The Cloud is not a magic bullet for reducing the cost or improving the effectiveness of backup, however business are finding value in the cloud as a backup target. This Info-Tech infographic is loaded with insight on how to go about getting cloud backup right.

Click on the image to see a full size version of the infographic. From there you can also click the View Blueprint button to go to Info-Tech’s project blueprint on cloud backup.

cloudbackupIG

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

identity securityTraditional security strategy sees organizations focusing outward on their perimeter – protecting their network and data (in transit or otherwise). What’s missing is turning attention towards one of an organization’s weakest links – its users.

And we are not just talking about disgruntled, recently let go users who attempt to steal data post-firing. All of your users, malicious or not, pose potential threats to your organization’s security.

Why?

Your users are not security experts – nor do you necessarily expect them to be – and while they understand they have passwords, those passwords need to be complicated and must be changed periodically, and as such users aren’t always diligent about managing their work identities (Passwords on Post-Its, anyone?).

External employees, meaning contractors or vendors, pose an obvious threat being relative outsiders, potentially being granted access into your internal systems.

Adding to the potential security risks, your internal users are likely costing you money you don’t have to be spending. Help desk calls related to passwords, password resets, etc. can make up to 30% of your call volume. These types of help desk tickets calls can cost an average of $60 a ticket – if these calls are happening once a day, that’s $20,000 spent in a year on something that could be easily mitigated.

identity_security
Click Image To See Full Infographic

As you can see, it’s essential to manage and protect the warm bodies attached to the identities that are deeply involved with the data and networks you are also trying to secure.

Managing and securing identities requires a bit of time commitment, especially if you’re a large organization. Start by identifying your top 5 applications, identify critical user groups within those applications and work from there.

Auditing your users is a manual process. Using Info-Tech’s Identity Security Services Plan, we give you the tools to streamline your audit process by focusing on your critical applications and systems. With that re-executable process, you can then work through the rest of your applications and system. Following that, using the IAM Controls Analysis Tool – we help you identify the key controls your organization needs to pursue to strengthen their identity management tactics.

For your identity management resources, refer to Info-Tech’s Build an Identity Security Services Plan Blueprint.

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

lenovo_IBMIt’s fair to be concerned if you’re considering IBM for your x86 servers but for some reassurance I invite you to consider the following three points:

  1. X86 servers are commodity hardware, deal with it. Lenovo can.. If you still think there is significant differentiators in the hardware from various x86 vendors, you’re looking in the wrong place. Lenovo has demonstrated success in growing business in a commodity market (PCs.)
  2. IBM is still there where it counts: converged systems. Trends in consolidation and virtualization have made the main building block of the datacenter not stand-alone servers but converged bundles of servers, switches, storage and virtualization. IBM is still very much in this game with PureSystems.
  3. IBM/Lenovo Partnership is Deep. In the days since the January 23 announcement IBM has reiterated several times the depth of the partnership going forward. This is not a case of fire and forget offloading.

Just to recap the situation, on January 23 IBM announced that it was selling its entire x86 server business to China-based Lenovo for $2.3 billion (USD). Included in the sale: “System x, BladeCenter and Flex System blade servers and switches, x86-based Flex integrated systems, NeXtScale and iDataPlex servers and associated software, blade networking and maintenance operations.”

IBM Doesn’t do Commodity

IBM’s selling its x86 server business to Lenovo is simple recognition of a fact: industry standard x86 server architecture is a commodity. Like all commodities the governing business metric is unit cost. In this case, what is the total cost (processing and memory) per server workload?

The vast majority of server workloads out there, whether in data centers or in the big cloud services, are running on x86 servers. While there is emerging alternatives such as microserver processors based on mobile processors (ARM), the x86 is going to be doing the lion’s share of the work for the foreseeable future.

But while this commodity thing may be good for overall sales of x86 servers (in terms of market share) it isn’t a good thing for IBM. IBM focuses in hardware is on engineering differentiation and innovation, and charging big margin for you to take advantage of that specialness. The margin on x86 servers is razor thin when all that really matters is those commodity metrics of cost per server workload.

