Osterman Research

A Few Reasons to Consider Cloud Security in 2012

By Michael Osterman
in

While on-premises security solutions can provide robust defenses against spam, malware and other security threats, cloud-based security—used either as a standalone solution or in conjunction with on-premise defenses—offers a number of inherent advantages:

  • Most threats never hit the on-premises network—The use of a cloud service for spam processing, for example, eliminates the majority of content processing, storage and bandwidth associated with spam before it ever reaches the customer’s network, making the on-premise infrastructure more efficient. More critically, the bulk of malware can be eradicated before it ever reaches the corporate network, leaving on-premise solutions—if they are in place—to act as another layer of protection against these threats.
  • More efficient use of IT resources—One of the key issues that should be considered by any organization—but one that often is not—is the opportunity cost of IT staff members. Most CIOs and IT managers would agree that finding and retaining highly qualified IT staff is not an easy task. As a result, in-house IT staff should be used so that they can provide maximum efficiency to their employer, while also giving them a satisfying work experience that will motivate them not to move elsewhere. A cloud security solution—whether used for messaging security, Web security or other capabilities—allows IT staff members to move on from managing security servers and appliances and to work on projects that provide more differential value to the organization and that can result in greater job satisfaction.
  • Easier support for mobile and remote users - Given that a growing proportion of the working population is mobile—either because of corporate telework initiatives or employees who travel as part of their work—security for these employees can be difficult to manage using on-premise systems. Cloud security capabilities can provide a high level of protection for these employees, many of whom use Wi-Fi hotspots and other resources that are much less secure than their in-office counterparts.
  • Extending the life of on-premises solutions—Related to the point above is that cloud services allow an organization to extend the useful life of an in-house security solution. For example, if a company has reached the maximum capacity of its email filtering appliances, it could implement a cloud-based spam filtering service that would dramatically reduce the amount of incoming traffic and thereby allow new investments in internal hardware to be postponed or avoided altogether.
  • Improved disaster recovery and business continuity—Another important advantage of cloud solutions is that they can provide a very useful backup messaging solution in the event of an outage of the primary messaging system. For example, most cloud security providers will spool incoming email for at least several days (much longer in some cases) if it cannot be delivered to a customer’s server. This prevents an email server outage from causing bouncebacks to senders and ensures that incoming email is still being processed.

We have just published a white paper on this topic that you can download here.

Published February 8, 2012

Actually, Many Care About GroupWise

By Michael Osterman
in

David Strom wrote an interesting piece about the just-released GroupWise 2012 entitled No Once Cares That Novell Has A New Version of GroupWise. His assertion is that GroupWise is yesterday’s news, has been supplanted by other platforms, and is simply a dying animal.

Although Mr. Strom is a very sharp guy, I respectfully disagree:

  • I’m certain that the vast majority of the 10,000 organizations cited in Mr. Strom’s article care about the new release.
  • Same goes for the 47 state governments he cited that use GroupWise.
  • Ditto for the many third-party developers of encryption, archiving, security and other products that are designed for use in GroupWise environments.
  • Even competitors will care, since some have made public—and not so public—their strong desire to move GroupWise-enabled organizations to their respective platforms.

Mr. Strom is right in that GroupWise has lost a significant portion of its customer base and the development of the platform has not kept pace with that of some competing solutions. However, the new GroupWise has some noteworthy and interesting features as he pointed out, such as integration with Skype for presence detection and an iPad client among them, that will help to keep interest in GroupWise alive. Moreover, given that migrating to a new messaging system is typically arduous and expensive, a new version with interesting new features might be enough to convince some decision makers that they can at least postpone the migration, if not put it off completely.

Does this mean that the new version of GroupWise will cause the platform suddenly to reverse its slide and start picking up new customers in droves? Doubtful, but if this is the first in several steps focused on updating and improving GroupWise, predictions about the death of GroupWise may have been premature.

Published January 24, 2012

Some Thoughts on Lotusphere and the New Communications Paradigm

By Michael Osterman
in

There is lots of talk about email going away: some are swearing completely off of email, others complain about how many messages they receive in their inbox, others use only email. Our own research shows that for many corporate workers, the importance of email continues to grow. Add to all of this the continuing discussions about migrating from GroupWise to “Outlook” (the subject of an upcoming blog post), how Notes/Domino is losing share to Exchange, etc.

However, does it really matter? The fundamental goal of email when it was invented decades ago was to enable people to communicate in a more efficient way. That goal has never changed, but the tools that are available to corporate decision makers to enable that efficiency have. For example, we now have social tools that can enable communication in a way that enables easier access to and analysis of employee and customer sentiment. We have collaboration tools that make it easier for groups to work on a document instead of sending a file to everyone via email. We have text messaging and instant messaging that enable bursty types of communication that are more efficient than email.

Spending time at Lotusphere last week reinforced my view that IBM, more than many other vendors, really understands the new paradigm. To them it’s not so much about Notes/Domino losing share to Exchange (which, on a worldwide basis, is questionable anyway given that there are more Domino servers under management than at any time in the company’s history) or cloud vs. on-premise or social media vs. email. Instead, it’s about how communications is evolving into a new platform that integrates social into the business fabric—integrating new paradigms with the old where it makes sense to do so. It’s about a shift in corporate culture that doesn’t focus on siloes of information, but instead uses a variety of communication modes in a way that makes the most sense. For example, email need not—and should not—succumb to social media, but instead evolve into a tool that enables integration of various communication types that makes sense given a particular organization’s culture, regulatory environment, today’s customer base, future customer base, the geographic distribution of its employees and other factors.

