By the time you’ll be reading this, you will probably have the Christmas tree all lit up and it will have become clear whether the plan of Radio jock Stefan Stassen to – in response to the still unbelievable November events in Paris – vote John Lennon’s idealistic “Imagine” to the top of the annual Dutch Top 2000 has succeeded.
It may seem a stretch to bridge from terrorism to technology as we do in this extra-long edition of Tune into the Cloud, but it is safe to assume that in the coming years technology and security will be more closely linked than ever. Just a few years ago futurologists would get enthusiastic about drones able to deliver a pizza, but today we read mainly about drones eliminating terrorists and let’s all hope that the first headlines about suicide drones are still far enough in the future to leave enough time for – equally technology-based – countermeasures.
When extrapolating this trend, we may in fact come full circle. Not too long ago the majority of technological innovation was driven (or at least financed) by the military security and arms industry. Arpanet – the first implementation of TCP / IP technology and a predecessor of today’s Internet – was build on funding from the Advanced Research Project Agency (ARPA) of the US Department of Defense. Not too much later it was the race to the moon and the dream of space exploration that lead to many of the innovations that we still use today. After the freezing of these budgets, the enterprise sector took the role of engine of innovation. Do you remember where you saw your first color monitor, printer or laptop? Probably at the office of a bank, insurance company or other type of commercial enterprise. Today however, most of us have wider bandwidth, larger screens (with higher resolution) and faster processors at home than in our corporate offices. With the advent of broadband Internet, the role of innovation driver has been largely taken over by the consumer industry, with giants like Amazon, Facebook and Google leading the pack. It was in fact Facebook (and not an IBM, NEC or HP) that was the major driver behind the Open Compute Project. An initiative that – through the deployment of open source concepts – seeks to determine the future of the data center.
But as mentioned, pretty soon the security industry may pick up the baton again.
As a result the traditional enterprise sector has less and less say in innovation and is destined to resolve their problems with the crumbs left over from the projects of the mentioned consumer oriented internet players. Cloud is actually a telling example of this. More and more companies that originally embraced the cloud as “a good idea that we are going to implement privately, because we are an enterprise and have enterprise-grade requirements” are now finding that the leading public clouds of today are actually more enterprise-grade than what they managed to build themselves. And the same goes for their traditional service providers, who said, “Oh, but if enterprises can not do this yourself, we do it for them, we are going to build hosted/virtual private clouds.” Also these organizations are finding that competing head-on with mega-providers like Amazon and Azure has slightly suicidal tendencies and therefore they are turning en masse to offering to manage customer workloads on top of the clouds of hyperscale providers and launching added value services in areas such as access (network), management, governance and – yes there it is again – security.
Security as a value added service around hyperscale cloud providers may at first sight seem strange. Did we not just all conclude that hyperscale cloud providers (not to be confused with the traditional vendor on the corner who also offers some cloud services on the side) in most cases implemented better and more comprehensive security measures than most internal enterprise data centers could even dream of? The Federal CIO of the United States even compared storing data in government data centers with saving money in a mattress and storing data in the cloud with saving it in a professional banking facility. Now equations involving banks and safety in recent years have been awkward as the general public is confused whether they should be more worried about harm caused by bank robbers or by bankers. But the fact remains that the sentiment about clouds and security is rapidly changing. A trend that is likely to continue even if some large cloud disasters and break-ins – something that given the sharp increase in cloud use will inevitably happen – start to appear in the press.
In many of these incidents, the problem namely wont be the safety of the specific cloud. It will be the way in which this cloud was used. One of our official predicts for next year is in fact that “Through 2020, 95% of cloud security failures will be the customer’s fault”. In other words, customers should be more concerned about protecting themselves against phishing, skimming , social engineering and other operator errors than about robbers stealing data from the vaults of their hyperscale cloud providers. In addition, most companies use multiple clouds (for example the clouds of tens of SaaS providers) and protection across multiple clouds is becoming equally important as protecting a single cloud.
The product segment of the year (not an official category for us, so we can imagine it here on the spot) will likely be Cloud Access Security Brokers. We predicted recently that “By 2020, 85% of large enterprises will use a cloud access security broker product for their cloud services, which is up from fewer than 5% today”. So this category of products is certainly worthwhile looking into during next year. The vendors are a mix of ripe and green (mostly green) with very diverse backgrounds. Some come from a network scanning angle, others from an identity management and single sign-on angle and still others have a history in encryption or in governance, risk and compliance (GRC). The products provide visibility (which cloud applications do we use), compliance (who can use what and where is the data), data protection (including classification and encryption) and threat analysis (including behavioral analysis). You’d almost think that we are talking again about the aforementioned military applications, but these are really tailored towards business users. Several large traditional vendors are therefore ready to enter this market, Microsoft recently acquired a CASB solution provider and IBM combined a number of existing and new solutions into a CASB bundle.
This leaves undiminished that the role of the enterprise in the technological landscape is becoming smaller. Last year we predicted already that by 2018 enterprises will only own half of the global DC infrastructure and we recently added to this that only half of the information technology spending in companies will reside under the IT department. The other half falls directly under the business departments. Incidentally, that percentage today is already 42%. And that in turn has significant impact on the role of the CIO in the coming years. Which will need to develop from “an internal service provider in charge of technology” to a “trusted ally” which operates on the basis of influence rather than on the basis of control. Also because – as we mentioned in our symposium keynote – influence is much more scalable than control. And scalability is becoming increasingly important. The fact that enterprises will own a minority of DC technology investments and that CIO’s will control less than half of their technology spend, does not mean that enterprise technology budgets will become smaller in an absolute sense. It simply means that the new segments will grow much faster than the existing segments. You could compare it with the mainframe market, which did not disappear with the arrival of Unix or later with the advent of PCs, but relatively speaking it became a smaller part of the total.
Which brings us to another aspect of scalability, namely the scalability of consuming all that technology. We will in the future not spend more time sitting behind (or carrying mobile) screens than many of us already do today. Consumption of all these technologies will happen differently. Not through applications, or even apps, but much more proactive and at the same time much more behind the scenes, through direct advisory or even direct execution where necessary. This means that over time Google Now may become more important to Google than Google Search, Cortana may become more important to Microsoft than Windows and Siri more important to Apple than the iPhone. And yes, these are all cloud services.
Cloud services that will increasingly advise and even take decisions on behalf of their users (“I see you are flying to London this afternoon, you better get ASAP into your (self-driving) car, I checked you in on seat 4c. And do put your privacy filter on your laptop as diagonally behind you – on chair 5d – is the VP sales of our main competitor”). Besides these kind of personal – and rather privacy sensitive – services, cloud services will also increasingly be used to protect groups of us at the macro level. Let’s hope that we manage to preserve a somewhat appropriate balance between privacy and protection in the process.
Imagine (1971) is the most famous solo song by John Lennon and according to Broadcast Media one of the 100 most performed songs of the 20th century. One of the most talked about recent performances took place last month on a mobile piano in front of the Parisian Bataclan theater and partly formed the onset of the (as we now know successful) local campaign to have Imagine lead this years edition of the Dutch Top 2000. So we can conclude with the words of John Lennon: “I hope someday you will join us, and the world will live as one”.