IBM arguably invented the industry standard PC, and had some excellent PC products (ThinkPad), but when those PCs became commodity hardware IBM sold PCs to Lenovo. Lenovo is looking to do the same now with servers, focusing on producing a quality product that is cost competitive in a commoditized market. It has succeeded in doing so in PCs.

But make no mistake, this is a huge move not without risk for both IBM and Lenovo. Some reports of the sale said IBM was unloading its “low-end” server business, as if they were general motors deciding to get out of economy compact cars. In fact if this were General Motors this move would be akin to GM getting out of the domestic automobile market entirely to focus on building things like large trucks and military vehicles.

Pure Convergence

Stand-alone servers are no longer the building blocks of on-premise data centers. Increasingly the converged system combining servers (usually blades), switches, storage arrays, system management and virtualization in one product SKU is that building block.

Info-Tech publishes dozens of vendor comparisons each year but we do not do comparisons of commodity hardware like desktop PCs and x86 servers. We do, however, compare vendors of converged systems that x86 servers will plug into. In our most recent VL IBM was a champion (See Vendor Landscape: Converged Systems)

VLconverg

IBM’s focus on converged systems will continue. Last week IBM announced the installation of the 10,000th PureSystems System. It will continue to sell PureApplication and PureData Systems – converged systems for applications hosting and big data analytics respectively – and continues to own the PowerFlex management software.

PureSystems can be provisioned with x86 server blades as well as IBM Power servers. Where x86 is involved IBM will source the blades from Lenovo instead of from themselves.

Not to belabor the commodity point further, but it is worth noting that the other hardware layers of the converged stack – switches and storage – are also typically based on x86 “controllers”. The future of value differentiation is in the software running on those controllers, not the hardware. In a software defined future, look for all the hardware layers to be commodity (look out Cisco, EMC, NetApp, et al)

Deep Partnership

One concern that has been raised about the Lenovo deal is whether IBM will be able to maintain a high level of system integration when a key layer of the convergence cake, servers, are manufactured by somebody else. In fairness, in our converged systems vendor landscape, ownership of the entire stack leads to higher scores.

I think there is some assurance here in the level of partnership between IBM and Lenovo. This is more than an asset sale. It’s a strategic partnership. IBM has also promised uninterrupted support for the x86 product set throughout the transfer.

IBM and Lenovo are tight right now. I don’t think it is in either’s interest to wander off in different directions.

 

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter
security model_small
Governance and management are the foundation of Info-Tech’s comprehensive IT security model. Click to enlarge.

Management and governance is the firm foundation of an effective IT security program and it can be shown to benefit the bottom line.

Info-Tech’s estimates that a small organization, with a low level of requirements, can save $12,000 – $130,000 per year after implementing a security governance and management program for as little as $10,000. Large organizations could benefit $300,000 – $2,250,000 per year with an initial investment of approximately $60,000.

With the evolution of more sophisticated security and major shifts in the technology environment in front of many organizations (e.g., BYOD, cloud), information security is becoming a business enabler and needs to be practiced in a more holistic manner.

With cost and complexity concerns the business will resist investing in a comprehensive security governance and management program. When IT security cannot articulate how it supports the business, it diminishes in perceived value and is likely to experience budget cuts.

Recently we published a new project blueprint “Build a Security Governance and Management Plan“. The goal is to help you:

  • Articulate the value of information security governance and management to senior management
  • Develop a customized comprehensive information security governance and management framework at the lowest cost possible
  • Apply your security governance framework to your organization and create a roadmap for implementation with provided tools and templates
  • Develop a measurement program to continuously improve your security governance

A customized program will provide results with a relatively low investment. This blueprint will guide you through the process of creating a customized security governance and management plan that is comprehensive enough to cover all your bases, while keeping costs at a minimum.

 

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter
Make-IT-More-Responsive-And-Agile
IT leaders must balance agility with stability. Take action with our projects to Make IT More Responsive & Agile and Deploy Changes More Rapidly by Going Agile

The mantra from industry leaders is that agility and innovation must be key objectives for IT leaders. But most IT organizations score poorly in those two areas; they are neither agile nor innovative. The road to Utopia is long and difficult. The important question is, given a limited capacity to change, where and how should IT departments focus their efforts in increasing agility or innovation?

Leaving innovation for a future blog, let’s consider the factors that inhibit agility.  Architectural standards, complex processes, complex and rigid applications, sunk costs, limited internal capability, and convoluted procurement practices all slow change in the interests of strong control, easy integration and minimizing risk. “Quick and dirty” or “cheap and cheerful” are often the routes to faster solutions. But they are typically distasteful to IT practitioners.

In general, increased agility may require a loosening of traditional approaches used in selecting and deploying IT solutions. But because this deviation from “safe” solutions can increase real risk, it makes little sense to shift away from traditional controls and standards unless the need for flexible solutions trumps concerns about controlling risk and minimizing unit costs. In general, flexibility conflicts with control, and IT leaders must identify those situations where the bias to control must be shifted to a bias to flexibility.

So how can we readily determine where IT must be agile and where traditional approaches are good enough? Parts of every organization are very stable and unchanging; others are in a state of rapid change and uncertainty. Control is the appropriate approach for the first component, and agility is essential and appropriate for the second. New products and services evolve through up to three stages: time to market, time to volume and time to profit. As a new product is introduced, and becomes successful (or not), the organization needs to focus on different objectives over this developmental period. And these different objectives drive specific and different priorities for the selection of technology and support processes.

Time to Market = Speed.

The first phase, time-to-market, involves the initial introduction of a service or product. Being able to deliver the product ahead of the competition is an essential requirement for competitive advantage. Demand is uncertain, so investment in production capacity and support technology must be constrained. The nature of the product or service may have to be modified based on initial market experience. So the two key characteristics of any system change through this initial phase become fast and cheap.

At this stage of product launch, flexibility and adaptability are essential. Launching a support application (or enhancement to an existing one) must be done quickly.  At this stage, IT must be prepared to cobble together “quick and dirty” solutions that enable the product to be launched quickly and modified based on actual customer behavior and preferences. The support processes and technologies may dictate divergence from existing architectural and technical standards.

IT should not hold back the launch of the product and its refinement. If the product fails in the marketplace, it is withdrawn, and the small investments can be written off. In the initial stages of any product launch or major product change, flexibility is job one. Of course, adherence to standards, ability to scale and support for efficient operation are desirable considerations, but speed and flexibility trumps all.

Time to Volume = Scale.

The second phase, time to volume, addresses the challenges created by a product that generates high demand. The ability of the organization to meet demand is enabled (but not guaranteed) when the technology used for the solution can be scaled to projected volumes of customers and business transactions. Delays in the expansion of application capacity, network, servers, storage and access devices and the number of simultaneous users can significantly dampen demand. The focus of this phase is fast and scalable. At this stage, the IT organization has to be flexible in terms of infrastructure capacity and application performance.

Time to Profit = Optimized.

In the third stage, where market demand has been confirmed and the basic organizational delivery capacity is in place, the organization then moves to stabilize the product and the supporting processes. It focuses on making the product profitable. Once a product or service reaches this state, agility is no longer the primary requirement. The solution implemented during the Time to Market phase may have to be modified or replaced.

agility1

IT staff tend to plan solutions that address the challenge of Time to Profit even when the product or service is in the Time to Market or Time to Volume stage. IT can frustrate the organization if it delays basic and scalable solutions in the interest of control and standards. Before approaching a new requirement in conventional ways, determine whether the service is in early stage development and deployment and requires a more flexible approach.

Agility is essential at the early stages of launching new products and services. IT organizations that are seen as obstacles to time to market will increasingly see themselves excluded from business planning and will experience the reality and challenges of shadow IT. Take action now with our projects to Make IT More Responsive & Agile and Deploy Changes More Rapidly by Going Agile.

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter