Last week we talked about security however this week we will discuss networking and connectivity.
Time for the basics – why do we have networks? Networks only exist to facilitate engagement, communication, creation and sharing, points often forgotten in the midst of features and endless buzz words. By holding onto those key points summarising the purpose and drivers for network existence, at the heart of all discussions and chunking the conversation up, the reason (s) for network need or change is exposed. It may be a user need, an application requirement, a service orientated outcome, but without doubt the outcome “isn’t the network” – the driver of the networking need is the main story.
It’s time to overtly challenge all enterprise networking discussions – “Why does this network exist, what are the user / applications that drive the need for this network, what user or application measures validate network activities and so on”? It’s time to hold the network to account and unlock the business value of a secure connected enterprise.
In keeping with last week’s security summary, this outline will focus on three networking aligned areas of “interest” for 2020 (without doubt there are many more). No predictions, purely areas that may stimulate valuable discussion and ideally actions.
Secure networking – secure connected outcomes.
It’s important that we link security and networking together at all times with no discussions about networking in isolation. Its time to intentionally switch all conversations to signpost secure networking or secure connectivity. The addition of the single word secure will change the mindset of all concerned and ensure the only outcome validated as successful is a secure one. Networks are the technological digital transport umbilical cord of the digital age therefore inherent security is fundamental to ensure successful, connected digital outcomes.
See all – secure all.
Next up, visibility is the hidden jewel within networks but only if explicitly leveraged for the value it delivers. Networks as the digital transport in the midst of all digital transactions see all of the traffic they transport and connect. By utilising data packet by packet “see all” capability within enterprise networks with end to end visibility from user, though system, through application, though cloud and back, networks are as powerful as security control layers as they are digital data transport layers. Its time to exploit the network as one of the best digital security sensors available.
Optimum operations – time for NetDevOps.
And finally network operations MUST change. I write with no ambiguity when positioning the importance of network operational change now, to unlock tomorrows benefits, today. There is no digitisation without secure network connectivity, no digital user experience, no world of “smart” technology and human engagement – nothing.
Networks must not only understand the language of applications, they must proactively and consistently “enable” applications to deliver user & business outcomes. Network automation isn’t the story, it’s a component of a bigger story of applications, operations and network technology working in perfect harmony.
The changing face of network operations must result in enhanced platform efficiency, operational consistency and network automation bound into the application and software development life cycle. Without an intentional business and cultural shift to leverage the network intentionally and proactively beyond digital data transport, business agility, user experience and application value may be compromised.
Start now – change now
Enterprise networks have become a victim of their own reliability, performance and effectiveness. Networks are often invisible as technology entities, however complaints appear in an instant when problems or network failure occurs but with little said during times of “normal”. Networks are expected to “just be there”, “always on” delivering optimum reliability and performance for both known and unknown requirements. This is a tough ask, however by using the network as a security control layer, proactively using the network for optimum levels of end to end visibility and accelerating the evolution of network operations, the enterprise network will act as a springboard to every good in the digital age. That’s got to be worth it.
Until next time
Business Line CTO UK (Networking & Security)
Now landed back in the UK after yet another very impressive VMworld event (3.30am start for a 5.50 flight – ouch!). It has been a whirlwind few days of executive meetings (a number of really fundamental catch ups), extremely concise and well-formed session content from the VMware team (congrats to all) and potentially our best customer event yet (every year we invite a number of our key customers to spend time with us at VMworld – with nearly 200 people at the Computacenter event I think you can say it was a success).
This VMworld may prove to be a watershed event. VMware reinforced the perspective a software defined future is no longer optional but instead the “new normal” – now. The business agility and operational flexibility essential for ongoing success through the current ever changing digital age is forcing enterprise IT environments to “act like code” to deliver services, consistently at warp speed. Common to other VMworld events, the VMware team demonstrated the technology is ready (and it has been for quite a while), but human inertia continues to stall the growth of the software defined enterprise as the very last few points of concern are digested and overcome.
NSX (the VMware advanced software defined networking layer) is moving from the background to a centre stage role in the VMware enterprise transformation strategy. As the digital data transport layer that simplifies and optimises traditional networking, delivers a policy based pathway from private, through hybrid to public cloud and back plus enhances security along the way – NSX may offer VMware one of the real keys to the enterprise kingdom. But this event wasn’t all about networking, major enhancements to core VSphere to make it enterprise robust but cloud ready arrived on mass and the additional light shone on the devops world with greater support for containers, workflow and API driven operations ensured a welcome and steady stream of impressive announcements.
The arrival of such a blur of product updates and developments are timely. I noticed a change in attitude and tone with the mass of attendees at this VMworld cramming into the rooms of the “how” sessions no longer deliberating over “why and when” – I think they are now ready!!
Does this sign post a VMware only world to realise the enterprise software defined IT dream, definitely not with the vendor village of eco system partners and past and present competitors all offering valuable services and solutions to enable effective completion of the software defined jigsaw puzzle. But it is clear VMware are leading the charge as they have been for many years and present a compelling end to end, top to toe story of software led transformational business change.
I think the needle has now shifted and the brave new world of enterprise IT still running on high performance hardware, but defined dynamically by software is now upon us and will deliver the hybrid cloud digital super highway that will propel businesses forward both now and into the future. Job well done VMware, the stage is now set for partner, customer and industry cast members to act.
Until next time
Chief Technologist Computacenter UK. Networking, Security and collaboration.
I have spent nearly 30 years in this frenetic but captivating IT industry. The mainframe presided over an era of computing where machine ruled man – we stood in awe of the immense power but in reality were not truly sure, capable or “ready” to harness it. The mini computer or baby mainframe followed and even with so much potential and an audience with the desire to unlock the magic within, missed the mark with the result a short lived tenure. But all was not lost and the door soon opened to a world of IT in the eighties kick started by IBM and Microsoft that still underpins the mode we embrace today. The personal computer (PC) and eventually the PC networking era signalled a change from intelligent IT systems and intelligent humans interacting in a less than harmonious existence to the computer and human in lock step. For the first time there was no dominant IT system looking down on the subordinate human, but a computer driven by the person for the person – personal computing was born. And with vastly simplified networking between computers and devices the intelligence of PC based IT systems, driven by human creativity delivered real value that was enhanced exponentially by the sharing that occurred amongst IT system users
But why the rambling, chronicle – a common thread throughout those heady and ever changing times was the need for continual learning and the creation of seemingly infinite knowledge. It was hard to academically and intellectually absorb so much unknown, with the emergent IT concepts nothing previously discussed or envisaged. It was that painful effort to know and then by knowing “do” (not always well, but still “do”) that helped to drive IT as an industry to where it is now, fundamental to both social and business outcomes.
However I fear things are starting to change and through this current time window, not all of the change is for the better. The availability of just enough knowledge and insight delivered via the world’s great search engines (invaluable) and the accessibility of “just enough” knowledge in digital form at every juncture may well have resulted in a state of “knowledge” malaise across the IT community. With an ageing population still coupled in many areas to an internal knowledge set from a previous era but with a depth of tacit experience that will be invaluable to future generations and a incoming worker population from the digital era bought up on the stable of “just enough” infinitely available knowledge we have a recipe for confusion (and in some cases failure).
This modern mode of “just enough” knowledge with a lacking human investment in really “knowing” to the level of depth required, may force IT through a period where the struggle for skills reaches a level more acute than it is today. Let me say at this stage I am not inferring laziness or delinquency on the part of the IT community I am also a part of. But I am worried the profoundly new skills required for the next 3 to 5 to 10 years have been underestimated by many (many are soft and emotional skills) therefore the long run up required to realise them no longer exists.
If you are an IT professional to any degree, ask yourself “do I have the technical understanding and tacit knowledge to remain effective and productive over the next five years?”. Many will answer “yes” but based on a cursory review of everything their undertake today remaining constant and relevant – however I fear it will not as we may embrace a greater level of IT, process and operational change in the next five years than the previous ten or fifteen.
There has been no better time (how many times have we said this) than now to reskill, “right skill” to lead the IT industry of today into an unknown but potentially lucrative tomorrow. It will require inspirational leadership, a relentless focus on learning and a maniacal desire to turn all of the learning into “new, relevant knowledge”. And that knowledge may be created and unlocked via a healthy amalgam of older experienced heads coupled with younger energised hearts – surely a recipe for long term success. Who knows, maybe this is the secret sauce we have always been looking for?
This brave new world won’t happen if we stand back and watch and wait – it’s time to get involved.
Until next time.
Chief Technologist Computacenter UK – Networking, Security.
(Doctoral student Worcester university 2016)
I must start this blog with an apology (sorry) – the grammatical form of the title would have me struck down by my primary school English teacher, however I can find no other way to convey my meaning. “Agile” is the current next big thing and rightly so for many organisations whether development, operations or both. If speed of development (application), accelerated time to market and potentially reduced development costs are the primary aims of the enterprise, “Agile” delivers immense value.
But the euphoria seems to drive a mushroom cloud of activity involving selected internal operational and technology areas, for example servers, storage and compute. It’s clear “Agile” discussions ignite wholesale changes in those common areas, but has been slow to affect others most notably networking & security – and there lies a problem. At present application development teams, IT operations functions and most importantly the line of business teams are proactively gravitating towards each other as the “Agile” train pulls into the station. The cultural, emotional and operational shift required to make “Agile” a reality is now very real with green shoots of benefit now starting to appear.
But I challenge the effectiveness of the current “Agile” momentum due to a major elephant remaining in the room – network readiness. At present I view first hand many organisations with “Agile” transformation a fundamental element of their corporate manifesto but continuing with a network that may be highly reliable and functional but one not lubricating or accelerating the agile journey. Does this instantly fast forward to a software defined networking discussion – my heart says no but finally my head overrules with yes. Software defined networking is NOT networking without hardware – unless everything we know is physics is to be rewritten or eliminated that will never happen. But it is networking optimised by the use of software to increase programmability (and therefore personalisation) and automation (and therefore consistency and efficiency).
The benefit software defined ideals deliver to networking outcomes are many fold but must notably security benefits, speed and consistency of change which in turn makes the network agile. Surely this must signpost a notable change of priority, to shift network transformation further up the business technology priority list to enable tangible business value – if your network is not agile “is the business truly delivering agile operational or workload outcomes”.
Agile development is here to stay and with businesses now operating at warp speed agile is helping to drive organisations into the brave new ever changing world. But a network however stable, ridden with complexity and human latency MUST now change to be the optimum transport of digital change. It’s time to ask your organisation if the network is really making the business agile – if not, now is the time for change.
Computacenter can help.
Until next time
The security market is continuing to heat up. For once it’s less aligned with the potential for immense revenues (that potential and reality has been ever present in the security arena), but more to do with an acknowledgement that do nothing results in – “nothing”.
I have enjoyed meeting numerous enterprise customers at such an early stage in the year and the consensus is the same – “not sure which elements to keep or kill, not sure if investment in traditional platforms vs. accelerated deployment of new software centric or cloud security elements is the way forward”? And for once the concerns are common and consistent (less trail blazers or total laggards than you may think).
As someone working within a company calibrated by customer desires, I am already revisiting the security vendor strategic stories of 2015 to determine how they intend to navigate customers to a better place through 2016. And I am sensing a change across the board with new messaging, revised strategies and arrow head focus on a handful of key strategic attributes. The first one is visibility. Management and visibility of security (and networking) assets and outcomes has been an age old point of concern for many years in IT. A handful of vendors have successfully placed security infrastructure and solution management at the core of their value based offering and reaped the rewards, but even those vendors haven’t emphasised with real assertion the importance of seeing all robustly enough.
And the second key attribute is one of integration. The days of multiple, siloed platforms with individual consoles, ring fenced data repositories and inconsistent interaction with other platforms may soon be the solution behaviour of a bygone age (I’m an optimist) – every vendor is now emphasising the importance of increased visibility and superior integration as the cornerstone of their solution playbooks. Thankfully integration doesn’t mean, “Single vendor” with the normal mode one that welcomes third party and even competitive interaction via open APIs or data exchange frameworks. And the end result will be one of enterprises able to see more, therefore do more, therefore defend / remediate better than ever before.
But surely (and I feel the vultures circling) capturing or seeing more without additional layers to correlate, aggregate, evaluate and accurately isolate relevant events erodes more time than it delivers value? Agreed, however at first glance, this is an area of high investment from existing vendors and new market entrants often utilising human insight to augment systems based logic to deliver the best of both worlds.
This may be an early call but I feel the future is looking brighter in the security arena (maybe because finally we can actually see it). With vendors now delivering platforms and solutions enterprise customers can embrace immediately to unlock value immediately, now really is the time for change. But not without thorough understanding of business expectations and security impact aligned with desired operational and posture centric benefits.
Until next time
Chief Technologist – Computacenter UK, Networking, Security and Digital Collaboration.
I started 2016 in bullish form with predictions for security based on the lows and highs of 2015. I touched on two on the many market catalysts set to transform both today and tomorrow’s worlds, enterprise mobility and the Internet of Things but highlighted I would mention three more. Part two of my security outline kicks off with my final three security focus areas for the first half of 2016, journey to the “cloud”, security for the SDDC and the need for intelligent people to “act smart”.
The enterprise journey to the cloud continues to be hindered by concerns robust enough to offset the unquestionable benefits. If enterprises are already challenged to secure local environments that benefit from additional levels of physical control and proximity, why would the need to secure information flowing through an external often multi tenanted service provider not highlight similar (and different) challenges. Pre 2016, it was straightforward for enterprises to deliver a blanket response “we don’t use the cloud” often citing security concerns and with no need for further explanation, but with shadow IT research validating authorised and unauthorised cloud usage exists whatever the policy, neither authority or ignorance seems to matter.
It’s therefore time to go “back to basics” and remove years of accumulated assumption of business functions and application flows and replace it with rigorous understanding. With a revisited / restated view of people, process, application flows controls and compliance expectations, “what” can be delivered via the cloud becomes clearer (“how is a whole different ball game”). Whether via internal or external assessment or audits, enterprises must obtain a robust and realistic “current state” view to calibrate the cloud trajectory and thus maximise the business benefits of cloud service delivery. This common sense view is my consistent response to mute the many often unfounded concerns of cloud service delivery or published negative cloud consequences. And I frequently pose the question “Can you really tell me now restated for now, the who, what, how of your business IT operations & applications calibrated by relevant controls”? If the answer is no, effective security for the cloud journey may have no effect at all. Time for change to make cloud service delivery a consistent, secure reality.
Following on from the cloud is the software defined datacenter (SDDC) snowball that continues to gather pace. SDDC ideals are no longer if or when for enterprise organisations with substantial workloads or IT services already delivered primarily via software elements. It’s the dynamic, frictionless, highly agile operational persona offered by a predominantly automated software driven environment that holds so much promise. But common to every “must have”, “must do”, “next big thing”, IT trend is the “what about security” question?
First off, will be a straightforward perspective – “avoid the security retrofit”, time for a security reset. Security must be the core deliverable of the SDDC outcome therefore can never be deemed an add-on or optional extra. When application dependencies and process workflows are in early draft mode (potentially in the earlier stages of the development cycle) the security expectations must be identified, qualified and externalised. Deferring security to later phases or accommodated via an assumption of inherent safety delivered by default is fundamentally flawed as applications and workloads become increasingly fluid in location and state.
A silver bullet of the SDDC ideology is the potential and proven reality of security moving always from a perimeter based ideal to an intelligent functional state as close to the workload as possible (in fact the workload is no longer a workload to be secured, but instead a “secure workload”). This new attitude to application and workload delivery must drive a “blank sheet of paper” review of security to ensure one of the most compelling benefits of the SDDC journey can be fully realised. An enterprise journey to the cloud presents the long overdue opportunity (and investment) to “get security right” – use it, don’t lose it.
And lastly its “people time”. The rise and rise and continued rise of the digital enterprise will fundamentally shift the way business services are operated, consumed and ultimately secured. We are venturing into the unknown and therefore wrestling to find answers to an endless stream of security questions. But is this state really unknown, I suggest not. The “enterprise” digital enterprise may be no more than the digital DNA already the vital fluid of the modern social network driven arena spilling over to and thus redefining the enterprise. Create and destroy data information instantaneously, join and graft multiple and previously unconnected data sources together to create new insight / new opportunities, always on, always now – isn’t this the digitisation defined “social world” already our norm.
And possibly with that Eureka moment appears an equivalent reality check, we still haven’t solved the security problem (s) in the digital social network world, in fact we at times we are not even close. And the main reason – “people”. As technology improves (both systems and security) people reduce their level of vigilance & diligence and increase their expectation that the “system will deliver protection”. Nothing could be further from the truth. I fear we may arrive at a state where there is little more that can be done from a security systems based neural or autonomic perspective. In other words, we have put as much logic and decision making in the system to determine and remediate as much as it can from a security perceptive in an acceptable timeframe. And then what or who is left in the chain as the primary attack vector, the same primary attack vector that has always existed – “people”.
Which drives me to highlight that 2016 may be the year enterprises revisit and reinforce the level of individual accountability that all system users are vigilant, diligent and aware of the security implications of their actions. Or sadly those same users may be affected by the double edged sword of compliance and personal liability. This is a step change forward from the never read acceptable use and security policies. Tough talking and a disappointing road to traverse, but the enterprise may no longer have a choice – systems cannot secure the organisation alone. With flexible working, dynamic workplaces, fluid workloads set to be a normal business state, every corporate endpoint whether human or system has the same responsibility to evaluate and maintain a company desired security state.
And this closes the security predictions overview for the first part of 2016. Whether it’s the increasingly mobile user or interaction with intelligent devices or “things” or dynamic services delivered by highly innovative new market entrants, optimum security will ensure the unquestioned benefits of this increasingly “digital” world arrive with minimal sting in the tail. I am not inferring optimum security has never been important before or isn’t delivered today by highly effective practitioners, it is and that fact it is, minimizes the negative consequences only a mouse click away. But everything we have delivered before is now under attack in a manner beyond our traditional level of understanding with the result it’s time to “deliver now” but with tomorrow’s expectations in mind. Time to change (ps, I am not advocating “patch management” for people – or am I?).
Until next time
Chief Technologist Computacenter UK, Networking, Security and Digital Collaboration.
A few months ago I scribbled about the need to develop and deploy Information Technology systems (“IT”) now with 2020 in mind. In “Arthur C Clark” style I discussed the need for a change of thinking and the importance of considering all of the interconnected elements (many quite embryonic), due to the astonishing level of business change currently affecting us all. Through 2015 it has become apparent that the year 2020 shouldn’t be deemed a distant milestone, we need whatever we envisage “IT” will deliver in 2020 – today.
Data isn’t exploding, it has already exploded and will do every second, minute, hour of every day. We may never successfully control it but many will harness it to unlock unimaginable personal and business value. The connected society will continue to be the heartbeat of everything we do (and I do mean everything) and both personal & business expectations will increase every time benefits are realised. Whether it’s the relentless march of smart devices (even I have an Apple watch), the rise and rise of the “app for everything” culture (ok, nearly everything), the Internet of things optimising our everyday existence or always available (but not always effective) Internet / device connectivity – we are now a “connected device” dependent society. Our imagination is the catalyst for digital entrepreneurship energised by the view IT “can”, but the gloss is not without a little “matt”. If digital business gain must be balanced or is tempered by digital data loss is it really at gain at all. Maybe agile security is the new must have security persona as systems that learn and evolve as threats and attacks evolve must be the only effective way forward
And that means the personal and business outcomes previously considered “too radical” or “far out there” are many of the outcomes EXPECTED today. We have been here before and dare I say it, many times through previous IT revolutions or business evolutions. Each time the step change was delivered in somewhat controlled proportions and allowed the essential but at times loose coupling of IT and business to be maintained. But it feels different now, very different. The expectations of enterprises today buoyed by the belief that software can achieve “anything” and the connected enterprise can stitch together the business fabric required, is straining traditional IT operational models, architectural frameworks and delivery outcomes. The people change impact is underplayed, often overlooked but key to the successful and long lasting evolution to a truly digital enabled enterprise. The fallacy that IT and business can run as separate entities is misguided. IT & the business must be interlocked to such an intimate and fundamental degree that even non IT bound businesses may fail to be effective without IT in the midst of the current “digital economy”.
The expectation of “IT 2020” realizable today is effecting application development and release to a profound degree. The change can no longer be avoided and even for the more traditional enterprises, accelerated/iterative development (“agile like”) and operational styles are no longer activities undertaken by “others” but essential modes required to keep up (forget about even moving ahead) with a business landscape changing at warp speed. And as the power of “IT 2020” really accelerates with the IOT/IOE quasi social experience becoming the norm, we will start to experience today the benefits of people and systems intimacy that will underpin our societal existence in 2020.
Things really are different now and for me different is good unlocking possibilities and opportunities for all. With the market change agents continuing to blaze the trail with everything from healthcare via video or personal payment systems on a watch to home energy management via a Smartphone, the IT systems of today must change to ENABLE or they will hinder change. That’s why 2020 is too late for 2020 IT – that time is now.
Until next time.
Chief Technologist, Computacenter UK – Networking, Security, UC