Mobile + Cloud = Risk + Opportunity
Date: Tue, 04/23/2013 - 13:57
Intense competition arises when major currents converge – and “Mobile” and “Cloud” are the two most dynamic currents in IT today. A fertile new ecosystem is forming, rich with opportunities for service providers. In it, dumb pipe providers could evolve into multimedia impresarios – with seventy percent of all mobile users anticipating use of cloud services and mobile video by 2013
Joshua Budd, Consulting Director, IDC CEMA, at NetEvents EMEA Press and Analyst Summit, Algarve, Portugal
PHOTO / telecomkh.com
But analyst data also uncovers the many risks and challenges awaiting the unprepared – not least of which is security. Joshua Budd shared at NetEvents EMEA Press and Analyst Summit, Algarve, Portugal, the latest research data on the likely weak points – both technological and social – as well as the new opportunities and user expectations.What do users really want, and what will they pay for? How do we assess the risks? Does security demand more intelligence at the edge? Is unified threat management the answer, or is it “all our eggs in one basket”?
We have carefully selected our panel for their insight into these questions and, above all, for their answers.
Panellists: Steve Hook, Product Marketing Manager – International, Aerohive Networks; Jan Guldentops, Director, BA Test Labs; David Howorth, Area Vice President Global Services – EMEA, Verizon
Joshua Budd, Consulting Director, IDC CEMA
I don't know if you heard we had a bit of a mix up getting here, but I hope if you'll bear with me, we'll get through this okay. So thank you very much for being here and thank you to NetEvents for having me back again. I very much appreciate that.
And I was quite pleased that I had the opportunity to talk about mobile and cloud for obvious reasons. This is quite a hot topic these days and not just in terms of all the talk about new smartphones coming out and operating systems, but also we're seeing on the network side, LTE being rolled out. And when you throw cloud into the mix which I really feel is an important development, a very innovative delivery tool for delivering software and services and solutions, I think when you throw that all into the mix and put it all together, we're really facing a very interesting disruptive force that's going on in the ICT industry right now.
At IDC we really think there's an important milestone that's taking place right now. When you look at mobile broadband, you pull in cloud, you look at the social business applications that companies are using and all the data that's running over these networks and being compiled and analysed, we see this as almost a new platform that's really taking us away from the traditional LAN Internet client server environment into a very, very dynamic environment and also very disruptive.
Of course there are a lot of opportunities, but there are a lot of challenges. It's really turning a lot of the business models upside down for service providers who have to compete in this environment and who are now faced with new competitors. And also for businesses, in particular the companies that are faced with the new innovative technologies and have to learn how to apply this and how to actually work with it.
So what we're seeing is just an incredible uptake of devices. We're going from millions of users to hundreds of millions of users to billions of users and millions of devices and trillions of things accessing the Internet, tremendous amounts of data, gigabytes, terabytes, petabytes. We're dealing with huge numbers that I think for the average person are really hard to relate to.
But I hope in our discussion today, we can try and take this down to Planet Earth and talk about some real issues that businesses are faced with and real issues that service providers are faced with and how to deal with this new environment of all these technologies and all these innovations working together.
At IDC, we've been looking into a number of these issues and we're finding that this really isn't hype, this really isn't talk that we are seeing businesses really adopting these technologies, but still in an early phase of trying to figure out how to make it all work together. So we're seeing that a lot of companies, nearly a third of the firms that we've surveyed in Europe in terms of SMBs already see bring your own device happening. But a lot of them don't actually have a formal strategy or don't really know how to deal with this in practice.
It has tremendous implications not only in terms of security, but management. How do you deal with all these devices coming on to the network, how do you configure them?
We're also seeing a lot of uptake of social media tools at businesses. We think about 35% of the SMBs in Europe by mid 2013 will be using social media tools for collaborating, sharing information internally and especially for marketing. But there's so much more that they can be doing with it. We see a lot of uptake in using social media for marketing and communicating with customers. But in terms of how to really utilise it for improving a business and collaboration productivity internally, there's still a lot of work that has to be done there.
And when you look at cloud, we've been talking about cloud for quite some time now, but we really are seeing a lot of traction now. A lot of companies are using cloud particularly software as a service, infrastructure as a service. We are seeing this. It is happening and there is just tremendous growth opportunity as well. We think that a lot of the growth in the ICT industry is going to be coming from cloud.
And the other thing that really is, I think, an incredible challenge overall when all this is happening, all this innovation, is the sheer volume that companies are dealing with, the sheer number of devices connecting the data that's being transmitted over these networks. How do you manage it; how do you store it; how do you use it? There's so much information and how do you pull that information out of there and make something useful of it.
There's again tremendous opportunity there but still a lot of work that needs to be done on how to actually implement this in practice. So I think it'll be interesting to see how vendors deal with this and how service providers are helping companies deal with this as well.
And then of course the big one, security. Security is just a number one topic among all IT managers, directors, CIOs today. I saw the World Economic Forum listed cyber attacks as one of their top five risks, global risks. And that was I think it's the first time that they've had cyber attacks in the top five global risks. So security is just a tremendous challenge in trying to deal with all this innovation.
So again what I'd like to do just before we go over to the panel right now, is just try and sum up some of the key challenges, that what does all this mean for businesses and end users. A lot of numbers are being thrown around, a lot of technologies, but what does this really mean? So there are a number of key challenges that we're tracking in our research and I'll just run through a few of them now before I go over to the panel.
On a basic level if we just start on the premises in the business, a big issue is how to manage all the infrastructure, all the devices, different types of devices accessing the enterprise over different types of networks, going from the mobile to the wireless LAN. Just managing all this is an incredible challenge for businesses.
I mentioned that there's uptake in social business, but how do you actually use it and what kind of implications does this have on your infrastructure as well. If your employees are sharing a lot of information how is it being stored, how can you access it anywhere, anytime, anyhow. This is a tremendous challenge to really take advantage of it, to get the full potential.
And then of course with cloud, there's tremendous advantages from cloud but a lot of concerns in terms of connectivity, reliability of connecting to a datacentre that's offsite run by another company potentially and all the security challenges involved with that. You want to make sure that your information is secure, even though it may not necessarily be held in your hands in your own datacentre.
And then just in terms of the information data overload like I said, how do you deal with all this amount of information, how do you process it, how do you utilise it and what implications does that have on your infrastructure, how do you store it, the cost in storing all this information and then accessing it when you need it, how you want it and then of course the issue of security. I'd like to talk to the panel about a number of issues related to security. In the past you talked about anti-virus and firewall. It's just not enough anymore. There are so many devices, there are issues related to identity. I'd like to see how our panel thinks about all that.
So with that in mind, I'd like to jump over to our panel, if everyone is ready. Shall we have some quick introductions? Steve, would you like to --
Steve Hook from Aerohive Networks.
Jan Guldentops from BA Test Labs.
David Howorth from Verizon.
Okay, great. Good, short and sweet.
So Steve, I'd like to start with you. We talked about bringing your own device and I know you're very active on the enterprise and the wireless LAN. And I think there's an issue of devices coming into the enterprise that have traditionally been using the mobile network and now are switching to the enterprise wireless LAN. We talk about all the interest in employees wanting to bring their own devices and a lot of enterprises as I mentioned don't fully have a strategy.
But there is an opportunity for enterprises to really take advantage of this and use it to their advantage. So I'd like to ask you if you look at bringing your own device, what's the real goal, the real advantage, the real objective for enterprises if they really do take advantage of this and implement it properly.
Okay, so from our perspective, it's the enterprise who is the banker. He's the guy who's spent money to put the network in and the user is not being charged for that use. So what the enterprise is going to get out of it is the ability for the user to be connected to be productive. So in the mobile world, in the cellular world, it is the user that pays the bill for the use. So there is a big difference between the two.
The enterprise world they have to then -- well, they are now managing the environment in a completely different way to how the cellular world are looking at it. And just so from that perspective it's a fairly straightforward deliverable where the user can just connect to the network and use the environment as they desire.
And from your view on how you see the market developing, do you think in general companies are ready for this? Are they aware of what needs to be done and is the basic infrastructure in place to really handle this?
In some cases they are very prepared and in many cases they are wholly unprepared. There are many networks, many enterprise networks that are just not ready to deal with the massive uptake in device connectivity, the massive uptake in the amount of data that is going to be throttled and managed through that network. When you walk into an environment these days and you've got three devices that are connecting into that network space and they're all getting the same emails; they're all able to access the same kind of services. So there are major challenges for the enterprise administration.
When you start bringing the cloud into it, how best to utilise the cloud services, do you have all the data going up into the cloud? We don't. That's just a massive overhead that you just don't need. So we, in Aerohive, we utilise the cloud from a pure management perspective. The data and the control of that data is managed at the edge.
Well, actually that leads quite nicely into another issue I'd like to raise in the cloud. This is one of the topics of our discussion. David, from the service provider's perspective, what's your role in all this? How can a service provider come in and help out and what role does cloud have in maybe helping companies better manage all this?
Sure. It's interesting. Certainly Joshua I agree with all the points you put out there in terms of the evolution of this platform idea. I saw a good quote about obviously cloud and mobility, this term 'mo-clo'. When you think about it, cloud is the democratisation of IT and mobility is around utilising, the consumerisation of IT. And I think as the service providers, we are obviously investing heavily, obviously in terms of cloud technologies and I see our role really as a sort of an integrator and a gatekeeper.
All this data at the end of the day and mobility, it's creating a liberation of information. But the challenge you've got is in the enterprise environment, there's a thing called governance, risk and compliance and it's a complex thing as you say to actually manage. So I think as a service provider it's about providing some sort of structure in terms of providing some that of management.
I think in terms of services that we actually deliver, there needs to be transparency. So when we talk about cloud, I view different classes of clouds, from a consumer grade cloud that we probably all us to access personal email to what I would call a enterprise grade cloud. So at Verizon, when we build our infrastructure and build cloud, we do it in a way that we are very transparent around the controls there. We're fully auditable, we've been audited. And I think it's about building environments where people can feel or take comfort from the fact that as a service provider we've taken the right steps to ensure that there's security there.
And I think that as customers think about whether it's a right option, I think the other piece of it is that I very much see going to cloud as a journey. And when I say going as a journey I think we've been talking a little bit about that. It's about considering what is the impact of moving to cloud. So I'll give you a good example.
We talked about creating issues around the LAN. If you suddenly move all your, what was previously an exchange environment to a cloud-based service, you need to consider the impact on the wide area network, the gateway access. And I think you need to take a holistic approach. That's why I coined the term, cloud as a journey.
There needs to be some thought and there's a lot of companies such as Verizon out there providing consulting in this regard because if one tries to approach it in a piecemeal approach then ultimately we're just creating another mess for ourselves.
I'm curious though. What's really the tipping point? You talk about this journey. But if you look at, based on your experience in the market, your customers, what's really causing them to take up more interest in cloud and actually make the first step? What's the tipping point in all this? What's driving it?
So I think it depends on the type of customer you have. But if I focus on the large enterprise, I've been actively involved since Verizon came to market with their first cloud service, computing as a service back in 2009. So we've absolutely seen a huge growth in terms of take up of that service, from initially customers putting their toes in the water and looking at maybe a more compliant environment to other current providers out there and putting test and development applications to where we see today businesses coming to the cloud.
And I think there's a multitude of drivers. Obviously there's the whole drive from CapEx to OpEx. So you're looking at IT refresh time. Do we have the money to refresh? Does it make sense? And again when I take a journey approach I would say you need to look at your business from workload and application, determine which of those you're happy or it makes sense to move into the cloud and obviously there's determination such as compliance but also what is the end user experience I want to think about and what are the integration challenges one would have to overcome. And I think that's one driver.
I think the other driver is obviously the flexibility approach. And of course using the word cloud can be confusing because it means different things to different people. But in the true sense of the word it needs to be flexible; it needs to be agile; it needs to be pay as you use, so the consumption of IT. So obviously from that business model, most businesses and I talk about business being the business as opposed to the IT department are crying out for that flexibility and agility. Don't want to wait six months to get the infrastructure in place to launch new products and services. It's about days; it's about hours.
One of the important things we always forget is out there there's a war on talent and that works on different levels. You need to find the right people. On the average user level you need to enable them; you need to give them flexibility; you need them able to work. You need to find the people to manage the IT for your organisation which is not that easy at the moment.
So cloud helps them doing that, helps them go quicker to the market, to implement applications quicker. So it is a complex mix. And the problem with it is it is also for a part, a myth that has been created. Go into the clouds and all your worries are gone. It's not complex anymore, we can roll out in weeks.
But underneath this, lots of the technology are the same. I had to work somewhere in the clouds this morning and that should work easily if the wireless of this hotel works, if the bandwidth -- well, the wireless was not that bad. It was the bandwidth to the outside world. But nobody ever talks about that complexity underneath. That's also a myth.
Sorry, did you want to say something.
I was just going to say everyone blames the wireless. That's the first thing that they do is oh, the wireless doesn't work.
I was going to bring in one element on what these two chaps have just been saying and that's the cost element to the enterprise. By moving certain elements into the cloud, it's dramatically brought the cost to them down as long as the way that the data, the control, the management, the use and so on are being looked after. LAN and WAN issues aside, without the cloud will they still work? So there are other issues.
But the key thing from our perspective is by moving what in the wireless world you would call a centralised solution into a control-less environment where we run the controller side function, the management functions in the cloud itself, we are a control-less environment now. And people get very confused, oh, you've got controllers in the cloud. No. So it can get very confusing as to what people mean by how they utilise cloud services sometimes.
Okay, this all sounds good. But what we haven't talked about yet is some of the concerns that the customers have that I think are very valid. A couple of things come to mind. One thing is reliability of connectivity, which we sort of touched on here. But if you're dealing with a wider network, private networks, global private networks, connecting to different datacentres, how do you ensure that level of reliability considering that someone's very, very important data is stored somewhere else.
And another important point, compliance. This is something that was mentioned earlier. Particularly in Europe this is an issue. If you have regulations regarding data breaches and laws concerning where your data is stored, doesn't the customer need to know where their information is and don't they need to have some control over where it is located and how do you address all that.
So obviously as a global infrastructure provider, we've been in this business many, many years, managing and providing assurance around critical infrastructure networks. And the network is obviously an intrinsic and critical part. And you mentioned that if the customers have got critical business applications, then obviously private IP, private networks is one way of ensuring that that part of the transport layer is as it should.
That's not really cloud is it?
No, no, exactly. So you've got the -- you've obviously got the last mile issue, let's call it or the last centimetre or whatever it is in terms of wireless and access. But you're always going to have that issue to a degree from an end user standpoint.
I think on the compliance and the governance point of view and I mentioned it earlier, I think that it's important and the differentiation again between an enterprise grade cloud as I would term the definition and consumer grade is about providing those SLAs. It's having people at the end of the phone; it's response within minutes. It's those things that maybe you don't expect on a [inaudible] cloud.
And I think as businesses, in any case, whether you're building your own cloud or working with a partner, it's all about understanding the risk, building an adequate continuity plan and ensuring that you have enough redundancy built into the solution. I think again that's something that companies need to address and should not assume that all those things have been taken care of by your provider.
One of the important thing is -- it's the same in every industry. If you pay peanuts you get monkeys. And in cloud it's the same way. It's a lot cost driven. But you need to build your specs and pay the money for the service you need. And that's often forgotten.
So what should customers be looking for because SLAs can be complicated. And the biggest challenge is what's not in there. And they're not always aware of that. In your opinion what should be in an SLA? What should they look for? What should they be aware of that might not actually be there?
One important product, commonsense. They should have read the SLA and not only looked at the percentage on top of it and in which periods that should work.
So you think that's the problem, it just too simplified, there's a percentage.
No the problem is that these things are complex. But a business manager needs to understand what is the SLA he has. That's the important thing. It's the same with security. You design and you put forward what you want and you have to understand what you get. And that's a problem. When we're talking about SLAs that I think some suppliers themselves don't even understand or at least two people in their company --
So what's typically missing from your opinion? Do you have any view into this, like what are some of the weak things that people should keep an eye out for in SLAs?
I think one of the challenges that come is that at the end of the day obviously the network is just a transport layer. And when you think about it, what the business cares about is the application, as the end user. I think one of the challenges you see sometimes is that where you have a complex application and you have multiple different providers you can end up like this. It's one of the areas where we're -- retail, e-commerce is a sort of a strong vertical within Verizon and we manage many well known e-commerce type sites. And in some scenarios we're actually managing the application and we're approaching customers and actually providing them obviously assurance down the applications across the network.
I think customers need to, to the point, they need to think about a, how critical it is but also then think about what makes sense. I don't want to just -- commonsense yes. Break this into a thousand pieces and eventually we're going to have a mess. So again it's choosing the right provider I think is important.
From a perspective of being a vendor, we've actually given the customer the flexibility and the reliability to utilise the cloud within the cloud or to utilise their own cloud within their own environment. So the management of our environment can be done in a public space or in their own private cloud space. And that allows them a level of flexibility and it gives them control as to how and where and when and so on and so forth.
If the network manager, if the people who are looking at what they're going to deploy have the required commonsense to sit and think about what is going to be best served by implementing a network the question is asked what happens when I don't have it, what impact is that on the environment. And if they start with those kind of questions, maybe they can go further.
Okay. That's all good. We have to get to some audience questions eventually. There's just one thing I'd like to touch on and Jan I think you might have some good insight into this. We've mentioned security issues. We talked about multitudes of devices, different kinds of devices coming in over different kinds of networks, switching back and forth. I mentioned in the past we think of security maybe very simply in terms of antivirus, firewalls things like that.
How does this environment that I just talked about, all these different technologies playing together, how does this impact the traditional security approaches and how do you deal with identities of all these different devices? What do you see are the major challenges there?
To start with a simple point, in the very old days we would do perimeter security which meant we have our inside network, those are the good guys. We put a bouncer in between called the firewall and the evil world was outside. That's been gone for ten years. Perimeter has been gone.
The amount of devices quadrupled but in the end there's nothing new there. So that happened. But the biggest problem you end up with then is that you need to manage identities and limit authentication systems how you get in and start working with those identities. And that's still a big problem, centralised identity management.
What's the problem? Why is that --
You have identity management getting into your network. You have identity management getting into your file systems, mail system, etc. etc. If you buy a new application it has its own user management. It hardly integrates. Well, it has user management, but it does not have role management. You have to do that again. It is a very complex situation. You want one user system with one role, with one set of rights. So that's a very important one.
I agree. Obviously identity is one piece of the puzzle. At the end of the day it's taking a datacentric view. Verizon publishes an industry publication every year called the Data Breach Report. And we take data from our forensics teams, many police forces and we analyse it and it's not about Verizon, it's about the state of the market.
But what's interesting is we still get -- I think it's today in the latest report, 92% of the cases where there was a breach was discovered by a third party. You still get situations where 85% of the data was sitting on a system where the owner of the data wasn't even aware it should be on that.
So we're still back to fundamentals. Are we properly -- integrity. Are we classifying the data; are we putting an importance level to it and are we then building security around that? And of course access is one part of it, who has rights to it and who doesn't.
But you know ten years ago I worked for a start-up company doing application security and ten years later companies are still being hacked using the same techniques we were discovering ten years ago.
We still store our user IDs and passwords as clear text in applications.
And sometimes I'm asked is cloud more or less secure and I think [inaudible] -- exactly. Our analysis says it's no more or no less secure in all respects. A company needs to understand the importance of its data and needs to take [inaudible] to that data security and information management.
One of the things that's a problem with the industry is that customers want to believe the myth of cloud is more secure, cloud is less complex etc. etc. It solves certain things but in the end it stays a complex thing to do.
Just a stupid end user example. Who does back-ups to the cloud here? Who has cloud applications, does something in the cloud? Everybody, right. Who backs up that data? That's quite a lot of you. Then my point is gone. One in three.
It's one of the things. People put their lives into the cloud, say Google is never going to go bankrupt. That's one of the things you hear. But they don't think about the business continuity of having their [data] to them. It's very simple. And then if you go up higher on the food chain, small companies, larger companies, enterprises, they have the same reflex. They try to cover some of that responsibility by a contract. They're really not sensitive about their data and that's one of the big issues we see today.
Sorry, I don't mean to interrupt but I'd like to have some time for the audience to defend themselves a little bit. I think this is a good time, to open up the panel for questions. Is there anything you'd like to ask them or challenge them about?
From the floor
How you can explain the bug with Facebook in France last week? You know that all the private inbox messages appeared in public and some message from 2009. And Facebook now is facing big problem in France, even to the court everything.
Is that true though?
From the floor
It's true. Of course it's true.
I didn't hear about that.
From the floor
It's true. So if we should trust the cloud blindly. This is an example if we can trust the cloud.
You're back to commonsense again aren't you.
It's boring but --
If you want to use the cloud you need to have faith in what you're dealing with. You need to know what you are dealing with and the risk is there for everybody really.
This is a free service which you didn't sign a contract with by a guy who basically ripped off his shareholders.
From the floor
Steve, a question about your talk. You stated that the control of the data was the [action] of the clouds. But in your proposal, the role of the cloud is it acting as a proxy server between your corporate network and the customer or how are you using the cloud in that case?
In our case we utilise the cloud as a platform where we put our management software, so that the management of the wireless network for that enterprise is managed from the cloud. The control of data and how that's managed, that's managed locally. For example, user profiling that's all done at the edge. The transfer of data from A to B, that's managed locally as well. But the management of the network is in the cloud. What we call the Hive Manager is in the cloud and if you want to have your Hive Manager for example under your sole control then you can have it on a VMware on your own virtualisation space within your own enterprise.
From the floor
Maybe you are aware that Huawei is offering the Ascend P1 smartphone in the market here in Europe and they're offering it with almost 30 gigabyte of [free space] in China. What's your opinion about security in that case?
Ask me in the bar later after a few drinks and my opinion of Huawei will be there and I'm going to keep that there. I don't know very much about Huawei personally but I do hear some scary stories in the UK about them. So I can't answer that question directly.
Okay, I think that's it. So thank you very much. Thank you.