Many of us in the information security space have a proud legacy of only purchasing best in breed point solutions. In my early days as an information security practitioner, I only wanted to deploy these types of standalone solutions. One of the problems with this approach is that it results in a bloated security portfolio with little integration between security controls. This bloat adds unneeded friction to the infosec team’s operational responsibilities. We talk about adding friction to make the attacker’s job more difficult, what about this self-imposed friction? S&R pros jobs are hard enough. I’m not suggesting that you eliminate best in breed solutions from consideration, I’m suggesting that any “point solution” that functions in isolation and adds unneeded operational friction shouldn’t be considered.
For decades, firms have deployed applications and BI on independent databases and warehouses, supporting custom data models, scalability, and performance while speeding delivery. It’s become a nightmare to try to integrate the proliferation of data across these sources in order to deliver the unified view of business data required to support new business applications, analytics, and real-time insights. The explosion of new sources, driven by the triple-threat trends of mobile, social, and the cloud, amplified by partner data, market feeds, and machine-generated data, further aggravates the problem. Poorly integrated business data often leads to poor business decisions, reduces customer satisfaction and competitive advantage, and slows product innovation — ultimately limiting revenue.
Forrester’s latest research reveals how leading firms are coping with this explosion using data virtualization, leading us to release a major new version of our reference architecture, Information Fabric 3.0. Since Forrester invented the category of data virtualization eight years ago with the first version of information fabric, these solutions have continued to evolve. In this update, we reflect new business requirements and new technology options including big data, cloud, mobile, distributed in-memory caching, and dynamic services. Use information fabric 3.0 to inform and guide your data virtualization and integration strategy, especially where you require real-time data sharing, complex business transactions, more self-service access to data, integration of all types of data, and increased support for analytics and predictive analytics.
Information fabric 3.0 reflects significant innovation in data virtualization solutions, including:
Earlier this month The Information Technology & Innovation Foundation (ITIF) published a prediction that the U.S. cloud computing industry stands to lose up to $35 billion by 2016 thanks to the National Security Agency (NSA) PRISM project, leaked to the media in June. We think this estimate is too low and could be as high as $180 billion or a 25% hit to overall IT service provider revenues in that same timeframe. That is, if you believe the assumption that government spying is more a concern than the business benefits of going cloud.
Having read through the thoughtful analysis by Daniel Castro at ITIF, we commend him and this think tank on their reasoning and cost estimates. However the analysis really limited the impact to the actions of non-US corporations. The high-end figure, assumes US-based cloud computing providers would lose 20% of the potential revenues available from the foreign market. However we believe there are two additional impacts that would further be felt from this revelation:
1. US customers would also bypass US cloud providers for their international and overseas business - costing these cloud providers up to 20% of this business as well.
2. Non-US cloud providers will lose as much as 20% of their available overseas and domestic opportunities due to other governments taking similar actions.
Let's examine these two cases in a bit more detail.
What happens in Vegas shouldn’t stay in Vegas. I was out at BlackHat with other members of the Forrester team over a week ago (seems like yesterday!). It was two jam packed days of popping into briefings, guzzling copious amounts of green tea, and meeting new people and learning new things. In general, I like to keep an eye and ear out for startups to see what’s bubbling up, and came across a few at BlackHat:
Co3 Systems. Co3 Systems* help to automate the four pillars of incident response (prepare, assess, manage, and report) and break down responsibilities and response to ensure best practices are followed along with compliance with regulatory requirements. They just updated their security module to include threat intelligence feeds from iSIGHT Partners, AlienVault, Abuse.ch and SANS, and recently rolled out an EU data privacy and breach notification update to the product. I’m a numbers nerd, so when they let me play with the solution, I immediately started running simulations that estimated the cost of a breach.
FileTrek. FileTrek provides visibility and transparency into where data resides, how it’s being accessed, moved, used, changed, and shared between people, devices, and files. No, it’s not DLP. It’s more like the mother of all audit trails that takes context and sequence of events into account. That way, if someone who is supposed to have access to data starts to do things with it beyond what they normally do, FileTrek will flag it as suspicious activity.