The availability of these security tools should help overcome the doubts some harbour with regard to PaaS and encourage more uptake. The various providers will have high hopes for 2010 as the world continues to struggle with its economic woes; they will present PaaS as the cheap, flexible choice. By the end of the year it should be clear if their potential customers agree and the investments made in PaaS have all been worthwhile.
By Bob Tarzey, Analyst and Director, Quocirca
Salesforce.com is now seen as a trusted partner, as a means to get to new revenue streams, and as something that has to be paid attention to.
Certainly, the growing interest in the cloud means salesforce.com is right in the sweet spot at the moment. But is there more to it?Is it just that salesforce.com is the most recognisable cloud play in the market at the moment? Do all these other vendors suddenly riding the coat tails believe that having cracked running on AppExchange, they’ll be able to port directly to other clouds, such as Amazon’s EC2 or Microsoft’s Azure? Surely not, as the platforms are all different.
So, it looks like saleforce.com is doing a lot of stuff well. The latest versions of the “standard” platforms are looking good, and new functionality means that less and less core functionality is required to be sourced outside of these platforms. Any synergistic or ancillary functions can either be found on AppExchange or can be relatively easily created there, using an Eclipse-based IDE, meaning that little in the way of new skills will be required.
The big news from Dreamforce was the new offering – Chatter. A stream aggregation approach, Chatter will bring together discussions and events in one single stream, nominally to provide a single environment where everything is happening so that the user doesn’t have to search in different silos for such things.
Sounds good – but this single stream can very easily get out of control if policies and procedures are not put in place beforehand. With many exchanges between people now being based on short messages, standard tagging and content inspection/filtering techniques are difficult to apply – there is just too little content to find any true context.
Here, salesforce.com will have to use its strengths in having a single image of its software, and see how people use Chatter, and from that build up some good and best practice models. These will then need to be promoted to the customer base, both directly and through the channel, so that Chatter doesn’t crush itself to death through trying to be all things to all people.
On a slightly different note, Google chose the same time to demonstrate its Chrome OS to a waiting world – an ultra-light operating system that is there to get a browser (Chrome, unsurprisingly) up and running as fast as possible. All applications that can be run in Chrome will need to be certified by Google before there is any capability to run them. Salesforce.com needs to ensure that its core platforms are validated as soon as possible – if for no other reason than for good marketing. The issue will then be how to get Google to rapidly validate all AppExchange applications as well.
But, overall, the feeling was that salesforce.com is not exactly struggling – growth is strong, progress is swift. Customers are happy, other technology vendors are cosying up. A strong road map is there, and things are looking decidedly rosy for salesforce.com as a company and as a platform for community, commercial and independent providers of functionality.
As a Dreamforce, there was little to give anyone nightmares. The clouds are still light and fluffy, and any sign of a storm is still just distant barely audible rumblings.
Two acquisitions announced in the last week underline the battle to gain market share and technical superiority in the web security market and continue the debate about how content security is best delivered - at the edge of the network or in the cloud using the software-as-a-service (SaaS) model.
First, on 28 October, Cisco announced it was buying ScanSafe, a UK company that had established a strong position in SaaS-based web security, and today, M86 Security (formerly Marshal) announced it was buying the Israeli firm Finjan, a specialist in real-time web threat analysis.
These acquisitions are the latest in a continuum of such deals, marking the near end of consolidation of the web security sector that has taken place over the last few years, as there are few small specialists left. Most are now part of the broad portfolios of large security vendors, which is, in Quocirca’s view, no bad thing as it stabilises the market and provides new sales channels for the strongest products. The same sort of consolidation happened at an earlier stage in the email security market.
For example, the overall leader in web security, Websense, shook the market in 2007 when it bought one of its main rivals SurfControl. This strengthened its market share, but was also part of a broader strategy to widen its portfolio, as SurfControl had other assets including email security. Websense had already acquired Port Authority – a data loss prevention vendor and has since acquired Defensio to strengthen its spam filtering.
McAfee followed with the purchase of Secure Computing in late 2008. Its rivals Symantec and Trend Micro are also in the web security market – the former through its 2008 MessageLabs acquisition (this SaaS-based email security vendor was already developing web security technology) and the latter through a couple of technology acquisitions as long ago as 2005 and in-house development.
When considering which approach to take for web security, network-edge or SaaS, latency is often of primary concern - more so than with email security - as any security technology that slows down web access frustrates users and damages productivity. Network edge vendors claim a performance advantage, but there are two factors that further complicate issues.
First, web security policies that control the web use inside the firewall need to be extended to those working remotely – this is more easily achieved with a SaaS-based service. Second, web-based business processes often span multiple organisations making the network edge much vaguer than it used to be and content security policy often needs to be extended to external users.
It is interesting that Cisco bought ScanSafe, a pioneer in the delivery of SaaS-based web security. In the past Cisco has stuck to hardware appliances to be deployed at the network edge for security, for example IronPort, which it acquired in 2007 for email security. Perhaps Cisco is recognising that the only way to control disparate web users is with a SaaS-based system, giving customers confidence to use the web for communication and collaboration wherever they are, including the use of web based voice, video and web conferencing tools. Cisco’s only other foray into SaaS so far was its 2008 acquisition of web conferencing vendor WebEx.
M86 Security’s acquisition of Finjan tackles the latency issue. M86 Security was already in the web security market with its WebMarshal software aimed at small businesses and its 8e6 appliance for URL filtering that became part of its portfolio when it merged with 8e6 Technologies leading to the new name. The Finjan acquisition adds real-time web threat monitoring, ensuring all web traffic is inspected for malware with minimal degradation of performance. It also adds some SaaS capability as Finjan was already in the process of extending its gateway-based web security to the cloud.
There are still plenty of choices even though consolidation has meant web security is now mainly in the realm of broad-based one-stop-shop security suppliers. Vendors are increasingly offering both network edge and cloud-based offerings, in some cases a hybrid of both, allowing customers to achieve a balance between performance and reach. Some buyers still regard cloud-based offerings with suspicion, especially when it comes to security, but such offerings are performing better and better, so many are accepting that outsourcing security to experts makes sense.
The web is an essential tool for all businesses. Making its use is as safe as possible while ensuring users remain focused on the benefits it brings, knowledge acquisition and communication, while avoiding its many distractions, is the aim of all these products. With the right tools it is possible to ensure the web is a largely safe and productive environment. Happy surfing.
By Bob Tarzey, Quocirca
IT security supplier Trend Micro has admitted that some of its products are not 100 per cent effective. In fairness, it is making this claim about the whole IT security industry, including itself. Trend’s admission comes after it carried out 130 free “on-site security threat assessments” across a range of organisations with an average of 7,484 employees. The sample included a minority of Trend’s customers.
All the organisations assessed had active malware of some sort on their systems. Some 80 per cent had malware that originated from web-related activities. This included 72 per cetn with internet relay chat (IRC) bots – software agents that facilitate some sort of external communication to the web. IRC bots are often doing no particular harm and are not always in themselves malware, but the channels they keep open can be exploited by malware writers and they can generate unwanted network traffic. Information-stealing malware was found in 56 per cent of organisations and network worms in 42 per cent – both definitely bad.
Nearly all the organisations assessed had security software in place including firewalls, host-based malware detection and some sort of content filtering. So how is the malware getting through? The truth is that these security tools, taken together, do keep the majority of malware at bay, but the aim of the bad guys is to evolve their malware to keep ahead of security technology – and they often succeed. Why else would they keep going?
The situation is exacerbated by two other factors. First, the increasing mobility of the workforce; often user devices are used on networks beyond the control of a given organisation’s IT security staff and become infected while connected to such networks. Although end-point security can help with this, many organisations do not use it comprehensively.
Second, malware is increasingly delivered via the web, rather than email. Most organisations have email filtering in place, but many have not addressed the more varied web traffic which encompasses a wide range of communications tools. There are now many tools and services available to control web traffic, but a threshold always needs to be set between controlling user activity and allowing the freedom to use the web productively – in other words 100 per cent mitigation of the web threat is just not possible other than by stopping its use altogether.
So why does Trend, which sells products and services to do most of the above, want to highlight some of its imperfections? Well – there is of course some self interest – Trend has developed a new offering that it wants customers, and those of its competitor, to buy, to protect them from this background threat.
Trend has launched what it calls “Trend Micro Threat Management Services”. There are three components:
1. Threat Discovery Services – this goes beyond a free initial assessment to provide continual monitoring for new threats and regular reporting.
