How Malaysia’s Bank Simpanan Nasional implemented a sweeping enterprise content management system

The next BriefingsDirect big data and information governance innovation case study highlights how the National Savings Bank in Malaysia has implemented a sweeping enterprise content management system (ECMS) project.

Learn how this large community bank has slashed paper use, increased productivity, rationalized storage and documents, and cut security risks, while adhering to compliance requirements.

Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android. Read a full transcript or download a copy.

To walk us through the bank’s journey to better information management is Alain Boey, Senior Vice President in the Transformation Management Department at the National Savings Bank in Malaysia. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: What were the major drivers that led you to seek a comprehensive approach to enterprise content management?

HP Document and records management system
Helps meet regulatory compliance issues
Get more information

Boey: We were trying to standardize a lot of our processes in the bank and, as you know, in the bank itself we used a lot of paper. There are a lot of documents flying around and documents have to be couriered from one place over to our headquarters (HQ) for processing. We have 14 states all across Malaysia, and all these documents have to be couriered on a daily basis over to our HQ in Kuala Lumpur.

Boey

We were trying to see how we can shorten that process itself, so that we can at least be able to give an answer to our customers in the shortest time possible. By putting in an ECMS, we were able to standardize a lot of the processes that involved paper. Then, documents were able to be retrieved easily regardless of where the person is. In terms of processing times, we were able to shorten the processing time from four days to less than a day.

The documents are now scanned and then uploaded to the server, which is easily accessed  by anybody around Malaysia. The whole objective of going in to the ECMS was to improve the entire customer experience, and also to put in best practices involving processes as well as systems. Ultimately, what we want to achieve is to see how we can serve our customer better.

Gardner: Tell us a little bit about your bank. It’s a quite a distributed organization and there are a lot of moving parts to it. I can understand why it would be a challenge to centralize all of your information.

Promote and mobilize savings

Boey: Bank Simpanan Nasional is owned by the Ministry of Finance. We were incorporated in 1974. So we’re 40 years old as of December last year. Our objective is to promote and mobilize savings for the entire Malaysia.

We’re specially set up by the Ministry of Finance to provide savings and banking opportunities to all Malaysians. Because we’re a national bank, we have branches all across Malaysia. We have 402 branches, and these are serviced by our 6,800 employees.

We also have what we call agent banking. We have 5,200 agents who are able to operate on behalf of the bank. BSN, as what we are normally known in Malaysia, has 982 automatic teller machines (ATMs) and 338 cash deposit machines (CDMs) and this is to serve more than 9.5 million customers. In short, we’re a diverse bank. We’re the only bank that you can find in the remotest parts of Malaysia.

That’s why before ECMS came in, it was very challenging. Documents had to be couriered or had to carried from one place to our central office. Because of that, a simple loan application, for instance, could take up to four to five days before it can reach the central office. That created a lot of challenges in trying to satisfy our customers, especially those applying for loans. They want to know the status of their loan application as soon as possible.

Number two, we also had issues in regard to the management of the documents. Documents had to be stored, and there were issues in relation to the access of physical documents themselves. As we all know, real estate prices have gone up, so storing all these physical documents doesn’t make sense for the bank.

We wanted to see how we could also find a way to remove as many of these physical documents as possible, and also to make the retrieval of the documents easy. We’re also trying to put in controls over access of the documents. Physical paper files can be lost while in transit, or can even be lost because they get misplaced, or a file is missing.

We wanted to put in place a system whereby we’re able to track the entire lifecycle of the document. The moment the document is scanned, we’re able to see the status of the document itself, as well the status of the application and then the entire lifecycle management of the document. That’s pretty much what we wanted to achieve from this whole exercise.

Gardner: Not only do you get a centralized view and more information about each document much quicker, but you also create a much better security and audit trail, and therefore compliance benefits?

Boey: Definitely. Now, we have a better audit trail of document movement. We have better control in terms of the versioning, like who puts in what. We’re also able to rollout a consistent taxonomy for all documents. Whatever documents go into ECMS have to follow a certain methodology in taxonomy inference of the naming. So anybody in Malaysia, when they want to access a file, they’re able to identify the file by just looking at the name of the file.

Of course, because everything is in soft copy, we have a back-up in terms of the disaster recovery (DR) as well. So, there’s no issue, if a document goes missing, in how we access it and how we look for important documents. So, now that we have a proper DR, we’re able to retrieve the documents, even if the physical copy is missing.

Primary technologies

Gardner: Alain, tell us how you went about this. What were the primary technologies, processes, and skills that were required to make this happen?

Boey: The journey itself took us about two years. We explored many vendors in the market to look at which available technologies were able to satisfy our requirements. There were a lot of vendors providing document management systems, but we wanted an enterprise-level system so that we’re able to use the same system across the entire organization.

We went through a series of vendors and then eventually we decided to go with HP’s Autonomy and also the HP TRIM Records Management System. Of course, there were many solutions that we looked at. It was an open tender, and the evaluation team comprised a combination of business users as well as technical users. Based on the result of this, the evaluators were comfortable with this solution and the technology that was being provided by HP.

Then, during implementation itself, we were able to have better hands-on experience on the HP TRIM software as well as on Autonomy. We found that the software was very flexible. We were able to build workflows together, and they were also able to put in a lot of controls and a lot of parameterized input. That makes usage, as well as maintenance, easy.

Gardner: When you go to a digital and managed system like this, you also get benefits for archive and back-up and perhaps even reduction in overall storage infrastructure costs. Is there anything about the storage and back-up and archive benefits that also came to play?

Boey: Definitely. Because we’re a bank, all the documents that we have have to be backed up. Previously, every document had to be duplicated, so we had two files of it. That made retrieval and storage challenges as well.

Once a soft copy is in, you’re able to make multiple copies if you want to, but because we have a DR in place, we’re able to replicate the files to our DR. In terms of archival, it’s easier because we can follow our standard archiving policy. When it comes to the end of the lifecycle of the document itself, there are proper procedures to manage the expiry of the documents as well as the disposal of the hard copy.

Now that they have the managed soft copy, we’re able to track the entire movement, and when it comes to the expiry itself, notifications will remind the users that this document is due for disposal at whatever period of time. The users can then prepare the necessary procedures in regard to disposal of the documents.

HP Document and records management system
Helps meet regulatory compliance issues
Get more information

Maintenance becomes easier because we don’t need to have someone physically managing the entire lifecycle of the document. We’re leaving it to the system to tell us when what action should be taken for a typical document.

Gardner: Let’s look at some of the results, some of the paybacks that you’ve achieved as a result of your project. First, I suppose, customer satisfaction is always important. What have you heard from the users, the customers, in terms of how they view this as an improvement? And are there other metrics of success?

User surveys

Boey: We have conducted some surveys with the users in regard to the experience of using the system. Initially, when the system was first rolled out, there were some challenges in the users’ options because those were basically changing the way they were used to doing things. Because documents now are all committed electronically, that means physical processes that will have to be eliminated.

There were some challenges from the users in regard to so-called job security, because things were now being replaced by the system itself. We were able to retrain some of these users to other functions. For example, when a document comes in, once the document is scanned it goes into the system, and we need someone to physically eyeball the information.

Previously, someone was preparing the documents for couriering. Now, their new role is basically to eyeball some of this information, to check the consistency, as well as the completeness and the accuracy of the information.

Because of this, we’re able to see happier customers and users because they are able to see the benefits from using the system.

Sales agents are basically paid by commission. So the faster the loan is approved, for example, the faster they will get the commission. Now, with the system in place, we’re able to see shorter turnaround time in terms of the processing. Because of this, the customers are able to get an answer from the bank in the shortest time possible. The customer will then be able to decide if they want to take out the loan with the bank.

With all of this, we’re able to shorten the turnaround time for the loan application and the turnaround time for the commission payment, as well as the turnaround time for the feedback to the customers.

Overall, in the three surveys that they have conducted by the bank, the results have been positive. We’ve seen a higher usage of the system since it has been implemented.

On the customer side, based on the feedback that we have received as well as the surveys that have been done, the customers are happier because they’re able to get the answers from the bank sooner.

Previously, we had a lot of drop in customers because the time it took to revert back to them was longer. Now, if an application comes in, it’s submitted on one day, and the customer is able to get a reply in less than 24 hours. So this has increased customers’ satisfaction.

Gardner: What about the future? What comes next? Does this capability that you’ve put in place open up the possibility for other improvements in your infrastructure and documented information management, perhaps some sort of analysis capability or search in other higher order functions around business intelligence?

Robust system

Boey: In doing the implementation, the HP team helped us build some of these applications and helped us put in the applications for some of the departments. Moving forward, we’re rolling out to all the other departments in the bank, all of the back offices, and these are going to done by our own team. So it shows the robustness of the system that the team is able to pick up the knowledge of the system and then to roll it out.

Now, with all of this information that we have, we’re also looking at the analytics surrounding the data, the data that we have received. We’re looking to see how we can further improve the customers’ experience based on the information that we have in the system.

We’re trying to shorten the entire processing time as much as possible, now that we have better management and information on the processing time.

We’re also trying to see, based on the information that we have, whether we’re able to better understand our users’ behavior. Sometimes, our sales agents are quite smart in playing along with their sales target, like what it’s going to be for this month or is this going to be for next month. So we are trying to get a better understanding of our user’s behavior through the information in BSN itself.

And also similarly for the customers, based on the analytics surrounding the customers and the information in the system, we are also exploring better products and services to best satisfy our customers’ expectations.

Gardner: If you have an opportunity to instruct someone who is starting out on a similar project, what lessons have you learned? What advice might you offer to those who are beginning a comprehensive ECMS project?

Boey: Look at the bigger picture. There are a lot of document management systems, but if you’re looking for an ECMS, you need to identify your objectives. If your objective is just to scan a document, then probably an ECMS will not work.

But if your objective is to look at improving the return on investment (ROI), improving the entire costumer experience, putting in better control on the document lifecycle — then an ECMS would work for you.

Also, explore what’s available in the market in terms of the solution and get to know the vendors, the solution providers, well so that you have a better understanding of the technology, and you have a better knowledge of the roadmap of the technology. Then, you’re able to plan your future, your three-year plans or your five-year business plans based on the roadmap of the solution.

Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested in:

Posted in Cloud computing, HP | Tagged , , , , , , , , , | Leave a comment

Ariba’s digital handshake helps Caesars up the ante on supply chain diversity

The next BriefingsDirect business trends interview focuses on Caesars Entertainment Corp. and how they’re transforming supplier discovery and improving their supplier diversity through collaboration across cloud-based services and open business networks.

