PODCAST

The Scope and Depth of the Cloud: Q&A With VMware Copresident Carl Eschenbach

The move to cloud is far more than an IT delivery model adjustment. It really presents a unique opportunity to get IT — and the business of IT — right at the highest levels.

On the main stage at VMworld 2011 recently, VMware Copresident Carl Eschenbach demonstrated that impact through testimonials on how cloud computing and virtualization infrastructure are advancing the business goals of three major corporations, Revlon, NYSE Euronext, and Southwest Airlines.

BriefingsDirect caught up with Eschenbach after the presentation to gain his impressions and insights on the scope and depth of cloud computing — and how it’s impacting CIOs in general. The interview was conducted by Dana Gardner, Principal Analyst at Interarbor Solutions.


Listen to the podcast (16:27 minutes).


Here are some excerpts:

Dana Gardner: Some people seem to think that the move to cloud makes IT less relevant. Do you agree, and how are the CIOs you are talking to viewing it?

Carl Eschenbach: When people ask if cloud is real or if it’s happening, I can tell you unequivocally that the answer is yes. In fact, one of the things that VMware is so excited about is our position around cloud computing.

The reason I say that is that the cloud era is here, and VMware has the solutions to help our customers actually bridge the gap between their existing data centers and legacy applications to this new world of cloud computing. It’s us and the strength of our ecosystem partners who are leading this technology innovation and services that enable people to accelerate their cloud adoption.

It’s been a very exciting show here at VMworld. We had 20,000 plus people in attendance, and I can tell you that the energy at this show only proves that our industry is going through a major transformation toward cloud computing.

So while it’s true there are some CIOs who are resistant or hesitant to move to the cloud, it’s not whether they’re going to in the future. It’s really how fast. Clearly people are thinking about it. They need help along the way, because they need to bridge their existing investments, as I said earlier, to move to the cloud.

Once they find a way to do that in a very secure manner, people will start to build not public cloud offerings and solutions, not private cloud offerings and solutions, but they will truly build what we call a hybrid cloud.

Gardner: You seem to be saying that IT becomes more fundamental, that with cloud the role of IT becomes more strategic.

Eschenbach: IT needs to become a strategic asset or weapon to help drive revenue generation for the company. It no longer needs to be a cost center or just something that becomes a barrier to success for the company.

Today, in a lot of cases, people look at IT as the barrier, meaning they’re not agile enough to service and support the line of business. In effect, what happens when you start to build either a private or public cloud, is that they actually become opaque. They become transparent to the line of business.

There’s no longer an issue or challenge with how fast a company can roll out a new business opportunity or solution. It’s actually removed now, when it gets to IT or the existing CIO organization, because they take that away. They’re able to service them much faster, because when you deploy cloud-based solutions, you have a much more agile infrastructure to support the line of business.

Gardner: We’ve been hearing about cloud infrastructure management, cloud application platforms, end user computing, and additional use of virtualization on the client tier. This is coming together as a seamless strategy, and I’m curious about the paybacks.

Those companies that are biting this off fully, that are going full-bore at cloud at these different levels, seem to be getting a lot back in return. Do you see this as a whole greater than the sum of the parts? Is there an advantage to being a full cloud-enabled organization?

Eschenbach: There clearly is, Dana. We have customers that are going through multiple phases of a journey toward a cloud platform.

First, everyone has to start with just thinking about how they’ll virtualize their existing assets and their data center, which is exactly what VMware has done over the last many years. We’ve helped our customers drive out a lot of CAPEX savings in IT by just moving to a highly virtualized environment.

But what cloud brings is more than just CAPEX savings. It brings OPEX savings and operational savings, because when you move from a highly virtualized infrastructure to a true private, public, or hybrid cloud, you are now focused on leveraging management and automation tools, which really then focuses on the OPEX savings you get.

So again, moving from a highly virtualized environment moves you from a technical discussion and a CAPEX savings discussion to one that’s more of a business benefit by leveraging cloud, because of the management and automation you put around that highly virtualized environment, therefore leading to much more agile infrastructure to service the business.

Gardner: I’ve been talking to a number of customers this week and I’m certainly hearing from them that the more they adopt and adapt to cloud, the better the returns. They’re seeing better disaster recovery efficiencies. They’re getting better data efficiencies. They’re doing better with their networks. It seems as if it becomes pervasive.

But I’m wondering too, Carl, for those companies that resist this, are they facing a penalty? It seems to me that they could be at a competitive disadvantage pretty quickly.

Eschenbach: Among our customers, the people who typically resist moving to cloud-based architectures or solutions are actually the CIOs and their infrastructure team itself.

The reason for that is that the line of business has this notion, or has this understanding, that they can move to public cloud models and it’s much cheaper, faster, and in some cases, they think more reliable. In effect, they forget that the CIO has processes in place, has existing expenses on building out its infrastructure, has security, compliance, and controls of the IT that’s already running on that infrastructure.

If we can help the CIO build out a cloud infrastructure within their own four walls of their data center, the line of business would much rather leverage them, if they can get all the security, compliance, and controls that they are accustomed to getting, but get it at a faster, cheaper rate, which is the promise of the public cloud.

So the CIOs are really the ones who may resist cloud today, but in the end they’re the ones who have to move to a cloud faster, so the line of business does not go around them and fall into alternatives to support the business.

Gardner: That gets back to that relevancy. It seems to me that they risk becoming irrelevant if they resist, but they could actually increase their role and importance in the organization by embracing cloud.

Eschenbach: No question. There was an example on stage here. I had an opportunity to interview the CIO at Revlon. One of the things that he talked about was the fact that he increased the IT project throughput through his organization by 300 percent, when he built out a highly automated, private-cloud infrastructure.

What’s happened, he said, is that the line of business and his business partners no longer think of IT as the barrier or the roadblock to rolling out new revenue-generating services. Instead they look to them, because they know they can service them in a much faster way.

Gardner: I look around me here at the show and I see some of the largest corporations in the world. I also see some of the largest IT vendors in the world. There’s a big ecosystem that’s developed here.

But I’m also seeing smaller companies. So cloud’s message, cloud’s value to small to medium-sized business (SMBs), is it just as good as what we are telling them in terms of their enterprise size companies and the benefits. Or is there even greater opportunity for SMBs?

Eschenbach: Cloud provides business benefit for all types of customers, regardless of the vertical market segment they’re in or their size and scope.

If you think about cloud computing, the promise it brings customers is the ability to get access to infrastructure and data in a very cost-efficient, rapid way and only pay for what you use. It’s a great value proposition, regardless of size and scope of your organization and company.

With that being said, some of the people moving to cloud services first are actually SMB organizations and companies, because they don’t necessarily have the IT skill set that’s required to keep up with the business demands. Therefore, if they can get this service from someone else, and get a service level agreement (SLA) that’s relevant to their business, then they will move to a cloud model faster than the large enterprises will.

We’re seeing many SMB and mid-sized companies move to cloud-based models and offerings much faster than the large enterprise or the multinationals.

Gardner: Let’s slice it another way. How about vertical industry-specific clouds? We’ve started to see a little bit of this. NYSE is probably a great example. Do you expect to see more of that, where we’ve got intermediaries between a general-purpose cloud approach and that more specific to the business processes that are germane and relevant to specific industries?

Eschenbach: We’re really excited about the partnership we’ve formed with the NYSE Euronext and the Capital Markets Community Platform that we had announced back in May. The feedback from that announcement has been pretty positive.

In fact, their CIO was on stage with me just the other day, and he not only spoke about how they’re supporting their own infrastructure at NYSE Euronext based on vSphere, but now with this Capital Markets cloud they are taking some of their same services and offering them to this new community cloud market.

While that is the first cloud that was really stood up, we do expect and believe that there will be other vertical clouds that are going to be stood up, whether it’s in the federal government, where there’s already been some announcements around that.

I also think you can anticipate seeing some other financial services clouds, as well as healthcare clouds, being stood up as well. This is a trend that will continue.

One of the reasons we believe it will continue is because people can stand up clouds and bring very specific business benefit that is very repeatable across the customers who are going to run on that cloud because they are in the same vertical. If they have the same compliance issues, or security, or other regulatory things that they have to adhere to, building a community cloud for one specific vertical is a lot easier than trying to serve an entire market with multiple, vertical clouds.

Gardner: I’m still impressed by the amount of energy I’m seeing here. You’d never know that we have an economic stagnation problem around the world. People here are really jazzed, but I suppose we need to look at this as a trying time as well.

What are you encouraged by in your meetings with folks and discussions in terms of how they are able to do more with less essentially?

Eschenbach: This week I’ve had a great opportunity to spend a lot of time with customers and our ecosystem set of partners. I can tell you that everyone is excited for this major tectonic shift we are seeing in the industry, and these shifts only happen every 10 or 20 years.

People are starting to say that this whole cloud computing era is coming to life, and people are trying to look at IT in a different way. They want IT to be their business partner so that they can differentiate themselves in this global economic environment.

One thing that VMware and our ecosystem set of partners do is that we allow our customers to do more with less, and that’s kind of a cliche statement. A lot of people say, we will bring IT services and solutions to you and we will allow you to do more with less. Well, quite honestly, if you look back over the history of VMware, that has been a very consistent value proposition that we bring to our customers.

Even potentially in a down market or a market where we have a strong headwind, I believe VMware and the rich set of ecosystem partners we have, we will always move to the top of the pile, when people think about IT investments, because we will indeed reduce their overall CAPEX and OPEX cost, at the same time providing better IT agility for the lines of business.

As we move into 2012, our customers and business partners can continue to bet on VMware as being a very strategic weapon for them to differentiate themselves in this very competitive market.

The thing I will end on here is one thing that we are focused on is helping our customers go through this transformation towards cloud computing in a very programmatic way that allows them to protect their existing assets in the data center, and also protect their legacy applications, but move to a new world of cloud computing all at the same time. That is what excites me in the opportunity we collectively have with our partners as we look into 2012.

Dana Gardner

Dana Gardner is president and principal analyst at Interarbor Solutions, which tracks trends, delivers forecasts and interprets the competitive landscape of enterprise applications and software infrastructure markets for clients. He also produces BriefingsDirect sponsored podcasts. Follow Dana Gardner on Twitter. Disclosure: VMware sponsored this podcast.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

E-commerce Times Channels

Unprotected Machine Identities Newest Enterprise IT Security Concern

A new report by a privileged access management firm (PAM) warns that IT security is worsening as corporations remain bogged down on deciding what to do and what it will cost.

Delinea, formerly Thycotic and Centrify, on Tuesday released the research based on 2,100 security decision-makers internationally, revealing that 84% of organizations experienced an identity-related security breach in the past 18 months.

This revelation comes as enterprises continue to grapple with expanding entry points and more persistent and advanced attack methods from cybercriminals. It also highlights differences between the perceived and actual effectiveness of security strategies. Despite the high percentage of admitted breaches, 40% of respondents believe they have the right strategy in place.

Numerous studies found credentials are the most common attack vector. Delinea wanted to know what IT security leaders are doing to reduce the risk of an attack. The study focused on learning about organizations’ adoption of privileged access management as a security strategy.

Key findings of the report include:

  • 60% of IT security decision-makers are held back from delivering on IT security strategy due to a host of concerns;
  • Identity security is a priority for security teams, but 63% believe it is not understood by executive leaders;
  • 75% of organizations will fall short of protecting privileged identities because they refuse to get the support they need.

ID Security a Priority, But Board Buy-in Critical

Lagging corporate commitment to actually take action is the growing policy many executives seem to be following regarding IT efforts to provide better breach prevention.

Many organizations are hungry to make a change, but three quarters (75%) of IT and security professionals believe those promises of change will fail to protect privileged identities due to corporate lack of support, according to researchers.

The report notes that 90% of respondents said their organizations fully recognize the importance of identity security in enabling them to achieve their business goals. Almost the same percentage (87%) said it is one of the most important security priorities for the next 12 months.

However, a lack of budget commitment and executive alignment resulted in a continuing stall on improving IT defenses. Some 63% of respondents said that their company’s board still does not fully understand identity security and the role it plays in enabling better business operations.

“While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks,” said Joseph Carson, chief security scientist and advisory CISO at Delinea.

“This means that the majority of organizations will continue to fall short of protecting privileges, leaving them vulnerable to cybercriminals looking to discover privileged accounts and abuse them,” he added.

Lacking Policies Puts Machine IDs at Great Risk

Companies have a long road ahead to protect privileged identities and access, despite corporate leaders’ good intentions. Less than half (44%) of the organizations surveyed have implemented ongoing security policies and processes for privileged access management, according to the report.

These missing security protections include password rotation or approvals, time-based or context-based security, and privileged behavior monitoring such as recording and auditing. Even more worryingly, more than half (52%) of all respondents allow privileged users to access sensitive systems and data without requiring multifactor authentication (MFA).

The research brings to light another dangerous oversight. Privileged identities include humans, such as domain and local administrators. It also includes non-humans, such as service accounts, application accounts, code, and other types of machine identities that connect and share privileged information automatically.

However, only 44% of organizations manage and secure machine identities. The majority leave them exposed and vulnerable to attack.

Graph: Delinea Benchmarking Security Gaps and Privileged Access

Source: Delinea global survey of cybersecurity leaders


Cybercriminals look for the weakest link, noted Carson. Overlooking ‘non-human’ identities — particularly when these are growing at a faster pace than human users — greatly increases the risk of privilege-based identity attacks.

“When attackers target machine and application identities, they can easily hide,” he told TechNewsWorld.

They move around the network to determine the best place to strike and cause the most damage. Organizations need to ensure machine identities are included in their security strategies and follow best practices when it comes to protecting all their IT ‘superuser’ accounts which, if compromised, could bring the entire business to a halt, he advised.

Security Gap Growing Bigger

Perhaps the most important finding from this latest research is that the security gap continues to get larger. Many organizations are on the right path to securing and reducing cyber risks to the business. They face the challenge that large security gaps still exist for attackers to gain an advantage. This includes securing privileged identities.

An attacker only needs to find one privileged account. When businesses still have many privileged identities left unprotected, such as application and machine identities, attackers will continue to exploit and impact businesses’ operations in return for a ransom payment.

The good news is that organizations realize the high priority of protecting privileged identities. The sad news is that many privileged identities are still exposed as it is not enough just to secure human privileged identities, Carson explained.

The security gap is not only increasing between the business and attackers but also the security gap between the IT Leaders and the business executives. While in some industries this is improving, the issue still exists.

“Until we solve the challenge on how to communicate the importance of cybersecurity to the executive board and business, IT leaders will continue to struggle to get the needed resources and budget to close the security gap,” he warned.

Cloud Whack-a-Mole

One of the main challenges for securing identities is that mobility and cloud environment identities are everywhere. This increases the complexity of securing identities, according to Carson.

Businesses still attempt trying to secure them with the existing security technologies they already have today. But this results in many security gaps and limitations. Some businesses even fall short by trying to checkbox security identities with simple password managers, he said.

“However, this still means relying on business users to make good security decisions. To secure identities, you must first have a good strategy and plan in place. This means understanding the types of privileged identities that exist in the business and using security technology that is designed to discover and protect them,” he concluded.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Enterprise Security