Last week saw news that yet another top GRC software vendor has been acquired, following in the footsteps of Paisley, Archer, OpenPages, among others. BWise has always been an impressive vendor in the GRC space, so first off I think congratulations are in order for both parties.
That said, if you didn’t foresee NASDAQ getting into the GRC software space coming, don’t beat yourself up… after seeing the large technology vendors and content providers enter the space over the past 3 years, this wasn’t an obvious move. But looking a little deeper, NASDAQ’s move makes sense for a couple reasons:
- NASDAQ’s target market cares about GRC. NASDAQ lists its target roles as marketing/corporate communications, board and corporate secretary, investor relations, and corporate finance. All of these roles have a vested interest in better controls, stronger risk management practices, and improved corporate governance.
- BWise has always focused on the “G” of GRC. More than any other of the top GRC software vendors, BWise targeted governance professionals with capabilities such as entity management.
- There are immediate integration possibilities. Among NASDAQ’s corporate solutions are products for board management, whistleblower reporting, and XBRL filing. BWise has a host of capabilities (issue management, process management, policy management, reporting, etc.) that could quickly add value to implementations of those products.
But, as always with a deal like this, both parties will have to show the market how they will address some key questions:
I said last year that this would happen sometime in the first half of this year, but for some reason my colleagues and clients have kept asking me exactly when we would see a real ARM server running a real OS. How about now?
To copy from Calxeda’s most recent blog post:
“This week, Calxeda is showing a live Calxeda cluster running Ubuntu 12.04 LTS on real EnergyCore hardware at the Ubuntu Developer and Cloud Summit events in Oakland, CA. … This is the real deal; quad-core, w/ 4MB cache, secure management engine, and Calxeda’s fabric all up and running.”
This is a significant milestone for many reasons. It proves that Calxeda can indeed deliver a working server based on its scalable fabric architecture, although having HP signing up as a partner meant that this was essentially a non-issue, but still, proof is good. It also establishes that at least one Linux distribution provider, in this case Ubuntu, is willing to provide a real supported distribution. My guess is that Red Hat and Centos will jump on the bus fairly soon as well.
Most importantly, we can get on with the important work of characterizing real benchmarks on real systems with real OS support. HP’s discovery centers will certainly play a part in this process as well, and I am willing to bet that by the end of the summer we will have some compelling data on whether the ARM server will deliver on its performance and energy efficiency promises. It’s not a slam dunk guaranteed win – Intel has been steadily ratcheting up its energy efficiency, and the latest generation of x86 server from HP, IBM, Dell, and others show promise of much better throughput per watt than their predecessors. Add to that the demonstration of a Xeon-based system by Sea Micro (ironically now owned by AMD) that delivered Xeon CPUs at a 10 W per CPU power overhead, an unheard of efficiency.
Even though it is not specific to security, this idea came to me while attending Dell’s Annual Analyst Conference (DAAC) in Austin, Texas two weeks ago. One of the hot topics discussed at the conference is the issue of bring your own device (BYOD). Dell recognizes this is a major trend and is looking for ways to remain true to its business-to-business DNA but still offer a competitive end-point solution with strong management and security capabilities. This is a problem for companies like Dell because a significant amount of revenue comes from corporate and not consumer sales, but BYOD is a consumer sale.
Not all is lost, however. As corporations move away from purchasing blocks of PCs for their employees, they will still have the capability to influence their employees to purchase certain equipment. The value for the employer is that they can still have some visibility to the types of equipment employees will use. The employee wins because they have assurances that the equipment they purchase has been vetted with some level of assurance that there is compliance with company systems.
What this means is that organizations will need to treat their former business customers as channel partners. I can envision scenarios where device makers provide their former customer marketing funds and special incentive funds (SPIFs) to encourage employees to buy their equipment. They will also be willing to offer the end user customer/employee a volume discount for employees for purchasing specific equipment. All of the major cell phone providers provide this type of program. PC makers, but also other types of device makers, need to start looking at their former customers as channel partners.
SugarCRM was kind enough to invite me to its analyst day and conference — a three-day event packed with product, strategy, customer, and partner information. The firm’s focus was clearly on its momentum into the enterprise. Here are my thoughts:
The CRM market still has room to grow. Sugar used IDC’s numbers to project CRM market growth: $18.74 billion for 2012, $19.97 billion for 2013, and $21.37 billion for 2014. Even though CRM vendor solutions are mature, the CRM market has not stagnated.
The SugarCRM 6.5 product. Today, SugarCRM has 1 million users, has seen 11 million downloads, is used by 80,000 organizations, and has 350 partners on five continents supporting the product. Its newest release focuses on usability and performance enhancements. It offers simplified navigation, an enhanced UI design, a new search framework with integrated full-text search, new calendaring and scheduling capabilities, IBM platform support, and deeper integration with third-party apps. Although the product lacks advanced social features and robust analytics, it does provide solid, well-rounded CRM capabilities.
The open source focus. Open source is more than a movement. It provides results by allowing its 30,000-large developer ecosystem to evolve the product in line with customer demand. “Open” is also part of Sugar’s culture — for example, pricing is readily available on its website, and you can try the product for free.
In the not-too-distant past web-centric software development had a standard workflow between designers and developers. This was possible because there was a single delivery channel (the web browser) and well-established development constructs. Design patterns like Model-View-Controller had well known coding counterparts such as Java Server Pages, the JSP Standard Template Library or Struts. But now, the introduction of mobile computing has significantly altered this design-development workflow. The key disruptor is the need to target multiple mobile devices with a common set(s) of source code. Regardless of whether devs use a single HTML5/CSS3/JS implementation or native implementations on iOS and Android, there’s a greater burden on designer than in the web-centric past. What’s worse, the success or failure of mobile apps is more dependent on the complete user experience than ever before. This new reality requires a major shift within development organizations.
I have recently published a report on enterprise mobility in India. Improving mobility infrastructure, including networks and devices, and business and workforce demand are fueling the growth of mobility within organizations. Mobility is being used not only to connect with customers, but also to connect with suppliers, partners, and employees. A few key takeaways from the report are that:
Interest in advanced mobile-enabled applications is increasing. There is a great impetus among enterprises in India to move beyond only mobile-enabling basic applications such as email, IM, contacts, and calendar. Twenty percent of enterprises plan to mobile-enable advanced applications like location-based services in the coming 12 to 24 months, while 37% of enterprises want to mobile-enable customer relationship management.
Mobility is among the top enterprise priorities for 2012 and investment is set to rise. For business decision-makers at enterprises and SMBs in India, provisioning mobility is one of the top three priorities in 2012. As a result, investment in all aspects of mobility — such as mobile devices, applications, middleware, and services — will increase.
The workforce wants employers to support mobility at work. The consumerization of smart mobility devices like smartphones and tablets is beginning to have an impact on the enterprise front. More than 60% of employees want to use smartphones at work.
In the latest evolution of its Linux push, IBM has added to its non-x86 Linux server line with the introduction of new dedicated Power 7 rack and blade servers that only run Linux. “Hah!” you say. “Power already runs Linux, and quite well according to IBM.” This is indeed true, but when you look at the price/performance of Linux on standard Power, the picture is not quite as advantageous, with the higher cost of Power servers compared to x86 servers offsetting much if not all of the performance advantage.
Enter the new Flex System p24L (Linux) Compute Node blade for the new PureFlex system and the IBM PowerLinuxTM 7R2 rack server. Both are dedicated Linux-only systems with 2 Power 7 6/8 core, 4 threads/core processors, and are shipped with unlimited licenses for IBM’s PowerVM hypervisor. Most importantly, these systems, in exchange for the limitation that they will run only Linux, are priced competitively with similarly configured x86 systems from major competitors, and IBM is betting on the improvement in performance, shown by IBM-supplied benchmarks, to overcome any resistance to running Linux on a non-x86 system. Note that this is a different proposition than Linux running on an IFL in a zSeries, since the mainframe is usually not the entry for the customer — IBM typically sells to customers with existing mainframe, whereas with Power Linux they will also be attempting to sell to net new customers as well as established accounts.
Cloud computing has reached an inflection point for enterprises — a comprehensive strategy for its use is now required. Until now, most companies had adopted cloud services in an ad hoc fashion, driven mostly by business leaders and developers looking to deliver new systems of engagement they felt could not be delivered by corporate IT — or in the time frame required. These ad hoc experiences prove that cloud solutions are now ready to be strategic resources in enterprise business technology portfolios. Only CIOs can help the business strike the right balance between the agility, efficiency, security, compliance, and integration that's required for a successful cloud strategy.
This research introduces our Playbook approach to our cloud research, describing how to execute an enterprise cloud strategy from vision to planning to implementation through to ongoing optimization. It is the Executive Overview to our Playbook on achieving cloud economics, setting the context for 12 reports by Forrester analysts that address each major phase of the transformation.
Cloud computing in its various forms is helping many CIOs drive greater business responsiveness. Enough so that most enterprises have adopted cloud computing in some form — usually a collection of software-as-a-service offerings. But cloud solutions now offer cost optimization, security, and quality of service for the full range of enterprise requirements, not just tactical needs. Thus, it is time to make cloud strategic, rather than a disconnected set of initiatives. How? CIOs need a playbook to create, implement, and optimize an end-to-end cloud strategy. This cloud strategy must achieve three goals:
During the past three years, you may have noticed that security and risk professionals have added a new term to their lexicon – business resiliency. Is this just an attempt by vendors to rebrand business continuity (BC) and IT disaster recovery (DR) in much the same way that vendors rebranded information security as cybersecurity to make it seem sexier and to sell more of their existing products? Some of it certainly is rebranding. However, like the shift in the threat landscape from lone hackers to well-funded crime syndicates and state sponsored agents that precipitated the use of the term cybersecurity, a real shift has also taken place in BC/DR.
If you look up the term “resiliency” in the dictionary, it’s defined as “an occurrence of rebounding or springing back”. Thus, business resiliency refers to the ability of a business to spring back from a disruption to its operations. Historically, BC/DR focused on the ability of the business to recover from a disruption. Recovery implies that there was in fact a disruption, that for some period of time, business operations were unavailable, there was downtime as the business strove to recover. Resiliency, on the other hand, implies that an event may have affected the business’ operations, perhaps the business operated in a diminished state for some period of time, but operations were never completely unavailable, the business was never down.
Infosys’ continuing visa issues are causing concern for Infosys clients. While at first, the problem sounded isolated and related to a single whistle-blower, the continuing coverage suggests that the problem may be more widespread. Two recent events are increasing client concern. First, there was a CBS Morning News broadcast which seemed to support the original whistle-blower’s accusation. Then, Infosys itself disclosed that the U.S. Department of Homeland Security had found errors in a significant percentage of I-9 employment authorization forms.
To make matters worse, clients are puzzled by Infosys’ lackluster response to these charges. For sure Infosys has denied all charges, but this is not a sufficient response to clients that rely on Infosys to keep the lights on every day. Clients are worried about things such as: the impact on Infosys visa-carrying employees if Infosys does “lose” the whistle-blower case or is penalized for irregularities in its I-9 processing; and the public relations risk if Infosys becomes an election year scapegoat for American job loss. Clients want to understand what the worst-case scenario is and work with Infosys to mitigate potential risks. So far, Infosys’ response has been to re-iterate that there is no risk. However, a good sourcing and vendor management expert knows that he or she needs to do more than hope for the best.
So what should clients do? Well, I will tell you what some Forrester clients have been doing: putting contingency plans in place to insulate themselves and their companies from risk. This includes:
Asking Infosys for documentation about the visa status of all on-site employees.