Category Archives: Enterprise IT news

Enterprise IT news

Dell EMC upgrades VxRail appliances for AI, SAP HANA

Dell EMC today added predictive analytics and network management to its VxRail hyper-converged infrastructure family while expanding NVMe support for SAP HANA and AI workloads.

Dell EMC VxRail appliances combine Dell PowerEdge servers and Dell-owned VMware’s vSAN hyperconverged infrastructure (HCI) software. The launch of Dell’s flagship HCI platform includes two new all-NVMe appliance configurations, plus VxRail Analytic Consulting Engine (ACE) and support for SmartFabric Services (SFS) across multi-rack configurations.

The new Dell EMC VxRail appliance models are the P580N and the E560N. The P580N is a four-socket system designed for SAP HANA in-memory database workloads. It is the first appliance in the VxRail P Series performance line to support NVMe. The 1u E560N is aimed at high performance computing and compute-heavy workloads such as AI and machine learning, along with virtual desktop infrastructure.

The new 1U E Series systems support Nvidia T4 GPUs for extra processing power. The E Series also supports 8 TB solid-state drives, doubling the total capacity of previous models. The VxRail storage-heavy S570 nodes also now support the 8 TB SSDs.

ACE is generally available following a six-month early access program. ACE, developed on Dell’s Pivotal Cloud Foundry platform, performs monitoring and performance analytics across VxRail clusters. ACE provides alerts for possible system problems, capacity analysis and can help orchestrate upgrades.

The addition of ACE to VxRail comes a week after Dell EMC rival Hewlett Packard Enterprise made its InfoSight predictive analytics available on its SimpliVity HCI platform.

Wikibon senior analyst Stuart Miniman said the analytics, SFS and new VxRail appliances make it easier to manage HCI while expanding its use cases.

“Hyperconverged infrastructure is supposed to be simple,” he said. “When you add in AI and automated operations, that will make it simpler. We’ve been talking about intelligence and automation of storage our whole careers, but there has been a Cambrian explosion in that over the last year. Now they’re building analytics and automation into this platform.”

Bringing network management into HCI

Part of that simplicity includes making it easier to manage networking in HCI. Expanded capabilities for SFS on VxRail include the ability for HCI admins to manage networking switches across VxRail clusters without requiring dedicated networking expertise. SFS now applies across multi-rack VxRail clusters, automating switch configuration for up to six racks in one site. SFS supports from six switches in a two-rack configuration to 14 switches in a six-rack deployment.

Support for Mellanox 100 Gigabit Ethernet PCIe cards help accelerate streaming media and live broadcast functions.

“We believe that automation across the data center is key to fostering operational freedom,” Gil Shneorson, Dell EMC vice president and general manager for VxRail, wrote in a blog with details of today’s upgrades. “As customers expand VxRail clusters across multiple racks, their networking needs expand as well.”

Dell EMC VxRail vs. Nutanix: All about the hypervisor?

IDC lists Dell as the leader in the hyperconverged appliance market, which IDC said hit $1.8 billion in the second quarter of 2019. Dell had 29.2% of the market, well ahead of second-place Nutanix with 14.2%. Cisco was a distant third with 6.2.%

According to Miniman, the difference between Dell EMC and Nutanix often comes down to the hypervisor deployed by the user. VxRail closely supports market leader VMware, but VxRail appliances do not support other hypervisors. Nutanix supports VMware, Microsoft Hyper-V and the Nutanix AHV hypervisors. The Nutanix software stack competes with vSAN.

“Dell and Nutanix are close on feature parity,” Miniman said. “If you’re using VMware, then VxRail is the leading choice because it’s 100% VMware. VxRail is in lockstep with VMware, while Nutanix is obviously not in lockstep with VMware.”

Go to Original Article
Author:

Assessing the value of personal data for class action lawsuits

When it comes to personal data exposed in a breach, assessing the value of that data for class actions lawsuits is more of an art than a science.

As interest in protecting and controlling personal data has surged among consumers lately, there have been several research reports that discuss how much a person’s data is worth on the dark web. Threat intelligence provider Flashpoint, for example, published research last month that said access to a U.S. bank account, or “bank log,” with a $10,000 balance was worth about $25. However, the price of a package of personally identifiable information (PII) or what’s known as a “fullz” is much less, according to Flashpoint; fullz for U.S. citizens that contain data such as victims’ names, Social Security numbers and birth dates range between $4 and $10.

But that’s the value of personal data to the black market. What’s the value of personal data when it comes to class action lawsuits that seek to compensate individuals who have had their data exposed or stolen? How is the value determined? If an organization has suffered a data breach, how would it figure out how much money they might be liable for?

SearchSecurity spoke with experts in legal, infosec and privacy communities to find out more about the obstacles and approaches for assessing personal data value.

The legal perspective

John Yanchunis leads the class action department of Morgan & Morgan, a law firm based in Orlando, Fla., that has handled the plaintiff end for a number of major class action data breach lawsuits, including Equifax, Yahoo and Capital One.

The 2017 Equifax breach exposed the personal information of over 147 million people, and resulted in the credit reporting company creating a $300 million settlement fund for victims (which doesn’t even account for the hundreds of millions of dollars paid to other affected parties). Yahoo, meanwhile, was hit with numerous data breaches between 2013 and 2016. In the 2013 breach, every single customer account was affected, totaling 3 billion users. Yahoo ultimately settled a class action lawsuit from customers for $117.5 million.

When it comes to determining the value of a password, W-2 form or credit card number, Yanchunis called it “an easy question but a very complex answer.”

“Is all real estate in this country priced the same?” Yanchunis asked. “The answer’s no. It’s based on location and market conditions.”

Yanchunis said dark web markets can provide some insight into the value of personal data, but there are challenges to that approach. “In large part, law enforcement now monitors all the traffic on the dark web,” he said. “Criminals know that, so what are they doing? They’re using different methods of marketing their product. Some sell it to other criminals who are going to use it, some put it on a shelf and wait until the dust settles so to speak, while others monetize it themselves.”

As a result, several methods are used to determine the value of breached personal data for plaintiffs. “You’ll see in litigation we’ve filed, there are experts who’ve monetized it through various ways in which they can evaluate the cost of passwords and other types of data,” Yanchunis said. “But again, to say what it’s worth today or a year ago, it really depends upon a number of those conditions that need to be evaluated in the moment.”

David Berger, partner at Gibbs Law Group LLP, was also involved in the Equifax class action lawsuit and has represented plaintiffs in other data breach cases. Berger said that it was possible to assess the value of personal data, and discussed a number of damage models that have been successfully asserted in litigation to establish value.

One way is to look at the value of a piece of information to the company that was breached, he said.

“In other words, how much a company can monetize basically every kind of PII or PHI, or what they are getting in different industries and what the different revenue streams are,” Berger said. “There’s been relatively more attention paid to that in data breach lawsuits. That can be one measure of damages.”

Another approach looks at the value of an individual’s personal information to that individual. Berger explained that this can be measured in multiple different ways. In litigation, economic modeling and “fairly sophisticated economic techniques” would be employed to figure out the market value of a piece of data.

Another approach to assessing personal data value is determining the cost of what individuals need to do to protect themselves from misuse of their data, such as credit monitoring services. Berger also said “benefit-of-the-bargain” rule can also help; the legal principle dictates that a party that breaches a contract must pay the victim of the breached contract an amount in damages that puts them in the same financial position they would be in if the contract was fulfilled.

For example, Berger said, say a consumer purchases health insurance and is promised reasonable data security, but if the insurance carrier was breached then “[they] got health insurance that did not include reasonable data security. We can use those same economic modeling techniques to figure out what’s the delta between what they paid for and what they actually received.”

Berger also said the California Consumer Privacy Act (CCPA), which he called “the strongest privacy law in the country,” will also help because it requires companies to be transparent about how they value user data.

“The regulation puts a piece on that and says, ‘OK, here are eight different ways that the company can measure the value of that information.’ And so we will probably soon have a bunch of situations where we can see how companies are measuring the value of data,” Berger said.

The CCPA will go into effect in the state on Jan. 1 and will apply to organizations that do business in the state and either have annual gross revenues of more than $25 million; possess personal information of 50,000 or more consumers, households or devices; or generates more than half its annual revenue from selling personal information of consumers.

Security and privacy perspectives

Some security and privacy professionals are reluctant to place a dollar value on specific types of exposed or breached personal data. While some advocates have pushed the idea of valuing consumer’s personal data as a commodities or goods to be purchased by enterprises, others, such as the Electronic Frontier Foundation (EFF) — an international digital rights group founded 29 years ago in order to promote and protect internet civil liberties — are against it.

An EFF spokesperson shared the following comment, with part of which being previously published in a July blog post titled, “Knowing the ‘Value’ of Our Data Won’t Fix Our Privacy Problems.”

“We have not discussed valuing data in the context of lawsuits, but our position on the concept of pay-for-privacy schemes is that our information should not be thought of as our property this way, to be bought and sold like a widget. Privacy is a fundamental human right. It has no price tag.”

Harlan Carvey, senior threat hunter at Digital Guardian, an endpoint security and threat intelligence vendor, agreed with Yanchunis that assessing the value of personal data depends on the circumstances of each incident.

“I don’t know that there’s any way to reach a consensus as to the value of someone’s personally identifiable data,” Carvey said via email. “There’s what the individual believes, what a security professional might believe (based on their experience), and what someone attempting to use it might believe.”

However, he said the value of traditionally low-value or high-value data might be different depending on the situation.

“Part of me says that on the one hand, certain classes of personal data should be treated like a misdemeanor, and others like a felony. Passwords can be changed, as can credit card numbers; SSNs cannot. Not easily,” Carvey said. “However, having been a boots-on-the-ground, crawling-through-the-trenches member of the incident response industry for a bit more than 20 years, I cringe when I hear or read about data that was thought to have been accessed during a breach. Even if the accounting is accurate, we never know what data someone already has in their possession. As such, what a breached company may believe is low-value data is, in reality, the last piece of the puzzle someone needed to completely steal my identity.”

Jeff Pollard, vice president and principal analyst at Forrester Research, said concerns about personal data privacy have expanded beyond consumers and security and privacy professionals to the very enterprises that use and monetize such data. There may be certain kinds of personal data that can be extremely valuable to an organization, but the fear of regulatory penalties and class action lawsuits are causing some enterprises to limit the data they collect in the first place.

“Companies may look at the data and say, ‘Sure, it’ll make our service better, but it’s not worth it’ and not collect it all,” Pollard said. “A lot of CISOs feel like they’ll be better off in the long run.”

Editor’s note: This is part one of a two-part series on class action data breach lawsuits. Stay tuned for part two.

Security news director, Rob Wright, contributed to this report.