2. Threat Remediation Services – cleans up existing problems and put in place tools to make sure they do not happen again. This goes beyond standard host-based malware protection as it can seek out and prevent activity than spans multiple devices, for example a user requesting an image file from a web site, but being sent an executable file (includes Threat Discovery).
3. Threat Lifecycle Management Services – ongoing advice and planning for better network management with regard to security (includes Threat Discovery and Remediation).
All well and good, but will customers buy it on top of all their existing security investments?
The services are aimed at enterprises (750 users and above). A free assessment can be applied for at www.trendmicro.co.uk/thinkagain. Beyond this, the Discovery Service starts at $15,000, while the full Lifecycle Management Service has an entry level price of $50,000. Time will tell if organisations are prepared to fork out for yet another layer of security or just accept the background threat. As is often the case, they will probably live with the latter, until a breach occurs that is so costly, it makes the Trend price for stopping it seem cheap.
By Bob Tarzey, director, Quocirca
IBM’s new focus is on the “smarter planet” – using technology to make the planet a better place. While Quocirca has no problems with this at a high level, it does have some issues around the small print.
For a start, this “smarter planet” seems to be built around a number of “smart cities”. IBM has presented figures showing that half the world’s population lived in cities in 2007 – the first time more people had lived in cities than not. By 2020, predictions are that 70 per cent of the world’s population will be huddled in these cities. IBM’s view is that this is inevitable, and as such, technology can be used to ameliorate any urban issues and make life as good for citizens as possible.
OK – problem number one. In 2007, there was a 50/50 split of inhabitants, with half of the world’s population living away from cities, carrying out crucial activities such as agriculture to feed the 3.3 billion citizens (as well as the non-agricultural “others”). In 2020, there will only be a possible pool of 3.3 billion people outside the cities to provide agricultural support for around seven billion people in cities - more than the total population of the planet now. And how many of these 3.3 billion will want to work in agriculture – or will they want to go for the promises of the entrepreneurial lifestyle espoused by politicians, by Western incomers and by role models in their own countries?
In today’s major cities in emerging countries, population growth is not being matched by infrastructure growth – and although technology can help by speeding up progress in some of these areas, it is unlikely to meet needs adequately, and shanty towns and ghettos will continue to stress the infrastructures of these cities. Second, if you live in the surrounding country, and hear about how your nearest conurbation has suddenly become “smart”, what do you want to do? Stay in the “dumb” countryside, or move to the bright lights and gold pavements of the city?
Creating smart cities without a more holistic view of how this needs smart villages, smart communities and smart communications linking all of these together leads to the acceleration of large issues for large cities – the external perception is that the city is the place to be, more people arrive, the infrastructure can’t deal with it, the surrounding area becomes denuded, there is less food available from the surrounding areas to meet the needs of the citizens, less available water, less total capability. Poverty, followed by disease and even unrest can easily follow.
Technology, rather than solving the problem, has become a major cause of the problem through making the city an attraction to too many people, without enabling the major changes in the same timescales in the surrounding environment. Even if there is an associated agricultural revolution running alongside the smart city revolution, the speed of expansion of these cities and the manner in which they then decrease available agricultural land through building will make the search for new agricultural land a geopolitical, as well as a sustainability and green, issue.
Take some of these high-growth cities, with growth rates of between 20-50 per cent per annum in citizens, whether legal migrants or less legal/illegal people. Look at Mumbai – a city of 12 million official inhabitants, probably closer to 18 million in reality. Imagine this growing by 20 per cent per annum – an increase of more than three million people per year. Even if these people only need three square metres each to live in, there is a need for an extra nine million square metres of living space – space that cannot be farmed or used for any useful output. Each person will also require a bare minimum of five litres of drinking/cooking water per day, so there is a need for 15 million extra litres of potable water. If these people want to use electricity for lighting and cooling (either a small air conditioning unit or refrigerator), then even if minimised to the need for each person averaging out at 100W total drain, or 2.4kWh per day, there is a need for 7.2GWh extra power provision.
Is this leading to a “smart city”? Or is this really more of being traduced by technology into massive folly that just makes the problem worse? Quocirca has written before on how a more all-embracing approach is needed – keep people away from the cities: if they want to be better farmers within their own existing communities, then help them to do this. If they need help to form co-operatives to maximise the capabilities of food, service and requirement exchanges across communities, then use technology to better facilitate this.
Jeff Jonas, an IBM distinguished engineer, and the most insane, sane man Quocirca has ever come across, states that due to our incapability to effectively deal with the explosion of data we are now facing, a data-driven world is actually becoming less smart. He proposes that new approaches need to be taken, using “sense-making” techniques to deal with data before it is stored. Other IBM technology is also looking at this – InfoSphere Streams is a great approach to filtering and managing mass data during creation.
But, a city full of sensors, actuators and other technologies will not become a smart city just because of the amount of data it churns out, nor even with the way the data is dealt with. It will only be a smart city if it helps in creating smart communities, smart countries, smart geographies and so to a smart planet.
The biggest “but”, though, has to be the major block to a smart planet – you, me and the other 6.6 billion people on this planet. Population growth is out of control, and those who have any chance of dealing with it are far too interested in looking at how much tax can be taken from the future population and how many goods can be created by them for export to bother about small facts such as the human race moving beyond the tipping point and starting the route to oblivion (which, of course, we may already have done). Technology can help here – but this is an area where the likes of IBM have to play second fiddle. From Quocirca’s point of view, the best the likes of IBM, Microsoft, Cisco and other vendors can do is to attempt to move towards a more sustainable future – keeping communities together, moving more people towards self- or communal-sufficiency, providing infrastructure and technology that supports people where they already are.
To the governments, political activists, commercial concerns and religious ideologues, now is the time to see the writing on the wall and mandate change. Short termism, vested interests and age-old superstitions will not save the human race – only wholesale change of mindset and approach to the issues will – helped by technology (of course).
By Clive Longbottom, service director, business process analysis, Quocirca
The current financial crisis has produced a new round of record-breaking bankruptcies that overshadow those of the last crash caused by the dot com bust at the start of this decade. Measured by assets, Lehman Brothers and Washington Mutual (both September 2008) now take first and second place pushing Enron (December 2001) and WorldCom (July 2002), both record breakers in their day, down the league, but they still manage third and fifth positions respectively (GM, June 2009, intervenes at number four).
Enron still exists but only as the Enron Creditors Recovery Corporation, all its assets having been sold; the remaining assets of WorldCom (after a period trading under the old name of MCI) were eventually acquired by Verizon in 2005. But a third company many will remember from those heady days is still trading under the name it was known by when it went bankrupt – Global Crossing (GC).
When GC filed for Chapter 11 bankruptcy protection in January 2002 with assets of more than $30bn, it was then the fifth largest bankruptcy of all time - even today it still manages 14th place. How has GC survived, what is it doing today and is it likely to survive in its current reincarnation?
GC emerged from Chapter 11 in December 2003 with a plan of reorganisation in place that provided for majority ownership by Singapore Technologies Telemedia (ST Telemedia). The remaining shares are publicly traded.
The plan worked; GC’s revenue for 2008 was more than $2.5bn, on which it generated an operating income of $273m - compare this with 2001 when revenue was around $3bn but it ended up reporting a loss of $10bn that led to the Chapter 11 filing. Today IP networking accounts for 80 per cent of Global Crossing’s revenue, via a combination of its enterprise, indirect and wholesale data channels. The remainder of its revenue comes from other lines of business that have been built up through acquisitions.
This includes, GC UK a locally focused operation that has grown out of a number of acquisitions over the years including Racal (1999) and Fibernet (2006). The Fibernet business is key to GC’s ongoing growth - as well as strengthening GC’s UK infrastructure it also has a healthy user services business.
GC UK now offers network, security and professional services across all industry sectors but with a particular strength in the government and transport markets. For GC UK the provision of communications infrastructure is now a secondary rather than a primary focus. How else do you compete with BT and AT&T at the enterprise level? More recently GC has added in datacentre hosting services. The knowledge to do this is derived from the second subsidiary, GC Impsat.
GC acquired Impsat, a Latin American service provider, in 2007. An important part of Impsat’s portfolio was dat centre services and GC is now extending these offerings to other areas. In the UK GC started offering managed hosting services out of a London-based facility in 2008 and it now has around 35 customers. Like many such providers GC does not own its own datacentres but uses a co-location provider. In London this is Global Switch, with which it has also partnered recently to provision a facility in Amsterdam. Longer term it plans to extend managed hosting services to Germany, Spain and France and another UK facility outside of London.
The market for managed hosting is standing up well in the current downturn as many organisations look to reduce the cost of inefficient and out of date in-house datacentre facilities and the interest in on-demand (or cloud-based if you prefer) services grows. That GC has diversified into this market as well as the boarder services offered by GC UK gives it a base for ongoing expansion in the UK and beyond. Provided this is carried out in a measured fashion and the focus on profit is maintained GC can expect a healthy future and for the fiasco of 2002 to become a more and more distant bad memory.
Global Crossing is covered in Quocirca’s free report Managed Hosting in Europe.
By Bob Tarzey, director, Quocirca
Strong, two-factor authentication in itself is nothing new. It has long been used for providing a higher level of assurance that a person accessing computer resources is who they say they are than would be provided by a username and password alone. This is because it is based on the use of an additional factor of authentication—generally something the user has in their possession, such as a security token, or something that is unique to them, such as a biometric identifier.
The most commonly used form factor is a hardware token, the majority of which generate a one-time password at the touch of a button—making it useless for anyone to try to crack that password as it is good for just one event. However, the costs of distributing and managing hardware tokens for all users and the hidden costs of administration, such as users calling the helpdesk every time a token is broken or lost, have made such deployments costly and cumbersome.
That is changing as strong authentication technologies are evolving to include a wider range of token types. Software tokens, incorporated into smartphones, smartcards or USB devices, help to reduce the costs of procuring and distributing authentication tokens and can offer additional security benefits over and above authentication. For example, smartcards can be fitted with radio frequency identification chips so that they can also function as physical access authentication mechanisms when integrated with door access control systems. And USB sticks can be equipped with encryption technologies that lock down all data at a device level so that the computer is blocked immediately for use when the USB stick is removed.
One further new development is that of software tokens for mobile phones that are pushed to users when they are needed via SMS. For many people, mobile phones are central to their personal life and are highly valued. They are also being used for an increasing range of applications, including mobile banking and payments. By providing on-demand tokens via SMS they can now be extended to be a form of identification, avoiding the need to carry an extra piece of equipment such as a token or smart card. By using these types of tokens, users can authenticate to the network any time required and from anywhere, with no requirements for installing software on the devices or management of tokens.
For any strong, two-factor authentication deployment to be successful, it requires an efficient system to automate the processes involved in deploying and managing implementations. This is done through a central management console that automates tasks such as provisioning users with accounts and credentials and that integrates with other technology controls in use in the organisation to ensure that secure access can be provided to all computing resources used. Through centralised management, much of the complexity and hidden administration costs are removed. And, by tying authentication controls into security policies set and through reporting on all events that occur, organisations can more effectively determine that security controls are working as required.
As with types of tokens, such management systems are also evolving. Whereas management systems have to this point been provided as server-based systems managed on an organisation’s premises, new cloud-based authentication management services are coming onto the market, provided on a utility subscription model. Rather than the traditional upfront purchasing of software and necessary hardware to run it on, organisations using a cloud-based service just pay for the amount that they use in a particular month, and can scale their requirement up or down as necessary. This means that strong authentication services can now be procured at lower cost, making their use affordable for even the smallest or most distributed of organisations.
The evolution does not stop there. As cloud-computing authentication services continue to develop, they will evolve into open authentication platforms, accepting authentication mechanisms from multiple vendors. This will allow an organisation to sign up to the services and then provide two-factor authentication tokens to employees, customers and suppliers that are not limited just to the specific services that they offer, but that could be used for accessing services offered by other organisations that are business partners. When combined with industry standards such as the security markup assertion language specification developed by the OASIS Security Services Technical Committee, the promise of identities being seamlessly federated among multiple service providers will be possible. The commercial attractiveness of this is that a company can offer a wide portfolio of services under a single brand, where the services are actually delivered using a white label arrangement by third parties.
The themes outlined in this article are discussed in greater detail in a new report from Quocirca, commissioned by CRYPTOCard, that is freely available for download here: The evolution of strong authentication.
By Fran Howarth, principal analyst, security and information governance, Quocirca
At VMworld in California this week, the topic de jour was, unsurprisingly, cloud computing. VMware wants to be the underpinning to internal and external clouds, using the capabilities of its growing management suite to service the needs of such a dynamic platform.
VMware does have a pretty impressive set of capabilities in this market, with its hypervisor, its ability to manage the provisioning and movement of images around a virtualised environment and so on. And, on the whole, the vendor does seem to understand a lot of the issues that cloud brings to the fore.
But, Quocirca was left with a few worries.
For example, VMware’s chief executive, Paul Maritz has a concern himself. Putting an application in the cloud is one thing, but what if the cloud platform provider runs into trouble and you need to pull it out again? To Maritz, the analogy is like a line from the Eagles’ song, Hotel California: “You can check in any time you like, but you can never leave”.
But is this how the cloud will work? Is it really going to be a platform-as-a-service (PaaS) model, where users will still own the application and provision it to a virtualised hardware platform owned by someone else? Indeed, a number of chief executives from service providers stood up on stage and put forward this model repeatedly. When you look at the names involved – the likes of Savvis and Verizon, it is not surprising. These service providers come from the managed hosting environment – they have already built their models on providing environments on which people run their own software. But is the market ready to change? Quocirca believes so, and we see it as far more likely that the cloud will be essentially a functional platform model, where the user subscribes to the use of a set of functions, rather than to a set of hardware capabilities.
In this case, the application is not owned by the user at all – the cloud provider owns it. All the user is doing is subscribing to a set of functional services. This is the way that the Salesforce.com approach works, along with the likes of Concur, Netsuite and others. The software becomes (relatively) immaterial – the way that it “does” things becomes far more key.
If it is a functional platform, then we also run in to issues as to how the “function” is provided. Are we still looking at an “application” per se, or are we now looking at a collection of services from which an aggregate application or process-focused stream of functions are provided, either from a single provider, or drawn from across a whole set of providers? It is far more likely that the cloud will go in this direction, with the likes of Google with Docs, Apps and Wave, Microsoft Azure with its Live services and other functional models “wrapping” functions up in a manner where users can call them at will to facilitate solutions to immediate problems. Sure, this will need some form of underpinning in the means of a process engine, and here players such as Cordys are taking steps to ensure they are first in line. Cordys has managed to place its Process Factory capability into the Google environment, enabling process flows to be visualised and managed, and for functions to be called and aggregated as required from within the Google cloud environment.
For VMware, this presents a bit of an issue. If the user has no control over the “application” itself, the market ceases to be one of “help me as a user to do virtualisation” to one of “help me as a service provider meet the needs of my users”. True, cloud providers will need to provision and move functions around their own cloud to meet the needs of dynamic workload, but costs here become more of an issue, as the end result is not seen as being pure value-add in itself. And, if the application is actually an aggregation of smaller functional services, VMware has a different problem – which is perhaps why it has just acquired SpringSource.
SpringSource itself bought another company, Hyperic, which provides functionality for managing Java-based applications (SpringSource provides tools for writing applications in the Java environment). If Hyperic can be rolled in to the VMware management environment, then VMware gets closer to being able to manage a service-based environment. A combined vSphere, vCenter and Hyperic will provide a solid capability for service providers to manage applications in their virtual environment.
VMware’s current ace in the hole is that the management of the virtual environment by the incumbent systems management vendors such as IBM Tivoli, CA, BMC and HP still leaves much to be desired. The majority use VMware’s own capabilities to manage a VMware virtual platform through APIs. Therefore, VMware has currently got a solid market in being either the main management provider for virtualised environments, or at least the main gateway to it. But, this will change as Microsoft becomes more of a play in the market and 100 per cent VMware platforms become more hybridised with Hyper-V in certain areas. Indeed, a further issue is that VMware can’t, as yet, manage Microsoft hypervisors or images.
The lack of capability to manage the physical environment, even at a basic level, is the biggest threat to VMware. Essentially, it is left to the incumbents. But these incumbents know their futures depend on managing the virtual environment, whether it be VMware, Microsoft, Citrix, Parallels or whoever. Rest assured that each physical management vendor is working hard on replication VMware’s capabilities, and as they do, the need for VMware’s management tools becomes less obvious.
As Maritz himself stated, VMware needs to move up and down the stack. The purchase of SpringSource moves VMware into the application arena. But the moving down in to the physical world was glossed over – as far as VMware is concerned, it is IBM’s, CA’s, BMC’s or HP’s domain. A partnership (or acquisition) of a company such as LANDesk or Numara could provide a quick solution to this issue.
Maritz knows that the hypervisor is fast becoming a commodity – he stated that VMware has to chase the cost curve down. The main focus is on how to make the VMware virtual world so much better an experience than anyone else’s. This is admirable in itself, but as the physical management players improve their virtual capabilities, VMware runs the risk of being squeezed between the rock and the hard place.
Without taking on the physical world, could the sainted Maritz be facing a different Eagles song – Heartache Tonight ?
By Clive Longbottom,service director, Quocirca
The “largest, deepest, longest recession” in history looks like it was overblown – Germany and France are already out of recession, and it is likely that the UK will follow soon - at least at a technical level. Therefore, it should follow that we’re going to see an upturn in IT spend – just in time to pay for cloud computing initiatives, Windows 7 installations and to re-animate projects put on hold in 2008/9 as the money ran out.
But hang on – fiscal drag will still have a big part to play here, in the form of the cyclical nature of funding for IT.
The main financial calendars are either January to December or April to March. Therefore, the main discussions on budgets will take place between September and December ready for a January budget, or between January and March for an April one.
So we’re just about entering the main period of budget discussions. Will they be looking at the financial outlook and saying: “OK - it’s all over; take a chunk of money and throw it at non-essential IT work”? Doubtful. First, there will need to be proof that what we are seeing is a real recovery. Many experts do not think that what we are seeing is a typical “V” or “U” shaped recovery, where we hit the bottom and then recover cleanly. In fact, looking at how the stock indices are climbing too rapidly, we’re likely to see another mini-collapse, leading to a “W” shaped recovery, where we have to go down again before we can climb out in a sustainable manner.
Even when the recovery is shown to be sustainable, IT will not be the major focus for the majority of companies. Cutbacks have been on capital expenditure on production items, on skills and resources, on inventory, on sales and marketing. These are far more the lifeblood of the business than the perceived amount of value of the benefits of any implementation of new technology. The main focus will be on rebuilding cash flow, on investing in the immediate needs of marketing and sales, on renewing equipment that is constraining the business’ capabilities.
Does this mean that 2010 will be a complete wilderness for IT expenditure? Not really – but it does mean that IT vendors will still need to bring innovative offers to the fore, with flexibility in means of payment and maintenance as sweeteners to the deal. It is still likely that we will continue to see attrition among IT vendors and channel organisations, with user organisations being far more in the driving seat of negotiations than they have for the last decade or so.
However, organisations cannot afford to try and stand still completely with no technological investment. Point investment in areas that back up and facilitate the major needs of the business will still be needed - such as support for marketing campaigns, investment in technology that can reduce the cost of carrying out standard business processes, or investment in technologies that enable organisations to do more with their existing IT assets.
Virtualisation is still likely to be a hotspot, as will expenditure on systems management that can bridge the physical/logical divide. Process automation should still do reasonably well, and newer, cheaper business intelligence is still seen as a strong performer. Outsourcing is a real winner, as organisations look at the cost of maintaining older internal infrastructures, while also looking at the cost of keeping up with the pace of change of technology in areas such as virtualisation, cloud and software as a service. More and more organisations are realising that IT is not a core competency for them, and that they should therefore look towards placing responsibility for the technology to those whose business relies on it – such as outsourcers. The main focus here has to be not to do it for pure cost reasons: do it for the reason that the outsourcer can do the function better than you can, do it because the outsourcer can be more flexible for the future than is possible in house. In the mid-to-long term, money will be saved – but more to the point, sales and margin will be improved, so generating more profit to the business.
It is unlikely that 2010 will see the re-emergence of the big IT project. Point solutions are going to continue to be the order of the day, with only the brave, rich or stupid implementing massive platform changes just for the sake of it.
Next year’s budget discussions should be far more interesting in IT terms. The build up of business pressures will mean that old infrastructures will be nearing breaking point, and the pressure will move to IT investment to remove constraints on the business. Companies will find themselves heavily constrained by monolithic applications that are stopping them from competing effectively against the rest of the market. In 2011 and 2012 – providing that no further financial calamities occur – we should see big projects coming back. The question is, who will be around to service these? Will we still be looking to the enterprise application vendors such as Oracle and SAP, to cloud computing service providers such as Google and Amazon, to super-hybrid managed service providers sitting in massive co-location datacentres hosting and aggregating multiple solutions from others, or will there be new incomers showing the way?
Well, that’s a different matter - watch this spot for a view on that.
By Clive Longbottom, service director, Quocirca