As I mentioned in my blog entry from a couple of days ago, I attended both Storage Networking World (SNW) and Symantec Vision 2010 this past week. At that time I commented on some of the insight I gained while at SNW. Today I wanted to shift my focus to Symantec Vision and share some of the thoughts that Greg Hughes, the President of Symantec’s Enterprise Product Group, communicated with a group of analysts and journalists that he met privately with this past Wednesday.
Upon arriving at Symantec Vision on Wednesday morning, it quickly became evident that the messaging at this year’s event focused on how the business world is shifting from a Systems-Centric View (policies and governance is done according to the physical devices on which they reside such as servers, networking and storage) of data management to an Information Centric View (policies and governance are set independent of what storage device on which the data resides).
While efforts have certainly been afoot in the last few years to accommodate that shift in data management, it is no small feat for a company like Symantec to execute upon it. Much of its software development for the past 20 years has been built to support the Systems-Centric model. Now that the Systems-Centric model is becoming less relevant in today’s new business world, it creates both new challenges and opportunities for Symantec.
It was for these reasons that I was interested in hearing what Greg Hughes had to share about this topic. Hughes is responsible for the oversight of many of Symantec’s product groups (possibly all of them but not positive on that fact) and driving their integration. So his views what is driving this shift will certainly have an impact upon what Symantec customers, resellers and users will see in Symantec products in the months and years to come.
He saw four (4) major trends as fundamentally changing the landscape and driving this move towards organizations setting policy and governance based upon information.
1. The cloud. While everyone is talking about “the cloud”, the importance of this trend was crystallized in Hughes’ mind when he met with a new CIO of a large German conglomerate that he classified as “one of the biggest companies in the world and considered very conservative.”
That CIO told Hughes that he wants to move 50 – 70% of his company’s applications into a public cloud and the remaining applications into a private cloud because all of his users will get used to the elasticity and flexibility of applications once they are in a public cloud. Once those expectations are set, they will demand the same from his internal IT organization so his ultimate goal is to get 100% of his applications into the cloud.
But where this CIO is struggling is how to keep control of this information as it moves into the cloud. For instance, if he deletes information, how can he be sure that he is compliant across multiple cloud providers since he does not plan to get all of his cloud services from a single cloud provider. Further, he needs some assurances that he can find information as well as have the confidence that he has the same basic levels of control that he had internally.
2. Using social networking tools at work. Hughes has noticed a decided uptick in interest in the use of social networking tools in the workplace in the last 6 months which he believes is driven by a number of factors. There is more familiarity with social networking sites like Facebook across all sorts of backgrounds so as more people adopt it, there is more interest in communicating with that audience.
Also driving this chance is a growing wariness of using email as the sole communication mechanism to communicate. Hughes described email as getting “very creaky” which is making it very hard to find information in email. Instead people now want to use some of the collaborative tools that have evolved in the consumer space and bring them in-house for use internally.
That said, businesses are still very fearful of social networking sites as they are rightfully worried about the potential for the loss of control of information and where it might end up. So while he sees people moving in this direction, he sees them doing so very carefully.
As an example, he cited one financial institution that recognizes the need to reach a new younger demographic that is slowly getting wealth from their parents and grandparents. However this next generation does not use email or other traditional business mechanisms to communicate – they use Facebook. So this financial institution is on Facebook.
But the challenge is that once data is on Facebook, the financial institution has the same legal eDiscovery requirements as it does with email and IM. To address that, Symantec is working with some third parties to build connectors into applications like FaceBook and Twitter so information can be sent back to its Enterprise Vault Archive. In so doing, Symantec can help organizations adopt these social networking tools a very controlled way.
3. Mobility and the rise of smart phones. These are basically PCs with an operating system that runs applications. The trouble is once you have an operating system that is attached to a network, you have vulnerabilities by definition. Hughes is hearing a lot of security folks express concerns about the vulnerabilities that accompanies the adoption of smart phones.
(I want to inject a few of my own thoughts here. While Hughes did not go into this, about the best idea I have heard to tackle this issue came out of last fall’s VMWorld where VMware is working to create virtual phones. By creating virtual phones, business can create secure profiles that can be deployed on smart phones so users can run a secure profile if they are accessing the business network and their normal profile that they use for personal matters.)
4. Video and Rich Media. The adoption of video and rich media are being driven by the wide range of readily available consumer devices. These take much more bandwidth when communicating and drive up storage demand like crazy. A lot of the increase in storage is coming from video from both internal and external communications.
Hughes said that as he travels around, he meets many different people and then blog about his experiences. On one of these trips, he decided to mix things up a little bit and try a different form of communication – video.
In this particular case, he was visiting a channel partner who is one of Symantec’s largest resellers. This channel partner has a sales engineering team and he asked one of their sales engineers if he would like to talk to Symantec’s entire engineering team and tell them what he thinks about Symantec’s products – what is working, what is not working, and what he would like to see improved.
So Hughes pulled up his Cisco flip phone, video taped the sales engineer for 2 – 3 minutes and uploaded that to his blog. Hughes says, “The reaction I had to that video was unbelievable. It was a direct connection between our first level engineering team (the individuals writing the code) and our customer. If I had gotten into the middle of that, the information would not have been as powerful, as interesting or as electrifying. For them, it was a direct touch.”
The challenge according to Hughes is that the video contained about 40 MBs of information and he only wanted his engineering team to see it and no one else. So it has to be secured, stored and managed. So questions like “Who is securing it?”, “Where is it stored?” and ‘How do I app
ropriately manage it long term?” have to be answered.
Hughes concluded by saying that what we see emerging is a connected enterprise. This is an enterprise where employees, partners and customers are increasingly connected because of the confluence of these tools which is creating new ways for people to interact. What we see happening as a byproduct is an explosion of information in more places that is accessible in more different ways than ever before.
The challenge is how you do you manage this explosion of information and the risk associated with it. The old approach to setting policy and governance, which has been setting polices based upon the systems and machines upon which these application run, no longer works. Now we have information created and generated by people in all sorts of different places.
Those are some good thoughts for every organization to consider as they look to introduce any or all of these technologies into their enterprise. While these are certainly exciting technologies that promise to fundamentally re-shape how businesses operate, organizations also need to prepare for the ramifications of what the impact will be if they do not have a strategy in place to both manage and secure their information.