Data Loss Prevention -- New Thinking

I've had another "aha" moment -- actually, a whole series of them -- recently.

The first hint that something big was going on came as part of a flurry of announcements at RSA World, including this hidden gem around DLP.

It turns out that I only had a half-baked notion of what all the fuss might be about, until late last week.  I was privileged to spend some quality time with the RSA team who went through the concepts and demo'd the product.

When they were done, my head was spinning.  Not so much around the product capabilities (which were very cool, to be sure), mostly it was the new way they were approaching the problem that got me so excited.

I probably won't be able to fit in all into a reasonable-sized post, so consider this the first installment exploring a topic that I'm sure we'll all be interested in -- sooner or later.

One Emergent View Of IT

Came across an online interview that's probably worth reading, "GM's Ralph Szygenda Drives IT Innovation" in eWeek.

In it, I saw how they'd created a very different picture for themselves about what IT is all about, or -- more importantly -- might be in the future.

If you work in an IT organization, and ever wonder "what's it all about?" -- it's worth a few minutes of your time.

Physical Security and Information Management

There's an important new class of information that's being captured more frequently -- and that's physical security information.

All those CCTV devices and other sensors you see everywhere are silently gathering more and more information about us and our movements. 

And, despite the obvious benefit of providing more security for all of us, it's raising interesting questions at several levels.

This post was triggered by an interesting press release today, announcing further progress on EMC's physical security solutions.

If you're a regular reader of this blog, you know I like to dig down behind these announcements, and share the story behind the story; hopefully to expose an interesting thought or two.

And this one is no exception.

Information Governance -- An Update

Like many of you, I tend to be on the lookout for interesting trends in this industry.

No surprise, but trends come and go.  Some start out strong, but may lose steam or morph into another discussion entirely.

Others continue to gather steam until the concept becomes part of our overall fabric of thoughts and ideas.

And I think I owe you an update on "information governance". 

The Future of IT (Professionals)

So, I'm occasionally having an interesting experience these days.

Very often, I'm asked to share EMC's views on what's broadly called "the future of IT".

And, in the act of doing so, we usually end up in a discussion around "the future of IT professionals".

I think this is a discussion we'll be having more often in the future.

My Personal Storage Farm

Perhaps you've noticed that EMC has entered the prosumer market to a certain extent, by offering LifeLine software that hardware OEMs can offer to their customers.

A few weeks ago, I was offered the opportunity to try one such LifeLine-based product -- the Intel SS4200

I took it home, set it up, and had a blast.

I thought I'd share my impressions here, since many of you have your own personal storage farms at home.

Building The NextGen Management Brain

I fear I may have been neglectful in my blogging duties. 

I've fallen behind in a couple of areas, specifically regading a few recent developments in EMC's resource management strategy. 

Go ahead and blame me, but there's a lot to cover around EMC, and I still have my day job(s) to get done ...

So, with apologies out of the way, let's dig into a fascinating portion of EMC's portfolio -- resource management.

Bang!

In last month's Scientific American, there was an interesting article that basically stated that the scientists were wrong; that the universe we all live in is expanding far faster than we previously imagined. 

And they detailed some interesting consequences to this, but -- thankfully -- we wouldn't start to notice for billions of years.

Today, IDC updated last year's landmark study on "The Expanding Digital Universe" with a new one ("The Diverse and Exploding Digital Universe"), basically saying they were wrong, the digital universe is expanding far faster than they orignally estimated.

But, rather than billions of years, the effects are likely to be far more immediate to all of us.

The New (Mobile) Desktop

About two or three times a year, I have a "d'oh!" experience, one where something hits me so strongly that I wonder how I missed it.

Generally speaking, these are trends in the industry that I was only paying casual attention to, but -- suddenly -- I realized that something big was going on here, and it really mattered.

I had a "d'oh!" experience this week while travelling in Europe, visiting with a few telecommunication providers.

And I finally started to really, really grasp what this mobile thing was all about.

Maybe you already "get it", and I'm the slow one here. 

If that's the case, I apologize in advance.

Can You Trust Your Cloud?

