Dear IT Operations: It’s Time To Get Serious About Security

Okay, I’ll apologize right away to the IT ops teams that are already security-savvy. Hats off to you. But I suspect there are still a few that leave security to the CISO’s team.

On Friday, May 12, 2017, evil forces launched a ransomware pandemic, like a defibrillator blasting security into the heart of IT operations. What protected some systems? It wasn’t an esoteric fancy-pants security tool that made some organizations safe; it was simple e-hygiene: Keep your operating systems current. Whose job is that? IT operations’. Had the victims kept up with OS versions and patches, they wouldn’t have been working over the weekend to claw back from disaster. What’s the path to quick restoration? Having a safe offline backup. Whose job is that? IT operations’. The WannaCry ransomware outbreak is a brutal reminder that IT operations plays a critical role (or not!) in protecting the business from villains.

While headlines get everyone’s attention, there’s another non-news reason for IT operations to step up its security role, and that’s profit. In this age of the customer, the businesses that gain market share and disrupt industries are exceptionally agile; they deliver the features that users want as fast as they want them. DevOps arose from that new reality: to make IT operations as quick and nimble as developers are. In the process (and I would argue that this should be essential to the process), operations people learned a lot more about development, and developers learned a lot more about operations. The infamous “wall” between dev and ops is crumbling, and customers, the business, and shareholders are happier for it.

Read more

A One-Year I&O Transformation

Back when I worked in I&O we weren’t very popular. Not personally, mind you, but as a team. Why? Because we seldom satisfied user requests quickly, and sometimes not at all.  We were the defenders of stability, resistant to change.  Just maintaining the technology every day - “keeping the lights on” - took a lot of manual effort.  We chased down a lot of defects, and then we struggled to get fixes created and put into production. Sometimes the fix created a worse problem. It wasn’t a lot of fun, the pressure was grueling, and one by one we moved on to other jobs.

So today when I tell clients about transforming I&O from an under-appreciated cost center to a respected strategic advisor, I understand their skepticism. What does it take? For starters:

  • You have to change the monitoring and analytics technology.
  • You have to change the attitudes of the people within I&O.
  • You have to change the perception of I&O across the organization.

Those are not small changes, and cultural changes move especially slowly. Or do they?

The I&O team at Dixons Carphone, a UK technology retailer, transformed in a year. Yes, one year. With a motto of “say yes more,” Dixons Carphone I&O went all-in on customer focus and agile operations:

  • Rather than using a lengthy RFP process, monitoring technology proven effective in one business unit was extended across the organization.
  • Rather than focusing on technology health, the focus was shifted to customer experience.
  • Rather than focusing solely on the needs of consumer customers, attention was also given to the needs of internal users, line-of-business managers, and executives.
Read more

Analyze This! Cisco Spends $3.7B To Buy AppDynamics

Cisco’s intent to acquire AppDynamics – officially announced on Wednesday Jan 25 2017 – is quite a surprise. Then again, it isn’t. 

It’s a surprise because AppDynamics was one day away from its IPO, giving nary a hint of courting a suitor.  That would be an awfully expensive and troublesome camouflage.  And if it was camo, it was amazingly airtight in this notoriously leaky information age.  (As I write this, several press outlets report the deal went from idea to agreement in three days.)  

It’s not a surprise because: 

·        AppDynamics’ APM competitors have been rapidly broadening their monitoring to yield better analytics with fewer blind spots.  Cisco gives AppDynamics an exceptionally clear view of network performance and AppDynamics gives Cisco a clear view of application performance.  APM solutions must continue to expand their data ingestion to provide optimum value.   

Read more

Do More With Less: Predictive Analytics For I&O

 

Moore’s Law was bound to catch up with us. Loosely applied, it says that technology grows more complex every year.   Human brains do not.   People can’t keep up with monitoring, debugging, and managing today’s technology.  Users’ rising expectations make it even worse:  they want features and fixes in minutes, not days or weeks.  Technology may soon get away from us.  

The American comic strip character Pogo put it this way:  “we have met the enemy and he is us.”  In this case, our enemy is also our best ally.  Surely we can harness technology’s power to help us keep it under control.   We can, we are, and we will.  Predictive analytics, common for decades in other industries, is now a growing force for monitoring and managing business technology, and has the potential to put us back in control of our runaway technology.

The least sophisticated analytics predicts what instrumentation is appropriate for a server based on what software it’s running or what kinds of network traffic is going in or out.  For example, is database software found, or are SQL queries going in and out?  This analytics drives automation that reduces manual administrative work.

Moderately sophisticated analytics predicts trouble based on simple trends like CPU utilization rising, memory consumption rising, or free storage declining; and drives capacity planning before a resource crisis occurs.

Really sophisticated analytics watches multi-variate trends such as cycles of high user demand (for example monthly sales campaigns) coupled with performance expectations and resource constraints, to drive automated resource scale-up (to sustain best performance) or scale-down (to reduce over-provisioning costs).

Read more

Open Source APM Gains Momentum

Operations teams value stability.  Uptime is golden.  So it’s no surprise that operations teams buy finished, complete, documented, supported tools from vendors they can hold accountable.  Ops people already have their hands full dealing with complex apps, infrastructure, and users – they don’t need to be hassling with flaky do-it-yourself tools.  Even so, most operations teams still wind up with a mixture of tools from multiple vendors plus home-built integrations and scripts.

Development teams, on the other hand, are developers.  If they need a tool to do exactly what they need, they’ll build one – and share it with their friends.  As agile development has grown into continuous integration and continuous deployment, developers collaboratively created tools to automate tedious tasks and accelerate the application lifecycle.  Customer obsession relies on speed, and speed relies on automation.  The open source collaborative model has been very effective at creating the tools that support high frequency agile releases.   

The DevOps phenomenon brings together these two teams and their divergent cultures.  Yes, stability still matters; but what matters more in the age of the customer is agility through the entire software lifecycle, including the ops portion of release, deployment, and support.  The success of collaborative open source tools in development suggests that operations may be headed the same way.   And in the last year a lot more of my clients are asking about open source APM tools as an alternative to commercial solutions.  I’m also seeing APM vendors more involved in contribution, participation, and use of open source.  As Sam Cooke sang, “a change is gonna come.” 

Read more

APM Is Hot. Don't Laugh, I'm Serious.

I cover the APM market for I&O professionals, and it seems that every week I am briefed by yet another vendor entering the APM market. I wonder “What’s the attraction? Why is APM so hot?” Maybe it’s the mess.

I’m weird. I like cleaning up after Thanksgiving dinner. Why? Because it’s a huge mess. A little effort produces the dramatic result of a clean kitchen, ready for the next attack:  leftovers.

In September Forrester published The Forrester Wave™: Application Performance Management, Q3 2016. For vendors entering the APM market, it’s your guide to be a contender. For clients seeking an APM solution, it’s your guide to what’s available.

The Wave evaluates fourteen vendors on twenty-eight criteria.  We selected these fourteen as key players based on their functionality, market presence and the fact that they are most frequently mentioned in our conversations with clients.  Of course there are more than fourteen APM vendors in the market.   

For a bigger list of vendors, see the Forrester report Vendor Landscape: Application Performance Management, Including Mobile APM, Q2 2016.It includes twenty-six vendors, and even that isn’t all of them -- more vendors enter the APM market every week.

The “mess” that attracts vendors to this market is that I&O teams face an eternal battle to deliver…

  • faster service
  • to more users
  • by improving monitoring and management
  • of software, hardware, virtual-ware, and cloud
  • that grows more complex daily through:
Read more

Categories: