Posted by: Greg Ness | July 19, 2017

Amazon goes Hybrid with VMware

Roller coaster loops against evening sky

The Wild Ride is Getting Wilder for Tech Infrastructure Vendors

Notice is Served to More than a Dozen Tech Leaders by Once Unlikely Alliance

Recent talks between Amazon and VMware could ignite a second wave of cloud adoption, this time focused on brownfield cloud migration. A recent report covered by CNBC raises the specter of a massive shift of workloads from premises to clouds, something of notable concern to at least a dozen premises-bound tech leaders and perhaps a couple dozen third party data center players managing traditional stacks.

See my Vidder blog The Cloud is about to Crush the Hardware-based Security Industry.

This development represents a fundamental shift for Amazon and VMware, and each has their own distinct reasons for this once unlikely alliance.  Amazon finally recognizes the value of the hybrid cloud model, which it has dismissed for years. This could be as much about Amazon growth as countering Azure’s massive inroads into cloud. See a few highlights from my blog Amazon, AWS and the Public Cloud Paradox from early 2013:

As discussed previously, the total addressable market for VMware server virtualization and private cloud is about $50B dollars, per a VMware presentation made late in 2012.  Amazon’s AWS revenues, representing an estimated 90% of the public cloud market, were under $3B.  This suggests a wide gulf between the public cloud and private cloud market and an even larger $60B hybrid cloud market that is available to the victors.Kitty Hawk

That public cloud myopia on the part of Amazon, which was so prevalent at last year’s AWS reInvent Conference, is an albatross around the neck of what has otherwise been perhaps one of the most successful and revolutionary launches since… online bookselling.  Amazon’s future success may depend more upon its ability to lead the cloud market versus being a former first mover.

Amazon clearly understands that public IaaS is too limiting, and has made a series of smart improvements to its cloud offerings that align them more closely to enterprise requirements.  It is possible and reasonable to suggest that Amazon’s enhancements (along with Azure’s coming grand entrance) may have forced VMware’s hand into its own IaaS offering, much to the unease of some key VMware partners.  Yet Amazon today is still stuck in the public cloud mindset.

Then there is Amazon and the Amazing Enterprise IT Monoculture Myth:

Without denying cloud computing’s massive impact on enterprise IT, I think it isclouddisconnectimageblog still easy to get lost in the vendor haze of massive switches to any self-serving single standard or model -beyond core networking and communications stacks, which are often economically too powerful to resist, and the dynamic, pulsating world of IT services and solutions.  Innovation and conformity are not often mentioned in the same sentence as allies.

For VMware this represents a shift from its earlier cloud initiative. For background see my previous post based on a recent Cisco study and Cloud is Bigger than you Think, based on a Future in Review panel in late 2015.

==> If you are an executive at a hardware-bound company selling gear exclusively for premises deployment this is a very big yellow light at best. And it grows the TAM for AWS by several-fold.  Stay tuned.





My recent Vidder blog on security in the new cyber world explains why security will become more important to business success in the digital age and why CISOs will become as important to CMOs in most consumer and B2B companies.

The world’s cyber future looks more like Ukraine, the emerging frontline of a growing conflict between entrepreneurial hackers, nation states interacting in a virtual marketplaces of exploits, tools, identities marketplaces and a shrinking population of cyber security experts defending critical and increasingly complex systems.

If you think the cyber war in Ukraine will stay within its borders think again. We may already be embroiled in a stealth, undeclared cyber war.

With larger populations of devices accessing more complex, shared infrastructures attached to increasing exposed systems you have a market of growing opportunity for fast growing populations of cybercriminals and their sponsors living beyond the reach of domestic law enforcement and perhaps even international treaties.

That’s why I’m putting together a cyber war panel for Future in Review this October in Park City. Stay tuned!

Posted by: Greg Ness | July 2, 2017

Digitalization Winners and Losers as of 2017

A new Morgan Stanley CIO Report is out with a revised list of digitalization winners and losers.  The shift to the cloud is increasing and creating a painful new reality for traditional IT vendors, except Cisco.

Roller coaster loops against evening sky

IT vendors will navigate the clouds with varying levels of success.  Cisco appears to be making inroads based on a new CIO survey.

Check it out here.

From Becky Peterson, Business Insider, July 1 2017:

The two technology vendors are set to lose out considerably in IT budgets over the next three years as the result of the shift to cloud, according to the June AlphaWise/Morgan Stanley CIO report. CIOs expect that 46% of their workloads will be in the cloud by the end of 2020, while only 34% will be on-premise.


Between now and then, the 100 US and European CIOs surveyed expect to decrease spending on IBM by 13%, and to decrease spending on Oracle by 11%. 


Note how Cisco is positioned as a top benefactor of digitalization, after Salesforce.  That’s an impressive shift for a legacy networking vendor.  This could be at least indirect acknowledgement that the giant is successfully re-positioning itself as a new kind of software-centric cloud player.

Posted by: Greg Ness | June 24, 2017

#Cyberwar #Cloud #Migration

This week the Washington Post published a bombshell story on the recent attacks on the US election infrastructure ironically under their motto “Democracy dies in darkness.”

On the Vidder blog Thursday I said that we were at cyberwar.  My case was simple:

  • Cyber warfare is by nature stealth;
  • There are no cyber-specific treaties;
  • The migration of attacks from economic targets to political suggests direct nation state complicity; and
  • Now our intel agencies have proven direct Russian intel agency involvement.

Then a recent Reuters report broke that made things even more bleak: Russian officialsclouddisconnectimageblog are demanding source code from US tech companies, even code for security products.

Reports are now emerging of a hack attack against UK’s parliament, another political target.

A pattern of increasing attacks against servers and devices and politically motivated targets is emerging and Russia named as the common source.

See this recent Wired piece on Ukraine: How an Entire Nation Became Russia’s Test Lab for Cyberwar.

For years many security experts have attacked cloud adoption, calling it a security risk. Yet recent events might accelerate cloud adoption, especially for legacy workloads protected by US tech giants flirting with releasing source code to have (ironically) greater access to the Russian market.

Even the perception of a source code sharing risk could dampen enthusiasm for traditional security products and get more CISOs considering protection by AWS, Azure or Google, who are investing billions in advanced infrastructure and might have enough market power to resist Russian demands.

Some of these companies are under tremendous operating pressures and having to fight off innovative startups and IaaS offerings that are catching up if not surpassing (in terms of security) for most enterprises. Some are struggling with layoffs designed to right the ship.

Now there is a source code risk that could give Russian hackers enhanced access to enterprise systems increasingly exposed by digitalization and growing populations of endpoints with network access.

Time will tell.  IMHO cyberwar could be a significant new driver for the growth of cloud for existing, premises workloads.

Posted by: Greg Ness | May 15, 2017

NAC versus Trusted Access Control

After my Goodbye NAC (network access control) blog the Vidder team created a very useful chart comparing key characteristics of NAC with Vidder’s Trusted Access Control.


Posted by: Greg Ness | May 1, 2017

The Cloud will Crush Network Security HW Industry

Because Complexity Doesn’t Scale Very Well…

Last week Amazon announced another stellar quarter, with AWS again being the main headliner for the ecommerce high flyer. Yet I’m convinced AWS growth and profitability has even deeper implications for traditional hardware-bound network security vendors.

Two weeks ago I spoke with a CISO at a forward-thinking IT shop. It was one of the most encouraging and thought-provoking IT discussions I’ve had in a while. He said they were betting on the cloud to “transform” their security posture by enhancing security and scale and reducing costs and complexity.blindfolded senior business man walking through social media data

The Cloud as a Driver of Security Transformation

This is a substantial shift in thinking from just a few years ago when the cloud was seen as being less secure by most CISOs. While I’ve certainly seen the enterprise cloud shift firsthand, most of the drivers were operations-driven.  IT wanted more agility and scale or some cost savings for unpredictable or seasonal workloads. Security concerns were seen by many as obstacles to cloud migration.  That has clearly changed.

The cloud is now seen as transformational versus as a potential security posture tradeoff. This is a big deal than a stellar AWS quarter.

It threatens the future growth and margin potential of today’s powerful security hardware and infrastructure players, those who have benefited from rising cyber threats and growing, increasingly connected networks. Several seemed to have peaked in 2014/2015 when cloud enterprise workloads were mere outliers. It looks uphill from here onwards for all security vendors tied to hardware for critical enforcement capabilities.

If he is right (and I think he is) the cloud will be the wheelhouse of security transformation. And many vendors are ill-prepared for such a software, service and IaaS-based disruption.

Why? Here is a list of factors that will drive the cloud software security transformation.

  • Consolidation of Buyers; Commoditization of Hardware

Cloud providers are usually building their own infrastructure, around new management, scale and security requirements, well beyond what most organizations can afford or even consider.  If needed, they can go to traditional hardware vendors and negotiate from a position of great volume / influence over terms, margins and specifications in ways that few enterprises and service providers ever could.

The long term effects of this shift will be dramatic, decisive and in some cases devastating to vendor models tied to specialized hardware and skill sets. Many will be pushed aside as enterprises look for single layers of enforcement and more granular access tunnels to address more sophisticated attacks aimed at increasingly connected systems.

  • Security with Scale is becoming Strategic

Cloud infrastructure is being architected for new, emerging demands, especially related to horizontal and vertical scale and security.  Cloud environments will increasingly adopt software and service-centric solutions that can scale globally and seamlessly, without location-specific constraints.

Digitalization will add to cloud delivery pressures and force IT into more software and services and away from hardware-defined tradeoffs.  This, combined with buyer consolidation and commoditization, will make IaaS and managed service providers (and best practice enterprise shops) powered by software-defined capabilities much more influential than the traditional hardware vendors.

  • Software and Services are Strategic to Security and Scale

After decades of innovation aimed at hardware differentiation and specialization as a means of growth and profitability the tables have turned and vendor operating models will need to shift to survive.  The virtualization, software and cloud-defined benefits of scale and agility will embrace security in ways that simple weren’t possible in complex networks of devices architected for simpler, slower times, manageable security demands and single vendor networks.

The cloud won’t compromise security; it will transform it.

Posted by: Greg Ness | April 6, 2017

Goodbye NAC, Hello Vidder!

The question that many IT security pros are asking is: Why hasn’t network access control (NAC) lived up to its promise?
I certainly did. And what I discovered helped me to make a career move.

I’ll explain, starting with what NAC does. Then I’ll get to the personal part.

NAC provides enterprises the ability to authenticate devices as they enter the network, monitor those devices, and deal with those devices that do not meet security requirements.

That all makes sense. Yet the history of NAC adoption has been less than stellar, even in recent years. Why? I think it’s because NAC still doesn’t meet the needs of today’s enterprises. NAC products are complex to deploy, scale, and manage. They’re also not able to stop an attack from an outsider who has compromised an internal device.  Once you are in, you’re in.

The NAC value proposition is a victim of its own self-inflicted shortcomings, from access control list fatigue to obsolete posture check parameters. NAC complexity combined with technical constraints, contribute to a very challenging business case for most enterprises. Substantial upfront hardware investments are typically required, followed by high ongoing operating expenses.

These investments are the high table stakes to get the weak outcomes promised by network security hardware architected for simpler days and more primitive attacks. Today, things get even worse for hardware-bound solutions facing agile, dynamic software-based attacks.

Those medieval fortresses and walls scattered around the world are now only being used to lure tourists. No one uses them anymore for protection because they’ve become anachronisms, symbols of fixed defenses that worked in their day. Today we live in fast-moving times, where the spirit of entrepreneurship sometimes takes the form of cybercrime. Network defense schemes from more than a decade ago are already starting to resemble their tourist trap predecessors.

Unlike the rise of WLANS (and internet worms), which helped NAC solutions establish a foothold in enterprise security, cloud and digitalization initiatives are destroying the last remnants of the NAC payoff by magnifying the negative impacts of existing NAC technical and operational shortcomings.

NAC Boulder

The NAC security challenge: increasing complexity degrades scarce resources


NAC solutions only protect internal servers. Any hybrid or cloud-centric network would need a different approach to access control.  With digitalization, business-critical servers and databases will be more accessible to other servers and often larger populations of users.

Adequate protection would require even bigger initial investments and likely infrastructure upgrades. Then you’ll need more highly-skilled people to manage the complex weave of devices and permissions and access points. As your network grows sequentially your costs and complexities grow exponentially.

The problem: NAC’s lack of granular access controls requires security teams to create and manage hundreds of ACLs with thousands of potential rules, even for smaller networks.  Existing security teams might have to double or triple in size to simply keep up with the management overhead of these new initiatives, after those substantial initial hardware investments.

This explains why a host of companies are now talking about the Software Defined Perimeter, or the use of a single layer of software to protect large, complex networks. Its ability to scale up or extend enforcement across dynamic infrastructure is far superior than any approach requiring dedicated hardware, specialized skills and manually-driven lists.

So… after four-plus great years at CloudVelox I joined Vidder.  I met Vidder’s CEO Mark Hoover more than ten years ago.  Before I joined CloudVelox we discussed working together again as well as the new enterprise security demands taking shape. Vidder was on the way to re-inventing access control by blending trust metrics with the Software Defined Perimeter.

So here I am, years later at Vidder in the midst of a new asymmetric cyber war between nation states, hacktivists and societies dependent upon trust for their very way of life.  Goodbye NAC! Hello Vidder!

Posted by: Greg Ness | February 16, 2017

RSA Security Bloggers Meetup: Best Bald Bloggers Award

Had a great time catching up with old friends last night at RSA.  We have much to talk about this year, including greater recognition for bald security bloggers.

Maybe we’ll even get Rothman to shave?

Media preview

Posted by: Greg Ness | February 4, 2017

RSA: Acknowledge that Security is Broken

Trust is under attack. So much so that security experts are calling networks “zero trust.” A recent Kaspersky Labs survey found 77% of US businesses had breaches in the previous 12 months.

This at a time when established, multi-billion dollar incumbents enjoy wide deployment in US enterprise networks. It is apparent that hackers have evolved tactics and strategies faster than leading security vendors, and exposure is increasing.

Can architectures created more than ten years ago adequately scale and adapt to survive an unprecedented onslaught of attacks and demands? Time will tell. With digitalization spreading, the worst is yet to come.

Without trust nothing is possible. Without security trust is not possible.

Read the rest of the story at TalkMarkets.


Posted by: Greg Ness | November 23, 2016

Antioch: A Dystopian Sci-Fi Masterpiece



Ancient Rome/Egypt and the search for dark energy takes you on a “fantastic romp” through surreal dreams and nightmares as Western Civilization is born in the past and dying in the not too distant future.

The Series starts with Antioch then in March 2017 continues with Alexandria.


Worrisomely on target…David Brin


Antioch: a dystopian hard science fiction novel set in the near future and the distant past.


“Beautifully done…” – Real Laplaine, author of Earth Escape.




UK sci-fi blogger Faith Jones’ 2017 review.

FIVE STARS: This book could have been a mystical revelation about the beliefs of the Alexandriabig.jpgold world, which would have been fascinating historical fiction on its own. It could have been an exploration of sci-fi discovery, what would be suddenly possible and how people and religions might react to that. It could have been a Roman boy meets Egyptian girl sort of culture and identity metaphor. Reconciling it all together and sprinkling it with illusions, insights and points of reference in real history makes this book a bit special, when you think about it. That shouldn’t have worked, but it has.

David Brin mentions Antioch in his blog:

Worrisomely on-target is a novel by my friend Gregory Ness – Antioch – that combines hard SF with fantasy and fretful observations on a new American Civil War and dark age. “In 2025 the U.S. disintegrates into angry mobs fueled by social media and misinformation. The once great nation turns away from science and tech in an effort to protect entrenched interests and preserve economic stability. Scientists are killed or exiled and laws passed to regulate innovation. … An American biologist’s dreams take him back to the Great Library of Alexandria where he witnesses the birth of western civilization. During the day he watches its disintegration.”

From top Goodreads reviewer Real Laplaine:

FOUR STARS: Without spoiling this beautifully done story, it takes us back and forth between the present, which is some years ahead of contemporary times, and thousands of years into the past, and then rolls us back and forth in an ever-consuming tale between now and then. The detail and imagery laced into the text about ancient Rome and Egypt, as well as Persia and Turkey, and their cultures and people, animates them, as if the reader is walking the stony streets of Alexandria. There is a beautiful love story which transcends time, depiction of brutal wars and great power struggles between Rome, Egypt and others – and the perspective of how Julius Caesar was, as a man, and a leader, makes the history books seem shallow in design.

« Newer Posts - Older Posts »