The industry is all abuzz with conversations about things cloud-like these days.

Sure, EMC has added our views to the discussion in terms of technology, architecture, requirements, use cases, etc.

But there's a certain element that's going to be required for this stuff to really take off.

And that's trust.

SAP and EMC?

Saw this little gem come across the wire today, speculating on a tie-up between SAP and EMC on "web hosting services".

And, while it's very true that EMC brings a lot of value to an SAP environment, I'm not going to comment on the specifics of this article -- sorry, folks, that's beyond my pay grade ;-)

But the author did a great job tying together a number of concepts and trends into an interesting story, and I thought it'd be worthwhile to spend a bit of time and share some of the behind-the-scenes thinking here.

Corporate Social Media -- Lessons Learned

If you're a regular reader of this blog (or an EMC employee) you probably know I'm running a corporate social media initiative at EMC, among other things to keep myself out of trouble.

Over a year ago, I became dazzled by the transformational potential of social media as a business tool. I was lost, as many people are, in a babble of buzzwords, trying to figure out what to do.

Thankfully, I regained my composure, figured out a reasonable plan, and started hammering away.  Not only are we making delightful progress, but we've learned some lessons that aren't really talked about in the usual stuff you read.

I'm writing a more detailed blog on our journey, since I know that others will follow at some point, and -- like an explorer probing somewhat new territory -- I think my notes will be useful.

Seismic Shifts In Outsourcing Land

It wasn't too long ago that outsourcers were causing considerable consternation in both IT customers and vendors.

Mega-outsourcing was all the rage.  If you were a large IT organization, you took this trend very seriously, for all the right reasons.  And if you were an IT vendor like EMC, your world was very different if your customer got outsourced.

But I think that the outsourcing marketplace itself is going through some pretty massive changes.  And, as I spend more time with outsourcers, I realize that some are moving quickly towards the new reality, and other -- well -- others are moving a bit more slowly.

And, if you're an industry watcher like me, it's an interesting story for customers, vendors and outsourcers alike.

EMC Does SaaS -- Reading Between The Lines

A relatively big announcement from EMC today, not so much on what we're doing specifically, but how we see the IT marketplace is evolving in very important ways.

The press release looks innocuous enough, doesn't it?  EMC announcing an enterprise version of Mozy-based backup.  Sure, that makes sense, sort of.

But I think there's a much more interesting story here ...

Managed Availability Services

I thought I'd take a moment to circle back to an announcement from Dec 20th that EMC made around this topic, because I thought the story-behind-the-story would be interesting.

The press release is innocuous enough (as are most press releases).  Simply put: EMC is offering a complete set of business continuity services: in addition to the usual assessment / design / implementation stuff, we now can help you operationally run your business continuity environment.

So why do I think this is interesting? Like any glacier or volcano, the interesting stuff is underneath ...

The Changing Face(s) of IT

If anything, I write about a lot of different topics.  Maybe not particularly well, but people tell me there's no shortage of breadth ;-)

Someone suggested that maybe I bump it up a level, and try to summarize and integrate some of the key trends that are making us all think really hard these days.  You know, tie together the big threads and create a short, comprehensive picture.

So, I'm going to give it a try -- let me know how I do?

A New Category of Information?

Not surprisingly, EMC is all about information infrastructure.

A lot of our thinking involves thinking about different categories of information, the unique requirements of that information, and how we can build infrastructure solutions to help people store, protect, optimize and leverage all of it.

In the past, we've made distinctions between, say, structured and unstructured information.  Changing vs. static information.  Managed vs. unmanaged.  And so on.

Our thinking is that by understanding differences, and you can come up with some pretty clever solutions -- simply by focusing on the information itself -- and what makes it different.

And, I'd like to offer, maybe it's time for a new category of information.

More on Metadata

Just a quick follow-up to my post on The Metadata Conundrum ...

Just stumbled across this excellent video (again) that make a great case for re-thinking about how we organize information. 

Fun, thought-provoking and inspirational.

Information Security -- Hard Numbers

Don't usually like drive-by blog postings, but here it is -- a great article in Forbes that offers some hard numbers on the average costs associated with data security breaches in terms of remediation, lost customers, etc.

Like most averages, though, they're misleading -- the spread is too broad to talk meaningfully in terms of "averages".

Sobering reading.  Find it here.

Beyond Document Collaboration

I may have mentioned already that one of my more fun projects is figuring out how to get EMC more proficient at this whole social media thing.

And it's made me realize that value-creating IT environments will be evolving here very, very quickly around this new paradigm.

When I'm in front of customers, sometimes I make the mistake of sharing that I'm working on this.  And, more than once, we've found ourselves spending all of our time on this topic, rather than the technology stuff I was supposed to be talking about.

When Can We Delete Something?

Simple questions can have complex answers, e.g. "daddy, why is the sky blue?" which leads to a discussion of Rayleigh scattering and other topics a bit too daunting for most seven-year-olds.

And in that category, we've got the simple question above -- when does IT (or anyone else) get to stop storing, protecting, managing a piece of information, and consign it to the dustbin of history?

The answer seems to lead towards a few of the themes I've written about before, and -- I now have met my first customer who has worked out a semi-practical way to decide when something gets deleted.

It's a tortuous journey, and not for everyone, but it's an interesting story.

Securing The Next Platform

I don't know about you, but I'm doing an awfully large amount of work from my mobile device these days.

Yes, I know we call it a "phone".  But I don't make many voice calls with it.  Do you?

I do email.  And lately, I've gotten pretty addicted to the browser.

For me -- it's my next platform -- the one I want. 

But how to secure it?

EMC Moves Into The IMSP Market?

You probably saw the recent announcement regarding EMC's acquisition of Berkeley Data Systems, and their very popular offering, Mozy.

So what's going on here?

You could look at it tactically (which many people do), or strategically (a bit less common).

I'd like to offer a few thoughts from a strategic perspective.

Information Philosophy Day

Two quick things I wanted to share with you.

First, there's now a cool downloadable widget -- the Information Clock -- provided by IDC and EMC.  It estimates the amount of information we're generating every second of every day. 

Feel free to use it in your next IT budget request.

Second, they shot some video of me being interviewed around broader societal issues associated with our rapid transformation to an information society.  The interview went on a lot longer, but they got a few nice bits on tape that you might find interesting (QuickTime format, 100MB, about 9 min).

I Take It Personally

We're becoming an information society -- much too fast to have the normal time to adapt to the wrenching societal and cultural changes that such paradigm shifts usually cause.

And the more I look, the more I see a gap between How We Used To Do Things and How We're Gonna Have To Do Things.

And this post has to do with identify theft.

IT's New Job

It's been a travelling week, hence no posts as I find it difficult to sit still and write when on the road.

What made this trip unique was that I had three separate customer interactions around the same topic: information governance. 

Each of them got to the same place, but through a different path.

There's either a trend here, or perhaps I've succeeded in deluding myself ...

Never Talk When You Can Nod ...

The line is a partial quote from the (in)famous Eliot Spitzer.

I am very pleased to welcome Andrew Chapman to the EMC blogosphere.  As you'll see, he's very passionate about a number of newer topics in information management: compliance, records mgmt, and so on.  And to get the full Spitzer quote (which is great!), you'll have to see Andrew's blog ...

You know, at some point, the IT industry is going to have to get together and publicly acknowledge Mr. Sptizer for all of the IT spend he's created.  Don't know if that was his motivation, but -- if you think about it -- all of us in the vendor community can't ignore his cumulative effect.

Welcome, Andrew!

Little Things, Big Impact

So today, I'd like to share with you a little thing that'll probably have a big impact.

It's a fun game -- take something innocuous, and see if you can follow the impact trail.

Transformational Migrations

No, I didn't get lost somewhere in the IT buzzword dictionary.

I've started to use the phrase to capture some basic concepts around one of the most mundane (yet) important tasks in IT -- migrations.

And I'd like to offer some thought as to why we might be thinking of this differently in the near future, if not today.

Information Security Heats Up (Again, and Again ...)

Thought I was done with posts for today, but I came across this really interesting piece from Forrester Research: The State Of Data Security In North America.

Or, if you're busy today, the press release has a nice summary of the conclusions.

Yes, EMC (actually, RSA) sponsored it, but -- vendor biases aside -- I found it pretty interesting on a couple of levels ...

The ROBO Conundrum

ROBO stands for Remote Office / Branch Office.  It's one of those secret-handshake industry terms we all fall into the trap of using without really understanding what we're talking about.

Why is this interesting?

First, people realize that the information outside the data center can be the most expensive / risky / unproductive information in the environment. 

And second, lots of vendors are piling in with solutions in this space, and it is becoming very noisy and confusing.

So, I thought it'd be worth a post or two to step back and offer a few thoughts on the topic.

EMC Acquires Tablus

Or, more accurately, RSA (a division of EMC) acquires Tablus.  You're welcome to read the press release here.

But what's really going on here?

Being an Informationist

I was asked to do a short, internal podcast for EMC employees on the concept of "being an informationist", and thought I'd share it with you all.

The audio quality isn't the greatest, and it's definitely slanted towards an internal EMC audience but maybe you'll find it useful!

Find it here

Information Governance

No, not IT governance.  Information governance.

OK, if you're a regular reader of this blog, you know my rant.

• information is becoming the most important business asset in the world.
• someone's going to have be the "CFO of information".
• and you're going to need new tools -- information infrastructure -- to do this.

At most companies, there's pretty good governance around something else that's important -- financials. 

What about information governance?

So Where is ILM These Days?

Alive and well, thank you ...

EMC started aggressively promoting the idea of ILM (information lifecycle management) maybe four years ago.

I thought it'd useful to offer a bit of a retrospective on the concept; where it's worked, where it hasn't, how it's evolved over the years, and where it might go from here.

It's turned out to be one of those divisive topics in the blogosphere, so I'm expecting a bit of commentary to follow ...

Managing Security Event Information

A while ago, I opined that IMSPs (information management service providers) might be hampered by corporate information security mandates.

At the time, I had started to meet customers who wouldn't consider using a service provider for backup, archiving, etc. simply because they (or their security officer) couldn't get over the idea of sending their important information to a third party for safekeeping.

Since then, the tide seems to have turned.  I see more and more customers who are actively pursuing strategies to move more and more of the information management burden to specialized service providers.  I guess they're getting more comfortable with the security provisions of these offerings.

Today, there are IMSPs who will do backup, or archive your email, or instant messages, and so on.  And I think we'll see more and more of this.

So, I'm going to go out on another limb here and predict the emergence of a new IMSP service: one that manages security event information as a service,

And we might see this sooner than later.

Classification Convergence

Maybe you saw the recent acquisition of Zantaz by Autonomy.  Nice piece in Byte and Switch about not only that deal, but other related activity.

A few months ago, I took a leap of faith and annointed information classification as an up-and-coming "killer app" for the next few years.

I got a few scornful comments at the time.  But I think recent activity might be pointing in that direction.

Grass Roots Innovation

If you tend to read the usual management articles and books on airplanes like I do, you probably realize that the whole subject of innovation is a very hot topic. 

As well it should be.

I see it as analagous to Darwinian evolution -- unless there are some good mechanisms in place to adapt and thrive in a changing ecosystem, the outlook for your species is very poor indeed.

Much of the discussion I've read about is around "organizing for innovation", which sounds interesting at the outset, but I find it difficult to reconcile with how I think people and organizations work.

Simply put, I think that "organizing for innovation" will require -- ahem -- innovative approaches.  And I think that each of us -- regardless of role -- can become innovators without waiting for organizational mandates.

Yes, even in IT.

The New Informationists

One of the themes I explored in depth a while back was the emerging role of "informationists" -- those that understand how to store, protect, optimize and leverage a company's entire information portfolio.

One of my more vociferous rants has been that someone is going to have to "own" corporate information.  The trend is pretty clear -- with every passing day, information has even more potential to cost you money, make you money -- or get you in a whole lot of trouble.

I was pleased to see this slick article (by EMC) on the concept -- maybe we'll see more soon!

It'll Never Happen To Us

There's a part of human behavior that when we hear of something really bad happening, we compartmentalize and rationalize along the lines of "gee, that's really bad, I guess we're lucky".

What follows below is an excerpt from a recent 10Q submitted by TJX, who (as you might know) who was unfortunate to be targeted by very sophisticated information theives.

They're not bad guys over at TJX.  They run their shop pretty much like most retailers run their shops.  They don't deserve what happened to them in any regard.  I think that this could have just as easily happened to any of the IT organizations I meet every day.

As you read this, remember, the consequences of this theft have only just begun.   

And, if any good will come from this at all (other than lawyers making a lot of money) it will serve as an object lesson around just how important (and dangerous) information has become for all of us.

Now, imagine this was your company ... [Note: thanks to Bill Bonin who sent this along]

Why XAM Is Very, Very Cool

Maybe you saw this obscure news about an even more obscure industry standard: XAM.

Although I think I've met my quota for blog posts this week (4 so far), I just couldn't resist doing one more, and -- besides -- I'll be travelling next week.

So, what's the big deal here?  And why are certain customers watching this one very closely?

Let me try one of my infamous over-simplified explanations.

Classified Thoughts

The next big thing in IT? 

Information classification tools, I think.

Tools that can help IT discover information sources, classify them, make a decision, and process them to save money, make money or stay out of trouble. 

The stakes are getting higher. 

We can't ask users to classify their own information.

And, according to IDC, we'll have six times as much information sloshing around in a few short years.

All signs point to a personal forecast of extreme customer interest in information classification tools sooner than later.  It's already started.

Here's why ...

Towards Information Laws

No, I'm not talking about new legislation that might make for more work.  I think we've seen enough of that, but we all know there's more coming.

I mean laws in the sense of Moore's Law (or Murphy's Law) -- inexorable guiding principles that will guide our thinking of information and information management over the next few years.

Today's post was triggered by an excellent post by Mark Lewis, in which he outlined 8 laws ("information laws") around what he calls "Information 2.0". 

I don't know if he was looking for a discussion on his proposal, so apologies in advance if this was not the case ;-)

I wholeheartedly agree with the first premise -- we'll need some new architectural thinking in IT that shifts how we think about information.  And the notion of guiding principles (e.g. "laws") works for me.

And, now that you mention it, I agree with the second premise that this changed mindset around information will probably need a new label, hence "Information 2.0".  The evidence is overwhelming.

So, please allow me the opportunity to expound and expand on Mark's proposed laws.

Information In The News

One of the benefits of working at EMC is that we have this great news clipping service. 

Every morning, I get a smattering of relevant (and sometimes not-so-relevant) news pieces from across the landscape.  Including some things I would never look at otherwise.

This morning, I was kind of impressed on how most of the stories underpin some of the key thoughts I've been trying to share here.

So, I thought I'd replay today's news through a different lens. 

An informationist lens.

IT As Change Agent

I think there’s continual turmoil in most IT industry workers regarding the inevitable friction between the way things are, and the way they could be.

All of us who love technology are passionate about the potential we see around new and existing technologies. 

But most of us work in a world where little of that promise seems to be ever realized, or takes too long to bring vision to reality.

Which brings up the central question stated above – how does IT drive change?

I’m not an expert on the subject, but I’m a knowledgeable observer. 

I have the privilege of meeting with literally hundreds of IT thinkers, and I’ve been able to piece together elements that seem to work.

I wouldn’t call it a recipe, more of a list of ingredients that are common themes that I’ve seen in IT organizations that have been successful in driving change.

The Digital Big Bang

One of the things I like to do is to occasionally zoom the lens way back, and look at things from as broad a perspective as possible.

It helps me create context, and with context, I can connect the dots in a better way, make better decisions and generally feel that I’ve figured out a thing or two.

I’d like to take this post and try and do this for what we are all going through with the current hyper-expansion of digital information. 

I think it’s creating fundamental ripples in the fabric of society that we’re just now starting to realize, let alone deal with.