Rethinking Our Approach to Security

Zulfikar Ramzan

Zulfikar Ramzan

Chief Technology Officer at RSA

Companies aPovert-Index-Cover-Image (2)round the globe are plagued by compromises to their IT assets despite pouring considerable sums of money into their cybersecurity efforts. It’s clear, then, that naively throwing money at the problem won’t keep the bad guys at bay. Companies need to fundamentally rethink their approach to security.

That is among the more sobering findings in the Cybersecurity Poverty Index, which is a study RSA released this week. More than 400 security executives from organizations of varying sizes, industry verticals, and geographies responded to a series of questions about how mature they felt their cyber defenses were.

Based on NIST’s Cybersecurity Framework, respondents rated themselves on a five-point scale ranging from one (“negligent”) to five (“advantaged”). The resulting data shattered some commonly held myths and assumptions about maturity from a cybersecurity perspective.

Only a third of financial services firms, long believed to be at the bleeding edge of information security due to the billions of currency that flow through their networks, considered themselves well-prepared for an attack.

The results also debunked the notion that big companies (those with 10,000 or more employees) have the most mature defenses to deal with advanced threats. In fact, 83% of them rated their capabilities on the lower end of the maturity scale.

Of the hundreds of firms surveyed, nearly 75% believed that they lacked the maturity to thwart an attack. More so, only five percent felt they had the highest rated capabilities.  Five percent!

While one has to examine self-assessments through an appropriate lens, the data corroborates what I’ve already come to believe from talking with information security professionals all over the world: organizations need to fundamentally shift their mindset away from prevention, with its false sense of security, and move toward monitoring and response. Having greater visibility into the IT environment is among the most effective ways to deal with threat actors.

Visibility is about gathering data across all assets – from the end point to the network to the cloud. By gleaning insights afforded by that visibility, organizations can mitigate the risks they face until acceptable levels are reached.

Being able to baseline “normal” behavior simplifies the process of identifying outliers that often are emblematic of malicious behaviors. So, when (not if) an attack occurs, security professionals can trace its origins and then scope the intrusion properly. It’s all about connecting the dots.

Yet, most companies don’t do enough in this area, partly because they still cling to the old ways of the past. That may explain why they gave themselves high marks for protection, a conventional approach that loses its effectiveness as cyber-attacks become more sophisticated.

Until organizations liberate themselves from the hackneyed prevention-centric focus and increase their investment in detection and response, they will fail to keep pace with threats that grow more clever and sinister by the day.

 

How Would You Like Your Cloud?

Howard Elias

Howard Elias

President and Chief Operating Officer, EMC Global Enterprise Services
Howard Elias is President and Chief Operating Officer, EMC Global Enterprise Services. Elias has overall responsibility for setting the strategy, driving execution, and creating best practices for EMC services that enable our customers’ journey to cloud computing. He oversees EMC’s consulting services, technology professional services, operational services, and award-winning global customer support organizations, which provide strategic guidance and technology expertise to help organizations drive business value through IT innovation with a focus on exceptional total customer experience. Elias also has responsibility for corporate shared services including Global IT, Centers of Excellence, and Manufacturing and Supply Chain operations. In addition, he leads EMC’s Cloud Service Provider partner program, helping our customers and partners accelerate the adoption and benefits of cloud computing.

Clouds come in many flavors to suit different types of applications and address a myriad of customer needs, but what if I told you we can now cater to all?

I’m delighted with our recent announcement about EMC’s decision to enter into an agreement to acquire Virtustream, a leading enterprise-class managed cloud software and services provider with a strong track record of running large scale, mission-critical managed applications, including SAP, in the cloud. They have done this for many recognized global brands, including The Coca-Cola Company, Heinz and Kawasaki. This decision represents a transformational step forward in our Federation strategy, enabling us to offer customers the industry’s most comprehensive, end-to-end solution, across the full portfolio of applications, and with all cloud models, both on and off premises.

