Enterprise hits and misses - DevOps gets a security overhaul, analytics gets ROI, and DoorDash gets hacked
- Summary:
- This week - DevOps gets one step closer to DevSecOps as security grabs the headlines. Lessons for analytics ROI are revealed and questioned. DoorDash gets hacked, and earns a fragrant whiff in the process.
Lead story - New data shows that DevOps + security = a winning combination by Kurt Marko
MyPOV: DevOps vendors Puppet, CircleCI and Splunk issued their annual DevOps survey, which honed in on the degree of security integration into real world DevOps practices.
After issuing the necessary caveat for vendor-sponsored surveys, Kurt writes:
This year’s Puppet, et.al. survey builds on last year’s results in which the authors developed a 5-level DevOps maturity model that categorizes practitioners based on the degree to which DevOps had been incorporated into their software delivery cycle. For 2019, the authors sought to identify any correlations between cybersecurity preparedness and an organization’s stage of DevOps maturity.
In other words: if you really have your sh!!t act together with DevOps, is your security correspondingly better? The data points to a cautious yes. At Level 5, the highest DevOps level characterized by "self service":
82% of those at Level 5 agreeing with the proposition that “our security policies and policies significantly improve our security posture.
But Kurt applies the cognitive breaks:
[The report] stops short of providing a causal connection between meticulous adherence to procedures and improved security metrics.
Indeed - though I found the report's points for integrating security into DevOps practices well stated. However, Kurt calls attention to a much bigger problem:
Until organizations can quantify the ROI on increased spending on security, adding time, expense and process overhead to software development cycles will be a tough sell to executives who see a more direct link between new products and features and their corporate and personal bottom line.
Yep - the IT industry hasn't scared straight yet. Breaches ahead:
Sadly, it will take a few more existential, company- and career-ending crises to create rapid, significant improvements in the way organizations integrate and prioritize software and infrastructure security.
One small consolation: Kurt managed to get through using the most awkward buzzphrase of all time catchphrase DevSecOps only once (well, okay, twice, but once was quoted material).
Diginomica picks - my top stories on diginomica this week
- The robots are coming? Not enough of them in some cases... - No one threads the line between robots/job optimism and dystopia and smartly as Chris. He has a way of unsettling both sides of the debate, this time, with fresh data from the UK government. Interesting factoid via Chris: "Japan has more than 297,000 industrial robots in use, a 23% share of all the robots in the world – and a human unemployment rate of just 2.4%."
- Data, diversity, developers - 3D thinking from Atlassian CIO Archana Rao - Madeline scores some trenchant tips from a CIO gettin' it done.
Vendor analysis, diginomica style. Here's my three top choices from our vendor coverage:
- 'It's all about focus' - Dropbox rebrands its app as Spaces, adds AI-powered features - Phil on Dropbox's quest for the enterprise collaboration throne, live from their first-ever Work in Progress event: "These are problems we need to solve to avoid some of the digital burnout people are suffering. We have the tools to help us all work better, but they're not doing it for us yet. Full credit to Dropbox for trying to make that happen."
- Oracle resurgent 3 - a 'to do' list for the next phase of the ERP wars - Notorious enterprise
gadfly slingshotttercritic Brian Sommer filed a monster review of Oracle OpenWorld that was surprisingly upbeat. Though in part three, Sommer notes some considerable challenges still ahead for Oracle (part three links to the other two installments). - Inforum 2019 - how CERN is putting Coleman AI to the real world test - Infor hit New Orleans with the keynote debut of their new CEO, and customer stories to tell. I filed three pieces, including this use case and Inforum 2019 - Can Coleman AI make self-service data science a reality?
A few more vendor picks, without the quotables:
- Huawei Connect - showing off the building blocks to make AI a working reality - Martin
- MongoDB cloud chief explains the value add that Atlas brings for modern data companies - Derek
- FutureStack 19 - New Relic boosts observability in quest for perfect software - Phil
- Vlocity keeps go-lives on track with FinancialForce PSA - Phil
Jon's grab bag - diginomica headline-of-week crown goes to frequent champ Stuart with Pink-eyed Terminators, clucking Alexas and giant dark data thunderclouds looming overhead - Boris Johnson's Brexit Britain tech pitch to the world. Meanwhile, Neil managed to tie Dolly Parton into enterprise data management in DataOps challenge - the complicated art of making things simple.
Jerry delves further into Google's odd activities of late in Did Google achieve quantum supremacy or not? Bottom line: Google appears to have jumped the PR gun, but Jerry says we can expect self-congratulatory PR balloons and fanfare from Google in a month or two for what he calls a "milestone achievement." Twitter peeps know I have a quantum amount of issues with all of this, but I won't blow a gasket on you just yet.
Best of the rest
Lead story - are companies that lead in data and analytics pulling ahead?
MyPOV: Why yes, says McKinsey, which shared survey results in How leaders in data and analytics have pulled ahead. This is a question I've been pressing BI vendors on for a couple years now. My version is:
If data-driven culture is the goal, shouldn't companies that achieve this separate from their industry peers?
So far, I haven't heard a convincing answer. McKinsey has a dog in this fight; they advertise feature their analytics practice in this piece. Their evidence? McKinsey's Josh Gottlieb and Allen Weinberg hammer "one-off" and "adhoc" analytics efforts, arguing for a comprehensive/strategic effort instead. They continue:
The survey suggests that companies still dragging their feet do so at their own risk, because the gap between leaders and laggards just keeps growing.
And how do we quantify this gap?
Respondents from these high-performing organizations are three times more likely than others to say their data and analytics initiatives have contributed at least 20 percent to earnings before interest and taxes (EBIT) over the past three years.
Not what I'd call a definitive statistic, but then again, I've seen enough use cases from customers on an analytics journey to be convinced it's a push worth making - even if I've been unable to boil that down as the key driver to success (a great product versus a shoddy/commodified one still matters quite a bit, for example. Or: you can be measuring the wrong things with your shiny analytics tools).
Grinding axes aside, the debate is not as important as the lessons learned, and here, McKinsey's piece stands out, with tips on building a data culture, empowering employees to make decisions based on that data, etc. Then we go back to a theme of Chris Middleton's robots/jobs analysis:
While automation is becoming more prevalent in all aspects of digital life, management of the data driving these changes is still largely a human-run activity - further underscoring the need for great data talent.
And on that point, we agree.
Honorable mention
- The Primordial Soup of On-Demand Mobility - I never thought of on-demand mobility as "primordial soup" before, but hey, Evangelous Simoudis crafted a catchy one there. Simoudis identifies the flaws on the way to Uberization: "The popularity of on-demand mobility suggests a bright future for the industry, but few of these businesses are reliably profitable today."
- DoorDash Breach Affects 4.9M Merchants, Customers, Workers - Dark Reading on a pretty nasty breach. DoorDash offered
weak-ass assurancesrationalizations about only the last four digits of the credit card numbers getting hacked, but: getting your home address exposed isn't lovely. Where's Louis Columbus when you need him? - Three Reasons Why Killing Passwords Improves Your Cloud Security - Yep, here he is.
- Leaving Panorama Consulting: Reflections on the ERP Software Industry’s State of Chaos - I'd argue the ERP industry is in a state of stagnation and decline (on the services side at any rate), not "chaos," but Eric Kimberling's reveal on why he started Third Stage Consulting resonates: "Living with the erosion of one’s vision over time was gut-wrenching." True that - so Don't Look Back Eric.
- Making Validation Easier - Gartner's Hank Barnes continues his role as enterprise vendor
gym coachhorse whisperer; it's time to shape up on the validation side, folks.
Whiffs
So the Labradoodle inventor apologized for creating a diseased, crazy monster. Dunno about that - I think an apology for creating a spectacularly weird dog would be sufficient. There's been a load of political whiffs and pungent satire this week, many of them tagged by Den Won't Get Fooled Again "Breaking Bad" Howlett. Here's one of his fragrant dandies from the UK on the brink.
Meanwhile, I continued my unexpected role as in-flight baby defender:
This airline will warn you if you’ll be sitting next to a baby on your flight https://t.co/8AzRA8nqua
-> we've been over this before but I'm good with babies. Now if we can extend this feature to incessant small talkers then we'll be onto something
— Jon Reed (@jonerp) September 27, 2019
"Smart homes" continue to bring a fresh batch of nasties:
‘Felt so violated:’ Milwaukee couple warns hackers are outsmarting smart homes https://t.co/KymXCO2wpL
-> "The thermostat continued to go up -- and a voice began speaking from a camera in the kitchen -- and then playing vulgar music."
yikes
— Jon Reed (@jonerp) September 23, 2019
And yeah, I don't care for upbeat reports on hypothetical Facebook features. You can't incrementally improve something corrupt:
Facebook tries hiding Like counts to fight envy https://t.co/EjtFhF7vci
Just experiment at this point, not done deal.
re: "end the popularity contest."
-> not so fast, I'm sure Facebook still weights according to popularity, so the contest continues forever. @joshconstine
— Jon Reed (@jonerp) September 29, 2019
This is the equivalent of a high school making everyone wear uniforms. You're still gonna know who the cool kids are. Be liked cool or be ignored cast out. (Hardcore Rush fans know what I just did there)...
Finally, I don't think DoorDash got a big enough spanking for their breach. So they blame the breach on a third-party service provider (time to scour that terms of service methinks). Next up, this soggy noodle:
While the company says it took "immediate steps" to block further access by the intruder, it's unclear why the breach took nearly five months to notice.
The breach comes about a year after some DoorDash customers said their accounts had been hacked, but DoorDash told TechCrunch at the time that there had not been a data breach.
Does this sound like a company that deserves anyone's pad thai craving Internet business? I suspect, however, they will not pay a price. At the least, change your name to DataDash, so we know what we're getting into. Never thought I'd say this, but: where is my DevSecOps? Kurt Marko, right again. See you next time...
If you find an #ensw piece that qualifies for hits and misses - in a good or bad way - let me know in the comments as Clive (almost) always does. Most Enterprise hits and misses articles are selected from my curated @jonerpnewsfeed. 'myPOV' is borrowed with reluctant permission from the ubiquitous Ray Wang.