Archived CEO Blogs

In my last post, I discussed how IT operations analytics can transform the masses of IT performance data into insight that provides broad, cross-tier network and infrastructure visibility so that …

Issues may be proactively recognized and resolved before they affect your business
Future capacity and provisioning requirements may be anticipated
A performance baseline built from multiple metrics can be established, reducing the time, money, and headaches associated with planning and deploying new projects, such as cloud deployments or virtualization.

But how should you go about choosing an IT operations analytics solutions? This is worth paying attention to, since such solutions are new, called by a number of different names (though likely not for long) and are available both as appliances and cloud-based services.

No doubt you’ve heard about “big data.” It sounds intimidating, invasive, and, well, way too big. But don’t be fooled — “big data” is going to save your IT infrastructure.

The first thing you need to understand about how this is happening (oh yes, it’s already well underway) is that “big data” is something of a misnomer. What we’re really talking about is analytics — automated mathematical tools that work in real time to sift through untold amounts of regular old data, in this case IT performance data, and produce actionable results that go far beyond legacy monitoring capabilities.

“If you don’t understand the risks, you don’t understand the costs,” security guru Bruce Schneier advised during a TED talk.

He was discussing security in the abstract — but it got me thinking about IT security in particular and the difficulty many executives face trying to determine if their organizations are safe from cyberattack.

The problem is that these conversations nearly always turn technical. Soon, a flurry of technology acronyms — confounding but apparently reassuring — begin flying around the room.

And, reports Schneier, it works. People, he says, will “respond to the feeling of security and not the reality.”

So what can a CEO do to understand the reality of security risk and grasp what the actual cost of security failure might do to the organization? 

According to one expert, U.S. enterprises lose $1.2 trillion each year from IT failures . Although this figure gets debated, everyone agrees it’s a whole lot of money.

These losses — and the downtime that triggers them — tend to be caused by the mundane rather than the spectacular, as recent Forrester/Disaster Recovery Journal research shows:

Sadly, one can make the argument that if software vendors did a better job of integrating security testing throughout the development lifecycle, our current struggles with application security might be less challenging.

In fact, however, software vendors are late to the party. Their security testing tends to be tacked on to the end of development lifecycles as an afterthought, which may account for one recent study ’s startling conclusions that:

98% of applications carry at least one application security risk (and each risk may signal the presence of multiple vulnerabilities)
80% of applications showed more than five risks
The average application registered 22.4 risks