Total Immersion

I was asked today whether I could pop into town for a half hour briefing next week, and I said I’d prefer phone in the first instance. When asked why, I gave the following example of my London routine. I thought it would be useful to post it here for future reference:

- leave home, 07.45
- Get train, 08.08
- Arrive Paddington, 09.25 (on a good run)
- Get tube, 09.35
- Walk to destination, arrive 10.15
- Briefing finishes, 11.15
- Walk to tube, 11.30
- Tube to Paddington, arrive 11.50
- Next Train, 12.30
- arrive at station, 1.50 (on a good run)
- get home, 2.15

So that’s 6 hours 30 minutes for a 1-hour briefing.

Don’t get me wrong, I love meeting people face to face, and it would indeed be preferable in many cases. With phone briefings I can quite literally fit 5 times as many in (allowing for coffee breaks), which is also time well spent!

In a break with tradition, I’m going to write about a specific company in this one, or at least a specific series of conversations. I’ve been talking quite a lot to the guys at Tier-3, a company specialising in software that can look for anomalies in how IT is being used. While there are many potential applications of such a capability the company has focused its efforts on looking at IT security, sucking in events from computer logs and looking out for things that don’t fit with the norm. Think intrusion prevention, unauthorised access and the like.

It sounds so great in theory - and indeed, the company has recently announced wins for its HUNTSMAN product with some quite sizeable players such as Toshiba, so it must have something going for it. I still find myself feeling dubious however, not least (indeed, mostly) because whenever we do research into who’s buying what in IT security, behavioral analysis software seems to come out near the bottom of the pile.

So, there appears to be a bit of a behavioral anomaly about the whole thing. If such products are recognised to be so blooming useful, why is nobody buying them? My conclusion has been that, while such security products as antivirus, firewalls and VPN are quite simple to explain and therefore cost-justify, it was always going to be harder to assemble a business case for such tools as behavioral analysis.

When I spoke to Tier-3 I put to them this position, and asked (on the back of such deals as Tosh), whether it was changing. What Peter Woollacott, CEO told me, was that it was true, but he shed a bit more light onto what made it so hard. “Anomaly detection investments are currently being driven by the value ascribed to IT/IP assets relative to cost,” he said, “yet many organisations still fail to understand the value of their IP assets.” In other words - if you don’t know what you’ve got, it’s difficult to work out its value, or indeed (as Peter explained), how vulnerable it is against the legions of potential threats.

It’s an interesting one, not least because (according to my illustrious colleague Martin’s report) the lack of asset knowledge is such an age-old problem in IT, leading to that other age-old chestnut- how can you secure your IT environment, if you don’t know what you’ve got?

Funnily enough however, the answer to the asset management issue may well come form considering some of the desired outcomes of security - not least that mother of all reasons, the reduction of business risk. Peter used the term “return on security investment” - the ramifications of which can be seen quite clearly in more regulated environments, and are starting to be visible in other verticals. “Just as Basel II rewards better operational risk managers with lower costs of capital,” commented Peter, “risk adjusted decision making is already featuring in corporate investment cases.”

Understanding of IT risk requires (and therefore drives the need for) understanding of IT assets, and their vulnerabilities. Ultimately this also drives the need for products such as those from Tier-3, but its unlikely that the company can currently use this as a product pitch. Rather, organisations that are already educated on the need to manage risk for business reasons, and are acting upon it, will also want to get on top of their IT assets and what they are up to.

To take this one step further, perhaps there is no business case for behavioral analysis per se. That is, if such analysis is seen purely as a security measure, i.e. a way of working out what went wrong after the event so the hole can be plugged, it will always be difficult to justify. Alternatively, organisations that “get” such topics as risk management will be able to see behavioral analysis as a way of achieving some of the higher level goals that ensue, such as ongoing monitoring of risk levels in an already well-managed environment. In this context, anomaly spotting becomes a feature, and not an outcome.

Which is perhaps, as things should be. Companies such as Tier-3 better be in it for the long haul however, as there is still plenty educating to be done just to get some organisations off the starting blocks.

It’s an interesting experience, starting a new blog - like any investment, one has to take the long view. As a stake in the ground, Totalimmersion currently has up to about 40 readers a day - it’ll be interesting to review this in a year. Meanwhile, its being syndicated to my chums at IT-Analysis.com, whose hit rate is much better. But watch this space, the only way currently is up!

S’funny. There I was thinking that Twitter was in some way different from, well, anything else. To the extent that it had taken the web publishing model and reduced it to the finest level of textual granularity, expressed as a 140-character “tweet”. And it’s a platform, open API’s, the lot.

Meanwhile, we’ve been using Skype as our messaging tool du choix between Freeform team members. We even use it for voice sometimes, but text is the default.

So there I was last night, getting on with various things - with a MadTwitter window open on the left, and a Skype Chat window on the right. And, behold, I was using them both in exactly the same way.

Sure, there’s differences. Twitter is the ultimate in broadcast chat - when I post, it’s like shouting across a crowded room where everyone can hear (and fortunately, not everyone is shouting). Meanwhile, in Skype I have to pre-select people I want to chat with - but I can have multiple chats with individuals and different combinations of groups. I can access Twitter on the Web, through phone or via my handheld, and while I can’t open a Skype window on the web, I can do the latter two. With Twitter, I can write to it from other programs. So I can with Skype. Etc, etc.

Other messaging apps offer a bunch of facilities that are much more controllable than either Twitter or Skype, including IMvironments, talking avatars, enterprise logging features, unified comms and so on - which makes me wonder even more. Aside from the “following/followers” concept, what exactly has Twitter got that traditional messaging hasn’t? It’s important - because while this would be quite a simple feature to add to the majority of text messaging clients, it would be quite a challenge fro Twitter to bulk itself up to offer these stock features.

I’ve probably missed the point entirely, but then, so did the kid who said teh king had no clothes on.

Funnily enough it was only today that I was recounting a tale to goodman David, about a formative experience I had a few years ago when two hippy friends of mine decided to divorce. It took me a while to reconcile this - after all, I thought, if hippies were so laid back and peace loving, surely they’d just get on?

And so it is when I see people like Dave Hitz and Jonathan Schwarz in a spat. Admittedly I’ve never met Jonathan, but from what I’ve heard about him he’s a regular guy, who just happens to run a rather big IT company - and he sports a pony tail. I’ve met Dave on a couple of occasions through the years, and he’s come across as a regular guy as well. As in a divorce situation, I know I have to be grown up and recognise that (a) books shouldn’t be judged by their covers, and (b) there’s probably an element of truth on both sides.

The story seems to have unfolded something like this:

- many years ago, NetApp decided to build a storage box based on available technologies, and stick some clever IP into the I/O layer while leaving the processing layer as a reliable, if back ward overseer - I seem to remember the expression “trailing edge” technology being banded about, not in a negative sense but as opposed to “bleeding edge” - including such stalwarts as the NFS protocol.

- a couple of years ago, StorageTek was miffed about something NetApp had done, but the sides never reached any particular resolution. STK was then bought by Sun Microsystems, who then continued bickering with NetApp. However, as storage wasn’t seen as particularly strategic at the time, its still didn’t come to anything.

- quite recently and indeed laudably, Sun decided to treat storage more strategically, at the same time as reaching a level of corporate psychological resolution about the relationship between its own software and open source. All admirable stuff, with the result that Sun decided to do some more stuff with storage - including releasing the ZFS file system to the open source community.

- unfortunately, NetApp saw this and wept, in the belief (now to be proven in a court of law) that Sun was riding roughshod over some of the “clever layer” intellectual property, indeed, patents that Dave Hitz himself had filed all them years ago (and suddenly, its personal). This may or may not have been ill-thought-out but unintentional on the part of Sun, or indeed, it may have been deliberate, anti-competitive move, a bit like “accidentally” leaving Coca-Cola’s ingredients list on Howard Stern’s desk. We’ll find out - but right now, we know that it led to NetApp taking out a lawsuit on Sun.

- of course, the dot in dot-com was not going to take this lying down. After (no doubt) that quick call to determine whether some amicable resolution could be reached, Sun assessed its options and today has decided to countersue, not just about ZFS but calling into question the very, “trailing edge” foundation that NetApp had adopted, at the very inception of the company.

Nasty. Commenters have quite rightly compared this to the SCO vs Novell case, and indeed raised questions about whether IP can be open sourced, or indeed closed back up if it does infringe on patents. To me, this also echoes the rather dodgy ground Microsoft finds itself standing upon whenever it reiterates its patents issues against Linux (I’m still not sure if Steely Neelie Kroes has put this one to bed).

I’m also rather fascinated at how the battle lines are being drawn up in the blogs. Mr Schwartz has always been an advocate of the openness of CEO blogs, but of course when the fecal matter hits the fan, one cannot stop being declarative even if one wants to. This is where it’s like my hippy friends - bloggers are supposed to argue, sure, but when it comes to them acting like good ol’ boy CEO types, what happens then? things sure as heck don’t get decided by the number of diggs assigned to the counter-arguments, or consider adverse comments as a form of cross-examination.

I confess I have a nasty feeling about this. Court battles are just that - battles - and fighting dirty is acceptable as long as it happens within the confines of the law. Already we have seen Dave Hitz branded a liar and a troll, and while Dave H has not used the terms, he has called into question Jonathan S’s records of events. NetApp has (as illustrated in that same blog post) started from a position of, “let’s get along, but use the courts, that’s what they are there for,” but it doesn’t appear that Sun isn’t going to keep the gloves on. Call me old fashioned but Jonathan’s statement, “we are requesting a permanent injunction to remove all of their filer products from the marketplace” doesn’t appear to be wanting to meet anyone half way.

Where will it all end up? Messily, certainly. We now have two court cases, one of which may find it correct to say Sun shouldn’t have released NetApp’s IP into the open community - it’s difficult to know what the outcome would be from there, other than requesting people to kindly switch it off. Or it may find Sun in the clear, in which case NetApp will look a bit foolish, and perhaps in trouble as the patents in question are reputed to be a mainstay of the company’s offering.

Meanwhile, Sun’s own case, if it succeeds, could bring NetApp to its knees. If it fails, Sun will look a bit silly but can revert to the counter-sue argument, so nothing lost other than a bunch of legal fees. Hopefully this second case exists purely as a counterpoint, and the situation will be judged on the technical merits of the claims rather than obscure interpretations of patent law.

What do I feel about it all, besides just wishing naively that everybody could just get on? The only recommendation I would make to both sides, is that the behaviours exhibited during the process can be as damaging to a company as the topics under discussion, so - play nice, guys. Meanwhile, while I’m not sure I’d want to rush off and install ZFS across the entire organisation until I was sure I could keep it, I wouldn’t be switching off my NetApp filers just yet.

These are indeed “interesting times” to be an influencer of any form, not least as we see the democratisation of influence - interestingly, not a term that has yet been adopted particularly widely. It is a timeless truth that every human being has an opinion, which is expressed more or less willingly; what has changed is the mode of expression, the Internet providing a voice louder even than the loudest rock band in the universe.

Whether or not this is a welcome change is a moot point, particularly for organisations who have made their money controlling the flow of such expression, such as news organisations and, indeed, industry analysts. The fact is that the guy in the bar now has global reach, and the rest of the world has to deal with that fact.

To the point - what can we learn as industry analysts? To me it’s simple - our role and privilege is to spend time learning about what is going on, and to draw insightful conclusions that can then be fed back for the common good. While many may have time to think about aspects, it is a rare luxury to be able to do this as a career, without the distractions of what many would consider to be a real job. We’re standing on the shoulders of giants - one set of insights and conclusions serve as inputs to the next level of analysis, and thus can we all move forward.

So, I don’t feel in any way threatened by these developments; rather, I revel in the fact that the number of fire hydrants to drink from is increasing. Welcome indeed, for example, to the vendor analyst relations blogs such as those from Carter and Skip; or indeed AR professionals like Jonny and David, and all the rest (I said it was like a fire hydrant!). I would love to say we have a monopoly on how things are evolving but the truth of the matter is that nobody does, so all help as we evolve our services into the future is gratefully received.

In the future, then, we shall continue in our role as aggregators of opinion and behaviour, and offer our findings back to the community in the way we do now. It’s an eminently scalable model, and for now we believe, adaptable to what the wonderful world of influence throws our way.

Just seen as I resumed my computer from suspended mode:

“Not enough memory or disk space to update the display.”

Sheesh.

Well, well. The last thing I expected to see when I plugged in my SD card this morning, was a virus. I think I must have been picked it up earlier in the week. as I was transferring files between computers.

First thing was when an AVG window popped up, to say a file was being quarantined. When the file re-appeared, I knew there was something awry. For anyone who is interested, it was the “microsoftpowerpoint.exe” virus - conveniently explained (along with removal instructions) on the Trend Micro web site, among others.

(Unless I speak too soon,) I got rid of the blighter in the end. But it was a timely reminder that, while the debate should quite rightly shift to take into account the true breadth of the risk landscape, that ol’ external threat is still alive and kicking.

Nigh time to check those signature files are up to date, before heading off to the RSA conference in London next week…

I had a quick browse about for a Twitter client, and there are plenty, many require the .NET framework which I didn’t fancy installing unless I had to. So, from a shortlist of:

- Twadget, which sits in the Vista sidebar (and what a cracking name)

- MadTwitter, simple but effective

- Pwytter, written in Python

And the answer is: MadTwitter. It stays minimised and pops up when there’s a tweet, lets me post back (and succeeds, Twadget sometimes fails), and is fast (unlike Pwytter). It lacks plenty of features, but maybe that’s the point.

By total coincidence, Tony and I both posted a green review of Storage Expo yesterday evening. Thinking about it, it was probably watching Tony checking a certain vendor’s credentials that at least partially prompted my own post - so perhaps its not that big a surprise… and not the first time yesterday I accidentally trod on Tony’s broken toes, sorry mate 

Still, topical, topical!