Opinion:
Mike Feldman, President, Large Enterprise Operations, Xerox Technology
CIO Insights: Brett Shockley, SVP & CIO, Avaya
CXO View Point:
Mark Birmingham, Director, Global Product Marketing, Kaspersky Lab
CIOReview The Navigator for Enterprise Solutions
JANUARY - 2014
Matthew Standish, Chairman & CEO
CIOREVIEW.COM
$10
Contents
12
16-39
Pg
COVER STORY
Matthew Standish, Chairman & CEO, IDInteract
Ciphertex: Ensuring Sensitive Information is Secure Jerry Kaner, Founder & President
Nexenta: The Global Leader in Software Defined Storage Tarkan Maner, Chairman & CEO
Tegile Systems: Redefining the HDD vs SSD Storage Battle Rohit Kshetrapal, CEO
CTERA Networks: Bridging the Gap Between Cloud Storage and Local Storage Liran Eshel, CEO, Co-Founder
Infinity Storage: Helping To Reduce IT Complexity and Cost Caterina Falchi, CEO
SwiftStack: A Technology Innovator of Private Cloud Storage Joe Arnold, CEO
Gridstore: Seamless Software-Defined Storage Solutions for Performance Starved Virtual Environments George Symons, CEO
Pure Storage: Pioneering a New Class of Enterprise Storage Scott Dietzen, CEO
Zadara Storage: Redefining Virtual Private Storage Arrays Nelson Nahum, Co-founder & CEO
CIO Insights
Pg
Brett Shockley, SVP & CIO, Avaya
|2 |
CIOReview
January 2014
20-33
Contents CXO Viewpoint
CeO Viewpoint 40
24
44
Security: Back to Being a Boardroom Issue John Bruce, CEO, Co3 Systems
What is Cooking in the Technology Space? Elnar Hajiyev, Realeyes
From Mainframes to Mobile Apps: How the Cloud Evolved to Drive Sales Efficiency Chris O’Connor, CEO, Taptera
42 28
The Next Wave in Software Engineering after CMM Bill Curtis, CAST
Building Trust is Critical to Secure Mobile Growth Chris Babel, CEO, Truste
06
Opinion
CeO Spotlight
36
Five Enterprise IT Security Stats that May Surprise You Mark Birmingham, Kaspersky Lab 46
Effective Planning Of Mobile Device Management Is Essential Tony Wagner, Capital Source Bank
08 The Security Industry Vs the Hacking Community Tim Leehealey, CEO, Access Data 09 Security: A Major Concern in IT Industry Victor Limongelli, President & CEO, Guidance Software 10 The Connected Enterprise Keith Nosbusch, CEO, Rockwell Automation
Mike Feldman, President, Large Enterprise Operations, Xerox Technology
Elizabeth Hackenson, CIO & Senior Vice President of Global Business Services, AES
John Petrie, CISSP, CISM, CBM, CISO, Harland Clarke Holdings Corp
|3 |
CIOReview
January 2014
CIOReview JANUARY - 2014
Editorial
Editor-in-Chief
Pradeep Shankar Managing Editor
Christo Jacob Editorial Staff
Benita M Harvi Sachar Rachita Sharma Sagaya Christuraj Thomson Antony Joe Philip Sr.Visualiser
Ashok kumar
Mailing Address
CIOReview 44790 S. Grimmer Blvd Suite 202, Fremont, CA 94538 T:510.490.2428, F:510.440.8276
CIOReview ,
January 2014 volume 3-1 Published monthy by CIOReview subscription rate: $60 for 12 issues
To subscribe to CIOReview
Visit www.cioreciew.com Copyright © 2014 CIOReview, Inc. All rights reserved. Reproduction in whole or part of any text, photography or illustrations without written permission from the publisher is prohibited. The publisher assumes no responsibility for unsolicited manuscripts, photographs or illustrations. Views and opinions expressed in this publication are not necessarily those of the magazine and accordingly, no liability is assumed by the publisher thereof.
CIOReview’s circulation is audited and certified by BPA International (Audit Pending).
|4 |
CIOReview
January 2014
Redefine your Storage
T
he global economy is trending towards a very positive growth. The year 2014 will be where current trends will accelerate the transformation already underway in how we consume information and do business. The enterprises will need to evaluate their information strategy to take advantage of the emerging opportunities like storage, cloud computing, internet of things and many more. For instance, the enterprise storage systems market will grow at a 3.9 percent compound annual growth rate (CAGR) between 2010 and 2015, and revenues will reach $37.3 billion in 2015. Though forecast reflects impressive statistics, it is observed that IT organizations that have spent many years implementing massive storage capacity in order to keep up with data growth have still not succeeded in optimizing the system and most of them have wasted 70 percent of storage capacity. The enterprises need to evaluate unified storage vendors and their offerings so that they do not have to compromise on performance, scalability, or cost efficiency. While big data continues to explode, and old storage systems continue to break, there are simple solutions on the market to redefine storage as we have known it to date. Modern storage solutions can help organizations address their big data storage challenges by providing software to build private or public clouds using commodity servers. While there are plenty of providers and undiscovered storage solution, organizations that succeed will be those that understand the possibilities, see through the vendor hype and make the right choice. To help CIOs and other technology leaders to choose the right provider for their requirements, we present to you ‘CIOStorage20- 20 Most Promising Storage Companies’. Also this edition, we share with you the story about a company that set out to solve the problems of professionals who are in need of coherent and actionable data and analytic insight to understand where to allocate their budgets for maximum return. Matthew Standish, CEO of IDInteract along with his team is solving this problem by creating a platform that simplifies the identification and understanding of consumer “explicit” marketing demand signals collected from multiple data sources. Christo Jacob Managing Editor christo@cioreview.com
|5 |
CIOReview
January 2014
Opinion
Automation Simplifying
Business
Processes Mike Feldman, President, Large Enterprise Operations, Xerox Technology
Xerox (NYSE:XRX) is an American multinational document management corporation that provides business services, produces printing equipments and software for commercial and government organizations. Headquartered in Norwalk, the company has a market cap of $15.02 billion.
I Mike Feldman
t is almost regular nowadays to see people at home, or while on a travel attending office conferences and managing business at ease. Technological trends such has Mobility, Cloud and Social networking have cushioned people to work anywhere anytime to their comfort. From a business process and document management industry perspective, there are a lot of relevant changes that we see taking place. People looking to access data and information for day to day interpretations always look to record the data. Hence we see the conception realized as people can print data anywhere by connecting from any device. For instance, using a device like iphone which happens to be my personal like, can be a great product with all its sophistications to use on either public or private clouds in a secure way. In order to protect the data, it is certain that companies nowadays adopt security and risk management measures and thus holding on one’s intellectual property. So now we see a wave of trends linked to one another aiding industrial complexities.
Setting Up Business Strategies
To manage a large enterprise operation at Xerox
|6 |
CIOReview
January 2014
Business unit, my role requires me to look into the emerging industrial trends regularly and the majority of which I find helpful will be through frequent customer interactions. It is imperative to always follow the customer, his liking and what he seeks momentarily. This move always helps us to set a strategy while running business thereby making sure that we are left forward envisioning a future market with ample infrastructure to incorporate the same. In our senior leadership team, we take creative time to implement some of the thoughts into process. Brainstorming sessions on critical innovations that are required in the market are prioritized. On course, we at Xerox, envision a three year strategy process which is a formalized process called the three year strategy horizon. A lot of time is spent in thinking about business enhancement, innovation, differentiation, talks on need that are not met by the current market and how we can offer value to our customers through our products and services. To realize the same, we spend quality time with our customers in a structured way, as we form our own customer advisory council and also with our technological partners to match to the customer’s requirements we form our partner advisory council. Two full days are spent with each council
and talks on innovation, future roadmaps, technology to pursue and the implementation whereabouts are discussed. Through the interaction with our customers, the unanimous reaction and the responses that reach out are about the amount of unstructured data that is exploding now than ever before. The whole area of the content explosion is in a boom and the growth is exponential. Customers are always challenged to this reaction about the content and information management and it is high time we only look for solutions that can solve their problem quickly. So, we should always look to leverage Business and Predictive analytics as the best useable tools to solve this regularly and efficiently. The key however is to find ways to make the best use of it. Through data analytics one can gain a certain insight from all of the unstructured data emerging either from employees, customers, social networks or on internal employee websites. For instance, customers provides opinions on various social sites like facebook and many others, now it is impossible for large corporation to go through the big comments that are made. So to make it context aware, one needs to inculcate analytics thus interpreting it properly in a consolidated understandable way and presenting it back to the customer. Through case management, where services are coordinated on persons’ behalf and we have information travelling over email, finding keywords through searches and putting altogether to save the intellectual property or to defend a court of war these are the many areas we are focused on and strive to deliver solutions to our customers.
Automation Answers to Industrial Lags At Xerox we always look to automate. Having been in the industry for a long time now, we have always looked to bring in the right technology in place to integrate
with any process which affects the lead production time. One such development we have seen is in the paper based documentation process. The paper based processes which involves human involvement also leads to errors, mistakes thus resulting in lag time. With the automation of document one can transform documents into digital files enabling multichannel communications and eliminating nonvaluable printing before it happens. Financial institutions in the past had
The whole area of the content explosion is in a boom and the growth is exponential. Customers are always challenged this reaction to endure torrid times as customers were looking for faster transactions and account opening formalities, with automation now at its place it is only a matter of minutes as compared to the hours that took in the past. Looking forward, one needs to explore the different verticals where he could exploit technology to the most. Be it the health care industry tracking right from the patients’ admission, his safety, till his discharge as he leaves with a clear cut understanding of the instruction that is given to him. There are such industries which need the provision of meaningful and prescribed content and on a regular basis, and it is high time for the providers to take advantage of the requirement and keep its minds and hands full in laboring for effective means of service.(As told to Joe Philip)
|7 |
CIOReview
January 2014
CEO Spotlight
The Security Industry vs the Hacking Community Tim Leehealey, CEO, AccessData Group Inc.
Lindon, Utah based AccessData, is a provider of digital and mobile investigations, cyber security and litigation support solutions.
|8 |
CIOReview
January 2014
industry today. The new generation threats are bombarding the computer industry and we at Access Data are constantly readying ourselves for these instigations. There are measures adopted by other security companies as they focus on detecting threats through network traffic, some focus on the memory of the machine and some may shift towards hosted approaches. At AccessData we always believe that the above approaches by other companies are to only percept one slice of the picture as there lies more to it.
"
T
here is a big boom in the security space in the present day. The reason for this sudden boom is because of the long ongoing battle between the security companies and the hacking community. The hacking communities have access to the most sophisticated software and it is very evident that any new software that would be designed as an antidote is all built around the third eye of the same hackers’ use. It is a losing battle to fight. Even adoption to the current security measure against an alleged threat is not a means of measure adopted, since the market is constantly changing and so are the improvements in the technological trends. Hackers leverage technology and industry providers need to be equipped all the time leveling with them. The point is not in blocking the threat, since it can reoccur anyplace, anytime. The intelligence lies in understanding and the ability to investigate the network to actually know what is going on. It is not the same arena nowadays what we found 20 years ago in the security space. The momentum lies in the next five years for security to come about transparency and this is the only way forward in combating the all pervasive security issues in the
Tim Leehealey
Adapting to the Current Trend
Hackers leverage technology and industry providers need to be equipped all the time leveling with them
"
As challenges in an industry arise, there also increases the need for deepening ones’ pocket in order to adapt to that current trend. As an entrepreneur the biggest challenge lies in the dynamics of investment. The mirage lies as “invest and they will come versus the weaker they come, and then invest”. It is a challenge more than a trick. Investments drive in a bunch of thoughts to enhance its usability. It is all about the timing of the investment for your marketing efforts, for your sales, and for the development of the product indeed. For an entrepreneur, to be able to monetize the existing investments is always critical.
CEO Spotlight
Security: A Major Concern in IT Industry Victor Limongelli, President & CEO, Guidance Software,Inc.
Based in Pasadena, CA, Guidance Software (NASDAQ: GUID) offers eDiscovery, data discovery, and computer forensics solutions for corporations and government agencies. Founded in 1997, the company has a market cap of $259 million.
Changes Driving The Industry
People used to be so focused on their perimeter and setting barriers on blocking intruders and now they are
"
I
n IT security, the emerging trend is that Chief Information Security Officers are beginning to operate under the assumptions of compromise. More importance is given to one who defends but they should assume that there will be compromise at some point. Sooner the attackers get in, larger are the chances for the inside threats. So, there is a need for a framework to determine the future outcome and ways to limit the damage, the ways to do it, and mainly ways to keep attackers out of the intellectual property. Moreover, they need to have visibility to endpoint to the servers and the desktop environments, because that is where the data intellectual property and customer data is, and they need to be proactive and looking for threats that the organization is facing. The Chief Information Security officers cannot assume that the permanent essentials are going to protect them. They need to be hunting for the threats, threat hunting is becoming more common and they need to operate from the assumptions of compromise and they need to have visibility to their servers.
The Chief Information Security officers cannot assume that the permanent essentials are going to protect them
"
realizing those were important but not sufficient. So it is not enough to set up a good perimeter defense but there is a need to actively know your network, its working, the way it is running, the programs installed, the ways in which processes are spreading across the network and how configurations are changing. So you need to have not just a picture, but a movie. So that you can see the things changing over time, this can uncover these threats, you need the ability to remediate, to clean up problems, to
kill the problematic processes to the wide files that have been installed by the hackers or insiders and do that without taking the mission critical systems offline.
Organization Should have Visibility to Endpoint
It takes longer to deploy new technology, even though there are good solutions available sometimes there are current business processes at customers or at political turf wars. There is a good solution to solve the business problem that you develop, and sometime it takes longer for organization to deploy it, then you can think you can switch case. Over seen that change, most of the organizations start to operate or to share their assumption that there will be a compromise and they need to have the visibility to end point, through which they can protect themselves. It is critically important to try to access things which are needed to solve the business problem, not only as we interact with customer, but the feedback from the prospects about what they would like to see and that is the important point for the ground breaking improvements and breakthroughs. You need to think about what they actually need to solve the business problem.
|9 |
CIOReview
January 2014
CEO Spotlight
The Connected Enterprise Keith Nosbusch, CEO, Rockwell Automation, Inc.
Rockwell Automation (NYSE:ROK), is an automation company dedicated to industrial automation and information through its products recognized for innovation and excellence. Headquartered in Milwaukee, the company has a market cap of $16.42 billion.
Keith Nosbusch
|1010|
CIOReview
January 2014
found in manufacturing. This is by far the biggest opportunity across the entire “Internet of Things” landscape. To capture this value, manufacturing must accelerate the adoption of key “Internet of Things” technologies which will be key enablers of The Connected Enterprise.
Cloud: Within the next two years, half of manufacturers will migrate their infrastructure to the cloud, which will drive a 6X increase in wide area network traffic. Mobility: Huge amounts of industrial data are already being delivered on mobile devices; to continue, security must keep pace. Big Data: More data will be avail-
able for analytics and real time problem solving. This will be across multiple production lines and plants, and entire supply chains. The next wave of investment will be at the plant infrastructure layer, using technologies like integrated control and information and the “Internet of Things” to deliver business value from 'The Connected Enterprise'. So, the value at stake is enormous: • Faster time to market through de-
"
W
e are at an inflection point, driven by the convergence of integrated control and information technologies, and accelerated by the arrival of the “Internet of Things.” We call this vision 'The Connected Enterprise.' It involves industrial operations that are more productive, more agile and more sustainable. While manufacturing is sometimes seen as technology laggard, today we see an inrush of technology that is changing the game, from labor intensity to highly productive production processes; from older industrial-age plants to clean, safe, efficient production facilities; from isolated operations to an integrated, responsive supply chain. Cisco estimates that the "Internet of Things" as having a potential value of $14 trillion, and that 27 percent, or nearly $4 trillion, will be
While manufacturing is sometimes seen as technology laggard, today we see an inrush of technology that is changing the game
"
sign productivity, faster commissioning times with intelligent devices, and the agility to respond to customer trends more quickly. • Improved asset utilization and optimization by manufacturing intelligence tools, driving improved reliability, and predictive maintenance. • Lower total cost of ownership by better life cycle management and easier technology migration. • Enterprise risk management: protecting company intellectual property and brand image with a safe, secure operating environment while ensuring regulatory compliance and reducing exposure due to poor product quality.
|11 |
CIOReview
January 2014
COVER STORY
By Joe Philip
T
Matthew Standish, Chairman & CEO
|12|
CIOReview
January 2014
oday brands use small data to promote supply-based marketing. The Internet has changed the way consumers buy products and services. However, consumers’ behavior patterns are still poorly understood. Marketing and sales teams have been disrupted in by Google and other search engines, e-commerce, and more recently, social media and mobile computing. Mostly, these implicit marketing strategies using “ad-words” lack material ROI and a compelling marketing strategy. In the absence of innovation, these channels have become more important to companies’ customer acquisition success, customer loyalty, and driving revenue growth. To deal with
the accelerating change in the landscape and the exponential growth of data, marketers and sales professionals require a marketing platform that helps find future customers. The platform must help build, sustain, and grow relationships with buyers over time while able to cope with the pace and complexity of engaging with customers in realtime across the Internet, email, social media, online and offline events, video, e-commerce storefronts, mobile devices, and a variety of other channels. As importantly, these professionals need coherent and actionable data and analytic insight to understand where to allocate their budgets for maximum return. Today, marketing has slowly become dynamic as the need to interact seamlessly with customers across multiple fast moving digital channels has increased. Legacy based CRMs traditionally help to digitize marketing and sales professionals’ contacts for traditional marketing practices, which focus on supply advertising products’ or services.’ But they are in the present times unable to keep pace with the needs of marketers, who understand the importance of providing buyers with the
right information and the right messages in the right format at the right time. While companies were looking for such a platform, there emerged a software startup named IDInteract founded in Seattle but developed in Detroit (that's right Detroit) that promised to solve this mammoth problem. Waking up from stealth mode in early 2012 the company set out about its mission and has caught the attention of many. The company has created such a big impact that Gartner has selected it as one of the 2013 Coolest Vendors and the company has also won Red Herring’s 100 Global Big Data and Analytics Award.
It’s Not Just About The Analytics, It’s About What You Do With It
The reason for so much success is the disruptive tech platform that the company has engineered called the Demand Exchange™. IDInteract was founded by Matthew Standish who currently serves as its Chairman and CEO. The company has created the Demand Exchange™ platform to go beyond marketing automation. The platform simplifies the identification and understanding of consumer
|13|
CIOReview
January 2014
“explicit” marketing demand signals collected from multiple data sources, including unstructured and largely unused “dark” data from social media and mobile applications as well as structured data from CRM systems. Demand signals are analyzed to identify highly qualified prospects with real time interest and intent for specific brands, products,
IDInteract’s SaaS Demand Exchange platform removes the need for marketers to utilize multiple solutions by unifying many functions into one easy to use platform |14|
CIOReview
January 2014
and services. The platform unifies this data into robust profile called “Personas” which represent a federated view cross-channel view of a potential consumers behavior or what IDInteract has patented called, Digital Body Language. IDInteract’s Personas are continually updated so marketers can reliably identify, segment, and interact with as many
qualified prospects based on their propensity to buy, and their revenue potential. Demand Exchange helps users visualize the demand curves of their business while segmenting and recommending qualified prospects for automatic delivery of offers and information through social media direct messages, wall posts, tweets, or existing email systems.
Engaging Potential Customers
IDInteract’s SaaS Demand Exchange™ platform removes the need for marketers to utilize multiple solutions by unifying many functions into one easy to use platform. Demand Exchange is a high velocity, low inertia product requiring little to no IT department involvement for
set up or maintenance. The platform contains six proprietary “engines” and a Persona identity database that operates as a fully integrated stack across: Management, IDSearch, IDAnalytics, IDOffer, IDPersona, and IDIntent. Demand Exchange™ incorporates available data about clients’ customers in real time to increase ROI and customer interaction based on by better targeting offers and messages. Demand Exchange identifies individual, group, event, and community customer demand signals in real time using data from the leading social media channels, client mobile applications, and client CRM systems to create highly contextual consumer profiles called Personas. Data collection is guided by client specified criteria aligned to specific business objectives and is aware of privacy settings, geographic location, brand and product preferences, hot topics, and opinions. Data collection respects consumer privacy preferences at all times through Matt’s background and expertise in Identity Management principles based on his work in Germany. Through proprietary algorithms and machine learning, Demand Exchange™ applies predictive analytics and calculates propensity to buy to derive consumer intent as it pertains to each client’s business objectives. To assist in closing the sales cycle, Demand Exchange’s user interface allows clients to sort and prioritize Personas and select highly qualified prospects for interaction through social media channels or existing email systems. This process can be manual or automatic to assist in the revenue conversion process. Offer delivery counts and conversions are tracked to enable performance and return on investment measurements. Demand Exchange™ can be used for customer acquisition, up selling or cross-
Matthew Standish, Chairman & CEO
IDInteract is committed to being a real partner to our clients and helping them achieve their business goals
selling, customer retention, market intelligence, or brand promotion.
Testament to the Claim
The company’s claim to providing results has many witnesses. One of their client from the gaming industry faced a problem where tens of millions of gaming hardware boxes were in circulation but only 60.5 percent of users had elected to sign up for a gaming account. Only 31.5 percent of users had bought an accessory to enhance their already purchased gaming hardware. The problem here was to identify as to how software providers improve engagement and targeting with existing and potential customer bases without ineffective emails and spam. The challenge of knowing the manner in which gaming providers’ cross-sell while understanding the relationship between loyalty and high-value retargeting also needed to be addressed. Along with these, the company also had to deal with the issue of making a software provider manage privacy and develop targeted campaigns in a matter of days and not weeks. IDInteract’s expertise helped their client to provide targeted marketing and re-targeting across several social, email and mobile channels. This provided an Omnichannel experience often promised
but the Demand Exchange delivered at scale. “The results for our client speak for themselves. We exceeded a conservative target to convert one percent of 46 million users of the gaming system to a higher level of membership subscription.” Says Standish.
The Roots of this Revolutionary Company
The idea of IDInteract came when Standish was the Chief Architect for Deutsche Telekom in on the idea of being able to understand the customer’s demands. “Our company grew out of a simple observation – we have the technology to observe the revealed preferences of actual populations through their behavior. The familiar attempt to monetize social media marketing by determining the average value of ‘like’ or ‘tweet’ was fundamentally wrong. It focused on the supply side of the equation: assuming a fixed conversion rate, higher volume of offers meant higher sales. IDInteract’s insight was to turn the equation on its head. Use contextual data to target specific pockets of demand. Someone, somewhere, already wants your widget, so stop wasting effort trying to convert people who don’t care and focus on having relevant and timely interactions with
highly qualified prospects. We have assembled an outstanding leadership and execution team to realize this vision. IDInteract is committed to being a real partner to our clients and helping them achieve their business goals,” says Standish. He goes on to say “We explicitly identify demand, determine the user’s intent, develop their propensity to buy, determine if they are in market to buy today and interact with them across multiple channels of communication. There is not another competitor that manages this consumer value chain at scale,” talking about the differentiator that has given the company so much success.
