Enterprise Strategy Group | Getting to the bigger truth.TM

Posts Tagged ‘Intel’

Technology CEO Council’s Lightweight Federal IT Recommendations

Wednesday, November 3rd, 2010

Have you heard of the Technology CEO Council?  Neither had I until recently.  The council is made up of a strange mix of tech CEOs from organizations including Applied Materials, , , IBM, Intel, Micron, and Motorola.  Why this group and not Adobe, Cisco, HP, Juniper Networks, Microsoft, Oracle, and Symantec?  Beats me.

Anyway, the group published a paper in early October called, “One Trillion Reasons:  How Commercial Best Practices to Maximize Productivity Can Save Taxpayer Money and Enhance Government Services.”  The paper stresses the need to reduce federal spending and suggests some IT initiatives in support of this objective.  The initiatives include:

  1. Consolidate information technology infrastructure
  2. Streamline government supply chains
  3. Reduce energy costs
  4. Move to shared services
  5. Apply advanced business analytics to reduce improper payments
  6. Reduce field operations footprint and move to electronic self-service
  7. Monetize government assets

The paper is available at www.techceocouncil.org.

I agree with the spirit of this paper as there are plenty of ways to use IT costs savings to reduce overall federal spending.  That said, the paper is pretty weak and self-serving.  Specifically:

  • The Feds are already doing most of these things today.  Federal CIO Vivek Kundra is already driving data center consolidation.  Agencies were asked to submit initial input on June 30, 2010 and finalized plans are due on December 31.  Lots of federal agencies including CIA, DHS, DISA, and NASA are well along the road to cloud computing as well.  Perhaps the Feds should be more aggressive, but the same could be said of any organization.
  • The paper ignores legislative challenges.  The paper suggests things like consolidating common IT services like payroll, finance, and human resources.  Once again, this is nothing new as this type of consolidation was suggested in 2001 as part of Karen Evan’s Federal Enterprise Architecture.  Moving beyond inter-departmental cooperation toward a federal IT organization could indeed save money, but it would require overhauling (or at least tweaking) the Klinger-Cohen Act of 1996.  This could be a long arduous process.
  • What about security?  Federal IT spending is dominated by military and intelligence agencies with deep security requirements.  You can’t just consolidate around these.  Yes, security standards and regulations should be changed to keep up with the times–this is exactly what’s happening with FISMA 2.0 and the FedRAMP strategy to streamline cloud computing certification and accreditation (C&A).  Again, these things take time, thought, and care–not ideas and papers.

The CEOs also need to remember that their own internal IT organizations are far different than those in the federal government. When EMC executives mandate a massive VMware project, all of IT jumps into formation.  It doesn’t work that way in the public sector.

There were certainly some good points in the paper, but overall it is really a marketing piece put out by a lobbying organization.  In my humble opinion, there is some irony in this paper and organization–while the Technology CEO Council puts out a paper about how the federal government can save money on IT, companies like Dell, EMC, IBM, and Intel are happily wasting dough on a half-baked lobbying/PR organization.  Funny world.

The Many Reasons Why IBM/OpenPages Makes Sense

Wednesday, September 15th, 2010

Earlier today, IBM announced its intention to acquire OpenPages, a privately-held software company focused on identifying and managing risk and compliance.

There is obvious value in this deal based upon market interest in risk management alone. In the past ten years we’ve seen the subprime mortgage securities collapse, a rise in global terrorism, and explosive growth in cybercrime. Certainly businesses need better risk management tools to cope with these kinds of events.

With OpenPages, IBM gets to throw its hat further into the risk management ring, but that’s not all. OpenPages provides IBM with strong synergies around other IBM business opportunities like:

  1. Analytics. IBM has invested billions and dedicated thousands of people to create an advanced data analytics capability. Now that this expertise is in place, IBM has an analytics foundation to look at just about any type of data-centric issues. With OpenPages, IBM can combine risk management and analytics products with its existing IT and vertical industry strengths for new product and services sales.
  2. Information security. Over the past 10 years, information security has slowly evolved from tactical threat management to regulatory compliance controls. Given the global cybercrime wave, this is no longer enough — large organizations need real-time IT visibility and solid threat management analytics. IBM can combine OpenPages with the compliance management assets it purchased from Consul as well as its traditional Tivoli security products. If customers need help here, IBM Global and Managed services will be happy to chip in.
  3. “Smarter planet” projects. IBM has always told a great story around “smarter planet” projects like health care networks and next-generation smart grids. True, these visionary initiatives can cut cost and improve efficiency but what happens to the smart grid in the event of a Category 5 hurricane or a cyber supply chain attack that makes 1 million “smart toasters” part of a global botnet? With OpenPages, IBM can now build a “smarter planet” while keeping an eye focused on increasing risks.

Clearly the OpenPages wasn’t as newsworthy as HP buying ArcSight or Intel buying McAfee, but it certainly aligns with IBM’s strategy, complements existing products and services, and gives IBM sales reps another solution to sell to customers.

Making Sense of Intel and McAfee: What this Acquisition is and is not.

Monday, August 23rd, 2010

It’s been a few days since Intel‘s surprising McAfee acquisition announcement. This weekend, I took time to read what others were saying about the merger and there seems to be a lot of posturing and confusion out there. Here is a short list of some of the misconceptions:

  1. Intel is buying McAfee for mobile security. This may have strategic merit, but mobile security can’t possibly be a major motivation. Why? The whole mobile security market is extremely fragmented and worth a few $100 million today. McAfee recently acquired its way into mobile security, so internal efforts are a work-in-progress. Rather than spend $7.7 billion on McAfee, Intel could have grabbed a vendor like Good Technology or Mobile Active Defense for a fraction of what it paid for McAfee. By comparison, Juniper just picked up SMobile for $70 million.
  2. Intel will bundle McAfee security functionality into vPro. Intel vPro has some security functionality for cryptography and secure communications, but nothing else. Why not integrate McAfee desktop security and even Safeboot encryption? Intel actually tried this for years with lots of partners and then buried the effort as if it never happened. I have to imagine that development was too difficult and too costly to proceed. I don’t think the McAfee acquisition changes anything.
  3. Intel wants to create hardware/software bundles for consumers. Some people think this will center around distribution alone, while others believe that Intel will create a vPro-like chip for consumer PCs. Neither of these things will happen. Consumer vPro won’t happen because it is too hard to do. Bundling won’t happen because of anti-trust. If bundling was possible, Microsoft would have done it two years ago.

Many of the smartest financial and industry analysts can’t make heads or tails out of this deal and I can understand their confusion. There really are no obvious synergies between the two technologies. Nevertheless, I believe that the security market is in transition where new products will need a whole new level of scale, intelligence, integration, and enterprise-class sophistication. The “new” security market will start abruptly and grow to over $1 billion extremely quickly. Intel wants a piece of this transition as well as portfolio diversification. It’s that simple.

Why Intel Bought McAfee, Hint: It’s All About Massive Changes In the Security Market

Thursday, August 19th, 2010

Before the bell rang on Wall Street, Intel shocked the army of Latte sipping financial wonks by announcing its intentions to buy security leader McAfee. The deal is valued at $7.7 billion or $48 per share, about a 60% premium on the stock price.

A few financial analysts who cover Intel say that this is about Intel’s mobile device aspirations. Maybe, but McAfee just got into the mobile device security market and my guess is that this business accounts for $5 million in revenue or less.

Sorry Wall Street but that ain’t it at all. I believe that Intel sees the same thing I see. The security market is wildly fragmented with vendors producing tactical point products for its customers. These point products can no longer address the environment of sophisticated and massive threats. In the very near future, enterprise and service provider security technologies must deliver unprecedented levels of scalability, manageability and integration.

Guess what? In today’s market there isn’t a single vendor who can deliver a security product suite anywhere near what’s needed in the market. Get it Wall Street? There is massive emotional demand but no supply. Here’s the kicker — without significant improvements in security, this whole Internet party hosted by companies like , eBay, , , etc. could get really, really ugly soon.

To be fair, McAfee can’t deliver the level of scale, manageability and integration that the market demands but it’s as close as any other vendor. Combine this with Intel hardware, money, and brainpower and you’ve gotten something.

I believe Intel sees a market opportunity, not a product opportunity. Yes, there is plenty of room to integrate McAfee with mobile phones, microprocessors, and NSPs but this is a footnote to the story.

A few other observations:

  1. With its deep pockets, Intel should free McAfee to continue to bolster its portfolio. McAfee should grab ArcSight soon to fill its security management gap with an enterprise leader.
  2. The next logical candidates to double down on security are IBM and /RSA. The next logical target, Check Point — maybe others like Fortinet, Sourcefire, RedSeal, Nitro Security, LogRhythm, etc.
  3. While Symantec’s position just got stronger, Wall Street is waiting to see how the company will digest, integrate, and build upon recent acquisitions PGP and Verisign.
  4. If there is a better CEO success story than Dave DeWalt’s, I’m not aware of it. DeWalt came in a few years ago when McAfee was knee deep in a stock options scandal. He took over, changed the culture, acquired well, pointed the company at the enterprise and voila, sells the whole enchilada to Intel. Not sure if Dave will stick around but I’ll bet HP’s interest in him is sky high.
  5. The combination of Intel and McAfee is a “dream team” for the Feds’ cybersecurity efforts. The two together have security software and can throw massive amounts of hardware at monitoring, filtering, and recording all of the traffic on Federal networks. McAfee already gets hundreds of millions from the Feds. I can see this revenue going beyond $1 billion over the next few years.

Fake Intel Chips and Energizer Bunny Trojans: What’s going on?

Tuesday, March 9th, 2010

Two stories caught my eye yesterday.

First, a company named Newegg shipped counterfeit Intel i7 chips to customers. Customers received a clay mold and piece of scrap metal rather than a real processor. Intel and others are investigating this situation.

In another story, the Energizer Duo Charger, a laptop battery charger kit made of up hardware and software, was found to contain a Trojan Horse program in its optional battery charge monitoring software (note: the Trojan impacts Windows, but not Macintosh computers). When activated, the Trojan, which opens port 7777, can install files, read directories, and communicate with remote hackers. Energizer is cooperating with US-CERT to try to figure out how the code got into its product.

How are these stories related? Both describe an issue that gets little attention: cyber supply chain assurance.

The cyber supply chain is made up of a network of suppliers, distributors, business partners, and customers that share cyber business processes, develop technology, and distribute products. Since the cyber supply chain composes a vast network of companies, one weak organization or bad apple can compromise products and  create vulnerabilities for all downstream parties.

With the Intel case, it appears that someone corrupted the distribution chain. With Energizer, it seems like a rogue developer or software tester was introduced into the development cycle.

So here’s the problem: in general, we trust that the products we purchase are safe. Bad assumption, as the Intel and Energizer example points out. This also holds true for technology vendors themselves, who ultimately integrate a bunch of microprocessors, specialized chips, and software code together. Could any of these components be tainted? Absolutely.

Here’s a scary statistic: in a recent study, the U.S. Department of Defense found that only 2% of all the microprocessors and integrated circuits purchased are actually manufactured in the United States. This gives foreign adversaries ample opportunity to tamper with critical systems in a way that is extremely hard to detect.

Technology is developed by distributed groups of engineers and outsourced firms across the globe. Final assembly is often done offshore. Distributors install software on systems and then repackage them. Testing software security is often weak or ignored.

The Intel and Energizer stories prove that trusted products can be tampered with in the supply chain. We need to address this with the right knowledge, processes, and countermeasures. Continuing to ignore it will lead to more and more similar events.

RSA 2010: Cloud Security Announcements Already Dominate

Tuesday, March 2nd, 2010

It’s pouring in San Francisco, but ironically, the RSA Conference is already pointed toward clouds–in this, case cloud computing security.

There were two announcements yesterday around securing private clouds. New initiative king Cisco announced its “Secure Borderless Network Architecture,” which is actually pretty interesting. Cisco wants to unite applications and mobile devices through an “always-on” VPN. In other words, Cisco software will enforce security policies for mobile devices regarding which applications they can use and when–without user intervention. Pretty cool, but you would need a whole bunch of new Cisco stuff to make this happen.

On another front, industry big-wigs EMC, Intel, and VMware are pushing for a “hardware root of trust” for cloud computing. The goal here is to create technology that lets cloud providers share system state, event, and configuration data with customers in real time. In this way, customers can integrate cloud security with their own security operations processes and management. This is extremely important for regulatory compliance. (Note: Another reason why EMC/RSA bought Archer Technologies).

These interesting announcement probably presage a 2010 RSA Conferernce trend: “all cloud all of the time.” Since ESG Research indicates that only 12% of midsized (i.e., 100 to 999 employees) and enterprise (i.e., more than 1,000 employees) will prioritize cloud spending in 2010, all of this cloud yackety yack may be a bit over the top.

Two other announcement worth noting here:

  1. An actual leading voice on cloud computing security, the Cloud Security Alliance (CSA), teamed up with IEEE to survey users about cloud computing security. Users overwhelmingly want to see industry standards and soon. Bravo CSA and IEEE, I couldn’t agree more.
  1. I like the F5 Networks/Infoblox announcement around DNSSEC. The two companies will offer integration technology between F5 load balancers and Infoblox DNSSEC. This partnership blends the security of DNSSEC with the reality of distributed web-based apps and infrastructure. Kudos to the companies, the federal government will be especially pleased.

See you at the show!

Search
© 2011 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site