Learn from Caesars’ best practices on how they expand diversity across their supply chain and how that’s been accomplished using Ariba Discovery. We’ll hear first-hand how one supplier, M & R Distribution Services, has benefited from such supplier visibility on the business network.

Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android. Read a full transcript or download a copy. 

For the inside story on improved supply chain visibility and access, please join our guests, Jessica Rosman, Director of Supplier Diversity and Sustainability at Caesars Entertainment based in Las Vegas, and Quentin McCorvey, Sr., President and COO of M&R Distribution Services, based in Cleveland. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: What are some of the more difficult aspects of finding the right supplier for the right job under the right circumstances?

Rosman

Rosman: Oftentimes, our portfolio managers look into their natural networks of suppliers we’ve already used or suppliers who have contacted us, but that can be limiting. Having a wider network or using the Discovery tool on Ariba has allowed us to open up to millions of different suppliers that we haven’t met before and who we might want to do business with us.

Additionally, we do numerous outreach events into the communities in which we operate, so we can find top suppliers and include them in our supply chain.

Gardner: What sort of supplier requirements are there, and has that been changing over the years? Is there a moving target for this?

Rosman: For Caesars, it really depends on the category or commodity that we’re searching for. Certain commodities may require larger supply chains or more integrated processes than others. But for all of our suppliers, we’re looking for quality, service, and price. That may also include requirements around insurance, delivery time, or other needs to meet those three areas.

Gardner: People are familiar with the Caesars’ name, but your organization includes a lot more. Tell us about the breadth and scope of your company.

Rosman: Caesars Entertainment is the largest globally diversified casino network. We’re also the home of Horseshoe, Harrah’s, Total Rewards, Paris, Rio, and obviously, the most famous, Caesars Palace in Las Vegas.

Gardner: Quentin, tell us a little bit about M&R and why getting the visibility from folks like Caesars has been a good thing for you?

McCorvey: M&R Distribution Services, my company, was established in 2008 by my partner Joe Reccord and myself. I came out of banking and had experience and a background of 12 years in banking. My partner has been in the distribution business for over 20 years as a market leader in a regional distribution company. We’re primarily focused on distributing products such as disposable gloves. Most maintenance, repair, and operations (MRO) product lines are in our portfolio, as well as personal protective equipment and trash liners.

McCorvey

You asked how this has been important for us or how Caesars’ relationship has been important for us. It has been very important, because, as Jessica said, we found each other through some of their outreach events that they have in the community.

It was through a National Minority Supplier Development Council. My company is a nationally certified minority business. With this networking event and through a matchmaking event, I found someone on Jessica’s team, Bridget Carter, and learned a little bit more about Caesars and the opportunities that happened within Caesars. Then, through further connections, we had some opportunities that led to a strong relationship.

Gardner: What is it about making these connections between buyer and seller that’s easier today? What’s changed in the past several years?

It’s about relationships

Rosman: Technology has changed, but some things haven’t changed. At the end of the day, business is about relationships. To start that relationship, there are new ways that we can meet different businesses by doing outreach and having the Ariba Discovery tool, where we can team up buyers and sellers through using Naics codes, UnPsc codes, or other types of codes. Using those, we can find those who want to sell and those who want to buy.

But part of it is the same as it has always been, which is about having that face-to-face connection, knowing that there is a potential relationship and feeling comfortable that that business will deliver on the quality, the service, and the need for the internal customer that there always has been.

Gardner: As to your title, Supplier Diversity and Sustainability, how important is that? How did that come about and what are your goals?

Rosman: Caesars Entertainment has a code of commitment. Our code of commitment is our code that says that we have a responsibility to the community, to the environment, to our customers, and to our employees to be the best that we can be. Under that code of commitment and in line with it is our Supplier Diversity Program. Our Supplier Diversity Program sits within our sourcing office, but also has a dotted line into the Diversity Department overall.

We are in unique areas across the country. When we do outreach within the community, in part it’s because in order for our businesses to grow, it’s important that we find community and local business partners that can meet the 24-hour, seven-days-a-week business that we have.

It’s different than other business types that have a delivery on Monday and don’t need it again until next week. That outreach has allowed us to find small, medium-size, and large businesses that are minority-owned, women-owned, veteran-owned, and other diverse businesses that can meet those needs.

Gardner: Quentin, tell me a bit about how long you’ve been working with Caesars? Is this strictly in Ohio with some of their properties there? Is it expanded across the company? Have you got a beachhead that’s then expanded? What’s the nature of the business you have?

McCorvey: We initially got engaged with Caesars, as I mentioned, through an outreach program, and through that, an opportunity came up for me to bid on a project with Caesars. Because I had bid on that project, I had to get connected to the Ariba Network. While I didn’t win that opportunity, what I did win was the entrée into a relationship with Caesars. Jessica talked about how a relationship is important, and for minority business, clearly, it’s really about relationship development.

As a minority-owned company, I’m not looking for handout. I’m looking for handshake, an opportunity to earn the business of a customer. I have to prove myself in being able to produce tier 1 pricing capacity and helping in solving pains within the supply chain network. Even with not getting this opportunity, I continued having conversations with Caesars and continued to develop the relationship.

Caesars has a mentoring program, which I was involved in and had the pleasure to become a part of. Through that mentoring program, I was able to sit down with Caesars and discuss certain goals that I wanted to accomplish, not only with my business personally, but also with the business opportunity with Caesars.

Some of those things included meeting the category managers in the categories where I was supplying into the organization and really understanding how to grow my key performance indicators (KPIs), not only directly, but also with Caesars and some of the other opportunities that are there.

Mentoring program

Through this mentoring program, we began to work on the relationship. I began to meet other people within the supply chain more regionally, as well as the national folks — from Jessica and her team to up and down and across the Caesars organization. That’s been a very important process for me.

That’s how we started out. I’ve gotten, and I’m going to get, opportunities through the mentoring program to start serving the company regionally. There are casinos in Ohio. My primary markets are servicing the Ohio casinos. Then, moving out of the region is a goal, ultimately growing into being a national supplier with all 52 properties within Caesars casinos.

Gardner: How important have Ariba Discovery and the Ariba Network been for you? How did you get on it? Was it easy? And where else have you been able to extend this visibility?

McCorvey: I got into the Ariba Network accidentally on purpose. On purpose because I had an opportunity to bid on a national contract with Caesars. When I had that opportunity, I got an invite from the buyer to sign up into Ariba. So I had to put my profile in there in order to bid on the opportunity that was available to me.

I did that, and it was a quick turnaround on the bid. I spent all of my time trying to figure out how to get through this, how to get my profile updated, and how to get the bid engaged.

I didn’t really know that much about the network and how connected the matches were to opportunities. I started seeing alerts and I started seeing, direct opportunities that really connected with my business. Through that, I said let me investigate a little bit further. And when I did, I began to look at some other opportunities. I actually won a couple of opportunities through the system and through the Ariba Network.

When I say “accidentally and on purpose,” I guess it was fortuitous that we had this opportunity to bid. Even though it wasn’t a win directly with that opportunity, it was a win for me and my company.

Gardner: Jessica, how about from the buyer side at Caesars, using the network, having the data, the insights, and the visibility. Has that added more value to your process? Obviously, you’ve got a certain specialization, but is there a more general value that you’re seeing over time?

Rosman: We’ve used Ariba Network for a quite a while now. We started off with request for proposal (RFP) or the sourcing phase or module. We extended to the contracting phase or module and then we eventually went to the procure-to-pay.

We’ve seen a plethora of Ariba services, each one adding and building upon prior Ariba services that we had used. In all of those areas, it’s beneficial, because the lessons learned from a past RFP are archived and you can go back in and find RFPs that were used in the past.

When we’re mentoring suppliers, especially within our Supplier Diversity Program, talking to minority or women suppliers, it helps us to know what some of the contract managers might be asking, or a little bit more about the categories. We don’t pull the entire RFP. We don’t share all of those pieces, but unique items that might be applicable to future questionnaires. That goes all the way through to the procure to pay (P2P). It keeps it easy in one place and it archives the data for us.

Real standardization

Gardner: It sounds like you have a real standardization about how you are going about these things. Is that fair to say?

Rosman: Yes, I believe it is. Our sourcing team has evolved throughout this process to a category-driven leadership approach, and Ariba has been an integral part of that.

Gardner: Any thoughts or recommendations with 20/20 hindsight now for other organizations that are looking for specific requirements in the suppliers that they’re targeting?

Rosman: As we continue to grow, Ariba also continues to grow in this area of supplier diversity. Using Ariba Discovery has also helped us when we’re trying to find minority women or vendors in unique industries.

An example of that is also in Ohio. We were looking to find a women-owned or minority-owned company in that region that sells carbon dioxide. We put it into Ariba Discovery assuming that we wouldn’t find anybody that we hadn’t already met through our outreach events.

We had done very extensive outreach events in the community and talked to more than 300 local vendors and yet we still were able to do find some. When you’re looking for hard-to-reach vendors and looking for that opportunity and connection, it just takes it one step further.

Gardner: Quentin, I imagine that, as a business owner, you’re curious about what new business opportunities are available. Has the visibility within the Ariba environment, seeing what alerts come across, seeing what the bids are about, led you to pursue other business opportunities and lines of business within your company? Has it helped you grow?

McCorvey: It has definitely helped us to grow. When I initially looked at the Ariba Network, I saw it as a procurement platform. But for me it’s actually more of a supply chain accelerator, and I say that because as with any good business what’s important is deal flow, how you get projects and opportunities in the pipeline.

Ariba has been a minimal level of inputs with a maximum level of outputs. So as a company and as a smaller growing company, you’re constantly looking at ways to grow opportunities, to grow market share. Do you invest $20,000, $30,000, $40,000 in a B2B website? Do you engage in Google Analytics? Do you put sales executives in other parts of the country to begin to grow?

Those are all the decisions you have to make every day with a limited amount of resources, because you really want to put that into growing your company. Ariba has has been able to do that. I don’t necessarily have to have a larger sales team or some of the other things out there. I can begin to look at opportunities where I can grow my company in other markets. I can service those markets. It also gives me access to other Fortune 100 and 200 companies that I don’t necessarily have the access to, to begin to look at.

A lot of ideas

What’s important for me is to get a lot of ideas. Jessica talked a little bit about the archived RFPs. But really mining through those archived RFPs, I can see what companies are looking for, what their RFPs have been about, when are their sales cycles coming up again, when can I begin to look at those opportunities and target those opportunities, who are the purchasing and procurement managers that’s managing those lines.

That’s tough data to find. It’s tough to be able to find out who, for example, is procuring resins for a company. You can Google over their website, you can search for it, and you can’t find it, but you will never find that opportunity. It really, really closes down the sales cycle loop for me and gives me maximum value.

Gardner: Well, we’re here at Ariba LIVE, and there’s lots of news being made. We’re hearing about integrated services for travel and expenses. We’re seeing more emphasis on the user experience, end-to-end processes that would end up in a mobile environment or any number of environments.

What’s of interest to you? Where do you see yourselves taking advantage of some of these new technological and process innovations?

Rosman: One of the areas that’s most interesting is learning about how to implement Ariba within your internal team and externally. We’ve done a great job of it within Supplier Diversity Program, but how do we roll that out further amongst our entire supply chain? The takeaway is how can we train internally and train externally to find results using Ariba?

Gardner: Quentin, any thoughts about what’s of interest to you and then perhaps words of advice you could give other companies that are trying to improve their business using a business network?

McCorvey: Jessica hit on it again. Technology is really driving the market. My partner, who has been in the business for 25 years, often tells a story about how when he first started out. He left home every day with a pocket full of quarters and a pager. That day is gone. This is not your father’s Oldsmobile. We really had to begin to leverage technology in a different way.

As a distributor, I’m looking at, and have been typically looking at, the sales side. How can I look at opportunities here? But what’s also been important for me to see and really learn is that I can look at it on the buy side. How can I not only find other manufacturing partners to begin to drive more cost out of my supply chain and even be more competitive in my business and my business environment.

Relative to advice for other customers, other people or other suppliers who are using the network, it’s worth spending some time really understanding how Ariba works and what are the components there within the system. Ariba has some very knowledgeable account executives who work directly with you. You need to spend some time with your account executive to make sure that you update your profile to the point where you can get maximum amount of exposures to the maximum amount of hits.

To reiterate what I said before, it’s important to not only look at to the opportunities that are available to you, but closed opportunities, and see where you can begin to look at opportunities, and see if there are other business ideas or business partnerships that you can develop through the Ariba Network.

Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android. Read a full transcript or download a copy. Sponsor: Ariba, an SAP company.

You may also be interested in:

Posted in Ariba, Networked economy, SAP | Tagged , , , , , , , , , | Leave a comment

Redcentric orchestrates networks-intensive merger using advanced configuration management database

The next BriefingsDirect performance management discussion uncovers how Redcentric PLC in the UK tackled a major network management project due to a business merger. We’ll hear how Redcentric used an advanced configuration database approach to scale management of some 10,000 devices across two disparate companies and made them accessible as a single system.

Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android. Read a full transcript or download a copy.

To learn more about how two major networks became merged successfully using automation based on systems data, we’re joined by Edward Jackson, Operational System Support Manager at Redcentric in Harrogate, UK. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Tell us a little bit about your company and this merger. What two companies came together, and how did that prove to be a complicated matter when it comes to network management?

Enable your network to enable your business
Download the brochure
Maintain an efficient, secure network

Jackson: The two companies coming together were InTechnology and Redcentric. Redcentric bought InTechnology in 2013. Effectively, they were reasonably separate in terms of their setup. Redcentric had three separate organizations, they had already acquired Maxima and Hot Chilli. And the requirement was to move their network devices and ITSM platform base onto the HP monitoring and ITSM platforms in InTechnology.

It’s an ongoing process, but it’s well on the way and we’ve been pretty successful so far in doing that.

Gardner: And what kind of companies are these? Tell us about your organization, the business, rather than just the IT?

Jackson

Jackson: We’re a managed service providers (MSPs), voice, data, storage, networks, and cloud. You name it, and we pretty much deliver it and sell it as part of our managed portfolio..

Gardner: So being good at IT is not just good for you internally; it’s really part and parcel of your business.

Jackson: It’s critical. We have to deliver it and we have to manage it as well. So it’s 100 percent critical to the business.

Gardner: Tell us how you go about something like this, Edward, when you have a big merger, when you have all these different, disparate devices that support networks. How do you tackle that? How do you start the process?

Data cleansing

Jackson: The first phase is to look at the data and see what we’ve got and then start to do some data cleansing. We had to migrate data from three service desks to the InTechnology network, and to the InTechnology ITSM system. You need to look at all the service contracts. You need to also look at all the individual components that make up those contracts, and effectively all the configuration items (CIs), and then your looking at a rather large migration project.

Initially, we started to migrate the customer and the contact information. Then, slowly, we started to re-provision devices from the Redcentric side to the InTechnology Managed Services (IMS) network and load it into our HP management platforms.

We currently manage over 11,000 devices. They are from multiple types of vendors and technologies. InTechnology was pretty much a Cisco shop, whereas at Redcentric, we’re looking at things like Palo Alto, Brocade, Citrix load balancers and other different types of solutions. So it’s everything from session border controllers down to access points.

It was a relatively challenging time in terms of being able to look at the different types of technology and then be able to manage those. Also, we’ve automated incidents from Operations Manager to Service Manager and then notifying customers directly that there is a potential issue ontheir service. So it’s been a rather large piece of work.

Gardner: Was there anything in hindsight that you did at InTechnology vis-à-vis the data about your network and devices that made this easier? Did Redcentric have that same benefit of that solid database, the configuration information? In doing this, what did you wish you had done, or someone else had done, better before that would have made it easier to accomplish?

Jackson: Unfortunately, the data on the Redcentric side of the business wasn’t quite as clean as it was on the InTechnology side. It was held in lots of differnet sources, from network shared drives to Wiki pages. It all had to be collated. Redcentric had another three service desks. We had to extract all the data out of them as well. The service desks didn’t really contain any CI information either. So we had to collate together the CI information along with the contacts and customers.

It was a rather mammoth task. Then, we had to load it into our CRM tool, which then has a direct connection automatically using Web Services and into Service Manager. So it initially creates organizations and contacts.

We had a template for our CIs. If they were a server CI or a network CI, it would be added to a spreadsheet, and would use HP Connect-IT to load into Service Manager. It basically automatically created CIs against the customer and the contacts that were already loaded by our CRM tool.

Gardner: Is there anything now moving forward as a combined company, or in the process of becoming increasingly combined, that these due diligence efforts around network management and configuration management will allow you to do?

Perhaps you’re able to drive more services into your marketplace for your customers or make modernization moves towards perhaps software-defined networking or other trends that are afoot. So now that you are into this, you are doing your due diligence, how does that set you up to move forward?

New opportunity

Jackson: It opens up a new sphere of opportunity. We were pretty much a Cisco shop, but now we have obviously opened up to a lot more elements and technologies that we actively manage.

We have a lot of software-based type of firewalls and load balancers that we didn’t previously have — session border controllers, etc and voice products that we didn’t deliver previously — that we can deliver now due to the fact that we’ve opened up the network to be able to monitor and manage pretty much anything.

Gardner: Any words of advice for other organizations that may have been resisting making these moves. You were forced to do it across the board with the merger. Do you have any advice that you would offer in terms of doing network management and modernization sooner rather than later, other than the fact that people might just think good enough is good enough, or if it’s not broken, don’t fix it?

Jackson: When you’re looking at a challenge like this, you have to make sure you do your due diligence first. It’s down to planning, an “if you fail to plan, you plan to fail” kind of thing, and it’s very true.

Enable your network to enable your business
Download the brochure
Maintain an efficient, secure network

You need to get all the information. You need to make sure that you normalize it and sanitize it before you load it. The cliché is garbage in, garbage out, so there’s no point in putting bad information into a system once again.

We have a good set of clean data now across the board. We literally have 150,000 CIs in our CMDB. So it’s not an insignificant CMDB by any stretch of the imagination. And we know that the data from the Redcentric side of the business is now clean and accurate.

Gardner: How about proving this to the business? For MSPs it might not be as critical, but for other enterprises, this might be a bit more of a challenge to translate these technical benefits into financial or economic benefits to their leadership. Any thoughts about metrics of success that you’ve been able to define that would fit into a return on investment (ROI) or more of an economic model? How do you translate network management proficiency into dollars and cents or pounds or euros?

Jackson: It’s pretty difficult to quantify in a monetary sense. Probably the best way of quantifying the success of the project has been the actual level of support that customers have been given and the level of satisfaction that the customers now have. They’re very, very happy with the level of support that we have now achieving due to Redcentrics ITSM and business service management (BSM) systems. I think, going forward, it will only increase the level of support that we can provide our customers.

As I said, It’s quite difficult to quantify in a monetary sense. However, when churn rates are now as low as 4 percent, you can basically say that you’re doing something good.

Fundamental to the business

In terms of things like the CIs themselves, the CI is fundamental to the business, because it describes the whole of the service, all the services that we offer our customers. If that’s not right, then the support that we give the customer can’t be right either.

You need to give the guys on support the kind of information they need to be able to support the service. Customer satisfaction is ever increasing in terms of what we are able to offer the migrated customers.

Gardner: How about feedback from your help desk, your support, and remediation of people. Do they find that with this data in place, with it cleansed, and with it complete that they’re able to identify where problems exist perhaps better, faster, and easier. Do they recognize whether there is a network problem or a workload support problem, the whole help desk benefit. Anything to offer there?

Jackson: About 80 percent of the tickets raised in the organization are raised through our management platform, monitoring and performance capacity monitoring. We can pretty much identify within a couple of minutes where the network error is. This all translates into tickets being auto raised in our service management platform.

Additionally, within a few minutes of an outage or incident we can have an affected customer list prepared. We have fields that are defined in Service Manager CI’s that will actually give us information regarding what devices are affected and what they are connected to in terms of an end to end service.

We run a customer report against this, and it will give you a list of customers, a list of key contacts and primary contacts. You can convert this into an email. So for a network outage, within a few minutes we can email the customer, create an incident, create related interactions to that incident, and the customer is notified that there is an issue.

Gardner: That’s the sort of brand reinforcement and service quality that many organizations are seeking. So that’s enviable, I’m sure.

Is there any products or updates that could make your job even easier going forward?

Jackson: We’re looking at a couple of things. One of them is HP Propel, which is a piece of software that you can hook into pretty much anything you really want. For example, if you have a few disparate service desks, you can have a veneer over the top. They’ll look all the same to the customers. They’ll have like an identical GUI, but the technology behind it could be very different.

Enable your network to enable your business
Download the brochure
Maintain an efficient, secure network

It gives you the ability then to hook into anything, such as HP Operations Orchestration, Service Manager, Knowledge Management, or even Smart Analytics, which is another area that we are quite keen on looking at. I think that’s going to revolutionize the service desk. It would be very, very beneficial forRedcentric..

There are also things like data mining. This would be beneficial and also help the auto creation of knowledge articles going forward and giving remedial action to incidents and interactions.

Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested:

Posted in data center, HP | Tagged , , , , , , , , , | Leave a comment

HP at Discover delivers the industry’s first open, hybrid, ecosystem-wide cloud architecture

Kicking off Discover 2015, HP today made a wide range of announcements, including industry-wide inclusive enhancements to their heterogeneous Helion cloud portfolio, new DevOps-friendly agile test automation solutions, expanded converged infrastructure offerings with partner Arista, as well as an all-flash expansion of their 3PAR StoreServ products.

HP’s open, ecosystem-wide cloud vision marks, in my opinion, the IT industry’s first and most inclusive architecture that cuts across all major cloud services, “pubic” and “private,” PaaS and IaaS. The HP approach, leveraging open source and standards, provides much more choice to how enterprises exploit cloud-centric hybrid IT — but without running the risk of being exploited themselves.

“We’re the only company that brings it all to you. … A cloud that works with your infrastructure. … The way that you want to transform. … With the right financial architecture for you. … And we don’t dictate to you how to do it,” said HP CEO Meg Whitman in her opening keynote address that the HP Discover conference in Las Vegas.

Specifically, HP announced updates to the HP Helion portfolio, designed to help enterprises transition to a broadly hybrid IT. HP introduced HP Helion CloudSystem 9.0, the next release of its flagship integrated enterprise cloud solution, and enhancements to HP Helion Managed Cloud Services for managing enterprise workloads in hosted cloud environments.

“Enterprise customers have a range of needs in moving to the cloud. Some need to cloud-enable traditional workloads, while others seek to build next generation ‘cloud native’ apps using modern technologies like OpenStack, Cloud Foundry, and Docker,” said Bill Hilf, senior vice president, HP Helion Product and Service Management. “The expanded support for multiple hypervisors and cloud environments in HP Helion CloudSystem 9.0 gives enterprises and service providers added flexibility to gain cloud benefits for their existing and new applications.” [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

HP Helion CloudSystem forms a cross-cloud, private-cloud solution, designed to help enterprises and service providers attain hybrid infrastructure capabilities — enabling automation, orchestration and control across multiple heterogeneous clouds, workloads, and technologies, says HP. HP is calling itself a transition partner, not just a vendor or cloud provider.

HP Helion CloudSystem 9.0 expands support for multiple hypervisors and multiple clouds to provide enterprises and service providers with maximum flexibility. Additionally, HP Helion CloudSystem 9.0 integrates HP Helion OpenStack and the HP Helion Development Platform to provide customers an enterprise grade open source Cloud Foundry PaaS for cloud native application development and infrastructure.

Features and benefits

HP Helion CloudSystem 9.0 features and benefits include:

  • Simultaneous support for multiple cloud environments, including Amazon Web Services (AWS), Microsoft Azure, HP Helion Public Cloud, OpenStack technology and VMware, with the ability to fully control where workloads reside.
  • The latest release of HP Helion OpenStack, exposing OpenStack software APIs to simplify and speed development and integration with other clouds and offering developer-friendly add-ons with the HP Helion Development Platform based on Cloud Foundry.
  • Support for multiple hypervisors, now including Microsoft Hyper-V, Red Hat KVM, VMware vSphere, as well as bare-metal deployments, offering customers additional choice and avoiding vendor lock-in.
  • Support for AWS-compatible private clouds through integration with HP Helion Eucalyptus, giving customers the flexibility to deploy existing AWS workloads onto clouds they control.
  • Support for unstructured data through the Swift OpenStack Object Storage project
  • The latest version of HP Cloud Service Automation, providing the management capabilities to control hybrid cloud environments and a built-in path to support distributed compute, efficient object storage and rapid cloud native application development
  • An intuitive setup model delivered as a virtual appliance, allowing for installation in hours

Given that enterprises spend up to 90 percent of their IT budget on maintaining existing systems, HP estimates that enterprises can reduce IT maintenance costs by approximately 40 percent by migrating existing systems to a clouds-based architecture.

HP Helion CloudSystem 9.0 is available as standalone software supporting a multiple-vendor hardware environment or as a fully-integrated blade-based or hyper-converged infrastructure with HP ConvergedSystem. Availability is planned for later this year.

HP Helion Managed Cloud Services will launch into beta later this year HP Helion OpenStack Managed Private Cloud and HP Helion Eucalyptus Managed Private Cloud, both of which will be consumable as a service via an easy access portal.

In addition to these new beta offerings, HP Helion Managed Cloud Services will support the development of cloud native applications within a managed cloud service via the HP Helion Development Platform and automation of select virtual private cloud services.

HP Helion Managed Cloud Services features and benefits include:

  • New automated provisioning capabilities through a self-service portal based on HP Cloud Service Automation, enabling clouds to be deployed more quickly.
  • Support for multiple platforms to enable hybrid cloud proof-of-concepts using HP Helion OpenStack and HP Helion Eucalyptus.
  • Cloud native application development capabilities through integration with the HP Helion Development Platform, allowing enterprises to rapidly develop, deploy and deliver cloud native apps.

Helping developers “shift left”

HP also announced a new functional test automation solution, HP LeanFT, which allows software developers and testers to leverage continuous testing and continuous delivery methodologies to rapidly build, test, and deliver secure, high-quality applications. In many ways, it accelerates the adoption of agile and DevOps, but in a managed way.

HP LeanFT embraces the Agile methodology “shift left” concept by leveraging the key tools of the modern Agile developer ecosystem, says HP. It’s built specifically for continuous testing and continuous delivery, and fits naturally into existing ecosystems (such as Microsoft TFS, GIT, and Subversion) and frameworks that support test driven and behavior driven development. It has powerful test automation authoring with either C# or Java, and IDE integration. It forms an enabling test foundation for improved DevOps.

In the most recent Forrester Wave on Modern Application Functional Test Automation, Forrester states: “HP UFT vision will appeal to developers. HP’s vision and three-year road map is anchored on LeanFT, which, if executed in a timely fashion, will appeal to testers and developers. In fact, LeanFT will be the bridge from UFT to the future with increased focus on Agile developers, flexible licensing, better cross-browser testing, mobile testing, and Internet of Things (IoT) testing as further key elements of the road map.”

The new solution integrates with HP Application Lifecycle Management, Quality Center, and Mobile Center, which allows developers and testers to reduce maintenance costs, share testing resources, and deliver new mobile applications at Agile speed. HP also introduced major upgrades to its flagship HP Unified Functional Testing and HP Business Process Testing products, including support for GIT integration as a repository option and scriptless keyword-driven testing, says HP.

“HP LeanFT beautifully balances the twin imperatives of velocity and quality by allowing developers to operate in the modern Agile and DevOps ecosystem, while also leveraging our proven capabilities in application testing and application lifecycle management,” says Raffi Margaliot, SVP and GM, HP Application Delivery Management.

HP LeanFT will be available in July 2015 on http://saas.hp.com. HP Unified Functional Testing 12.5 and HP Business Process Testing 12.5 will also be available in July. Customers who upgrade to HP UFT 12.5 will receive HP LeanFT free of charge.

HP Application Defender is available now for free on five pre-production application instances. For more information, please visit http://go.saas.hp.com/application-defender-trial.

In other news

In other news, HP announced that it was expanding its converged infrastructure portfolio, including enhancements to its HP OneView 2.0 management platform, a new partnership with Arista Networks, and a series of new workload optimized reference architectures. These new offerings will give customers the flexibility they need to transform to hybrid architecture and at the same time, protect their existing IT investments.

OneView unifies processes, UI’s and APIs across HP server, storage, and Virtual Connect networking devices. HP states that OneView can be configured in 96 percent less time, taking only five steps to deploy a VMware vSphere Cluster, and has nine times faster error resolution.

New features include automated server change management, server profile templates (making it easier to define firmware and driver baselines as well as server, LAN and SAN settings), and new profile mobility that enable migration and recovery of workloads across server platform types, configurations, and generations.

The partnership with Arista Networks, which delivers software-defined networking solutions for data centers, cloud computing, and HPC environments, is beneficial for customers who are looking for flexibility in infrastructure that handles performance-intensive, virtualized and highly dynamic workloads.

These new solutions are designed to support private, public and hybrid cloud applications while providing a flexible and open choice across compute and storage, including all-flash solutions with HP 3PAR StoreServ.

HP announced new 3PAR flash storage models. The HP 3PAR StoreServ 20000 enterprise family is due to ship in August and features a 20850 all-flash model and a 20800 converged flash array that supports hard-disk drives and solid state drives.

Both start at two controllers and can scale out to eight. The 20850 can hold up to 1024 solid state  drives, ranging from 480 GB to a new 3.84 TB drive.

HP also took advantage of Discover to announce that DreamWorks Animation has selected HP to automate its IT infrastructure. By deploying  HP Datacenter Care – Infrastructure Automation, HP is enabling DreamWorks Animation to manage its infrastructure as code for continuous delivery of applications and services.

You may also be interested in:

Posted in big data, Cloud computing, HP, managed services | Tagged , , , , , , , , | Leave a comment

How Tableau Software and big data come together: Strong visualization embedded on an agile analytics engine

The next BriefingsDirect big data innovation discussion highlights how Tableau Software and big data analytics platforms come together to provide visualization benefits for those seeking more than just crunched numbers. They’re looking for ways to improve their businesses effectively and productively, and to share the analysis quickly and broadly.

Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android. Read a full transcript or download a copy.

To learn more, BriefingsDirect sat down with Paul Lilford, Global Director of Technology Partners for Tableau Software, based in Seattle, and Steve Murfitt, Director of Technical Alliances at HP Vertica. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Why is the tag-team between Tableau and big data so popular. Every time I speak with some one using Vertica, they inevitably mention that they’re delivering their visualizations through Tableau. This seems to be a strong match.

Become a member of myVertica
Register now
Gain access to the HP Vertica Community Edition

Lilford: We’re a great match primarily because Tableau’s mission is to help people see and understand data. We’re made more powerful by getting to large data, and Vertica is one of the best at storing that. Their columnar format is a natural format for end users, because they don’t think about writing SQL and things like that. So, Tableau, as a face to Vertica, empowers business users to self serve and deliver on a depth of analytics that is unmatched in the market.

Lilford

Gardner: Now, we can add visualization to a batch report just as well as a real-time. streamed report. What is it about visualization that seems to be more popular in the higher-density data and a real-time analysis environment?

Lilford: The big thing there, Dana, is that batch visualization will always common. What’s a bigger deal is data discovery, the new reality for companies. It leads to becoming data driven in your organization, and making better-informed decisions, rather than taking a packaged report and trying to make a decision that maybe tells you how bad you were in the past or how good you might think you could be in the future. Now, you can actually have a conversation with your data and cycle back and forth between insights and decisions.

The combination of our two technologies allows users to do that in a seamless drag-and-drop environment. From a technical perspective, the more data you have, the deeper you can go. We’re not limiting a user to any kind of threshold. We’re not saying, this is the way I wrote the report, therefore you can go consume it.

We’re saying, “Here is a whole bunch of data that may be a subject area or grouping of subject areas, and you’re the finance professional or the HR professional. Go consume it and ask the questions you need answered.” You’re not going to an IT professional to say, “Write me this report and come back three months from now and give it to me.” You’re having that conversation in real time in person, and that interactive nature of it is really the game changer.

Win-win situation

Gardner:  And the ability for the big data analysis to be extended across as many consumer types in the organization as possible makes the underlying platform more valuable. So this, from HP’s perspective must be a win-win. Steve?

Murfitt: It definitely is a win-win. When you have a fantastic database that performs really well, it’s kind of uninteresting to show people just tables and columns. If you can have a product like Tableau and you can show how people can interact with that data, deliver on the promise of the tools, and try to do discovery, then you’re going to see the value of the platform.

Murfitt

Gardner: Let’s look to the future. We’ve recently heard about some new and interesting trends for increased volume of data with the Internet of Things, mobile, apps being more iterative and smaller, therefore, more data points.

As the complexity kicks in and the scale ramps up, what do you expect, Paul, for visualization technology and the interactivity that you mentioned? What do you think we’re approaching? What are some of the newer aspects of visualization that makes this powerful, even as we seek to find more complexity?

Lilford: There are a couple of things. Hadoop, if you go back a year-and-a-half or so, has been moving from a cold-storage technology to more to a discovery layer. Some of the trends in visualization are predictive content being part of the everyday life.

Tableau democratizes business intelligence (BI) for the business user. We made it an everyday thing for the business user to do that. Predictive is in a place that’s similar to where BI was a couple years ago, going to the data scientist to do it. Not that the data scientist’s value wasn’t there, but it was becoming a bottleneck to doing things because you have to run it through a predictive model to give it to someone. I think that’s changing.

So I think that predictive element is more and more part of the continuum here. You’re going to see more forward-looking, more forecast-based, more regression-based, more statistical things brought into it. We’ll continue to innovate with some new visuals, but the standard visual is unstructured data.

This is the other big key, because 80 percent of the world’s data is unstructured. How do you consume that content? Do you still structure it or can you consume it where it sits, as it sits, where it came in and how it is? Are there discoverers that can go do that?

You’re going to continue see those go. The biggest green fields in big data are predictive and unstructured. Having the right stores like Vertica to scale that is important, but also allowing anyone to do it is the other important part, because if you give it to a few technical professionals, you really restrict your ability to make decisions quickly.

Gardner: Another interesting aspect, when I speak to companies, is the way that they’re looking at their company more as an analytics and data provider internally and externally. The United States Postal Service  view themselves in that fashion as an analytics entity, but also looking for business models, how to take data and analysis of data that they might be privy to and make that available as a new source of revenue.

I would think that visualization is something that you want to provide to a consumer of that data, whether they are internal or external. So we’re all seeing the advent of data as a business for companies that may not have even consider that, but could.

Most important asset

Lilford: From our perspective, it’s a given that it is a service. Data is the most important asset that most companies have. It’s where the value is. Becoming data driven isn’t just a tagline that we talk about or people talk about. If you want to make decisions and decisions that move your business, so being a data provider.

The best example I can maybe give you, Dana, is healthcare. I came from healthcare and when I started, there was a rule — no social. You can’t touch it. Now, you look at healthcare and nurses are tweeting with patients, “Don’t eat that sandwich. Don’t do this.”

Become a member of myVertica
Register now
Gain access to the HP Vertica Community Edition

Data has become a way to lower medical costs in healthcare, which is the biggest expense. How do you do that? They use social and digital data to do that now, whereas five, seven years ago, we couldn’t do it. It was a privacy thing. Now, it’s a given part of government, of healthcare, of banking, of almost every vertical. How do I take this valuable asset I’ve got and turn it into some sort of product, market, or market advantage, whatever that is?

Gardner: Steve, anything more to offer on the advent or acceleration of the data-as-a-business phenomena?

Murfitt: If you look at what companies have been doing for such a long time, they have been using the tools to look at historical data to measure how they’re doing against budget. As people start to make more data available, what they really want to do is compare themselves to their peers.

If you’re doing well against your budget, it doesn’t mean to say you gaining or losing market share or how well you’re doing. So as more data is shared and more data is available, being able to compare to peers, to averages, to measure yourself not only internally, but externally, is going to help with people making their decisions.

Gardner: Now for those organizations out there that have been doing reports in a more of a traditional way that recognize the value of their data and the subsequent analysis, but are yet to dabble deeply into visualization, what are some good rules of the road for beginning a journey towards visualization?

What might you consider in terms of how you set up your warehouse or you set up your analysis engine, and then make tools available to your constituencies? What are some good beginning concepts to consider?

Murfitt: One of the most important things is start small, prove it, and scale it from there. The days of boiling the ocean to try come up with analytics only to find out it didn’t work are over.

Organizations want to prove it, and one of the cool things about doing that visually is now the person who knows the data the best can show you what they’re trying to do, rather than trying to push a requirement out to someone and ask “What is it you want?” Inevitably, something’s lost in translation when that happens or the requirement changes by the time it’s delivered.

Real-time conversation

You now have a real-time, interactive, iterative conversation with both the data and business users. If you’re a technical professional, you can now focus on the infrastructure that supports the user, the governance, and security around it. You’re not focused on the report object anymore. And that report object is expensive.

It doesn’t mean that for compliance things the financial reports go away, it means you’ve right sized that work effort. Now, the people who know the data the best deliver the data, and the people who support the infrastructure the best support that infrastructure and that delivery.

It’s a shift. Technologies today do scale Vertica as a great scalable database. Tableau is a great self-service tool. The combination of the two allows you to do this now. If you go back even seven years, it was a difficult thing. I built my career being a data warehouse BI guy. I was the guy writing reports and building databases for people, and it doesn’t scale. At some point, you’re a bottleneck for the people who need to do their job. I think that’s the biggest single thing in it.

Gardner: Another big trend these days is people becoming more used to doing things from a mobile device. Maybe it’s a “phablet,” a tablet, or a smartphone. It’s hard to look at a spreadsheet on those things more than one or two cells at a time. So visualizations and exercising your analytics through a mobile tier seem to go hand in hand. What should we expect there? Isn’t there a very natural affinity between mobile and analysis visualization?

Lilford: We have mobile apps today, but I think you’re going to see a fast evolution in this. Most visuals work better on a tablet. Right-sizing that for the phone is going to continue to happen, scaling that with the right architecture behind it, because devices are limited in what they can hold themselves.

I think you’ll see a portability element come to it, but at the same time, this is early days. Machines are generating data, and we’re consuming it at a rate at which it’s almost impossible to consume. Those devices themselves are going to be the game changer.

My kids use iPads, they know how to do it. There’s a whole new workforce in the making that knows this and things like this. Devices are just going to get better at supporting it. We’re in the very early phases of it. I think we have a strong offering today, and it’s only going to get stronger in the future.

Gardner: Steve, any thoughts about the interception between Vertica, big data, and the mobile visualization aspect of that?

Murfitt: The important thing is having the platform that can provide the performance. When you’re on a mobile device, you still want the instant access, and you want it to be real-time access. This is the way the market is going. If you go with the old, more traditional platforms that can’t perform when you’re in the office, they’re not going to perform when you are remote.

It’s really about building the infrastructure, having the right technology to be able to deliver that performance and that response and interactivity to the device wherever they are.

Working together

Gardner: Before we close, I just wanted to delve a little bit more into the details of how HP Vertica and Tableau software work. Is this an OEM, a partnership, co-selling, co-marketing? How do you define it for those folks out there who either use one or the other or neither of you? How should they progress to making the best of a Vertica and Tableau together?

Lilford:  We’re a technology partnership. It’s a co-selling relationship, and we do that by design. We’re a best-in-breed technology. We do what we do better than anyone else. Vertica is one of the best databases and they do what they do better than anyone else. So the combination of the two, providing customers options to solve problems, the whole reason we partner is to solve customer issues.

Become a member of myVertica
Register now
Gain access to the HP Vertica Community Edition

We want to do it as best-in-breed. That’s a lot what the new stack technologies are about, it’s no longer a single vendor building a huge solution stack. It’s the best database, with the best Hadoop storage, with the best visualization, with the best BI tools on top of it. That’s where you’re getting a better total cost of ownership (TCO) over all, because now you’re not invested in one player that can deliver this. You’re invested in the best of what they do and you’re delivering in real-time for people.

Gardner: Last question, Steve, about the degree of integration here. Is this something that end user organizations can do themselves, are there professional services organizations, what degree of integration between Vertica and Tableau visualization is customary.

Murfitt: Tableau connects very easily to Vertica. There is a dropdown on the database connector saying, “Connect to Vertica.” As long as they have the driver installed, it works. And the way their interface works, they can start query and getting value from the data straight away.

Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android. Read a full transcript or download a copy. Sponsor: HP.

You may also be interested in:

Posted in big data, data analysis, HP, Vertica | Tagged , , , , , , , , , | Leave a comment

The Open Group panel explores how standards thwart thorny global cybersecurity issues

How can global enterprise cybersecurity be improved for better enterprise integrity and risk mitigation? What constitutes a good standard, or set of standards, to help? And how can organizations work to better detect misdeeds, rather than have attackers on their networks for months before being discovered?

These questions were addressed during a February panel discussion at The Open Group San Diego 2015 conference. Led by moderator Dave Lounsbury, Chief Technology Officer, The Open Group, the speakers included Edna Conway, Chief Security Officer for Global Supply Chain, Cisco; Mary Ann Mezzapelle, Americas CTO for Enterprise Security Services, HP; Jim Hietala, Vice President of Security for The Open Group, and Rance DeLong, Researcher into Security and High Assurance Systems, Santa Clara University.

Download a copy of the full transcript. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.] 

Here are some excerpts:

Dave Lounsbury: We’ve heard about the security, cybersecurity landscape, and, of course, everyone knows about all the many recent breaches. Obviously, the challenge is growing in cybersecurity. So, I want to start asking a few questions, directing the first one to Edna Conway.

Lounsbury

We’ve heard about the Verizon Data Breach Investigation of DBIR report that catalogs the various attacks that have been made over the past year. One of the interesting findings was that in some of these breaches, the attackers were on the networks for months before being discovered.

What do we need to start doing differently to secure our enterprises?

Attend The Open Group Baltimore 2015
July 20-23, 2015
Early bird registration ends June 19

Edna Conway: There are a couple of things. From my perspective, continuous monitoring is absolutely essential. People don’t like it because it requires rigor, consistency, and process. The real question is, what do you continuously monitor?

It’s what you monitor that makes a difference. Access control and authentication, should absolutely be on our radar screen, but I think the real ticket is behavior. What kind of behavior do you see authorized personnel engaging in that should send up as an alert? That’s a trend that we need to embrace more.

Conway

The second thing that we need to do differently is drive detection and containment. I think we try to do that, but we need to become more rigorous in it. Some of that rigor is around things like, are we actually doing advanced malware protection, rather than just detection?

What are we doing specifically around threat analytics and the feeds that come to us: how we absorb them, how we mine them, and how we consolidate them?

The third thing for me is how we get it right. I call that team the puzzle solvers. How do we get them together swiftly?

How do you put the right group of experts together when you see a behavior aberration or you get a threat feed that says that you need to address this now? When we see a threat injection, are we actually acting on the anomaly before it makes its way further along in the cycle?

Executive support

Mary Ann Mezzapelle: Another thing that I’d like to add is making sure you have the executive support and processes in place. If you think how many plans and tests and other things that organizations have gone through for business continuity and recovery, you have to think about that incident response. We talked earlier about how to get the C suite involved. We need to have that executive sponsorship and understanding, and that means it’s connected to all the other parts of the enterprise.

Mezzapelle

So it might be the communications, it might be legal, it might be other things, but knowing how to do that and being able to respond to it quickly is also very important.

Rance DeLong: I agree on the monitoring being very important as well as the question of what to monitor. There are advances being made through research in this area, both modeling behavior — what are the nominal behaviors — and how we can allow for certain variations in the behavior and still not have too many false positives or too many false negatives.

Also on a technical level, we can analyze systems for certain invariants, and these can be very subtle and complicated invariance formulas that may be pages long and hold on the system during its normal operation. A monitor can be monitoring both for invariance, these static things, but they can also be monitoring for changes that are supposed to occur and whether those are occurring the way they’re supposed to.

Jim Hietala: The only thing I would add is that I think it’s about understanding where you really have risk and being able to measure how much risk is present in your given situation.

DeLong

In the security industry, there has been a shift in mindset away from figuring that we can actually prevent every bad thing from happening towards really understanding where people may have gotten into the system. What are those markers that something is gone awry and reacting to that in a more timely way — so detective controls, as opposed to purely preventative type controls.

Lounsbury: We heard from Dawn Meyerriecks earlier about the convergence of virtual and physical and how that changes the risk management game. And we heard from Mary Ann Davidson about how she is definitely not going to connect her house to the Internet.

So this brings new potential risks and security management concerns. What do you see as the big Internet of Things (IoT) security concerns and how does the technology industry assess and respond to those?

Hietala: In terms of IoT, the thing that concern me is that many of the things that we’ve solved at some level in IT hardware, software, and systems seemed to have been forgotten by many of the IoT device manufacturers.

Hietala

We have pretty well thought out processes for how we identify assets, we patch things, and we deal with security events and vulnerabilities that happen. The idea that, particularly on the consumer class of IoT type devices, we have devices out there with IP interfaces on them, and many of the manufacturers just haven’t had a thought of how they are going to patch something in the field, I think should scare us all to some degree.

Maybe it is, as Mary Ann mentioned, the idea that there are certain systemic risks that are out there that we just have to sort of nod our head and say that that’s the way it is. But certainly around really critical kinds of IoT applications, we need to take what we’ve learned in the last ten years and apply it to this new class of devices.

New architectural approach

DeLong: I’d like to add to that. We need a new architectural approach for IoT that will help to mitigate the systemic risks. And echoing the concerns expressed by Mary Ann a few minutes ago, in 2014, Europol, which is an organization that tracks criminal  risks of various kinds, predicted by the end of 2014, murder by Internet, in the context of Internet of Things. It didn’t happen, but they predicted it, and I think it’s not farfetched that we may see it over time.

Lounsbury: What do we really know actually? Edna, do you have any reaction on that one?

Conway: Murder by Internet. That’s the question you gave me, thanks. Welcome to being a former prosecutor. The answer is on their derrieres. The reality is do we have any evidentiary reality to be able to prove that?

I think the challenge is one that’s really well-taken, which is we are probably all in agreement on, the convergence of these devices. We saw the convergence of IT and OT and we haven’t fixed that yet.

We are now moving with IoT into a scalability of the nature and volume of devices. To me, the real challenge will be to come up with new ways of deploying telemetry to allow us to see all the little crevices and corners of the Internet of Things, so that we can identify risks in the same way that we have. We haven’t mastered 100 percent, but we’ve certainly tackled predominately across the computer networks and the network itself and IT. We’re just not there with IoT.

Mezzapelle: Edna, it also brings to mind another thing — we need to take advantage of the technology itself. So as the data gets democratized, meaning it’s going to be everywhere — the velocity, volume, and so forth — we need to make sure that those devices can maybe be self-defendable, or maybe they can join together and defend themselves against other things.

So we can’t just apply the old-world thinking of being able to know everything and control everything, but to embed some of those kinds of characteristics in the systems, devices, and sensors themselves.

Lounsbury: We’ve heard about the need. In fact, Ron Ross mentioned the need for increased public-private cooperation to address the cybersecurity threat. Ron, I would urge you to think about including voluntary consensus standards organizations in that essential partnership you mentioned to make sure that you get that high level of engagement, but of course, this is a broad concern to everybody.

President Obama has made a call for legislation on enabling cybersecurity and information sharing, and one of the points within that was shaping a cyber savvy workforce and many other parts of public-private information sharing.

So what more can be done to enable effective public-private cooperation on this and what steps can we, as a consensus organization, take to actually help make that happen? Mary Ann, do you want to tackle that one and see where it goes?

Collaboration is important

Mezzapelle: To your point, collaboration is important and it’s not just about the public and the private partnership. It also means within an industry sector or in your supply chain and third-party. It’s not just about the technology; it’s also about the processes, and being able to communicate effectively, almost at machine speed, in those areas.

So you think about the people, the processes, and the technology, I don’t think it’s going to be solved by government. I think I agree with the previous speakers when they were talking about how it needs to be more hand-in-hand.

There are some ways that industry can actually lead that. We have some examples, for instance what we are doing with the Healthcare Forum and with the Mining and Minerals Forum. That might seem like a little bit, but it’s that little bit that helps, that brings it together to make it easier for that connection.

It’s also important to think about, especially with the class of services and products that are available as a service, another measure of collaboration. Maybe you, as a security organization, determine that your capabilities can’t keep up with the bad guys, because  they have more money, more time, more opportunity to take advantage, either from a financial perspective or maybe even from a competitive perspective, for your intellectual property.

You really can’t do it yourself. You need those product vendors or you might need a services vendor to really be able to fill in the gaps, so that you can have that kind of thing on demand. So I would encourage you to think about that kind of collaboration through partnerships in your whole ecosystem.

DeLong: I know that people in the commercial world don’t like a lot of regulation, but I think government can provide certain minimal standards that must be met to raise the floor. Not that companies won’t exceed these and use that as a competitive basis, but if minimum is set in regulations, then this will raise the whole level of discourse.

Conway: We could probably debate over a really big bottle of wine whether it’s regulation or whether it’s collaboration. I agree with Mary Ann. I think we need to sit down and ask what are the biggest challenges that we have and take bold, hairy steps to pull together as an industry? And that includes government and academia as partners.

But I will give you just one example: ECIDs. They are out there and some are on semiconductor devices. There are some semiconductor companies that already use them, and there are some that don’t.

A simple concept would be if we could make sure that those were actually published on an access control base, so that we could go and see whether the ECID was actually utilized, number one.

Speeding up standards

Lounsbury: Okay, thanks. Jim, I think this next question is about standards evolution. So we’re going to send it to someone from a standards organization.

The cyber security threat evolves quickly, and protection mechanisms evolve along with them. It’s the old attacker-defender arms race. Standards take time to develop, particularly if you use a consensus process. How do we change the dynamic? How do we make sure that the standards are keeping up with the evolving threat picture? And what more can be done to speed that up and keep it fresh?

Hietala: I’ll go back to a series of workshops that we did in the fall around the topic of security automation. In terms of The Open Group’s perspective, standards development works best when you have a strong customer voice expressed around the pain points, requirements, and issues.

We did a series of workshops on the topic of security automation with customer organizations. We had maybe a couple of hundred inputs over the course of four workshops, three physical events, and one that we did on the web. We collected that data, and then are bringing it to the vendors and putting some context around a really critical area, which is how do you automate some of the security capabilities so that you are responding faster to attacks and threats.

Generally, with just the idea that we bring customers into the discussion early, we make sure that their issues are well-understood. That helps motivate the vendor community to get serious about doing things more quickly.

One of the things we heard pretty clearly in terms of requirements was that multi-vendor interoperability between security components is pretty critical in that world. It’s a multi-vendor world that most of the customers are living with. So building interfaces that are open, where you have got interoperability between vendors, is a really key thing.

DeLong: It’s a really challenging problem, because in emerging technologies, where you want to encourage and you depend upon innovation, it’s hard to establish a standard. It’s still emerging. You don’t know what’s going to be a good standard. So you hold off and you wait and then you start to get innovation, you get divergence, and then bringing it back together ultimately takes more energy.

Lounsbury: Rance, since you have got the microphone, how much of the current cybersecurity situation is attributed to poor blocking and tackling in terms of the basics, like doing security architecture or even having a method to do security architecture, things like risk management, which of course Jim and the Security Forum have been looking into? And not only that, what about translating that theory into operational practice and making sure that people are doing it on a regular basis?

DeLong: A report I read on SANs, a US Government issued report on January 28 of this year, said that that many, or most, or all of our critical weapons systems contain flaws and vulnerabilities. One of the main conclusions was that, in many cases, it was due to not taking care of the basics — the proper administration of systems, the proper application of repairs, patches, vulnerability fixes, and so on. So we need to be able to do it in critical systems as well as on desktops.

Open-source crisis

Mezzapelle: You might consider the open-source code crisis that happened over the past year with Heartbleed, where the benefits of having open-source code is somewhat offset by the disadvantages.

That may be one of the areas where the basics need to be looked at. It’s also because those systems were created in an environment when the threats were at an entirely different level. That’s a reminder that we need to look to that in our own organization.

Another thing is in mobile applications, where we have such a rush to get out features, revs, and everything like that, that it’s not entirety embedded in the system’s lifecycle or in a new startup company. Those are the some of the other basic areas where we find that the basics, the foundation, needs to be solidified to really help enhance the security in those areas.

Hietala: So in the world of security, it can be a little bit opaque, when you look at a given breach, as to what really happened, what failed, and so on. But enough information has come out about some of the breaches that you get some visibility into what went wrong.

Attend The Open Group Baltimore 2015
July 20-23, 2015
Early bird registration ends June 19

Of the two big insider breaches — WikiLeaks and then Snowden — in both cases, there were fairly fundamental security controls that should have been in place, or maybe were in place, but were poorly performed, that contributed to those — access control type things, authorization, and so on.

Even in some of the large retailer credit card breaches, you can point to the fact that they didn’t do certain things right in terms of the basic blocking and tackling.

There’s a whole lot of security technology out there, a whole lot of security controls that you can look to, but implementing the right ones for your situation, given the risk that you have and then operating them effectively, is an ongoing challenge for most companies.

Mezzapelle: Can I pose a question? It’s one of my premises that sometimes compliance and regulation makes companies do things in the wrong areas to the point where they have a less secure system. What do you think about that and how that impacts the blocking and tackling?

Hietala: That has probably been true for, say, the four years preceding this, but there was a study just recently — I couldn’t tell you who it was from — but it basically flipped that. For the last five years or so, compliance has always been at the top of the list of drivers for information security spend in projects and so forth, but it has dropped down considerably, because of all these high profile breaches. Senior executive teams are saying, “Okay, enough. I don’t care what the compliance regulations say, we’re going to do the things we need to do to secure our environment.” Nobody wants to be the next Sony.

Mezzapelle: Or the Target CEO who had to step down. Even though they were compliant, they still had a breach, which unfortunately, is probably an opportunity at almost every enterprise and agency that’s out there.

The right eyeballs


DeLong: And on the subject of open source, it’s frequently given as a justification or a benefit of open source that it will be more secure because there are millions of eyeballs looking at it. It’s not millions of eyeballs, but the right eyeballs looking at it, the ones who can discern that there are security problems.

It’s not necessarily the case that open source is going to be more secure, because it can be viewed by millions of eyeballs. You can have proprietary software that has just as much, or more, attention from the right eyeballs as open source.

Mezzapelle: There are also those million eyeballs out there trying to make money on exploiting it before it does get patched — the new market economy.

Lounsbury: I was just going to mention that we’re now seeing that some large companies are paying those millions of eyeballs to go look for vulnerabilities, strangely enough, which they always find in other people’s code, not their own.

Mezzapelle: Our Zero Day Initiative, that was part of the business model, is to pay people to find things that we can implement into our own products first, but it also made it available to other companies and vendors so that they could fix it before it became public knowledge.

Some of the economics are changing too. They’re trying to get the white hatter, so to speak, to look at other parts that are maybe more critical, like what came up with Heartbleed.

Lounsbury: On that point, and I’m going to inject a question of my own if I may, on balance, is the open sharing of information of things like vulnerability analysis helping move us forward, and can we do more of it, or do we need to channel it in other ways?

Mezzapelle: We need to do more of it. It’s beneficial. We still have conclaves of secretness saying that you can give this information to this group of people, but not this group of people, and it’s very hard.

In my organization, which is global, I had to look at every last little detail to say, “Can I share it with someone who is a foreigner, or someone who is in my organization, but not in my organization?” It was really hard to try to figure out how we could use that information more effectively. If we can get it more automated to where it doesn’t have to be the good old network talking to someone else, or an email, or something like that, it’s more beneficial.

And it’s not just the vulnerabilities. It’s also looking more towards threat intelligence. You see a lot of investment, if you look at the details behind some of the investments in In-Q-Tel, for instance, about looking at data in a whole different way.

So we’re emphasizing data, both in analytics as well as threat prediction, being able to know where some thing is going to come over the hill and you can secure your enterprise or your applications or systems more effectively against it.

Open sharing

Lounsbury: Let’s go down the row. Edna, what are your thoughts on more open sharing?

Conway: We need to do more of it, but we need to do it in a controlled environment.

We can get ahead of the curve with not just predictive analysis, but telemetry, to feed the predictive analysis, and that’s not going to happen because a government regulation mandates that we report somewhere.

So if you look, for example, DFARS, that came out last year with regard to concerns about counterfeit mitigation and detection in COTS ICT, the reality is not everybody is a member of GIDEP, and many of us actually share our information faster than it gets into GIDEP and more comprehensively.

I will go back to it’s rigor in the industry and sharing in a controlled environment.

Lounsbury: Jim, thoughts on open sharing?

Hietala: Good idea. It gets a little murky when you’re looking at zero-day vulnerabilities. There is a whole black market that has developed around those things, where nations are to some degree hoarding them, paying a lot of money to get them, to use them in cyberwar type activities.

There’s a great book out now called ‘Zero Day’ by Kim Zetter, a writer from Wired. It gets into the history of Stuxnet and how it was discovered, and Symantec, and I forget the other security researcher firm that found it. There were a number of zero-day vulnerabilities there that were used in an offensive cyberwar a capacity. So it’s definitely a gray area at this point.

DeLong: I agree with what Edna said about the parameters of the controlled environment, the controlled way in which it’s done. Without naming any names, recently there were some feathers flying over a security research organization establishing some practices concerning a 60- or 90-day timeframe, in which they would notify a vendor of vulnerabilities, giving them an opportunity to issue a patch. In one instance recently, when that time expired and they released it, the vendor was rather upset because the patch had not been issued yet. So what are reasonable parameters of this controlled environment?

Supply chains

Lounsbury: Let’s move on here. Edna, one of the great quotes that came out of the early days of OTTF was that only God creates something from nothing and everybody else is on somebody’s supply chain. I love that quote.

But given that all IT components, or all IT products, are built from hardware and software components, which are sourced globally, what do we do to mitigate the specific risks resulting from malware and counterfeit parts being inserted in the supply chain? How do you make sure that the work to do that is reflected in creating preference for vendors who put that effort into it?

Conway: It’s probably three-dimensional. The first part is understanding what your problem is. If you go back to what we heard Mary Ann Davidson talk about earlier today, the reality is what is the problem you’re trying to solve?

I’ll just use the Trusted Technology Provider Standard as an example of that. Narrowing down what the problem is, where the problem is located, helps you, number one.

Then, you have to attack it from all dimensions. We have a tendency to think about cyber in isolation from the physical, and the physical in isolation from the cyber, and then the logical. For those of us who live in OT or supply chain, we have to have processes that drive this. If those three don’t converge and map together, we’ll fail, because there will be gaps, inevitable gaps.

For me, it’s identifying what your true problem is and then taking a three-dimensional approach to make sure that you always have security technology, the combination of the physical security, and then the logical processes to interlock and try to drive a mitigation scheme that will never reduce you to zero, but will identify things.

Particularly think about IoT in a manufacturing environment with the right sensor at the right time and telemetry around human behavior. All of a sudden, you’re going to know things before they get to a stage in that supply chain or product lifecycle where they can become devastating in their scope of problem.

DeLong: As one data point, there was a lot of concern over chips fabricated in various parts of the world being used in national security systems. And in 2008, DARPA initiated a program called TRUST, which had a very challenging objective for coming up with methods by which these chips could be validated after manufacture.

Just as one example of the outcome of that, under the IRIS Program in 2010, SRI unveiled an infrared laser microscope that could examine the chips at the nanometer level, both for construction, functionality, and their likely lifetime — how long they would last before they failed.

Lounsbury: Jim, Mary Ann, reactions.

Finding the real problem

Mezzapelle: The only other thing I wanted to add to Edna’s comment was reiteration about the economics of it and finding where the real problem is. Especially in the security area, information technology security, we tend to get so focused on trying to make it technically pure, avoiding the most 100 percent, ultimate risk. Sometimes, we forget to put our business ears on and think about what that really means for the business? Is it keeping them from innovating quickly, adapting to new markets, perhaps getting into a new global environment?

We have to make sure we look back at the business imperatives and make sure that we have metrics all along the road that help us make sure we are putting the investments in the right area, because security is really a risk balance, which I know Jim has a whole lot more to talk about.

Hietala: The one thing I would add to this conversation is that we have sort of been on a journey to where doing a better job of security is a good thing. The question is when is it going to become a differentiator for your product and service in the market. For me personally, a bank that really gets online banking and security right is a differentiator to me as a consumer.

I saw a study that was quoted this week at the World Economic Forum that said that, by 2:1 margin, consumers — and they surveyed consumers in 27 countries — think that governments and businesses are not paying enough attention to digital security.

So maybe that’s a mindset shift that’s occurring as a result of how bad cybersecurity has been. Maybe we’ll get to the point soon where it can be a differentiator for companies in the business-to-business context and a business-to-consumer context and so forth. So we can hope.

Conway: Great point. And just to pivot on that and point out how important it is. I know that what we are seeing now, and it’s a trend, and there are some cutting-edge folks who have been doing it for a while, but most boards of directors are looking at creating a digital advisory board for their company. They’re recognizing the pervasiveness of digital risk as its own risk that sometimes it reports up to the audit committee.

I’ve seen at least 20 or 30 in the last three months come around, asking, did you advise every board members to focus on this from multiple disciplines? If we get that right, it might allow us that opportunity to share the information more broadly.

Lounsbury: That’s a really interesting point, the point about multiple disciplines. The next question is unfortunately the final question — or fortunately, since it will get you to lunch. I am going to start off with Rance.

At some point, the difference between a security vulnerability failure or other kind of failures all flow into that big risk analysis that a digital-risk management regime would find out. One of the things that’s going on across the Real-Time and Embedded Systems Forum is to look at how we architect systems for higher levels of assurance, not just security vulnerabilities, but other kinds of failures as well.

The question I will ask here is, if a system fails its service-level agreement (SLA) for whatever reason, whether it’s security or some other kind of vulnerability, is that a result of our ability to do system architecture or software created without provably secure or provably assured components or the ability of the system to react to those kind of failures? If you believe that, how do we change it? How do we accelerate the adoption of better practices in order to mitigate the whole spectrum of risk of failure of the digital enterprise?

Emphasis on protection

DeLong: Well, in high assurance systems, obviously we still treat them as very important detection of problems when they occur, recovery from problems, but we put a greater emphasis on prevention, and we try to put greater effort into prevention.

You mentioned provably secure components, but provable security is only part of the picture. When you do prove, you prove a theorem, and in a reasonable system, a system of reasonable complexity, there isn’t just one theorem. There are tens, hundreds, or even thousands of theorems that are proved to establish certain properties in the system.

It has to do with proofs of the various parts, proofs of how the parts combine, what are the claims we want to make for the system, how do the proofs provide evidence that the claims are justified, and what kind of argumentation do we use based on that set of evidence.

So we’re looking at not just the proofs as little gems, if you will. A proof of a theorem  think of it as a gemstone, but how are they all combined into creating a system?

If a movie star walked out on the red carpet with a little burlap sack around her neck full of a handful of gemstones, we wouldn’t be as impressed as we are when we see a beautiful necklace that’s been done by a real master, who has taken tens or hundreds of stones and combined them in a very pleasing and beautiful way.

And so we have to put as much attention, not just on the individual gemstones, which admittedly are created with very pure materials and under great pressure, but also how they are combined into a work that meets the purpose.

And so we have assurance cases, we have compositional reasoning, and other things that have to come into play. It’s not just about the provable components and it’s a mistake that is sometimes made to just focus on the proof.

Attend The Open Group Baltimore 2015
July 20-23, 2015
Early bird registration ends June 19

Remember, proof is really just a degree of demonstration, and we always want some demonstration to have confidence in the system, and proof is just an extreme degree of demonstration.

Mezzapelle: I think I would summarize it by embedding security early and often, and don’t depend on it 100 percent. That means you have to make your systems, your processes and your people resilient.

This has been a special BriefingsDirect presentation and panel discussion from The Open Group San Diego 2015. Download a copy of the transcript. This follows an earlier discussion on cybersecurity standards for safer supply chains. Another earlier discussion from the event focused on synergies among major Enterprise Architecture frameworks. And a presentation by John Zachman, founder of the Zachman Framework.

Copyright The Open Group and Interarbor Solutions, LLC, 2005-2015. All rights reserved.

You may also be interested in:

Posted in Cyber security, The Open Group | Tagged , , , , , , , , , , | Leave a comment

Big data helps Conservation International proactively respond to species threats in tropical forests

This latest BriefingsDirect big data innovation discussion examines how Conservation International (CI) in Arlington, Virginia uses new technology to pursue more data about what’s going on in tropical forests and other ecosystems around the world.

As a non-profit, they have a goal of a sustainable planet, but we’re going to learn how they’ve learned to measure what was once unmeasurable — and then to share that data to promote change and improvement.

Listen to the podcast. Find it on iTunes. Read a full transcript. Download the transcript. Get the mobile app for iOS or Android.

To learn how big data helps manage environmental impact, BriefingsDirect sat down with Eric Fegraus, Director of Information Systems at Conservation International.The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: First, tell us the relationship with technology. Conservation International recently announced HP Earth Insights. What is that all about?

Fegraus: HP Earth Insights is a partnership between Conservation International and HP and it’s really about using technology to accelerate the work and impact of some of the programs within Conservation International. What we’ve been able to do is bring the analytics and a data-driven approach to build indices of wildlife communities in tropical forests and to be able to monitor them in near-real-time.

Fegraus

Gardner: I’m intrigued by this concept of being able to measure what was once unmeasurable. What do you mean by that?

Fegraus: This is really a telling line. We really don’t know what’s happening in tropical forests. We know some general things. We can use satellite imagery and see how forests are increasing or decreasing from year to year and from time period to time period. But we really don’t know the finer scale measurements. We don’t know what’s happening within the forest or what animal species are increasing or are decreasing.

There’s some technology that we have out in the field that we call camera traps, which take images or photos of the animals as they pass by. There are also some temperature sensors in them. Through that technology and some of the data analytics, we’re able to actually evaluate and monitor those species over time.

Inference points

Gardner: One of the interesting concepts that we’ve seen is that for a certain quantity of data, let’s say 10,000 data points, you can get magnitude of order more inference points. How does that work for you, Eric? Even though you’re getting a lot of data, how does that translate into even larger insights?

Fegraus: We have some of the largest datasets in our field in terms of camera trapping data and wildlife communities. But within that, you also have to have a modeling approach to be able to utilize that data, use some of the best statistics, transform that into meaningful data products, and then have the IT infrastructure to be able to handle it and store it. Then, you need the data visualization tools to have those insights pop out at you.

Become a member of myVertica
Register now
Gain access to the HP Vertica Community Edition

Gardner: So, not only are you involved with HP in terms of the Earth Insights Project, but you’re a consumer of HP technology. Tell us a little bit about Vertica and HP Haven, if that also is something you are involved with?

Fegraus: Yes. All of our servers are HP ProLiant servers. We’ve created an analytical space within our environment using the HP ProLiant servers, as well as HP Vertica. That’s really the backbone of our analytical environment. We’re also using R and we’re now exploring with Distributed R within the Vertica context.

We’re using the HP Cloud for data storage and back up and we’re working on making the cloud a centerpiece for data exchange and analysis for wildlife monitoring. In terms of Haven, we’re exploring other parts of Haven, in particular HP Autonomy, and a few other concepts, to help with unstructured data types.

Gardner: Eric, let’s talk a little bit about what you get when you do good data analytics and how it changes the game in a lot of industries, not just conservation. I’m thinking about being able to project into people’s understanding of change.

So for someone to absorb an understanding that things need to happen in order for things to improve, there is a sense of convincing. What is big data bringing to the table for you when you go to governments or companies and try to promulgate change in these environments?

Fegraus: From our perspective, what we want to do is get the best available data at the right spatial and temporal scales, the best science, and the right technology. Then, when we package all this together, we can present unbiased information to decision makers, which can lead to hopefully good sustainable development and conservation decisions.

These decision makers can be public officials setting conservation policies or making land use decisions. They can be private companies seeking to value natural capital or assess the impacts of sourcing operations in sensitive ecosystems.

Of course, you never have control over which way legislation and regulations can go, but our goal is to bring that kind of factual information to the people that need it.

Astounding results

Gardner: And one of the interesting things for me is how people are using different data sets from areas that you wouldn’t think would have any relationship to one another, but then when you join and analyze those datasets, you can come up with astounding results. Is this the case with you? Are you not only gathering your own datasets but finding the means to jibe that with other data and therefore come up with other levels of empirical analysis?

Fegraus: We are. A lot of the analysis today has been focused on the data that we’ve collected within our network. Obviously, there are a lot of other kinds of big data sets out there, for example, provided by governments and weather services, that are very relevant to what we’re doing. We’re looking at trying to utilize those data sets as best we can.

Become a member of myVertica
Register now
Gain access to the HP Vertica Community Edition

Of course, you also have to be careful. One of the key things we want to do is look for patterns, but we want to make sure that the patterns we’re seeing, and the correlations we detect, all make sense within our scientific domain. You don’t want to create false correlations and improbable correlations.

Gardner: And among those correlations that you have been able to determine so far, about 12 percent of species are declining in the tropical forest. This information is thanks to your Tropical Ecology Assessment and Monitoring (TEAM) and HP Earth Insights. And there are many cases not yet perceived as being endangered. So maybe you could just share some of the findings, some of the outcome from all this activity.

Fegraus: We’ve actually worked up a paper, and that’s one of the insights. It’s telling, because species are ranked by “whether they are considered endangered or not.” So species that are considered “least concerned” according to the International Union for the Conservation of Nature (IUCN), we assume that they are doing okay.

So you wouldn’t expect to find that those species are actually declining. That can really serve as an early warning, a wake-up call, to protected-area managers and government officials in charge of those areas. There are actually some unexpected things happening here. The things that we thought were safe are not that safe.

Gardner: And, for me, another telling indicator was that on an aggregate basis, some species are being measured and there isn’t any sense of danger or problem, but when you go localized, when you look at specific regions and ecosystems, you develop a different story. Was there an ability for your data gathering to give you more a tactical and insights that are specific?

Fegraus: That’s one of the really nice things about the TEAM Network, a partnership between Conservation International, the Wildlife Conservation Society and the Smithsonian Institution. In a lot of the work that TEAM does, we really work across the globe. Even though we’re using the same methodologies, the same standards, whether we are in the Amazon or whether we’re in a forest in Asia or Indonesia, we can have results that are important locally.

Then, as you aggregate them through sub-national level efforts, national-levels, or even continental levels, that’s where we’re trying to have the data flow up and down those spatial scales as needed.

Become a member of myVertica
Register now
Gain access to the HP Vertica Community Edition

For example, even though a particular species may be endangered worldwide we may find that locally, in a particular protected area, that species is stable. This provides important information to the protected area manager that the measures that are in place seem to be working for that species. It can really help in evaluating practices, measuring conservation goals and establishing smart policy.

Sense of confidence

Gardner: I’ve also spoken to some folks who express a sense of relief that they can go at whatever data they want and have a sense of confidence that they have systems and platforms that can handle the scale and the velocity of that data. It is sort of a freeing attitude that they don’t have to be concerned at the data level. They can go after the results and then determine the means to get the analysis that they need.

Is that something that you also share, that with your partnership with HP and with others, that this is about the determination of the analysis and the science, and you’re not limited by some sort of speeds-and-feeds barrier?

Fegraus: This gets to a larger issue within the conservation community, the non-profits, and the environmental consulting firms. Traditionally, IT and technology has been all about keeping the lights on and making sure everyone has a laptop. There’s a saying that people can share data, but the problem has really been bringing the technology, analytics, and tools to the programs that are mission critical, bringing all of this to business driven programs that are really doing the work.

One of the great outcomes of this is that we’ve pushed that technology to a program like TEAM and we’re getting the cutting-edge technology that a program like TEAM needs into their hands, which has really changed the dynamic, compared to the status quo.

Gardner: So scale really isn’t the issue any longer. It’s now about your priorities and your requirements for the scientific activity?

Fegraus: Yes. It’s making sure that technology meets the requirements in scientific and program objectives. And that’s going to vary quite a bit depending on the program and the group that we were talking about, but ultimately it’s about enabling and accelerating the mission critical work of organizations like Conservation International.

Listen to the podcast. Find it on iTunes. Read a full transcript. Download the transcript. Get the mobile app for iOS or Android. Sponsor: HP.

You may also be interested in:

Posted in big data, data analysis, HP, HP Vertica | Tagged , , , , , , , , | Leave a comment