Supported by many of my research colleagues at Gartner, I recently completed our 2014 Hype Cycle Report on Governance, Risk and Compliance (GRC) Technologies. This year’s Hype Cycle demonstrates the greater sophistication of risk management approaches and their related GRC technologies. Areas such as social media compliance, operational intelligence platforms and information stewardship are critical components of the evolving digital business landscape. Technologies found on this Hype Cycle provide the risk insights that are needed to create strategies to build successful digital business processes.
GRC remains a top business priority for senior executives, according to Gartner’s 2104 CEO and Senior Executive Survey. In fact, it is on par with other critical business priorities, such as R&D and innovation, as well as efficiency and productivity. Given that GRC is viewed as a core priority of this sort, it is understandable that the market for GRC technologies has now matured beyond foundational solutions, such as enterprise and IT GRC platforms, to focus more on purpose-built applications that can easily integrate with the GRC systems of record.
As a result, Gartner is shifting its primary research focus on GRC technologies such as IT risk management, operational risk management, IT vendor risk management and business continuity management. In addition, increasing focus on strategies to build a cohesive and comprehensive GRC application portfolio is reflected in our evolving research of GRC pace-layering methodologies (see “How to Use Pace Layering to Build a GRC Application Strategy” and “Predicts 2014: Advances in Risk Management Technology Will Improve Corporate Performance and Public Policy” ).
Details on all of the GRC technologies represented in this year’s Hype Cycle can be found in our latest report, “Hype Cycle for Governance, Risk and Compliance Technologies, 2014“.
SIEM technology has evolved to a point where conflicting requirements are starting to tear it apart ? and I am not the only one to observe that. See here:
For years, the dirty truth of SIEM was that most installations stored log data for 7-14 days only inside a SIEM. This limited SIEM?s mission primarily to the first point above ? real-time and short-term analysis inside a SOC [short-term historical analysis over, say, 7 days of data is indeed very useful ? but does not solve all the same problems as a multi-month one]. Sure, you can reload older data (yuck!) or peek into a connected log management tool that has much more data, but lacks the analytical brain powers [well, unless you build them yourself]. Thus, if you want to go longer AND analyze the data (a key point!), your choices are:
One enlightened fellow, upon reading my recent SIEM Evaluation Criteria document, noted that in his view, the criteria are too biased towards real-time, traditional SOC monitoring usage of SIEM at the cost of historical, long-term analytics. Despite the fact that historical algorithms, data exploration and profiling are featured in the report, it is indeed so. SIEM has evolved as primarily a monitoring technology, with investigative use and historical analysis often present, but in an auxiliary role at best. In essence, we have REAL-TIME ANALYSIS (via SIEM) and HISTORICAL AGGREGATION (via log management tools, ELK stack, etc).
And now, many organizations are flocking towards hidden/persistent/advanced threat discovery and longer-term profiling that calls for longer retention and stresses the data stores with queries that are both wide and deep. For example, read this enlightening thread on SIEM, log management and analytics. ?Searching the last “N Days” [especially for large values of ?N? ? A.C.] of logs is much different than alarming and alerting on logs as they come in – they are very different? is a representative quote. However, while searching over 180 days of data will kill a SIEM [assuming merely having 180 days of data in it hasn?t killed it], actually running algorithms (profiling, clustering, rule learning? other stuff I mentioned here) will be much worse. Back in the day when I was doing it, my not-too-sophisticated profiling computations ran overnight over a mere week of data [and I used RDBMS, since nothing else was around in 2004] ?
Let?s think together about how to balance SIEM?s dual mission today? Please treat this table as more of an ?incomplete thought? rather than a research product, BTW.
(also see this table to better understand the difference in usage)
Still, SIEM can actually benefit from its duality; some organizations mine the historical data and then create rules based on patterns that are revealed by algorithms. Others create alerts based on what their analysts have dug out during their threat hunting activities. In the past, I always voted for ?first log management, then SIEM?, but now with increased focus on historical and longer-term analysis this may change to ?log management ?> SIEM ?> long-term analytics? or even ?log management ?> long-term analytics ?> SIEM? Let?s think about the choices then:
There you have it! It came our as a bit of a ramble, but – what the heck ? this is a blog, not a research paper
Select recent SIEM blog posts:
Last week I published the second iteration of the Magic Quadrant for Managed Mobility Services.
The study sought data, from providers and users, regarding MMS market performance and growth. The study revealed that over the past 12 months there was a big pick-up in the number of mobile assets placed under management by third party, external providers (both user owned and corporate owned devices). We also saw evidence that the demand for managing globally distributed mobile assets on behalf of multinational companies (MNC) had grown significantly over the same period.
The most interesting data points I discovered as part of the research are (with editorial comments):
If you have access to Gartner’s published research, take a look at the Magic Quadrant for Managed Mobility Services and feel free to offer improving comments that I can use for next year’s study.
This week I released some more research on enterprise architecture. But this time it?s a bit different than what you usually see. For this research I wanted to focus on how EA helps enable impactful initiatives. So to kick that off I chose to publish best practices on Big Data. See the link below:
Best Practices for Successfully Leveraging Enterprise Architecture in Big Data Initiatives
Analyst(s): Mike J. Walker
Now this isn?t deep research just on Big Data, there are many others at Gartner that can do that far better than I can. Instead I wanted to communicate the value of having enterprise architects engaged in these initiatives. There are many reasons this is important but in my mind here are the core reasons you should particularly pay attention to this:
Svetlana Sicular highlighted some good points I cover in my research in a post she made on, ?Big Botched Data?. While these are not as focused on the enterprise architect role as my research these are good general purpose ones that you will see in much more detail in my research. Here are some of the pitfalls listed:
There is a lot more to her post so definitely check it out for the extended details. What I really like about her post is that it is based on a real customer big data failure.
What you will find in this note is:
This research is vital to EA?s because it is in the language and context of an EA. So if you?re an enterprise architect that is planning or already engaged in a big data initiative then check this research out.
The best marketing has always been about telling great stories?stories that engage audiences on an emotional level. The mad men of Madison Avenue have known this since the dawn of time (or Times Square, anyway, whose modern incarnation roughly coincides with the rise of mainstream marketing. But that?s another story itself).
Today we?re all part of a tribe of storytellers. Or aspiring storytellers. Marketers tell stories because they recognize their audiences are fragmented, signals are scrambled, attention is scarce and we only earn engagement when what we have to say substantially exceeds the value and relevance of the next best alternative.
Stories are what help us turn a brand promise, into a point of view, into a narrative that soars.
In theory, at least.
Consider the possibility that that your audiences? next best alternative is perhaps more inherently valuable and relevant than your particular brand of fabric softener. Consider, for a moment, the possibility that your audience is already fully saturated with stories competing for attention.
Their cups runneth over, cognitively speaking.
They are, in a word, oversubscribed, as they say on Wall Street.
You get the point.
Consider these possibilities and you?ll understand the challenge of brand storytelling.
It?s a topic that my colleague Richard Fouts and I will take on with ?Digital Storytelling and Content Marketing,? a free public webinar we?re hosting on Wednesday, August 13th and 10am and 1pm ET.
Richard, as you may already know, is equally passionate about brand storytelling. He?s published some of Gartner?s best research on the architectures of effective brand stories (see ?How to Tell Memorable Marketing Stories? [Gartner subscription required]) and he?s a prolific blogger and presenter on the topic.
Together, we?ll discuss both the art and the science of what makes brand stories come alive?and how to source, package, amplify and optimize these stories at scale with modern content marketing techniques.
It should be a great discussion. You can register here. While we can?t promise to make your fabric softener more interesting than Aunt Sally?s cat, we?ll show you what it takes to turn ho-hum into human and how to turn your brand storytelling efforts into an economically scalable content marketing machine.
I wrote a blog July 16th called, ?The US has lost its Economic, Free-Market Mojo?. Turns out the front page and lead article in the US Print Edition of the Economist, July 19-23rd was called ?America?s lost oomph?. Talk about timing. This lead article is very, very important to IT. In 2004 Nicholas Carr asked ?Does IT Matter?. For the last 20 years, IT has mattered a lot. But we are in deep trouble now, as an industry. IT matters more so yet we are, mostly, missing the boat.
The Economist article related to how GDP in the US remains lackluster ? way below its long term trend. And the longer this condition persists, the worse the chances for the country to get out of its funk. We might even get used to this situation ? which is not a good thing for our own well-being. Without growth, serious growth, we can?t improve our own lot, let alone the lot of those that are less well off.
However, IT has a key role to play. The article highlights how IT helped power the productivity boom from the 1980?s. All manner of computer technology automated what had been manual and repetitive; processing allowed new problems to be solved; and communication helped streamline supply chains around the globe, and the world a flatter place. However, in recent years that IT powered productivity bonus has disappeared. In fact, there is a reference to a paper from John Fernald of the Federal Reserve Bank of San Francisco that suggests the waning of IT?s involvement in how productivity growth.
The reality is that there are different types of productivity. Early computer assets helped improve labor productivity since it took few people to achieve more output. More recently newer technology (e.g. big data, Internet of Things) is helping capital driven productivity to be more effective. But the point is we, all of IT, are not firing on all cylinders. In fact we are missing on so many fronts that we are no longer even part of the solution.
The scale of the impact of IT on the business world just isn’t what it used to be. No amount of ERP, or Business Intelligence, or even big data, is doing it (so far). This leads me to another issue I have: bad IT spend.
When Gartner officially coined its formal definition of Enterprise Information Management (I was there when Gartner did), several vendors renamed and re-badged their technology offering to ?EIM solutions?. This was silly. The whole point of EIM was that firms in general were not spending smartly and were just spending on IT ?because?. And this persists today. Firms continue to spend on IT ?because?. If IT powered productivity was improving then the spend would be more impressive.
Then again ? another data point ? looking at how firms use their information asses one wonders where success is to come from. Another data warehouse, or swapping one ERP for another, does not cut the mustard. And too many vendors focus on ?selling software? or services, and are not really focused on making a difference to their customers? world. We should be focused on value, value, value ? and how our contribution makes a marked difference. We can help grow the economy. We can help make that difference.
I don?t know what the answer is yet ? but we (the IT industry) need to focus on something other than what we look at most of the day today. That part is clear.
Everybody talks about successes in big data. And everybody is curious about failures. Today, I want to illustrate some typical causes of big data project failures with real-life examples, no company logos to show, sorry. I’ll give not necessarily “fail fast” scenarios, but also the uneventful and painful “fail slow.” Let’s start with the amazing success story.
Management inertia. Our client, a household name among early internet travel companies, as well as the early adopter of big data technologies, ran click-stream analysis to find out how people navigate this travel site and how they make purchases. It turned out that the buying patterns were exactly opposite from the sales approach of the company?s upper management. This is the verbatim quote about this rare happy end:
“We’ve had great success with this technology. The insights we’ve had changed the business dramatically. To capitalize on these insights we brought in new management.“
How many companies are in a position to get rid of their upper management?
Selecting wrong use cases. Many companies start with advanced use cases that require a better understanding of technologies, which comes with experience. Other companies select the same use cases that they used to implementing on traditional technologies, and, consequently, they don?t see benefits. My blog post The Top Mistake in Evaluating Big Data Initiatives describes this situation.
Asking wrong questions. An automobile manufacturer with thousands of dealerships ran a sentiment analysis project to learn about its customers. Six months and $10M later the findings from big data were distributed to all thousands of dealerships, and all thousands of them were laughing out loud: every one of them knew all along what the big data project was digging out all this time.
Lacking the right skills. Every one of us considers him/herself an expert in human behavior, our native language or our own social life. So are people running big data analytics projects. A financial services company started a project to detect how people?s habits affect their propensity to buy retirement plans. Humans are creatures of habits, and of too many habits. People who ran the project decided (little by little, failing slowly) to narrow down all habits just to smoking / non-smoking. And failed again. It turned out (from my dialogs with a healthcare company, which coincided with this one) that healthcare professionals instead of a black-and-white “do you smoke?” would have asked, ” how many years did you smoke? How many times did you quit smoking? When was the last time you smoked?” The bottom line: look for professionals who know the field you analyze ? healthcare experts, linguists, behavioral psychologists, social anthropologists and others who normally don?t belong to IT.
Unanticipated problems that are wider than just a big data technology. One large retailer ran a big data project in the cloud. The network congestion to stores was a problem that derailed the whole project. A team member summarized their learning from the failure:
?Supporting any new platforms on a remote site is more than a technology problem. It must factor in personnel, training, upgrades, maintenance and real estate.”
Disagreement on the enterprise strategy. There are many trains of thought in a large company. Here is an eloquent quote from a client, an information architect:
?We see information as the heart. Others believe cloud is the heart of our strategy.?
As a result, there is no enterprise-wide strategy, but a lot of unrelated initiatives, big data being rather small.
Siloed big data negates the whole idea of having it. This reason for failure relates to the previous one. A client who learned it on his own mistakes said:
?Prioritization of business projects is a bit more difficult because we are so siloed in business units. We do not do a good job justifying the platform as a whole. Whoever screams loudest gets it.?
Solution avoidance. The most typical example is pharmaceutical industry required to report any known adverse drug effects. This whole industry does not conduct sentiment analysis, because they have to report to FDA any event when, for example, a patient complains about a headache in the same paragraph where a particular drug is mentioned.
My list of big data failures can go on, and on, and on. I especially want to stress the need to understand the data, no matter if it?s big or not. There are tons of cases of not knowing data, and, as a result, inability to deliver anything new, or having so much data and no experience of how to manage, analyze or query it. I will talk about data, big data and greater data in two weeks from now, at our Catalyst conference in San Diego. Come over!
Follow Svetlana on Twitter @Sve_Sic
I?m constantly amazed at how enamored people are with numbers. Every time I give a presentation, I see people scribble down statistics about anything even if the validity or actionability of the number is questionable. I?m not arguing against the use of data for informed decision making, I?m just amused at how people glom onto statistics for their own sake. (If you want to explore the lure of statistics further, I?d recommend reading Charles Wheelan?s book Naked Statistics.)
There?s another kind of number that is bothersome ? those metrics that organizations often collect about performance. Most often they are the ?easy to collect? types of numbers that really don?t tell us much. They can report activity but don?t contain much insight on what the activity means. Say, for example, that you have a community of practice with 100 members. Is that better than a community with only 10 members? We can?t really tell unless we explore how well the community is servicing its members. If the 10-person CoP is giving the membership what they want, then the value of the community can?t really be measured just by looking a headcount.
Where activity measures do come in handy is for determining progress. So let?s say our goal is to create a new CoP for software engineers so they can share best practices. As we market the new community to engineers, tracking which activities let to the greatest increase in membership will help us understand which approaches work best. In this case, tracking the percentage growth in membership over time is useful as is watching for a drop off in membership which could indicate waning interest or relevance of the community.
What I?m really anxious to see, though, are numbers that help me improve my work performance. I?m hoping that before long there will be a digital workplace Fitbit that will give me analytics that I can use to make meaningful adjustments to how I work. It?s not hard to imagine an app that would give me feedback on things like the time of day when I?m most productive. In fact, there are companies that provide this type of measurement analysis today. But going further, it would be so nice to be able to track the progress I?m making in pattern recognition of key trends, my success in collaborating with colleagues, my improvement in communication and presentation skills.
The numbers that will be most useful are those that help me understand why something happened the way it did and what to do differently to change it. Instead of a flat number ? ?your research report received this score from readers? ? personal analytics that are actionable will tell me what readers liked about it that made them give it a high score and what they would like to see improved.
Those are the numbers I can appreciate!
Gartner has two open positions covering cloud computing right now and I wanted to entice those of you that are interested to look at the positions, read this blog and if it sounds like a fit – apply. Do not get hung up on the location of either of these positions. Gartner is truly a work from anywhere environment.
Virtualization and Private Cloud Analyst
Public and Hybrid Cloud Analyst
I have now been at Gartner 3.5 years and I am often asked by peers, clients, vendors, colleagues and friends what it’s like working as an analyst at Gartner. As I reflect on my time at Gartner, here are the things I love most about working here.
A while back, my colleague, Lydia Leong wrote two separate blog entries about working for Gartner that I will link here. I encourage you to also read her insights.
Do you love research, analysis and opportunities to expand your insight into IT and the industry as a whole? Do you have a specific expertise in private, hybrid or public cloud right now? If so, click the links at the top, apply, and hopefully join our great team! I look forward to meeting you. If you would like to engage in a private conversation first, please email me at kyle <dot> hilgendorf <at> gartner.com
I am not a fan of selfies, at least for myself. I have no huge problem with others who enjoy taking and sharing them, but it just feels a bit narcissistic to me. But then again, I don’t enjoy getting my picture taken in general
(For this post, I asked my daughter for a selfie and this is what she sent me. As a note, she made it VERY CLEAR to me that she does not like taking selfies with just her in them–she saves that for Snapchat, but she took this one to show the tile work while she was traveling in Spain. Her other “selfies” are always with friends. So maybe my daugther is not a narcissist–but I’ll leave that to others to determine–kidding, Alix.)
For some reason I was thinking about selfies a lot this week (don’t ask me why–I don’t really know, unless it was my colleague-Jenny Sussin sharing that she has taken over 26 #MondayMorningSelfies since starting the “trend” inside Gartner as a goof.). I came to the conclusion that selfies have been around for a long long time in the corporate world.
Yup, the corporate Web site (and for that matter most of the marketing collateral and sales presentations), may have been the earliest selfies. Check it out. Browse a few sites, read some collateral, or think about presentations. Too often, they scream “Me, Me, Me!”.
What they should convey is value to you, you, you!
But they don’t.
A few years back, my colleague, Richard Fouts, wrote a research note on how to score your Website for customer-centric messaging. Here was his formula for how to evaluate communications and sections of your Web site:
After doing this, if your score was 25 or higher, the assessment is that you are doing a great job. Below that and you range from wanting to talk about yourself more than customer with lower scores being the ultimate “Its all about me!” experience.
As you develop stories to improve your messages or meet with customers, consider Richard’s model and ask yourself it you are creating a selfie or communicating value to your customers.
Los carros autónomos cada vez cobran más fuerza, pues todo indica que no estamos muy lejos de ver automóviles sin conductor circulando en algunas carreteras del mundo. Es el caso por ejemplo del Reino Unido, en donde se permitirá que estos automóviles rueden por las vías públicas en 2015.Continúa leyendo en ENTER.CODeja un comentario en […]
En el mundo de los videojuegos, como en cualquier campo del entretenimiento, existen mitos que se mantienen a lo largo de los años dando vueltas en foros, blogs y multiples lugares de internet. Uno de los más conocidos ronda el videojuego que desarrolló Atari de la película ?E.T.?. Para todos aquellos que siempre se preguntaron […]
En el pasado Mobile World Congress conocimos la TalkBand, el primer ‘wearable’ de Huawei. Pues bien, la compañía indicó esta semana que será comercializado en Colombia. Se trata de un gadget para la muñeca que combina las funciones de monitor de ejercicio, banda inteligente y manos libres Bluetooth. Es compatible con iOS y Android (4.0 […]
Nuestro planeta está por acabar, y la única salvación es encontrar un nuevo hogar al cual migrar. Para ello debemos embarcarnos en un viaje interestelar, y enfrentar todas las dificultades que esto implica. ¿Vale la pena encontrar otro mundo? Pues probablemente se asombre con los territorios mostrados en el nuevo tráiler publicado en la página […]
Para internet y sus incontables memes, un ninja puede hacer prácticamente cualquier cosa, y en ese terreno, el pixelado protagonista de ?Ninja Up!? quiere llegar al espacio usando solo sogas elásticas. Después de todo, ¿para qué querría usar un ninja los modernos aparatos de vuelvo? El nuevo título de Gameloft, que por ahora está disponible […]
Muchos fanáticos de la serie de Harry Potter pensamos que la última película que íbamos a ver de la saga era ?Harry Potter y las reliquias de la muerte parte 2?, que fue estrenada en 2011. No obstante, tendremos la oportunidad de ver en cines la historia de ?Criaturas fantásticas y dónde encontrarlas? en noviembre […]
Después de la gran polémica por un guión filtrado, Quentin Tarantino decidió que cancelaría su llegada al cine. Fue unos meses después que el director reconsideró la producción, y revivió el proyecto de la tumba de papel. Y como reporta The Verge, el primer póster fue revelado por Nick De Semlyen, editor de la revista […]
Spotify, el famoso servicio de música por streaming, acaba de anunciar a través de un comunicado de prensa el lanzamiento de su ecualizador, una función solicitada por muchos usuarios. Por el momento, la nueva herramienta está disponible solo para iOS, tanto para iPhone como para iPad.Continúa leyendo en ENTER.CODeja un comentario en Luego de que […]
Samsung Galaxy Alpha, también conocido como Samsung Galaxy F será el próximo lanzamiento de la compañía surcoreana. Este terminal será el primero de la compañía en tener cuerpo de metal. Se esperaba que este equipo fuera lanzado el 13 de agosto, sin embargo, hoy SamMobile confirmó que dicho lanzamiento ocurrirá el próximo 4 de agosto.Continúa […]
“Proyectar en formato digital es como prender el televisor. El cine no se trata de eso” dijo Quentin Tarantino durante el festival de Cannes de este año. Si bien la tecnología avanza para ‘facilitar’ costos de producción y crear nuevo contenido, aquella emulsión de haluros de plata sigue siendo el gran atractivo para los que […]
Avenida 15 # 104-30 Of.305 Bogota, D.C., Colombia / PBX (571)467-3939/ 386-0994. Movil (57) 315 331-1740
Miami, FL., E.U. / Phone:(786)467-6722
Copyright 2014. All Rights Reserved.
Designed by ETRADE GROUP SAS.