In this third of three blog posts on IDC’s IT outlook for 2015, analysts tackled the topic of cloud.
Here IDC’s Robert Mahowald, program vice president of SaaS and cloud services; Mary Johnston Turner, research vice president for enterprise system management software; and Rick Villars, vice president of data centers and cloud, outlined three ways in which the cloud will shake up IT ecosystems in 2015 and how IT leaders can prepare.
Hybrid cloud adds complexity to IT environments
IDC predicts that by 2016 more than 65% of enterprise IT organizations will commit to hybrid cloud technologies.
“This is going to really drive a number of changes across the structure, management, and just operational velocity of many IT organizations,” Turner said.
Enterprises are being driven to adopt hybrid cloud for a number of reasons, Turner said. These include the need for cloud service diversity, the demand by end users for more and more self-service IT, and the growth of OpenStack and open source containers.
“So for IT organizations this is going to create an environment where the real demands for what you have to do every day are not so much about the care and feeding of individual components but really about ensuring the end-to-end delivery of IT services, or IT as a service, that’s defined in terms of policies and SLAs and user experience and compliance,” Turner said. “And for many enterprise IT teams it means that you’re going to have to do a lot of learning in a quick amount of time.”
IT is going to have to master new tools and standards as well as understand what’s going on in open source, because Turner predicts open source will be an important enabler for hybrid environments.
How complex will these hybrid cloud environments be? IDC estimates that 60% of enterprises will probably subscribe to 10 or more cloud services and IT will not always know about all of them. On top of that, 25% of those services may go out of business in a couple of years, Turner said.
“So it’s going to be a very dynamic, fast changing kind of churn to IT environments which is very very different to what we’ve seen traditionally where change was really centrally planned and managed and executed slowly,” Turner said.
This means there will be a lot of concern around maintaining the performance and security for all kinds of applications.
Turner said IT teams along with major stakeholders will have to jointly review corporate policies around issues such as data protection and risk management to really make sure those policies are appropriate for a hybrid cloud architecture.
Data privacy regulations will determine cloud use
IDC predicts that in 2015 65% of the selection criteria for enterprise cloud will be shaped by efforts to comply with data privacy legislation.
“We think there’s going to be a muddle of sorts for a year or so when the SaaS and PaaS providers begin to branch out from where they’re hosted to get at the new geographies,” Mahowald said.
He added that these providers don’t fully understand who will be responsible for not only the SLA but the end-to end-security as they branch out. Making matters more complex, the end-to-end service will likely involve a whole chain of cloud providers.
“It used to be, you know, I bought software, I installed it in my data center, I ran it locally, it was pretty easy to figure out where the fault might lie. Now all of a sudden there’s a chain of providers each providing a discrete piece of either capability or delivery and that makes it much more muddled,” Mahowald said.
However, Mahowald said new services are emerging, such as “indemnification as a service,” that help to figure out who is responsible for what between providers and who will bear the monetary costs should there be losses.
Even so, Mahowald urges companies to do their due diligence and make sure they are getting what they need in terms of compliance.
Enterprises — in addition to having a governance, risk and compliance committee — should also form a service management team as part of the CIO/IT team. The service management group is in charge of implementing cloud technologies within the organization. He urged CIOs to join CISOs in learning the laws that govern privacy and compliance issues. It is increasingly important for IT professionals to be aware of and learn about the legal aspects of cloud computing — whether privacy laws or dealing with cloud contracts or local laws, Mahowald said.
“At the end of the day when the lawyers show up we think it’s super important to have an understanding of where your data and your assets are when they’re not in your data center,” Mahowald said.
Managing risk in sourcing IT services
IDC predicts that in the next year or so 75% of IaaS provider offerings will be redesigned, rebranded, or phased out.
“We do expect to see some players who announced significant cloud efforts over the last couple of years to begin to back track from those or phase out those efforts,” Villars said.
Because many of the initial cloud implementations that service providers built are proving difficult to enhance, change, and modify, Villars said providers are now rethinking and changing their cloud services.
“We see many [service providers] going now and making significant [re-architectures] in their environment to create more evergreen networks or evergreen solutions that will allow them to be much more flexible about continuing to introduce new technology, introducing new capabilities without having to do a major rebuild,” Villars said. However, over the next couple of years this transition will be a significant issue for companies to sort out, Villars said.
And companies will have to incorporate the ability to switch vendors into their IT planning and governance processes.
Villars gave two pieces of advice to help companies deal with this transition.
- “Go back to service providers that you’re currently working with as well as those that you’re evaluating [and] demand deeper insights into the road map, into how the road maps are going to enable this kind of evergreen operation so we don’t have to go through these kinds of rebuilds again.”
- He also said to make sure that, when your company is talking to a service provider, “refresh cycles” or rebuilds are not part of the conversation. “This is supposed to be an evergreen environment so make sure the conversation is including that idea of long term [continuous] operations.”
For more IDC 2015 forecasts check out IDC prediction for IoT 2015: It’s a doozy and IDC 2015 security predictions: How to keep up with the bad guys
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.
As 2014 draws to a close, security is at the forefront of everyone’s minds. The most recent unsettling security incident is North Korea’s alleged involvement in the Sony data breach and the implications of that type of cyber attack for other private companies. How should companies prepare for security in 2015?
“The bad guys are going to grow,” Pete Lindstrom, IDC research director of security products, said during the company’s recent 2015 security prediction webinar. “They’re going to adapt and innovate, and so we have to really mirror and match that and hopefully get ahead of them in some ways moving forward.”
An attacker can innovate faster than a regulation, warned Lindstrom. “We have to keep in mind that these folks are nimble and they’re going to get around any kind of… enforced controls that are out there,” he said.
Here are four areas of security outlined in the IDC webinar that IT leaders should consider for 2015:
The first step is to figure out where to invest your money. Companies don’t have enough money to do it all and protect everything, so some analysis is needed to figure out where to strategically invest.
“You need to put this whole concept of risk mitigation on the top of your agenda,” Charles Kolodgy, IDC research vice president of security products, said. “Many more organizations will have to start looking at their security spending by risk because they just don’t have enough money… to protect [everything].”
Kolodgy suggests looking into analytics and software that may be able to help your company get a better understanding of how best to deal with security investments. IT needs to be able to quickly adjust to emerging threats, he added. And old strategic investments are becoming liabilities.
“You need to have a team of security professionals and I think that team should also include a business person… so that they can look at metrics to help with your decision-making,” Kolodgy said.
Lindstrom added: “We’re all better off as we get our arms around understanding economic impacts and probabilities… and get away from this age-old, fear, uncertainty, and doubt kind of approach to securing our enterprise.”
“[Threat intelligence is] not about just generating data as much as it is about figuring out how to get to that intelligence side of things,” Lindstrom said.
In order to successfully utilize threat intelligence, Kolodgy said companies will need to carefully vet vendors in order to make sure you’re getting full visibility.
“The problem is that… there’s a wide range of providers that are both established security vendors, established telecommunications vendors, and a lot of new guys,” Kolodgy said. He advises companies to focus on whether vendors are creating their own intelligence or just amalgamating intelligence. In other words, “are they a secondary or primary source of information?”
Kolodgy said that it is critical for a company to know this as they build out the usage of threat intelligence “because you could have duplication.”
Regardless, having some sort of program in place is key because the software that vendors provide allows companies to “pick that needle out of the hay stack,” Lindstrom said. It will be able to tell you that you’re at risk under X circumstances from X person and X type of resources need to be protected more.
Kolodgy also suggests automating threat intelligence because there is a shortage of IT security talent.
“We need to manage the data a lot better than we do it because it is a potential liability,” Kolodgy said. Especially because everyone and everything is moving to the cloud.
“It’s in a lot of respects a little disappointing that we’re at the stage we’re in given the nature and sensitivity of data. And [it is] certainly worth pointing out that this also includes the new and improved cloud-based file transfer services and the like from our data stuff,” Lindstrom said. But like it or not, there is no avoiding the cloud at this stage in the game, he said.
Lindstrom suggests “[tethering] your [cryptographic] key into your environment.” He added that “maintaining them under your control is going to be crucial to your long term strategic success around encrypting data and deploying it in the cloud.”
You need to have direct access to your cryptographic keys at all times, Kolodgy added.
“You [also] need to have policies,” he said. It is important for a company to determine what specific categories of information require confidentiality. Once those categories are pin-pointed, policies must be put in place.
But in order to do all of this successfully, Kolodgy said it has to be a team effort between the business side, the compliance auditors, and the security team.
Kolodgy points out that because attackers can innovate much faster than companies can right now, it’s important to leverage SaaS, and the agility that comes with it, to compete with attackers and be one step ahead of them.
“You’re not going to have time to roll out a product and train people and hire people,” Kolodgy said.
Either way, companies don’t really have a choice anymore.
“If our data centers are moving to the cloud, our security has got to move with it,” Lindstrom said. He advises that companies leverage outsourced managed security services because if you’re not “you’re probably missing out on the real great insight that they can gain from attacks going on all over the place.”
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.
It’s official: The FBI linked the Sony Pictures hack back to North Korea today, as Associate Editor Fran Sales reports in this week’s Searchlight News Roundup. You can read the full FBI statement here.
The destruction and leaking of sensitive corporate data by a group calling itself the Guardians of Peace was in retaliation for The Interview, a movie that depicts an assassination plot against North Korean leader Kim Jong Un.
In a press conference following the FBI’s announcement, President Barack Obama made more news, saying that he thought Sony’s decision to cancel the Dec. 25 release was a mistake.
“Sony’s a corporation; it suffered significant damage; there were threats against its employees; I am sympathetic to the concerns that they faced. Having said all that, yes, I think they made a mistake,” Obama said.
The president said he wished Sony had discussed the issue with him first, because he would have advised the company to not let a dictator in another country bully them into pulling what was clearly a satirical movie.
“We cannot have a society in which some dictator someplace can start imposing censorship here in the United States. Because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary that they don’t like, or news reports that they don’t like. Or, even worse, imagine if producers and distributors and others start engaging in self-censorship, because they don’t want to offend the sensibilities of somebody whose sensibilities probably need to be offended,” Obama said.
In other news this week, Yahoo CEO Marissa Mayer tries to restore the company to its former tech glory and Apple Pay may soon face a worthy rival in Samsung; and Sony is working on a clip-on wearable that may give Google Glass a run for its money. Check out these items and more in this week’s Searchlight.
The International Institute for Analytics (IIA), a research firm based in Portland, Ore., recently discussed ten predictions for 2015. Some were conventional — Prediction #7: Hadoop will go mainstream. Some were thought-provoking — Prediction #2: Storytelling will be the hot new skill in analytics. Should CIOs consider hiring journalists to do that job?
And one stood out because it seemed, well, ominous — Prediction #9: Analytics, machine learning, cognitive computing will increasingly take over the jobs of knowledge workers. Tom Davenport, co-founder of the IIA, professor of management and information technology at Babson College and analytics thought leader, said — and has been saying for years now — that business leaders need to be preparing for this now. They should consider how to “prepare knowledge workers to augment the work of smart machines rather than be automated by them,” he said.
Automation is already happening. Journalists, lawyers and even teachers are standing by while parts of their job descriptions are being taken over by things like predictive coding, knowledge-based curriculum design or automated earnings reports. While the technology is “still quite fragmented,” Davenport said during the IIA 2015 predictions webinar, “there’s probably not a knowledge worker problem out there that can’t be addressed by some system.”
There are benefits to the advancing tech. In many cases, as fellow IIA faculty member Robert Morison pointed out, “what we’re doing is better equipping people, and if we could do that at scale, it could make an enormous difference,” he said.
Jeremy TerBush, vice president of analytics at Wyndham Worldwide Corp. explained in the call that his team developed internal pricing systems that rely on algorithms to project tomorrow’s vacation rental prices. The cognitive computing program has not had an impact on the company’s workforce. “We’ve seen it hasn’t automated away any jobs,” he said. “It’s just allowed us to be more focused on us managing our inventory better.”
The system works about 80% of the time. “But 20% of the time, the prices are overridden by our revenue management team, who is closer to the market and picks up on things the algorithms are missing,” he said.
Automation can provide efficiency, help businesses make better decisions and save on costs. But (cue the sounds of dismay) there is the other side of the coin businesses may not be considering: What are they at risk for losing? Will automation simply deepen the divide between haves and have-nots?
Said Davenport: “I suspect the people who you need to do that are your most experienced and expert pricing analysts — and not the ones fresh out of school. Because, as we were saying, oftentimes the entry level work can be done by computers, it’s the hard cases humans need to override or augment.”
The question is, said Morison, “How does someone become an experienced pricer when all of entry level work is done by machines? Who learns to be the experienced expert?”
Data breaches have unfortunately become the norm. But the now infamous Sony breach has opened the eyes of the IT world to the fact that we haven’t seen the end of what cyber attacks have in store for enterprises.
Breaches can be more than just exposing sensitive information; as the Sony hack shows, they can be personally malicious. The attack, which used “wiper” malware to steal and delete corporate data, sought to harm Sony employees, Associate Site Editor Fran Sales reports. The attack was also highly sophisticated, according to experts — sophisticated enough to get by the security defenses of 90% of the private industry, according to the FBI cyber division’s Joseph Demarest Jr.
In addition to laying out how the Sony hack was different from other corporate attacks, Sales provides tips on how to protect yourself and your company from breaches like this. Good luck.
In other news this week, IBM and Apple have released 10 of the anticipated 100 apps in the IBM MobileFirst suite; Microsoft now accepts virtual currency, The Washington Post details the demise of Pirate Bay, and more in this week’s Searchlight.
A fundamental piece of advice that CIO Fumbi Chima gives to anyone who asks for professional help: Learn how to take risks. “You have to come out of your comfort zone,” she said during the recent Gartner Symposium CIO panel. She speaks from experience. The CIO at Walmart Asia, Chima didn’t start her career in IT — or retail, or Asia, for that matter.
Chima was first an accountant before wading into management consulting and then IT, working for companies like TXU Energy and American Express. The leap from accounting to IT meant she “had to teach myself how to be a business architect, to understand the physical and logical architecture — what it is and how do I map my business skills back to technology,” she said.
Five years ago, she took another leap of faith and changed industries, leaving financial services for retail. Of course, she was not just learning the retail business at any company, but at Walmart, one of the world’s largest retailers.
When considering a leap of faith — or when looking for a general change in career, Chima said to answer this question: What is the unique value you’ll bring to the position? Understanding that she had only a sliver of retail experience compared to some of her Walmart colleagues with 20-plus years in the industry, she thought strategically about what value she could add to the group and company, as well as what best practices from previous roles she could borrow “to help move the business further.”
It’s a kind of intellectual curiosity, what Chima called “being a student of innovation,” that continues to push her today. Earlier this year, she took another leap of faith when she accepted a position and moved her family to Hong Kong. No doubt, she’ll soon find a way to lend her unique value to that new community.
You may not have heard of the startup Paydiant, but chances are good that you’ll use its technology pretty soon. Paydiant
has built the technology behind the mobile payments platform underlying CurrentC, the mobile pay app that is competing against Apple Pay for leadership in the mobile payment space.
Paydiant, started in 2010 in the proverbial basement (in this case, co-founder’s Kevin Laracey’s), has partnered with the Merchant Customer Exchange, or MCX, the consortium formed by many of the biggest retail brands in the US including Target, Walmart, CVS, Best Buy and Rite Aid to develop CurrentC.
When I visited Paydiant to film for my Startup Spotlight series, I asked co-founder Chris Gardner how Paydiant got from a small, scrappy company to where it is today.
In addition to no sleep, Gardner said a large part of the Boston-based startup’s success is due to hiring the right people. Here are the highlights:
Install an executive team well-versed in startups
While startups are often seen as the sole province of young people, experience does matter, according to Gardner.
“As you can tell I’m an old guy. We’re not 20-somethings in a garage and so I think that helps,” Gardner said. “On the executive team, a lot of us have been doing really only startups. Speaking just for me, I’ve only kind of done… technology startups in the Boston area.”
In fact, this is Gardner’s third payments startup. In his opinion, the collective startup experience among the executives at Paydiant really contributed to the success of the company. So does having leadership with expertise in multiple areas, said Paydiant CFO Melinda Smith, who has been with the company since its founding.
“When you’re early in a startup company as a CFO you need to wear a lot of hats; it’s not just about finance” she said.”[Financial expertise] is an important component when you’re reporting to investors that have invested in the company, but you also need to have experience in human resources and some of the legal aspects of the company.”
Like Gardner, Smith’s background is replete with startup experience, Paydiant being her fourth startup.
Develop an instinct for who will fit in and advance
In addition to finding experienced people to fill the executive positions, Gardner said the hardest part of building a company is hiring the right people for the other levels of the company.
“It’s probably our single most important job,” Gardner said. “And you have to be right [about the person you’re hiring], you know, 95% of the time.”
Gardner said over the years the company has developed an instinct for hiring people who will be good team members and who will be able to “grow and scale with the company,” including taking on management roles.
“Find those diamonds in the rough,” Gardner said.
It’s not just about the ‘ultimate nerds’
At Paydiant, that doesn’t just mean finding smart, tech-savvy people, Gardner said. In addition to having those qualities, Paydiant employees also need to be articulate and represent the company well in front of customers and partners, Gardner said.
“Some people just look to go out and hire the most brilliant software developers they possibly can. We actually place a very high value not just on… technical chops, [making] the bits and bytes fit together, but also on people that can talk,” Gardner said.
And this is one aspect of Paydiant that sets them apart, Gardner said. “We very much value the articulate, charismatic types not just the ultimate nerds.”
Stay tuned for my upcoming Startup Spotlight video on Paydiant.
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.
Market research firm IDC presented its 2015 predictions for the IoT this week, and my first reaction was, “This one’s a doozy!” To put it another way: CIOs and CISOs, prepare for a massive flood of data and information from a slew of sensorized things, along with a lot more responsibility for IT professionals.
According to IDC, here are three important points you need to know about the IoT in 2015.
IoT and the cloud
IDC predicts that within the next five years, over 90% of all IoT data will be processed by cloud service providers. “We believe IoT data will be created from a wide range of sources and data formats,” said Vernon Turner, senior vice president at IDC. “As such, the better IoT solutions that have greater business values will have to integrate and process data from different repositories. Cloud computing providers will be better suited to this activity, rather than IT attempting to run it on premise or in a private enterprise environment.”
This will drive IT organizations to establish robust chargeback services, Turner said. This is because people will only want to pay for appropriate “data blending” services — data blending, in IDC parlance, meaning, taking the data, finding the value, and using it to benefit the business. Turner said establishing these chargeback services will become more important because IT will now be responsible for the original IoT data sources, as well as the “data blending” done by the cloud computing providers.
“The data blending process is not a simple aggregation or mash-up of data sources but rather an intelligent rules-based process that will require careful IT management and support,” Turner said.
Turner suggests IT organizations invest in automation services to manage real-time interactions, and to make sure there is a chief compliance officer involved because these interactions will require a heightened level of governance.
IoT and security
IDC predicts that within two years, 90% of all IT networks will have an IoT-based security breach. Though IDC says many of these will be considered “inconveniences,” CISOs will be forced to adopt new IoT security policies.
“The big challenges for security officers will be security and ensuring the privacy of information shared across so many so-called ‘smart devices’, whether they be televisions, automobiles, appliances,” Turner said. And because users may want access to all this data, it will create a huge compliance challenge, he added.
In addition, creating technology architectures around the IoT while ensuring platform inter-operability will be a challenge. Turner said data transfer through the corporate network must be encrypted, multiple methods of authenticating persons and devices must be implemented, and IT should be required to identify security and privacy-related technologies to support industry standards.
So, CISOs, “need to think of a strong governance framework to tackle data leakage and privacy issues,” Turner said. “With so much data being created and handed off at many more touch points than before, this framework needs to be endorsed by the CEO.”
CISOs should also collaborate with their peers in order to get greater insights and situational awareness into areas vulnerable to breaches. Turner predicts this may be hard for CISOs to do but “the IoT will define a new level of openness where everything and everyone will be transparent,” he said.
Though it may be tough to do, Turner warns that those organizations or individuals who don’t accept transparency will be “almost impossible” to trust.
IoT and network capacity
IDC predicts that within three years, 50% of IT networks will go from having excess capacity to handle the addition of IoT devices, to being network-constrained — 10% of sites will be overwhelmed by the data from these devices.
“This seems hard to believe but when you think of the billions of endpoints pinging or streaming data through networks, capacity is going to be challenged,” Carrie MacGillivray, program vice president at IDC, said.
MacGillivray predicts that by 2020, 10,000 devices will be connected to corporate networks every minute –not every day or week but every 60 seconds.
“And therefore there will be the potential to impact that overall performance of the network if it’s not properly managed,” MacGillivray said. “Enterprise IT is going to be given the mandate to protect company data and its… end points.”
This will be a huge job for IT but it seems, right now, IT organizations are more concerned about the devices being brought into the enterprise, like tablets and smartphones and even some PCs, MacGillivray said. They are not paying attention to the potential IoT connections or the data that the company is supporting and they need to be.
But all that will change.
“We expect that by 2018 IoT network management is going to become a top five initiative along with business analytics, cloud computing and mobility projects,” MacGillivray said. “There’s going to be a need to support sensor-created content and outcomes.”
MacGillivray said that IT will have to set network access policies for these “things” or endpoints; there will need to be an access control and automation system in place to make sure the IT team isn’t overwhelmed, and, she said, it’s important to work to get IT a seat at the table early in the IoT planning process, before buying decisions are made.
If you had the opportunity to be the next Uber would you take it?
An innovative technology could mean a company’s big break or, as in the case of Uber, disrupt an entire industry.
Nowadays, businesses have to adopt and adapt to new technologies that might give them a competitive edge — and CIOs are in the position to help. But how do you know which new technology will pay off for the business and which will peter out — or worse, inflict damage.
One way for CIOs to get in the technology innovation/disruption game, according to a new report out by Deloitte, is to start thinking like a venture capitalist. As Associate Site Editor Fran Sales reports in this week’s Searchlight column, venture capitalists accept that some investments will be successful and others will fail — and hedge their bets accordingly. Of course, that’s a tall order for CIOs whose job, after all, is to ensure the reliability of IT operations.
Need some encouragement? Read about how Charles Weston, the former CIO of Bloomin’ Brands, took a flyer on cloud early on despite his teams’ concerns.
In other news this week, is Cyber Monday the new Black Friday? Also, read about the rise of the chief data officer, how Apple is under fire for deleting music that some of its iPod users downloaded from rivals, and more in this week’s Searchlight.
Not all key performance indicators (KPIs) are effective. Some are barely understood by the people instrumental to the outcome being measured. To help employees understand the meaning of KPIs, Dorvin Lively, CFO at Planet Fitness, developed a Financials 101 class.
“I make everybody in the company go through it,” said Lively, a panelist at the recent MIT Sloan CFO Summit in a session focusing on identifying, interpreting and acting on KPIs.
In addition to financial measures, the club also uses a number of non-financial KPIs, said Lively — the wear and tear on machines being one. At fitness clubs, the treadmill closest to the locker room, for example, typically gets used most, so machines are rotated based on usage minutes.
Outside competition has an impact on business results, so Lively measures the lead time on new clubs coming into a market by researching pending and signed leases.
Customer satisfaction, of course, is another critical non-financial KPI, Lively said. The clubs recently added a gadget that asks patrons whether they are happy or not. “It’s wireless so it can be put anywhere in the club — at the front desk, in the restroom,” Lively said.
The rating, transmitted in real time, is taken seriously. “We incent our club managers on only three things: Say hello, say goodbye, and keep it clean,” Lively said. At one of the clubs that was consistently scoring on the low end of happy, the company tutored front desk managers on their obligatory hellos and goodbyes.
“We came up with a script,” Lively said. Instead of just hello, clients were greeted by name when they checked in. The front desk manager was instructed to tell the client to “have a good workout” on the way in and to “have a good day” on the way out.
Pretty basic stuff, but according to Lively, the customer happiness score at this club quickly went from the 70th percentile to the 90th percentile. “So, there is a metric that is not financial but is using today’s technology to see how a club is performing pre and post changes,” he said.
For more on the MIT panel on KPIs, check out my article, “Finding KPIs that matter to the business.”