Month: April 2009
What does the Oracle-Sun news mean for enterprise CTOs?
OK, sometimes I get emotionally attached to great technology. I need to watch that, I know humans are what is important. But science is cool too, and it gets really really exciting to watch great humans create and field great technologies. That is why I have long been a fan of both Oracle and Sun. I like many other powerhouse IT companies as well… but those are the two names dominating this week’s news and it has been the topic of dozens of conversations with other CTOs since the announcement that Oracle Buys Sun.
Here is some of the significance of the announcement, in my opinion:
– This is a $7.4B purchase. Oracle would only have done this if they realized there is incredible value for IT customers in this transaction.
– The value of Sun is in far more than just intellectual property. It is in incredible thought leadership of Sun’s talented people and terrific, visionary data center experience. It is also because of the tremendous community leadership in the open source world. And of course there is the hardware production, distribution and service. And, as emphasized in the release, Java and Solaris.
– You can believe Larry Ellison when he says” The acquisition of Sun transforms the IT industry, combining
best-in-class enterprise software and mission-critical computing
systems.” He also said “Oracle will be the only
company that can engineer an integrated system – applications to disk –
where all the pieces fit and work together so customers do not have to
do it themselves. Our customers benefit as their systems integration
costs go down while system performance, reliability and security go
up.” All of this rings true.
There are some immediate steps enterprise CIOs and CTOs should do because of this announcement:
– Continue your plans to accelerate open source software into your enterprise. Move faster now. Your risk is lower than ever.
– Understand that market dynamics are going to change. Oracle is a great company that will ensure Java and Solaris and MySQL continue to improve (with backing by and leadership of the great open source software community, of course). But understand the dynamics may change the equation when it comes to software support costs.
– Move now to lock in your service and support plans for open source Solaris, MySQL, Java Composite Applications Platform Suite (CAPS) and Java Enterprise Services (JES). Lock in at today’s rates if you can. And extend today’s rates out for more years if you can.
– The leading operating system for the Oracle database is Solaris. Since Solaris is now open and since its use is growing there are huge numbers of trained administrators with mastery over Solaris. But this is a good time to re-evaluate how many trained masters you have. If you have an enterprise suport agreement with Sun it might have training options on it that you are not using. Now is the time to max out your training. Clearly this is going to pay off for your enterprise long term. And after the aquisition is complete there is a chance that if you have not locked in your training rates that some of this cost may go up.
– With this agreement, enterprises are now faced with easy choices for identity management solutions. Sun Identity Management solutions already form about 60% of the identity management stack in the enterprise-class federal space. Oracle in their fusion middleware account for much of the rest of the enterprise-grade solutions space. Accelerate your Sun Identity Management solutions. I believe, just based on personal experience, that Oracle and their policy management capabilities are best of breed, and they can already be engineered to work with open enterprise class leaders like Sun. I imagine that will be a much smoother integration in the future. Which leads to the next key point:
– While now is the time to lock in, rapidly, your Solaris, JES, MySQL support licenses, and now is the time to take advantage of any Solaris/Java training available to you, you should also agressively review the entire Oracle Fusion Middleware stack. There are some really GREAT capabilities there.
Any thoughts on any of the above?
New Command to Focus on Cybersecurity for DoD and IC
The Wall Street Journal just ran an article titled: “New Military Command to Focus on Cybersecurity.” In it they indicate “current and former officials familiar with the plans” say a new military command will be established to coordinate the defense of Pentagon computer networks and improve US offensive capabilities in cyberwar.
WSJ also reports that Defense Secretary Gates plans to announce the creation of a new military cyber command after the rollout of the White House review.
My opinion: This WSJ article seems more balanced and accurate than the article I discussed in my post “NYT wants cyber security to be a divisive issue.”
The WSJ article is in consonance with what is going on and what should be going on. I believe NSA should be formally given the lead for defending DoD/IC systems, but defense remains a team sport, and DHS should be given the lead for defending the rest of .gov networks (while still leaning on NSA/DoD/DNI as required). And all players need to work well with industry and allies in a coordinated, fast moving way.
What does this mean for enterprise technologists? For the most part it is good news. But for day to day security operations in most enterprises, the relationships you have with other organizations will remain the same as before– for now. And the current body of best practices remains in place. You still need to understand and implement and follow the Common Audit Guidelines, for example. Doing that is going to help you and will help others too.
Triumfant real-time malware detection and remediation
As I’ve previously noted I’m on the advisory board for Trimufant (I’m at this page). I’m hoping all CTO types will check out this company (and I’m also hoping you don’t mind me blogging about a company I’m advising. After all, I’m associated with them because I believe they are a world-class outfit with a great capability).
In this post I want to bring your attention to a Triumfant press release . It is an announcement that Triumfant now provides real-time malware detection and remediation. Triumfant has long been the leading capability for discovering unexpected changes to computer endpoints, but with their new Triumfant Resolution Manager they build on their ability to deliver zero-day malware protection. Read the rest of this entry »
My Opinion: NYT wants cyber security to be a divisive issue.
I just read an article that seems designed to keep spreading FUD (Fear, Uncertainty, Doubt) about the US government and the NSA. The article is titled “Control of Cybersecurity Becomes Divisive Issue “. It starts with an assertion stated as if it were a fact that says “The National Security Agency has been campaigning to lead the government’s rapidly growing cybersecurity programs”.
I bump into all sorts of people in the beltway, and there is a huge amount of buzz regarding cyber. There is also a huge amount of pontification and rumor and hype, and I think Risen and Lichtblau have fallen for some of that. Read the rest of this entry »
A CTO’s views on the new Fed CTO
I’m very pleased with the pick of Aneesh Chopra as the Federal Government’s CTO. I wish I could add more context than that, and was thinking of a quick biographical sketch of Aneesh and some ideas on why this is great news. Then I read Tim O’Reilly’s post at OReilly Radar, and frankly I just totally agree with everything Tim said. Please check out his post at:
http://radar.oreilly.com/2009/04/aneesh-chopra-great-federal-cto.html
Here is an excerpt that particullarly resonated with me:
“Chopra has been focused for the past three years on the specific technology challenges of government. Industry experience does little to prepare you for the additional complexities of working within the bounds of government policy, competing constituencies, budgets that
often contain legislative mandates, regulations that may no longer be relevant but are still in force, and many other unique constraints. In his three year tenure as Secretary for Technology for the Commonwealth of Virginia, Chopra has demonstrated that he has these skills. In fact, last year, the National Association of State Chief Information Officers ranked Virginia #1 in technology management. ” Read the rest of this entry »
The Number One Reason To Move To Open Source: Security
I just read Bill Vass’s latest blog entry titled: “The No. 1 Reason to Move to Open Source is to IMPROVE Security”
Bill opens this article with:
If you are like me, and you have been involved in cryptography and Cyber Security for a long time, it’s obvious to you that commercial open source code is more secure. As a matter of fact, in the late 90s, many of the Intelligence agencies mission systems and the DoD tactical systems moved to open source ONLY to improve security. Today, the majority of the critical systems in the Intelligence agencies (the people that care most about Cyber Security) run on open source operating systems like Solaris and Linux. The same is true of places like the FAA, IRS, and a whole lot of other organizations that care
about security.We have a saying in the world of Cyber Security: Security through obscurity, isn’t.
May I have your views on the future of IT?
If all goes well I’ll get a speaking part at the next DoDIIS Worldwide Conference at Orlando 17-21 May 2009. I love this conference. It is attended by great folks, many of whom are technologists with a deep background in a favorite mission area. The greatest systems integrators come to the conference. And the technology companies that exhibit at the conference are also great, with many demonstrating cutting edge, disruptive technologies that make for an intellectually stimulating time.
I submitted a proposal to deliver a presentation at a breakout session on megatrends in the IT world and some assessments on the future of IT. Read the rest of this entry »
See Inside a Google Data Center and a Google Server
Google has recently provided some unprecedented views into their data center operations and have even revealed current details of their server board. In the past they have only released information on old designs (like the 80 PC rack given to the computer history museum). It seems like every time photos would pop up of server parts it would end up being of a previous generation of equipment. For the most part, folks like me have only dreamed of being able to see inside a real Google data center and seeing real operational, current generation Google equipment. Read the rest of this entry »
CTOvision Blog 