When we review our technology roadmaps, with their dark-blue in use and dark-orange not in plan bars, we often look most closely at those technologies that show a robust planning band in the middle, with the preference of course going to those technologies in the short-term implementation plans of network engineering managers. When it comes to the voice and video category in our Wave 9 Networking Study preview data, Unified Communications (UC) solutions is showing the best ongoing integration year-over-year as well as a robust planning band in the next year and a half. Twenty-five percent (25%) of respondents have UC solutions in their short-term plans, and 14% mark it as on the horizon for implementation.

This robust planning band shows 39% of respondents moving toward solutions primarily provided by Cisco and Microsoft, with Avaya a distant third in our preview data.

A sampling of narratives around project initiatives supports this projected growth:

• “We decided to move unified communications to Microsoft.”
• “We are putting a huge amount of bandwidth to cover unified communications.”
• “People comment, it’s like, they access their files much faster, being driven by the unified communications, when we go in and put in unified communications you have to put in new switches, gig switches, everyone gets a gig port, everyone notices. It’s many times better accessing their files.”
• “Unified communications may result in the need for more bandwidth at satellite offices.”
• “HP just has a better vision than Cisco does. The downside, they are late to the game with unified communications.”
• “Avaya has some cool stuff around unified communications.”

Possibly Related Posts:

• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky
• Who Can Take On Cisco?

Each information security study by TheInfoPro has attached to it our proprietary Heat Index, a weighted measure based on the immediacy of user needs based on their stated plans for each information security technology we track. The normalized scores become an excellent barometer of user demand in large enterprises. Similarly, the Adoption Index is computed the same way, but is instead a measure of which technologies are in use.

This year, both flavors of data leakage/loss prevention (DLP) solutions dominate the infrastructure security heat scores, with endpoint DLP gaining the preference among respondents. Symantec looks to benefit. Continuing with our infrastructure category, requirements driven by industry mandates such as Payment Card Industry (PCI) standards continue to help solutions like tokenization achieve a third-place finish among hot technologies in this category.

On the network security front, application-aware firewalls lead the pack, with 28% in use; that could jump 33% based on in plan implementations if long-term plans come to fruition. Forty-four percent (44%) of respondents see their organizations spending more on application-aware firewalls in 2012, with Palo Alto Networks seeing the biggest benefit. Network intrusion prevention (NIPS) implementations track as second on the network security heat index, although they have a much greater adoption score of 79. Sixty-two percent (62%) of large enterprises report having a NIPS in place, and 73% report having intrusion detection systems (IDS) in place.

Federated identity management projects are the hottest in the large-enterprise security management heat index. While such solutions have penetrated 37% of large-enterprise environments, 26% report having some plan for implementation in the future, largely benefiting vendors Oracle and Microsoft. In the wake of SarbOx, compliance-driven auditing of internal capabilities have driven adoption of governance, risk and compliance (GRC) solution packages, which are the second-hottest technology in the security management category. Thirty-four percent (34%) report planning a GRC implementation.

Finally, in the application security category, web application firewalls (WAF) lead the pack for large enterprises in terms of heat index score, and are second in adoption behind static application code security tools. The proliferation of WAFs in the enterprise continues to track closely to its association with the PCI application security standards. F5 Networks and Imperva are currently leading the WAF race, but neither has separated from the pack.

Possibly Related Posts:

• Unified Communications Solutions
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky
• Who Can Take On Cisco?

In our interviews, network managers continue to cite managing costs, aging hardware, and managing network growth among their top concerns, and while these will likely remain top-of-mind concerns in the future, the continued growth of higher-capacity networking looks to ease some of this pain. With that in mind, the continued rollout of Intel’s more advanced platform next year allowing 10 Gigabit Ethernet (10GigE) LAN on motherboard (LOM) connections should, combined with the normal network refresh cycle, allow 10GigE to become the default connection on rack-mounted servers.

This change further extends the benefits of 10 GigE, including network simplification, performance, and more efficient costs via the need for less equipment.