The bottom line is that email—and every other mode of electronic communication—is about how to let employees and customers communicate, collaborate, learn, change and act in a way that meets their needs and those of their employer. Those who get caught up in the email vs. social media vs. Web 2.0 vs. cloud vs. on-premise vs. whatever else discussion are often missing the bigger picture: this is much more about business and getting things done efficiently, and not so much about technology.

Published January 24, 2012

Social Media as Time Machine

By Michael Osterman
in

Outside of the financial services industry, very few companies actually monitor what their employees say on Twitter, Facebook, LinkedIn or any of the 1,000+ other social media sites around the world. Few companies scan short URLs for potential links to malware sites. Few have deployed systems to protect against spam delivered via social media. Few have deployed systems to capture whatever business records or other important content might be posted to social media sites.

In a way, social media use in the vast majority of organizations is like email was back around 1997—not much in the way of anti-spam, anti-malware, content filtering or archiving is in place to protect organizations from all sorts of harm. Use social media today and—at least from the perspective of how protected you’ll be against spam and malware—you can recreate your email experience from yesteryear.

Should you be concerned about?  Yes:

Clearly, there is a problem: lots of malware and spam floating around, millions of tweets and posts that probably should be archived, and few companies doing anything about it.

We are in the process of writing a white paper that addresses these topics, and will be launching a major study within the week on how social media is used and perceived, and what organizations are doing to protect themselves. Let us know if you’re interested in what we will be finding from the research.

Published January 15, 2012

Four Predictions for 2012

By Michael Osterman
in

Here are four predictions, trends and developments that I believe will occur in 2012 and will have important implications for messaging, collaboration and related decision makers:

2012 will be the year of social media management

Imagine letting your corporate email system be whatever your employees choose—Hotmail, Yahoo! Mail, Gmail, whatever. Then let them say anything they want without any policy management, supervision or consequences. Moreover, don’t preserve any email content, even if it contains actionable or important business records that you really should keep for legal or regulatory reasons. Now, substitute “social media” for “email”, and that’s pretty much the situation you have in most organizations today.

Some industries and organizations get the important of managing social media. For example, financial services firms—as a result of rulings by FINRA, IIROC, the FSA, etc.—understand that social media content must be managed. Important content must be archived, tweets and posts need to be monitored, and policies need to be established and enforced. The NFL gets it and has established specific guidelines for what players and coaches can post to social media before and after a game. However, the vast majority of organizations don’t get it—they let employees say anything they want on Twitter, Facebook or other social media sites without establishing any policies or guidelines whatsoever. If you’re unsure of the risk, search for “I lied to my client” or “my boss is stupid” on Twitter and see what comes up.

I believe that will change dramatically in 2012 as decision makers become more aware of their risk. Unfortunately, I think much of that awareness will be of the two-by-four-upside-the-head variety as organizations are sued for sexual harassment or other actionable posts on social media. Wise decision makers will get out ahead of the problem and (a.) establish acceptable use policies for social media and (b.) deploy technology that will manage and archive this content according to those policies.

RIM and Novell GroupWise will turn around

I realize that I’m in a pretty small minority here, but I believe that RIM and Novell will have a better 2012 than 2011. RIM, because it will introduce some interesting new phones this year and because its robust security model still has lots of credibility in the IT space; Novell, because I think Attachmate will take the steps necessary to prevent the continued slide of the GroupWise brand and because GroupWise is still a pretty solid messaging platform. While I don’t expect a massive turnaround in either brand, things will improve.

Apple will get serious about the enterprise

I really like Apple products, but the company has never taken the enterprise market seriously enough in my opinion. Assuming that will change in 2012, I’m going to go way out on a limb here (hoping everyone who reads this forgets it if it doesn’t happen), but I think Apple will buy Parallels Holdings, the owner of the very popular Parallels virtualization platform as a means of moving the Mac into the enterprise as a robust Windows platform for enterprise applications. That would enable decision makers to deploy Macs with their somewhat lower cost of ownership while not having to rewrite any of their enterprise apps in order to do so. And, no, I’m not smoking anything!

Spam will make a comeback—with a vengeance

Spam volumes dropped dramatically in 2011 compared to 2010 because of the takedown of some key botnets and other developments. For example, Symantec.cloud reported that from spam’s high of 92.3% of all email traversing the Internet in August 2010, spam fell to 72.8% in April 2011—and it stayed relatively low through the rest of the year.

That said, I believe that spam will come back in a serious way in 2012 for two reasons:

  • Traditional spam is still very effective and it’s incredibly inexpensive to produce, yielding extremely high ROIs even with very low clickthrough rates. Products that produce such incredible returns simply won’t go away.
  • More insidiously, spam—in the form of phishing and similar types of attacks—is an effective way to deliver malware into organizations. Attacks that occurred at Oak Ridge National Laboratory and the International Monetary Fund are good examples of how good employee training or robust defenses can still fall prey to targeted attacks. Bad guys love malware and are very motivated to deliver it in whatever way they can.

I’d appreciate your feedback on these predictions.

Published January 9, 2012