarkets: Historically, customer relationship management (CRM), human capital management (HCM) — in the form of “lightweight” modules like talent management rather than payroll — eProcurement, and collaboration software have the highest SaaS adoption rates, but highly integrated software applications that process the most sensitive business data, such as enterprise resource planning (ERP), are the lantern-bearers of SaaS adoption today.

Read more

The Key To Being A Smart City Is Good Governance: “Smart Governance”

What’s it take to be a smart city? Is it smart transportation, such as sensors in parking spaces that call out to drivers like sirens calling to Ulysses as he headed back to Ithaca? Or parking meters sending SMS messages to alert those parked that their time is up, like a baby bird calling to be fed? Is it smart buildings that turn the lights on when you enter or off when you leave? Is it smart waste management? Is it smart energy grids? Is it smart water systems? Or smart administration? All of these help make city services and operations more efficient. But the real key to being smart is to have an overall management system that allows leaders to coordinate across these smart systems, capturing and sharing the data generated and using it to inform new policies and city programs. Smart cities require good – “smart” – governance and the processes and tools that enable it.

Increasingly, city leaders are adopting enterprise management practices – and technologies – in order to improve city governance. Smart city leaders:

  • Match budgeted spending with performance objectives.
  • Adopt enterprise apps such as EAM, ERP, and CRM in shared or cloud models.
  • Appoint professional operational and IT management to coordinate.
  • Implement regular process and performance reviews – and supporting technologies.
  • Establish integrated reporting for greater transparency.
Read more

When Did Marketing Become A Dirty Word?

I'm going to date myself here, but in the early 90's when I was working in IT, I created a new role: "IT Marketing and Services." In defining the role, I was quite deliberate about my choice of words -- especially in the use of "marketing." This role was responsible for all customer-facing aspects of IT -- that included IT business relationship managers (yes we had them back in the early 90's), help desk, training, communications (of the PR kind), demand management and planning. I chose the word "marketing" deliberately to reflect the fact that this was a customer-facing responsibility (both internal IT customers and end-customers of the business from a technology perspective).

Twenty years on, and the number of IT professionals who really understand marketing and recognize the importance of marketing as a key component of IT operating strategy has, if anything, declined. Why?

Often when I ask CIOs today about the role of marketing in IT they are overcome with concern about using the term "marketing" in the context of IT. They believe people across the organization will think there is no role for marketing in IT, and that having anyone with a "marketing" title will suggest IT has too much money. Why does this fundamental misunderstanding of marketing perpetuate throughout organizations? So many otherwise knowledgeable executives think marketing is simply advertising or worse "spin." Do "marketing" job titles in IT really suggest that CIOs are trying to "sell" IT to the rest of the business? I wonder if this is a problem for IT or if it is an issue created by the perception of others outside of IT.

Read more

Do $28/Month Laptops Really Exist?

On Wednesday, Google released an interesting laptop option for corporate IT.  The Chromebook. For $28-$33/month (depending on the laptop model and features), you can access web-based applications through a Samsung or Acer model.

I know what some people are thinking.  "Wow! $28/month for a corporate laptop?!?"  Hold on, now. Even if large companies are attracted to the possible capital investment advantages, the $28/month may cost significantly more than that. I think sourcing professionals really need to investigate the economic scenarios to help build the TCO. From a large enterprise sourcing perspective, here are a few of my thoughts:

  1. If you're going to roll out a pilot program, identify additional support costs, if any. Will you need more staff to support questions on this new platform? How much would it cost? Google will be providing 24x7 support via email and phone support. But how deep? What are the typical issue resolution times? How does that compare to your internal SLAs? Monetize the difference to understand if a benefit exists.
  2. Similarly, what happens at the end of the term and you can't find your Chromebook? How much will it cost for a late return/no return? I would revisit my company's asset management capabilities to see if this would be an issue. According to Google, you're on a 36-month term that automatically renews if you don't give notice 15 days prior to the end of the term. If you don't give notice, you receive the "same class of hardware and service that you purchased in the previous term."
Read more

Blogging From the IBM Big Data Symposium - Big Is More Than Just Big

Just attended a Big Data symposium courtesy of IBM and thought I’d share a few insights, as probably many of you have heard the term but are not sure what it means to you.

No. 1: Big Data is about looking out of the front window when you drive, not the rearview mirror. What do I mean? The typical decision-making process goes something like this: capture some data, integrate it together, analyze the clean and integrated data, make some decisions, execute. By the time you decide and execute, the data may be too old and have cost you too much. It’s a bit like driving by looking out of your rearview mirror.

Big Data changes this paradigm by allowing you to iteratively sift through data at extreme scale in the wild and draw insights closer to real time. This is a very good thing, and companies that do it well will beat those that don’t.

No. 2: Big is not just big volume. The term “Big Data” is a misnomer and it is causing some confusion. Several of us here at Forrester have been saying for a while that it is about the four “V’s" of data at extreme scale - volume, velocity, variety and variability. I was relieved when IBM came up with three of them; variability being the one they left out.

Some of the most interesting examples we discussed centered on the last 3 V’s – we heard from a researcher who is collecting data on vital signs from prenatal babies and correlating changes in heart rates with early signs of infection. According to her, they collect 90 million data points per patient per day! What do you do with that stream of information? How do you use it to save lives? It is a Big Data Problem.

Read more

More On Metrics...

At Forrester, we place a great deal of emphasis on relevance and what it means when researching a topic.  For the busy executive, it's sometimes difficult to wade through deep lists of operational security metrics and really understand how relevant the information is to the mission of the business.  Further to the problem is the need to understand what your metrics say about the security posture of your organization and the health of the business overall.

The draft title of the report I'm currently working on is Information Security Metrics – Present Information That Actually Matters To The Business. In the paper, I plan to focus on the key factors that make security metrics relevant.  The idea here is that if people start checking their BlackBerrys and iPhones while you're presenting your report, it's probably time for some new metrics.

Success is the ability to educate positively the C-Level suite in your organization and demonstrate the value you and your information security program provide.  

Categories:

The Future Of Backup And Recovery

I've got backup on the brain. I guess this isn't an unusual occurrence for me, but it's also been bolstered by a week at Symantec Vision, a week at EMC World, as well as backup announcements about IBM's data protection hardware and CommVault's PC backup enhancements not to mention the flurry of cloud backup news this week from Trend Micro, CA Technologies, and Carbonite. All of this has gotten me thinking about the future of backup... we've come a long way from simple agent-based backup and recovery. Backup is just one piece in an ever-increasingly complicated puzzle we call continuity. If backup software vendors want to stay relevant they're going to need to offer a lot more than just backup in their "data protection" suites.

Read more

Information Security Metrics & The Balanced Scorecard

I just finished a final draft of a presentation on information security executive reporting that I and some colleagues will present at the upcoming Forrester IT Forum in Las Vegas.  For those of you who want more information on the Forum please see Forrester's IT Forum 2011 in Las Vegas. In this presentation Alissa Dill, Chris McClean and I will present an approach for using the Balanced Scorecard to present security metrics for senior level audiences. For those of you who are not familiar to the Balanced Scorecard, it was originated by Robert Kaplan currently of the Harvard Business School and David Norton as a performance measurement framework that added non-financial performance measures to traditional financial metrics to give managers and executives a 'balanced' view of organizational performance[1].  This tool can be used to:

  • Align business activities to the vision and strategy of the organization
  • Improve internal and external communications
  • Monitor organization performance against strategic goals
Read more