In the meantime, network budgets are recovering nicely in 2011 to help address these concerns, and the continued rollout of 10 Gigabit Ethernet (10GigE) even in advance of standardization of volume servers is poised to receive a piece of that investment. Implementations on the network core are passing 50% of respondents, with 33% having rollouts in plan. Not far behind is moving toward 10 Gigabit server connectivity, at 45% in use and 26% in plan, with Cisco as the primary vendor provider in both. HP and Dell, fresh off their acquisition of Force10, round out the top three vendors respondents cite for 10GigE on the core network; Juniper is second on the server side.

A sampling of narratives around project initiatives supports this projected growth:

• “..upgrading infrastructure (10Gig links)”
• “Yes, we’re changing our design. Bigger links between switches; we’ll start using 10Gig for communication between switches.”
• “Implementing UCS along with 10Gig networking and Nexus switches.”
• “Upgrading to 10Gb data center.”
• “Take fiber link to core to 10Gig.”
• “Increase in 10Gb capacity.”
• “Both backbone and systems connections for 10Gb.”
• “Core network refresh/moving to 10Gb.”
• “Capacity is growing – bigger and faster. 10Gb is the de facto standard.”
• “Want to go to 10Gb.”

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky
• Who Can Take On Cisco?

This Thursday’s TIP is based on a real-time update extracted with 71 in-depth interviews complete. Last Thursday’s TIP, we looked at 2011 budgets. This time, we look at how vendors will experience the closing quarter of the calendar year. How successful will vendors be in the Q4 CY11?

Brocade, Hewlett-Packard and EMC show the largest numbers planning spending in Q4, playing to their respective fiscal years. IBM goes against this model, with spending predominantly occurring by the end of Q2, possibly indicating overflow from the prior year coming into the first quarters of this year.

Symantec delivers evenly, with 80% spending evenly through the year. Before assuming that software delivers more balanced revenue than hardware, consider that the other listed software player, CommVault, has the lowest number of respondents indicating even spending. It is likely that Symantec sees more renewal revenue as the “gorilla” in the protection segment, while CommVault’s business is more new clients making initial commitments.

HDS goes significantly against the fiscal year “hockey stick” model. Thirty-six percent (36%) of storage professionals reviewing HDS planned their spending in Q3, well after the company’s fiscal year is concluded. HDS and NetApp look to have the least Q4 spending plans among our respondents.
Below is a table of the months that the listed companies conclude their fiscal years:
Fiscal Year End for Charted Storage Companies

March – Symantec, CommVault, HDS
April- NetApp
October – Brocade, HP
December – EMC, IBM

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• High-risk Staff? Executives and IT Are Equally Risky
• Who Can Take On Cisco?

It has long been a subject of discussion in security departments, and entire vendor business offerings are built around it: How do you control and monitor the activities of high-risk users in your system’s environment? But who are the highest risk users? We asked that very question in our Wave 14 Information Security Study, and while most of the results are as expected, at least one might be a surprise.

When it comes to the personnel types security managers are most concerned about, contractors and temporary staff easily top the list, doubling the percentage of responses over the next-highest answer, remote employees.

An equal percentage of respondents, 11%, believe the highest threat to be IT staff with elevated privileges or executive management personnel’s use of computing resources. While that may seem surprising, the idea that technology employees with the “keys to the kingdom” in terms of passwords and production access are only as risky as senior executives, these are both staff types that typically have the authority to bypass security controls if they elect to. The first can simply abuse the privileges they have been issued to do their jobs; the second has the organizational authority to potentially force a bypass of security controls.

When asked if they were more concerned about internal or external security events, security managers recorded a nearly even split. Twenty-two percent (22%) were most concerned about internal, another 22% were concerned about external threats, and the majority, 55%, said they were equally concerned about internal and external security threats.

Reflecting that split, 39% reported that the majority of their security incidents were internal, and 33% said the majority of incidents originated externally. Eleven percent (11%) reported they had not had a security incident, that they were aware of, in the past 12 months.

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• Who Can Take On Cisco?

Cisco is having an interesting year, attempting to shave $1 billion of expense through layoffs and asset sales while beating both its own and Wall Street’s predictions of earnings as announced Nov. 9. At halfway through our Wave 9 Networking Study of enterprise networking environments, it is clear that Cisco continues to retain its prominence. The company has already jumped out to a 25% lead among vendors that respondents are excited about, and has a healthy 37% of respondents planning to spend more on its products in 2012 than they did in 2011 (vs. 21% reporting decreased spending). In terms of vulnerability, 7% of respondents report that they are definitely considering a switch off Cisco, which ties with Juniper (also at 7%) and easily beats Hewlett-Packard, where 18% are working out a switch.

Reflecting on Cisco’s continued entrenchment in enterprise environments, as well as its prominence in in plan implementations over the next year and a half, the question arises: can anyone unseat Cisco as the dominent networking provider? TheInfoPro asks just that question in its latest study, and finds the answer is largely “no”:

Digging into the preview data, in a number of categories with significant growth potential, Cisco is the leading in use vendor. For example, with 10 Gigabit Ethernet rollouts, 33% have upgrades to their core network in their plans, and 26% report the same with server upgrades. In both cases Cisco is the lead in plan vendor. Similarly, with the hottest technology in the voice and video category, Unified Communications, which figures into 39% of respondents’ plans, Cisco maintains its leadership as the top in use vendor, but in this case has the possibility of being passed by Microsoft.

A sampling of narratives gathered thus far on Cisco reflects the mixed sentiment users have similarly expressed in the past:

• “We are a Cisco shop, but we will look at other vendors and even some appliances to address performance issues.”
• “Cisco is always cutting edge, in my opinion. They are capturing market share in addressing application performance in a distributed networking environment.”
• “Cisco is our vendor of choice. Overall, they continue to perform as we continue to grow. They have great technical support, especially when we hit complex issues. They are not as responsive to the competition as they could be. I would like to see Cisco in a more aggressive posture against some of the smaller emerging vendors.”
• “Cisco has a great technical staff, great support and sales. Cisco is the leader in this space, no doubt. Cisco has more ways to lose an order. If you get to the right person their knowledge base is extreme, it is just getting there.”
• “Cisco is ‘losing it’ right now. They have not done a good job in delivery, pricing and bill of materials. Cisco sold us the wrong licenses and they could not explain what happened. They are trying to go into too many directions at one time, they need to find the right path and get on it!!!! The products are solid and they work, at least at the router and switch level.”

Of course we’ll have a more complete picture of what’s happening with Cisco in the enterprise at the close of our Wave 9 Networking Study.

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky

2012 Information Security Forecasts – Who Will be the Winners & Losers?
Wednesday, December 14, 2011 2:00 PM – 2:45 PM EST

Replay Link: 2012 Information Security Forecasts

Some of the key trends we will be discussing from our Information Security study are:

Information Security spend is strong with many diverse drivers:

• Directionally for 2012, Information Security Professionals are not planning a slowdown. Thirty-seven percent are planning an increase in spend, with 16% planning a decrease.
• Thirty-nine percent are spending more in 2011 vs. 2010, and only 15% are spending less – showing the resiliency of the market in challenging economic times.
• In the one-on-one interviews, decision-makers detailed compliance, mobile devices and preventing data loss as the drivers for spending increases.

Data Leakage Prevention (DLP) and Application-Aware Firewalls are products on
the move:

• Data Leakage Prevention (DLP) resides in the top spot of TheInfoPro’s proprietary Information Security Technology Heat Index™, which gauges immediacy of planned implementation for 40 technologies, as the G2000 look to protect custodial and intellectual property data from leaking out of their environment.
• The traditional antivirus vendors, Symantec (SYMC) and Intel’s (INTC) McAfee, look to benefit with rollouts of both endpoint and network DLP on tap.
• Application-Aware Firewalls make a nice jump in the Heat Index, with Palo Alto and Check Point (CHKP) benefiting from the 28% of in-plan implementations.
• Palo Alto will be a vendor to watch as it is beginning to replace some of the major incumbent providers with its application-visibility-based approach.

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky

This Thursday’s TIP is based on a real-time update extracted with 71 in-depth interviews complete. The great thing about having a study in the field is correlating the data against current events. As global economic turmoil was in the headlines, we asked whether budgets had been adjusted since the start of this year.

With 75% seeing no change to budget, any economic uncertainty is not likely to have impact on storage spending until 2012. Most storage professionals have their budget for the rest of the year approved, and plan to spend it.

The 14% with increased spending and 11% for decreased are normal. They reflect the usual unexpected projects gaining approval or facing rejection:

• “They always ask for cuts during the year, but then we ask for new projects and it seems to balance out.” – storage pro at a large-enterprise industrial/manufacturing company
• “We had some budget savings, but no mandate to cut the budget.” – storage pro at a large-enterprise company

Next time, we’ll look at vendor spending in the fourth quarter.

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky

At an information security leadership conference years ago, the debate topic was raised: “Who should the information security head report to?” A number of different reporting structures were represented at the table, and each security lead made his or her impassioned argument as to why it was best that security be situated in IT, legal, compliance, finance, audit, or other arrangement.

To hear it as well as sources in the information security trade press, you would assume there is little alignment organization to organization as to where the information security department sits. Here as with many similar questions, TheInfoPro has an advantage; we can simply ask a critical mass of security managers where information security sits in the organization, to see where the org chart’s evolution is taking us. The response: It is still information technology.

Originally published as a ThursdayTIP to the respondent network of TheInfoPro. Would you like to receive all of the ThursdayTIP reports when they are fist released? Sign up here for TheInfoPro’s respondent network.

Information Security Division

Perhaps concerning, only 70% of enterprises identify information security as its own department within the organization, which one can extrapolate to there being 30% of firms where there is no single dedicated security resource in place. Ninety-two percent (92%) situate information security somewhere within IT, whether it is reporting directly to the chief information officer (CIO), 36%, or the head of IT, 20%, or buried further down the IT management food chain. Of the 8% outside of IT, popular repsonses for who security officers report into included the head of compliance, the COO, internal audit, or to a head of risk management.

Respondents provided the following comments illustrating where the security role fits within their organizations:

• “This is difficult for me to answer. If you count heads, the answer is yes, but of all the people doing security work, do they all fall under security? No. It’s tough to answer this without potentially skewing the data.”
• “Yes – within IS, there are five departments: network services, clinical systems, business operations, and executive info systems, IT governance.”
• “We are part of infrastructure management org, which is part of the business process organization. This will change when we name a CISO, who will report directly to the CIO. We will be a separate function from IT and infrastructure management.”
• “CIO, he is also the CISO.”

Included in this narrative is the final bullet above, which illustrates the somewhat common, but nonetheless dubious arrangement, where the same person is responsible for both IT management and information security. I say dubious because clear separation of duties issues emerge in such an arrangement, where the yin of wanting to deliver on IT projects is not balanced properly against the yang of considering those implementations in a security risk management context, which frequently adds additional requirements and may even close off certain paths of implementation based on incurring too great a risk to the enterprise.

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky

Most of the CIOs and IT decision-makers that we speak to are mainly focused on building architectures for private, public or hybrid clouds. However, what happens once the cloud architecture is built?

Unified cloud management – or the ability to manage disparate internal virtualized and cloud platforms in a holistic fashion – will be increasingly critical in the future. In addition, a unified cloud management strategy will be a requirement for many of the mission-critical applications that today’s Fortune 1000 rely on for their core business.

Results from our Wave 2 Cloud Computing Study show that few have confidence that management vendors can deliver on such functionality today. Fifty-three percent (53%) of respondents say that they are minimally or not at all confident that unified cloud management solutions are available today. But there is a light at the end of the tunnel, and guess what? It’s not a freight train. When respondents were asked about their confidence in finding unified cloud management solutions two years from now, their confidence increased dramatically: Only 13% said they were minimally or not at all confident that such solutions would exist in two years.

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky