EY has released its Global Information Security Survey 2014. The survey, published every year, focuses on the issues facing information security pros for the coming year. Many of the trends identified in the report are trends that Forrester has seen evolve in the past two years. At the same time, these trends are accelerating. I am one analyst that is reluctant to paint information security with the fear, uncertainty, doubt (FUD) brush, but after reading the EY report I am not sure that FUD is inaccurate. We live in challenging times and the EY report validates this assertion. For example the research shows:
Attack power on the part of adversaries continues to grow. The capabilities and attack power of the adversary are on the rise. Criminal syndicates, hacktivists, and state-sponsored attackers top EY's respondents' list of top attack sources. This is not surprising based on the level of political instability in the world and the financial gains cybercrime can provide criminal groups derived from cybercrime.
Organizations are in battle with outdated weapons and strategies. Business today is using a set of outdated strategies and technologies to combat adversarial groups that are well financed and supported using some of the best offensive technologies available. These groups are well trained in the use of social engineering and technical cyberattack craft.
Organizations continue to see a dissolution of the perimeter. Mobility, outsourcing, cloud computing, and third-party consulting agreements continue to poke holes in companies' perimeters. All of these issues point to the need of a more flexible defense that uses a variety of smart detection and protection methods.
Previously, when CIOs and enterprise architecture professionals talked about “business-to-business” (B2B) commerce in China, most people thought of third-party B2B marketplaces like Alibaba.com or HC360.com. Very few companies use professional B2B solutions internally, instead relying on a combination of order management systems, customer relationship management, and third-party B2B marketplaces to trade with their business partners.
This is going to change. We have observed a few trends in the Chinese market that will become major drivers for the adoption of enterprise B2B solutions. These trends were further validated during the SAP summit last week in Shenzhen.
The legacy application architecture on the market won’t address the challenges of the age of the customer. Most of the companies currently doing business in China’s B2B market are small and medium-size companies with low IT systems maturity — many of them still exchange business information by emailing Excel files. These firms must rely on third-party marketplaces for business collaboration.
On Monday Microsoft officially announced the launch of two Azure Data Centers in Australia. This is big news for the many Australia-based organizations concerned about data sovereignty, as well as those who simply equate on-shore data residency with increased security and control.
Announced as part of TechEd 2014 in Sydney, Microsoft specifically called out Amazon Web Services (AWS) and Google as it’s key competition. In fact, Microsoft has gone to great lengths over the past year plus to consistently position these two companies as the only other viable longterm cloud providers. This is based on three cloud provider capabilities identified by Microsoft as critical: hyper-scale, enterprise-grade, and hybrid.
Overall it’s a good angle for Microsoft. All three players operate at hyper-scale as public cloud providers. All three also offer enterprise-grade services, (although this definition varies based on workload). Most importantly for Microsoft, neither AWS nor Google have a primary focus on enabling hybrid cloud services.
In contrast, all traditional large infrastructure vendors (Fujitsu, HP, IBM, VMware, etc.), system integrators (Dimension Data, NTT, etc.), and telco’s (Telstra) focus squarely on enterprise-grade services and hybrid cloud enablement. Rackspace, IBM and HP also have Australia-based data centers. But all these providers lack hyper-scale.
The modern business world echoes with the sound of time-tested business models being shattered by digital upstarts, while the rate of disruption is accelerating. Organizations that will win in this world must hone their ability to deliver high-value experiences, based on high quality software with very short refresh cycles. Customers are driving this shift; every experience raises their expectations and their choices are no longer limited. Like trust, loyalty takes years to build and only a moment to lose. The threat is existential: Organizations need to drive innovation and disrupt their competitors or they will cease to exist.
Yesterday, Proofpoint announced it will acquire social risk and compliance (SRC) vendor Nexgate for approximately $35 million.
The Acquisition Signals The SRC Market Is Maturing
This acquisition points to a budding and rapidly evolving SRC market. With the proliferation of social media, organizations face a slew of emerging regulatory challenges, brand threats, and security vulnerabilities – just look at recent incidents with Cole Haan, Zarbee’s, US Airways, British Gas, among countless others, even including our own US military. While once a niche market helping financial services firms meet FINRA obligations, SRC solutions now offer more than just compliance support, helping organizations better manage today’s wide gamut of social risks with social threat detection, account protection, and risk monitoring.
Proofpoint Has To Prove The Sum Is Greater Than Its Parts
On October 20 at TechEd, Microsoft quietly slipped in what looks like a potential game-changing announcement in the private/hybrid cloud world when they rolled out Microsoft Cloud Platform System (CPS), an integrated hardware/software system that combines an Azure-consistent on premise cloud with an optimized hardware stack from Dell.
Last week Salesforce.com (SFDC) hosted its annual Dreamforce Conference in San Francisco, and for the first time, the cloud giant’s products could soon have some major implications in the governance, risk, and compliance (GRC) market.
Amidst the chaos of keynotes, partner sessions, guest speakers like Hilary Clinton, wil.i.am, Al Gore, and our very own George Colony, two of SFDC’s major announcements demonstrated how its new offerings and future strategy will position the company to compete in the very big business intelligence market:
CRM solutions have been on the market for a long time. The first products were introduced over two decades ago, and many features are commoditized. New vendors are continually pushing the envelope on CRM capabilities and exploring the “white space” of capabilities that are not necessarily core to CRM. Old stalwarts are working on capabilities that differentiate them from others - like verticalized offerings, offerings tuned to to mobile user, offerings tuned to a certain size or complexity of organization.
CRM buyers need to remember that more capabilities these days is not better; more is simply more. In fact, when you don't need — or perhaps can't use — extra functionality, more is sometimes worse. Small businesses — and small customer-facing teams in larger enterprises — need to carefully evaluate vendors that they are evaluating in order to pick a solution that is right-sized for their needs. Categories and criteria that should be closely evaluated include:
Ease of use. Our research finds that 58% of employees interface directly or indirectly with customers. Small customer-facing teams don't have the luxury of deeply configuring or customizing CRM user experiences. Make sure the user experiences that come "out-of'the-box" from your CRM vendor are highly intuitive; that they work on the devices and platforms that your team use; and that they don't impede your productivity in any way.
This time last year, we published our predictions of what would be the major events and changes in enterprise cloud adoption in 2014. In this post, we look back on these prognostications to see which came true, which are still pending and which missed the mark. Look for our 2015 Cloud Predictions in the next few weeks. Thanks to Dave Bartoletti, Ed Ferrara and the rest of the Cloud Playbook team for their contributions.
As we predicted in May 2012, user directories are moving into the cloud. Cloud workloads require that users who are authorized to access them are stored near the cloud workload and not just on-premises. While this offering announced now by AWS is not necessary technically groundbreaking (Cloud IAM vendors and Microsoft Azure have been offering AD integration for a relatively long time), obviously this announcement is relevant because of AWS's broad presence in IaaS. We urge Forrester's clients that plan to use AWS AD service to ask AWS the following questions:
1. What safeguards are there to protect information (user, computer, etc.) in AWS AD?
2. How does AWS integrate in real time with on-premises AD and shared folder infrastructures?
3. What types of true identity management (access governance and provisioning) services does AWS offer to complement this new AD service?
Check AWS's blog entry at http://aws.amazon.com/blogs/aws/new-aws-directory-service/ for more details.