Granted, information about the company has been around for a while, including an article in the New York Times last fall describing how NTT, in the wake of the Tsunami disaster, has been able to effectively leverage Nicira to maintain availability in the midst of rolling data center blackouts.  According to Nicira, other large service providers are also enamored with this technology, citing AT&T, eBay and Rackspace as customers as well. Nicira also cites a large enterprise customer, Fidelity, among those that have adopted its technology.

Why have these very large and well known service providers selected to work with Nicira? Simply put, because Nicira is helping them solve a very large, and fairly well known problem – network complexity in rapidly scaling, highly dynamic virtual environments. My colleague Jon Oltsik  has defined this as Data Center Network Discontinuity. As organizations continue to consolidate data centers, drive increased use of server virtualization technology, and increase their ability to react more quickly to business needs, legacy network solutions will reach a breaking point. Something needs to change in order to drive new and sustainable growth.  Organizations will need to create a virtual network platform to fully abstract the physical layer from the logical one, instead of an even bigger maze of individual boxes.

OpenFlow and Software Defined Networking hold a lot of promise in this regard. Many companies, including HP and IBM/NEC, are leveraging this technology and have recently made some big announcements, while other companies like Arista, BigSwitch, and Juniper have been pursuing their own implementations. Nicira hopes its model will take network virtualization to a whole new level. By placing the intelligence in the virtual switch and leveraging an external controller, Nicira hopes to virtualize (and commoditize) the underlying physical network.

By taking this approach, Nicira proves that it has no hardware agenda and therefore organizations do not have to rip and replace any equipment. It can be deployed in conjunction with existing technology from any vendor. As the customer list suggests, large service providers with cloud environments will receive the most benefit, but those enterprises that have committed to and deployed their own private clouds could take advantage of this technology as well, like Fidelity has done. As more enterprises consolidate data centers and mature their server virtualization environments, I would expect to see more enterprise logos pop up on its website, if the technology works as advertised with its initial customers.

You can read Bob’s other blog entries at Data Center Continuum.

The show doesn’t start until 2/27 but you can feel the anticipation in the air across the whole security community. That’s a good thing since 2011 was an especially difficult year – some have even labeled it “the year of the breach.” Hmm, what happens if 2012 is even worse – which is not unlikely?

In any case, RSA is always chock-a-block with a number of common themes. Here’s what I am anticipating, as well as my editorial comment on each.

1. Threat/malware management. This is a very important topic as Advanced Persistent Threats (APTs) and other types of sophisticated malware demonstrate that our existing security defenses are inadequate. I’m hoping to hear some good intelligence about cyber adversaries, and discuss best practice modifications around security processes and defense-in-depth controls to address these increasingly dangerous threats. Interesting vendors in this space include Countertack, Damballa, and FireEye, as well as old guard companies like Sourcefire and Trend Micro but I’m interested in hearing from others as well.
2. Security intelligence. Security situational awareness is marginal at best at many enterprises. Why? Lots of firms don’t have the right skills or tools in place while others need visibility to more host systems, applications, and network behavior. As I’ve said many times, this makes security a big data problem (I’m on a panel focused on this topic) and I’m interested in learning how the industry plans to address this. I’ll seek out HP, IBM, LogRhythm, McAfee, and RSA on this topic.
3. Security services. With security skills in short supply, the security service providers must be seeing lots of activity. Good discussion for Symantec, Unisys, and Verizon.
4. Mobile security. Yeah, I know about the malware and poorly written applications and I do see a lot of interest in this space. That said, ESG has yet to see a lot of demand for mobile security technologies. I expect a lot of buzz over mobile security, even if no one is making any money.
5. Cloud security. A complex topic but all I anticipate seeing at RSA is simple and tactical solutions (unless I get an architectural overview from Amazon, Google, or Rackspace).
6. Data center network security. We’ve had firewalls, IDS/IPS, and gateway devices forever but network security is still a major area of investment for enterprises. Data center network security is particularly challenging these days as large organizations deal with massive data center scale, web-based applications, and server virtualization/cloud. Does anyone offer a highly-scalable physical/virtual data center network security architecture? Good question to bring up when I talk to Cisco, Check Point, and Juniper.
7. Enterprise security software architecture. In the client/server days, departmental applications were subsumed into enterprise ERP systems. This same type of integration/centralization has to happen with security technologies. Which vendors understand this and know how to build scalable software security architecture a la Oracle and SAP? My goal is to find out.

Like all other similar events, RSA has its share of cocktail parties, tradeshow gimmicks, and give-aways. Entertainment is certainly a big part of the event, but RSA is really about cybersecurity – a very serious topic. Before imbibing their fourth Mai Tai at a Hawaiian-themed party at the W Hotel, I hope that RSA participants think about recent security breaches at New York State Electric & Gas (800k customer records exposed), Zappos.com (24 million customer records exposed), and our security colleagues at Stratfor ,and then consider the real objective of this event.

You can read Jon’s other blog entries at Insecure About Security.

It was a privilege to work with two ESG Lab Engineers, Tony Palmer and Ajen Johan, to do some hands-on with the new Riverbed technologies.

To me, the really cool part of Granite is how it changes some presumptions for branch offices.  Traditionally, I still see large customers doing things in two very different ways:

• For their large data center facilities, SAN-based manageable and consolidated storage.
• For their remote offices, standalone servers with direct-attached disk.

The reason for this is that most presume that managing a SAN at each branch office is non-viable.  So, even though managed storage may be more effective for many scenarios, it only seems to happen in the data centers of many companies.   If only there was a way to do it for the branches?

The Granite technology effectively extends an iSCSI scenario from your data center SAN to a branch office server.   Technically, there are two iSCSI scenarios in play:

• Within the data center (diagram-left), the Granite “core” device has an iSCSI initiator to mount LUNs from your existing iSCSI SAN provider.
• At the branch office (diagram-right), the Granite “edge” device caches a copy of that LUN and becomes an iSCSI target, whereby any machine in your branch with an iSCSI initiator can mount it.

The result is that managed storage blocks that appear local are in fact replicated from a centralized data center copy.  This leads to some really interesting (and presumption-twisting) changes from a Data Protection perspective.  Maybe you still run your backups at the branch?  Maybe you want to finally adopt NDMP and back up directly from the SAN at the data center?  There are some options worth looking at, without ripping out whatever backup solution is currently in play.

There is more to the Steelhead EX + Granite solution than just the iSCSI capabilities, including a built-in VMware hypervisor inside the new Riverbed device – enabling further server consolidation to VMs within the edge device, using iSCSI LUNs that are actually from the corporate data center.

Check out the ESG Lab Validation on Riverbed Steelhead EX + Granite for more.

As always, thanks for reading.

Of course, others took notice and wanted their own piece of the pie. Cisco came out with its ASA 5580 a few years back. Network security guru Sourcefire introduced a high-end hardware architecture and a firewall in 2011. Finally, Check Point jumped in with its own high-end hardware as well.

As if this space wasn’t crowded enough, F5 Networks threw its hat in the ring this week with the announcement that its Big-IP 11.1 software passed the ISCA Labs test for network firewalls.

This may seem like just another feature for Big-IP but it’s not. F5 has a unique position amongst its competitors because:

1. F5 is already in the right accounts. Big-IP is a staple product at large enterprises, wired/wireless carriers, and cloud service providers. F5 should be able to leverage these relationships to get a CISO introduction.
2. Everyone knows that F5 can build a high-end network hardware box. Like Juniper, F5 built its reputation on building high performance boxes that can scale. This status may get F5 on the evaluation short list right away.
3. F5 offers a consolidation play for the network. F5 sits behind the firewall but in front of a boatload of critical web applications. With a few network architecture tweaks, you can configure a Big-IP to perform firewall and ADC functions from the same box. This could simplify network architecture and operations.
4. F5 brings a new recipe for network/application security integration. With all the industry talk about next-generation or application-aware firewalls, F5 goes a step further. Big-IP can be configured for security and customized with iRules to offer extremely strong network/application security integration.

F5 has a lot of potential to alter the high-end firewall market but there is still work ahead. Remember that many people still perceive F5 as the load balancer company, so for F5 to succeed it must first demonstrate its network security chops. This means convincing its customers that it is committed to network security and that its product is as strong on security protection as it is on performance.

Finally, the introduction of a high-end firewall just made F5 an even more attractive acquisition target. With a current market cap of $9.5 billion, the list of potential suitors is small, but F5 would certainly add value to HP’s networking and security portfolio. IBM may be tempted to make a play since F5 makes sense from a security, data center, cloud computing, services, and WebSphere perspective. You could even make a case for Cisco to buy F5 but that’s the longest shot of all.

You can read Jon’s other blog entries at Insecure About Security.

Click here to read the new ESG Lab Report on CommVault Simpana 9.0 “OnePass”

Click here to read a new ESG Analyst Brief on CommVault Simpana 9

With data growing at ever increasing rates, more data sets are simply becoming “too big” to back up — at least not in the traditional sense.  To help combat this, Archive is becoming more and more the steady-partner to Backup, whereby once something is adequately backed up, dormant data can be archived off — making future backups better.

That all sounds like steps in the right direction, but let’s take a look using a “Good, Better, Best” perspective for how these come together:

In other words — One Pass on the data, which (not coincidently) is the name of Simpana’s new feature.

CommVault may not be the only vendor to have ever converged its software’s methodologies, but it is now on a very short list of vendors who are addressing multiple data management problems with a truly unified solution through an elegant architecture.  And most impressively, they did it while not even asking for new licensing or deployment methods.  That’s right, existing Simpana 9.0 customers can take advantage of this by simply applying the most recent quarterly software update and then doing their normal agent update process.  After that, two simple checkboxes in the Simpana management console will enable the unified “OnePass” behavior within the Simpana system.  (check out the ESG Lab Report on all of this)

While I would love to say that consolidating the 3 workflows of Backup, Archiving, and SRM into one process gives you 3X return for your backup window, there are too many variables to make that claim, including:  file types and size, amount of redundancy, archiving retention rules, etc.   But by only traversing the disk system once (instead of for each of the three processes) every Simpana customer should see an appreciable improvement in backup window SLA compliance, as well as the less quantifiable but more appreciable reduced I/O impact on production disks and networks and CPU — all of which will free the production environment to do less backup tasks and more production work.

As always, thanks for reading.

Click here to read earlier ESG coverage of CommVault Simpana

That’s about to change.

The same way the next generation user doesn’t give a rat’s behind about your “you can only use laptop ABC with software XYZ’ on it” mandate, the next generation of IT people are not going to care one bit about “we’re an (IBM,Oracle, EMC, Pick Your Poison) shop.”

The next generation is fearless.

They don’t care about “folders” and “structure.”  They don’t care about “inboxes” or “outboxes” – which were designed to AUTOMATE some function that used to be manual and physical – back in 1975.  We used to TYPE a DOCUMENT then make a MIMEOGRAPH of it and put it in the FOLDER which was stored inside the FILE CABINET.  Now we do the electronic version of the same things.  How very “Mad Men” (stolen analogy from John McKnight, super genius).  What’s next, slapping the admin’s butt (electronically, of course)? Scotch and cigarettes at 9:30AM?

When’s the last time your 17 year old did any of that?

Guess who your next CIO is?  The kid who was born in the cloud.  The kid who gets his information from a Twitter stream, blog roll, or web page.  Not a newspaper or a TV.  The kid who pushes and pulls value socially.  Not mono-directionally. Old school IT vendors still try to control the “message” and selectively hear the responses.  Old school IT still tries to control what you get, when, how, and where. How very Mayberryesque.

I’ll talk more about the Social Enterprise later – as it is a massively disruptive, completely fascinating movement (and you all know how I enjoy those!).

We WILL NOT consume IT apps/services/value the way that we have for the last 50 years any longer.  So why do we continue to attempt to deliver them the same way?

IT isn’t going to need a meteor to make us extinct.  We’re doing just fine on our own.  We’re going to implode at this rate.  And it won’t take decades.  It will take a few years.

Things change.  Adapt or perish.  Peyton Manning will not play forever.  People might actually vote for Newt Gingrich. Newt might actually be the antichrist.  The Soviet Union might fall. Greece has the financial controls of my 8 year old daughter.

Stuff happens.  Whether you like it or not, stuff happens.

The bigger truth: it’s time for our CIOs to realize that they can lead the new wave, or get run over by it.

You can read Steve’s other blog entries at The Bigger Truth.

The most basic purpose of the social enterprise is to achieve business goals through enhanced interactions. The ability to connect to others in the company, partners, and customers no matter where they are or what type of device they use is critical to realizing the benefits of social enterprise applications. It’s hard to be social when you can’t participate. Because of this, the social enterprise is tightly intertwined with mobile endpoints. The ability to deliver an application anytime and anywhere someone needs it is key part of making it social. Mobile cannot be an add-on to the social strategy. It has to be a critical component.

Part of the rationale behind this IBM move is to help IT deal with the influx of consumer devices by helping IT design applications that work on a variety of platforms, especially mobile endpoints. That makes sense given the growth in consumer devices that have been introduced into previously closed environments. In the ESG Research Brief, Corporate Endpoint Device Type Trends. published in May of 2011, ESG found that 95% of IT organizations surveyed were experiencing growth in the use of alternative endpoints. IT professionals know they can’t stem the tide of consumerization and IBM is helping them deal with it by bringing Worklight into their portfolio.

This acquisition dovetails nicely into other IBM social products such as IBM Connections – IBM’s social communications software – and IBM Endpoint Manager for Mobile Devices (GA planned for March 2012), which provide security for endpoint devices including mobile platforms. Worklight also enhances and extends IBM’s social enterprise development environment. IBM now has one of the most comprehensive frameworks for developing mobile, cloud, and social enterprise applications. Coupled with their traditional enterprise development tools such as IBM Rational and IBM Lotus Notes, IBM offers a compelling suite of products for creating scalable and robust enterprise applications.

With Worklight, IBM customers and partners will be able to develop and deploy socially enabled applications more quickly no matter where the user is or what endpoint platform they use.

It didn’t take long until both sides realized that things had changed. With the invention of the water-cooled machine gun and pill box fortification, human waves were not only ineffective, but also resulted in mass casualties. The sides adapted to this new reality with trench warfare, long-range munitions, and a battlefield stalemate for much of the war.

There are countless examples like this in the history of warfare where technology advancement forced tactical changes for both offense and defense. In theory, cybersecurity should behave in a similar way where new threats lead to new defenses and tactics. Unfortunately, however, things don’t always progress so quickly. Take Advanced Persistent Threats (APTs) for example. APTs have been in the mainstream since the Aurora attack was first exposed by Google in January 2010 but many organizations haven’t adapted defenses or tactics accordingly. Why? Several reasons:

1. Executives don’t get it. CISOs who lobby executives for more money tend to be faced with a rather cynical question: Why do you need to invest in new security technologies when we’ve already invested millions? This is like a WWI general asking why the troops needed shovels to dig trenches when they were already trained to charge the enemy.
2. Security staff wants a canned solution. In the past, each new type of threat (i.e., SPAM, spyware, DOS attacks, etc.) was addressed with a discrete threat management solution but this no longer works. APTs exploit the gaps between security defenses with 0-day vulnerabilities, credentials harvesting, DDNS, and homegrown encryption algorithms and transport protocols. Rather than a one-size-fits-all APT solution, enterprises need defenses for each stage of an attack.
3. If you can’t see the enemy, you can’t defeat the enemy. I’m sure Sun Tzu said something along these lines and it is certainly true in cybersecurity. The situational awareness tools in use today typically capture and analyze a fraction of the data needed. Many of these platforms also need custom coding and must be managed by highly-skilled security analysts. As a result, security intelligence remains an exclusive and elitist club.

In WWI, the military adapted quickly for two main reasons. First, they faced a life or death situation so there was a real sense of urgency. Second, armies are hierarchical organizations so when generals mandate changes in training and tactics, everyone else falls into line.

Like WWI weapons advances, we’ve reached a new era where our enemies are embracing new technologies and offensive tactics. We need to respond with appropriate changes in defense skills, and situational awareness.

Like it or not, we are engaged in a cybersecurity arms race, and our adversaries show no sign of fatigue. If your organization isn’t willing to recognize this, understand the enemy, and adapt accordingly, you may as well disconnect from the Internet before an inevitable attack.

You can read Jon’s other blog entries at Insecure About Security.

Software

• AD Summation upguns Summation with scalable ECA and new front-end processing from AccessData’s FTK engine, full AccessData integration and predictive coding on the roadmap–see our brief today for details.
• BIA’s Cloud-based collection from TotalDiscovery.com adds support for iPhones and iPads, and social media.
• Equivio, long an OEM-provider to other tools, releases its own unified Zoom platform for predictive coding and e-mail analytics.
• iConect releases its HTML5-based Xera platform for better collaboration with support for iPad.
• kCura releases Relativity 7.3 with native application-based imaging, Review Manager, a reporting dashboard application for forecasting the time and cost of review, an App Store, and, of course, Relativity Assisted Review, released last year for automated review.
• Venio releases FPR 3.5 with statistical sampling.

Service providers

• Daegis replaces DocHunter’s database for cross-matter management, adds support for Lotus Notes.
• Integreon’s eView 4.0 adds predictive coding.
• Orange Legal Technologies announces integration with OrcaTec’s predictive coding.
• RenewData‘s RDC Analytics debuts its content analytics consulting offering, leveraging language experts and a large analytics toolbelt to tackle big data problems.
• TCDI ‘s CV5 review and production software lets users automate and customize workflow.

See you at the show!!!

Although most overall IT budgets are edging up slightly, network budget growth is much more robust. Almost 60% of respondents (58%) report that they will be increasing their network budgets in 2012. The larger the organization(enterprises with 1,000 or more employees), the greater the increase. In fact, 21% of enterprises expect to increase spend by 8% or more.

Where will this money be spent? According to our research it will be spent on:

• Network security. As the network environments scale, organizations will require their security services to scale with them and be more tightly integrated with the network. For more on security spending see Jon Oltsik’s security blog.
• Network management. The key to managing more with less will be better network management tools. However, with only so many span ports to connect to, organizations will need to find solutions to help them scale their network management/monitoring coverage for the whole environment. This could bode well for companies like Anue, Gigamon, Netoptics, and VSS that will be instrumental in providing visibility across massively scalable networks. Especially for those 10 GbE networks. This management at scale may also open the door for SDN/OpenFlow vendors to highlight the virtues of their solutions.
• WAN optimization. It’s not just for the troublesome remote office anymore. As organizations continue to consolidate data centers, connect to cloud and SaaS providers, and try to deliver a solid user experience for remote workers, we expect more organizations will be taking an enterprise wide approach to optimizing their connections. Especially as latency sensitive applications like video, desktop virtualization and VoIP (see next bullet) continue to proliferate in the data center. Established WAN optimization vendors like Blue Coat, Cisco, Citrix, Riverbed, SilverPeak, and others have already started to adapt their solutions to meet these emerging needs.
• VoIP. One third of the respondents indicated that they would make investments in VoIP solutions. With a rapidly changing and increasingly remote workforce, VoIP solutions provide greater flexibility options. As networks continue to converge, we expect this will also include video and even desktop virtualization as well. So organizations would do well to look for both solutions.
• Headcount. ESG found that 36% of organizations plan to hire additional network staff – fortunately, most believe there are plenty to be found. The only area that showed a higher increase in adding more people was security.

You can read Bob’s other blog entries at Data Center Continuum.