Full Spectrum of Cloud Models for Customers

To date we’ve been able to provide a robust range of hybrid cloud offerings via EMC’s Federation of businesses, but increasingly we’re hearing from customers that they want the option to confidently move all workloads to an off prem managed cloud model, including their most mission-critical applications like SAP. The significance of Virtustream is that it will also extend the EMC Federation’s capabilities to enable us to support everything from the smallest applications to the most I/O intensive enterprise applications, whether on or off prem, as we intend to incorporate this technology into the Federation Enterprise Hybrid Cloud Solution.

This set of offerings will be unique to the industry and will enable our customers to purchase their entire cloud infrastructure from one vendor, making their transformational initiatives as seamless as possible across any app, any workload, and any cloud model. Customers will also have the choice to purchase these solutions directly from EMC or via our global partner ecosystem.

Enabling Our Business Partners

EMC is blessed with an extensive partner ecosystem, one in which we are truly invested to drive mutual success for our customers. We always develop our go-to-market and delivery models with our service provider partners in mind, and adding Virtustream to our portfolio will provide significant opportunities to our entire global partner ecosystem. Our service provider partners will have access to Virtustream’s cloud management software platform, enabling our partners to adopt and deliver their own branded services.

Partners will also have access to our proprietary services methodologies. In addition to IP enablement, we will develop joint go-to-market programs and set up a model for the respective sales teams to ensure neutrality between selling direct and selling through a partner.

Virtustream has built a solid business over the last several years and has a stellar list of customers and partners, and a world-class team. I have known these folks for quite some time and am very impressed by their extraordinary passion, their deep expertise and their maniacal focus on customer success. Their DNA is a perfect match for us!

This acquisition will be transformational for EMC, our customers and partners. Stay tuned as we work through the acquisition closing and develop the operating details of this new business venture.

[In this blog, EMC refers to the EMC Federation of Businesses.]

howard-blog-FEHC

Is Traditional IT Still Relevant?

Vic Bhagat

Vic Bhagat

@VicBhagat Chief Information Officer at EMC Corporation
Vic Bhagat, Executive Vice President and Chief Information Officer, joined EMC in January 2013 to lead EMC’s Information Technology, Global Centers of Excellence, Global Business Services and Indirect Procurement organizations. Together, Bhagat and his global, unified team are responsible for evolving to a more elastic and contemporary IT organization; providing the services and support to enable EMC to optimize enterprise processes; and driving agility, growth, innovation, and revenue generation for EMC. Prior to joining EMC, Bhagat spent more than 20 years as CIO for multiple GE organizations including GE Aviation Services, GE Global Growth and Operations, CNBC, GE Corporate, and GE India and Southeast Asia. He earned his Bachelor’s degree in Information Management and Marketing from the University of Louisville and a diploma in Physics and Mathematics from Agra University in India.

sTraditionally, IT organizations have provided infrastructure and basic support to the business as a monopoly.  We used to think of (and deliver) projects in ERP terms with complex, multiyear investments.  And, the business had little choice, but to work with us regardless of how long it would take or what it would cost.   Those days are slowly disappearing as times and technologies are changing.

Today, the users of IT – the information generation – want the convenience and near instant gratification they can get elsewhere through mobility, cloud applications, software as a service and shadow IT investments.  Consequently, CIOs and IT professionals must evolve how we run IT as a business to maintain our relevance.

Last month at EMC World, Joe Tucci said we must transform IT to lower costs for our existing applications and infrastructure while dramatically improving innovation, performance and reliability.  Sure, we can implement new technologies and automate and digitize business processes, but it is also critically important to strengthen our partnership with our business clients to deliver or broker contemporary IT services that unlock value.

I am not alone in this view. It has been a common topic with my peers at a number of recent EMC and industry events. Here are just a few thoughts to consider as we redefine IT for the future.

  1. We must evolve from a commodity IT provider to a strategic partner for our business. Case in point, as CIO of a Fortune 500 company I don’t look for technology vendors.  I look for a partner that understands and helps me achieve my objectives by proactively recommending solutions.  Our internal clients want the same thing from us.
  2. We must change the conversation from technology speeds, feeds and features to the strategic value they will gain as a result of working with us. At EMC, we recently realigned our senior IT leaders to improve partnering with our line of business leadership.  While it is still early, this is a major step towards delivering a more contemporary IT experience for our users.
  3. We must make it easier for our clients to do business with IT. For years, we added processes, bureaucracy and budget complexity that erased our agility. As a result, to remain relevant, we now have to ask ourselves, “how can we simplify, digitize and automate our processes to deliver transparent, innovative solutions faster?”

That said, transformations are never easy.  To evolve with the times and become a more client-centric, business savvy IT organization, we need to question all aspects of our technology, people and processes.  Are we continually evaluating our stack to ensure we have the most reliable, highest performing infrastructure? Are our people enabled and empowered to consult, build and sell services that deliver value for the business?  And, are we the change agents leading the charge in how we eliminate process complexity and bureaucracy using digitization and automation?   Without a doubt, refining and redefining IT is a priority for CIOs to continue helping our business to grow and prosper.  

How are you evolving and enhancing your technology, people and processes to deliver a contemporary IT experience?

Connected Things, Connected Companies

Elana Varon

Elana Varon

Independent Contributor
Elana Varon is an award-winning editor with more than 20 years of experience writing about IT and facilitiating conversations among CIOs. Her coverage of technology, IT-enabled business innovation and the CIO role have been recognized by American Business Media, the American Society of Business Publication Editors and Media Business. As executive editor of CIO magazine from 2006-2011, Elana led a team of writers, editors and designers to produce the industry-leading publication for business and technology executives. You can also find her on Twitter, LinkedIn and at her personal blog, Cochituate Media.

GE Capital CIO Jim Fowler tells Forbes about a real-estate company in Tokyo that used the data on elevator traffic to different floors in their buildings to predict when people might be backing out of their leases or looking for more space. “If you think about buildings that are generating data that help us optimize that asset for a customer; we’re all about thinking of how we marry that up with the financial mechanism that we are giving to fund that asset,” says Fowler.

In other words, data from connected things can serve more than one business area. How do you encourage this type of cross-company collaboration?

A CIO-CDO Partnership

Elana Varon

Elana Varon

Independent Contributor
Elana Varon is an award-winning editor with more than 20 years of experience writing about IT and facilitiating conversations among CIOs. Her coverage of technology, IT-enabled business innovation and the CIO role have been recognized by American Business Media, the American Society of Business Publication Editors and Media Business. As executive editor of CIO magazine from 2006-2011, Elana led a team of writers, editors and designers to produce the industry-leading publication for business and technology executives. You can also find her on Twitter, LinkedIn and at her personal blog, Cochituate Media.

Retailer Staples created two complimentary teams to work on digital business initiatives, Kim S. Nash writes in the Wall Street Journal. One group, headed by CDO Faisal Masud designs customer-facing digital products and the other, headed by CIO Tom Conophy, deploys the technology to deliver them. How have you defined responsibility for digital business initiatives? If your company has a chief digital officer, how do you differentiate that person’s role from the CIO?

How Ready Are You, Really, To Handle an Information Security Breach?

Elana Varon

Elana Varon

Independent Contributor
Elana Varon is an award-winning editor with more than 20 years of experience writing about IT and facilitiating conversations among CIOs. Her coverage of technology, IT-enabled business innovation and the CIO role have been recognized by American Business Media, the American Society of Business Publication Editors and Media Business. As executive editor of CIO magazine from 2006-2011, Elana led a team of writers, editors and designers to produce the industry-leading publication for business and technology executives. You can also find her on Twitter, LinkedIn and at her personal blog, Cochituate Media.

Many organizations surveyed recently by RSA are still struggling with breach readiness. More than half (57%) “miss the critical early step of reviewing and updating their incident response plans, never mind testing and exercising these plans,” writes RSA Chief Trust Officer Dave Martin. But he also sees signs of improvement. What aspects of incident response, threat intelligence, analytical intelligence and content intelligence have been your organization’s biggest challenges? How are you addressing them?

How Do You Keep Up With Emerging Technology?

Elana Varon

Elana Varon

Independent Contributor
Elana Varon is an award-winning editor with more than 20 years of experience writing about IT and facilitiating conversations among CIOs. Her coverage of technology, IT-enabled business innovation and the CIO role have been recognized by American Business Media, the American Society of Business Publication Editors and Media Business. As executive editor of CIO magazine from 2006-2011, Elana led a team of writers, editors and designers to produce the industry-leading publication for business and technology executives. You can also find her on Twitter, LinkedIn and at her personal blog, Cochituate Media.

Researchers at Stanford have developed an aluminum-ion battery that could charge a gadget in a minute and last more than seven times longer than current lithium-ion batteries. The battery isn’t near ready for commercial use. But what might you do when it is? Do you have a process for flagging technology developments that might bear fruit someday? How does a new development make it on to your watch list?

Are Your Third Platform Efforts As Advanced As You Think They Are?

Elana Varon

Elana Varon

Independent Contributor
Elana Varon is an award-winning editor with more than 20 years of experience writing about IT and facilitiating conversations among CIOs. Her coverage of technology, IT-enabled business innovation and the CIO role have been recognized by American Business Media, the American Society of Business Publication Editors and Media Business. As executive editor of CIO magazine from 2006-2011, Elana led a team of writers, editors and designers to produce the industry-leading publication for business and technology executives. You can also find her on Twitter, LinkedIn and at her personal blog, Cochituate Media.

A new IDC study benchmarks companies’ digital transformation efforts, classifying fewer than 25 percent of companies as leaders (14%) or disrupters (8%) in their markets. I supposed it isn’t surprising that so few companies are mastering digital business, but CIOs might find one finding alarming. IT execs are more likely to think they are ahead of their peers in their digital transformation capabilities than other business leaders. What do you think accounts for this disconnect? Is it important to close the gap? What’s the solution?

Using Social Media to Manage Change

Elana Varon

Elana Varon

Independent Contributor
Elana Varon is an award-winning editor with more than 20 years of experience writing about IT and facilitiating conversations among CIOs. Her coverage of technology, IT-enabled business innovation and the CIO role have been recognized by American Business Media, the American Society of Business Publication Editors and Media Business. As executive editor of CIO magazine from 2006-2011, Elana led a team of writers, editors and designers to produce the industry-leading publication for business and technology executives. You can also find her on Twitter, LinkedIn and at her personal blog, Cochituate Media.

McKinsey describes four scenarios in which companies used social technology as a change management tool. In one example, Dutch bank ABN AMRO used social tools to push employees who were part of the same value chain, but in different silos, to share their expertise and come up with ways to operate more efficiently. There’s also some anecdotal evidence that engaging digitally can help managers perform better. “When people reflect on their behavior, they tend to rely on their own often sketchy perceptions and faulty memories,” according to writers Arne Gast and Raul Lansink. “With many digital technologies, however, people can now track their behavioral footprint—for example, by analyzing conversational threads in microblogs and comparing their actual behavior with the leadership style to which they aspire.”

Read the article here. How do you use social technologies to manage change?

Telecom is in Motion Now

John Roese

John Roese

Senior Vice President and Chief Technology Officer at EMC
John Roese is Senior Vice President and Chief Technology Officer at EMC Corporation. He leads the Corporate Office of Technology, which is responsible for defining the company's technology vision and strategy. He is based at EMC’s corporate headquarters in Hopkinton, Massachusetts, United States.

Based on Mobile World Congress (MWC) last month, we are now entering another time when the telecom technology landscape is evolving rapidly. There will be a huge shift to virtualized, agile, software oriented and common building block-based telecom clouds. This shift is at least as big, if not bigger, than any of the prior changes and my bet is that it will also spawn huge indirect IT ecosystem changes over time.

I have been involved in telecom for a few decades and have seen the industry change significantly. It’s hard to predict exactly what the end state will be, but it is both exciting and terrifying in that with these huge changes, lots of status quo perspectives will be challenged and new models will start to emerge. Personally I love this kind of change. In an industry that invests hundreds of billions in capital expenditures alone, change at this scale can be transformational for many more than just the operators themselves.

Here’s my short list of conclusions from this year’s Mobile World Congress:

  • The telecom industry is huge and attracting even more interest and investment than ever.More than 93,000 people attended MWC from over 200 countries. Beyond that, more than 2,100 companies exhibited (including EMC, VMware & Pivotal). Technology disruption happens best at scale and MWC showed that this scale of involvement is expanding rapidly, so we should see plenty of radical and interesting innovation fueling the shift.
  • Almost universally, telecom operators are moving to production. Last year the industry was mostly in evaluation mode, looking for one clear model to adopt. Candidly, it did not exist. What most of the industry has determined is that there are many paths forward and all of them improve operators’ capital expenditures, operating expenditures and opportunity to create and deliver new services. The only wrong answer now is to wait. Over time new technology and new architectures will emerge, but there is now enough technology available with suppliers and partners to assist in implementation that moving forward on any of these paths is now realistic.
  • Having a fast path to deliver new services, value and enter new markets is the motivation to move forward. A necessary step to do this is the deployment of a new class of software oriented virtualized infrastructure. The list of new markets and offerings at MWC was huge and included connected cars, Internet of Things, home security, personalized services, cloud mediation and brokering, collaborative communications, health and wellness, and smart cities. Beyond these new services, most operators see that moving their existing network functions to a new infrastructure will have huge impacts on capital expenditures, operating expenditures and agility. There are no longer debates over impact on current and potential future business opportunities.
  • The infrastructure that will underpin the new services is not universal or consistent. In fact, what we see is that there will be many ways to build out these next generation virtualized, agile, software oriented infrastructures.There is a spectrum of options. On one end are the telecom clouds based on proven architectures of modern enterprise environments at scale. They use what works, including VMware, EMC storage arrays, vBlocks, x86 servers and IP networking. These are the building blocks of the biggest banks, governments and manufacturers in the world and many telecom operators are starting with these tools and moving quickly. At the other end, some operators are exploring technical components that come from the webscale world. The tools used in that environment include container-based virtualization, heavy use of white box hardware and software-based infrastructure tools such as EMC ScaleIO or ViPR.However given the scale and complexity of most operators, the toolkit of choice is a combination of proven infrastructure and new technology. This is not surprising since the workloads on a modern telecom cloud will range from core mission critical to exploratory and experimental. Having a host of tools in the cloud architecture gives the platform the flexibility to support that diversity. As long as the technology results in an agile, software oriented, shared, virtualized cloud, there is no wrong answer.
  • Finally, this next phase of the telecom ecosystem is a huge opportunity for the EMC Federation. We have spent the past decade virtualizing the enterprise world and the impact has been huge. Efficiency in data centers is up dramatically, costs per unit of compute and storage are down dramatically, time to deploy applications is down by orders of magnitude and resiliency and agility are both better than they have ever been in modern IT.In this next phase of telecom (NFV, telco transformation, telco clouds, etc.), the end state is similar even if the technology continues to evolve to better serve specific telecom needs. EMC Federation efforts over the past few years have not just delivered the existing building blocks, but added new hardware capabilities, new infrastructure tools, and higher level technology focused on big data and application development and delivery.Our engagement model with operators is focused on leveraging this massive toolset of modern infrastructure capability plus deep technical expertise to collaborate on building out next generation infrastructures. Our telecom customers are engaged and looking for the kind of deep collaboration EMC does well.

Having seen telecom evolve before, I know it’s always a long journey. However, I am convinced that the industry is now fully in motion and I look forward to the innovation once these next generation telecom infrastructures become available to the world. Overall a very exciting indicator of things to come.

This post was originally shared on EMC Reflections blog.