Just The Beginning Of A Wonderful Journey
The company’s prime areas of focus have been retail, gaming and the auto industry. Another major source of the company’s revenue comes from the healthcare sector. With that said the privately funded company also is in talks of setting up its offices in Western Europe and the Middle East through partnerships and in 2014 it plans to strengthen its presence in the U.S and outside the country. Today, IDC predicts that the Marketing Automation market will grow from $3.5 billion in 2011 to four billion dollars in 2015, while the CRM analytics market, which includes marketing and sales analytics, is projected to grow from $2.4 billion in 2011 to $3.4 billion in 2015, respectively. IDInteract has understood this and has attracted a notable customer base, in addition to a robust pipeline of potential future clients. 2013 has demonstrated the sector’s vibrant activity and its contribution to the global economic recovery. IDInteract, Inc. is performing exceptionally in its field and strongly deserves all the accolades.
|15|
CIOReview
January 2014
While new technologies are being welcomed at a quick pace across industries, one thing has not changed: IT departments are expected to use antiquated storage solutions to meet their new storage needs. It is unreasonable to expect IT professionals to use tape and proprietary storage arrays to store massive amounts of data, especially in this era of powerful cloud computing. The simple fact is that it is impossible to manage today’s storage needs with yesterday’s storage solutions because of key trends that are disrupting the storage industry such as big data, cloud, mobile, software defined storage and storage as utility. Modern storage solutions can help organizations address their big data storage challenges by providing software to build private or public clouds using commodity servers. These new methods require minimum IT involvement, and dramatically reduce the costs of cloud deployment and management. So, while big data continues to explode, and old storage systems continue to break, there are simple solutions on the market to redefine storage as we have known it to date. While there are plenty of providers to choose from, organizations that succeed will be those that understand the possibilities, see through the vendor hype and choose the right deployment model. To help CIOs and other technology leaders to chose the right provider for their requirements, we present to you ‘CIOStorage20’. In the last few months, we have looked at hundreds of Storage Solutions providers and shortlisted the ones that are at the forefront of tackling the real challenges. A distinguished panel comprising of CEOs, CIOs, industry analysts and the editorial board scrutinized several companies and finalized the list of '20 Most Promising Storage Companies'.
Company
Management
Astute Networks, Inc. SanDiego, CA astutenetworks.com
Robert B. MacKnight, President & CEO
2000
A provider of Networked Flash appliances that accelerate application performance by 10x or more, enhance user productivity and lower IT costs for physical, virtual and cloud environments
Ciphertex, LLC Chatsworth, CA ciphertex.com
Jerry Kaner, Founder & President
2009
A provider of data protection solutions for the most sensitive data of organizations worldwide
Coraid, Inc. Redwood City, CA coraid.com
Dave Kresse, CEO
2000
CTERA Networks Palo Alto, CA ctera.com
Liran Eshel, CEO, Co-Founder Zohar Kaufman, VP R&D, Co-Founder
2008
Gridstore Mountain view, CA gridstore.com
George Symons, CEO
2009
A provider of optimized storage solutions for windows server and hyper-v for virtual environments
Infinity Storage Mountain View, CA infinity-storage.com
Caterina Falchi, CEO
2006
A provider of data management solutions that enable storage networks to be more efficient, easier to manage and more responsive to needs of the business
|16|
CIOReview
January 2014
Founded
Description
A provider of EtherDrive and EtherCloud solutions. Coraid delivers scale-out performance, Ethernet simplicity, and an elastic storage architecture to handle massive data growth A provider of a cloud storage platform for enterprises and service providers, enabling the delivery of a suite of storage applications over the infrastructure of their choice
Company
Management
iQstor Networks, Inc. Newbury Park, CA iqstor.com
Jason Lo, President & CEO
Nexenta Santa Clara, CA nexenta.com Panzura Campbell, CA panzura.com
Tarkan Maner, CEO Alex Aizman,CTO Dmitry Yusupov, Chief Systems Architect Randy Chou, Co-Founder & CEO
Founded 2002
2008
Description A provider of highly scalable replication and disaster recovery solutions that eliminate costly downtime and reduce administration overhead A provider of Software-defined Storage solutions. The company’s flagship software-only platform, NexentaStor, delivers highperformance, ultra-scalable, cloud- and virtualization-optimized storage management
2008
A provider of global cloud storage solutions to optimize data storage management and distribution in the cloud, making cloud storage simple and secure
2009
A provider of products and solutions that enables the broad deployment of flash in the data center A provider of enterprise data storage. The company has received a funding of $26.8 million from Highland Capital Partners, Madrona Venture Group, Valhalla Partners and Data Collective
Pure Storage, Inc. Mountain View, CA purestorage.com
John Colgrove, CTO John Hayes, Chief Architect, Scott Dietzen, CEO
Qumulo, Inc. Seattle, WA qumulo.com
Peter Godman, CEO
2012
Solidfire Boulder, CO solidfire.com
Dave Wright, Founder & CEO
2009
SwiftStack San Francisco, CA swiftstack.com
Joe Arnold, CEO
2011
Symform, Inc. Seattle, WA symform.com
Mark Ashida, CEO
2007
A provider of cost effective solutions to large scale distributed data management problems
T3Media, Inc. Denver, Colorado t3media.com
Bob Pinkerton, CEO
2003
A provider of cloud-based storage, access and licensing for enterprise-scale video libraries
Tegile Systems, Inc. Newark, CA tegile.com
Rohit Kshetrapal, CEO
2010
A provider of new generation of enterprise storage arrays that balance performance, capacity, features and price for virtualisation, file services and database applications
Tintri Mountain View, CA tintri.com
Ken Klein, CEO & Chairman
2008
A provider of VM-ware storage appliance to deliver flash performance at disk prices with intuitive management specifically for VMs
Vicom Systems, Inc. Santa Clara, CA vicom.com
Samuel Tam, CEO
1996
A provider of transparent wire-speed data services for systems and storage
2011
A provider of enterprise-class primary and secondary storage for the cloud via dedicated, flexibly deployed equipment located at AWS Direct Connect facilities and Dimension Data (formerly OpSource) data centers
Zadara Storage Irvine, CA zadarastorage.com
Nelson Nahum, CEO
Zetta, Inc. Sunnyvale, CA zetta.net
Ali Jenab, CEO
2007
A provider of all-flash storage systems designed for next generation data centers. The company has received a funding of $68 million from Samsung Ventures, New Enterprise Associates, Valhalla Partners and Novak Biddle Venture Partners A provider of software-defined storage (SDS) solution to help operations teams implement and manage an easy-touse, multi-tenant highly scalable cloud storage platform
A provider of enterprise-grade online backup and disaster recovery solution for small and mid-sized businesses, enterprises and MSPs. CIOReview January 2014
|17|
Ciphertex: Ensuring Sensitive Information is Secure
I
n today's advanced, interconnected world, businesses experience dramatic growth of digital data including documents, emails, and applications. Protecting the infrastructure that allows organizations to function is crucial. Security threats are inherently difficult to manage because there are so many different types; cybercrime, lost and stolen data, natural disasters, industrial accidents, terrorism and they are constantly evolving. Their economic and societal impact can be enormous. This increasing data security requirement means that the challenges of businesses today extend beyond conventional defense methods. Security has taken on a new significance, encompassing security for protection of critical infrastructure, sensitive data, and critical information systems data and digital assets. Enterprise IT can expand their storage centers, share and back-up digital assets, and manage secure data all at an affordable price. A company from Chatsworth named Ciphertex promises to solve
As a data storage system Ciphertex provides outstanding performance, networking, and management capabilities at a competitive price |18|
CIOReview
January 2014
these problems by providing products that are designed to provide affordable and easy to manage solutions. Founded by Jerry Kaner, Ciphertex is a data security company that provides data protection solutions for the most sensitive data of organizations worldwide. The company’s data security solutions ensure sensitive information is secure with key and policy management along with enterprise encryption.
Ciphertex’s Arsenal
The company’s portable DAS and NAS Server systems offer unparalleled performance, security and reliability seamlessly integrating AES 256-bit hardware-based encryption with the latest in RAID storage technologies. Designed-in flexible connectivity is guaranteed with each system able to support the leading storage interfaces and operating systems. Each multi-bay Ciphertex system also offers simplistic functionality and setup via its graphical user interface combined with a powerful data management software suite. Ciphertex differentiates itself from the rest of the storage industry by securing data with real-time AES 256-bit encryption/decryption implemented in hardware in an ergonomically designed, portable direct attached storage system and in software in powerful NAS systems. As a data storage system it also provides outstanding performance, networking, and management capabilities at a competitive price. Each Ciphertex system offers easy setup
Jerry Kaner, Founder & President
and operation via its graphical user interface combined with a powerful data management software suite. The latest drive technology provides performance, reliability, and portability in systems expandable from 60GB to 48TB of storage capacity. Thoughtful design enables connectivity to all major system interfaces (eSATA , USB 3.0 and Firewire 400/800) including providing the only portable NAS with both GigE as well as 10GbE. The Ciphertex secure data storage systems also provide support for all major operating systems and their applications. This total package led Ciphertex to be named the best in Interop 2011.
A Trusted Vendor
“We are trusted around the world to provide data security solutions for major enterprise. Ciphertex protects the medical records of one of the largest healthcare solution providers in the US, Media Entertainment (Film Industry), Oil and Gas, Forensic Investigation, and US Government agencies US Military,” says Jerry and he goes on to add “We have customers all around the globe, in Germany UK, India, Italy, Australia and many others.” The company has grown by leaps and bounds over a very short period of time due to its disruptive technology. For the very near future the company plans to introduce Rugged AES 256 256-aes hardware-based encryption products that are can be used in trains, planes with full encrypted technology.
CTERA Networks: Bridging the Gap Between Cloud Storage and Local Storage
T
he explosive growth in unstructured data, the increased need to access files anywhere and from any device, and the desire to collaborate frequently across the distributed enterprise are all driving companies to use scalable, costefficient cloud storage technology to address these needs. Palo Alto based CTERA Networks caters to this need of both enterprises and service providers and in the process has created a buzz amongst the tech circles. The company enables its customers to use the cloud storage infrastructure of their choice whether private, public or hybrid, while ensuring
enterprises and service providers to create, manage and deliver cloud storage services, whether internal or external. The company’s unique platform includes built-in functionality for file sync and share, hybrid on-premises/cloud backup, managed branch storage and mobile collaboration which is unified under 'single pane of glass' management. “Our platform extends storage infrastructure to make it "cloud enabled", and integrates with the majority of object-based and other scalable storage systems, as well as cloud service providers. CTERA is a technology vendor – we do not provide cloud services, but rather empower service providers and enterprises to do so,” adds Eshel. It is the only company to provide a platform that addresses multiple cloud storage "killer apps" and supports both hardware and software-based deployment scenarios to optimize performance across remote office and branches, as well as mobile workers.
Providing Game Changing Services Liran Eshel,
Liran Eshel, CEO, Co-Founder CEO & Co-Founder end-to-end security and overcoming performance and scalability challenges.
'Single Pane Of Glass' Management
Founded in 2008 by Liran Eshel, CEO, and Zohar Kaufman, VP R&D, the company provides a cloud storage platform that enables
CTERA's core development team originated from Check Point Software, so security is very much in the company's DNA and is embedded into all aspects of the company's solutions, which feature built-in source-based encryption and other security measures. The company's cloud storage platform is comprised of cloudside management software, cloud storage gateway appliances and endpoint software agents for PCs and mobile. Customers can choose any
mix of software/hardware to serve their storage, backup and file sharing needs in an optimal way. Active Directory integration, including support for the most complex AD forests, makes it easy for enterprises to deploy CTERA's solution, while global source-based de-duplication ensures optimal performance over the WAN. CTERA integrates with storage infrastructure from EMC, IBM, HDS, OpenStack, Caringo, DDN, Scality and Cleversafe, as well as with public cloud providers such as AWS and Rackspace.
Winning the Trust of Clients
Due to its game changing technology, in a very short period of time, the company has won the hearts of many firms which include some of the Fortune 100 enterprises across multiple industry sectors including financial services, life sciences and energy. Major service providers also use CTERA's platform to drive their businessgrade cloud storage services. They include, among others, Telefonica, CenturyLink, Orange (France Telecom), Telecom Italia and Swisscom. With customers in production with 10,000s of appliances deployed and 100,000s of active users, CTERA's technology is proven to scale to very large deployments. CTERA plans to continue its good run and expand its platform both to support additional usecases as well as to extend further the value of cloud storage for security, compliance and data mining purposes in the future.
|19|
CIOReview
January 2014
CIO Insights
Research and Business
Relevant Approaches:
A Balancing Act Brett Shockley, SVP & CIO, Avaya
Sunnyvale, CA based Avaya (NYSE:AV) is a global provider of business communications and collaboration systems. The company that supplies contact centers, networking , unified communications (UC), video products (integrated hardware and software) services has a market cap of $21 billion.
F
rom a product and solution development perspective, given the communication and collaboration space, unified communications, contact centre, mobility, BYOD and mobile videos are all revolutionizing the industrial trends this time. According to statistics, about 40 percent of enterprise users spend 20 percent time away from their desk place. This is an alarming report for technology enterprises as we look for ways to provide applications for them. There are indeed a number of interesting things doing the rounds in applications perspective. It is possible to run ten different applications/devices registered with the same ID and phone number and as a result I use a phone on a static place like my desk but also run applications on remote places according to my need. It is as simple as I attend a conference call on my flight through a video and thus keep time and track of my work throughout.
Multichannel Communication-Customers’ Wish list
According to reports about 78 percent of the customers wished to communicate to companies via multiple channels and out of which only 17 percent
|20|
CIOReview
January 2014
reviewed their response to be well and the other 65 percent intend to start fresh. As a result, we at Avaya have been focusing on activities for research involving big data and predictive analytics at our support center. It is a stepwise approach as one goes through our website for self-service, escalate it to an automated chat with our knowledge base, and so gather a human response through the web browser and what one gets in the end is a video conversation at the browsers comfort. The tool of analytics is certainly on the wish list of the enabler as one learns to manage the data and not only restricting it
for operational reporting but also to use the large database, by converting unstructured data into structured data, manage people and processes associated with it. From an IT perspective, historically most of the technology decisions have to be driven through IT. The term Cloud is impacting both the technology and is also changing the dynamics of the way companies acquire technology. With increase in cloud based models, business leaders have started to make decisions based on the capacity, for instance whether to fund the IT budget to cater the needs or to bypass IT and look for the next generation cloud based service. As cloud is answering to the woes and challenges of the industry, there are still a lot of opportunities in terms of collaboration and unified communications which makes it a really interesting space. Though the industry has really done well in terms of unified communication, the ability to predict business processes becomes imperative and now through predictive analytics, as some of these processes turn out to be automated, the fact that people’s perspective remains as the key industry relevance and thus delivering to the people on what they need thereby cutting out on enterprise complexities.
Accelerating Commercialization Of Innovation Our team at Avaya through its corporate strategy group, corporate development group, M&A and CTO consulting team focuses on consumers in helping them plan through multi strategies and technology architectures to achieve
Brett Shockley
transformations that sometimes take years to execute. While the Avaya labs research team drives forward thinking research in communication and collaboration in contact centre apps, the emerging products and technology group bridges research with real world customer requirements. This involves accelerating commercialization of innovation, where customer gets the benefits to their business and grant for access to technology before their competitors and so gives them an advantage above others. The challenge is to balance between researches on one end and be business relevant on the other, how to make technology more relevant to them to address to their critical business problems. It is always a balancing act and it is the challenge in the forefront. Challenges drive innovations and thus at Avaya, driving innovations is a thoughtful process to combat to the pain points of the industrial needs. We have our research team working with universities, colleges and other
organizations to develop new ideas. We have an open approach for innovation as we have direct customer interaction on their business needs, as we bring in customer feedbacks, promote co-innovation as we give our customers access to technology which helps them get what they want. It so provides us an opportunity to make real world validations. It is a deliberate approach to take innovation, test it, validate it with real customers and scale it to global success. Out of the 100 new products delivered last year to the market, a significant amount of those were through innovations. As we became private six years ago, two-third of our revenue came from the hardware services, now we have the same number clocking through our software services. This is evident as a result of our strive to be innovative and it really takes us to be in this position as a software driven business.
The total developer population worldwide is expected to increase to 26.4 million by 2019, up from 18.2 million today. These data inputs are combined in a proprietary computer model to forecast population growth in the coming years. Courtesy: Evans Data Corporation
|21|
CIOReview
January 2014
Gridstore: Seamless Software-Defined Storage Solutions for Performance Starved Virtual Environments
V
irtualization has certainly attracted attention due to its consolidation and management experience from a single interface. This is coupled with an ability to use storage in a virtual way just as the servers are virtualized. On the contrary, traditional storage systems have come up short when it comes to high-performance applications serving virtual environments. Incompatibility is cocooned as a product of traditional systems staring at blended I/O streams with the end result of hurting the application performance in virtual environ-
Gridstore's purpose built softwaredefined storage is speeding up application performance in virtual environments ments. The need is now set to build a storage system that is scalable and capable of delivering high performance in virtual environments and that is where Mountain View headquartered Gridstore comes in. Founded in 2009, the company’s purpose built software-defined storage is speeding up application performance in virtual environments as it provides a network based scaleout storage solution allowing users to pay as they scale, ranging from 12 terabytes to three petabytes for Windows and Hyper-V markets.
|22|
CIOReview
January 2014
Advantage, Gridstore
George Symons, CEO of Gridstore emphasizes the challenges that customers face to run applications on virtual machines. “The challenge ahead of the IT sector now is to deliver the necessary application performance, as applications on virtual machines do not approximate their performance when on stand-alone servers”. Gridstore’s grid architecture combined with their patented Server-Side Virtual Controller (SVCT) addresses this pain point as it automatically optimizes the performance of each virtual machine thereby delivering dramatically increased application performance. Through its process for eliminating the I/O blender effect, where virtual machines sending requests from different applications merge in the hypervisor, SVCT helps in streamlining the previously random requests. Additionally the system improves performance as the virtual controller tracks requests to know the source from a particular virtual machine and the specific I/O patterns coming from each application to automatically optimize the controller settings. TrueQoS(Quality of service) allows the most important applications to get the storage bandwidth and IOPS they need for optimal performance while not letting less important applications slow them down. Gridstore holds a distinct advantage in the market as they believe their price is market leading for the performance and scalability needed in a virtual environment. The company provides two types of storage
George Symons, CEO
nodes, cost-effective capacity nodes for backup, archive, file storage and average performance requirement environments and hybrid nodes using flash as a cache for the highperformance needed by applications in virtual environments.
Testimony to Gridstore’s Industry Leading Solution
The company’s highly economical solutions have found traction as they serve the mid-market enterprises in higher education establishments, law firms, technology companies, oil and gas firms and many other verticals. A testimony to Gridstore’s industry-leading offering is demonstrated through its Gridstore 3.0 software-defined storage solution adopted by ETTE (Empowerment Through Technology & Education) as an integral component of updating their data protection infrastructure as a service business. Moving forward, the company looks to continue to improve on manageability and performance with the focus being on ODX support for windows environments and improved management for enterprises with full integration with Windows Systems Center.
|23|
CIOReview
January 2014
CXO View Point
What is Cooking in the
Technology Space? By Elnar Hajiyev, CTO, Realeyes
Founded in 2007 and headquartered in Newburyport, Realeyes is the world’s leading emotion measurement technology company.
Growing number of New Forms of “sensors”
These increasingly interconnected devices help us become better and smarter in measuring and understanding the environment around us. For example, Google Glass adds a new layer to our visual perception of the world. Devices like Nike+ Fuel Band and Basis B1 help us keep track of our movements, sleeping patterns, heart rate, perspiration and skin temperature. There are emerging iBeacon/ Bluetooth LE based technologies to measure consumers’ proximity to advertising opportunities – such as billboards or shops – and, consequently, deliver useful and relevant information. Microphones, web cameras and 3D stereo cameras are being used to measure our gestures, gaze direction and emotions.
Increasingly Serious Applications of Computer Vision Technology
This is being enabled by ever-more powerful hardware and scientific advancements in the field. Just some of the applications include: • Smarter cities: using CCTV
|24|
CIOReview
January 2014
cameras, it is possible to count the number of cars going down a street or the number of people leaving the shop within 10 minutes of entering it • Automatic identification at border controls: with ePassport and advancements in facial recognition algorithms this technology has become more of a reality in recent years and is being widely installed;
• Targeted advertisement in digital signage: accompanied by significant media coverage, UK retailer Tesco has recently rolled out high-techscreens in its supermarkets to target shoppers based on their age and sex • More engaging media content: the advertising industry has already tapped into the full-scale use of emotion recognition technology
to improve the quality of its video content. Other industries such as education and gaming will follow shortly
Technological Advancements Enabling Deeper and Wider Analytical Insights
This is a field, literally, only limited by one’s imagination. The advancements in insights are based on three key dimensions – storage, analysis and visualization. Today we have virtually unlimited computational and storage capabilities enabled by cloud computing. There are increasingly streamlined and more easily automated statistical and machine-learning methods to analyze big data. Finally there are smart data visualization techniques that convert the bare numbers into visually compelling stories and advanced insights.
The Increasing Pace of Innovation is the Key Challenge
On one hand, the pressure of competition forces you to be quicker and bolder in the way you innovate. On the other hand, it is intrinsically connected with your ability to embrace the latest innovations yourself. And that is becoming increasingly challenging. Take the data mining field for example. In days gone by the choice of available technologies was relatively small and stable, typically provided by a number of large commercial vendors but today the situation is rapidly changing. The open source community is becoming increasingly agile at addressing growing data mining and analytics demands, spawning a whole new world of tools and technologies in just the last few years. Cloud computing is one such technology that helps to cope with
growing types and numbers of different technologies that now generate and collect data. However, without being able to embrace the latest data mining and analytics technologies, this data on its own has only limited value. Extracting the powerful potential and actionable insights from this data is also one of the biggest challenges today. Universities are a great place to look for innovation in the hightech field and we have been closely collaborating with several top universities since the company was founded. The main challenge here is to identify the most promising ideas within the academic world and adapt and advance these ideas to perform well under real-world conditions. The value of many modern hightech companies is concentrated around the products and services they offer, their data acquisition capabilities, their reservoir of historic and real-time data and the capability to analyze it all. It is crucial to understand where the most important intellectual assets of your company are, how they are affected by the increasingly changing world and, the key challenge here being, is where to best focus your attention in the future.
Extracting the powerful potential and actionable insights from the data is also one of the biggest challenges today
Elnar Hajiyev
Tips for People Coming into or Moving Higher up the Industry
Developer skills are in greater demand than ever before. However, there is no guarantee of a job simply by learning a particular programming language or framework, especially if your goal is to work in a hightech environment. You need to be prepared to continuously self-educate and do so at an increasing pace. The role of a developer is no longer confined just to writing code. Increasingly frequently, developers are expected to manage hardware stacks in the cloud, setup system performance measurements and respective triggers, efficiently hack through large amounts of logging information to investigate possible deficiencies and more. Math, statistics and machine learning are now in rapidly growing demand due to the advent of Big Data. The profession or role of “Data Scientist” is a new one widely sought-after by many technological companies and I strongly expect this trend to continue. If you have developed both strong data science and programming skills you will be one of the most sought-after candidates.
|25|
CIOReview
January 2014
CIO Insights
Understanding Risks helps Prioritization and Focus Elizabeth Hackenson, CIO & Senior Vice President of Global Business Services, AES
The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. Ms. Hackenson is the former Senior Vice President and CIO at Alcatel-Lucent where she was responsible for the oversight and operation of the company's information systems infrastructure, including global communications systems, corporate networks and e-business platforms.
Maximizing cost efficiency for information security and ensuring that you have secured full internal buy-in
Information security is a broad challenge facing most businesses today and while given significant attention in recent years, it has intensified in the last 18 months. Threats span multiple industries and attacks have been more widely publicized. Senior management and corporate boards are now asking for routine updates and want to know about countermeasures being planned and implemented by organizations. One of the most important first steps to address information security is to assess the risk to your business. Companies have varying degrees of risks and knowing what you need to protect is critical. Understanding your risks is a partnership between the CIO and/or CISO and business leaders. With your risk profiles defined, being cost effective comes down to prioritization and focus. I’ve found that this can be done successfully in three steps. Pinpointing top vulnerabilities and Understanding the organization’s strategic objectives and its full risk profile gives the CIO and/or CISO perspective about what information is most critical to protect and where the vulnerabilities in the company’s
|26|
CIOReview
January 2014
information infrastructure are. With this laser view you can minimize your spending by selecting products and services that will net you the highest value-add. Identify mitigation solutions. A combination of products, services and partners can be used to minimize vulnerabilities. It is the responsibility of the CIO and/or CISO to determine the solutions that will strengthen its security relative to the businessled prioritized vulnerabilities. As the number of information security companies has grown exponentially, it can be daunting to select available services. The way we have approached our selections is to leverage
With your risk profiles defined, being cost effective comes down to prioritization and focus multiple contacts (peer networks to government agencies) to benefit from their knowledge and experience. A company can save a lot of time and money by asking people they can trust the most – their external peers. CIOs have an unstated bond – we
Elizabeth Hackenson
are always willing to give each other advice leveraging our own successes and failures. Lock down risks. After a solution is selected, implementing it is just as important. Monitoring is critical too since information security is a 24x7 job. For companies that cannot afford to add significant security resources, partnerships with information security companies are essential. While, AES leverages such partnerships, we also have built strong relationships with governments and law enforcement agencies who have helped guide us as well. At AES foundation, IT experts are engaged from the network layer to the systems analysts and engineers who support our plant control systems. These experts communicate in a sophisticated technical language that is not always understood by nontechnical people. While many of their efforts are critical, they alone cannot protect our ecosystem. In closing, protecting information comes down to the decisions made and actions taken by people in your organization each and every day. The more people educated - from your board to the front office – the better protected your information can be. Securing information is a 24x7 activity and monitoring is one of the best defenses as well as continuous education.
|27|
CIOReview
January 2014
CXO View Point
The Next Wave in
Software Engineering after CMM Bill Curtis, SVP & Chief Scientist of CAST & Director of the Consortium for IT Software Quality (CISQ)
CAST is a pioneer in Software Analysis and Measurement and introduces fact-based transparency into application development and sourcing to transform it into a management discipline. New York based CAST is listed on NYSE-Euronext (Euronext: CAS) has a market cap of $23 million.
T
he benchmark has risen higher for improved quality of software managed by IT organizations which was meant for the benefit of their individual business processes. In turn, the consequent gradual increase has created concerns and unease on this front towards the contemporary IT services industry. In correlation to the problem, the Capability Maturity Model (CMM) through its optimization of processes, from ad hoc practices, to formally defined steps managed result metrics, active optimization of the processes; was revolutionary in changing the landscape of the industry roughly 20 years ago. However, CMM was only a process standard as it was an improvementonly of the process; very good work was achieved but that did not eliminate all the defects and that did not evaluate the product itself. There are a lot of fresh recruits,who despite a perfect process make mistakes as they are new and still on the learning curve. So, there is a need to take the next step beyond process and which could additionally measure the product in terms of software. On a broader perspective, there is an industrial need for software quality management to be able to have visibility into business critical applications, have the ability to control outsourced work and set better benchmarks.
Common Platform for Improving Software Standards
On this front, the Consortium for IT Software Quality (CISQ) comprising of of IT executives from the Global 2000, system integrators, outsourced service providers and software technology vendors have committed to introduce a computable metrics standard for measuring software
|28|
CIOReview
January 2014
quality and size. CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions f o r improving IT application quality and reduce cost and risk. In turn outsourcers and their customers can have a standard to agree upon the quality that has to be delivered as a part of the contract. It can be used internally by companies that are trying to understand how good their people are; what kind of mistakes they are making and provide the data they need; the information they need to get better and to learn what kind of mistakes they make and avoid those in the future. The removal of these unforeseen glitches reduces the overall technical debts which are unquestionable through the parameters that CISQ provides. These guidelines measure the software product in great detail and identify not only the obvious functional problems which are done through testing but the structural integrity problems as well.
CIO’s; in the dawn of this acclaimed next wave in software engineering did not need just another proprietary solution, but a global standard which would span across the industry. In this next wave in software engineering; there is a gradual move towards advanced service oriented architectures; all of which having aunitary focus on reuse which requires excellent extra product components. The guidelines that embody CISQ provide orders of merit really for how good a product is, based on its security, liability, and maintainability. As a pioneer in Software Analysis and Measurement based in France as well as in New York, CAST leverages these guidelines of CISQ through the induction of factbased transparency into application development and sourcing to transform it into a management discipline. With a focus primarily on analyzing the quality of the product and all of its various dimensions ranging from the quality of the product its reliability, performance, security, maintainability and providing measurement that can guide an executive to make the most plausible decision; these practical protocols canalso be seen as a structural quality measure as an indicator of risk. When human error coming from fresh talent surface as mentioned earlier,the CASTplatform rigged with CISQ can be automated to be able to detect those mistakes in the system. In turn feedback is provided to the engineer and rectifies the error. The French government has already adopted these automated function points is now a standard French government used it to measure their national standard for software size.CAST plays a major role and has a major stake as it is solely
There is an industrial need for software quality management to be able to have visibility into business critical applications, have the ability to control outsourced work and set better benchmarks responsible in the development as well as marketing a software platform that would be able to analyze software, code, databaseand the like, in order to rate the structural quality and size of the software by leveraging CISQ’s protocols.
CISQ’s engine mounted on CAST’s Chassis The CAST Application Intelligence Platform is an objective and repeatable way to measure and improve the Application Software Quality of mission-critical business applications. It includes the speed with which the software can be modified to meet a pressing business need, and inherent strength of the software to repel security attacks. Application Software Quality goes beyond present-day performance to include a measure of future performance and how well an application can meet future business needs. CAST as a CISQ catalyst
has reaped benefits including Higher Application Software Quality Unprecedented Management Visibility and Control by allowing measurement of the evolving quality of a software system no matter how complex. Flawless application performance at the lowest TCO is also benefitted where the application allows a detailed and generated quality metrics, pinpoints Application Software Quality problems precisely, and provides actionable guidance for fixing these problems. The ability to objectively quantify Application Software Quality provides an actionable path for improving team performance. Current glitches in the NASDAQ have certainly had heads turning towards CISQ; consequently predicting prospective implementations of the technology, particularly in areas like the banking industry and e-commerce for robustness or reliability. The application caters to the non functional aspect of the future software to be developed and ultimately h a s become a mature step in terms of the IT industry.
Bill Curtis
|29|
CIOReview
January 2014
Nexenta: The Global Leader in Software Defined Storage
A
pplications traditionally required externally shared data storage systems to supply them with capacity, performance and data protection. Most data storage systems perform these functions reasonably well. Their big problem is limited automation and an inability to adapt in real time to dynamic change requirements from the ap-
plications. Nexenta has become the industry leader for Software Defined Storage which is a key component of the Software Defined Data Center. The company has separated the control plane from the data plane by delivering a full featured storage operating and file system based on open source that can be deployed on any server to create a storage head driving almost unlimited amounts of storage at a fraction of the price charges by proprietary legacy storage vendors.
Enabling Users Lower Capex, Opex and TCO
Tarkan Maner, Chairman & CEO
|30|
CIOReview
January 2014
The company offers an extensive product portfolio that includes their flagship product, NexentaStor™. Nexanta’s product line also includes Nexenta VSA for VMware Horizon View™, the company’s VDI I/O acceleration product and Nexenta MetroHA™, the data center failover product. The solution stacks are key elements for CloudStack and Open Stack deployments. As a software company, Nexenta’s products give IT organizations the ability to break the proprietary legacy storage vendor lock-in that being driven by the large traditional storage companies. This gives users the freedom to select lower cost, industry standard storage hardware whenever and wherever needed. These users can dramatically lower Capex, OpEx and TCO.
Nexenta’s products give IT organizations the ability to break the proprietary legacy storage vendor lock-in that being driven by the large traditional storage companies Technology to Trust
The company has over 5,000 deployments globally in most industries that span the Fortune 500, education, cloud hosting companies, government, and SMBs. Nexenta’s markets include Cloud/Web Hosting services, Media and Entertainment, Healthcare and Life Sciences sector. The company in its course has gained the trust of companies like GoDaddy, Fidelity Investments, ESRI, City Center Hospital, Yale New Haven University Hospital, Armada and various agencies of the US Federal government.
|31|
CIOReview
January 2014
CIO Insights
Security Needs to be Everyone’s Responsibility John Petrie, CISSP, CISM, CBM, CISO , Harland Clarke Holdings Corp
John leads the Information Security Office and manages the Corporate Information Security Program (ISP), which supports check manufacturing and check-related services, contact center services and direct response marketing solutions. Harland Clarke offers a broad range of integrated payment, marketing and security solutions to over 11,000 financial services and enterprise clients.
METRICS Mapped TO CORPORATE GOALS
Petrie developed a metrics program that was mapped to corporate goals for the organization. Clarke American, one of the two companies that joined to form Harland Clarke in May 2007, won a prestigious Malcolm Baldridge National Quality Award in 2001; it was the sole recipient in the manufacturing category. Petrie took advantage of this strong culture of quality to develop a centralized and repeatable metrics program. His approach to designing and implementing a security metrics program takes the following steps: Step 1: Get to know your business and understand the culture. Successful CISOs know how to reach out across teams to understand security’s impact. Petrie founded his security practice on an organization that was already committed to quality. Understanding this foundation was crucial in developing a security program — and later, a metrics program — that had relevancy. He used a lot of the existing measurement process and tools to gather security-related information. Step 2: Identify business goals. At Harland Clarke, senior executives define key business strategic imperatives. Imperatives are refined annually based on results from the prior year and the company’s overall vision, factoring in marketplace dynamics. The statements define the focus that each business unit needs to align with to plan their actions and define success for their respective areas. Petrie was able to map security initiatives to these business success imperatives. Step 3: Determine how security can impact corporate goals. Understanding what makes the company successful leads to understanding how security might
John Petrie
|32|
CIOReview
January 2014
affect that success. Petrie crafted security statements based on three core principles: 1) Security is everyone’s responsibility; 2) trust but verify; and 3) protect the confidentiality, assure the integrity, and ensure the availability of the data entrusted to the company. Step 4: Develop your program on established standards.Leaning on the International Organization for Standardization (ISO) standard 17799 and applying his core
Petrie developed targeted and repeatable metrics to measure security’s position and impact over time principles, Petrie developed a program that was based on a comprehensive yet globally recognized standard. Other standards and frameworks may be more appropriate for other organizations, but it is essential to look to a proven framework to build out your program. Standards can remove some of the guesswork. Step 5: Measure the business success of security imperatives. With security imperatives and business goals aligned, Petrie developed targeted and repeatable metrics to measure security’s position and impact over time.
Harland Clarke’s metrics secure executive visibility
Harland Clarke’s security metrics program consists of 33 measurements that are monitored on a periodic basis. Some are measured weekly, others monthly, and yet others quarterly. Each of these is mapped exclusively to the information security organization’s key strategic imperatives. Five of the metrics are selected by executives and are monitored by the executive team on an ongoing basis. The increased visibility among senior leadership — and the demonstrated results — led to a 100 percent increase in the security budget in the second year of the ISO program. This success was possible because Petrie was able to demonstrate the merit of the program by translating security’s value to key business stakeholders.
and how security could contribute to one or more of them. Evaluate and re-evaluate your metrics. Metrics should be evaluated when policies change, if new tools are introduced, or if any major change occurs in your environment. It’s important to have a team review the metrics rather than the CISO making the decision on his own. But think of the metrics program as an ongoing effort. You are never done. Avoid probabilities. Most of Petrie’s metrics are based on actual historical data. Assumptions change over time, and probabilities and estimations can erode credibility and transparency if they are not based on reality. Probabilities should not be used if you don’t have data to back up your assumptions.
Security Secrets To Success
To achieve the results outlined above, follow Petrie’s recommendations: Get to know your business. Petrie stresses the importance of understanding what it is that makes your business successful. Start with sales to learn how they generate their numbers and revenues. Use marketing techniques and do a strengths, weaknesses, opportunities, and threats (SWOT) analysis to find out how they got successful. Figure out what the key business metrics are
The enterprise mobility market which encompasses the business sectors of mobile broadband, mobile & connected devices, mobile marketing & commerce, along with mobile apps & cloud was worth $603 billion in 2013 and is set to grow at a 17 percent CAGR to reach $1.6 trillion in 2017. Courtesy Yankee Group
|33|
CIOReview
January 2014
Infinity Storage: Helping To Reduce IT Complexity and Cost
N
etwork attached storage becomes a problem because there is a fundamental mismatch between networking and storage. Storage capacity almost doubles every year. Networking speed grows by a factor of ten about every ten years – 100 times lower. The net result is that storage gets much bigger than network capacity, and it takes a really long time to copy data over a network. Founded in 2006, in Milan Italy in early 2012, Infinity Storage incorporated as a U.S. company and relocated to Silicon Valley. Headed by Caterina Falchi, Infinity Storage develops data management solutions that enable storage networks to be more efficient, easier to manage and more responsive to needs of the business. Infinity Storage Appliance is an enterprise-class file virtualization solution that provides transparent, logical access to an organization's data, independent of storage vendor, file system or physical location in the storage infrastructure hierarchy.
Infinity Storage develops data management solutions that enable storage networks to be more efficient Backed by over a decade of experience providing enterprise storage management solutions to large and mid-size companies, Infinity Software understands the requirements of large-scale distributed operations, and provides the enterprise-grade software necessary to keep the data management infrastructure running smoothly. It offers two products namely, Infinity Storage Director and The Infinity Storage VTL. Whilst the former develops data management solutions that enable storage networks to be more efficient, easier to manage and more responsive to needs of the business the latter is a disk-to-disk backup solution that can be used in any heterogeneous primary storage environment. The team at Mountain View, California based Infinity brings together many years of experience developing and delivering enterprise storage management solutions at such leading companies including Legato Systems, Sun Microsystems, InMage, HP, Italtel, and Terasystem.
|34|
CIOReview
January 2014
Pure Storage: Pioneering a New Class of Enterprise Storage
F
lash storage has revolutionized everything from smart phones and mobile computers, to web searches and social media. Unfortunately, it is been nearly impossible to deploy flash across a data center without breaking the bank. Mountain View based Pure Storage has cracked the code Scott Dietzen, CEO and destroyed the disk status quo. The firm founded in 2009, has made all-flash storage affordable enough to use broadly across any enterprise. Scott Dietzen, CEO of Pure Storage and his team believe that every company should enjoy the performance, space and efficiency advantages of flash as well as the lower maintenance, power, cooling, rack space and management costs. With Pure Storage, businesses can achieve things that were not even imaginable with disk. When compared to traditional disk-centric arrays, Pure Storage all-flash enterprise arrays are 10 times faster and 10 times more space and power efficient at a price point that is less than performance disk per gigabyte stored. The company’s products accelerate random I/Ointensive applications like server virtualization, desktop virtualization (VDI), database (OLTP, rich analytics/ OLAP, SQL, NoSQL) and cloud computing. The Pure Storage FlashArray as it is called is ideal for high performance workloads, including server virtualization, desktop virtualization (VDI), database (OLTP, realtime analytics) and cloud computing. Pure Storage makes it cost effective to broadly deploy flash within the data center, enabling organizations to manage growth within existing power and space constraints. The company’s revolutionary solutions have made the headlines and have attracted the attention of many prospective clients. The investors have shown much interest in the company, a testament to this claim is the 200 million plus dollar funds that the company has received till today.
|35|
CIOReview
January 2014
CXO View Point
Five Enterprise IT Security Stats that May Surprise You By Mark Birmingham, Director, Global Product Marketing, Kaspersky Lab
Mark supports the North American and European markets and is a key resource for market intelligence and messaging for Kaspersky products. Headquartered in Moscow, Kaspersky Lab is a developer of secure content and threat management systems and the world’s largest privately held vendor of software security products.
resources, which any executive should take into consideration when building and maintaining a secure IT network.
Targeted Attacks are Real, but Do not Lose Focus on the Basics
Mark Birmingham
E
very day, Kaspersky Lab talks to IT managers and C-level executives about the state of their business security. Our conversations have a lot of the same recurring security themes, but just like the businesses themselves, no two stories are ever the same. But what surprises me the most is how the knowledge of fundamental security realities can drop off once you get outside of the IT department. Below are five examples of common security realities, based on research from Kaspersky Lab and other expert
|36|
CIOReview
January 2014
Even though targeted attacks are highly publicized and a predominant topic of conversation among corporate IT security staff, the majority of attacks on businesses originate from cybercriminals conducting mass-malware campaigns. These campaigns are often simplistic in nature and lack any high level of technical sophistication. Nevertheless, they account for the largest number of corporate IT security incidents. According to Verizon’s “2013 Data Breach Investigations Report,” 78 percent of initial intrusions were a result of these types of simplistic attacks. So make no mistake: not all businesses will encounter sophisticated attacks aimed squarely at their business. However, they will absolutely encounter thousands of mass-distributed malware attacks that can wreak financial havoc if basic steps to secure the business are not properly implemented. Businesses can gain immediate value by implementing basic security practices, such as automated patching and application
control combined with a reliable endpoint protection solution. In addition, educating employees about social engineering and phishing campaigns will strengthen your company’s security awareness, which will assist in decreasing your infection vector overall.
Vulnerabilities Can Remain Open Long After They Are Discovered
Software vulnerabilities are a huge source of opportunities for cybercriminals to breach a network, and the IT industry is in a constant struggle to discover and patch the unknown “zero-day” vulnerabilities. Though the number of zero-day attacks is on the rise, cybercriminals still make extensive use of known vulnerabilities. Kaspersky Lab has found that critical vulnerabilities can remain unpatched in businesses for months after they have been discovered and publicly announced. The average company takes 60-70 days to fix a vulnerability – plenty of time for attackers to gain access to a corporate network. In fact, a security audit of European organizations conducted by Kaspersky Lab and Outpost24 found the window of vulnerability could be open much longer. A common baseline is for all critical vulnerabilities
to be resolved within three months. But 77 percent of the threats that passed this three-month deadline were still present a full year after being discovered. The team even found known vulnerabilities in companies that had remained unpatched for years, in some cases up to a decade! This is akin to locking your front door but leaving windows open, and once again shows that even unsophisticated attacks on corporate networks can succeed without sophisticated zero-day exploits.
Employees Missteps – a Top Cause of Data Theft Let us take cyber-attacks out of the discussion for a moment, and focus on employees. Sometimes we get so focused on what is outside our walls, we forget that a well-trained and well-educated workforce is a vital component of IT security. In fact, we have found that employee error is one of the main causes of internal IT security incidents which lead to the leakage of confidential corporate data. According to the findings of the Global Corporate IT Security Risks 2013 survey, conducted by B2B International in collaboration with Kaspersky Lab this past spring, approximately 32 percent of businesses reported data leaks that took place as a result of employee mistakes. What types of mistakes are occurring? One-third of employeecaused security issues were caused by simple mistakes such as sending
emails to the wrong address or opening malicious files. A similar number of incidents were caused by the loss or theft of an employee-owned mobile device. A slightly lower rate, 18 percent, was caused by employees making mistakes with their mobile devices, such as inadvertently texting or emailing documents. The result? An average of seven percnt of respondents admitted that employee actions were the root cause of leaks that exposed critically confidential information pertaining to company operations. Most often, leakages of critically sensitive data occurred when employees were at fault over the loss or theft of mobile devices — nine percent of respondents reported leaks stemming from improper use, loss, or theft of mobile devices.
Mobile Devices – Barely on the Radar
The previous section illustrated that mobile devices are a common source of security woe for IT administrators. Despite the frequent data loss associated with mobile devices, when coupled with the precipitous rise in mobile malware, our Global IT Risks Survey found that only one in eight companies have fully implemented security policy for mobile devices. Even more alarming, we found that nearly half of the companies surveyed had no policy at all. The use of IT security policies— internal corporate rules governing their use — for mobile devices, could greatly reduce the business risks associated with smartphones and tablets. Nearly half of businesses who did report having a mobile device security policy in place said that insufficient extra funds had been
allocated for the project, with another 16 percent stating that no additional funds had been allocated at all. This data segues nicely into the final point.
Underfunded and Underpowered
The same survey found that 60 percent of IT decision makers feel that not enough time or money is allocated to develop IT security policies. As a result, barely half of the companies feel that they have highly-organized, systematic processes to deal with threats. Fortunately, corporations have been spared the worst of this uncertainty. For example, in the perpetuallyunderfunded educational industry, only 28 percent of organizations are confident that they have sufficient investment in IT security policies. What is even more critical, only 34 percent of the government and defense organizations surveyed all around the world, claim that they have enough time and resources to develop IT security policies. The remaining two thirds are in constant danger of losing confidential governmental information.
Technology companies have a huge market scope in serving the underserved market segment of people with disabilities (PWD) who along with their immediate friends and family members have an annual disposable income of more than $8 million. Courtesy: Gartner Inc.
|37|
CIOReview
January 2014
Swiftstack: A Technology Innovator of Private Cloud Storage
T
hese days, when data needs to be instantly accessible, stored forever and available through a variety of devices, the demands on storage systems are changing rapidly. No longer is it good enough to build storage silos utilizing non-web protocols that are tied to specific applications. Social media, online video, user-uploaded content, gaming, and software-as-a-service applications are just some of the forces that are driving this change. To date, public cloud storage services has risen to meet these new storage needs but not every organization can - or should - use public cloud storage. To accommodate these changing needs, storage systems must be able to handle web-scale workloads with many concurrent readers and writers to a datastore. Some data is frequently written and retrieved, such as database files and virtual machine images. Other data, such as documents, images, and backups are generally written once and rarely accessed. Web and mobile data assets also need to be accessible over the web via a URL to support today's web/mobile applications. A one-size-fits-all data storage solution is therefore neither practical nor economical. A company from San Francisco has tried to address this issue and has found immense success at it. Swiftstack was founded in 2011 to help operations teams implement and manage an easy-to-use, multi-tenant and highly scalable cloud storage platform. With SwiftStack, application developers and operations teams can benefit from SwiftStack integration and expertise to leverage the power of public cloud inside their own data center. SwiftStack is a private cloud storage created for today’s applications. Its architecture allows its client to serve content
|38|
CIOReview
January 2014
directly from the storage, rather than provisioning extra web-server infrastructure. Flexible and robust
Storage systems must be able to handle web-scale workloads with many concurrent readers and writers to a data-store management tools make it easy for the client to oversee growth and deliver to millions of users. SwiftStack is a technology innovator of private cloud storage for today’s applications. The SwiftStack softwaredefined storage (SDS) solution combines a unique, decoupled storage controller with the OpenStack Swift object storage system to provide customers with costeffective, scale-out storage that can run on commodity hardware.
The Mechanics behind the Technology
Managed through a browser-based Controller, SwiftStack is easy to operate from multiple levels of access. The dashboard interface removes the heavy lifting from configuration, organization, authentication, and load balancing. Regular alerts, reports and system stats keep you constantly updated on your storage needs. The team is made up of early builders and operators of web-scale infrastructure, and its experience in services and management gives it a unique perspective on how to build, deploy and scale large infrastructure. With SwiftStack, applications developers and operations teams can benefit Joe Arnold, CEO from SwiftStack integration and expertise to leverage the power of public cloud inside their own datacenter.
Tegile Systems: Redefining the HDD vs SSD Storage Battle
S
erver and desktop virtualization has changed the rules in the data center yet again. The scenario has made the ongoing struggle between managing cost per terabyte and cost per I/O more difficult to manage than compared to anytime in the past. Although solid-state drives (SSD) are available in legacy storage systems as a tier, their architectures remain to be unsuited for solid-state technology. While other vendors develop SSD only arrays and claim competitive cost structures with compression and deduplication technology, Tegile systems, headquartered in Newark, CA, has taken a different balanced approach to this pain point. Under the leadership of Rohit
Kshetrapal, CEO, Tegile has redefined flash storage in the HDD vs. SSD battle. The company’s flagship suite, ‘Zebi arrays’ leverage the performance of SSD and low cost per TB of high capacity disk drives to deliver up to seven times the performance and up to 75 percent less capacity required than legacy arrays, which are infamous for their low speeds and high energy consumptions. Tegile do not simply use SSDs as a tier of storage in our arrays; Tegile has architected the performance benefits of SSDs throughout the data path, giving every application a performance boost with flash storage. The company’s hybrid arrays have been engineered to be faster than legacy arrays and less expensive than all solid-
state disk-based arrays. The secret is in incorporating both NAS and SAN connectivity, which are easyRohit Kshetrapal, CEO to-use, fully redundant, and highly scalable. Additionally, they come complete with built-in snapshot, replication, nearinstant recovery, and virtualization management features. Moving forward the company looks set to pioneer the next generation of flash-driven enterprise storage arrays that balance performance, capacity, features and price for virtualization, hence redefining the flash storage scenario today.
Zadara Storage: Redefining Virtual Private Storage Arrays
T
raditional storage solutions have been forever bogged down by capital expenses, limited performances and low scalability options. Meanwhile, as enterprise networking a n d computing effectively transitioned to the cloud, enterprise storage c o u l d not make the move owing to loopholes in security as the main pain point. Enterprises have compromised on object-based alternatives (or API) to fill this void. Zadara Storage, headquartered in Irvine, California,
with its unique storage solutions lets companies gain access to an enterprisegrade SAN(Storage Area network) and NAS(Network Attached Storage) in the Cloud. This in turn complements the present cloud networking, computing, and storage options of the respective enterprise. With many modern Information Technology (IT) architectures and infrastructures relying on essential SAN and NAS functionality, yet these systems do not have the support of common Cloud-based storage alternatives, hence many databases and applications remain trapped within enterprise data centers. VPSAs(Virtual Private Storage Array), such as the one provided by Zadara, use native block and file systems to serve storage to applications using standard, familiar protocols with low latency and high performance. The company’s SAN and NAS in the Cloud have been built
by the Zadara team to adapt to changing requirements without disruptions, so organizations always experience the ideal level of usable performance and capacity and eliminate the need to under-provision storage. The company has come a long way under the leadership of Nelson Nahum, Co-Founder & CEO, Zadara storage solutions since 2011 where a number of the world’s leading service providers offer Zadara’s Storage SAN and NAS in the Cloud solutions to clients. With the general service providers realizing how uniquely VPSA complements the networking, compute, and storage solutions within the organization, Zadara is bringing to life its vision of “everyone gains access to a growing ecosystem of solutions,” and moving businesses promptly to the cloud leveraging its state of the art VPSA system.
|39|
CIOReview
January 2014
CEO View Point
Security: Back to
Being a Boardroom Issue By John Bruce, CEO, Co3 Systems Cambridge headquartered Co3 Systems offers Incident Response Management software. The company has received funding from Fairhaven Capital Partners.
S
ecurity is back as one of the top CIO objectives and with all the publicity around breaches, it has definitely become a boardroom issue. That conversation is not about technology, it is much more about managing a now-accepted risk of doing business and one that spans all industry sectors. Any security company that can speak to that should be finding the reception for their products or service particularly positive. Over the last several years, some consistent challenges in the industry like cloud security, BYOD and mobile device management have been in the news. All of them still seem to be hot topics, largely because they remain unresolved. More recently the world has seen a rise in the concerns of nation-state attacks or hactivism and those would be two areas that will be a lot more in the news, particularly when it concerns the security of infrastructure and utilities. There are some fairly alarming hypotheses about how that is going to develop over the next several years and companies will emerge with that as a principle focus.
Incident Response: The Way Companies handle Security Incidents Today, it is not a matter of if your company will be breached but when. What is ironic is that collectively billions of dollars are spent every year on sophisticated prevention
|40|
CIOReview
January 2014
and detection technologies, and then cobble together our incident management capabilities to handle the inevitable. It is crazy when you think about it. The most that is seen so far are forensics and general purpose analysis tools but nothing that is designed to help manage the lifecycle of an incident. The security services industry has been growing steadily, attending to some of the most severe incidents, but it is just the tip of the iceberg. Board members are coming to understand that incidents are a fact of doing business. But like all business disruption, they expect them to be handled quickly and correctly. To put some scope to that, a recent Gartner report revealed that 75 percent of CISOs who are found to be lacking an appropriate incident response plan after a breach will be fired. Companies have invested fortunes incapable prevention and detection capabilities; now there is a shift as they realize it is time for response to move beyond spreadsheets and email.
Security 2.0
John Bruce
There are certainly some challenges that have not been resolved. I called out a few above; and there will
cope with today’s “post-breach” reality, but better yet, we stop attacks in their tracks, before real harm can be caused. While the big monolithic vendors struggle to adapt to this, customers are becoming increasingly receptive to new players, offering solutions that are truly aligned with their emergent needs. This new stable of vendors will experience incredible growth over a short amount of time. In our business, we see a big shift, from prevention and detection, where the security industry has been focused for the last 20 years, to response.
continue to be innovation in those areas. Beyond those important but incremental advancements, however, we are going to see a sea-change in how the market is served. Many well-established vendors are struggling, as they have either become distracted by non-core business opportunities, folded into bigger corporations, or find that continued growth is difficult when revenue is dominated by a single product. After all, it is tough for large companies to innovate; it is exacerbated at a time when market dynamics are accelerating. Attacks continue to get more sophisticated and there are no signs of any slowdown in their frequency. Talking to CEOs at other security start-ups, there is consensus that a new model for security is emerging: a “security 2.0” if you will. It starts with the premise that everyone is breached, now how do you adapt to it. Collectively, we help firms better understand what is happening and who is behind it, more quickly assess if and how they are compromised and quickly respond in an educated and consistent way. We help companies
To Succeed, You have to Offer Real Value
Since there are so many security companies, even when you have real value it is tough to break through the noise. For example, we announced our security response platform earlier this year at one of the security industry’s top conferences. As I walked the exhibition floor, it was
It is tough for large companies to innovate; it is exacerbated at a time when market dynamics are accelerating
almost impossible to figure out what most vendors were selling. Asking an exhibitor’s staff what their product or service did yielded techno-speak that did not make me any wiser. Granted, I was talking with a technical audience most of the time but with all the hype, it is really critical to be clear about what you are offering and why you believe it is relevant. If you can rise above the noise and describe your value, you can at least say you had a chance to make your case. The other key attribute that’s vital in today’s market is time-to-value. If you cannot get to that quickly, then it is tough to build a business. As consumers, we have all come to expect immediate gratification, our patience with purchases wears thin fast. But that notion of quick timeto-value for a security product is usually incredibly difficult to deliver at the enterprise level; it is a complex environment and usually there are many inter-related technologies. Prospects need to evaluate your technology, potentially integrate it with other solutions, get staff up to speed and then judge if they are deriving the value they expect. If this process runs into months, and in some cases it can take years, it can be deadly for a small company making a market. It is critical that you quickly learn from early customers, finetune the product and leverage early references into more accounts. That has some fundamental bearing on how you design, build and support your product. New delivery models like SaaS and the cloud make some of this easier, but making sure that you hit your users’ needs dead center without them having to spend months before they see a return is vital. From there, it is the classic principles of business, security is no different - success is about an unrelenting focus on delighting your customers.
|41|
CIOReview
January 2014
CEO View Point
Building Trust is Critical to Secure Mobile Growth Chris Babel, CEO, Truste
Headquartered in San Francisco, TRUSTe is a Data Privacy Management (DPM) provider and powers trust in the data economy by enabling businesses to safely collect and use customer data across web, mobile, cloud and advertising channels. Founded in 1997, the company has received funding of $37 million from Accel Partners, Baseline Ventures, Jafco Ventures, and DAG Ventures
|42|
CIOReview
January 2014
A
s consumers become more and more tied to their ever-expanding repertoire of mobile devices, PC sales will continue to drop. The worldwide shift to the "always on and with you" mobile device puts significant pressure on businesses, and no single pressure point has many social and economic ramifications as managing data privacy. For businesses, managing consumers’ personal data privacy, while also capitalizing on emerging and transformational mobile technologies, will be one of the most significant business challenges in 2014. Consider interest-based advertising. Although a mainstay in our 21st century online lives, interest-based advertising is still a relatively ‘young’ industry. Now, with the mobile explosion, it already is being transformed. To track users’ preferences and locations on mobile devices, businesses are turning to noncookie based tracking technologies. To gain consumer trust and secure mobile growth opportunities, companies need to give users comprehensive mobile privacy solutions. These solutions must clearly outline the privacy choices available and give users control over their personally identifiable information (PII). TRUSTe’s latest research shows that 78 percent of mobile users would not download a mobile app they do not trust.
Migration Away From Cookie-Based Tracking Has Begun
Chris Babel
TRUSTe’s latest research shows that 78 percent of mobile users would not download a mobile app they do not trust
Mobile changes the way that businesses conduct online tracking and is driving the demise of ‘cookies’ as the sole and dominant tracking mechanism. The migration away from cookie-based tracking has started and will continue over the next few years. Online advertisers, platforms and publishers are already delivering cross-device targeting solutions, and most are considering device recognition technology (DRT). However, while DRT brings value to businesses, it also heightens consumer privacy concerns, making the need for businesses to adhere to best privacy practices even greater. Keeping up with this rapidly changing landscape is not easy, yet the need to do so has never been greater. Businesses not only have a responsibility to protect their customers’ PII through transparency and choice but also must protect their own brand reputation. They must know what activity occurs on all of their online sites and mobile applications to ensure compliance with emerging mobile privacy regulations, as well as let users know what’s happening with their data and to honor their preferences on how it is treated. The stakes are high. Markets and Markets projects that the cross platform and mobile advertising market will reach $76.57 billion by 2018, and according to Statcounter, mobile already accounts for 20 percent of today’s browsing.
The Need to Address Mobile Data Privacy Management Consumers are legitimately concerned as to whether their data preferences will be honored across multiple devices. To alleviate these concerns, businesses must ensure best practices including: clear and conspicuous notice about
data privacy practices; easy access for consumers to set their own preferences; and communication of privacy preferences to all business partners. Businesses face challenges in implementing and ensuring best practices in a mobile world. Historically, technology solutions for online privacy management have been hard to find. In addition, companies do not always assign the resources – or have the internal expertise – to address privacy from a technology management perspective. All of that must change if we are to succeed as we move forward in a changing mobile ecosystem. TRUSTe is committed to delivering data privacy management solutions to support businesses in an evolving mobile world. We have already taken a leadership role, having delivered the industry’s first privacy management solution for mobile devices and will continue to advance cross-platform privacy management solutions that meet the needs of businesses, as well as consumers.
39 percent of developers working with Big Data think a government agency is tracking the data they create, gather, or use in their database applications. 59 percent of developers are convinced that they are being tracked while 23 percent suspect government tracking. Courtesy: Evans Data Corporation’s Data & Advanced Analytics Survey
|43|
CIOReview
January 2014
CEO View Point
From Mainframes to Mobile Apps: How the Cloud Evolved to Drive Sales Efficiency By Chris O’Connor, CEO, Taptera
Founded in 2011, Taptera makes secure mobile apps for enterprise. Based in San Francisco, the company has raised funding of $2 million from Salesforce, Terence Garnett, M.R. Rangaswami and David Murphy.
I
n the dawn of the Internet age, J.C.R. Licklider, the Internet pioneer known for his work in psychology and computer science, envisioned computing as an “intergalactic computer network.” He proposed universal interconnectivity that would allow global access to programs and data – today this is what we call “the cloud.” The cloud in its earliest form debuted in the 1950s as large scale, mainframe computers used primarily in educational and corporate institutions. This big, clunky machinery was expensive and required large amounts of physical space. Not only that, it lacked internal processing capabilities, so workflow was slow and offered very little value to the end user. Still, people saw the usefulness in computers and started developing programs for business purposes. As Internet innovations started to gain momentum in the 1970s, so did innovations in cloud computing. IBM released VMs (Virtual Machines), the first operating system that used virtualization as a driver to allow multiple systems to run within one physical machine.Virtualization led to many more computing inventions that have made conducting business processes easier. The creation of the VPN (Virtual Private Network) gave users shared access to the same physical infrastructure, increasing efficiency for employees with better bandwidth balance and network control within an organization’s computer systems. Virtualization also made servers cheaper and smaller while offering optimal bandwidth usage, so it was a nobrainer decision for companies to invest in equipment that would increase business productivity. The introduction of time-sharing also consolidated work functions. This
|44|
CIOReview
January 2014
computing model made it possible to share resources among many users through multiprogramming and multi-tasking capabilities. The need to reconfigure resources in compact but powerful systems launched the modern day cloudcomputing concept for the enterprise. By the early 2000s, big companies popped up that played key roles in the development of cloud computing, leading to improvements in business technology. Salesforce.com introduced the concept of delivering enterprise applications through a single website. Amazon launched a pay-as-you-go data storage and infrastructure rental service that made it easy for small companies and individuals to benefit from the cloud. Google joined the game to offer browser-based enterprise applications, such as Google Apps. Cloud computing offers simplicity, cost-efficiency, and flexibility corporations look for in business technology. Off-site infrastructure and extensive data storage saves physical office space, a plus for small businesses. Capital and staff can be focused on growing the business rather than on extraneous activities. The flexibility of cloud computing services means business can adjust their IT infrastructure as business needs change. Cloud service companies keep their reputation by deploying the most advanced technology and providing savvy IT teams, ensuring that your company will always be on top of rapid market changes. Some of the biggest players in
cloud services today are gearing up for more data production, more users, and higher demand from businesses of all sizes. The developments of the cloud in the last few decades are impressive, but there is still room for improvement. What started out as an industry of bulky machines is now making the transformative change to mobile. Today’s mobile workforce demands flexibility in being able to work anywhere, anytime. Cloud-based applications, therefore, are the ideal solutions for workers on the go. M o b i l e usage in the enterprise is
Cloud computing has come a long way from the hulking structures of the past to handheld devices today that are accessible anytime and anywhere on the rise. 89 percent of workers have mobile devices connected to their corporate network, and according to Gartner, 40 percent of the workforce will be mobile. As mobile and cloud computing
become further intertwined, mobile will play an integral role in the cloud ecosystem. The cloud ecosystem, as defined by Search Cloud Provider, is a “complex system of interdependent components that work together to enable cloud services.” Mobile will become the channel of choice between businesses and their cloud providers. Traditionally, large enterprises have been slower to adopt the cloud due to security and deployment concerns, but there have been an increasing number of businesses adopting mobile cloud services to boost productivity and sales. Mobile apps are quicker to deploy and cheaper than on-premises solutions, making it faster and more inexpensive for large corporations to adopt the cloud. Mobile apps are user-friendly and allow remote employees to stay plugged-in with the company. On top of that, a mobile and cloud partnership can quickly launch extremely focused solutions for specialized needs by giving sales teams in any industry the customized apps needed to help them improve their close rates and become more efficient in a shorter timeframe. In the next five years, cloud platforms will be ubiquitous across organizations of any size. According to a survey from Spiceworks, companies named cloud computing as the third most prioritized investment to increase business productivity, behind automation of business processes and data analytics. The survey also found that 62 percent of SMBs were using some type of cloud application, up from 48 percent at the beginning of the year. Businesses are slowly starting to embrace the cloud as a productivity tool, and adoption will be transformative to the enterprise
structure. We are already seeing mobile become the go-to solution for many companies, and developers are racing to build better enterprise apps to fill these needs. Mobile will become the most common device used by employees and replace laptops as the portable tool of choice. Cloud computing has come a long way from the hulking structures of the past to handheld devices today that are accessible anytime and anywhere. In the rapidly changing market landscape, companies are looking for the technology that will help them stay on top by improving business processes and restructuring employee workflow. The ubiquity of mobile devices and growing acceptance of BYOD will drive enterprise adoption of the cloud. We will continue to see revolutionary changes as cloud computing becomes an integral part of personal and business processes everywhere.
Chris O’Connor
|45|
CIOReview
January 2014
CXO View Point
Effective Planning of Mobile Device Management is Essential Tony Wagner, VP - Enterprise Information Security, Capital Source Bank
Capital Source, Inc.( NYSE: CSE) is a commercial lender that provides senior debt loans of $5 million to $100 million to middle-market companies throughout the United States.
Measures taken to improve Information Security
One of the primary security concerns for us over the past few years has been the IT consumerization phenomenon; in particular, the proliferation of mobile devices and the endless array of available applications. It was clear to us that many of our employees were working in non-traditional ways, often remotely, not necessarily connected to our network, and in most cases, using their own devices. This motivated us to implement an enterprise mobility program. We figured that if we did nothing, our tech-savvy colleagues would go further underground and create their own solutions. Implementing the program has been a journey, but that seems to be the nature of any new program. Since launching the program, we have received positive employee feedback, and at the same time, we have benefitted from the security that gets layered around the mobile device.I credit our program’s success with having a user-centric vision and strategy that is built on sound IT risk-management principals. Before we moved forward with the mobility program, we socialized it with our executives and IT Steering Committee. Having their support upfront has paid dividends, especially with upholding the program’s standards. We expected employees to look for loopholes in the program and ask for policy exceptions, so having a committed senior management team has been helpful to contain this. One of the most important foundational tasks was defining our mobile support model. That is, we identified the extent to which we would support employee-owned devices versus company-owned. Once we did that, many of the tactical decisions seemed to fall into place naturally. Next, we created our mobility roadmap, which meant deciding which technologies we were going to deploy and when. When we launched Bring-YourOwn-Device we did so using mobile device management (MDM), and then immediately went to work on Phase 2, which included providing access to approved
|46|
CIOReview
January 2014
business applications. Implementing Phase 2 meant we needed to create secure containers to put those applications into, which then led us Tony Wagner to introduce m o b i l e application management (MAM) into the mix. Some organizations may choose to go straight into a MDM/MAM environment; that is when your roadmap comes in handy. It helps set the expectations of management and the user community, as well as planning and scheduling investments. Throughout the design phase, we planned for key security considerations, such as balancing the need for strong authentication with ease-of-use. As a result, we included elements for single sign-on and streamlined multifactor authentication. We viewed these as technologies that would both enhance the user’s experience and strengthen our security. As a bonus, we plan on leveraging those same investments across the enterprise, so people can use single sign-on from their office computers or remotely through their mobile device.
In a nutshell, our successful process included:
1. Communicating the strategy and vision to senior upfront 2. Getting smarter on the mobility subject and product space and finding partners who could advise us, and validate our work at various stages 3. Defining the IT Mobile support model 4. Developing an implementation roadmap, and selecting and implementing appropriate tools 5. Publishing the new Mobile Device Policy; and having users acknowledge it.
|47|
CIOReview
January 2014
it’s here! As promised... your affordable, scalable, & secure connection to the cloud MicroTech made a commitment to design and deliver a cost effective on-premise private-hybrid cloud in one compact affordable package. The MicroKloud appliance is the next generation solution that is the essence of simplicity by delivering exceptional efficiency and business agility in the form of cloud computing. Seamlessly integrating compute, network, storage, and software technologies from across the industry, the MicroKloud provides virtual server resources that can be quickly provisioned and managed to address changing demands and business requirements.
www.microkloud.com AppLogic Cloud Center of Excellence | HP Cloud Center of Excellence The Golden Circle Award (Small Business Digest) | Best in Show (IT Expo 2013)
|4864|
CIOReview CIO Review CIOReview
September 2013 January 2014
Š2013 MicroTech All Rights Reserved; Patent Pending | www.microtech.net