| THE INDEPENDENT RESOURCE FOR IT EXECUTIVES Q4 2010 | $26
Beyond business: the future of
social media
Plus: BI, security and video conferencing
Cover story
Exclusive panel podcast
Guerilla IT
The way forward for social networking may appear complex and dangerous... Full story on page 44
Are you
social media-proof?
While millions of users log onto Facebook at work and more companies create Twitter proďŹ les... Full story on page 48
Contributors Stephen Arnold Consultant A r n o l d I T. c o m
Matthew Lees
Senior Contributing Editor Pa t r i c i a S e y b o l d G r o u p
Clive Longbottom Service Director Quocirca
Anton Chuvakin Consultant Security Warrior
contents page
Contents
4 etm
7
30 Full support
Editor and contributors page
8 9 Professional profile 98 Events and features Industry snapshot
10 The future is video
Video conferencing is popular technology, and it seems as if we’re finally at the point where it will be a daily activity for both personal and business use. IRWIN LAZAR (NEMERTES RESEARCH) is joined by GARY ILES
(ACT CONFERENCING), ERIC LE GUINIEC (VIDYO INC.) and MIKE BAIRD (CISCO), three
industry experts with both the knowledge and the solutions to help successfully manage video conferencing and implementation.
22 Your business blueprint
Business architecture is quite a specialist arm of the enterprise architecture umbrella and is dedicated to improving the organizing framework of a business. TAYLOR EMERY (MEGA INTERNATIONAL) tells ETM’S ALI KLAVER that business architecture has clear value and is here to stay.
26 Back in charge
Quocirca published a report earlier this year that took a top down approach on how an organization is run by process, not by application. However, it’s clear that organizations are very bad at being able to define a process, and therefore need to break things down into tasks. CLIVE LONGBOTTOM (QUOCIRCA) says that, ultimately, BPM will replace the enterprise application.
It’s no secret that organizations today are facing the increased consolidation of data centers and a widely distributed workforce. JIM FREY
(ENTERPRISE MANAGEMENT ASSOCIATES) talks to two experts from SOLARWINDS; SANJAY CASTELINO and JOSH STEPHENS, to
see what sort of impact this is having on day-today planning and IT operations objectives.
38
Leaps and bounds: Aligning customer engagement from the contact center to the enterprise
Companies can have an efficient and effective means of communication between the contact center and the back office in a new and innovative way with the help of Genesys’ intelligent Workload Distribution solution. ETM’S ALI KLAVER talks to BRAD
BAUMUNK (B. BAUMUNK AND ASSOCIATES) about iWD and how an accountable workforce is vital to ensure successful implementation.
44 Guerilla IT
The way forward for social networking may appear complex and dangerous, but as
MATTHEW LEES (PATRICIA SEYBOLD GROUP) explains, it’s just
a matter of communication, set policies and meeting user needs.
you social mediaproof? 48 Are
While millions of users log onto Facebook at work and more companies create Twitter profiles, BRADLEY ANSTIS (M86 SECURITY) tells ETM’S ALI KLAVER that the security challenges associated with social media stretch far beyond a simple firewall.
contents page
Contents
5 etm
52
From inception to testing
SCOTT CRAWFORD (ENTERPRISE MANAGEMENT ASSOCIATES) is joined by a team of experts to discuss why organizations should be taking a closer look at their application security; ROGER THORNTON
(FORTIFY), ARI TAKANEN (CODENOMICON), RYAN BERG (IBM RATIONAL), and CHRIS ENG (VERACODE).
rumblings: is a software earthquake 62 Disturbing coming?
STEPHEN E. ARNOLD (ARNOLDIT.COM) takes us through the
uneven ground that is open source and says it’s highly likely that open source search will trump proprietary search solutions in the market today.
66 Global networking
It’s becoming increasingly difficult to keep up with, let alone stay at the forefront of, the leaps and bounds that the IT space is making at the moment with virtualization, networking and IT cost pressures, among others. CHRIS WERPY (MASERGY) says that it’s with an in-depth understanding of specific business needs that makes it possible to stay ahead of the pack.
Insight into SIEM 70 DR. ANTON CHUVAKIN
leads an all-star panel to provide pointed information on SIEM for enterprises and small organizations. He is joined by A. N. ANANTH (PRISM
MICROSYSTEMS), NICK BRIERS (IBM TIVOLI) and BRIAN SINGER (NOVELL).
Ignore them at your peril 82 Logs: DR. ANTON CHUVAKIN says that managing and centralizing log data is the key to addressing security and compliance issues.
86 Look before you leap
While virtualization has been a hot topic in the IT sphere for a number of years, we’re still only at the beginning of the journey when it comes to understanding how to manage these new infrastructures. BARB GOLDWORM (FOCUS) talks to SANJAY
CASTELINO (SOLARWINDS)
about virtualization, network and infrastructure management.
end of BI as we know it: A fresh look at 94 The what business analytics means for today’s organizations
It has never been easier to access and drive visual analytics. DAN JEWETT (TABLEAU SOFTWARE) talks to ETM’S ALI KLAVER about the features of version 6.0 and how they’ll make life so much easier.
Business Process Driven ALM:
Start Delivering Applications and Systems with Confidence We live in an online world. Customers research products on line, and they spend an increasing amount of money on line. On the back end, supply chains are managed on line, and collaboration between partners occurs on line. Inhouse, employees use various apps to get their jobs done. In today’s world, apps are the critical competitive advantage in industry after industry. You need killer apps, apps that bring in revenue more effectively than the competition, remove cost more effectively than the competition, provide necessary transparency more effectively than the competition, and provide better service to customers more effectively than the competition. To do this effectively, you need an ecosystem that puts the business process in the centre using processes that are automated, transparent and efficient. Let’s build such a Business Process Driven ALM ecosystem together! Check out www.serena.com/solutions !
Senior Editor Pinar Gencturk Creative Director Ariel Liu
As the prevalence and influence of social media applications such as Facebook and Twitter rise in the workplace, so do the headlines about the security risks for the enterprise. As a growing number of companies use these applications for business functions there is a constant worry over lost productivity, or worse, leaking sensitive information on social media networks. Earlier this year eyebrows were raised when a bogus analyst gained access to dozens of US security and intelligence officials by tricking them in a social networking experiment. This example highlights what IT management has feared all along; social networking as a real threat to security. But is blocking social tools the answer? Not necessarily. In this blockbuster issue of ETM, Bradley Anstis from M86 Security reveals how to successfully marry social media with business and talks about what tools to use (page 48). The Q4 edition also tunes in to the growing call for video conferencing in the office. Irwin Lazar from Nemertes Research talks to experts from Tanberg (Cisco), ACT Conferencing and Vidyo Inc., on the best way to integrate and use telepresence techniques now and into the future (page 10). Scott Crawford from Enterprise Management Associates also joins us once again to lead a panel discussion on application security, rounded out nicely with the help of Codenomicon, Fortify, IBM Rational and Veracode (page 52). Plus, we have four information-packed research pieces on BPM, log management, enterprise search, and social tools. As always, ETM has tackled the most important themes affecting the technology world today and we hope you enjoy reading all about it. A wide range of topical podcasts are also available at www.globaletm.com Thank you for reading, and if you would like to contribute to any future issues of ETM please feel free to contact me via email at aklaver@imipublishing.com
Ju n i o r D e s i g n e r s Je f f C e r i e l l o Mana A ssoudeh We b D e v e l o p e r Vincenzo Gambino Po d c a s t / S o u n d E d i t o r Mark Kendrick A ssociate Editor He l e n a S t a w i c k i Account Executive Sandino Suresh No r t h A m e r i c a n A c c o u n t E x e c u t i v e s Fa r r a h Tu t t l e Ye s s i t A r o c h o Jo e M i r a n d a Marketing Executive Alexandros Themistos
Contributors Stephen Arnold Consultant A r n o l d I T. c o m Matthew Lees Senior Contributing Editor Pa t r i c i a S e y b o l d G r o u p Clive Longbottom Ser v ice Director, Business Processes Facilitation Quocirca D r. A n t o n C h u v a k i n Consultant Security Warrior
Enterprise Technology Management is published by Informed Market Intelligence
Ali Klaver Managing Editor
informed market intelligence How to contact the editor
We welcome your letters, questions, comments, complaints and compliments. Please send them to Informed Market Intelligence, marked to the editor, Farringdon House, 105-107 Farringdon Road, London, EC1R 3BU, United Kingdom or email aklaver@imipublishing.com
PR submissions
All submissions for editorial consideration should be emailed to aklaver@imipublishing.com
Reprints
For reprints of articles published in ETM magazine, contact athemistos@imipublishing.com
All material copyright Informed Market Intelligence This publication may not be reproduced or transmitted in any form in whole or part without the written express consent of the publisher.
Headquarters Informed Market Intelligence (IMI) Ltd
Farringdon House, 105-107 Farringdon Road London, EC1R 3BU, United Kingdom
+44 207 148 4444 New York 68 Jay Street, Suite #201, Brooklyn, NY 11201, USA +1 718 710 4876
7 ETM CONTRIBUTORS
Managing Editor A l i K l av e r
editor’s page
Beyond business: the future of social media
Fo u n d e r / P u b l i s h e r Amir Nikaein
Industry snapshot
Industry snapshot
8 ETM
Another HP Acquisition
HP’s recent acquisition of Fortify Software heightens their grasp on the application security sphere. Fortify’s experience will bring forth a best-in-class solution to allow clients to properly address application security from development through operations, and scale to a Center of Excellence program. www.hp.com
Skype’s new face
Josh Silverman, former CEO of Skype, was replaced by former Cisco Systems Senior Vice President Tony Bates in October. Bates was running Cisco’s enterprise division and has over 20 years of experience in enterprise solutions. He also currently holds nine patents and has served on YouTube’s board of directors. Silverman will reportedly work with Bates during transition. http://about.skype.com
Nastel partners with Coradiant
Nastel Technologies has partnered with Coradiant Inc. to provide an integrated solution that enhances visibility into performance issues of business applications. Nastel AutoPilot® and Coradiant TrueSight® will enable end user performance visibility, seamlessly integrated with AutoPilot’s deep-dive application and business transaction performance analysis. Customers will now be able to access end user transaction performance data and will enjoy reduced meantime-to-repair and mean-time-to-know about problems that impact the end-to-end transaction. www.nastel.com / www.coradiant.com
Twitter flaws...
It’s a sign of the times when Twitter, arguably the most popular social networking and microblogging site in the world, is affected by worms. In September the site was ravaging by worms that linked to porn sites, among others. Users only had to hover over a message with an embedded link to open it in the browser. Luckily Twitter was quick to patch the flaw and there have been no further similar instances.
It’s not over yet
The Conficker virus is still proving a threat to over nine million already affected PCs. It’s thought that hackers could easily take over and control computers infected with the worm and that, if this happens, the ramifications would be global. The latest warning came on the heels of a peak in the spread of the virus through the use of USB drives which are not covered by any of the recent Windows patches. Anti-virus software is strongly recommended.
... to Twitter’s new chief
Founder Evan Williams has stepped down as CEO after two years at the helm to allow him to focus more on making Twitter profitable. With almost 160 million users Williams is determined to focus on product strategy in order to turn Twitter into a money-making machine. His replacement is former COO of the company, Dick Costolo.
PROFESSIONAL PROFILE
Meet: Matthew Lees Senior contributing editor Patricia Seybold Group
9
M
att hew Lees is an analyst, consultant and senior contributing editor for the Patricia Seybold Group with a focus on social technologies and practices. He brings over 15 years of experience in helping organizations leverage technology to improve communication and collaboration, and to build stronger relationships with customers. In 1996 Matt hew was a founding member of MaMaMedia Inc., joining the company as Director of Technology and holding a variety of positions in technology, customer service and general operations. Previously, Matt hew was Vice President of Operations and Head Programmer at InVideo Systems, a developer of virtual-reality games and museum exhibits. HOW DID YOU START OUT IN THE IT INDUSTRY?
ML:
I’ve always been a technology guy, from way back in the RadioShack TRS-80 days. In the late 1980s I set up a Novell network for small companies, and then ran IT at a dotcom start-up in 1996 which grew from three to 180 employees in four years. My eight years there, where I took on both tech and non-tech roles, was really my business school. It’s also where I got involved in social software, although we didn’t call it that back then. HOW DID YOU END UP WHERE YOU ARE TODAY?
ML:
It’s strange to find myself working primarily as a writer. My background is in science, engineering and teaching (I hold a masters degree in physics). While it’s been a scary number of years since I’ve done any serious science, that background—and the analytical thinking it develops—has been the foundation of my approach to business and, for better or worse, my writing style. In terms of covering the social software industry—that’s been a natural progression. I’ve always been interested in the ways that communication and collaboration help people move toward shared goals. Social software brings all this together, since it’s at the intersection of human behaviour, business and technology. WHAT IS THE MOST REWARDING EXPERIENCE YOU’VE HAD?
ML:
Working on my first consulting project as part of the Patricia Seybold Group was a real thrill. Patty Seybold is such a visionary in the business community that it’s been a privilege to learn from her, let alone work side by side. But that first project also delivered great results for our client which was especially rewarding. WHAT DO YOUR COLLEAGUES SAY ABOUT YOU? WHAT ARE YOUR STRENGTHS?
ML:
They say I’m good at synthesizing complex sets of information and presenting them in clear, organized and interesting ways. My strengths are in cutting through the fog and pulling out what’s important, all in support of making informed decisions. IF YOU COULD CHANGE ONE THING ABOUT YOUR JOB, WHAT WOULD IT BE?
ML:
Deadlines! I’m a slow thinker and even slower writer, so deadlines and I have a love/hate relationship. On one hand they’re essential; if it weren’t for deadlines, I’d probably still be tweaking my very first research report. But deadlines do add to my stress level. Fortunately I work with the best managing editor in the business, Ronni Marshak, who helps me get to the finish line with sanity relatively intact. CAN YOU GIVE US A CASE STUDY THAT HIGHLIGHTS WHAT ENTERPRISE SOCIAL TECHNOLOGY CAN DO?
ML:
Cisco’s Partner Central community
If people want more information about you, where can they go? I’m at the Patricia Seybold Group home page at (www.customers.com) and on Twitter at @mlees
is a great example. It’s a global, collaborative ecosystem of thousands of business partners (many of whom are competitors) who connect with each other and with Cisco employees— execs, engineers, support techs, product managers, marketers and others—to solve technical problems, discuss business issues and opportunities, provide feedback, insight and more. Cisco participates actively, while trying not to dominate the conversation. HOW DO YOU SEE THE FUTURE OF ENTERPRISE SOCIAL TECHNOLOGY?
ML:
Ten to 15 years ago it was a hard sell at many companies to build even a basic website. Nowadays you wouldn’t think of not having a website and an intranet of some sort. It will be the same with social technology, both inside and outside the firewall. We’re still in the formative stages, so things are still somewhat disjointed and intrusive, but in five years social technologies and socially collaborative mindsets will simply be part of the business fabric. HOW DO YOU STAY UP-TO-DATE PROFESSIONALLY?
ML:
Nothing beats talking with people. There’s some good information online—my current ear-to-the-ground tools are RSS, Twitter and a handful of trade magazines and newsletters—but I tend to be frustrated by the cursory nature of so much of what’s online. Staying current really means getting together with practitioners face-to-face, by phone, Skype and so on. You’ll learn more over a 30-minute cup of coffee than in a week’s worth of reading.
MATTEW LEES
Matt hew Lees
EXECUTIVE PANEL
10 VIDEO CONFERENCING
the future is video
Video conferencing is popular technology, and it seems as if we’re finally at the point where it will be a daily activity for both personal and business use. IrWIn
LaZar (neMertes research) is joined by gary ILes (act conferencIng), erIc Le guInIec (VIdyo Inc.) and MIke baIrd (cIsco), three industry experts with both the knowledge and the solutions to help successfully manage video conferencing and implementation. http://www.GlobalETM.com
EL:
This is true, and we’re seeing a growing interest in this type of solution across the board from very small companies up to very large accounts. There is a general consensus on the fact that people are willing to deploy complete solutions from mobile to rooms, and they also want to deploy that to the desk. but something absolutely critical in our view is that people are not ready to compromise on quality. They want to have extremely high quality when it comes to video or latency. Video conferencing didn’t take off during the past year because the quality wasn’t there, and people aren’t ready to compromise so they go back to using their phone. but if it is high-quality from any type of device, as Gary said, they will move forward with that type of solution because it’s a much more effective way to communicate with people, rather than just the phone.
mb:
I echo Gary and Eric’s thoughts. This really is an exciting time to be in video. We’re seeing double digit growth across all areas of the business and when you think about that in light of the sluggish global economy, it’s really saying something. We’re on the verge of significant growth going forward and it’s the
IL: sO WhAT’s ThE kILLER APP? WhAT CAN OUR LIsTENERs TAkE TO ThE PERsON APPROVING ThE PURChAsE TO DEmONsTraTE ThE VALUE VIDEO bRINGs TO ThE TAbLE? ARE ThERE COsT sAVINGs, Is ThERE PRODUCTIVITy GAIN, AND hOW DO yOU bUILD A TANGIbLE bUsINEss CAsE AROUND VIDEO?
mb:
The great thing is that it’s sort of the answer and panacea to everything. If you think about the things on the CXO’s mind today; video can help address any number of those issues be it cost savings from things like travel, increasing productivity, enhancing collaboration, getting more alignment within our increasingly global organizations, and so on. As shareholders and stakeholders look for companies to adopt more green technologies, and indeed any shareholder values, any of those things are drivers that help push the adoption of video. but most importantly, every organization is trying to get greater collaboration on their teams. Whether that’s internally, cross-company, globally or across their supply chain, it drives things like increased productivity, speeding the time to market, and enhancing innovation. All of those things help build the case, and what we’re finding is that the executive teams out there are all thinking about these issues in light of the economy and ways to enhance their businesses, and often video becomes the solution to those issues.
EL:
I think we’re all still learning as we’re moving forward in deploying more and more of these solutions. Certain justifications like cost savings and travel have always been there, but what they see as really important is that people are starting to realize that you can create natural communication between people in every segment of the industry.
11 VIDEO CONFERENCING
GI:
I think we’re at the advent of becoming a “Jetsons” society. We’re seeing video move toward a more predominant mode of communication across a number of different fronts, and we’re seeing it used for both realtime conversations as well as streaming and archived content—youTube being a prevalent example. Video is permeating not only the desktop but room rentals as well as mobile devices. Cisco Cius and the iPad are certainly examples of where video will be going to mobile devices. The launch of the new iPhone recently drew a lot of interest based on the camera being on the front, enabling video chat. so I think there’s a tremendous amount of interest and it’s a really broad brush extending across the board.
convergence of available bandwidth quality all over the place, and very good usability in the various solutions out there, all of which we think will lead to a period of significant growth as more and more users adopt it. We see this across all types of business as well, whether that be infrastructure products for management aspects, bridging technologies and so on, but also more and more interest in personal endpoints of all shapes and sizes from devices like the iPhone to desktop systems, and it’s certainly on high-end immersive things as well.
EXECUTIVE PANEL
IL: LET’s GET AN INsIGhT INTO EACh PERsPECTIVE OF ThE VIDEO CONFERENCING mARkET TODAy. WhERE DO yOU sEE INTEREsT GROWING, WhAT TyPEs OF VIDEO CONFERENCING APPLICATIONs ARE yOU sEEING, AND WhERE ARE ThE RED hOT AREAs IN VIDEO CONFERENCING TODAy?
HeAd to HeAd
22 BusIness ArcHItecture
Your
business
blueprint
Business architecture is quite a specialist arm of the enterprise architecture umbrella and is dedicated to improving the organizing framework of a business.
TAYLOR EMERY (MEGA INTERNATIONAL) tells ETM’S ALI KLAVER that
business architecture has clear value and is here to stay.
http://www.GlobalETM.com
AK: WHAt Is megA’s defInItIon of BusIness ArcHItecture? tell us ABout Its ImportAnce In tHe enterprIse mArKet todAy.
te:
There are numerous definitions of business architecture. The practice is evolving quickly and I think we’ll continue to see the definition mature and refine itself by industry experts like William ulrich and stA group. The object management group defines business architecture as: “A blueprint of the enterprise that provides a common understanding of the organization, and is used to align strategic objectives and tactical demands”. This is a good summary definition, and I’ll go into a bit more detail to provide some more insight into business architecture. The blueprints used in business architecture aim to describe relevant scenarios, such as what an organization does, the motivations of business plans, or how it can improve its processing time. These blueprints—often expressed by way of diagrams using products like megA’s—provide the enterprise with the common language it needs to discuss scenarios, issues and problems. A common understanding and language is crucial to promote cohesion and to find solutions that transcend departments and teams. The main benefits of BA are transparency, impact analysis and alignment with business strategy. transparency is crucial if you want to see the root cause of business problems. transparency enables organizations to address business issues across divisions, departments and geographic locations.
Impact analysis, on the other hand, allows you to compare and contrast current and future states of the business and see the impact of change across the organization. Alignment with business strategy ensures that everybody in the business is on the same page. megA is an international company with offices in eight countries including the usA, mexico, france, singapore and the uK. This gives us a very powerful perspective on how businesses are run in a variety of countries and, in particular, how our clients differ. for example, in france, companies have traditionally had business architect roles or departments involved with how the business aligns with the business strategy. In the usA, business architecture is becoming more important than enterprise architecture because it’s viewed as the mechanism to better coordinate It planning with business goals. megA has been supporting business architects for close to 20 years. In the past in the united states, canada and the uK, enterprise architecture divisions were heavily based in It and often struggled to communicate the value of enterprise architecture to the business—this is changing. We’ve seen a change from the enterprise architects’ perspective to focus more on business capability. It architects, though primarily concerned about It requirements and business and It alignment, see the value of business architecture. In the role of solving business problems and not just technical problems, they are starting to use BA methods to speak to the business in terms they understand. This trend is also observable in how industry analysts have been
TE:
All operations, and ultimately all activities in an organization, should aim to accomplish the business strategy—but this is easier said than done. Business strategy is designed to achieve long-term objectives. Its formulation is usually based on assessing the present situation. In BA, models called “capability maps” are used to describe the organization’s capabilities aligned to their objectives. Business architecture helps strategic planning by clearly and accurately describing the information needed to elaborate the business strategy. At the same time, BA helps them identify not just the hurdles or challenges they face, but the root cause that is interfering with some part of the business. Certainly, division or department managers are aware of what they’re doing, but this information is not necessarily clear to upper management in a concise way as I mentioned before. The ripple effect of change programs is not always clear cut either. BA helps management have a better global view of their business. BA’s foremost advantage is to provide transparency of the business, and transparency is crucial when defining or measuring business strategy or when tackling other business problem-solving scenarios such as mergers and acquisitions planning, product deployment, and customer management consolidation. Ideally, a well-formed business architecture practice would be part of a business’ strategy team. As far as IT is concerned, it’s important not to fall back on the thinking that BA primarily serves the purpose of IT and business alignment. Of course, in the best of worlds, they would be aligned and BA is a way of reaching that goal. But BA’s first role is a business one—to meet strategic and tactical business demands. IT and business alignment can be a business demand, but I’m sure business people will agree that they’re faced with a number of demands. In any case, once there’s a blueprint of the business, projects and transformation scenarios can more easily express and coordinate their functional needs with IT. AK: How does a successful business architecture change the business? Are there any cost-related issues with implementation, or does it end up as a cost-saver?
TE:
Well it’s not simply about a software tool. We’ve seen other
AK: Let’s talk about what MEGA offers. I know you have an EA tool, and in view of what we’ve been discussing so far, what is the real point of difference that this solution brings to an organization?
TE:
With MEGA Suite, our customers can do a wide range of important activities such as business architecture, process improvement, system lifecycle planning, technology architecture, systems engineering and IT planning. MEGA Suite brings together all of these perspectives and information into a common, shared repository for rich, expressive reporting and analysis for the business or enterprise architect. For example, one of the strengths of the MEGA Suite is that our modules share the same information and therefore the user does not have to consider which MEGA module to use. They simply focus on the diagramming and the reporting necessary to make decisions and support collaborative discussions. I’m sure you see where I’m going with this—IT and business people don’t analyze the same data, but the work they produce can be linked together to provide transparency throughout the enterprise and enable real impact analysis. Sharing the business architecture information in a common, objectoriented repository is critical. Our customers can expand their projects from business architecture to information architecture or work at aligning their IT and business requirements, without losing any information. The reusability of this data makes for a more agile and efficient work environment. Our Suite supports a large variety of practical and strategic needs, such as using external sources of information (like spreadsheets), scenario simulation and information architecture initiatives. The missing ingredient here is methodology. MEGA has a rich methodology that guides the customer in how to do this work. We offer education services; business architecture assessments to help a customer understand their organizational maturity with respect to BA, and can engage them at the project level if desired directly or with our business partners. So rather than a specific tool, MEGA offers a BA solution that involves both software tools and consultancy services—and we are the first EA
23 business architecture
AK: How closely do you see business architecture as relating to the overall business strategy of a company? We hear a lot about how important it is to tie an organization’s strategy to all other areas of the business, particularly IT. How does business architecture fit in with this?
software vendors, for example those focused on IT planning and service oriented architecture, change their message to strategic planning with no fundamental shift in their thinking or reporting. IT planning and SOA solutions are not business architecture solutions. But first, let’s look at business architecture which is really about adopting a different view on business. Rather than being reactive to business situations, BA allows companies to more clearly see their present-state and easily test and evaluate their future-state scenarios. Being reactive to business issues usually results in hastily made decisions with little or no knowledge of the ripple effect of these decisions across an organization. Business architecture is, essentially, a blueprint that guides the business strategy. It enables leadership to make better business decisions because they understand what the organization is capable of, what motivates them, and subsequently, how they are supported by their technology. As far as costs are concerned, like any architecture field, there are products and services out there that help enterprises achieve BA. Ultimately, the goal of BA is cost savings. The transparency it offers into the organization allows the business to identify siloed, redundant business functions and information, and eliminate those redundancies. All the information captured during a BA initiative is reusable, so everything can be used in other BA and planning initiatives. BA allows for impact analysis which greatly decreases the risk of eventual complications.
head to head
approaching BA—as a way for architects to communicate better with the business. There’s also a push from the business side of things. As enterprises become global and value chains are dispersed around the world, they have often morphed to a size that is not easily manageable and that doesn’t offer a lot of transparency. Information silos are common, which reduces efficiency and often negatively affects customer service. Business people are looking for ways to address these issues and I think BA is the perfect solution. What we see from working with clients and consulting firms to implement business architecture solutions is that, regardless of the motivation, we believe business architecture has clear value and is here to stay. It will gain more importance in the years to come for the simple reason that it makes good governance sense.
Analyst feature
26 Business process management
Back in charge
Quocirca published a report earlier this year that took a top down approach on how an organization is run by process, not by application. However, it’s clear that organizations are bad at being able to define a process and therefore need to break things down into tasks. CLIVE LONGBOTTOM (QUOCIRCA) says that, ultimately, BPM will replace the enterprise application.
“If the process needs
change, then the existing
function can be dropped and a new function sourced and plugged in.”
Historically, applications have tended to work on hard coded process streams with anything out of the ordinary dealt with as an exception. Going forward this may not be good enough. When everyone was based on the same approach, it all came down to how well a specific application could deal with the codified processes, and how much extra a company was willing to spend on layering on extra process capabilities to deal with the exceptions. A business has to be run from the top down. It has a business imperative—essentially to make as much profit as possible. This is enabled by
THE PROCESS/TECHNOLOGY GAP
copyright 2010 quocirca ltd
Business Imperative Business Processes Tasks
Capability gap Functionality Applications Platform quocirca
intelligence is yet to come. Any CRM system needed a solid CRM strategy from the business; any SCM system needed knowledge of what would make an optimized supply chain in the first place. The lack of a top-down approach is what held many of these systems back. They weren’t solutions—in fact they exacerbated the problem. Another issue was that even where these enterprise applications did help, once everyone had the “solution” it no longer provided an advantage. All that had happened was that the bar had been raised. The problem now is that retro-fitting a corporate strategy into already deployed enterprise applications may be too late. We’re in a new technological era—one where it is becoming possible for the technology to support the business in real time, for function to become king, and for the application to begin to fade away.
the processes, which are made up from a set of interlinked tasks. In modern businesses, these tasks are facilitated through applications built on a technology platform, using hard coded functionality. If the task needs to change, or if the existing application does not have the functionality required to facilitate the task, then there is a capability gap in place between what the business needs and what the technology provides. Three things are now coming together to change how a successful company will be able to deal its process needs: • Web services. Web services have been around for a while now, but have not been able to bring the promise of flexibility and agility into full practice. The basis of a web service is that code is provided that provides a defined function, rather than trying to solve a complete issue
27 Business process management
customer wants; how to deal with inventories; how to ensure that something that is ordered by a customer will be delivered and so on. It seems that the “solutions” were a little short on their promise. On the whole, it seems easy to blame the vendor based on the hard sell and over promise from the flashy sales guy. Unfortunately, the vast majority of enterprise applications were, and are, actually pretty good at doing what the vendors promise. What the buying companies failed to realize is that technology can currently only do what it is told—the age of advanced, ubiquitous artificial
Analyst feature
I
n the 1990s there was a tendency to throw money in the form of a technology application at a given problem, hoping that it would be solved. Some organizations spent tens or even hundreds of millions of pounds on systems calling themselves “solutions”—and wrapping up specific areas of their business in this solutionoriented embrace. So we got customer relationship management (CRM), enterprise resource planning (ERP), sales force automation (SFA), supply chain management (SCM), and any number of other three letter acronym (TLA) solutions bought and implemented by IT departments within businesses—and many a failure was documented and broadcast around the world by the media. The main problem was that organizations began to lose focus on what their business was all about. They fell for some sharp sales guy in a designer suit and driving a Porsche that came in and talked about the need for a 360° view of the customer, for managing supply chains in a “just in time” manner, or to make prospect information more immediately available to the sales force. This seemed to make sense. The fact that this sales guy worked for a small company, that the company prided itself on not actually using the very software that the guy was selling to the organization, and that his actual knowledge of your business ran less deep than a TV game show host’s sincerity, seemed to go over the majority of people’s heads. CRM, ERP, SCM and all the rest were the latest and greatest things, and the business press (exemplified as being the business class magazines read by CEOs while flying over the Atlantic) glorified the CEOs of the software vendors, dropping in the occasional names of companies that had implemented their solutions and gained some benefit. The poor business CEO felt that they were being left out of an important business revolution. The recession of the 1990s, followed by the dotcom boom and bust, brought deficiencies in their business models into high relief, and it seemed that these applications could sprinkle the magic pixie dust that would raise their corporate aspirations back to life. The CEOs rushed down to their IT departments and made bold declarations demanding that the latest and greatest “solution” be implemented—through the mid to late 1990s the age of the enterprise application had reached its pinnacle. Fast forward the best part of two decades down the line and the press is still full of details of companies that have their customer strategies wrong; who don’t seem to understand what the
HeAD tO HeAD
30 It OPeratIONS
full support
it’s no secret that organizations today are facing the increased consolidation of data centers and a widely distributed workforce. JiM
frey (enterpriSe ManaGeMent aSSociateS) talks to two experts from SolarWindS; SanJay caStelino and JoSH StepHenS, to see what sort of impact this is having on day to day planning and it operations objectives. http://www.GlobalETM.com
JF: It’S AN INteReStING IDeA tHAt ONe OF tHeSe tReNDS IS CONSOLIDAtION AND CONCeNtratION. tHe OtHeR IS eXPANSION AND tHINGS GOING FURtHeR AFIeLD. JOSH, CAN YOU ADDReSS tHIS CONCePt OF CONSOLIDAtION IN ONe DIReCtION AND eXPANSION IN tHe OtHeR? IF It DOeSN’t COMPete ON A teCHNOLOGY StANDPOINt, DOeS It COMPete FROM AN ATTeNtION StANDPOINt BY It ORGANIZAtIONS DeALING WItH BOtH?
application on the internet—but how do they understand that users need application help when they’re roaming from remote sites to headquarters; to a hotel room; to working from home and telecommuting? All these things complicate the lives of today’s It professionals. JF: It SOUNDS LIKe tHe COMMON tHReAD IS DeFINIteLY ADDItIONAL StReSS eItHeR IN eNABLING teCHNOLOGY OR ON tHe NetWORKS, BeCAUSe AS YOU PULL tHeSe tWO BODIeS APARt WHAt CONtINUeS tO CONNeCt tHeM IS NetWORKS, AND tHAt HAS tO tAKe tHe FOCUS IN ORDeR tO KeeP tHeSe MOVING FORWARD. IF We GO ON tO A ReLAteD QUeStION WItH tHIS IDeA OF StRetCHING; JOSH, DO YOU See tHIS HAPPeNING MOStLY WItHIN JUSt tHe BIG eNteRPRISeS OR ACROSS A BROAD raNGe OF BUSINeSS tYPeS?
JS:
We see it happening all the way up and down the scale, not just the big enterprises but also small business. In some ways it’s easier for a small- to medium-sized business to actually implement these trends more quickly than a large enterprise. If you’re a small business and you’re thinking about rolling out a new application, you’re more likely to give cloud or a SaaS-based application a try versus a large enterprise that has a big data center investment already. When you think about the way that small business works today, many of these organizations have users that are geographically separated, and it’s really not cost effective at all for them to think about rolling out deployed or distributed data center resources, so they have to make a decision more quickly. In a large enterprise, they probably have some data center computing resources distributed out to where they have big pockets of users, and now they have to think about how to change that over time without impacting the availability and performance of the user experience by consolidating the resources. We see this happening all the way up and down the chain and it’s an interesting problem because in many cases, the smaller the company the less expertise the It team has—they have smaller teams and are expected to be a jack of all trades. They don’t typically have as many specialists roaming around so it can be a challenging thing for them, even though their
31 It OPeratIONS
SC:
As I look at it, I don’t believe they’re competing trends at all. I think there is a shift in the distribution of the workforce, and over the last few years it has become economically impractical to have technology deployed en masse at each one of these distributed sites. It organizations have been forced to look for new ways to support their distributed workforce but also make better use of the dollars they have. So they’re looking at centralized infrastructures as a better way to service these distributed workforces. New architecture and technologies, both on the networking side and on the compute side with virtualization, have made some of the approaches to having a centralized architecture support distributed workforce which is much more practical. I think that’s where you’re seeing It organizations take advantage of both the cost savings, but also the new technologies to better service these distributed workforces. Distributed workforces are part and parcel of how companies have to do business today between acquisitions and retaining the great talent they have. I think they have been forced to say that they’re not going to have one office in one location, but 10 or 15 locations that they’re going to service, and it’s okay to have people in these distributed organizations because they can make them just as productive at these different sites. I think that’s what they’ve set out to do in an efficient way and without destroying their budget. This is what we’re seeing with some of these trends like consolidation of data centers.
JS:
They do compete from an attention standpoint. The other trend that helps drive each of these is the shape of our networks today and how that’s been changing over the last few years. If you look back 10 years ago to when most enterprise networks were hub and spoke-style networks, most of the traffic was from remote sites, and even internet-based traffic would route through the main site and through a data center and then outwards from there. What you see today is that the users, whether at home or in a remote office, typically have their own high speed direct paths to those resources out on the web and elsewhere. So whatever resource it stems from, they’re all out there and available and they expect that sort of functionality. The fact that these users are accessing resources directly regardless of where they are makes us think that perhaps we don’t need these data centers close to them anymore, and that perhaps we can put them back in the core. It definitely changes the way these teams start to focus on the technology. It changes the way they’ll think about how they go about steering these enterprises because for the first time in a long time, bandwidth within the enterprise data center itself is a big constraint, and this was never the case before. So the teams definitely have to divvy up their time to figure out what they actually want to focus on—providing higher availability and access to remote users as opposed to providing more of a focus in the data center and the performance and availability of the systems within it. While the trends don’t necessarily compete at that level, on a technical level there are some competing technologies and the farther you move the resources from the user, the more challenges you face. Sanjay actually mentioned the real goal here—we have an abundance of availability of computing resources in these data centers and that’s allowing us to achieve some economies of scale and how we think about application deployments and roll outs that weren’t really available to us before. It forces us down that path. Something we’re asked a lot by our customers is help in managing and thinking about those architectures. People are facing some real challenges in terms of how to measure application responsiveness from the users’ perspective when the resources are moving. They may be in a consolidated data center or moving resources out to a SaaS-based
HeAD tO HeAD
JF: SANJAY, ARe tHe CONSOLIDAteD ReSOURCe AND DAtA CeNteRS AND tHe DIStRIBUtION WORKFORCe tRULY COMPetING, OR IS ONe OF tHeSe tReNDS BORNe OUt OF tHe OtHeR?
heAd to heAd
38 contAct center And BAcK office communicAtion
Leaps and bounds:
aligning customer engagement from the contact center to the enterprise companies can have an efficient and effective means of communication between the contact center and the back office in a new and innovative way with the help of Genesys’ intelligent Workload distribution solution. etm’s aLi kLaVer talks to Brad Baumunk (B. Baumunk and associates) about iWd and how an accountable workforce is vital to ensure successful implementation.
http://www.GlobalETM.com
AK: How is iWD essentially different from those other solutions in the market at the moment? I know there are a few but they’re also quite disparate, so how is iWD placing itself in the market to provide that total solution that people are looking for nowadays?
BB:
When you look at systems in the market today you can think of a couple of different examples. Take business process management software systems such as Pega, which helps with mapping out processes, but it doesn’t route work, you can’t skill the work, and you can’t distribute that work to your employees. iWD was a product that was first brought to market as multimedia, and then
AK: That’s a great example. iWD seems to address all of these aspects and actually take it to the next level and follow business work practices which is vital when you’re talking about SLA’s, consistency and the customer experience.
BB:
Absolutely, and it aligns the customer experience from endto-end regardless of how the customer is communicating with you. We’ve opened up so many communication channels and now we’re able to align that customer experience from end-to-end to ensure that they’re getting the service level they expect. AK: We’ve touched on the challenges in the market at the moment, so let’s turn to the benefits of iWD. From your experience, what sort of benefits can businesses expect to reap?
BB:
When I think about iWD, I think of it as a technology that enables you to rethink the way you run your business. Based on that I think it starts with hiring. What we do in a call center today is typically look for somebody that has one to two years of customer service experience, put them through
39 Contact center and back office communication
BB:
I think companies are starting to look at solutions like iWD because we’re always trying to become more efficient and effective with our workflow and the process we use to distribute that work. Based on that, there are a couple of things that are leading companies to identify new opportunities. When you think about a call center you think primarily about phone calls, but as most people in contact centers know there’s so much more work that’s being done in a call center than just phone calls. Whether its email that’s coming in, work from legacy systems, faxes, the postal system—that work all needs to be done. And while typically we try to separate that work out and have it done in a back office operation, it’s still part of the customer contact. Companies are now looking at distributing this work the same way they distribute a phone call so that there is an end-to-end solution. Then there are back office operators who don’t handle phone calls, but they do have very similar skills as those being used in the contact center for phone calls. When you think about it you’ve got two groups that are doing very similar work, but who oftentimes aren’t talking to each other. iWD allows you to route that work based on those similar skills. The second part is that there is a big lack of visibility to the work in the back office. Employees typically come in at 8am and they’re out at 5pm. In the call center we’re used to knowing when a call was answered, when it was finished, if there was consult time on that call, whether the call was transferred and so on—yet we don’t have that same visibility to the back office work. It tends to lend itself to cherry picking, work being referred, and work that isn’t properly skilled being put into work bins for people and it can be very inefficient. Again, iWD allows us to skill that work, prioritize it in the back office and route it based on those skills and prioritization.
it became business process routing and finally iWD. What differentiates it from all the other systems out there is that it essentially uses the same Genesys routing engine to route non-phone work that’s being used to route phone work. You’re able to identify what type of skill is needed for a piece of work, prioritize that work, and then route that work based on priorities. To meld the first question and the second questions together, one of the important things is that, if you’re a customer of Company ABC, you make a phone call to that customer and the company has a service level of 80% of the calls answered in 30 seconds or less—the expectation is that your call is going to be answered quickly and typically is. On the other hand, if an email comes into a queue and has a service level of 80% of emails to be answered in 48 hours, the customer is sitting there wondering if they can get a much quicker response. The email sits in the queue, and the person doesn’t know what’s going on so they pick up the phone and call anyway. A beautiful feature of iWD is that it manages those transactions so it will let you know that there’s also an email in queue from that customer on the phone. The key here is that now we can align the service level for different mediums and channels, whether its email, fax, legacy system work or a phone call, to ensure that the customer experience is in sync. Finally, iWD gives us visibility into what’s taking place with these non-phone transactions such as email, fax, mail that has been scanned, and other legacy system work. Now iWD gives you that exact same reporting that we’re used to in the call center, and we can become much more efficient through performance management. For example, when we implemented the iWD solution at Farmers Insurance and started looking at what was going on with specific transactions, we found that a very simple transaction was taking some people five minutes to complete, and it was taking other people up to 25 minutes to complete. That’s a huge difference. We found that the people taking the longer times were either noting much more than they needed to, or they just didn’t have the system navigation skills that quicker people had. iWD gives companies that visibility to do the performance management that we’ve been mastering in the call center for that back office work.
Head to head
AK: B. Baumunk and Associates is a consulting company that specializes in contact center and back office workload distribution, workforce optimization and call center best practices, including performance management and attrition reduction solutions to contact centers, which translates into higher customer satisfaction. Over the past 20 years Brad has held leadership roles at companies including GC Services, FDC, Ticketmaster and Farmers Insurance, where he oversaw different functions including recruitment, human resources, workforce management, training, operations and IT. Brad, why do you think companies are starting to look at solutions like iWD?
ANALYST FEATURE
SOCIAL TOOLS
Guerilla IT 44
WHY USERS LIKE SOCIAL TOOLS 1. Agility Projects and tasks range dramatically in scope and duration. Being able to create a space quickly for a project, then close it down when the project is done—perhaps keeping it available as an archive—has great value. So does being able to add team members and assign them appropriate permissions.
Social tools can make these things quick and easy to do. John Kembel is Vice President of Social Solutions at RightNow Technologies. As the head of the company’s social software products, he is especially tuned in to the benefits that social technologies can offer. But he is also an end user and, therefore, a client of RightNow’s IT department. “The spectrum runs from something that’s self-led and self-powered—from IT’s perspective, maybe rogue—to something that’s maybe a bit more routine. The best tools depend on the task. When we’re releasing code [for RightNow’s products] every quarter, it has to be predictable, reliable and structured—and it has to work. A lot of things within the organization need to run this way. For these things, email and the existing tools and processes work well. “But if it’s an unknown topic or an exploratory task, something that needs to be a bit more agile or nimble, that begs a slightly different approach. We’re trying to have an intentional approach to how we work, and then choose the tools that allow us to honor that approach.
3. Communicating intent Like many of us, John Kembel can be frustrated with email, observing that; “There’s a great
“Users won’t go rogue if their
needs are met and they already have effective social collaboration tools at their disposal.” “As an example, we’re using an agile team approach to coordinate tasks under pressure and under moving priorities; agile methods are normally used in engineering, but we’re using them in the product and marketing sides of the house. For those activities that we need exploration into the fog for—things for which we might also use Post-it notes, white boards or daily stand-ups—then we find the social tools very valuable.” 2. Accessibility and compressing time and space
email tax that’s paid, not in dollars, but in attention. We cc people just for them to be aware of something. When I fly into a cloud of email conversations, it’s clear how much time and attention it takes to stay on top of things. “Take for example how the cc field is used (or misused). If I’m cc’ed on something, is it for my attention or my action? Or is it just an FYI? There’s no standard way to make that clear, no defined email etiquette for this. We sometimes find ourselves saying things like: ‘Did you get cc’ed on that?’ and ‘Am I supposed to act on it, or are you?’ How much time do we spend as a
45 SOCIAL TOOLS
G
uerilla IT refers to the actions of end users who take information technology into their own hands, circumventing their IT department’s applications and processes to install, configure and/or use non-sanctioned software systems. It has been around as long as there have been power users who install their own software applications on company-owned, companysupported computers in preference to what was supplied and supported by the organization. Some who do such end runs see IT as a road block. However, most don’t do so with malicious intent—contrary, perhaps, to what some members of the IT team may think—but because it helps them get certain things done (or, to be more accurate, because they think it will help them get certain things done). Today’s feature-rich social collaboration tools, combined with the pervasiveness of the internet and an increasingly social mindset (fostered by consumer-based social networking) makes it easier than ever for end users to perform acts of guerilla IT. The social tools in question are not those enterprise systems that are selected, vetted, implemented and supported by IT, but those applications that can be deployed quickly and easily in the cloud—that nebulous place where SaaS apps and data live—for little or no money, with just an email address and password to get started. Examples include some wikis (such as Wikispaces and Wikidot), project management applications (such as Basecamp) and documentsharing systems (such as Google Docs). These systems can be a thorn in the side of IT though, for reasons discussed later on. But before looking at IT’s perspective, it’s worth exploring how end users see such tools.
More and more, individuals are working from different places—their offices, at home, in hotels, out of their cars—using a variety of devices (desktop workstations, laptops, netbooks, PDAs and more). Teams often consist of members working from multiple locations, separated by time zones and geographic borders. Thanks to the ubiquity of the internet and the design of social collaboration tools, both the applications themselves and the content they contain can be accessed at any time from almost any place. Kembel adds; “We often use Google Docs to rapidly unpack and explore a new story or concept. Its ability to effectively stretch or compress time or place is great, and having a team of people together on a document at the same time is fantastic—just seeing everyone’s cursor. “You can say: ‘Hey, let’s review this. Let’s divide and conquer these three sections and reconvene in five minutes to discuss.’ Doing this by email, sending a Word doc around with track changes turned on, would be a non-starter. The amount of time we save is incredible, beyond the amplifying effect from building off of each other’s incremental ideas. It’s something you can only do in a semi-synchronous way. Google Docs does that. Hopefully some of the other tools will get there soon.”
ANALYST FEATURE
The way forward for social networking may appear complex and dangerous, but as MATTHEW LEES (PATRICIA SEYBOLD GROUP) explains, it’s just a matter of communication, set policies and meeting user needs.
HEAD TO HEAD
Are you
48 SECURE SOCIAL MEDIA
social media-proof?
While millions of users log onto Facebook at work and more companies create Twitter profiles, BRADLEY ANSTIS (M86 Security) tells ETM’S ALI KLAVER that the security challenges associated with social media stretch far beyond a simple firewall. http://www.GlobalETM.com
AK: TELL US ABOUT M86 SECURITY AND HOW YOU FIT INTO THE COMPANY?
BA:
M86 Security has been around for about 12 years. We are an amalgamation of several different companies in email and web security, and web productivity. M86 is known for having a very strong history in productivity controls, which were some of the first issues around our web security. Interestingly enough, web security is the initial concern around the use of social media as well so it’s following the same sort of track. We are also known for very innovative and proactive security control. Proactive is a very important term—it’s proactive technology that can actually detect viruses and attacks without having seen them before. So we’re doing a lot of innovative work in that sphere at the moment and we’re offering a whole range of products across the internet security spectrum. As for myself, I’m the VP of technical strategy here at M86, so I spend my time doing interviews and talking to our customers and press people. I also get time to research and work out where we need to be going in terms of our technology and where our products need to be going in the future to make sure we’re staying ahead of the requirements of our customers. AK: BUSINESSES TODAY ARE REALLY GRAPPLING WITH WHETHER TO CENSOR OR INTEGRATE SOCIAL MEDIA FUNCTIONALITY IN THEIR BUSINESS, BUT IT’S NOT AS CLEAN
CUT AS PEOPLE EXPECT. WHAT IS THE ARGUMENT FOR SOCIAL MEDIA IN THE WORKPLACE AND WHAT DO YOU THINK COMPANIES NEED TO WATCH OUT FOR?
BA:
The push is coming from a couple of places. The first one is this new generation. Employees are demanding access to these types of social sites in the workplace, even if it’s outside of work hours such as lunch times and before and after work. Today, we’re seeing that if you take a very draconian approach to social media blocking—essentially blocking all access at all times—it gives a very negative connotation to the actual IT security department. You only have to look at the current usage figures of social media to see how popular it’s becoming. We did some work in April this year and found that around 110 billion minutes was spent on blog and social networking sites. A typical visitor is actually spending two thirds more time on these sites compared to just a year earlier. These blog and social networking sites attracted about 24% more online users compared to the year before. In the same timeframe we saw that there were around 190 million users of Twitter, 519 million users on Facebook, and 65 million users on LinkedIn. That’s a lot of people and it definitely includes some of the employees in your workplace. If you want to remain competitive and attract the right candidates for the company, then you need to have a modern, inclusive and trusting approach about allowing social media in the workplace, but you also need to be aware of the threats and issues associated with social media.
BA:
First of all, the amount of time that people are actually spending on these social media sites is obviously a big issue, and this brings me back to my introduction where I talked about how social media is following the same sort of growth path that internet use did originally. The initial problem with using the internet was not around malware or infected sites; it was around productivity and working out what sites your employees are visiting, whether they’re appropriate, and if they’re business related. So it was more of a productivity issue than anything else, and we’re seeing exactly the same thing with social media. Yes, there’s malware and infected sites, and those sorts of things do grab the press headlines, but for most organizations it’s about productivity and ensuring that people are actually using the sites for what you want them to be used for. M86 has a very strong background in web productivity which gives us a good advantage in making sure we provide similar controls in this new social media sphere as well, and certainly those organizations that have a social media presence speak to the modern look that a lot of high-profile organizations are looking for. And just like having a website was a must-have a few years ago, becoming social media-savvy is the new thing, certainly in IT. We’re now looking forward to see how what we do on the web relates back to social media. Although social media tools have a reputation and are popular for trivial applications—such as informing the world of what you had for breakfast—there is a growing number of useful applications in social media and related tools. For example, a lot of people rely on these tools to receive breaking news from trusted colleagues. Social media can be used for demonstrating subject matter expertise to clients and prospects, sending marketing messages, or even announcing upcoming webinars and trade show attendance. These tools can make employees more productive by giving them faster access to information, speeding decision making, and offering companies a distinct competitive advantage. Basically, social networking and social media use is not just about breakfast anymore. Employees who have access to these tools are able to use them for work and the right amount of personal use—because let’s face it everybody does personal things in their work day—but it’s that productivity control that businesses need to be careful of.
AK: WHAT CAN COMPANIES DO IF THEY SEE THE VALUE IN USING SOCIAL MEDIA TO ENABLE ITS SAFE USE IN THE WORKPLACE? YOU MENTIONED MALWARE BEFORE, AND OBVIOUSLY THERE ARE THOSE ETERNAL SECURITY ISSUES, BUT ARE THERE ANY STEPS THAT YOU WOULD RECOMMEND COMPANIES TAKE?
BA:
First of all the use of these tools should be regulated by their organizations’ acceptable use policy, so you need to get HR involved. This isn’t an IT-only decision. IT can offer advice and assistance on what controls are technically enforceable and the things that other organizations are doing. However, as the IT department don’t take this on just by themselves you need to make sure that you’re getting the rest of the business, and especially HR, involved. Existing email acceptable use policies need to be turned into an internet use policy. Most people need to dust off those old email acceptable use policies and change them into internet use policies because that’s going to cover a lot more of what organizations and employees will be doing on the internet in the future. Companies need to consider their business communication protocols, practices, best practices, acceptable language and acceptable images—this should all be covered by your internet use policy. They will need to work out what access the company would like employees to have, the conflicting security concerns and how they can mitigate it, and obviously IT can help in that discussion. So the existing email policy should already define what acceptable language and images are from a business conduct viewpoint, which can be applicable in this new social media space. LinkedIn is a very good example—is it a business or social networking tool? It’s blurry—people certainly thought it was more business orientated but then they’re creating business networks through a social tool. Obviously, companies need to think about whether they want to limit access to sites where the organization has a presence, such as Facebook and LinkedIn, or whether employees need to have access to other sites to do their actual work. Do they need to limit that to specific times of the day? Do they want employees to separate social and business networks? It can be quite dangerous if employees are actually mixing those two personas, which leads into privacy settings which should be defined and mandated on the chosen networks. It will also add value to train users on those privacy settings. This is one of the big things that everyone can do and which doesn’t cost a cent. Get your users together and explain what privacy controls are all about. Determining what the user will be doing on these sites is also important and this is an area we’re being very innovative in. For example, I can allow a certain group of users such as marketing to post information on a site, whereas everybody else has read-only access which will still enable them to do all the research they need to do. In the future we’re going to have a lot more granularity, for example over the acceptance of new contacts and plug-ins that can be allowed and so on. So companies need to think about exactly what their employees need to be doing and then they need to make sure they’ve got the minimal security in place to enable them to do it. From these considerations work out what the policy should be; what’s enforceable in the current web security solutions; and if the current web
49 SECURE SOCIAL MEDIA
AK: WHAT ARE THE BENEFITS THAT SOCIAL MEDIA BRINGS TO A BUSINESS? CAN YOU NARROW IT DOWN TO THE BOTTOM LINE? FOR EXAMPLE, IS IT EASIER TO SEE THE BENEFITS IN THE PERFORMANCE MANAGEMENT AND PRODUCTIVITY SPHERE?
People definitely feel a lot more trusted by their businesses than those who have no access at all and are in a more controlled environment. So whether a business allows access to social media sites is becoming a more commonly asked question by job applicants.
HEAD TO HEAD
The other demand we’re seeing is from the business itself. Not only do organizations have an increasingly established presence on social media sites used as marketing tools and so on, but they’re also using these platforms to communicate with customers, prospects and other business partners. The realm of email as a dominant business communication tool is coming to a close. Even though in the short term we still see it as being the main communication tool, that dominance is certainly closing. This development means that employees need to be able to access these same social media sites to do their job. Researching different information, working with business partners, communicating with customers—whatever their job actually entails—you’ll probably find a growing portion of that is performed through social media sites like the ones I’ve talked about. Those two pushes are where we’re seeing a lot of requirements for social media in the workplace.
execuTIVe PAnel
52 APPlIcATIon SecurITy
From inception to testing Scott cRAWFoRD (enteRPRiSe MAnAGeMent ASSociAteS) is joined by a team of experts to discuss why organizations should be taking a closer look at
RoGeR thoRnton (FoRtiFy), ARi tAKAnen (coDenoMicon), RyAn BeRG (iBM RAtionAL), and chRiS enG their application security;
(VeRAcoDe). http://www.GlobalETM.com
rT:
Before founding fortify I was a developer and development manager my entire career, so I came to security from the role of development. To take a step back, some of those listening today will say: “I’ve got a network and I’ve invested in a lot of security technology that makes me secure, so why do I need to worry about software?” Back in the 70s and 80s when organizations started to network things there was a network security problem, and it was trivial to log into the network. If there was direct access to your network and the machines on your network then it would be very easy to steal all your data. But over the last 20 or 30 years we’ve done a good job to the point where breaching the network directly and logging into the computers on your network is really tough—unless you’ve made a bad mistake. But if you think about it, and as chris mentioned, the networks and the machines themselves need to allow access to software programmes. for example, AT&T, probably one of the most secure networks in the world, has been keeping out spy agencies and even our own government from accessing their very secure network. But when you use your AT&T phone, there’s a billing system and a network switching system that are all connected to your phone. Those are all software programmes. even though you can’t log into AT&T’s network and steal all the data, the programmes you’re using on your phone are going through that network and talking to programmes that are deep inside. So the website is the one that we all see in a familiar way, such as eBay and so on. The most important thing for us to realize is that protecting the network and the machines on the network is not enough today. We’ve also got to look at the software programmes that are on those machines and ask ourselves about the assurance our own developers, system integrators, the open source community, and the vendors we’re working with can give us to ensure that software is built securely.
AT:
my view is a bit similar to rogers, because as a black box testing solutions provider we don’t even do any differentiation between the network and operating system, and the application layer. When we look at security, we focus on testing the entire service platform including the applications that run on top of it.
So if we look at network related flaws more closely—they’re still everywhere. The majority of network operating systems are still battling flaws in IPv4, and researchers out there have not even started looking at IPv6. for auditing both, the tools have been out for years already, but still many of the devices have not been tested for security issues. Also, if you look at operating system vendors, it’s only a few of them that have started to find vulnerabilities in their own code. The majority of them actually depend on external security researchers to find their flaws for them. So the maturity of the products, even on the low-level protocols, hasn’t changed much from 10 years ago when vulnerabilities and weaknesses were found using security testing. If you look at application security I think that, especially with our background, the biggest challenge is to understand what application means. When we look at testing, the service delivery platform people are actually worried about applications built on top of social media, email and instant messaging besides pure web applications. for example, in telecommunications and especially mobile communications, next generation systems like VoIP come with a wide range of xml-based services and applications that are now tailored to enterprise needs. Then of course the latest trend which is even more critical today is all those applications that are downloaded to mobile devices. So application security today comes with much more complex technologies, including xml-based communications, client side code, and lots of new challenges that didn’t exist only two years ago.
rB:
Software has been ubiquitous. We like to say that software is the invisible thread that ties all these components together. you look at IBm; smarter planet and smart grid—these are old legacy systems. normally, when you go home at night, you expect the power to be on so you can plug something in and there will be power. The smart grid allows you to put data back into the grid. right now I’m not just a consumer of power; I’m a producer of power. I need to be able to connect my power system back into the grid, so it’s not just data or power pulling one way—now I have information flowing both ways. And it’s that mutual communication of data that allows all these security weaknesses to occur. The minute you allow someone to have access to your internal systems there are a lot of attacks.
53 APPlIcATIon SecurITy
ce:
Simply put, the traditional perimeter doesn’t exist anymore. you can’t solve everything at the network layer because you have to allow traffic to reach the applications, particularly the web applications, in order to conduct business. The frightening thing about application security is that most developers don’t understand secure coding and most of them have no incentive to learn about it. even for the ones who do, the only thing they’re being held accountable for is functionality and time to market, so it’s not surprising that security isn’t top of mind when they’re churning out a new feature. Veracode has collected a substantial amount of vulnerability data over the years and our data set actually grows every time we analyze a new piece of software. I’ll give you a couple of stats from the most recent volume of our State of Software Security report that we released recently. cross-site scripting accounts for over half of the vulnerabilities detected across all applications—that is what caused the recent Twitter worm. eighty per cent of all web applications would fail PcI; that’s to say they had at least one flaw related to the oWASP Top Ten standard. I could go on, but it’s clear that there’s a lot of work to be done to get application security up to par. When developers are given the time and the resources, they can fi x most security vulnerabilities quickly. most of it isn’t difficult to fi x once you know where the problems are and once you understand the root cause. We saw that, even for applications that failed initially, developers who went back and remediated were able to achieve an acceptable level of security on an average of 16 days. So
it’s definitely not an insurmountable problem if organizations start to take application security seriously.
execuTIVe PAnel
Sc: for yeArS IT SeemS The IT InduSTry hAS focuSed on SecurITy AS A leVel of The neTWork, The oPeRATIng SySTem or The uSer end PoInT. And WhIle We STIll See A greAT mAny Truly PernIcIouS ThreATS TArgeTIng The uSer TodAy, We See APPlIcATIon VulneRABIlITIeS BecomIng IncreASIngly exPloITed�The recenT TWITTer croSSSITe ScrIPTIng Worm BeIng A PerfecT exAmPle. chrIS, from your PoInT of VIeW, Why do you ThInk orgAnIzATIonS Should cAre ABouT SecurITy for APPlIcATIonS?
ANALYST FEATURE
62 ENTERPRISE SEARCH
Disturbing rumblings: Is a earthquake coming?
software
STEPHEN E. ARNOLD (ARNOLDIT.COM)
takes us through the uneven ground that is open source and says it’s highly likely that open source search will trump proprietary search solutions in the market today.
A
nimals often sense earthquakes before the trembler splits the land and shatters the status quo. Is the traditional proprietary software business model resting on its own San Andreas Fault?
about the cost and complexity of making in-house information findable is widespread. It’s no secret that coping with different types of information in volume poses a number of difficult-to-resolve challenges. These stretch from connecting search to other enterprise systems, to giving users what they need to do their job. Then there are new content types such as short text messages and rich media. Even stale, archived information from legacy systems can be brutally expensive to transform and inject into a search system. Most organizations find that their information targets move constantly, often in unpredictable ways. The ability to make quick, affordable change to software as needed allows the Lucene/Solr user to adapt without red tape and contract hassles. Instead of modifying a licensing agreement or buying additional functionality, the Lucene/ Solr system administrator can make changes—no phoning home to get permission. Flexibility and
“...It is a rare organization that has a single enterprise search system—most have five or more.” classic novel Death in the Afternoon: “I remember that after we searched quite thoroughly for the complete dead we collected fragments”. The metaphor is powerful and may apply to a possible consequence of open source software in the enterprise search market. Can open source search break the grip proprietary search solutions have on the enterprise market? Will Lucene/Solr rework the enterprise search landscape? Good question. Lucid Imagination, a Silicon Valley start up, has received venture backing totalling $16 million. The company’s business model is to make available a build of Lucene/Solr that is ready to install. The cost? Nothing. Lucid’s business model generates revenue from services. The company offers training programs, runs conferences and provides engineering and technical support. According to Fishman; “Lucid is growing. Open source search is becoming increasingly disruptive. Adopters range from companies like Macy’s to high-profile web services like Salesforce.com”. I don’t know whether proprietary search, open source search or blended search will emerge as the dominant model for information retrieval. I do sense unease in some sectors of the commercial enterprise search market. Also, among some search system customers, knowledge
agility complement to make sense to some senior managers. In the last 12-18 months, content outside the organization has become more important in many enterprises. The grassroots, social content flowing through the public internet and specialized services like Facebook and Twitter can have a direct, immediate impact on a commercial enterprise. Southwest Airlines learned about social media when a passenger was forced off a flight because of his physical size. Via Twitter, the aggrieved passenger ignited a fire storm. Most commercial search vendors have done little to counter the growing body of research data that suggests user satisfaction with enterprise search systems is low. Based on the work Martin White and I did for Successful Enterprise Search Management (Galatea, 2010), as many as two-thirds of the users of a search system are dissatisfied with that system. Not surprisingly, enterprise search systems have to be rejigged to handle certain specialized tasks such as indexing and making findable social content. Ideally, the search systems will function more like early warning systems than oldfashioned, look-in-the-rear-view-mirror, library research systems. As younger workers enter an organization’s workforce, social content comes with them.
63 ENTERPRISE SEARCH
and customizing the system. But with commercial search software licenses there is the initial license fee, upgrade fees, tiered support fees, fees for training and fees for adding modules to extend a systems’ utility. Eliminating or holding down as many of these costs as possible delivers an immediate saving. Many organizations are interested in a mash-up approach to information. Standards and interoperability are essential to the newer approaches to delivering systems that “play well with others”, as child psychologists say. Another key factor is the desire of many organizations to take control of their own destiny, not leaving the reins in the hands of a vendor of proprietary software who wants to limit a customer’s freedom. The traditional search software vendors’ license often attempts to create “lock in”. When upheavals or explosive events occur, I think about Hemingway’s statement in his
ANALYST FEATURE
Earthquake prediction is more art than science. But some alert animals are running away from an epicenter marked with unhappy customers and systems that do not work as advertised. Large companies are building their business on Lucene/ Solr (search), Hadoop (distributed processing), Alfresco (content management), and Linux (operating system). Each of these products is “open source”. Open source software means that no one company owns the code. Instead of a single firm controlling innovations and fixes, volunteers known as “the community” do the technical heavy lifting. Proprietary software has long been the dominant way to control customers’ use of proprietary technology. Software giants like Microsoft, Oracle and SAP sell their products. License fees and service revenues have given some software giants remarkable clout. Customers do not worry about Microsoft, Oracle or SAP standing behind their code. And information technology professionals often help sustain the traditional software vendors’ business model. A Microsoft Certified Professional or an Oracle database administrator wants Microsoft and Oracle products to manage. Open source software shifts the traditional enterprise software vendor model in a surprising way—the software is free. Saving money on license fees that can hit six or more figures is a good thing for many organizations in today’s business environment. Open source software offers another enticing benefit. The code is not proprietary and can be changed or extended in a way that is typically prohibited by proprietary software vendors’ licenses. With open source, there is no school master whacking fingers with a birch pointer, preventing a certain change. Lucene is open source software code that one can use to build programs that perform key word indexing. Lucene delivers the type of search provided if a user entered key words into Bing. com or an Autonomy-based system. Solr takes the Lucene software code and puts it in a server, ready to run. Together, Lucene and Solr provide an alternative to the traditional systems provided by dozens of commercial software vendors. According to David Fishman, vice president of Lucid Imagination, an open source search vendor in Silicon Valley; “Lucene and Solr deliver the same functionality that one would expect to get from a commercial enterprise search vendor’s system”. The rising interest in open source software is due to several factors. There is an increasingly urgent need to reduce and control costs. Open source search software is free to download and use. As with commercial software, there are expenses associated with installing, upgrading
ASK THe experT
66 NeTwOrKINg
Global
networking It’s becoming increasingly difficult to keep up with, let alone stay at the forefront of, the leaps that the IT space is making at the moment with virtualization and IT cost pressures, among others. CHrIS werpY (mASergY) says that it’s with an in-depth understanding of specific business needs that make it possible to stay ahead of the pack.
AK: CHrIS, CAN YOu Tell Our AudIeNCe AbOuT SOme OF THe mAIN CHAlleNgeS THAT YOu See OrgANIzATIONS FACINg TOdAY?
Cw:
As our teams work with enterprise companies today there are a lot of similar themes in the challenges they face in their day-to-day operations. The primary challenge we see today, and one that’s consistent across all organizations, is the move towards globalization. This move has been occurring for some time, but as we look at the enterprise space today customers are being asked to expand their own internal operations across multiple continents and get much further reach into other parts of the world. They’re also looking at it beyond their own operations and their ability to service their own customers—their ability to work with strategic partners in their business, and their ability to work with their supply chain and partners in that regard. what we’re seeing is the need for IT organizations to be able to quickly and efficiently provide their services across all aspects of the business—multi-continent and multi-country. Their businesses are growing, not only internally but also their external touch points. Secondly, a lot of companies today are talking about the cloud computing or
CW:
Within the global environment, the first challenge that we see comes from managing a global implementation. As you get into different parts of the world the seamless technology, consistent application of network services, and consistent application
AK: I wanted to turn to something you mentioned earlier about virtualization. Isn’t it a good thing that a lot of companies are striving towards more virtualization? Why did you mention that as a challenge?
CW:
The move towards virtualization is a very efficient and cost effective solution for customers and it’s something that I think will fundamentally change the way in which a lot of applications are delivered across the enterprise. The move towards virtualization has been driven by those cost efficiencies of relying on your own data center, or having large racks of servers and other hardware that you’re managing, and paying for the maintenance. So the move towards virtualization is something that all enterprises are looking at and it’s hitting their day-to-day activities and changing the way they do business. The challenge is that the impact on IT staff is somewhat of a secondary notion. When you talk about pushing applications out to the cloud there are still expectations within the user base and the business community that those applications will perform. So the challenge for the IT staff becomes making sure that the day-to-day experience doesn’t change, and that the performance doesn’t change.
Secondarily, some of the applications get pushed out to different types of the cloud. Everyone talks about the cloud in somewhat of a generic sense; there’s the internet, private IP’s on very different technical levels, and different associations within that cloud as to how those applications get connected to and delivered across the enterprise global network. As that occurs, IT staff are dealing with service level agreements and application performance, and quite honestly they’re dealing with the security concerns of putting internal intellectual property out into areas that don’t reside within their own locations. Once the move towards virtualization occurs the onus is on the IT staff to make sure that those applications are still available and are 100% secure. AK: How are executives affected by the current economic climate and the fact that ROI concerns continue to put pressure on IT staff?
CW:
It creates a tough environment because the IT staff is working in an environment where, as I mentioned earlier, budgets or head count may be shrinking. As we talk about globalization and virtualization, that creates complexity. As the bandwidth requirements grow, as the complexity of these applications grow and as the needs of the business users grow, the ROI conversation becomes something that’s innate to all planning sessions when you’re talking about a global network IT infrastructure. As these pressures increase and as the staff remain the same, the cost effective solution doesn’t necessarily come down to the monthly price you’re paying—it comes down to the entire investment that you’re making within an infrastructure. This is not only to do with the monthly budget in terms of internet or network spend, it has to do with how many resources you need to support that and what the equipment and ongoing maintenance looks like. Secondarily, as you look at the ROI, the globalization piece becomes critical. Do we have to outsource or hire to effectively cover other areas of the globe? Do we have to hire more resources or people with local expertise to do it? The decision making process, in terms of a global infrastructure, goes well beyond just the network cost—it’s a holistic approach. This is where the IT staff has gotten very savvy in understanding the cost effective nature
67 NETWORKING
AK: You mentioned globalization earlier—what are some of the implications for enterprise networks in relation to globalization?
and implementation of IT resources becomes a challenge. You’re dealing not only with the time zone change and the distance between the IT staff, but a lot of times you’re dealing with multiple vendors and technologies. Trying to create a performance-based network that will drive a guaranteed application performance and user experience, across that platform, becomes challenging. The second piece is that, as globalization occurs, businesses are moving into geographic areas of the world where they don’t have a lot of experience or knowledge—the local expertise—available to them. Then the challenge becomes about managing that with the existing IT infrastructure, or doing it in a cost effective way so that you’re not just throwing head count or bandwidth at it to try to solve these problems. The challenge becomes about creating a very succinct and tight seamless topology and implementation that is able to be managed and reproducible as the business expands into other areas of the globe.
ASK THE EXPERT
virtualization push that’s occurring within IT departments. There are some very simple definitions of cloud computing out there. In fact, I’ve got one customer who refers to it as; “Stuff I don’t need to worry about anymore”. From a hardware and data center perspective that is certainly true, but the performance of the applications and the availability for their end users is still there. None of that goes away. So as different applications and parts of the IT environment are being pushed out to different locations, this move towards virtualization is something that customers are taking a very hard look at. The theory behind cloud computing and virtualization is a great one. It’s how the IT departments are responding to that and the challenges that creates when other applications, the data center, and the platform for providing services to their customers changes. How do we understand exactly what needs to go out and how we’re going to support that? From those two topics, and what plays very specifically into a consistent theme within the enterprise IT departments, is IT cost pressures. These organizations are being asked to do more with less, not only in terms of their budget but in terms of their head count. As the business grows and the application demands change, that complexity falls into the IT department—to have a unified, seamless strategy for supporting not only the infrastructure but the critical day-to-day business applications that are vital for these companies in order to do business and to expand their business. So as these IT budgets shrink and IT head count begins to shrink, the complexities that we talked about with the other challenges fall into their laps. This is where CIO and the appropriate IT staff supporting them have to come up with a seamless strategy in order to provide for their customer base, their internal customers, and every aspect of the business that IT goes on to touch.
eXeCutive pAnel
70 seCurity inforMAtion And event MAnAgeMent
insight into siEm dr. ANtON CHuvAkiN leads an all-star panel to provide pointed information on siEm for enterprises and small organizations. He is joined by A. N. ANANtH (Prism miCrOsystEms), NiCk BriErs (iBm tivOli) and BriAN siNgEr (NOvEll).
http://www.GlobalETM.com
It’s best to think about use cases rather than defining it by what the term means. We find that people think of this technology first and foremost for compliance reporting, secondly for security management, and then sometimes for operational requirements. For me, the defining aspect of SIEM would be looking at security information from across the enterprise, not just log data, because while that’s important it’s certainly not all of it. It’s also to do with things like change audit, security config base line assessment, and so on. From a feature perspective; reporting is necessary, search is necessary, the correlation rules are necessary, and that’s our view of what SIEM really means.
AC: So does every organization actually need a SIEM solution? If not every organization is a SIEM, then how about log management? Will this change in the future so that every organization will need a SIEM?
AA:
NB:
I believe it to be a combination. I see a lot of clients looking at SIEM and how that fits into their security framework, so we see SIEM as being a cornerstone of that security framework for our clients. SIEM is a combination of log management, external threat, internal threat, forensics, audit, compliance management, operations management—and the list goes on. But it’s about bringing all of those capabilities together and it shouldn’t be looked at as a standalone. SIEM is a cornerstone and a framework and it has to integrate with the rest of your enterprise. You should look at how it’s integrating with your change management systems, your database, your workflow, and so on. AC: So the key part of SIEM in your opinion is that it is a cornerstone of other things, it’s not any individual feature?
NB:
That’s right. It fits in with the rest of the way your security framework is implemented. I like to think of it as the video camera of a surveillance system. It’s responsible for detecting and telling. Yes reporting is key in that; yes forensics is key; the ability to investigate is key; the event management is key; and the ability to detect external/internal threats is key. Just the basic acts of collecting logs and storing them is also key. I’m not saying that you can’t do one without the other, but I think they’re all important parts of the overall definition.
BS:
I agree with a lot of what the panel has said, but I also think you have to consider the reason we use SIEM. When you look at what you’re actually trying to get out of a SIEM, you’re basically trying to understand when there’s a problem with security in your environment. The reason SIEM exists is because we have so many different systems and layers of security that it’s hard to get that enterprise-wide view. I actually don’t view a single feature as the defining feature of SIEM. I think correlation is an imperfect way that we’ve devised to get to that end goal of understanding when there are anomalies in our environment. We haven’t yet devised the perfect way to do it. With correlation, you have to define a rule and you have to know what you’re looking for ahead of time in a lot of cases. AC: So thinking that there’s one magic feature that makes SIEM a SIEM is not the right way to look at it?
BS:
Absolutely. You start at a use case for the business problem
AA:
I’d say that you need a SIEM only to the extent that you care about your IT assets and that your business processes will be adversely impacted if they go down. That tends to be true once you get above the local hardware store. After all, if you can put up a “gone fishing” sign and disappear any time your IT assets go away, then you probably don’t need SIEM at all. But I venture to state that there is no business of any significance that can afford to do that. Therefore, to the extent that these are your crown jewels, these are the assets that empower you to do business—so you do need a SIEM. The depth of the implementation and the complexity of it depend to some extent on what your goals are. If you’re only trying to check the box for something like compliance then you probably need a cookie cutter kind of SIEM, but I’d say you still need one. Looking to the future, it’s clear that security trend lines are obvious and compliance is obvious, so I don’t think that you’re going to get away from this problem even if you try to say that some of your problems are migrating to the cloud. In the end, ownership, responsibility and accountability are still with you. That’s just a new way of acquiring stuff. We’ve seen a trend in the past where people say; “I’ve sent all my work offshore”. You might have, but that doesn’t mean that you’re then somehow less liable or less responsible for the work that’s being done in your name or on your books. In the future we’d see the requirements only intensifying, not reducing. You’ll have more and different types of systems than those that became fashionable five; seven, or 10 years ago, but they still have logs. So over a 30-year period, where so many things in the IT universe have changed, this problem of log management and SIEM has essentially stayed with us.
NB:
I think the reality is that all clients are at different levels of maturity. Some are looking for basic check-box compliance and these people will definitely be looking towards log management—that’s the compliance step and the first stepping stone for a lot of clients. In a lot of cases it’s enough and they don’t need to take any more. But there are also a lot of larger organizations that are driven through business and compliance needs to look further at insider threats and external threats. Those being driven by PCI and SOX are looking for very specific compliance requirements that they have to meet, so tell me another way of doing that and I can answer your question differently. But without that, I’d say yes. AC: And what’s your prediction for the future? Do you think the percentage of organizations actually needing a full-blown SIEM would go up, down, or stay the same?
71 Security information and event management
you’re trying to solve and work back from there. You can get there from correlation or you can get there from reporting if your use case is compliance. But these aren’t necessarily the defining features.
Executive panel
AC: What, in your opinion, are the defining features of a SIEM? Is it correlation, reporting, normalization or a combination of these?
ANALYST FEATURE
82 LOG MANAGEMENT
Logs: ignore them at your
Peril
DR. ANTON CHUVAKIN says that
managing and centralizing log data is the key to addressing security and compliance issues.
A
ll information technology users, whether authorized or malicious, leave traces of their activity in various logs. Such logs are generated by IT components such as desktops, servers and firewalls, routers, security appliances, web proxies, email servers, databases and business applications—as well as by just about anything with a processor inside. Over time such records accumulate, creating mountains of different types of log data. At the same time, more organizations are starting to become aware of the value of collecting and analyzing such data. It helps them keep an eye on what is going on within their IT infrastructure—the who’s, what’s, when’s and where’s of everything that happens. It also makes sense due to the growing emphasis on data security with companies wanting to avoid becoming the next Heartland or TJMaxx (the #1 and #2 largest data breaches in human history by the number of data records “lost”). At the same time, many regulations mandate or imply logging, log collection and review (see my paper “Log Management in the Age of Compliance” at ComputerWorld for more information). Of course, simply producing and collecting the logs is only half the battle, if that. Being able to intelligently review massive amounts of log data in order to investigate, detect, or in some cases even predict security threats and stay on top of compliance requirements is the other half, and is much more challenging for many organizations. However, logs have traditionally been handled by reviewing them on their individual points of origin and usually only after a major
ANALYST FEATURE
83
LOG MANAGEMENT
changes, file access, altering or deletions, and usually contain the information of the user who performed the actions. Network logs, on the other hand, describe data being sent and received over the network, so it makes sense that these are best suited for detecting and monitoring abnormal network activity. Unlike server logs, which are limited to one machine, network logs indicate a connection on the network, a source and a destination. Relevant information found in network logs include the time a message was sent or received, the direction of the message, which network protocol was used to transmit the message, the total message length, and the first few bytes of the message. On the other hand, such logs typically do not provide the information on the actual user identity who attempted the connection. All logs (security, application, server, network and others) make up one big piece of the puzzle of IT infrastructure activity, so it makes sense that all log data is crucial to enterprise security, regulatory compliance, and IT operations. While one can try to look at logs in a siloed fashion, the logs will then fail to form the entire puzzle—the “big picture” of enterprise activity. If a system admin reviews his own server logs and firewall admin look only at firewall logs, nobody will be around to correlate them together and realize that both logs were traces of the same ominous activity such as data theft. Let me provide a few compelling reasons in favor of centralized log collection and enterprise-wide analysis. First, logs from disparate sources reviewed in the context of other logs offer situational awareness which is key not only to managing security incidents but also to a company’s dayto-day IT operations. Routine log reviews and more in-depth analysis of stored logs from all sources simultaneously are beneficial for identifying security incidents, policy violations, fraudulent activity and operational problems, and for providing information useful for resolving such problems. Moreover, when responding to an incident, one needs to review all possible evidence which means all the logs from all the affected, connected and suspect systems. One query across all logs saves time, and incident response, whether to internal and external security threats, requires quick access to all logs to figure out the details of the breach, especially if it involves more than one part of the IT infrastructure.
Logs: ignore them at your peril
incident. For example, a media quote about a recent Walmart breach states: “The company’s server logs recorded only unsuccessful login attempts, not successful ones, frustrating a detailed analysis”. This presents a blatant violation of good logging practices. As a result, such a manual and ad hoc approach is simply not working in this age of data breaches and growing regulatory requirements. It is not only inefficient and complex, but can cost a large organization millions of dollars and take weeks, thus destroying positive effects of such delayed “log review”. On top of this, the ever-growing volume of log data makes such an approach even less possible in the future. Today, the call to action is starting to shift from mere possession of log data to centralized data collection, analysis and in-depth reporting to address IT security and regulatory compliance issues. Thus, the main log-related goals of a company should be both to enable creation of useful logs and centralized collection. Next comes the need to find a way to search and review log data from disparate points of origin across the entire IT infrastructure, sometimes even across geographies and hundreds of distributer sites. Let’s first look at what these logs are. A useful frame of reference to be used is the following; because logs contain information about IT activity, all logs generated within an organization could have relevance to computer security and regulatory compliance. Some logs, especially produced security devices, are directly related to computer security. For example, intrusion detection and prevention alerts are aimed at notifying users that known malicious or suspicious activity is taking place. Other logs, such as server and network device logs, are certainly useful to information security but in less direct ways. Server logs, such as those from Unix, Linux or Windows servers, are automatically created and maintained by a server of activity performed on it; they represent activity on a single machine. Server logs are especially useful in cases of suspected insider incidents. Given that an insider attack might not involve any network access as well as not trigger intrusion detection systems and happen purely on the same system (with attackers using the console to use the system), server logs often shed the most light on the situation. Relevant logged activities on a server include login success/failure, account creation and deletion, account settings and password
“... IT
professionals
need to find a way
log analysis
to execute
of all logs all the .”
time
heAd tO heAd
VIrtuALIzAtIOn, netWOrk And InFrastructure MAnAGeMent
look before 86
heAd tO heAd
http://www.GlobalETM.com
While virtualization has been a hot topic in the it sphere for a number of years, we’re still only at the beginning of the journey when it comes to understanding how to manage these new infrastructures. BarB
GoldWorM (foCUs) talks to sanJay Castelino (solarWinds) about virtualization,
network and infrastructure management. BG: By WAy OF IntrOductIOn, FOcus Is An AnALyst FIrM WhIch I stArted 10 yeArs AGO. We FOcus On VIrtuALIzAtIOn, systeMs And stOraGe MAnAGeMent, And It strateGIes FOr successFuLLy IMpLeMentInG neW GAMe-chAnGInG technOLOGIes. Our GOAL Is tO heLp It OrGAnIzAtIOns understAnd the Best WAy tO LeVeraGe these neW technOLOGIes And BuILd A pLAtFOrM FOr runnInG theIr dAtA centers MOre eFFIcIentLy And eFFectIVeLy, WhILe reducInG cOsts. sAnJAy cAsteLInO, VIce presIdent OF prOduct MAnAGeMent And MArketInG At sOLArWInds, Is An Industry expert WIth knOWLedGe And sOLutIOns tO heLp users successFuLLy chAnGe the WAy they MAnAGe theIr neW, eVOLVInG VIrtuAL InFra structures.
sc:
Let me give you a quick introduction of solarWinds. We are a leading provider of It management solutions—network, systems and applications, and storage management—for companies of all sizes. We have more than 95,000 customers around the world and do things a little bit differently. We like to allow prospective customers to evaluate our software, try it, and if it works for them—buy it. There are none of the long traditional enterprise sales approaches. This is a decision where we feel the It practitioners know what they need and the problems they need to solve, and we help them do it quickly and effectively.
BG: sOLArWInds hAs cOMe FrOM A strOnG netWOrk MAnAGeMent BAckGrOund FOr the LAst 10 yeArs Or sO, Is thAt rIGht?
sc:
That’s right. The company started in the network management area and has added functionality over time to manage servers, virtual environments and application infrastructure, and recently this year acquired a company in the storage management area as well. BG: I stArted WIth VIrtuALIzAtIOn ABOut 30 yeArs AGO BAck In the MAInFraMe AreA, But x86 VIrtuALIzAtIOn hAs ActuALLy Been ArOund FOr ABOut the sAMe LenGth OF tIMe As BOth OF Our respectIVe cOMpAnIes—ABOut 12 yeArs. OVer thOse 12 yeArs, I thInk eVeryOne WOuLd AGree thAt VIrtuALIzAtIOn hAs eVOLVed tO Be One OF the MOst sIGnIFIcAnt FActOrs In It OrGAnIzAtIOns tOdAy, hAVInG A huGe IMpAct On It BOth technIcALLy As WeLL As OrGAnIzAtIOnALLy. In FAct, the LAtest reseArch FrOM FOcus shOWs thAt OVer 90% OF OrGAnIzAtIOns hAVe IMpLeMented serVer VIrtuALIzAtIOn In prOductIOn, At LeAst tO sOMe extent. sO As these cOMpAnIes MOVe FOrWArd In VIrtuALIzInG MOre And MOre serVers And AppLIcAtIOns, And pArtIcuLArLy As they MAke the JuMp FrOM InItIAL
VIrtuALIzAtIOn, netWOrk And InFrastructure MAnAGeMent
you leap
87
Head to head
94 Data visualization
The end of BI as we know it: A fresh look at what business analytics means for today’s
organizations
It has never been easier to access and drive visual analytics.
DAN JEWETT (TABLEAU SOFTWARE) talks to ETM’S ALI KLAVER about the features of version 6.0 and how they’ll make life so much easier.
http://www.GlobalETM.com
AK: There seems to be quite a lot of excitement around your upcoming product release this fall. What exactly is Tableau releasing with version 6.0?
DJ:
Version 6.0 is due out in November. The new things in version 6.0, or the high level targets that we’ve been addressing, are around a handful of conceptual points. One is big, fast data. We’re seeing more and more people with larger and larger sets of data to work with, and since we’re an interactive analytic process, it’s critical that you have a fast speed of thought experience when you’re working with that data. Our first big theme is working with big data, and one of the things we’ve now integrated into the product is an in-memory column store engine so that we can bring data out of the other databases you’re working with and into Tableau. This allows us to work with that data at blindingly fast analytic speeds. At our recent user conference where we’ve started our beta programme for version 6.0, we demonstrated bringing 700 million rows of data into Tableau and working with that through an interactive analytical process. All the query response times were in the two or three seconds for querying 700 million rows of data. So that was a significant achievement for us. The next big thing we have in version 6.0 is around blending data together from multiple data sources into a single view. A simple example is when our customers want to do things like budget versus actual reporting. My budget information might be in a spreadsheet and my actual information might be stored in a database or a data warehouse somewhere, and I want to create a report or do some analysis that lets me compare how my budget is comparing to my actuals or my plan. I want to bring those together into a single view. Some of the new capabilities are around allowing the blending of data from those multiple sources together into a single analytic experience. Since we are a visual analytics company, with each of our releases we push forward the things we can do in the way of visual analytics. In this release one of the most interesting things we’ve done is allow you to blend what we call different mark types into a single view. This allows you to create some interesting views where you can have scatter plots overlaid with line plots, or line plots calculated out at different
AK: You’re known for pushing the boundaries of your products and there are literally hundreds of features in the version 6.0 release. How did you manage the development of so many innovations in a product at once?
DJ:
We do a lot of things—we’ve got a very high performing development team even though it’s a relatively small group, and we find a way to get lots and lots of great new and highly impactful features into each release. In this release, like you said, there are hundreds of things in there and some of them are particularly innovative ideas. I think this comes from a couple of advantages we have. We’re working with some different assumptions around how to build the software and what the capabilities should do, so that gives us an advantage in being a little bit more fluid and agile. Plus, we’ve got a more modern underpinning for the software to start with that allows us to be a bit more flexible in how we do things. The mechanics of how we build our software is to generally follow a process where we have a series of milestones and sprints to reach those milestones, and we try to complete a particular feature within a different sprint towards that milestone. So it’s an agile-like process. That allows us to get completed software capabilities in place and then we have additional iterations through these sprints, where we know that we’re going to need to go back and polish, rework and refine. But we don’t drag these things off into a long series—we take out bitesized chunks, get the people on the teams looking at, interacting with, and using the software as it’s in process, being developed through these little sprints, and that allows us to go back and either polish, refine or rework it. Sometimes we look at it and say: “That approach isn’t working and we need to go back and do a rework”. So these sprints and bite-sized chunks really help us to be flexible along the way. But we’re also committed users of the software in our business so we take all of the in-process software that we’re working on and use it in our day-to-day business activities. There’s nothing better than actually being a user of the software to realize where there might be a burr or a rough spot in the interface, or that if we just
95 Data visualization
DJ:
Tableau Software is a provider of business intelligence software and our special twist on that is around the visual analytics aspect. We’re not really about creating printed reports, invoices and those kinds of things— we’re more of an analytic software company. We allow you to dive in, understand your data, and ask and answer questions against your data. And that data can be anywhere, whether it’s in an Excel spreadsheet or in a big enterprise corporate data warehouse. We’ll connect to your data and let you go through an interactive session to ask and answer questions about that data. I’ve been at Tableau for a little over three years. I’ve been in the business intelligence space for a long time at different companies such as Brio and Hyperion, and have always been working around how to bring the user tools to understand their data. That’s what my career has been about and is what attracted me to Tableau. The co-founders and I met six or seven years ago and hit it off. We shared the same passion about letting people understand their data and get interactive with it to generate questions and answers with that data.
levels of detail. You can have one showing sales for a monthly roll-up level, and layered underneath that you can have all the individual transactions of sales events that have happened over a month. They are all layered and cut in seamlessly and transparently into a single view. It extends the analytic power you can have in these views when you can start layering in these multiple mark types into a particular view. We’ve also got a lot of great features around new parameters and substitution values, and a very rich, new calculation language to allow two pass calculations to be performed against information that you bring back. I can summarize data against the database and then do second pass calculations against that to augment things with the analytics I’m doing. So those are a set of themes on the desktop side. On the server side it’s really about more, more, more. More performance, more data, working with more users, and giving the administrators of a Tableau server a better handle and better capabilities on how to manage thousands of users of their system, and make that an easy and enjoyable process for them. So those are the highlights of the release. Through our data programme we’ve been getting some great feedback on all of these new capabilities.
Head to head
AK: Tell us about Tableau and a little bit about yourself.
Events and features
98
Events and features 2010/2011
ETM is focusing on:
2010/2011
Social Software, BPM and Security
GARTNER SYMPOSIUM/ITEXPO 2010 DATES: 8 – 11 November 2010 LOCATION: Cannes, France URL: www.gartner.com/technology/ symposium/cannes/index.jsp
CLOUD COMPUTING WORLD FORUM ASIA DATES: 17 – 18 November 2010 LOCATION: Hong Kong, China URL: www.cloudcomputinglive.com/asia
TELECOM TRANSFORMATION ASIA PACIFIC SUMMIT 2010 DATES:1 – 2 December 2010 LOCATION: Singapore URL: www.telecomtransformation.com
GIL 2010: CHINA DATE: 9 November 2010 LOCATION: Shanghai, China URL: www.gil-global.com/china
INFOSECURITY RUSSIA 2010 DATES: 17 – 19 November 2010 LOCATION: Moscow, Russia URL: www.infosecurityrussia.ru/#googtrans/ ru/en-EN
INAUGURAL CUTTER CONSORTIUM SUMMIT EUROPE 2010 DATES: 1 – 3 December 2010 LOCATION: London, UK URL: www.irmuk.co.uk/ccs2010
15TH ANNUAL MITX INTERACTIVE AWARDS DATE: 18 November 2010 LOCATION: Boston, MA URL: www.mitxawards.org/interactive/default. aspx
GARTNER DATA CENTER CONFERENCE DATES: 6 – 9 December 2010 LOCATION: Las Vegas, NV URL: www.gartner.com/technology/summits/ na/data-center/index.jsp
HACKER HALTED ASIA PACIFIC 2010 DATE: 9 – 11 November 2010 LOCATION: Kuala Lumpur, Malaysia URL: http://hackerhaltedapac.org/HH TDWI BI SYMPOSIUM DATES: 15 – 16 November 2010 LOCATION: Amsterdam, The Netherlands URL: www.tdwi.eu/en/events/conferences/ tdwi-2010-europe.html GARTNER 23RD ANNUAL APPLICATION ARCHITECTURE, DEVELOPMENT AND INTEGRATION SUMMIT DATES: 15 – 17 November 2010 LOCATION: Los Angeles, CA URL: www.gartner.com/technology/summits/ na/applications/index.jsp UP 2010 CLOUD COMPUTING CONFERENCE DATES: 15 – 19 November 2010 LOCATION: San Francisco, CA URL: http://up-con.com
data centre management 2010 DATES: 23 – 24 November 2010 LOCATION: Singapore URL: www.datacentreasia.com/Event. aspx?id=348798
DEFENCE GEOSPATIAL INTELLIGENCE (DGI) 2011 DATES: 24 – 27 January 2011 LOCATION:London, UK URL: www.wbresearch.com/dgieurope/home. aspx
ENTERPRISE INFORMATION SECURITY 2010 DATES: 23 – 24 November 2010 LOCATION: Singapore URL: www.infosecurityasia.com/Event. aspx?id=350380
GARTNER BUSINESS INTELLIGENCE SUMMIT DATES: 31 January – 1 February 2011 LOCATION: London, UK URL: www.gartner.com/technology/summits/ emea/business-intelligence/index.jsp
MOBILE CLOUD COMPUTING FORUM DATE: 1 December 2010 LOCATION: London, UK URL: www.mobilecloudcomputingforum.com
Interested in contributing? If you’re an analyst, consultant or an independent and would like to contribute a vendor-neutral piece to future issues of ETM, please contact the managing editor: Ali Klaver: aklaver@imipublishing.com
To read the
full version of the Q4 issue, please go to
“www.globalETM.com” please go to
full version of the Q2 issue, To read the
TBC