Welcome!

Microservices Expo Authors: Liz McMillan, Elizabeth White, Roger Strukhoff, Pat Romanski, Carmen Gonzalez

Related Topics: Cloud Security, Java IoT, Microservices Expo, Containers Expo Blog, Agile Computing, @CloudExpo

Cloud Security: Article

Is Your Security Initiative “One Inch into a Mile”?

How can you find ROI if 73% of major software implementations don’t get past phase one

In the software universe we’ve all heard the saying “We are One Inch into a Mile of Functionality but we are paying for the entire mile.”

That pretty much sums up every technology initiative ever embarked upon. Whether we are talking, ERP, CRM, SIEM or a variety of other alphabet soup programs, it always looks so simple in the demo, but when rubber meets the road, there’s always some gremlin preventing or delaying full realization of the benefits or expected ROI.

Now I am not looking down my nose at any particular implementation of any particular product, but I read a Forrester statistic that stated 73% of major software implementations don’t get past phase one. Whether a result of scope creep, budget busting or flagging executive buy-in, the promise of ROI is underwhelming; not to mention the drag on IT productivity and lack of measurable results. And it’s those results we depend on to drive ROI and solve the business need.

And, of course that’s where the cloud can be a savior to an SMB or Fortune 500 global enterprise. The immediate benefit of cloud applications is the zero-day factor. One the first day of your subscription, the functionality is 100% there and ready to be applied. The endless hours upon hours of scoping, development, implementation, testing, tweaking, retesting, reinstalling, configuring, hair pulling, reconfiguring, reprioritizing, rescoping, testing again more deploying, redeploying are gone.  And with it, the delta of time between capital investment and ROI realization has stretched considerably. Sometimes in excess of 3-4 years.

This is especially true when applying enterprise security solutions.

We all realize that IT security can be a cost center. We also know that return on investment on a security initiative can take time to calculate. However, if applying security-as-a-service solutions such as SIEM, Log Management, IDM, Access Management and SSO an enterprise receives maximum benefit right out of the gate and you remove all the crushing weight of capital costs.

Here’s an example. Company X must comply with a federal regulation (PCI, HIPPA, CIP, GLBA, etc.). IT and the C-Level executives realize that a solution to capture log events and store the requisite information is needed. While doing their due diligence, they discovered that having a solution that also monitors the logs for suspicious activity is also worth the investment. In the end they create a budget and decide on an appropriate course of action. Now comes the expensive part. They lay out the cash for the server, for the software package, for the additional hardware. Conservatively (for a small enterprise) we are talking $150,000. And that’s before the first line of custom code is written or a PC is plugged in. Additionally the support and maintenance clock has started ticking—another 30 grand.

It’s three months later, and you finally deployed the first small portion. You’ve invested two full-time implementers, a consultant, etc., another $25,000. And in that time there has been a software update and seven patches.  Without putting too fine of a point on it, before you’ve seen one inch of functionality, you’re already in the hole well over a quarter million dollars. Now how many anomalies prevented will it take to realize any return? Besides in the three months, you’ve simply scratched the surface in terms of functionality. It will be another year before the system is fully functional.

Let’s compare that nightmare scenario with the deploying and managing from the cloud. Once the sensors are calibrated (each sensor is less than 1GB of space on a server or monitored device) and configured, your enterprise is fully covered. You are receiving a fully-formed, fully functional enterprise-class deployment. In this case there is no server purchase, no software purchase…in fact no capital expenditure of any kind. For what Company X is paying in support and maintenance (it’s OpEx commitment), the company could trade in the entire Year 1-3 initiative costs. The instant scalability of the cloud-based SIEM/Log Management gives Company X the flexibility to right size as it goes and therefore, only pay for what is needed. There is never a mile minus one inch of function going unused.

Many organizations are in the same boat as Company X. By considering security-as-a-service they could instantly reduce capital budget (trade CapEx for OpEx) and immediately begin accruing the necessary capabilities to meet the business need while enjoying the direct benefits that translate into return on investment. In this scenario, there’s no waiting three years for ROI, but more important for compliance and security, there’s no waiting to deploy important functionality.

Kevin Nikkhoo

www.CloudAccess.com

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@MicroservicesExpo Stories
Application transformation and DevOps practices are two sides of the same coin. Enterprises that want to capture value faster, need to deliver value faster – time value of money principle. To do that enterprises need to build cloud-native apps as microservices by empowering teams to build, ship, and run in production. In his session at @DevOpsSummit at 19th Cloud Expo, Neil Gehani, senior product manager at HPE, discussed what every business should plan for how to structure their teams to delive...
Rapid innovation, changing business landscapes, and new IT demands force businesses to make changes quickly. In the eyes of many, containers are at the brink of becoming a pervasive technology in enterprise IT to accelerate application delivery. In this presentation, attendees learned about the: The transformation of IT to a DevOps, microservices, and container-based architecture What are containers and how DevOps practices can operate in a container-based environment A demonstration of how ...
As we enter the final week before the 19th International Cloud Expo | @ThingsExpo in Santa Clara, CA, it's time for me to reflect on six big topics that will be important during the show. Hybrid Cloud This general-purpose term seems to provide a comfort zone for many enterprise IT managers. It sounds reassuring to be able to work with one of the major public-cloud providers like AWS or Microsoft Azure while still maintaining an on-site presence.
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Phil Hombledal, Solution Architect at CollabNet, discussed how customers are able to achieve a level of transparency that e...
Much of the value of DevOps comes from a (renewed) focus on measurement, sharing, and continuous feedback loops. In increasingly complex DevOps workflows and environments, and especially in larger, regulated, or more crystallized organizations, these core concepts become even more critical. In his session at @DevOpsSummit at 18th Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, showed how, by focusing on 'metrics that matter,' you can provide objective, transparent, and meaningful f...
Between 2005 and 2020, data volumes will grow by a factor of 300 – enough data to stack CDs from the earth to the moon 162 times. This has come to be known as the ‘big data’ phenomenon. Unfortunately, traditional approaches to handling, storing and analyzing data aren’t adequate at this scale: they’re too costly, slow and physically cumbersome to keep up. Fortunately, in response a new breed of technology has emerged that is cheaper, faster and more scalable. Yet, in meeting these new needs they...
@DevOpsSummit taking place June 6-8, 2017 at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @DevOpsSummit at Cloud Expo New York Call for Papers is now open.
Logs are continuous digital records of events generated by all components of your software stack – and they’re everywhere – your networks, servers, applications, containers and cloud infrastructure just to name a few. The data logs provide are like an X-ray for your IT infrastructure. Without logs, this lack of visibility creates operational challenges for managing modern applications that drive today’s digital businesses.
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
In IT, we sometimes coin terms for things before we know exactly what they are and how they’ll be used. The resulting terms may capture a common set of aspirations and goals – as “cloud” did broadly for on-demand, self-service, and flexible computing. But such a term can also lump together diverse and even competing practices, technologies, and priorities to the point where important distinctions are glossed over and lost.
Monitoring of Docker environments is challenging. Why? Because each container typically runs a single process, has its own environment, utilizes virtual networks, or has various methods of managing storage. Traditional monitoring solutions take metrics from each server and applications they run. These servers and applications running on them are typically very static, with very long uptimes. Docker deployments are different: a set of containers may run many applications, all sharing the resource...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor – all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
Join Impiger for their featured webinar: ‘Cloud Computing: A Roadmap to Modern Software Delivery’ on November 10, 2016, at 12:00 pm CST. Very few companies have not experienced some impact to their IT delivery due to the evolution of cloud computing. This webinar is not about deciding whether you should entertain moving some or all of your IT to the cloud, but rather, a detailed look under the hood to help IT professionals understand how cloud adoption has evolved and what trends will impact th...
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his session at @DevOpsSummit 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, showed how customers are able to achieve a level of transparency that enables everyone fro...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, contrasted how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He showed how the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He also demoed building immutable pipelines in the cloud ...