Enterprise hits and misses - AWS gets cloud security scrutiny, and IT bottlenecks get an agile challenge

Profile picture for user jreed By Jon Reed August 12, 2019
Summary:
This week - AWS cloud security gets a closer look in the Capital One breach aftermath. IT bottlenecks gets put to the agile test, and Salesforce goes shopping again. Your whiffs include a faux sunset for big data, and the world of social selling gurus turns upside down.

Beach vacation

Lead story - The Capital One - AWS incident highlights the roles and responsibilities of cloud customers, providers by Kurt Marko

MyPOV: Data breaches are no picnic. But the Capital One breach is an opportunity to rethink the responsibilities of cloud providers and customers. Last week, I examined what the rest of the web had to say. Now it's diginomica's turn, via this probing post-mortem from Kurt Marko. Kurt pushes back from the hype:

Unlike the knee jerk reaction from some initial news reports, it doesn't involve chiding people for their stupidity by using cloud infrastructure.

He points to classic IT factors that don't go away in the cloud:

The lesson is about responsibilities, technical comprehension and training.

Kurt takes to the high school woodshop:

There's a reason high school wood- and metal-working shops are staffed by skilled teachers, because if you turn kids with no training loose on power tools, someone will eventually cut off their arm. The same this is true, metaphorically, with cloud services.

He rails against cloud FUD, but AWS is also accountable:

Nonetheless, AWS is not off the hook in this case because of the abstruse design of many of its services and APIs, which can allow leveraging restricted access to one system into escalated security roles and subsequent access to other resources. AWS's culpability is notably evident in this case since just such an attack was outlined by security researchers years before.

After digesting Kurt's arguments, diginomica reader Greg Saulmon raised an interesting point on cloud competition:

These days, it's very improbable that companies would abandon their cloud providers en masse. however, what they can do is to start differentiating between them and see them compete on availability and security.

I hit on this last week - but could there be a crack in AWS perceptions that Google Cloud and Azure could exploit? We'll see - but one-upping your peers on security features/documentation/training is a good thing.

Diginomica picks - my top stories on diginomica this week

Vendor analysis, diginomica style. Here's my three top choices from our vendor coverage:

  • Salesforce to acquire ClickSoftware for $1.35bn - Service Cloud momentum continues - Turns out Salesforce still had a few quid in their pocket more buying in mind after Tableau. Derek's on the case: "The deal should be viewed through the lens of both Salesforce continuing to push the momentum behind its growing Service Cloud business, but also the market clocking onto the fact that field service management is an obvious use case for digital change (read: more sales)."
  • Dropbox Q2 fails to impress, but it's all about the app - Another enterprise mover gets the (temporary) cold shoulder from Wall Street, but as Phil explains, a plan is afoot: "Reading between the lines of the earnings call, it's clear that Dropbox is playing a long game. The new Dropbox app barely got started in Q2 but it's pivotal to the company's future strategy."
  • Rimini Street expands into SAP application management services, reports Q2 - Rimini Street is on the move - Phil caught up with CEO Seth Ravin. "Ravin told us he believes the SAP AMS market is ripe for disruption, with incumbent providers using AMS as a loss leader for selling their digital transformation and cloud migration services."

A few more vendor picks, without the quotables:

Jon's grab bag - I appeared to embrace buzzword flogging played against type when I endorsed thought leadership content in Digital media disruptions #24 - LinkedIn changes its content algo, thought leadership gets demystified, and email wins... but not before I said: "Let's face it, thought leadership is one of the most bloated, pretentious, and least welcome buzzwords in our entire industry."

Stuart nabs diginomica headline-of-the-week honors with Apple's wearables health sets the pace for Fitbit's sickly prognosis. The wearables health market has promise - including industrial use cases - but as Stuart explains, Fitbit might not be the ones to capitalize, and Apple Watch is seizing the fanboy/fangirl zeitgeist.

As for Stuart, who is never without a slew of Apple devices definitely not an Apple fanboy, he worries that Fitbit might not get out of the Wall Street ER: " It's clear that Fitbit is not a well company. Whether the prognosis is terminal remains to be seen."

Best of the rest

Waiter suggesting a bottle of wine to a customer

Lead story - Flip the ratio: Taking IT from bottleneck to battle ready  

MyPOV: The push for a more strategic IT is nothing new, but over on McKinsey, Nagendra Bommadevara, Steve Jansen, Lauren Klak, and Maneesh Subherwal add another angle. They ask: what if IT was run with an investor's mindset?

The crux:

With just 10 percent of IT allocated to generating new business value, incumbents are not battle ready when it comes to contending with nimble tech players.

The McKinsey team thinks they have a secret sauce:

Some companies have managed to pull it off, however, by following a specific recipe that allows them to work better and smarter. Typical payback in making this shift—freeing as much as 30 to 40 percent of IT labor costs—occurs within 18 to 24 months.

I'm not much for secret sauce, but customer stories are always a good thing, and McKinsey draws on them here. One big takeaway? Apply agile approaches to back office IT - and start measuring outcomes, not project go-lives. As in this example:

By better understanding business needs, teams eliminated some demand by providing self-service options. Cross-functional teams had the people needed to not only identify the root cause of incidents but correct them immediately.

If becoming strategic was as simple as a new methodology, more IT teams would be there. But the conversation McKinsey raised is the right one.

Other standouts

  • Hundreds of exposed Amazon cloud backups found leaking sensitive data - and the cloud data blues plays on (and on). "You may have heard of exposed S3 buckets — those Amazon-hosted storage servers packed with customer data but often misconfigured and inadvertently set to "public" for anyone to access. But you may not have heard about exposed EBS snapshots, which poses as much, if not a greater, risk." Kurt is right - cloud hosting is a power tool. Back to the wood shop we go.
  • Supply Chain Diagnostic: A Four-Step Process - It's time for your supply chain checkup, and Dr. Lora Cecere is in. One likely problem: process neglect. "Ironically, I find organizations easily write big checks for technology implementations, but struggle to drive process improvement."
  • Proven Levers to Reduce Hardware and Software Maintenance - McKinsey is right that IT must be more strategic. But: reducing unnecessary spend via savvier vendor negotiations is another big piece. Len Riley of UpperEdge share field-tested tips.

Honorable mention

Overworked businessman

Whiffs

Headline of the week honors goes to Bare buttocks of Adam and Eve trigger military art controversy. Meanwhile, running into gurus can us all a little dizzy:

Too bad you posted a corrected photo, I liked that one... I'm a Southwest guy, but they botched this: Airline tracks Twitter user's real-world ID, publishes her flight number. A tad linkbaity, but an interesting tale with some mistakes all around: Teen Security Researcher Suspended for Exposing Vulnerabilities in His School's Software (the teen's suspension was quickly lifted).

Speaking of linkbaity, Silicon Angle has been doing a good job breaking tech stories lately. But this absurd headline I could live without: The sun sets on the big-data era: HPE to acquire MapR's assets. If only the sun were setting on this type of headline. Yes, an early phase of big data hype festivals is passing. Faith in Hadoop as a data cure-all has faltered. But big data isn't going anywhere - even if the term doesn't get you an easy win in buzzword bingo anymore. Silicon Angle knows it too, quoting HPE:

MapR's distributed file system "provides the capability of a data fabric that allows people to manage their analytics on the edge as well as in the core," Osborne said. "We didn't have a technology that would allow customers to do that."

Does that sound like a sunset? Because all I can hear are the sounds of HPE marketers salivating.

If you find an #ensw piece that qualifies for hits and misses - in a good or bad way - let me know in the comments as Clive (almost) always does. Most Enterprise hits and misses articles are selected from my curated @jonerpnewsfeed. 'myPOV' is borrowed with reluctant permission from the ubiquitous Ray Wang.