Thursday, September 29, 2011

Enterprises should harness the power of social media to better know their markets, says Capgemini

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Learn more. Sponsor: Capgemini.

Social media and the increased role that linked communities of users have on issues, discourse, and public opinion are changing the world in many ways -- from how societies react such as in the Middle East turmoil to how users flock to or avoid certain products and services.

The fact is that many people are now connected in new ways and they’re voicing opinions and influencing their peers perhaps more than ever before. Businesses cannot afford to simply ignore these global -- and what now appeared to be long-term -- social media trends.

The latest BriefingsDirect discussion then focuses on the impact that social media is having on enterprises. We specifically examine with an executive at Capgemini on what steps businesses can take to manage social media as a market opportunity, rather than react to it as a hard-to-fathom threat. Hear too how services are being developed to help businesses to better understand and exploit the potential of social media.

The discussion with Paul Cole, Vice President of Customer Operations Management and Business Process Outsourcing at Capgemini, is the first in the series of podcasts with Capgemini on social media issues and business process outsourcing. The interview is conducted by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: Capgemini is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:
Gardner: It seems a bit of a twisted logic when we say that social media can be both a threat and an opportunity. How could social media be both?

Cole: It's all in how you decide to respond. Social media, in and of itself, is a neutral topic. It could be viewed as a utensil or a platform, upon which you can do things. And depending on your intent, whether you’re an enterprise or a customer, those activities could be viewed favorably or negatively. And that's true as much in the sociopolitical world as in business.

The important thing is that social media is the platform, not the action itself, and it’s really what you decide to do over that platform that makes the difference in business and in the world at large.

Gardner: Do you have any evidence, research, or findings of any sort that bolster this notion that social media is a sea change and not just a blip?

Game changer

Cole: Well, based on a survey we commissioned last winter, somewhat surprisingly, a bit more than one in 10 executives did characterize it as a fad relative to the business world.

However, you can look at it in the everyday world around us and the media as it relates to impact on society and in the sociopolitical spectrum, and there's very little doubt that it’s changing the game there. I believe it will have an equally profound impact on business over time.

Social media has become the bullhorn of the 21st century. It allows people to spread their message, to amplify that message, to mobilize the community, and also to monitor in real time the events as they unfold.

We are having to deal with it across the political, social, and cultural spectrums. Witness, unfortunately, the emergence of something that we’re now calling flash mobs, a case where the platform is being misapplied toward organizing a community of people who have damaging intentions.

So back to your question on threat or opportunity, significant or insignificant impact, it’s all based on the intent and actions of the individuals utilizing the utensil.

It’s all a matter of how you take that information and translate it into actionable insights, against which you can make some smarter business decisions.



Gardner: On one hand, we seem to see a lack of control or at least different aspects to how people behave. We don’t have the necessary tools. But on the other hand, we're seeing a lot more information generated, and information often is the lifeblood of how organizations react and adjust to markets.

Cole: Information overload is one potential consequence of this. It’s all a matter of how you take that information and translate it into actionable insights, against which you can make some smarter business decisions, and from our perspective, ultimately deliver a better customer experience which will help you grow.

What’s neat about what’s happening in the world of technology, on top of the social environment, is that there is a whole new generation of tools emerging that allow you to develop that insight.

There are four steps that a company can go through to generate social intelligence. First, is listening to what is going on out there. There has not been an earpiece for us to really take the pulse of the market, and what's happening in the virtual world or the internet world until the recent development of some of these social listening tools. So the ability just to know what's going on, who is saying what, who are the influencers, what are their sentiments is an important first step.

Monitoring change

The second step is the ability to monitor that over time and see how attitudes, perceptions, and most importantly, behaviors are changing and what are the impact and implication of that for your business, either from a marketing or a selling or customer service standpoint. In addition to monitoring that, you’re also now able, with text analytics tools to not simply track and describe what happening, but also isolate cause and effect.

So if I'm launching a Twitter campaign, putting a new product out there, running a contest, or engaging in some kind of social care activity, what is the impact it's having in terms of the customer’s behavior and what adjustments can I make to be more successful?

It's being able to get attribution and get to a root cause by applying these analytic tools. So you've listened, monitored, and analyzed. The killer app, if you will, is the last step of closing loop in terms of your ability to respond. So many companies today are putting their toe in the water in the social world by listening with these tools and trying to understand what's being said. It's new enough where not that many have actually industrialized their process for responding.

Ultimately, your ability to now go back into that community and influence the customer or attempt to influence the customer and their behavior is where there is a tremendous upside for companies in terms of generating higher growth and profit.

Gardner: How is Capgemini working toward some solutions on this?

The question then becomes, as a provider of services, how to translate that into sets of offerings that add value for our clients.



Cole: As a global provider of consulting technology and outsourcing services, Capgemini attempts to keep its finger on the pulse of market. You have to be blind and deaf to not recognize that social media has quickly emerged on the scene. The question then becomes, as a provider of services, how to translate that into sets of offerings that add value for our clients.

At one level, you could look at social media as a wave or a phenomenon. I’ve been in the professional services, technology services business for 30 years, and we’ve seen the waves come and go, whether that would be CRM or ERP through SAP or eCommerce, which I think this mirrors quite a bit, and Y2K. So there's always an emerging area that people will try to understand, chase, and then capitalize on.

My particular area of expertise is around customer management. So I look through the lens of how a company acquires, develops, and retains its customers and how can we manage some of that process for them in a faster, better, or cheaper manner. We do that today in traditional forms with managing their call centers or their customer service operations, helping them present stronger web content, providing them with insights through analytical services, and so forth.

What social media started to suggest to us was that there was a new opportunity to bring another service to the market that allowed clients to focus on the business problem that they’re trying to solve and provided us the opportunity to provide them with everything they needed to mobilize around that objective in the social world.

Marketing enhancement

In and of itself, social media is not going to drive your business forward. As we've discussed, it's really a platform or a utility upon which you can engage customers for one or more activities based on a business objective. It does, at the end of the day, relate back to what you're trying to accomplish.

When I went to school, we were trained on the four Ps in marketing. You develop a product that the marketplace is interested in. You price that product at a level that the consumer or customer perceives value so they want to transact with you. You need to promote that in terms of distinguishing you against your competitors and bring that product to market with some form of distribution. We call that the four Ps.

Obviously you still need to do all those things, but in the social world now, there is a new twist. If you think about the product, we used to take a very linear approach to doing market research, testing concepts, via surveys and focus groups. In today’s social world, you can do that much more dynamically. There's a whole phenomenon around crowd sourcing with which you can solicit people's input and feedback and iterate on that massively, and closer to real time.

There's a whole phenomenon around crowd sourcing with which you can solicit people's input and feedback and iterate on that.



Your ability to get really close to the marketplace is enhanced tremendously by social media. In terms of promoting, it used to be broadcast media, but now you're able to do micro campaigns. You can do tweet campaigns. You can do campaigns through Facebook. Your ability to target the individual that you are trying to influence has gone up exponentially.

We've always talked about the segment of one, but it was very difficult to do. Now, you can get in there and really understand who is driving popular opinion, who are the big influencers, who do you need to convert to be an enthusiast or an advocate of your product, and launch very specific campaigns against them. It's a different form of promotion.

It's the same thing with pricing and distribution. While you still need to do many of the same activities, the way in which you will execute on those activities has evolved and become much more dynamic.

Every function within the organization has a potential application in the social world. I don't think it's the kind of thing that any one executive or any one function is going to own per se.

It's a matter of looking at it through the lens of the process that you're responsible for, and trying to understand how to apply new thinking and activities to improve your efficiency or your effectiveness of that area. That could be public relations and the brand, marketing and developing effective positioning, product development and management, selling through more targeted campaigns or, at the end of the value chain, a better servicing of the customer to generate greater loyalty.

Different ways

Gardner: Are we going to repeat history and have a fragmented approach to this or is there a better way?

Cole: You’ve really put your finger on a core issue. It all depends. What is social media? That depends on who you are and what you're trying to accomplish. That’s going to be variable based on your area of responsibility within the enterprise.

There is something to be said for standardization and taking a platform-based approach to avoid the recurring tendency of investing in your own individual solutions and then lacking interoperability or having to face integration issues and so forth.

By buying into a managed service the company can avoid having to make capital investments in the technology, avoid the potential risk of different groups going off and doing their own thing.



While the application of what you do on top of the social platforms may vary, there is potential for the organization to operate as an enterprise on top of a single instance of a platform. That’s part of why we got into offering a managed service.

We allow the client to focus on what they are trying to do in the marketing, selling or customer service world. We provide them with the infrastructure, the technology, the process discipline, the data, and importantly, the social media advocates, the human intelligence layer that is ultimately conducting the monitoring and the analytics and the interpretation of what’s happening there.

By buying into a managed service the company can avoid having to make capital investments in the technology, avoid the potential risk of different groups going off and doing their own thing. They can remain current, because they don’t have to pay attention to this fast paced dynamic technology market and what is the state of the art. That would be our responsibility.

Hopefully, it's the best of both worlds. They can each, as user communities, decide what they want to get out of social media, but be able to leverage the fact that they're all investing in a common platform. ... It is a different way of storing, distributing, and accessing the data.

What it translates into for us is the ability to provide process as a service. That’s a fundamental shift in the marketplace that’s occurring as a result of the development of cloud capabilities.

Organizations can just tap into a service, and that makes it easier for them to get into a new area. It’s faster, it’s less expensive. We're trying to apply that same concept to social media. We can provide a faster, better, and/or cheaper approach. The client buys the process as a service on a subscription model.

We assure the integrity and security of the data. We provide the data management, the repository, the infrastructure, and the toolset. You're buying a service around a process, whether that be listening to your customers, wanting to launch marketing campaigns, providing social care or whatever.

The whole SaaS cloud phenomenon is just changing the distribution model and also facilitating an easier approach for companies to get up and running in this area.



The whole SaaS cloud phenomenon is just changing the distribution model and also facilitating an easier approach for companies to get up and running in this area.

Gardner: How are organizations getting started?

Cole: As evidence of the fact that it is a new phenomenon, you can just notice the volume of conferences that are out there with social media in the title. It just reinforces that companies are trying to understand still what "good" looks like. They’re out there looking for best practices. They are still paying for "PowerPoint," for consultants to come in and help them understand the strategy, the power of social, what that translates into in terms of metrics and governance, and so forth.

The market is very much in its exploratory stage. I'm not sure you can over-architect what social media means to you at the moment. This is something that you have to get in and dip your toe in the water. Instead of "ready, aim, fire," it's probably "fire, fire, aim, ready, fire." This means that you need to iterate.

You don’t know what you don’t know….. until you get in to the market and you start to listen to what is happening out there, identify who the key influencers are, where they're talking about, who are the advocates for the brand, and who are the potential saboteurs who can represent a threat? What are some of the kinds of programs and activities that one can run?

Rather than the grand strategies, the big-bang approach, this particular area is deserving of more experimentation, and iteration. Then, over time, we need the development of a broader strategy. But, you need to get in there, and listen, and learn, and act, and from that you'll figure out what works and what doesn’t work.

Part of what we’re trying to offer our clients is the ability to do that faster than doing it themselves, where they have to go out, acquire the tools, hire the people, and put in place the processes.

In this case, they can say we want to launch a campaign and we’d like to understand how we can use the social world to solve customer service problems or whatever. We provide all the tools and capabilities to do that. They focus on learning and evolving their strategy of what to do in the social world.

Part of what we offer is the ability to bring to them the best of the tools that are out there, and it's an evolving world.



... As part of that, in our Social Media Management Solution, we’ve built a joint solution with a company called Attensity, which really comes at the market initially from the text analytics world, but offers a nice suite of applications that enable your ability to listen, monitor, analyze what's being done, and then respond to the customer in terms of workflow and direct customer engagement. So it's what you decide to do, but it's also having the right toolset with which to do it.

Gardner: Are there any places to which we could direct our listeners and readers for additional information, perhaps whitepapers, other research, and/or more information on your services?

Cole: Certainly capgemini.com. We do have a featured social media section on the website. We've recently published a whitepaper called "Harvesting the Fruit from the Social Media Grapevine". We hope that clients will find that insightful. It's a bit of a point-of-view on where the market is today and where it's headed.
Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Learn more. Sponsor: Capgemini.

You may also be interested in:

Tuesday, September 27, 2011

Case study: CharterCARE Health Partners leverages cloud and VDI to aid digital records management, security, regulatory compliance

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: VMware.

Our next VMworld case study interview takes the pulse of CharterCARE Health Partners, and examines how virtualized desktops and thin clients are helping with digital records management and healthcare industry compliance and privacy requirements.

We learn how Rhode Island-based CharterCARE has embraced private cloud and virtual desktop infrastructure (VDI) to support its distributed, 579-bed community-based health system. The organization operates the Roger Williams Medical Center, Our Lady of Fatima Hospital, and several other caregiver facilities.

We'll hear how the tag team of private cloud and VDI has provided better data management, security, reliability, and regulatory auditing capabilities. The successful infrastructure modernization effort has also helped CharterCARE move to electronic health records and has helped improve their processes for clinicians.

This story comes as part of a special BriefingsDirect podcast series from the recent VMworld 2011 Conference. The series explores the latest in cloud computing and virtualization infrastructure developments.

Here to dig into more detail on the CharterCARE IT infrastructure improvement story is Andy Fuss, Director of Technology and Engineering at CharterCARE Health Partners. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:
Gardner: I'm interested why data management has been a primary driver for you as you've looked to adopt both the private cloud and VDI. What is it about the data equation that’s made this look like a good solution for you?

Fuss: We need our data to be accessible everywhere, at every time, no matter what provider is at what facility. Even from an engineering and technology standpoint, no matter what system analyst, what network engineer may sit down wherever they are to troubleshoot an issue, we need that common set of tools.

Common repository

We need the common repository of information for a caregiver. That would be the electronic medical information. It could be the x-rays, the slides, the CT scans, or the results that were dictated by a radiologist. Whatever it might be, that information needs to be available in a flexible manner and delivered directly to the deskside experience.

Now, if that’s a desktop, it needs to be on a regular PC, but if we're talking about a tablet, we need to accommodate the tablets that people bring in and have come into the facility and are now actively being used, or zero client technology.

We have all the different technologies and pieces. We're trying to promote these pieces to be used and trying to be flexible with accommodating them and getting people to the information that they need so they can take care of the first priority, which really is patient care.

Gardner: Tell me about the extent of your distributed campus and environment. Not only are you dealing with many different types of data and many different endpoints, but you're also distributing this across a multitude of different environments.

Fuss: We have two main acute hospitals. We have a nursing home, a cancer center, outpatient care offices, and several different offices all around the community. So the data truly needs to not be resident in one spot.

Where you're accessing that data from or where you're using it is seamless to the end user and provides a solid customer experience.



We also needed to have a secured disaster recovery (DR) facility, so that if anything were to happen to our primary data center that’s on one of the campuses, we could flex seamlessly over.

So building a cloud for us made total sense. That cloud hovers between one of two data centers. One is at one of the acute facilities, and then 100 miles away in another state, we have another data center. Our cloud roams between the two, and we have data flowing from each area.

So the connection really is no longer about where it’s physically located by any restriction. It’s more of just gaining access to the internet and being able to make connections. Where you're accessing that data from or where you're using it is seamless to the end user and provides a solid customer experience.

... There are a lot of people who can embrace different types of clouds. You've got hybrid clouds, private clouds, public clouds, all with different offerings. For us it made sense to do a private cloud. For others, it may make sense to do hybrid type cloud.

As we move toward the future, I can see that we might be able to offload some of our services toward the public cloud. As we increase the size of some of our data and we have patient care cut over to the side, there might be some other data that does not follow the same guidelines. We can put that into a secure public cloud and attach everything.

I'm not worried about theft of an individual device, because the device has nothing more on it than some connectors to get somewhere.



VMware is coming out with those tools and using those tools to make that kind of continuation project possible to look at. We're very excited about some of the initiatives that we've seen at VMworld -- the vCloud Director, with security, the different layers built into that that could make some of the public cloud usable for us for specific applications.

Gardner: Correct me if I am wrong, but it sounds as if private cloud to you means better security.

Fuss: Oh, it does, most definitely. I'm no longer worried about the endpoint device walking away from us. I'm not worried about theft of an individual device, because the device has nothing more on it than some connectors to get somewhere.

When we were first embracing zero client technology in a lot of places, we did some studies. We talked to some different people who had already embraced it. One particular hospital I spoke to said they had on video someone stealing a zero client device, perhaps thinking that they had stolen some great new utility tool for home, a new PC. They were all excited.

They also have them on video, bringing it back the next morning, because they couldn’t do anything with it when they got to their house. Using cloud, using the technologies that ride in the cloud, like VMware View and access to the data through VMware View, really helps to lock things down and it helps to prevent things.

No data leakage

In the past, somebody could have taken a PC, and let’s say that PC could have had metadata on it or could have had some files on it that were saved in someway. It was comical to hear that story from another person who was in a similar situation as us, where there was no data loss or data leakage, even if that device had never come back. So the cloud really has tightened things down for us.

One of the primary concerns for our electronic medical records is that it’s patient data, financial data, and so needs to be PCI-, and HIPAA-compliant. All the different compliance standards that we need to abide by are all satisfied with the ways that these machines are locked down, by the way the cloud is moving, and where we allow it to move to.

Gardner: How do you view private cloud and VDI -- separate, distinct, together? What’s the relationship?

Fuss: They're definitely together. They have to be together. In my opinion, it’s what makes sense. We want to see the data tight. We want to see the integration tight. We can have a cloud where the data roams back and forth, but the connection into the cloud actually uses that data.

As I sit here on a device, a personal device at the office that is connected to my virtual desktop instance, this device doesn't even have to be on my network. I'm utilizing a public network that we have here at the hospital system and I've connected into my virtual desktop. I have full accessibility. I'll flip over here in a few minutes when I go into another meeting. I'll bring my iPad with me, another personal device, and I'll be connected right to that same virtual desktop.

So the cloud has allowed me, with View, to seamlessly move between all these different devices. I no longer am tied to something. I'm no longer tied to a specific physical location, a physical anything. I really am completely mobile. I can work anywhere at any time and have that same common set of tools.

I should no longer call it disaster recovery. I should call it our second data center because even though it really is 100 miles away, I can still sit there and work all day long just like I'm anywhere else.



It doesn't matter if I'm working out of the DR site. I should no longer call it disaster recovery. I should call it our second data center because even though it really is 100 miles away, I can still sit there and work all day long just like I'm anywhere else. That ability is really the value that using a cloud and using View gives you.

I want a physician in his office, out on the road or wherever they might be, at home, in a practice have access to that same data and have a similar look and feel every time they connect from whatever device. That's what these solutions that we've opted for have provided for us.

... We can already see the expansion, the use of that technology in different areas. We have some physicians with iPads working throughout the facility, visiting the patient’s bedsides, looking at their charts, all that kind of flex room is great.

I've seen it in our administrative areas, our human resource officer using iPad remotely. We’ve had our Chief Information Officer using an iPad, using a PC at home, and connecting through the View client to her machine.

We’ve gotten support not just from forcing the technology out there, but by people asking for the technology. That’s how you can tell you have a good product. People asking, "Can I be moved to this new product, because the flexibility of my supervisor, director, whoever is using is what I need."

Hit a home run

If the director calls saying, "I need this employee to have this flexibility," you know you've hit a home run with the technology. I haven’t had anybody call asking for another PC at another location for the same person to work. I have people calling saying, "I really need to get them onto this technology as soon as it’s possible, because it's made this employee so efficient. I need to do that for everybody else."

... Also, everything that we're doing allows us not to focus on location, and that's the big thing. We break away from location. So where is the data center? Is it going to be affected by the next hurricane coming up the East Coast? Well, if we have a fear of where the hurricane is, we can move our data center 100 miles inland. Or if we think that inland is going to be more affected, we can keep it in Rhode Island, which is right on the ocean.

So we have that ability, and nobody knows where that data is other than the IT department. We know it's within the system, within the security, but nobody would ever notice the difference or question where the data is running or residing. They might ask, and we could tell them, but nobody says, "Wow, that's slow" or "I can see a difference." None of those kind of calls comes in as the cloud flexes.

Gardner: At VMworld, you've had a chance to look over View 5, and the PC-over-IP benefits there; is that something that’s in your pipeline?

Fuss: Absolutely. We’re blessed to be in the VMware 5 beta test user group, and we’re loving what we see. We like the performance. The PC-over-IP expansion is amazing. They’ve written a great protocol there with their partners, and that is the technology that’s going to continue to drive the reinvention of the desktop.

We’ve gone through the reinvention of the desktop a few times in my career, from somewhat dumb terminals to smart terminals to client server. We seem to be making our way back to where we’re keeping our data safe in data centers and in silos. We’re giving people a great end-user experience to give them a full PC feature-set. We’re doing it all securely and we’re doing it all with products that integrate seamlessly with one another, and that’s really the goal.

We seem to be making our way back to where we’re keeping our data safe in data centers and in silos.



We want the user to sit down and feel comfortable with whatever technology they use, and to have a way to take care of our patients that need our help and take care of what other important administrative business they may do, so we can keep moving forward.

... So the benefits are there, and they’re just growing now, as it's integrated and being used more in the clinical areas. We’ve seen some growth recently. Even our pharmacy staff is starting to carry iPads around, when they’re doing inventories of some of the medication machines and being able to get that information right there, but on a device that’s secure. If they were to leave it behind, nobody could connect to anything, and that data all sitting safe inside the data center.

So the adoption is there, the benefits are already there, and it's just growing and growing. Every time I turn around, we’re bumping another 50, another 75, virtual machines, into another pool of machines for a new purpose, and that’s the expansion that I keep wanting to encourage.
Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: VMware.

You may also be interested in:

Cloud-mobile mega trends point to need for rapid, radical applications transformation, says HP

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

In many ways, the mobile device explosion and the cloud computing ramp-up reinforce and support each other.

Cloud services make mobile devices -- like smartphone and tablets -- more productive, while making users better connected to enterprise resources and work processes. On the other hand, mobile devices -- with their ubiquitous, non-stop wireless access -- make cloud-delivered applications, data, and services more relevant and more instantly available anywhere.

The next BriefingsDirect podcast discussion then focuses on the rapid and massive shifts confronting enterprises as they adopt more mobile devices and broaden their uses of cloud services ... in some kind of managed fashion, one would hope.

There are good reasons for doing these in tandem, with strategic coordination. By leverging cloud and mobile, applications can be supported by a common, strategic, architectural, and converged-infrastructure approach.

Furthermore, by making cloud-delivered applications and data context-aware, delivering enterprise applications to any device securely can be done at a reduced cost (a lot when compared to conventional applications infrastructure models). It therefore over time makes little sense to have unique stacks beneath each application for each application or device type.

So how do enterprises adjust to these mobile-cloud, dynamic-duo requirements in the strategic and a proactive way? How can they leverage and extend their current applications or identify which ones to fold and retire?

It’s clear that radical, not incremental, adjustment is in order to make sure that the cloud-mobile era is a gained opportunity and not a fatal or devastating misfire for IT operators -- and business strategists alike.

Our next guest, Paul Evans, Global Lead for Application Transformation with HP Enterprise Business, helps explore the promises and perils of adjusting to the cloud-mobile shift. The interview is conducted by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:
Evans: We have to go through a radical transformation now in terms of our applications. I don't use these words lightly. There are these new technologies, part of the megatrends that are affecting organizations.

In the technological world, we have the world of cloud, and we have the world of mobile. We cannot ignore them. People can’t abdicate and say, "I'm not going to go do it." It's not going to be that way.

At the same time, the CIOs and senior stakeholders are looking outward and asking what are these new technologies, what could they do for me, how could they improve customer service, and what will my competition do?

They also look also over their shoulder and say, "I spend 70 percent of my IT budget keeping the applications I have today working. I probably don’t have enough budget or resource to do both. So the question is, which one of these should I spend more of my time on?"

The answer is that you really can’t afford not to spend time on either. So it's a balancing act between how I encompass the new and exploit it, and at the same time, what do I need to do with my existing applications.

Andy Grove, the former head of Intel said that this is a major inflection point.

This year people are predicting that if you count the amount of smart phones and tablets that will be shipped, i.e. bought, that it will be greater than the number of desktop, laptop, and network PCs. So we're tending now toward an inflection point in the marketplace that says more people will interact using mobile devices than they will static devices.

That trend isn’t just a blip for 2011. That continues as we accelerate, as people just get more comfortable with using that technology, as functionality improves, and security and manageability come under control.

We're at that point now. That’s why we use this term radical transformation, because for the people that really want to exploit this, they're making their plans, they're drawing up their action lists of what they have to do, both at the front end with the mobile and cloud environment, but also with their legacy environment.

Although we see the world of cloud and mobile as very new-age, very sexy, and all the rest of it, at the end of the day, people have to sit down and deal with what the environments they have right now. They may not be so exciting. They may not be so new-age, but at the end of the day, they make products, count money, and run the organization as it is today. They are the legacy applications.

I often sit down with a customer who says, "We have to take stock. We have to make a plan. We're not going to do this one day at a time or a week at a time. We have to appreciate how we are going to exploit cloud.

What applications that we have in the back-end server environments are we going to bring forward to the cloud to service a mobile environment? What we are going to do about the use of mobile within our organization and what we are going to do about serving our customers better through mobile devices and the technologies that go with them?"

This is going to be pervasive. This is the way we're going to do things for the foreseeable future. Therefore, if we don’t get it right now, we stand a risk of making decisions about platform types or architectures, or whatever it may be, that within six months, we’re going to say that it wasn’t such a good idea.

Never been here before

I meet so many customers now that are saying, "We’ve never been here before. We’ve never been with this volume of devices. We’ve never been through the fact that over half of our workforce now brings their own device with them into the office."

They're sending out policy documents that say, "you shall not do this," and it's totally ignored. The changing workforce has a totally different level of expectation as it were, of what's possible, just in terms of the amount of transactions that are performed over the net or 20,000 applications downloads in a minute.

These are transactional rates in volumes that we've never seen before. Despite a lot of our previous experience, you just can’t leave it and say, "It worked five years ago. It’s going to work for the next five years." That's what our customers are dealing with today.

There are two critical questions have to get answered. One is the organizations that are going to move applications to a cloud environment are not going to move all of them. One of the questions we get all the time is, What percentage of my applications or products should I be moving to the cloud? And of course the answer is ... It’s not a percentage thing. It’s the type of application.

It’s still formative times, but in HP’s view, clearly applications that probably are not embodying intellectual property would be a type of application that's well served moving into the cloud. And, any form of application including servicing, providing a service across a wide population of users as well, especially those who are obviously in a mobile environment; applications that are productivity-centric.

You really want to drive the cost down as low as possible for any of these productivity applications. There's no sense in running on aging infrastructure where the costs are high. You really want to be getting the cost down, because if it’s a productivity application, it doesn’t differentiate you. And if it doesn’t differentiate you, then why would you spend anything more than the minimal cost?

So put those productivity applications onto the lowest cost environment where you couldn't provision an infrastructure that has this elasticity that the cloud environment provides.

No clear line of sight

So we're moving applications from back-end environment to the cloud. Then we have an opportunity to rationalize the portfolio. Rationalizing the portfolio had two big impacts. One, it takes cost out, which means that you can consider that as saved money or money that can reinvested in the mobile world.

But also you're taking out complexity. Every organization, I think, would agree at the moment that their environments are too complicated, and by virtue of being to complicated, it makes it difficult to change them, and people are looking for agility and flexibility.

So first things first. When we're talking to organizations, what we're trying to understand is what are the candidates that can move to the cloud, and that’s a big hot topic. A lot of our users and customers say, "We sort of get our head around cloud. That’s okay. We can see it’s a different paradigm. It has a different cost model. It helps me with provisioning. Life’s good."

The technical challenge is to support this environment agnostically and say, 'We don’t care what you're using.'



So they can get their head around that, and as you can tell by just reading the press and listening to what goes on in the world, you would say people are on the move with cloud.

On the other hand, when they are looking from the outside in with mobile, there is less of a precedent there. The sharp customers that we are working with are saying, "We don’t want to fall into traps. We're going to build an environment that suits one type of mobile environment and we are going to be able to test it and manage it." They know that they don’t have that order of control. The days when it was, "You shall use this device, and that device we know how to work," have gone.

If you think back to mainframe days, people had to use a 3270 device. That was it. It was defined by IBM. That’s the way you're going to do it. And if you didn’t have one, then you didn’t get to participate. The world is now totally the other way around.

The technical challenge is to support this environment agnostically and say, "We don’t care what you're using." What we can do is understand how to manage and provide the right level of security to that device, whatever that device may be. Maybe you come inside the network and that’s going to be a high performance network these days, because of the whole issue of impatience.

As I said, the volume and the variety of platforms are unprecedented. Even though we had the PC world, the PC as the client was a single entity. It had some interesting characteristics initially, but there was one brand. What we're dealing with now is many different ways. Therefore, we have to understand this from an agnostic standpoint, so that the consumer can continue to use the device of their choice and can get the services they require from this new cloud and server environment.

Virtuous architecture adoption

As organizations begin to realize that the world is going to change, their view is going to be "We need architecture."

By virtue of developing an architecture, people are beginning to realize, as they begin to take stock of where they have been spending their money, that they have in the past and may have an opportunity to drive more efficiency and effectiveness into that organization, whilst at the same time delivering innovation.

So I think this inflection point can have some really good signs about it. ... It’s forcing decisions on people now, because the people that appreciate that this radical transformation is something that they can’t stop and they should exploit, rather than trying to ignore. People are actually seeing that there are significant efficiencies to be gained from deploying these new technologies.

Radical travel changes

W
hat’s interesting is that there are always industry "skews" of technology. We have a tool in HP called the Business Value Framework. What that tries to do is interpret where the business wants to go.

If you can serve people better, if you can give them better information, then there is highly likely that they are going to come back as a repeat customer.



Ignore the technologies for a moment. You could argue the airline industry is relatively commoditized -- then what people are going to look for is how we're going to have that small differentiation that makes us better than the rest of the world.

When you look at this business value framework and you look at things like services and transportation, what comes through very loudly is customer service and customer satisfaction is key. If you can serve people better, if you can give them better information, then there is highly likely that they are going to come back as a repeat customer.

You don't want to spend a truckload of money dragging people to your airline and then displeasing them, so they go to somewhere else, because that's makes the whole initial effort worthless.

What people are looking for is obviously loyal and devoted customers who come back and back and back, and that all comes down to deliver customer satisfaction. One of the customers we've been working with, Delta Air Lines, has really put that at the forefront. They can provide very rich, very high quality information, so that people know what's going on.

Range of devices

Working with Delta, they've been providing to a range of mobile devices, like smart phones, tablets, etc., but also to traditional desktop environment, rich information, not only when you're waiting for the plane, but also when you're on the plane by virtue of seat-back videos screens so that people get a continuous feed.

If you're flying from A to B to C, you're going to change planes in the middle. If you're going to miss your connection, you usually sit on the plane, knowing you're going to miss your connection, and then what are you going to do? That means you get off the plane, queue with 500 other people, and then you eventually get another plane -- eventually -- all the time trying to figure out how you can tell your family why you are late and rest of it.

Delta is trying to provide an environment that says while you're on one of your airplane, it's already working out the next connection and it will give you that information on the plane. It will give the e-boarding card. It will send you the vouchers that would allow you to get some refreshment, all to your mobile device, so that all of that stress and angst that you’ve had traditionally gets taken out. In a commodity industry that's the sort of thing you have to do to be different from the rest.

We see that in a number of industries. We see people today delivering and developing mobile applications, particularly in the commodity world, to deliver up a much higher level of customer service and satisfaction.

What they value are things like structured workshops, to have an open debate between technology and business.



What we are definitely doing in some respects is using the experience we built up in dealing with people's legacy environments and understanding what they value. What they value are things like structured workshops, to have an open debate between technology and business that says who is leading, who is following, where are we going, and what do we need?

A lot of the things we do in terms of those initial services set the scene, so that we just don't leap in and decide, "Well, we're going to support X device. We're going to provide this app on it." And then, six months later, we're struggling with how we're going to deploy that app over multiple platforms and how we're going to use new technologies like HTML5 etc. to give us that agnostic approach?

It’s this convergence between the mobile world and the traditional world, because we believe that’s the big thing. We can talk about the sexy front end, the smart phones, the pad environment -- and it's great to talk about those -- but at the end of the day, those devices only really get to do what they are paid to do, when they connect to rich and meaningful information at the back end. So for this convergence we sit with users, sit with the CIO, and understand what is it that they're going to be converging in terms of information from the back end and the utilization of the mobile device on the front end.

Put into context

Then, how do we connect those together? How do we sit down and say, "What sort of speed of transaction, what volume of information are we talking about here," and obviously understanding that. That information has to be put into context now for the device of the front-end. If you're delivering this to a smart phone, it has to be represented in a totally different way than if you were going to deliver it to a desktop PC or, in the middle, a pad.

So the point being is we've got to be aware of those. We’ve got to be aware of the user’s context and understand what we can and cannot deliver to them. But I think behind the scenes, and of course, this is where the consumer says, "I don’t really care," but the whole management and security that you put in place, and HP has spent a lot of time, and a lot of effort, and a lot of money in acquisitions and development of technologies that allow people to manage and also provide a secure environment, to those devices that are at the front-end.

There are serious challenges. I wouldn’t for a second say this is a piece of cake. Just ring us up, and 30 days later you get a solution. It is not like that. This is a big deal. There are serious challenges and therefore they need serious people to fix them. We're into understanding how you get this end-to-end view, because if you only look at a piece of the puzzle, you aren’t going to build what is absolutely necessary.

There are serious challenges. I wouldn’t for a second say this is a piece of cake. Just ring us up, and 30 days later you get a solution. It is not like that.



If you type in hp.com/go/applicationtransformation, there are a plethora of different links there for people to read up on things, watch videos, whatever. We're also developing a digital repository for predominantly video material. We find that our customers are very clear in telling us that they like watching short, sharp pieces of materials that are being videoed, so they can get the message quickly and get offline.