Go to Original Article
Author:

SAP sees S/4HANA migration as its future, but do customers?

The first part of our 20-year SAP retrospective examined the company’s emerging dominance in the ERP market and its transition to the HANA in-memory database. Part two looks at the release of SAP S/4HANA in February 2015. The “next-generation ERP” was touted by the company as the key to SAP’s future, but it ultimately raised questions that in many cases have yet to be answered. The issues surrounding the S/4HANA migration remain the most compelling initiative for the company’s future.

Questions about SAP’s future have altered in the past year, as the company has undergone an almost complete changeover in its leadership ranks. Most of the SAP executives who drove the strategy around S/4HANA and the intelligent enterprise have left the company, including former CEO Bill McDermott. New co-CEOs Jennifer Morgan and Christian Klein are SAP veterans, and analysts don’t think the change in leadership will make for significant changes in the company’s technology and business strategy.

But they will take over the most daunting task SAP has faced: convincing customers of the business value of the intelligent enterprise, a data-driven transformation of businesses with S/4HANA serving as the digital core. As part of the transition toward intelligence, SAP is pushing customers to move off of tried and true SAP ECC ERP systems (or the even older SAP R/3), and onto the modern “next-generation ERP” S/4HANA. SAP plans to end support for ECC by 2025.

Dan LahlDan Lahl

S/4HANA is all about enabling businesses to make decisions in real time as data becomes available, said Dan Lahl, SAP vice president of product marketing and a 24-year SAP veteran.

“That’s really what S/4HANA is about,” Lahl said. “You want to analyze the data that’s in your system today. Not yesterday’s or last week’s information and data that leads you to make decisions that don’t even matter anymore, because the data’s a week out. It’s about giving customers the ability to make better decisions at their fingertips.”

S/4HANA migration a matter of when, not if

Most SAP customers see the value of an S/4HANA migration, but they are concerned about how to get there, with many citing concerns about the cost and complexity of the move. This is a conundrum that SAP acknowledges.

“We see that our customers aren’t grappling with if [they are going to move], but when,” said Lloyd Adams, managing director of the East Region at SAP America. “One of our responsibilities, then, is to provide that clarity and demonstrate the value of S/4HANA, but to do so in the context of the customers’ business and their industry. Just as important as showing them how to move, we need to do it as simply as possible, which can be a challenge.”

Lloyd AdamsLloyd Adams

S/4HANA is the right platform for the intelligent enterprise because of the way it can handle all the data that the intelligent enterprise requires, said Derek Oats, CEO of Americas at SNP, an SAP partner based in Heidelberg, Germany that provides migration services.

In order to build the intelligent enterprise, customers need to have a platform that can consume data from a variety of systems — including enterprise applications, IoT sensors and other sources — and ready it for analytics, AI and machine learning, according to Oats. S/4HANA uses SAP HANA, a columnar, in-memory database, to do that and then presents the data in an easy-to-navigate Fiori user interface, he said.

“If you don’t have that ability to push out of the way a lot of the work and the crunching that has often occurred down to the base level, you’re kind of at a standstill,” he said. “You can only get so much out of a relational database because you have to rely on the CPU at the application layer to do a lot of the crunching.”

S/4HANA business case difficult to make

Although many SAP customers understand the benefits of S/4HANA, SAP has had a tough sell in getting its migration message across to its large customer base. The majority of customers plan to remain on SAP ECC and have only vague plans for an S/4HANA migration.

Joshua GreenbaumJoshua Greenbaum

“The potential for S/4HANA hasn’t been realized to the degree that SAP would like,” said Joshua Greenbaum, principal at Enterprise Applications Consulting. “More companies are really looking at S/4HANA as the driver of genuine business change, and recognize that this is what it’s supposed to be for. But when you ask them, ‘What’s your business case for upgrading to S/4HANA?’ The answer is ‘2025.’”

The real issue with S/4HANA is that the concepts behind it are relatively big and very specific to company, line of business and geography.
Joshua GreenbaumPrincipal, Enterprise Applications Consulting

One of the problems that SAP faces when convincing customers of the value of S/4HANA and the intelligent enterprise is that no simple use case drives the point home, Greenbaum said. Twenty years ago, Y2K provided an easy-to-understand reason why companies needed to overhaul their enterprise business systems, and the fear that computers wouldn’t adapt to the year 2000 led in large measure to SAP’s early growth.

“Digital transformation is a complicated problem and the real issue with S/4HANA is that the concepts behind it are relatively big and very specific to company, line of business and geography,” he said. “So the use cases are much harder to justify, or it’s much more complicated to justify than, ‘Everything is going to blow up on January 1, 2000, so we have to get our software upgraded.'”

Evolving competition faces S/4HANA

Jon Reed, analyst and co-founder of ERP news and analysis firm Diginomica.com, agrees that SAP has successfully embraced the general concept of the intelligent enterprise with S/4HANA, but struggles to present understandable use cases.

Jon ReedJon Reed

“The question of S/4HANA adoption remains central to SAP’s future prospects, but SAP customers are still trying to understand the business case,” Reed said. “That’s because agile, customer-facing projects get the attention these days, not multi-year tech platform modernizations. For those SAP customers that embrace a total transformation — and want to use SAP tech to do it — S/4HANA looks like a viable go-to product.”

SAP’s issues with driving S/4HANA adoption may not come from the traditional enterprise competitors like Oracle, Microsoft and Infor, but from cloud-based business applications like Salesforce and Workday, said Eric Kimberling, president of Third Stage Consulting, a Denver-based firm that provides advice on ERP deployments and implementations.

Eric KimberlingEric Kimberling

“They aren’t direct competitors with SAP; they don’t have the breadth of functionality and the scale that SAP does, but they have really good functionality in their best-of-breed world,” Kimberling said. “Companies like Workday and Salesforce make it easier to add a little piece of something without having to worry about a big SAP project, so there’s an indirect competition with S/4HANA.”

SAP customers are going to have to adapt to evolving enterprise business conditions regardless of whether or when they move to S/4HANA, Greenbaum said.

“Companies have to build business processes to drive the new business models. Whatever platform they settle on, they’re going to be unable to stand still,” he said. “There’s going to have to be this movement in the customer base. The question is will they build primarily on top of S/4HANA? Will they use an Amazon or an Azure hyperscaler as the platform for innovation? Will they go to their CRM or workforce automation tool for that? The ‘where’ and ‘what next’ is complicated, but certainly a lot of companies are positioning themselves to use S/4HANA for that.”

Go to Original Article
Author:

Microsoft Power Platform adds chatbots; Flow now Power Automate

More bots and automation tools went live on the Microsoft Power Platform, Microsoft announced today. In their formal introductions, Microsoft said the tools will make data sources flow within applications like SharePoint, OneDrive and Dynamics 365, and create more efficiencies with custom apps.

The more than 400 capabilities added to the Microsoft Power Platform focus on expanding its robotic process automation potential for users, as well as new integrations between the platform and Microsoft Teams, according to a blog post by James Phillips, corporate vice president of business applications at Microsoft.

Some of those include robotic process automation (RPA) tools for Microsoft Power Automate, formerly known as Flow, which makes AI tools easier to add into PowerApps. Also newly available are tools for creating user interfaces in Power Automate.

AI Builder adds a point-and-click means to fold common processes such as forms processing, object detection and text classification into apps — processes commonly used for SharePoint and OneDrive content curation.

Microsoft is adding these tools, as well as new security features to analytics platform Power BI, in part to coax customers who remain on premises into the Azure cloud, said G2 analyst Michael Fauscette.

PowerApps reduce the development needed to create necessary connections between systems in the cloud, such as content in OneDrive and SharePoint with work being done in Dynamics 365 CRM, Teams and ERP applications.

Microsoft Power Automate, formerly Flow
Microsoft Power Automate, a low-code app-design tool,is the new version ofFlow.

Chatbots go live

Also announced as generally available at Microsoft Ignite are Power Virtual Agents, do-it-yourself chatbots on the Microsoft Power Platform.

They’ll likely first be used by customer service teams on Dynamics 365, said Constellation Research analyst R “Ray” Wang, but they could spread to other business areas such as human resources, which could use the bots to answer common questions during employee recruiting or onboarding.

If an agent is costing you $15 an hour and the chatbot 15 cents an hour … it’s all about call deflection.
R ‘Ray’ WangAnalyst, Constellation Research

While some companies may choose outside consultants and developers to build custom chatbots instead of making their own on the Microsoft Power Platform, Wang said some companies may try it to build them internally. Large call centers employing many human agents and running on Microsoft applications would be logical candidates for piloting new bots.

“I think they’ll start coming here to build their virtual agents,” Wang said. “[Bot] training will be an issue, but it’s a matter of scale. If an agent is costing you $15 an hour and the chatbot 15 cents an hour … it’s all about call deflection.”

Microsoft Power Platform evolves

PowerApps, which launched in late 2015, originally found utility with users of Microsoft Dynamics CRM who needed to automate and standardize processes across data sets inside the Microsoft environment and connect to outside platforms such as Salesforce, said Gartner analyst Ed Anderson.

Use quickly spread to SharePoint, OneDrive and Dynamics ERP users, as they found that Flow — a low-code app-design tool — enabled the creation of connectors and apps without developer overhead. Third-party consultants and developers also used PowerApps to speed up deliverables to clients. Power BI, Power Automate and PowerApps together became known as the Microsoft Power Platform a year ago.

“PowerApps are really interesting for OneDrive and SharePoint because it lets you quickly identify data sources and quickly do something meaningful with them — connect them together, add some logic around them or customized interfaces,” Anderson said.

Go to Original Article
Author:

Threat Stack Application Security Monitoring adds Python support

Threat Stack has announced Python support for its Threat Stack Application Security Monitoring product. The update comes with no additional cost as part of the Threat Stack Cloud Security Platform.

With Python support for Application Security Monitoring, Threat Stack customers who use Python with Django and Flask frameworks can ensure security in the software development lifecycle with risk identification of both third-party and native code, according to Tim Buntel, vice president of application security products at Threat Stack.

In addition, the platform also provides built-in capabilities to help developers learn secure coding practices and real-time attack blocking, according to the company.

“Today’s cloud-native applications are comprised of disparate components, including containers, virtual machines and scripts, including those written in Python, that serve as the connective tissue between these elements,” said Doug Cahill, senior analyst and group Practice Director, Cybersecurity at Enterprise Strategy Group. Hence, the lack of support for any one layer of a stack means a lack of visibility and a vulnerability an attacker could exploit.

Application Security Monitoring is a recent addition to Threat Stack Cloud Security Platform. Introduced last June, the platform is aimed at bringing visibility and protection to cloud-based architecture and applications. Threat Stack Cloud Security Platform touts the ability to identify and block attacks such as cross-site scripting (XSS) and SQL injection by putting the application in context with the rest of the stack. It also allows users to move from the application to the container or the host, where it is deployed with one click when an attack happens, according to the company.

“[Application Security Monitoring] … provides customers with full stack security observability by correlating security telemetry from the cloud management console, host, containers and applications in a single, unified platform,” Buntel said.

To achieve full stack security and insights from the cloud management console, host, containers, orchestration and applications, customers can combine Threat Stack Application Security Monitoring with the rest of the Threat Stack Cloud Security Platform, according to the company.

Cahill said customers should look for coverage of the technology stack as well as the lifecycle when looking to secure cloud-native applications, because such full stack and lifecycle support allows for threat detection and prevention capabilities “from the code level down to the virtual machine or container to be implemented in both pre-deployment stages and runtime.”

“Cloud security platforms, which integrate runtime application self-protection functionality with cloud workload protection platforms to provide full-stack and full lifecycle visibility and control, are just now being offered by a handful of cybersecurity vendors, including Threat Stack,” he added.

Threat Stack Application Security Monitoring for Python is available as of Wednesday.

Threat Stack competitors include CloudPassage, Dome9 and Sophos. CloudPassage Halo is a security automation platform delivering visibility, protection and compliance monitoring for cybersecurity risks; the platform also covers risks in Amazon Web Services and Azure deployments, according to the company. CloudGuard Dome9 is a software platform for public cloud security and compliance orchestration; the platform helps customers assess their security posture, detect misconfigurations and enforce security best practices to prevent data loss, according to the company. Sophos Intercept X enables organizations to detect blended threats that merge automation and human hacking skills, according to the company.

Go to Original Article
Author:

Google Cloud networking BYOIP feature could ease migrations

Google hopes a new networking feature will spur more migrations to its cloud platform and make the process easier at the same time.

Customers can now bring their existing IP addresses to Google Cloud’s network infrastructure in all of its regions around the world. Those who do can speed up migrations, cut downtime and lower costs, Google said in a blog post.

“Each public cloud provider is looking to reduce the migration friction between them and the customer,” said Stephen Elliot, an analyst at IDC. “Networking is a big part of that equation and IP address management is a subset.”

Bitly, the popular hyperlink-shortening service, is an early user of Google Cloud bring your own IP (BYOIP).

Many Bitly customers have custom web domains that are attached to Bitly IP addresses and switching to ones on Google Cloud networking would have been highly disruptive, according to the blog. Bitly also saved money via BYOIP because it didn’t have to maintain a co-location facility for the domains tied to Bitly IPs.

BYOIP could help relieve cloud migration headaches

IP address management is a well-established discipline in enterprise IT. It is one that has become more burdensome over time, not only due to workload migrations to the cloud, but also the vast increase in internet-connected devices and web properties companies have to wrangle.

Stephen Elliot, IDCStephen Elliot

AWS offers BYOIP though its Virtual Private Cloud service but hasn’t rolled it out in every region. Microsoft has yet to create a formal BYOIP service, but customers who want to retain their IP addresses can achieve a workaround through Azure ExpressRoute, its service for making private connections between customer data centers and Azure infrastructure.

Each public cloud provider is looking to reduce the migration friction between them and the customer.
Stephen Elliot Analyst, IDC

Microsoft and AWS will surely come up to par with Google Cloud networking on BYOIP, eventually. But as the third-place contestant among hyperscale cloud providers, Google — which has long touted its networking chops as an advantage — could gain a competitive edge in the meantime.

IP address changes are a serious pain point for enterprise migrations of any sort, particularly in the cloud, said Eric Hanselman, chief analyst at 451 Research.

“Hard-coded addresses and address dependencies can be hard to find,” he added. “They wind up being the ticking time bomb in many applications. They’re hard to find beforehand, but able to cause outages during a migration that are problematic to troubleshoot.”

Deepak Mohan, IDCDeepak Mohan

Overall, the BYOIP concept provides a huge benefit, particularly for large over-the-internet services, according to Deepak Mohan, another analyst at IDC.

“They often have IPs whitelisted at multiple points in the delivery and the ability to retain IP greatly simplifies the peripheral updates needed for a migration to a new back-end location,” Mohan said.

Go to Original Article
Author:

Adobe digital experience platform adds small businesses offerings

Adobe has extended its Adobe digital experience product portfolio to small and midmarket businesses in an effort to provide enterprise-grade capabilities such as agility, scalability and flexibility to businesses with fewer resources.

The product portfolio for SMBs includes:

  • Magento Commerce: According to Adobe, this product provides agility and scalability through a portfolio of cloud-based omnichannel platforms. It is designed to enable users to integrate digital and physical shopping experiences. Through the integration of Adobe Stock with Magento Commerce, SMBs with an Adobe Stock subscription will be able to access more than 130 million assets such as images, templates, 3-D assets and stock videos.
  • Marketo Engage: As part of Adobe Marketing Cloud, Marketo Engage enables users to target individual leads or accounts at scale, as well as measure business impact across customer touchpoints. Additionally, according to Adobe, Marketo Engage offers access to more than 65,000 markets globally to enable users to share best practices to build and formalize marketing strategies.
  • Adobe Analytics Foundation: Adobe Analytics Foundation was designed to bring the enterprise-grade features of Adobe Analytics to SMBs through the Adobe digital experience platform. Customers can implement the tool at the appropriate level for their organization, and then scale up as needed.
  • Adobe Sign for Small Business: According to Adobe, the new Adobe Sign for Small Business offers enterprise-grade e-signature capabilities tailored to small businesses in an effort to help digitize signing documents for customer onboarding, contracts, approvals, payments and invoices.
  • Creative Cloud for Teams: This product enables companies to deploy Adobe digital experience applications. The Creative Cloud Libraries let teams share assets and folders securely, while collaborating and managing changes.

While digitalization was once more of an enterprise-centric theme, SMBs have increasingly taken on the challenge. Historically, it has been more difficult for smaller businesses to digitize their operations due to cost and scale, but in recent years, it has been on the rise. According to Gartner Research, SMBs’ IT spending is predicted to be at a 4.2% compound annual growth rate for the next five years.

Dig Deeper on Digital experience management

Go to Original Article
Author:

Managed security services, professional services to top $35B

Escalating cybersecurity threats and a shortage of in-house talent are driving double-digit growth rates in the managed security services and professional security services market.

Market research firm Frost & Sullivan expects the global market to expand from $21 billion in 2018 to $35.6 billion in 2023, growing at a 11.1% compound annual growth rate. The top five providers are already experiencing even higher growth. Accenture, Deloitte, EY, IBM and PwC — a group which accounts for 42% of the global market — grew 27.6% year-over-year in 2018, according to Frost & Sullivan.

The market researcher’s report cited an “overdue need for a new chapter in security practices” along with rising risk levels and staffing limitations as the main factors propelling the demand for managed and professional security services. Digital transformation and customers’ heightened recognition of cyberthreats also contribute to increasing demand.

High growth services

Detection and response are the fastest growing offerings in the managed security services market, followed by DDoS protection and threat intelligence, research, detection and mitigation (TIRDM), noted Jarad Carleton, global program leader of cybersecurity information and communication technologies at Frost & Sullivan.

“We are noticing a strong demand across several areas in the managed security services space from our clients globally,” said Harpreet Sidhu, managing director and managed security services lead at Accenture. “One of those areas is definitely for detection and response as companies seek to add next-generation solutions to their security capabilities.”

Cybersecurity skills shortage chart
The cybersecurity skills shortage has helped fuel demand for managed security services.

Sidhu said managed detection and response (MDR) capabilities include security automation and orchestration and come with predefined playbooks. MDR, which uses technology to scale, “can help drive significantly faster analysis and improved responses,” he noted.

Chris Gerritz, chief product officer at Infocyte, a cybersecurity incident response platform provider in Austin, Texas, said detection and incident response is becoming more important for managed security services providers (MSSPs), which traditionally have focused on network monitoring.

“Generally, they are starting to add on endpoint capabilities and starting to add on response capabilities,” he said.

Gerritz said customers are telling MSSPs “I don’t want just 100 notifications that I have been attacked. I want you to actually do something about that.”

Infocyte this week launched its Response Ready program for its certified incident response partners. The program aims to help those partners scale up their incident response businesses and boost recurring revenue.

Assessment and advisory offerings, meanwhile, stand out in the professional security services market segment, according to the Frost & Sullivan report. Professional security services represent the biggest slice of the security services market, overall, with a 61% share.

Sidhu said Accenture is seeing consulting and professional services demand across several areas such as identity, cloud, cyber defense and application security, along with strong demand for assessment of those capabilities.

Breaking into the market

The market’s five largest players are generating considerable revenue growth, which Frost & Sullivan attributes to “their massive size, global reach, consultative strength, industry expertise, and established relationships with large enterprises and government agencies.”

Yet, smaller service providers also have the potential to grow — with a few caveats. Managed service providers are looking to add security services as more customers expect them to provide protection from cyberattacks.

The key for MSPs trying to break into the MSSP market is providing right-sized security services for small- and medium- sized enterprises.
Jarad CarletonGlobal program leader, cybersecurity information and communication technologies, Frost & Sullivan

“The key for MSPs trying to break into the MSSP market is providing right-sized security services for small- and medium- sized enterprises,” Carleton said.

Regional MSSPs, as well as MSPs offering security services, will find demand for security services among regionally-focused SMBs, he noted.

MSPs, however, must take care to properly scope their services and keep their own security house in order.

“What we have seen is that far too many MSPs are promising more than they can actually deliver in terms of managed security services, and that is damaging to the industry,” Carleton said. “What is even more damaging to MSPs trying to break into the MSSP market is that MSPs themselves have become targets of cybercriminals. If you cannot manage your own security, frankly you have no business selling managed security services to a customer.”

HCL unveils Google Cloud unit

HCL Technologies, a global technology company based in Noida, India, has launched a Google Cloud business unit, which will eventually house more than 5,000 Google Cloud specialists.

HCL currently has more than 1,300 Google Cloud platform professionals. The company’s Google initiative targets a range of fields, from containerization to machine learning. The HCL business unit will also build Google Cloud-specific Cloud Native Labs in Dallas, London and in India’s national capital region.

Google and HCL said joint investments to support customers’ digital transformation projects will cover several areas:

  • SAP workload and application migration to Google Cloud Platform. In August, Google launched a partnership with DXC Technology that also focuses on enterprise migration of SAP applications to public cloud.
  • Hybrid and multi-cloud deployments using Google Cloud’s Anthos. Google partners cited Anthos as a business opportunity and one of the key developments during Google’s Next ’19 conference.
  • Adoption of Google Cloud data, AI and machine learning offerings in areas such as e-commerce, supply chain and marketing.
  • Application and data center modernization.
  • Workplace transformation and collaboration via G Suite.
  • DevSecOps and service orchestration.

Tech Data buys government channel partner DLT Solutions

Tech Data has agreed to purchase DLT Solutions, a Herndon, Va., company that aggregates technology for public sector clients and channel partners.

The deal, expected to close by Jan. 31, would make DLT a wholly owned subsidiary of Tech Data, a distributor based in Clearwater, Fla. DLT’s government contract vehicles include the General Services Administration Schedule 70, the Defense Department’s Enterprise Software Initiative, The National Institutes of Health’s Chief Information Officers — Commodities and Solutions and NASA’s Solutions for Enterprise-Wide Procurement V.

DLT had been a Millstein & Co. portfolio company. The private equity firm acquired DLT in 2015. TZP Group owned DLT prior to that deal, having acquired the company in 2009.

The DLT transaction will expand Tech Data’s value proposition, “especially in government solutions,” according to a bulletin from Martinwolf, a merger and acquisition advisory firm based in Scottsdale, Ariz. Martinwolf advised DLT on the TZP deal and then advised TZP on the Millstein acquisition.

Evercore, an M&A advisory firm based in New York, is representing DLT on the Tech Data deal.

Axcient launches X360 backup platform

Data protection company Axcient unveiled Axcient X360, a converged backup platform for MSPs.

The Axcient X360 platform offers single sign-on and centralized management of Office 365 backup, sync and share, and business continuity and disaster recovery. The platform also provides unlimited storage and retention and supporting services such as billing, training and certification, co-branded collateral and market development funds, the company said.

David Bennett, CEO of Axcient, speaking with SearchITChannel at MSP software vendor ConnectWise’s IT Nation conference, said the platform is designed to ease the backup burdens of MSPs. “Anything that puts a burden on an MSP’s business in terms of people and time is costly,” he said.

Bennett said Axcient X360 aims to be easy to learn, to the extent an MSP’s tier-1 technician could quickly train and operate the platform.

The X360 platform also documents backups for customers in regulated industries such as healthcare and financial services, Bennett added.

Axcient currently works with about 3,000 MSPs and integrates with ConnectWise.

Other news

  • Cloud distributor Pax8 inked a deal with Nerdio, an Azure solution provider for MSPs. Under the agreement, Pax8 will offer Nerdio for Azure in three packages: Core, Professional and Enterprise.
  • Intermedia, a cloud communications provider, joined ConnectWise’s Invent partner program for integrating with the ConnectWise MSP platform.
  • Webroot said ConnectWise partners can buy licenses for its security awareness training offering at 50% off from Oct. 30 to Nov. 30. The offer is available only through ConnectWise and to partners that are not currently purchasing Webroot’s security awareness training.
  • MSP360, formerly CloudBerry Lab, said MSP interest in its multi-cloud data backup and recovery portfolio helped boost Q3 revenue 60% over the same period last year.
  • Synechron Inc., a digital consulting firm based in New York, launched Digital Ecosystem Accelerators for the financial sector. The company described the accelerators as “solution prototypes” targeting such fields as retail banking, wealth management, corporate banking and capital markets.

Market Share is a news roundup published every Friday.

Go to Original Article
Author:

Employee activism, from composting to protests, is an HR issue

Similar to many software companies, CyberArk Software Ltd. has policies and and practices that appeal to people with skills in high demand. They include a social responsibility policy and catered lunches. The information security software firm also has something else that appeals to younger employees — an employee activism effort that brought about some real change.

Lex Register, an associate in corporate development and strategy at CyberArk, was hired in 2018. Soon after, he saw gaps in the firm’s environmental sustainability practices. The firm wasn’t, for instance, collecting food scraps for composting.

“If you’ve never composted before, the idea of leaving left out food in your office can be sort of a sticky subject,” Register said, who has a strong interest in environmental issues.

Register approached his managers at CyberArk’s U.S. headquarters in Newton, Mass., about improving its environmental sustainability. He had some specific ideas and wanted to put together an employee team to work on it. Management gave it approval and a budget.

Register helped organize a “green team,” which now makes up about 25% of its Newton office staff of 200. The firm’s global workforce is about 1,200.

CyberArk’s green team has four subgroups: transportation, energy, community and “green” habits in the office. It also has a management steering committee. Collectively, these efforts undertake a variety of actions such as volunteering on projects in the community, improving enviornmental practices in the office and working on bigger issues, such as installing electric vehicle charging stations for the office building.

When I think about the companies I want to work for, I really want to have pride in everything they do.
Lex RegisterAssociate in corporate development and strategy, CyberArk Software

“When I think about the companies I want to work for, I really want to have pride in everything they do,” Register said. 

Junior employees lead the effort

The green team subgroups are headed by junior employees, according to Register, who is 28.

“It’s a way for a lot of our junior employees who don’t necessarily have responsibility for managing people to sort of step up,” Register said. They “can run some of their own projects and show some leadership capabilities.”

Employee activism has become an increasingly public issue in the last 12 months. In May, for instance, thousands of Amazon employees signed a letter pressing the firm for action. In September, thousands walked out as part of the Global Climate Strike.

“This walkout is either a result of employees not feeling heard,” said Henry Albrecht, CEO at Limeade Inc., or employees feeling heard but fundamentally disagreeing with their leaders. Limeade makes employee experience systems. “The first problem has a simple fix: listen to employees, regularly, intentionally and with empathy,” he said. 

Some companies, such as Ford Motor Co., are using HR tools to listen to their employees and get more frequent feedback. In an interview with SearchHRSoftware, a Ford HR official said recently this kind of feedback encouraged the firm to join California in seeking emission standards that are stricter than those sought by President Trump’s administration.   

But employee activism that leads to public protest doesn’t tell the full employee activism story.

Interest in green teams rising

The Green Business Bureau provides education, assessment tools and processes that firms can use to measure their sustainability practices. In the past nine months, Bill Zujewski, CMO at the bureau, said it’s been hearing more about the formation of sustainability committees at firms. The employees leading the efforts are “almost always someone who’s a few years out of school,” he said.

HR managers, responding to “employee-driven” green initiatives, are often the ones Zujewski hears from.

Maggie Okponobi, funding coordination manager at School Specialty Inc, is one of the Green Business Bureau’s clients. Her employer is an educational services and products firm based in Greenville, Wisc. Her job is to help schools secure federal and state grants.

Okponobi is in an MBA program that has an emphasis on sustainability. As a final project, she proposed bringing a green certification to her company. The assessments evaluate a firm’s sustainability activities against best environmental practices.

Okponobi explained what she wanted to do to one of the executives. She got support and began her research, starting with an investigation of certification programs. She decided on Green Business Bureau assessments, as did CyberArk.

Company managers at School Speciality had been taking ad-hoc steps all along to improve sustainability. Efforts included installing LED lighting, and reducing paper useage by using both sides for printing and recycling, Okponobi said.

Okponobi collected data about the environmental practices for certification. The firm discovered it was eligible for gold level certification, one step below the highest level, platinum. 

The results were brought to an executive group, which included members from HR as well as marketing. Executives saw value in the ranking, and Okponobi believes it will help with recruiting efforts, especially with younger candidates. The company plans to create a green team to coordinate the sustainability efforts.

HR benefits from sustainability

Sustainability may help with retention, especially with younger workers, Okponobi said. “It gives them something exciting, positive to do in their workplace, and a goal to work toward,” she said.

Some employees are coming to workplaces with training on sustainability issues. One group that provides that kind of training is Manomet Inc., a 50-year-old science-based non-profit in Plymouth, Mass.

“We can’t make the progress that we need on climate change and other issues without the for-profit sector,” said Lora Babb, program manager of sustainable economies at Manomet.

Lora BabbLora Babb

The nonprofit takes about 20 undergrad college students each year, usually enrolled in majors that often have a sustainability component, and gives them “real world skills” to meet with businesses and conduct assessments. The training enables future employees to “make changes from the inside,” and understand practical, applied sustainability, Babb said.

This is not strictly an environmental assessment. The students also ask businesses about economic and social issues, including a workforce assessment that considers employee benefits, engagement and talent development, Babb said. 

A business with a strong environmental mission is “going to be far less effective at carrying out that mission if you are having constant workforce challenges,” Babb said.

And the results of such efforts can have an effect on culture. CyberArk’s employees have embraced composting, Register said. The company hired a firm that picks up food scraps about twice a week, processes them and makes compost — what master gardeners often refer to as black gold — available for employees to use in their home gardens. 

The results make employee composting efforts “very tangible for them,” Register said. 

Go to Original Article
Author:

Vonage Meetings rounds out vendor’s cloud portfolio

Vonage plans to add a homegrown video conferencing app to its cloud-based business communications portfolio in December. The move is the latest example of a UC vendor combining calling, messaging and meetings.

Vonage Meetings, currently in beta, is scheduled to launch in December for businesses subscribed to Vonage’s cloud UC product. The vendor said it would not make the meetings platform available as a stand-alone offering.

Vonage currently provides video conferencing capabilities to customers through a partnership with Amazon Web Services, which makes the meetings app Amazon Chime. Vonage built the new platform using technology inherited through its acquisition of TokBox in 2018.

The release of Vonage Meetings follows moves by competitors, including 8×8, which launched a revamped meetings product in September. Market leaders Microsoft and Cisco have also built out all-in-one communications suites that include video over the last couple of years.

Vonage has a strategy of building a technology stack that doesn’t rely on third parties, said Raúl Castañón-Martinez, analyst at 451 Research. “This is a bold move but will allow them more flexibility in terms of defining their roadmap.”

Vonage Meetings will be fully integrated with the vendor’s voice platform to let users quickly move between voice and video calls. Guests will be able to join meetings using a web browser without installing a client or plug-in.

Vonage said it would provide customers with a log of past meetings, including a record of in-meeting chats.

Vonage now has a single cloud platform from which it can deliver voice and video services, said Zeus Kerravala, principal analyst at ZK Research. “I think that will work as a very good competitive advantage for them moving forward.”

In the future, Vonage will need to integrate Vonage Meetings with conference room equipment and software, Kerravala said. Also, the vendor should focus on improving its relatively basic messaging app.

Vonage announced the meetings platform this week at Vonage Campus 2019, a user conference in San Francisco. The company also released a new logo as it continues to pivot away from the consumer market.

Founded in 2001, Vonage was among the first vendors to offer internet-based phone service to consumers, but, more recently, has transformed into a business-to-business company.

“I think the Vonage that we knew as the consumer-first company is quickly winding down,” Kerravala said.

Go to Original Article
Author: