Tag Archives: platforms

Nuage Networks, Talari SD-WAN tack on multi-cloud connectivity

Software-defined WAN vendors are rushing to enhance their SD-WAN platforms with multi-cloud support, as more enterprises and service providers migrate their workloads to the cloud. This week, both Nuage Networks and Talari made multi-cloud connectivity announcements of their own.

Nuage Networks, a Nokia company, updated its SD-WAN platform — Virtualized Network Services — to better support SaaS and multi-cloud connectivity.

The platform enhancement moves to address three specific pain points among customers, according to Hussein Khazaal, Nuage’s vice president of marketing and partnerships. The three points, multi-cloud connectivity, value-added services and end-to-end security, are already available to customers.

“It’s a single platform that you can deploy today and get connectivity to software as a service,” Khazaal said. “We support customers as they send traffic directly from the branch to the SaaS application.”

In addition to multi-cloud connectivity, Nuage VNS offers customers the option to add value-added services — or virtual network functions (VNFs) — that can be embedded within the SD-WAN platform, hosted in x86 customer premises equipment (CPE) or through service chaining (a set of network services interconnected through the network to support an application). These VNFs are available from more than 40 third-party partners and can include services like next-generation firewalls, voice over IP and WAN optimization, Khazaal said.

While many service providers are leaning toward the VNF and virtual CPE approach, the process isn’t simple, according to Lee Doyle, principal analyst at Doyle Research.

“Many service providers are finding the vCPE and VNF approach side to be challenging,” Doyle said. “Those with the resources can, and will, pursue it, and that’s where Nuage could be a piece of the puzzle.”

When it comes to enterprise customers, however, the VNF approach is less attainable, both Doyle and Khazaal noted.

“Nuage is one piece of the puzzle that a customer might add if they’re able to do it themselves,” Doyle said. “But most customers don’t want to piece together different elements.”

For smaller enterprise customers, Khazaal recommended using the option with embedded features, like stateful firewall and URL filtering, built into the SD-WAN platform.

Although Nuage has more than 400 enterprise customers, according to a company statement, its primary market is among service providers. Nuage counts more than 50 service providers as partners that offer managed SD-WAN services — including BT, Cogeco Peer 1, Telefónica and Vertel — and has been a proven partner for service providers over the years, Doyle said.

“Nuage is a popular element of service providers’ managed services strategies, including SD-WAN,” he said. “These enhancements will be attractive mainly to the service providers.”

Nuage VNS is available now with perpetual and subscription-based licenses, and varies based on desired features and capabilities.

Talari launches Cloud Connect for SaaS, multi-cloud connectivity

In an additional multi-cloud move, Talari updated its own SD-WAN offering with Talari Cloud Connect, a platform that supports access to cloud-based and SaaS applications.

Talari also named five accompanying Cloud Connect partners: RingCentral, Pure IP, Evolve IP, Meta Networks and Mode. These partners will run Talari’s Cloud Connect point of presence (POP) technology in their own infrastructure, creating a tunnel from the customer’s Talari software into the cloud or SaaS service, according to Andy Gottlieb, Talari’s co-founder and chief marketing officer.

“The technology at the service provider is multi-tenant, so they only have to stand up one instance to support multiple customers,” Gottlieb said. Meantime, enterprises can use the Cloud Connect tunnel without having to worry about building infrastructure in the cloud, which reduces costs and complexity, he added.

Talari’s partner list reflects the demands of both customers and service providers, he said. Unified communications vendors like RingCentral, for example, require reliable connectivity and low latency for their applications. Meta Networks, on the other hand, offers cloud-based security capabilities, which enterprises are increasingly adding to their networks. Talari SD-WAN already supports multi-cloud connectivity to Amazon Web Services and Microsoft Azure.

Talari Cloud Connect will be available at the end of October. The software comes at no additional charge for Talari customers with maintenance contracts or with subscriptions, Gottlieb said. Also, Cloud Connect partners can use the Cloud Connect POP software free of charge to connect to Talari SD-WAN customers, he added.

Web cache poisoning attacks demonstrated on major websites, platforms

Major websites and platforms may be vulnerable to simple yet devastating web cache poisoning attacks, which could put millions of users in jeopardy.

James Kettle, head of research at PortSwigger Web Security, Ltd., a cybersecurity tool publisher headquartered near Manchester, U.K., demonstrated several such attacks during his Black Hat 2018 session titled “Practical Web Cache Poisoning: Redefining ‘Unexploitable.'” Kettle first unveiled his web cache poisoning hacks in May, but in the Black Hat session he detailed his techniques and showed how major weaknesses in HTTPS response headers allowed him to compromise popular websites and manipulate platforms such as Drupal and Mozilla’s Firefox browser.

“Web cache poisoning is about using caches to save malicious payloads so those payloads get served up to other users,” he said. “Practical web cache poisoning is not theoretical. Every example I use in this entire presentation is based on a real system that I’ve proven can be exploited using this technique.”

As an example, Kettle showed how he was able to use a simple technique to compromise the home page of Linux distributor Red Hat. He created an open source extension for PortSwigger’s Burp Suite Scanner called Param Miner, which detected unkeyed inputs in the home page. From there, Kettle was able to change the X-Forwarded-Host header and load a cross-site scripting payload to the site’s cache and then craft responses that would deliver the malicious payload to whoever visited the site. “We just got full control over the home page of RedHat.com, and it wasn’t very difficult,” he said.

In another test case, Kettle used web cache poisoning on the infrastructure for Mozilla’s Firefox Shield, which gives users the ability to push application and plug-in updates. When the Firefox browser initially loads, it contacts Shield for updates and other information such as “recipes” for installing extensions. During a different test case on a Data.gov site, he found an “origin: null” header from Mozilla and discovered he could manipulate the “X-Forwarded-Host” header to trick the system so that instead of going to Firefox Shield to fetch recipes, Firefox would instead be directed to a domain Kettle controlled.

Kettle found that Mozilla signed the recipes, so he couldn’t simply make a malicious extension and install it on 50 million computers. But he discovered he could replay old recipes, specifically one for an extension with a known vulnerability; he could then compromise that extension and forcibly inflict that vulnerable extension on every Firefox browser in the world.

“The end effect was I could make every Firefox browser on the planet connect to my system to fetch this recipe, which specified what extensions to install,” he said. “So that’s pretty cool because that’s 50 million browsers or something like that.”

Kettle noted in his research that when he informed Mozilla of the technique, they patched it within 24 hours; but, he wrote, “there was some disagreement about the severity so it was only rewarded with a $1,000 bounty.”

Kettle also demonstrated techniques that allowed him to compromise GoodHire.com, blog.Cloudflare.com and several sites that use Drupal’s content management platform. While the web cache poisoning attacks he demonstrated were potentially devastating, Kettle said they could be mitigated with a few simple steps. First, he said, organizations should “cache with caution” and if possible, disable it completely.

However, Kettle acknowledged that may not be realistic for larger enterprises, so in those cases he recommended diligently scanning for unkeyed inputs. “Avoid taking input from HTTP headers and cookies as much as possible,” he said, “and also audit your applications with Para Miner to see if you can find any unkeyed inputs that your framework has snuck in support for.”

AIOps platforms delve deeper into root cause analysis

The promise of AIOps platforms for enterprise IT pros lies in their potential to provide automated root cause analysis, and early customers have begun to use these tools to speed up problem resolution.

The city of Las Vegas needed an IT monitoring tool to replace a legacy SolarWinds deployment in early 2018 and found FixStream’s Meridian AIOps platform. The city introduced FixStream to its Oracle ERP and service-oriented architecture (SOA) environments as part of its smart city project, an initiative that will see municipal operations optimized with a combination of IoT sensors and software automation. Las Vegas is one of many U.S. cities working with AWS, IBM and other IT vendors on such projects.

FixStream’s Meridian offers an overview of how business process performance corresponds to IT infrastructure, as the city updates its systems more often and each update takes less time as part of its digital transformation, said Michael Sherwood, CIO for the city of Las Vegas.

“FixStream tells us where problems are and how to solve them, which takes the guesswork, finger-pointing and delays out of incident response,” he said. “It’s like having a new help desk department, but it’s not made up of people.”

The tool first analyzes a problem and offers insights as to the cause. It then automatically creates a ticket in the company’s ServiceNow IT service management system. ServiceNow acquired DxContinuum in 2017 and released its intellectual property as part of a similar help desk automation feature, called Agent Intelligence, in January 2018, but it’s the high-level business process view that sets FixStream apart from ServiceNow and other tools, Sherwood said.

FixStream’s Meridian AIOps platform creates topology views that illustrate the connections between parts of the IT infrastructure and how they underpin applications, along with how those applications underpin business processes. This was a crucial level of detail when a credit card payment system crashed shortly after FixStream was introduced to monitor Oracle ERP and SOA this spring.

“Instead of telling us, ‘You can’t take credit cards through the website right now,’ FixStream told us, ‘This service on this Oracle ERP database is down,'” Sherwood said.

This system automatically correlated an application problem to problems with deeper layers of the IT infrastructure. The speedy diagnosis led to a fix that took the city’s IT department a few hours versus a day or two.

AIOps platform connects IT to business performance

Instead of telling us, ‘You can’t take credit cards through the website right now,’ FixStream told us, ‘This service on this Oracle ERP database is down.’
Michael SherwoodCIO for the city of Las Vegas

Some IT monitoring vendors associate application performance management (APM) data with business outcomes in a way similar to FixStream. AppDynamics, for example, offers Business iQ, which associates application performance with business performance metrics and end-user experience. Dynatrace offers end-user experience monitoring and automated root cause analysis based on AI.

The differences lie in the AIOps platforms’ deployment architectures and infrastructure focus, said Nancy Gohring, an analyst with 451 Research who specializes in IT monitoring tools and wrote a white paper that analyzes FixStream’s approach.

“Dynatrace and AppDynamics use an agent on every host that collects app-level information, including code-level details,” Gohring said. “FixStream uses data collectors that are deployed once per data center, which means they are more similar to network performance monitoring tools that offer insights into network, storage and compute instead of application performance.”

FixStream integrates with both Dynatrace and AppDynamics to join its infrastructure data to the APM data those vendors collect. Its strongest differentiation is in the way it digests all that data into easily readable reports for senior IT leaders, Gohring said.

“It ties business processes and SLAs [service-level agreements] to the performance of both apps and infrastructure,” she said.

OverOps fuses IT monitoring data with code analysis

While FixStream makes connections between low-level infrastructure and overall business performance, another AIOps platform, made by OverOps, connects code changes to machine performance data. So, DevOps teams that deploy custom applications frequently can understand whether an incident is related to a code change or an infrastructure glitch.

OverOps’ eponymous software has been available for more than a year, and larger companies, such as Intuit and Comcast, have recently adopted the software. OverOps identified the root cause of a problem with Comcast’s Xfinity cable systems as related to fluctuations in remote-control batteries, said Tal Weiss, co-founder and CTO of OverOps, based in San Francisco.

OverOps uses an agent that can be deployed on containers, VMs or bare-metal servers, in public clouds or on premises. It monitors the Java Virtual Machine or Common Language Runtime interface for .NET apps. Each time code loads into the CPU via these interfaces, OverOps captures a data signature and compares it with code it’s previously seen to detect changes.

OverOps Grafana dashboard
OverOps exports reliability data to Grafana for visual display

From there, the agent produces a stream of log-like files that contain both machine data and code information, such as the number of defects and the developer team responsible for a change. The tool is primarily intended to catch errors before they reach production, but it can be used to trace the root cause of production glitches, as well.

“If an IT ops or DevOps person sees a network failure, with one click, they can see if there were code changes that precipitated it, if there’s an [Atlassian] Jira ticket associated with those changes and which developer to communicate with about the problem,” Weiss said.

In August 2018, OverOps updated its AIOps platform to feed code analysis data into broader IT ops platforms with a RESTful API and support for StatsD. Available integrations include Splunk, ELK, Dynatrace and AppDynamics. In the same update, the OverOps Extensions feature also added a serverless AWS Lambda-based framework, as well as on-premises code options, so users can create custom functions and workflows based OverOps data.

“There’s been a platform vs. best-of-breed tool discussion forever, but the market is definitely moving toward platforms — that’s where the money is,” Gohring said.

Recruiting platforms see large VC investments

Recruiting platforms have long been a leader in the HR venture capital market and this year seem to be attracting some big funding rounds.

Recruiting platform Greenhouse recently received $50 million in new funding, and Hired recently received $30 million. Earlier this year, Scout Exchange gained $100 million in funding. Applicant-tracking systems and recruiting platforms typically lead the HR market in venture capital funding, industry analysts have reported.

These platforms each approach the problem of recruiting in different ways, and their methods illustrate the complexity of filling jobs with high-quality candidates.

With its latest funding round, Greenhouse, a recruiting platform and applicant-tracking system provider, has now raised $110 million. Raising $100 million or more is not unusual for recruiting platforms.

Greenhouse believes recruiting is a companywide responsibility, and its platform is built with this approach in mind, said Daniel Chait, CEO of Greenhouse, based in New York. Recruiting “involves everyone in the company, every single day,” doing all kinds of things, such as interviewing and finding candidates, he said. The Greenhouse platform uses data to help consider candidates “in a fair and objective way,” and to ensure a good candidate experience, he said.

Employees don’t like interviewing job candidates

Recruiting platform Greenhouse recently received $50 million in new funding, and Hired recently received $30 million. Earlier this year, Scout Exchange gained $100 million in funding.

Preparing employees to take part in candidate interviews is an important aspect of Greenhouse’s platform, Chait said. It provides all the people conducting the interview with all the available information on the candidate, but also helps users develop questions to ask the candidates.

“Employees generally don’t like doing interviews. They are stressful, and they don’t know what questions to ask,” he said.

Scout Exchange runs a marketplace recruiting platform that matches recruiters with job searches based on their expertise and “their actual track record of filling positions,” said Ken Lazarus, CEO of Scout, based in Boston.

Scout enables employers to tap into one or more recruiters with the best record for filling a particular type of job, Lazarus said.

Meanwhile, Hired has a created a talent pool and the technology to help match candidates with employers. If an employer believes a candidate has the right skills, they will send an interview request to the candidate. The firm said it has raised more than $130 million to date.

Setting the right salary level

Knowing what to pay candidates helped to drive Salary.com’s just-announced acquisition of Compdata Surveys & Consulting.

Salary.com gets its compensation data from surveys purchased from other providers, as well as what it gathers in its own surveys. The acquisition of Compdata, which is predominantly a survey firm, gives Salary.com the platform, analytics and the data it needs, said Alys Scott, chief marketing officer at Salary.com, based in Waltham, Mass., although the firm will still buy some third-party surveys.

The low unemployment rate and retirements of baby boomers is putting pressure on firms to have good compensation models, Scott said. The “No. 1 motivator” around retaining, attracting and engaging talent is compensation, she said.

How to know if, when and how to pursue blockchain projects

BOSTON — There is no shortage of blockchain platforms out there; the numbers now run in the dozens. As for enumerating potential blockchain projects, it may be easier to list the blockchain use cases companies are currently not exploring. Moreover, although blockchain’s approach to verifying and sharing data is novel, many of the technologies used in blockchain projects have been around for a long time, said Martha Bennett, a CIO analyst at Forrester Research who’s been researching blockchain since 2014.

Even the language around blockchain is settling down. Bennett said she uses the terms blockchain and distributed ledger technology interchangeably.

But the growth and interest in blockchain projects doesn’t mean the technology is mature or that we know where it is headed, Bennett told an audience of IT executives at the Forrester New Tech & Innovation 2018 Forum. Just as in the early days of the internet when few anticipated how radically a network of networks would alter the status quo, today we don’t know how blockchain will play out.

“It is still a little bit of a Wild West. I should clarify that and say, it is the Wild West,” she said. Additionally, no matter how revolutionary distributed ledger technology may prove to be, Bennett said “nothing is being revolutionized today from an enterprise perspective,” because distributed ledger technology is not yet being deployed at scale.

Dirty hands

Indeed, IT leaders have their work cut out for them just figuring out how these nascent distributed ledger platforms perform at enterprise scale, and where they would be of use in the businesses they serve.

“At this stage, you really need to open up the covers and understand what a platform offers and what is in there. You have to get your hands dirty,” she said.

Blockchain projects today are about “thinking really big but starting small,” she said. If what gets accomplished is “inventing a faster horse” — that is, taking an existing process and making it a bit better — the endeavor will help IT leaders learn about how blockchain architectures work. That’s important because it’s hard “to catch up on innovation,” she said. “If you wait until things are settled it may be too late.” 

While CIOs get up to speed, they also need to think about using blockchain to reinvent how their companies function internally and how they do business. “That is the big bang,” she said, but added it may take decades for blockchain to give birth to a new order.

Martha Bennett, analyst at Forrester, on blockchain at the Forrester New Tech & Innovation 2018 Forum.
Forrester analyst Martha Bennett presents on blockchain at the Forrester New Tech & Innovation 2018 Forum.

In a 90-minute session that included a talk by the IT director of the Federal Reserve Bank of Boston about how the Fed is approaching blockchain (blogged about here), Bennett ticked through:

  • Forrester’s definition of blockchain and why the wording merited close attention;
  • why blockchain projects remain in pilot phase;
  • a checklist to assess if you have a viable blockchain use case; and
  • situations when blockchain can help.

Here are some of the salient pointers for CIOs:

What is blockchain?

Blockchain, or distributed ledger technology, as defined by Forrester, “is a software architecture that supports collaborative processes around trusted data that is shared across organizational and potentially national boundaries.”

The wording is important. Architecture, because blockchain is a technology principle and not about any one platform. Collaborative, because blockchain is a “team sport, not something you do for yourself,” Bennett said, requiring anywhere between three and 10 partners. (Under three will not provide the diversity of views blockchain projects need, while more than 10 is “like herding cats.”) Blockchain requires data you can “trust to the highest degree,” she said, and it is about sharing. In many cases, CIOs will find they can deliver the service in question “better, faster, cheaper with existing technologies,” she said. “But what you don’t get is that collaborative aspect, extending processes across organizational boundaries.”

What factors hold back enterprise-scale deployment?

Companies are exploring a plethora of blockchain projects, from car sharing and tracking digital assets to securities lending, corporate loans and data integrity. Full deployment can’t happen until experimenters figure out if the software can scale; if it needs to integrate with existing systems and if so, how to do that; what regulatory and compliance requirements must be met; and what business process changes are required both internally and at partner organizations in the blockchain, among other hurdles.

“We are seeing projects transition beyond the POC [proof of concept] and pilot phase, but that is not the same as full-scale rollout,” Bennett said.

How to decide whether to take on a blockchain use case

“If you don’t have a use case, don’t even start,” Bennett said. A company can come to Forrester and ask for examples of good use cases, she said, but ultimately only the company knows its organization and industry well enough to be able to pinpoint how blockchain might make the process better. She suggested asking these questions to help clarify the use case:

  • What problem are you trying to solve with blockchain?
  • Do other ecosystem participants have the same or related issues?
  • What opportunity are you trying to capture?
  • Do you have your ecosystem (which can comprise competitors) on board?

On the last question, Bennett explained that even rich industries like investment banking need to address process efficiency. “Everybody needs to worry about how much it costs to run IT operations,” she said. If competitors have common processes that are costly and cumbersome, why not consider sharing them using blockchain?

How to know when blockchain helps

Here is Bennett’s checklist for identifying when blockchain can be of use:

  • Are there multiple parties that need access to the same data store?
  • Does everybody need assurance that the data is valid and hasn’t been tampered with?
  • What are the conditions of the current system — is it error-prone, incredibly complex, unreliable, filled with friction?
  • Are there good reasons not to have a single, centralized system? Distributed ledger technology introduces complexity and risk precisely for reasons listed above. In addition to making the technology scale, adopters still are wrestling with how to balance transparency and privacy, and how to handle exceptions.

Avoid preserving ‘garbage in a more persistent way’

Distributed ledger technology, Bennett stressed, also cannot fix problems with the data. “If your data is bad to start with, it will still be bad. You’re just preserving garbage in a more persistent way,” she said. A lot of blockchain projects target tracking and provenance of goods to take cost out of the supply chain and reduce fraud. Those are “great use cases,” she said. But if the object being tracked has been tampered with — even if you have established an unbreakable link between the physical object and the data on the blockchain — “the representation on the blockchain is a problem because suddenly you are tracking a fake item,” she said. Physical fraud issues need to be fixed for the blockchain to be of value.

The 80/20 rule

The digitization of paper processes has been the “real breakthrough,” but blockchain cannot “turn paper into anything digital,” Bennett said. If processes haven’t been digitized yet, CIOs need to get their enterprises to ask themselves why because that is the starting point.

Finally, CIOs must understand that technology problems notwithstanding, blockchain projects are 80% about the business and 20% about technology. 

“Technology problems have a habit of being addressed and of being resolved,” Bennett said. Business issues — digitizing, dismantling internal silos, redesigning processes — can take far longer.”

New data science platforms aim to be workflow, collaboration hubs

An emerging class of data science platforms that provide collaboration and workflow management capabilities is gaining more attention from both users and vendors — most recently Oracle, which is buying its way into the market.

Oracle’s acquisition of startup DataScience.com puts more major-vendor muscle behind the workbench-style platforms, which give data science teams a collaborative environment for developing, deploying and documenting analytical models. IBM is already in with its Data Science Experience platform, informally known as DSX. Other vendors include Domino Data Lab and Cloudera, which last week detailed plans for a new release of its Cloudera Data Science Workbench (CDSW) software this summer.

These technologies are a subcategory of data science platforms overall. They aren’t analytics tools; they’re hubs that data scientists can use to build predictive and machine learning models in a shared and managed space — instead of doing so on their own laptops, without a central location to coordinate workflows and maintain models. Typically, they’re aimed at teams with 10 to 20 data scientists and up.

The workbenches began appearing in 2014, but it’s only over the past year or so that they matured into products suitable for mainstream users. Even now, the market is still developing. Domino and Cloudera wouldn’t disclose the number of customers they have for their technologies; in a March interview, DataScience.com CEO Ian Swanson said only that its namesake platform has “dozens” of users.

A new way to work with data science volunteers

Ruben van der Dussen, ThornRuben van der Dussen

Thorn, a nonprofit group that fights child sex trafficking and pornography, deployed Domino’s software in early 2017. The San Francisco-based organization only has one full-time data scientist, but it taps volunteers to do analytics work that helps law enforcement agencies identify and find trafficking victims. About 20 outside data scientists are often involved at a time — a number that swells to 100 or so during hackathons that Thorn holds, said Ruben van der Dussen, director of its Innovation Lab.

That makes this sort of data science platform a good fit for the group, he said. Before, the engineers on his team had to create separate computing instances on the Amazon Elastic Compute Cloud (EC2) for volunteers and set them up to log in from their own systems. With Domino, the engineers put Docker containers on Thorn’s EC2 environment, with embedded Jupyter Notebooks that the data scientists access via the web. That lets them start analyzing data faster and frees up time for the engineers to spend on more productive tasks, van der Dussen said.

He added that data security and access privileges are also easier to manage now — an important consideration, given the sensitive nature of the images, ads and other online data that Thorn analyzes with a variety of machine learning and deep learning models, including ones based on natural language processing and computer vision algorithms.

Thorn develops and trains the analytical models within the Domino platform and uses it to maintain different versions of the Jupyter Notebooks, so the work done by data scientists is documented for other volunteers to pick up on. In addition, multiple people working together on a project can collaborate through the platform. The group uses tools like Slack for direct communication, “but Domino makes it really easy to share a Notebook and for people to comment on it,” van der Dussen said.

Screenshot of Domino Data Lab's data science platform
Domino Data Lab’s data science platform lets users run different analytics tools in separate workspaces.

Oracle puts its money down on data science

Oracle is betting that data science platforms like DataScience.com’s will become a popular technology for organizations that want to manage their advanced analytics processes more effectively. Oracle, which announced the acquisition this month, plans to combine DataScience.com’s platform with its own AI infrastructure and model training tools as part of a data science PaaS offering in the Oracle Cloud.

By buying DataScience.com, Oracle hopes to help users get more out of their analytics efforts — and better position itself as a machine learning vendor against rivals like Amazon Web Services, IBM, Google and Microsoft. Oracle said it will continue to invest in DataScience.com’s technology, with a goal of delivering “more functionality and capabilities at a quicker pace.” It didn’t disclose what it’s paying for the Culver City, Calif., startup.

The workbench platforms centralize work on analytics projects and management of the data science workflow. Data scientists can team up on projects and run various commercial and open source analytics tools to which the platforms connect, then deploy finished models for production applications. The platforms also support data security and governance, plus version control on analytical models.

Cloudera said its upcoming CDSW 1.4 release adds features for tracking and comparing different versions of models during the development and training process, as well as the ability to deploy models as REST APIs embedded in containers for easier integration into dashboards and other applications. DataScience.com, Domino and IBM provide similar functionality in their data science platforms.

Screenshot of Cloudera Data Science Workbench
Cloudera Data Science Workbench uses a sessions concept for running analytics applications.

Choices on data science tools and platforms

Deutsche Telekom AG is offering both CDSW and IBM’s DSX to users of Telekom Data Intelligence Hub, a cloud-based big data analytics service that the telecommunications company is testing with a small number of customers in Europe ahead of a planned rollout during the second half of the year.

Users can also access Jupyter, RStudio and three other open source analytics tools, said Sven Löffler, a business development executive at the Bonn, Germany, company who’s leading the implementation of the analytics service. The project team sees benefits in enabling organizations to connect to those tools through the two data science platforms and get “all this sharing and capabilities to work collaboratively with others,” he said.

However, Löffler has heard from some customers that the cost of the platforms could be a barrier compared to working directly with the open source tools as part of the service, which runs in the Microsoft Azure cloud. It’s fed by data pipelines that Deutsche Telekom is building with a new Azure version of Cloudera’s Altus Data Engineering service.

News briefs: Mobile recruiting interfaces still painful

Mobile recruiting platforms aren’t getting enough attention from HR departments, according to a recent Glassdoor report. Mobile interfaces are clunky and hard to use. They impose required fields that duplicate data that’s already on the résumé.

“Mobile job application experiences remain painful for most job seekers,” said Andrew Chamberlain, Glassdoor’s chief economist, in a report on upcoming trends. This is a problem for employers. Many job seekers today are using mobile devices to reach employer job sites.

It is a consequence of legacy enterprise applicant tracking systems (ATSes) built before the mobile era. Firms are waking up to this fact, and Glassdoor believes improving mobile recruiting systems is on the verge of becoming a priority.

A lot of organizations have a hodgepodge of HR systems. Their primary goal is moving to cloud and to mobile more quickly, said Tony DiRomualdo, senior director of the HR executive advisory program at The Hackett Group, based in Miami.

But mobile is only “widely implemented” in 16% of organizations surveyed last fall by Hackett. DiRomualdo said he believes the percentage is higher for mobile recruiting platforms, because it’s easier to make a business case.  

Mobile recruiting implementation “has been slower than a lot of people in HR would like,” DiRomualdo said. “They have a hard time getting the funding and prioritization for it,” he said.

A new recruiting platform with ATS-like systems

Mobile job application experiences remain painful for most job seekers.
Andrew Chamberlainchief economist, Glassdoor

Recruiting platform vendors are taking on some of the work of internal applicant tracking systems and can give job seekers a better mobile experience. They are creating dashboards and intelligent ranking systems. JobzMall, the latest addition to this trend, is due to launch Jan. 15.

The site, which has about 250 participating organizations and is running in a closed beta, organizes itself around a “virtual shopping mall,” said Nathan Candaner, co-founder of JobzMall, based in Irvine, Calif.

Employers have virtual stores and can use video to create a personalized experience about their business. There are different buildings — such as the startup building, one for nonprofits, another for freelancers and one for larger firms. Job seekers fill out a template on the recruiting platform, which they can use to apply for multiple jobs. The system gives applicants a little more transparency into the progress of their application.

Candaner said he sees a need for this type of recruiting platform. Many job sites today want users to cut and paste their résumés for each job application. The systems give employers little help in managing the applications.

JobzMall gives employers a dashboard, which includes collaborative tools, for managing and viewing applicants in one spot. The system knows what the qualifications are and the skill sets of the applicants. It also learns the employer’s behavior in evaluating candidates. It uses that to help rank and select applicants. “Our system learns, and in time, we do give very pointed candidates to required jobs,” Candaner said.

Container security platforms diverge on DevSecOps approach

SAN FRANCISCO — Container security platforms have begun to proliferate, but enterprises may have to watch the DevSecOps trend play out before they settle on a tool to secure container workloads.

Two container security platforms released this month — one by an up-and-coming startup and another by an established enterprise security vendor — take different approaches. NeuVector, a startup that introduced an enterprise edition at DevOps Enterprise Summit 2017, supports code and container-scanning features that integrate into continuous integration and continuous delivery (CI/CD) pipelines, but its implementation requires no changes to developers’ workflow.

By contrast, a product from the more established security software vendor CSPi, Aria Software Defined Security, allows developers to control the insertion of libraries into container and VM images that enforce security policies.

There’s still significant overlap between these container security platforms. NeuVector has CSPi’s enterprise customer base in its sights, with added support for noncontainer workloads and Lightweight Directory Access Protocol. Software-defined security includes network microsegmentation features for policy enforcement that are NeuVector’s primary focus. And while developers inject software-defined security code into machine images, they aren’t expected to become security experts. Enterprise IT security pros set the policies enforced by software-defined security, and a series of wizards guide developers through the integration process for software-defined security libraries.

Both vendors also agree on this: Modern IT infrastructures with DevOps pipelines that deliver rapid application changes require a fundamentally different approach to security than traditional vulnerability detection and patching techniques.

There’s definitely a need for new security techniques for containers that rely less on layers of VM infrastructure to enforce network boundaries, which can negate some of the gains to be had from containerization, said Jay Lyman, analyst with 451 Research.

However, even amid lots of talk about the need to “shift left” and get developers involved with IT security practices, bringing developers and security staff together at most organizations is still much easier said than done, Lyman said.

NeuVector 1.3 container security platform
NeuVector 1.3 captures network sessions automatically when container threats are detected, a key feature for enterprises.

Container security platforms encounter DevSecOps growing pains

As NeuVector and CSPi product updates hit the market, enterprise IT pros at the DevOps Enterprise Summit (DOES) here this week said few enterprises use containers at this point, and the container security discussion is even further off their radar. By the time containers are widely used, DevSecOps may be more mature, which could favor CSPi’s more hands-on developer strategy. But for now, developers and IT security remain sharply divided.

Eventually, we’ll see more developer involvement in security, but it will take time and probably be pretty painful.
Jay Lymananalyst, 451 Research

“Everyone needs to be security-conscious, but to demand developers learn security and integrate it into their own workflow, I don’t see how that happens,” said Joan Qafoku, a risk consulting associate at KPMG LLP in Seattle who works with an IT team at a large enterprise client also based in Seattle. That client, which Qafoku did not name, gives developers a security-focused questionnaire, but security integration into their process goes no further than that.

NeuVector’s ability to integrate into the CI/CD pipeline without changes to application code or the developer workflow was a selling point for Tobias Gurtzick, security architect for Arvato, an international outsourcing services company based in Gütersloh, Germany.

Still, this integration wasn’t perfect in earlier iterations of NeuVector’s product, Gurtzick said in an interview before DOES. Gurtzick’s team polled an API every two minutes to trigger container and code scans with previous versions. NeuVector’s 1.3 release includes a new webhooks notification feature that more elegantly triggers code scans as part of continuous integration testing, without the performance overhead of polling the API.

“That’s the most important feature of the new version,” Gurtzick said. He also pointed to added support for detailed network session snapshots that can be used in forensic analysis. Software-defined security offers a similar feature with its first release.

While early adopters of container security platforms, such as Gurtzick, have settled the debate about how developers and IT security should bake security into applications, the overall market has been slower to take shape as enterprises hash out that collaboration, Lyman said.

“Earlier injection of security into the development process is better, but that still usually falls to IT ops and security [staff],” Lyman said. “Part of the DevOps challenge is aligning those responsibilities with application development. Eventually, we’ll see more developer involvement in security, but it will take time and probably be pretty painful.”

Beth Pariseau is senior news writer for TechTarget’s Data Center and Virtualization Media Group. Write to her at bpariseau@techtarget.com or follow @PariseauTT on Twitter.

Big data systems up ante on data quality measures for users

NEW YORK — In the rush to capitalize on deployments of big data platforms, organizations shouldn’t neglect data quality measures needed to ensure the information used in analytics applications is clean and trustworthy, experienced IT managers said at the 2017 Strata Data Conference here last week.

Several speakers pointed to data quality as a big challenge in their big data environments — one that required new processes and tools to help their teams get a handle on quality issues, as both the volumes of data being fed into corporate data lakes and use of the info by data scientists and other analysts grow.

“The more of the data you produce is used, the more important it becomes, and the more important data quality becomes,” said Michelle Ufford, manager of core innovation for data engineering and analytics at Netflix Inc. “But it’s very, very difficult to do it well — and when you do it well, it takes a lot of time.”

Over the past 12 months, Ufford’s team worked to streamline the Los Gatos, Calif., company’s data quality measures as part of a broader effort to boost data engineering efficiency based on a “simplify and automate” mantra, she said during a Strata session.

A starting point for the data-quality-upgrade effort was “acknowledging that not all data sets are created equal,” she noted. In general, ones with high levels of usage get more data quality checks than lightly used ones do, according to Ufford, but trying to stay on top of that “puts a lot of cognitive overhead on data engineers.” In addition, it’s hard to spot problems just by looking at the metadata and data-profiling statistics that Netflix captures in an internal data catalog, she said.

Calling for help on data quality

To ease those burdens, Netflix developed a custom data quality tool, called Quinto, and a Python library, called Jumpstarter, which are used together to generate recommendations on quality coverage and to set automated rules for assessing data sets. When data engineers run Spark-based extract, transform and load (ETL) jobs to pull in data on use of the company’s streaming media service for analysis, transient object tables are created in separate partitions from the production tables, Ufford said. Calls are then made from the temporary tables to Quinto to do quality checks before the ETL process is completed.

In the future, Netflix plans to expand the statistics it tracks when profiling data and implement more robust anomaly detection capabilities that can better pinpoint “what is problematic or wrong” in data sets, Ufford added. The ultimate goal, she said, is making sure data engineering isn’t a bottleneck for the analytics work done by Netflix’s BI and data science teams and its business units.

2017 Strata Data Conference in New York
Data quality in big data systems was among the topics discussed at the 2017 Strata Data Conference in New York.

Improving data consistency was one of the goals of a cloud-based data lake deployment at Financial Industry Regulatory Authority Inc., an organization in Washington, D.C., that creates and enforces rules for financial markets. Before the big data platform was set up, fragmented data sets in siloed systems made it hard for data scientists and analysts to do their jobs effectively, said John Hitchingham, director of performance engineering at the not-for-profit regulator, more commonly known as FINRA.

A homegrown data catalog, called herd, was “a real key piece for making this all work,” Hitchingham said in a presentation at the conference. FINRA collects metadata and data lineage info in the catalog; it also lists processing jobs and related data sets there, and it uses the catalog to track schemas and different versions of data in the big data architecture, which runs in the Amazon Web Services (AWS) cloud.

To help ensure the data is clean and consistent, Hitchingham’s team runs validation routines after it’s ingested into Amazon Simple Storage Service (S3) and registered in the catalog. The validated data is then written back to S3, completing a process that he said also reduces the amount of ETL processing required to normalize and enrich data sets before they’re made available for analysis.

Data quality takes a business turn

Brendan Aldrich, CDO at Ivy Tech Community CollegeBrendan Aldrich

The analytics team at Ivy Tech Community College in Indianapolis also does validation checks as data is ingested into its AWS-based big data system — but only to make sure the data matches what’s in the source systems from which it’s coming. The bulk of the school’s data quality measures are now carried out by individual departments in their own systems, said Brendan Aldrich, Ivy Tech’s chief data officer.

“Data cleansing is a never-ending process,” Aldrich said in an interview before speaking at the conference. “Our goal was, rather than getting on that treadmill, why not engage users and get them involved in cleansing the data where it should be done, in the front-end systems?”

That process started taking shape when Ivy Tech, which operates 45 campuses and satellite locations across Indiana, deployed the cloud platform and Hitachi Vantara’s Pentaho BI software several years ago to give its business users self-service analytics capabilities. And it was cemented in July 2016 when the college hired a new president who mandated that business decisions be based on data, Aldrich said.

The central role data plays in decision-making gives departments a big incentive to ensure information is accurate before it goes into the analytics system, he added. As a result, data quality problems are being found and fixed more quickly now, according to Aldrich. “Even if you’re cleansing data centrally, you usually don’t find [an issue] until someone notices it and points it out,” he said. “In this case, we’re cleansing it faster than we were before.”

How cloud computing platforms fuel digital transformation

Many enterprises are turning to cloud computing platforms to accelerate digital transformation strategies. The cloud promises to provide a consistent set of APIs for developers to innovate around. It also makes it easier to reuse enterprise data more efficiently as part of a more modern software development ecosystem.

“The rise of PaaS [platform as a service], in all its flavors, indicates that the focus of innovation is shifting even further toward software development,” said Dave Bartoletti, principal analyst at Forrester Research. “Cloud computing platforms are becoming developer platforms first and foremost, not simply new infrastructure hosting locations or collections of cheap infrastructure.”

Cloud computing platforms are differentiating themselves at the developer services level on features like analytics, messaging, functional programming, other middleware, low-code platforms and internet of things. “While infrastructure is still important, we’re at a point where infrastructure is not only consumed on demand by developers and business units themselves, but increasingly consumed directly by their apps,” Bartoletti said.

Bring cloud computing platform paradigm together

Enterprise architects are facing a big challenge with everything about apps changing at once. App development styles are moving from Agile to DevOps. App architectures are moving from monoliths to microservices. App infrastructure is moving from virtual resources to cloud-native container platforms. Leading digital transformers are creating innovation labs where they can test and become experts on all three of these shifts at once.

“You can do one or two of these transformations without the third, but the network and positive reinforcement effects of doing all three in a focused innovation lab environment — funded differently and with different objectives — are powerful,” Bartoletti said. “Leaders are allowing teams to fail fast and fail often … and focus on delivering minimum viable products as quickly as possible.”

Start with the data

A good starting place for pursuing digital transformation should start with an analysis of the data. Bartoletti said there are plenty of different domains of this puzzle that enterprise architects should consider exploring at Oracle OpenWorld and JavaOne. This includes looking at how data is collected, where it is collected, and how and where they will find the analytics tools to drive new insights from the data their company collects.

Oracle has a large and popular SaaS portfolio — with which companies collect tremendous amounts of customer data — and a rapidly expanding set of cloud development services to derive insights from all that data. “Combined with new cloud infrastructure services, the Oracle cloud ecosystem is expanding, and I’ll be watching for how EAs [enterprise architects] can combine the many cloud services on offer from Oracle to get to that first new insight faster,” Bartoletti said.

Digital transformation strategies for all companies

Many enterprises are starting to leverage the cloud to drive their digital transformation when app development is outside of their focus of expertise. For example, Rancon Group in Murrieta, Calif., has built a thriving real-estate business while outsourcing many noncore functions, including HR, payroll and IT. It recently adopted the Oracle Financials Cloud to modernize its financial data management infrastructure. Steven Van Houten, CFO at Rancon Group, said a key differentiator was the service’s ability to effortlessly ingest older financial transaction data from Rancon’s legacy systems.

By moving all this data to the cloud, they can now quickly compare the positions of hundreds of separate business entities Rancon manages. Many of these kinds of analysis would take days in the past, or they were not practical at all. This digital transformation has given management the kinds of insight they require to make better decisions.

The biggest challenge has been finding a balance between new cloud features and services that sound nice, but didn’t necessarily add value. “New functionality and products are becoming available all the time. It is challenging to decide when you should make changes or implement solutions just because they are there,” Van Houten said. “I would recommend managers make sure the capabilities are really there to improve your current business process. If you can stay on top of what is being changed and added, you can continue to support your enterprise and take advantage of new functionality as it becomes available.”

Find the right balance between microservices and monoliths

DreamWorks has been pursuing a digital innovation strategy to move its infrastructure to a hybrid cloud built on a microservices architecture. The goal is to create a cloud-native environment for public-facing services, as well as its internal animation-based workflows. One of the biggest challenges has been around orchestrating microservices for its digital animation infrastructure.

Doug Sherman, principal engineer at DreamWorks Animation in Glendale, Calif., plans to talk about orchestration and choreography approaches at JavaOne. Both strategies for making use of DreamWorks’ many microservices proved to be both rewarding and challenging. “One of the biggest challenges was dealing with when things didn’t follow the ‘happy path,'” Sherman said. “Ultimately, good logging strategies and offering sensible debugging pathways are essential when so much is going on in so many places.”

Part of this transformation is moving a digital asset management application, called Paperboy, from a monolith built on Java to a microservices architecture designed to run in the cloud. Sherman said a good practice is to invest time upfront into identifying the most effective boundaries for breaking the monolithic application into different components. 

“Like many other monoliths before it, much of the initial work was to strategize on how best to break things down into meaningful parts,” Sherman explained. “There is an initial temptation to microsize everything, but there is certainly a balance that needs to be struck. Next steps involved determining the best back-end resources to pair the services up with.” 

Share experience to learn faster

Another good practice lies in reflecting on what other companies have done. Sherman said he believes enterprise architects have a lot to gain from speaking at events like JavaOne. The process helps them to better understand their own architectures. It is also a powerful tool for enterprise architects to compare their own enterprise digital transformation strategies with others.

“One of the reasons I decided to start speaking at events like JavaOne was because I enjoyed modeling my approaches after what other successful companies had done,” Sherman said. “Sharing experiences and comparing notes is essential before you start down this path.”