VMware appears intent on celebrating its 20th birthday in some style. The company's various announcements at VMworld Europe in Barcelona have further showcased its position as an enabler of enterprise cloud technologies, with acquisitions and partnerships key.

Regarding the former, VMware announced the acquisition of Heptio, a company set up by two founding Kubernetes engineers to help expand the container orchestration tool's reach into the enterprise. Craig McLuckie, co-founder, CEO and former Google product manager, explained the rationale behind selling in a congratulatory blog post with the URL tag of 'champagne.'

"When we first started conversations with VMware, the alignment of our respective visions was uncanny," McLuckie wrote. "With virtualisation, VMware helped enterprises changge the way their infrastructure operates. VMware values our products and serviecs – together we can apply these technologies to change the way business operates, and where they run their applications."

The companies' shared destination for utilising Kuberenetes as a framework to help untangle the complexity of multi-cloud infrastructure, with open source at its heart, is apparent. From VMware's perspective, Paul Fazzone, SVP and general manager cloud-native apps, explained: "Our shared goal will be to deliver a cloud-independent Kubernetes control plane for builders, operators and consumers of modern infrastructure and applications, with consistency and conformance across any cloud, and delivering the required enterprise services and tooling needed by the modern IT organisation."

Naturally, thoughts will turn to how this impacts the wider industry – particularly given this acquisition is somewhat in the shadow of IBM's blockbuster buy of Red Hat at the end of last month. Keith Townsend, formerly an analyst and now solutions architect at VMware, put it like this:

IBM was on the stage at VMworld to discuss the extension of its two year partnership with VMware, around extending mission-critical VMware workloads to IBM's cloud, as well as more integration to help enterprises get on board with Kubernetes and containers. Naturally, VMware CEO Pat Gelsinger could not resist asking about the 'little announcement' IBM had made the previous week.

Arvind Krishna, SVP hybrid cloud and director of research at IBM, explained the combinations. "This acqusition is really about combining Red Hat's open source technologies with our hybrid cloud protfolio and bringing them together to market," he said. "It really is going to accelerate hybrid cloud, but in a multi-cloud world."

VMware continues to expand its moves with Amazon Web Services (AWS). VMware Cloud on AWS will be hosted in a variety of new data centres, including AWS EU, in Ireland, AWS West, and AWS East, in North California and Ohio respectively. At VMworld in August, the Las Vegas audience was treated to a cameo from AWS chief executive Andy Jassy. No such luck this time around, but the partnership continues apace; the companies claim more than 200 partners have achieved solution competency in their environment within six months.

One of the more interesting announcements was around the beta launch of VMware Blockchain. Building off Project Concord, an initiative launched in Las Vegas, the offering is aimed at, again, getting the enterprise on-board. "The key thing we are focused on here is making sure that, as the blockchain pioneers are beginning to say 'I need to put something in production here', moving from concept to enterprise-class blockchain is where we're focused and that is where this beta is beginning to make those technologies available," said Ray O'Farrell, VMware CTO.

With power comes responsibility however; the company has long since distrusted the energy consumption blockchain technologies take up. Gelsinger affirmed this message again yesterday, describing its computational complexity as 'almost criminal.'

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Most organizations are awash today in data and IT systems, yet they’re still struggling mightily to use these invaluable assets to meet the rising demand for new digital solutions and customer experiences that drive innovation and growth. What’s lacking are potent and effective ways to rapidly combine together on-premises IT and the numerous commercial clouds that the average organization has in place today into effective new business solutions.

read more

Clare Hopping

Clare Hopping

Adam Shepherd

Adam Shepherd

Banks are recognising the benefits of cloud computing – but progress remains slow.

That’s the verdict of consulting firm Accenture, who has released a new report focused on how banks need to win in the digital age.

The report, which showcased the opinions of 35 executives at global banks who were responsible for technology and information security, found very few to have been out of the loop altogether. Only 3% of those polled said they did not have a cloud strategy. The majority (40%) said they had agreed upon best practices but gotten no further, while 31% had core practices in place and 26% said they had core practices and measures for continuous improvement.

Spending on cloud services within IT budgets is predicted to rise in the coming years – but it is not exactly a huge acceleration. While those who are spending up to a fifth of their IT budget on cloud will remain at 17% across the next three years, by 2021 almost half (46%) of those polled said they would be spending 11-15% of their budgets on cloud services. This is up from 29% today.

When it came to cloud technologies transforming the operating model in IT, the consensus was again somewhat tepid. The majority – 43% – of those polled said they did expect their transition to cloud to drive changes in operating models, but they had not defined what the model was. 31% said they were in the process of defining and moving to a new operating model, with 26% going full steam ahead on the new paradigm.

“Banks recognise the need to build future IT systems on cloud platforms, and there are pockets of cloud deployment across most banks,” the report noted. “But many banks still lack a comprehensive cloud strategy that will enable a rapid shift to the cloud, and very few have defined an enterprise-level operating model for transferring existing applications to the cloud and systematically adding cloud-based applications and capacity.”

This need for banks to step up their initiatives has been covered by this publication previously. Writing in August, Roberto Mircoli of Virtustream noted how banks, more than many other industries, do not work to a ‘one cloud fits all’ idea. “Financial institutions must carefully select the CSP that is right and suitable for their needs,” Mircoli wrote. “Likewise, any CSP that an institution works with must have a firm understanding of the relevant compliance landscape.

“It is important to be able to demonstrate that a judgement call can be made when required,” added Mircoli. “This is where the CSP must have the deepest and broadest expertise on what it takes to migrate complex mission critical systems to the cloud.”

You can read the full report here.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

IDC unveiled its top information and communications technology (ICT) predictions for Asia-Pacific excluding Japan (APeJ) region. IDC now predicts that many more organisations will be 'digitally determined' by 2020, transforming commercial markets and reimagining their future growth potential.

Digitally determined organisations demonstrate the ability to vision, plan, and operationalise their digital transformation (DX) through ambition, grit, discipline and commitment. Ultimately, all digital determined organisations aspire to become 'digital native enterprises'.

Digital business market development

"To be one of the digitally determined, Asia-Pacific organisations requires more than tenacity; it requires a blueprint that consists of a single enterprise strategy, resoluteness to make required organisational and cultural changes, a long investment strategy based on the principle that digital is inherently valuable to the business; and should have a single digital platform to scale technology innovations," said Sandra Ng, group vice president at IDC.

According to Ng, the top predictions that will impact the overall ICT industry — both technology buyers and their vendor suppliers — in the Asia-Pacific region during the next 36 months are:

Digital determination: By 2020, at least 55 percent of organisations will be digitally determined, transforming markets and reimagining the future through new business models and digitally enabled products and services.

Data monetisation: By 2020, 60 percent of large enterprises will create data management or monetisation capabilities, thus enhancing enterprise functions, strengthening competitiveness, and creating new sources of revenue.

Digital KPIs: By 2023, 80 percent of entities will have incorporated new digital KPI sets – focusing on product or service innovation rates, data capitalisation, and employee experience – to navigate the digital economy.

Digital twin: By 2020, 30 percent of leading companies will have implemented advanced digital twins of their operational processes which will enable flatter organisations and one third fewer knowledge workers.

Agile connectivity: By 2021, driven by LoB needs, 60 percent of CIOs will deliver agile connectivity via APIs and architectures that interconnect digital solutions from cloud vendors, system developers, startups, and others.

Blockchain-enabled DX platforms: By 2021, prominent in-industry value chains, enabled by blockchains, will have extended their digital platforms to their entire omni-experience ecosystems, thus reducing transaction costs by 35 percent.

BizOps: By 2021, 45 percent of CIOs will expand Agile or DevOps practices into the wider business to achieve the velocity necessary for innovation, execution, and transformative change.

AI-driven edge: By 2022, over 30 percent of organisations’ cloud deployments will include edge computing, and 25 percent of endpoint devices and systems will execute artificial intelligence (AI) algorithms.

Digital trust: By 2020, 55 percent of CIOs will initiate a digital trust framework that goes beyond preventing cyber attacks and enables organisations to resiliently rebound from adverse situations, events, and effects.

AI-based IT operations: Compelled to curtail IT spending, improve enterprise IT agility, and accelerate innovation, 60 percent of CIOs will aggressively apply data and AI to IT operations, tools, and processed by 2021.

Outlook for future enterprise applications

Ng concludes, "AI is creating a new paradigm for individuals, businesses, industries, economies and governments. It is shaping the future of intelligence in organisations and in workers. To this end, IDC predicts that by 2025, 60 percent of frontline connected devices will be voice-enabled, with a smart assistant, and able to control 80 percent of devices deployed in consumer and enterprise settings."

According to the IDC assessment, voice is increasingly influencing the way we work, live, learn and play. The race to the future enterprise has begun. No one and no entity will be spared of the need to at least reset or reboot, if not reinvent. Digital reinvention is the future, and the new normal for IT.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Clare Hopping

The role of the cloud access security broker (CASB) will become ever-more important in the context of organisational security.

According to analyst firm Gartner, through 2023 “at least 99%” of cloud security issues will be the fault of the customer. The notion of shared responsibility – one which regular readers of this publication may well be sick of hearing given its frequency – needs to be hammered home again. Cloud vendors are predominantly responsible for security of the cloud – protecting infrastructure – while the customer is responsible for security in the cloud, such as the data, applications, and identity and access management.

Writing for this publication in August, Hatem Naguib, SVP security at Barracuda Networks, noted his belief that many organisations misunderstand this model. “The organisations benefiting the most from public cloud are those that understand their public cloud provider is not responsible for securing data or applications, and are augmenting security with support from third party vendors,” wrote Naguib.

CASBs, therefore, are something of an intermediary in this process. Sitting in between a company’s on-premises infrastructure and a cloud provider’s infrastructure, they can take the responsibility away from the customer end. This can be through greater visibility of who and what is accessing data in various clouds, enforcing security and identity policies, threat protection, and compliance.

With this in mind, Gartner’s latest Magic Quadrant for CASBs makes for an interesting read. In all, 13 vendors made the cut, with four tightly bunched in the leaders’ section; Bitglass, McAfee, Netskope, and Symantec.

One of the more egregious security errors organisations can make is through exposed storage buckets. According to recent McAfee research, there are thousands of individual misconfigurations in companies’ IaaS and PaaS public cloud instances. Worryingly, 5.5% of AWS S3 buckets analysed were set to ‘world read’ permissions.

McAfee claimed in February to be the only CASB which was able to provide visibility into third party risk and identify exposed S3 buckets. Indeed, after the acquisition of Skyhigh Networks closed at the start of this year, Gartner notes, McAfee’s offering was one of the first to raise awareness of shadow IT. The analyst firm notes its ‘comprehensive’ dashboard and much improved visibility processes for sensitive content as strengths. For weaknesses, the report warned over future performance given McAfee’s ‘spotty’ execution of acquisitions.

Of the other leaders, Bitglass was praised for various technical attributes, including watermarking of documents and automated learning, although noting its name did not come up as often as its rivals in client inquiries. Netskope – which acquired Sift Security in July to improve its threat detection capabilities – was given good marks for a comprehensive risk database and access control policies, albeit with a ‘minor’ increase in inquiries around installation challenges and service performance. Symantec, whose acquisition of Blue Coat in 2016 included Perspecsys and Elastica, two previous CASBs in the latter’s portfolio, has strong service discovery and usage but a ‘cumbersome’ UI.

The other companies which made the cut are an interesting list of security specialists and huge names. In the second category, naturally, are Cisco, Oracle and Microsoft – the latter two placed as challengers – while CensorNet, CipherCloud, Forcepoint, Palo Alto Networks, Proofpoint and Saviynt were also analysed.

As ever with these things, it really pays to do due diligence: work out your organisation’s specific needs and which vendor ticks the most boxes. Indeed, any concerns about a company’s cloud use should prompt an exploration of these companies at the least. As Gartner notes, the agility of the CASBs – born and made in the cloud – far outstrips the wider cloud service providers. Indeed, Gartner adds that while Microsoft has Microsoft Cloud App Security (MCAS), an Azure house looking for a full cloud security strategy needs more Microsoft products than its CASB.

Ultimately, the state of where things are today can be summed up by a comment from Netskope CEO Sanjay Beri. “The challenges presented by the cloud necessitate a shift from legacy vendors toward a security cloud that was built from the ground up with the unique characteristics of the cloud in mind,” he said. “This includes real-time visibility into and control over all cloud services, robust data loss prevention, the ability to prevent and remediate cloud threats, and enablement of granular dynamic access control that governs usage in real time for any user from any device across all cloud services.”

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.