Maybe the days of reading a 20 page white paper are gone, which I am not sure is true, but definitely our clients told us very clearly that they like watching videos. So we're developing a whole series of video-based material, whether it's on application rationalization, application modernization, mobility in the enterprise world, or infrastructure.

The intention here is not to hear from HP, because we will do what we're paid to do, which is trying to convince you we have some very smart people in technologies and products, but also hear from industry experts, hear from our customers about what they're doing, how they're doing it, and the sort of benefits.

So if you stay in touch through hp.com/go/applicationtransformation, we'll always point you to materials that in some instances are not being delivered by HP, but just hear from our customers and hear from industry analysts about really what is now possible.
Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested in:

Tuesday, September 20, 2011

App stores-They're not just for consumers any more, as more enterprises adopt the model to support mobile work

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: Partnerpedia.

The latest BriefingsDirect podcast discussion focuses on the impact that mobile devices and applications are having on enterprises. We specifically examine what steps businesses can take to better manage mobile applications and develop their own versions of enterprise app stores.

The skyrocketing popularity of mobile devices like smartphones and tablets has, on one hand, energized users, but on the other hand, it has caused IT and business leaders and CIOs to scramble to support these new clients productively and safely.

In order to explore how enterprise app stores are part of the equation for better mobile management and overall mobility-enabled work success, we examine the trends driving enterprise mobility with a principal analyst from Forrester Research. Then we'll hear from Partnerpedia on how enterprise app stores can be added to the usual mix of IT applications delivery and management strategies. [Disclosure: Partnerpedia is a sponsor of BriefingsDirect podcasts.]

We're really at this rare moment in time for the technology sector, whether you're talking about vendors, end-users, or CIOs who are trying to manage all this.



The app store trends panel consists of John McCarthy, Vice President and Principal Analyst at Forrester Research, and Sam Liu, Vice President of Marketing at Partnerpedia. The disucssion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:
Gardner: How profound is the shift that we're in? Is this iterative, or are we in a real sea change?

McCarthy: It’s definitely the latter. We're really at this rare moment in time for the technology sector, whether you're talking about vendors, end-users, or CIOs who are trying to manage all this. It’s not just mobile. It’s not just cloud. Software as a service (SaaS), smart computing, machine to machine, analytics, social -- all these things are spinning up together to create an accelerating array of change in the marketplace.

Gardner: You mentioned cloud and SaaS. It seems to me that the mobility issue is almost accelerated in a virtuous cycle. That is to say, the more mobility, the more reliance on cloud, the richer and safer it is. The more confidence people have in cloud, the more they can do with their mobility.

McCarthy: These things are feeding off of each other. As soon as I start talking about deploying mobile, and increasingly, it’s not just deploying mobile to my employees, but deploying mobile to my partners and customers, whether it’s B2B or B2C, I am talking about a much broader network problem.

So the network architectures of the cloud solutions are becoming almost synonymous with mobile solutions. So the two innovation cycles are intersecting and feeding off of each other.

Gardner: What is it now that organizations need to do to get their very necessary mission-critical information out to these mobile devices? How does it compare to the past?

McCarthy: The analogy that I draw, when I have discussions with clients now, is that it’s like being the captain of the Titanic, if you're the CIO. Everybody is focusing on those things that they see above the waterline -- how am I going to design these applications and how am I going to deliver them? There's this whole debate of whether I need to go native, hybrid, or browser-based.

But below the waterline is a huge broader part of the iceberg -- how am I going to manage these applications, how do I need to rethink my security architecture, is SOA really going to be enough for the level of integration that I need? The skill sets that I need as an IT shop are very different in this world?

We are working from a current research point of view that mobile and all these other things that are being bundled up with it that we just talked about are going to drive probably an order of magnitude bigger shift in IT and the CIO’s organization than the PC did 20 years ago.

It’s the PC shift on steroids that we are going to be looking at over the next three to five years as mobile completely enables companies to rethink their business processes, and that drives rethinking of their technology architectures, management, and skill sets underneath that.

The app store

Gardner: Sam Liu, why does the app store model have applicability to the enterprise?

Liu: [The app store model] is setting the bar in terms of the user experience in the enterprise, the fact that people who are both consumers and employees of companies are essentially buying the devices, bringing them into the workplace, and forcing the issue onto IT.

You have the mobile professionals and power users of the company taking what they've experienced in the consumer role and requesting a similar experience in the enterprise. The challenge for IT is that this opens up a whole new can of worms for them in terms of policies, procedures, security, and control.

If you look back maybe 15, even 10 years ago, a mobile device was somewhat of a luxury, used by a few people in the company for primarily email. Most of the time, it was a BlackBerry device. We've gone from a singular device and a singular application environment to this perfect storm of a combination of a multitude of devices, platforms, and apps, popularized by the consumer world. That's a big challenge for IT.

Gardner: John, how confident are you that the app store is going to be an integral part of what the enterprise does vis-à-vis mobility?

McCarthy: Clearly the notion of an app store is an interface to this technology. The rate of change and the complexity of this environment basically says that I need more of a self-service module. I can’t go out there and hand-provision these applications like I did in the PC world.

The rate of change and the complexity of this environment basically says that I need more of a self-service module.



Because people have become so accustomed to this app store model, as Sam just pointed out, from a consumer adoption point of view, that user interface paradigm is going to continue over. I think what’s going to happen is that, behind the scenes, the enterprise app store functionality, from a management point of view, will be much richer over time, and that's where the divergence is going to be.

But as an interface and a way to get people the information and applications, there's one school of thought that says these app stores will replace the old intranet as the paradigm for not only getting apps, but actually subscribing to information.

Using technologies like Flipboard where you subscribe to the travel policy and you ultimately get the most updated version of that. That it’s going to evolve pretty dramatically from where we are today. It’s going to be the user interface paradigm to all this management capability that IT will use, but also these additional capabilities that the end-user -- whether that's customer, employee, or partner -- will access.

Mobile internet paradigm

Liu: I agree with John on the point about the app store becoming the sort of mobile intranet paradigm. Today, I'm not seeing any corporate intranet that work even halfway decent on a mobile device. So if you extend the concept of an app to content, information, anything that is relevant in a corporation, the app store paradigm is a very nice interface and a very effective delivery model for a mobile intranet, for that matter.

McCarthy: The other thing Sam is that, if you think about these apps, they're called apps, because they are not full-fledged applications. They're much simpler and task-oriented, so there's going to be more of them to manage.

The app intensity of the organization is going to grow geometrically, as we start to unbundle these big complex systems like SAP and Office and provide them in more digestible and more segmented experiences. It’s no longer a one-size-fits-all world. The homogeneity of these applications and the PC as the end-user device is blowing apart as we speak.

Gardner: What is it that people need to do? Should they build, buy, partner? How are you seeing it manifest in the market?

They're not going to be able to stop it, and so they're trying to figure out the right approach to dealing with all this multitude of devices and applications.



Liu: You're going to see a range of approaches. We've been talking to about a dozen or so enterprise IT organizations. The majority of them are in the early stages of trying to figure this out. They see the momentum coming. They're not going to be able to stop it, and so they're trying to figure out the right approach to dealing with all this multitude of devices and applications.

In most cases, they seem to be prompted by the influx of tablets and smartphones, but many of them are thinking beyond that. They're actually planning ahead. They're thinking about devices in general. It could be a mobile device or it could be even a desktop or a stationary endpoint. So they're looking beyond the immediate issues.

Our advice to them is, look, figure out your near term and long-term objectives, and then scope a pilot accordingly. Start with a clear definition of what you're trying to accomplish from a business standpoint, the objectives and the metrics, and then go about it that way. Identify the most pressing needs in terms of the users, apps, and devices and define your first project around that, so you can get a handle around what’s feasible and what’s not.

One of the challenges is that clearly the technology has changed a lot, but also just the lifecycle of hardware and software. It used to be anywhere between three to five years that IT could depend on. Now, you're looking at one year for changes of the devices, platforms, and new apps. That rate of change is also a big challenge for them.

Working in parallel

McCarthy: There are two things happening in parallel.

People are moving out of the renegade pilot phase, and as Sam laid out, trying to take an architected approach. How do we holistically look at what our strategy is around mobile? Not just developing the apps, but how are we going to manage the apps? How are we going to manage the fact that different constituents, both internal and external, need different amounts of functionality and different amounts of security is driving it?

The other thing that we're seeing happening is, companies are now saying, "Oh my God, how am I going to manage the lifecycle of these apps? It’s relatively cheap and easy to build them, but how do I keep up with the endless releases that are going on and the operating system wars on these devices?" Apple and Google are doing four operating system releases a year that you need to manage to make sure your apps still runs.

Then there is the whole point, particularly in the customer-facing space, of how do I update my app so that it stays competitive, and we can really use that system of engagement with our customers to build that ongoing communication, which every company wants to get with their customers?

What we are seeing is that people are starting to look at how to manage the lifecycle of these apps and then, in parallel to that, I need to figure out what are my policies going to be and then how do I enforce or instantiate those policies That's where people are turning to these enterprise app stores from the vendors.

Then there is the whole point, particularly in the customer-facing space, of how do I update my app so that it stays competitive.



It's less of a selling and more of a management prerogative and design point. Then, of course, there is the complexity of the device environment.

Liu: The enterprise app store, is all about the app, how to procure and vet the app, so to ensure security and integrity, as well as distribute it to users, and controlling which users can have access to which apps. Also, it's enforcing policies, such as mandatory installs and updates of versions. Those are overall key elements of enterprise app store.

That said, it's not the end-all be-all. Enterprise app lifecycle management is much more than that. It's another issues, from tools to the actual hardware device controls, but certainly when it comes to apps and managing apps on mobile devices, mobile users, the enterprise app store is a big component of that.

Other features

Some enterprise app stores don’t go beyond a basic app distribution and tracking, but in others you'll find features such as license management. Not all apps will be developed in-house. Some will actually even be purchased from third parties.

In a mobile world, you can expect to see more and more of that, only because, if nothing else, most IT organizations don’t have the system and the resources in-house for mobile devices and apps, so those tend to look outside to third parties for their solutions.

So in that situation, license management is an important part of enterprise app stores, so that IT can actually control just who has what license. If their job changes, we can bring it back and reallocate it to another user. Otherwise, you lose that cost that you paid for the app. Things like that should be built into enterprise app store.

You can also do bulk licensing. Most recently, you saw Apple’s program around bulk purchasing for businesses. Similarly, enterprise app stores will have some mechanism, when it's applicable, where companies can make bulk purchases and manage a pool of licenses across entire employee or contractor base.

Gardner: John, do you see an economic benefit to this as well as a convenience and productivity benefit?

They have to go out to a third-party universe, because the value isn’t going to come from managing these things.



McCarthy: Initially it's going to be, "I need to manage these things." It's going to be knowing what's out there and making it easy for people to get at these things.

Sam made the point that this is much more of an ecosystem play. This notion where I am going to be developing everything myself isn’t going to work. There's going to be a lot of these third-party apps that the company, either on their own or through their services provider vets and says, "Here are all these other productivity apps that you can take advantage of. We have made sure that they work with our core business apps that we've developed."

But that focusing of what are limited IT resources is part of what's driving the app store phenomenon. IT doesn’t have time to build this themselves. They have to go out to a third-party universe, because the value isn’t going to come from managing these things. The value is going to come from these new customer or employee apps that allow us to rethink our business processes. We need to manage that complexity or we're going to have huge liabilities and huge risk and compliance issues.

Gardner: Sam, it sounds as if the enterprise app store could also have a benefiting role when it comes to a hybrid model. Apps might originate with third parties, clouds, or SaaS providers. So is that the vision over time with these app stores?

Liu: It shouldn’t matter, especially to the employee or the user, where the apps come from or who built it. It's all about the experience.

Also, in some ways it shouldn’t matter what device they're coming in from, whether it's a smartphone, an iPad, laptop, or desktop. There should be a similar rich user experience that’s appropriate for that particular form factor. So you abstract these hows and whats from a user standpoint. It becomes a more user-friendly and more productive environment for the user.

Reinventing the process

McCarthy: I think we are going to see more and more of these apps driving the reinvention of business processes. The reliance on these apps is only going to explode over the next three to five years. So we need a way, as we have talked about, where it's easy to find those apps, but also it's easy to manage those apps.

It's serving both sides, serving the needs of the businessperson or the customer, but also serving the requirements of the organization to allow us to harness this, but minimize the cost of managing these devices, making sure that they are secure, that we are not doing stuff with consumer data that’s going to get us into trouble. This is part of the whole rethinking of management and security in a world where it's much more mobile and much more outside the firewall.

Gardner: Any thoughts about the future for how businesses use app stores, not just internally, but as a business channel?

Liu: Actually we've run into a few enterprises already thinking in that mode. Initially when we talk to IT, they're thinking about the internal issues, especially about controlling management policies, but they're also being asked to build systems that are customer-facing, and in some cases systems that deliver and sell products to customers. So, where it applies, such as software and apps, they're looking at how to use the same paradigm for delivery of app services and apps to end customers.

So it's potentially a new channel and a new revenue model for companies, not just simply a cost issue of trying to manage and control.

This is part of the whole rethinking of management and security in a world where it's much more mobile and much more outside the firewall.



McCarthy: And there are all of those businesses that are going to emerge where people talk about data exhausts. We know what people are doing. The app store becomes a way for people to tap into that and you can start to monetize that.

Gardner: And it strikes me that there shouldn’t be any reason that the same infrastructure that supports an internal app store wouldn’t also support an external one.

Liu: No, it's very similar. Furthermore, we have an app store white paper that’s freely available as a download on our website, www.partnerpedia.com.

Gardner: And John, any research reports or notes that are available on this subject from Forrester?

McCarthy: There are a number of reports that we've done outlining kind of the future of mobile management. People can come to forrester.com and search the site and they'll find the stuff that myself and a number of colleagues have written relative to this topic.

[For free white papers on enterprise app stores and better mobile management, go to www.forrester.com or www.partnerpedia.com.]
Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: Partnerpedia.

You may also be interested in:

Monday, September 12, 2011

HP expands security portfolio to battle threats from mobile, cloud, and social media

In an effort to combat increased security threats facing enterprises, HP today expanded its Enterprise Security Solutions portfolio with integrated solutions from such HP brands as ArcSight, Fortify and TippingPoint. The new portfolio includes new capabilities to help enterprises assess, transform, manage and optimize their security investments.

The threats that enterprises face from security breaches are growing in both number and complexity. In just the past year the types of attacks are up, the costs associated with them are higher and more visible, and the risks of not securing systems and processes are therefore much greater. Some people have even called the rate of attacks a pandemic.

The path to reducing these risks, even as the threats escalate, is to confront security at the framework and strategic level, to harness the point solutions approach into a managed and ongoing security enhancement lifecycle. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

HP's strategy then is to provide a fabric of technology along with a framework of processes, to progress to a lifecycle of preparedness that helps organizations become and stay more more secure, said Rebecca Lawson, Director of Worldwide Security Initiatives at HP.

"It's important to bring the right people together and to assess the whole situation, and those people are going to be from all over the organization: IT, AppDev, legal, accounting, supply chain," she said. "You need to really assess the full situation so that everyone is not only aware of where vulnerabilities might be, or where the most costly vulnerabilities might be, but to look ahead and say … let's make sure we build security into everything from the get-go."

In addition to the new products, HP announced an Enterprise Security Discovery Workshop, an expanded Secure Boardroom (an online portal that combines existing sources of security data into one central system), and released a report from HP Digital Vaccine Labs on vulnerability, threat and attack data for the first half of 2011.

Organizations today are quickly realizing the importance of a comprehensive risk management strategy to securing assets across their corporate infrastructures.



Cyber threats have become more sophisticated, persistent and unpredictable, said Lawson. Research conducted on behalf of HP demonstrates that the volume and complexity of security threats has continued to escalate.

HP's research shows that more than 50 percent of senior business and technology executives surveyed believe that security breaches within their organizations have increased during the last year. Nearly 30 percent responded that they experienced a security breach by unauthorized internal access, while 20 percent responded that they had experienced an external breach.

"There are so many different points at which different incidents can occur that getting your arms around all of them and focusing your attention on those that are most likely to cause reputation damage or financial damage or operational damage, that’s really the trick," said Lawson.

"We also noticed in our research that the number of attacks, particularly on web applications, is just skyrocketing. And of course we know that web apps are used on mobile devices and they are used on laptops and desktops. And so we are really seeing an alarming rate of web attacks happening. … The context can change so rapidly that you have to really think differently about what it is you are protecting and how you are going to go about protecting it. So it's really, it's a different game now," she said.

ArcSight Express 3.0


A
rcSight Express 3.0, a unified security solution, transforms the delivery of advanced correlation, log management and user activity monitoring to improve an organization‘s ability to rapidly detect and prevent cyber threats. Powered by the new Correlation Optimized Retention and Retrieval Engine (CORR-Engine), it delivers the scalability required to correlate, process, and store vast amounts of data to advance the detection and prevention of cyber threats and risks.

ArcSight Express 3.0, a single turnkey appliance that simplifies the installation and operation of a Security Information and Event Management (SIEM) solution, enables IT administrators and security analysts to more quickly respond to business threats.

TippingPoint


HP has also launched the updated HP TippingPoint Web Application Digital Vaccine (WebAppDV) 2.0 service, which delivers real-time identification of vulnerabilities in web applications and delivery of virtual patches until a fix can be developed. This is achieved by HP WebInspect, a security scan that incorporates the new Adaptive Web Application Firewall Technology (WAF) to protect commercial and custom-built online applications, such as retail websites or online banking sites from vulnerabilities.

Many network firewalls cannot discriminate between normal network activity and malicious traffic aimed to disrupt web applications. To address this gap in protection, the updated WebAppDV 2.0 filters are deployed alongside the traditional Digital Vaccine filters in the HP TippingPoint Intrusion Prevention System (IPS).

TippingPoint IPS is powered by research from HP DVLabs, which discovered four times the number of critical vulnerabilities than the rest of the market combined. Updates and patches addressing these vulnerabilities are created and automatically delivered to clients online each week, or immediately when critical vulnerabilities and threats emerge.

Other components

Other offerings in the security portfolio include:
  • Reputation Security Monitor, which provides ArcSight clients with an advanced, real-time list of known bad IP and DNS addresses to combat attacks that exploit web application vulnerabilities.

  • Fortify Software Security Center suite, a comprehensive application security testing solution available on-premises or on-demand that scales to identify vulnerabilities in thousands of applications.

  • Information Security Management (ISM) services, an approach to managing security policies and processes, enabling clients to make informed security decisions and minimize risks.

  • Enterprise Cloud Service (ECS) protects desktop and notebook PCs and servers against viruses, malware, spyware and intrusions by blocking unauthorized communication and preventing installation of unwanted programs.

  • SIEM services collect and log security-relevant events to provide a unified view of the security activity across an enterprise as well as generating predefined reports to demonstrate compliance with policies and regulations.

    More than 50 percent of senior business and technology executives surveyed believe that security breaches within their organizations have increased during the last year.



  • Application Security Testing-as-a-Service identifies and closes security vulnerabilities in the application layer with code scanning and web penetration services that reduce the risk, time and investment needed to deliver software security assurance.

  • Secure Boardroom, an enterprise-level online portal that combines existing sources of security data into one central system. Senior-level executives and CIOs are provided greater insight and actionable information that facilitates business-led strategic investment and management decisions.

  • Digital Vaccine Toolkit (DVToolkit) 2.0, which allows clients to import custom or open-source IPS filters, such as Snort, directly into the HP TippingPoint IPS.

  • TippingPoint Reporting and Archiving. Powered by Logger software, this solution collects security event activity and analyzes data to create custom reports, perform trend analysis and integrate reporting to support compliance requirements.

  • Enterprise Security Discovery Workshop, a one-day workshop designed to help clients understand their organizations' vulnerabilities to external and internal threats, identify the critical success factors for a secure enterprise, and create tailored transformation programs based on best practices.
Availability
  • ArcSight Express 3.0 is expected to be available worldwide soon.

  • WebAppDV 2.0 is currently available worldwide. Price varies based on the number of web application scans.

  • DVToolKit 2.0 is currently available worldwide at no additional cost to clients with an existing HP TippingPoint IPS solution.

  • HP TippingPoint Reporting and Archivingis currently available worldwide to Logger clients as an add-on product at no additional cost.
You may also be interested in: