Thursday, November 19, 2020

The Pandemic and the Security Paradox



 Ten years ago, I wrote a post titled: Cloud Computing and the Security Paradox. In this ancient post I argued that the claim of insufficient Security of the Public Clouds systems is based on a perception that what is not controlled by the Enterprise within its Data Center is less secured. However, Public Clouds Security was better than assumed  based on our perception. 

Sometimes it was better than the Security of Data and Systems located within the Enterprise's Data center. 

The COVID-10 magnified the Security Risks and the Public Clouds are more Secured than many Private systems.


The enhanced Threats landscape

 

The COVID-19 Pandemic restrictions changed dramatically the way people collaborate and interact. The Security measures, Procedures, Policies and tools should be adapted to the new interaction style.

Adaptation is a continuos Process therefore the vulnerability is higher than before COVID-19. 

Main reasons for the higher vulnerability are summarized in the following bullets:


1. Work from home

The Client Security and the Home Network Security is not as robust as the Enterprise Security.

Some Employees had worked from home sometimes, but the magnitude is different: Many employees are working only remotely from their company's offices.  

  

2. Charecteristics of Remote Workers

Higher percent of the Pandemic Remote Workers lack technology expertise. 
The probability that they also lack Security Awareness is high. Lack of Awareness could be the weakest link in the chain

3. Extended usage of e-commerce

Due to COVID-19 regulations in many countries restrict activities of physical shops and due to fear of being infected by the Corona virus, more transactions are executed by online services. 
More online commerce implies more Security Attacks.
Some of the novice e-commerce users lack skills and awareness of Security and are potential attacks and fraud victims.  


4. Extended usage of Remote Services

Due to the regulations and attitude described in the previous section and due to service providers face to face interactions restrictions more services are consumed by the Web and Smartphone channels. 
More transactions and more users imply more Security threats. 
 

5. Meeting Solutions 

Meeting solutions Security robustness is questionable. 
Non-Technological Users, such as people using Meeting Solutions to conduct virtual meetings with their grand children may not use or may use improperly existing Security features of the Meeting Solutions.

New Online Services Providers' Limitations


The traditional Public Cloud vendors had plenty of time to plan their systems. The planning included Security and Business Continuity. 
They implemented their solutions. They improved them gradually based on experience of many users. 

Security is essential for their business growth. Data Breaching or other Security problems could harm their reputation and Customers may use competitors' services.

Therefore, the Security of Public Clouds is at least reasonable.


New Online Services Providers were forced to transform their model immediately due to COVID-19 restrictions.

They could not afford postponing the transformation until they plan and test their systems or services properly. They were not able to postpone launching their Services until they endorse bullet proof Security. 

The result is less Secured Services and System outside the Public Cloud.


The Security Paradox is no longer a Paradox. It is a new Reality.

Friday, November 6, 2020

IBM Mainframe in splitted IBM at 2022




The topic of the post Vendors Survival: Will IBM Survive until 2030? is no longer a question to be asked, is IBM's plans to split into two companies. 

The new IBM will focus on Hybrid Clouds and one of its goals is rapid growth.

The smaller "new Co" will address Infrastructure and IT Services issues. Its goal will be efficiency. It will include other products and Business Lines.

Some of the low margin products and Platforms will gradually disappear or will be sold to other companies.

These products and platforms may be part of "New Co" at 2022.

I promised to dedicate a post to the IBM Mainframe. This post is the promised post. 


The Mainframe's Positioning


It is likely that it will be part of the "New Co". 

The term "Modernization" appears in some non-official descriptions describing "New Co". 

Modernization refers frequently to  Silo Legacy Mainframe systems.

The idea is to build componentized integrated systems which are less platform dependent. 

It may be a part of Long-Term gradual Downsizing from Mainframe. 


What is Hybrid Cloud?


It is easy to define Private Cloud. It is easy, as well, to define Public Clouds. 

There is no single definition of Hybrid Cloud.

For example, Red Hat definition of Hybrid Cloud includes the following Clouds combinations:

1. At list one Private Cloud and One Public Cloud

2. Two or more Private Clouds

3. Two or more Public Clouds

4. A bare-metal or Virtual environment connected to at least 1 cloud Public or Private


I chose Red Hat definition because it is a significant part of IBM especially in the Clouds context. 

Hybrid Cloud in the Business Context

  
The key question is which of the definitions of Hybrid Cloud depicted in the previous section are relevant to the new IBM's Business goals.

No doubt that the third and fourth are relevant.
The third is about coexistence of different Public Clouds. It is essential to almost any vendor of PAAS services.

The fourth is about Virtualization including multiple instances of Operating System. 
As far as Virtualization is concerned, Linux is a popular Operating System.
Red Hat is a Leading Linux vendor.  


The Public Clouds deployments are based on two Operating Systems Linux and Microsoft Windows.

Six years ago Forrester Consulting survey's  findings include the following:


1. Building a Private Cloud is a Priority of nearly half of all Enterprises.

2. Next Generation Cloud should be utilized Hybrid Platforms.
They were not limited to the two commodity platforms.

3. 67% of survey respondents said access to Mainframe Data was critically important or very important in cloud environments. 

It is possible that the percentage of enterprises thinking that Mainframe inclusion is crucial for their Private Clouds is not as high as it was in 2014. 

According to Forrester Consulting, the Next Generation of Private Clouds should include variety of platforms and Operating Systems including Mainframes.

 

Key questions about the Mainframe 


1. Resources for Continual Innovation and Development

IBM Mainframes are kicking and alive for almost 60 years. 

IBM 's work in adaptation and continual development of the Mainframe platform is impressive. 

For example, read: IBM z15 Mainframe First Take: Mission Critical Hybrid Cloud

Will the smaller and thinner "New co" have sufficient resources for continuing the adaptation of the Mainframe to the rapid Technological Transformation which surely take place?
If the answer to the question above is negative, the Mainframe market will gradually decline.


2. Intention and plans for Continual Innovation and Development

Even if "New Co" would have the resources, would it dedicate enough resources for Mainframe adaptation?
If the answer to the question above is negative, the Mainframe market will gradually decline.

 

3. In which types of Hybrid Clouds markets the new IBM will focus?

If its solutions will address Hybrid Clouds including Private Clouds (the Clouds defined in bullets 1 and 2 in the section titled "What is Hybrid Cloud?"), it is reasonable to include the Mainframe platform as part of the solution and the architecture. 

If IBM's focus would be the Hybrid Public Clouds markets based on Linux and Windows Mainframe's long-term Survival is unlikely.


4. Synergy Between IBM and "New Co."

The degree of synergy between IBM and new Co. is another key factor.

The Mainframe would benefit from High degree of Synergy

High Synergy implies more investments in R&D in key "New Co" products such as the Mainframe.

High Synergy implies joint Clouds projects, including Mainframes. 

The first impression of the announcement and other explanations suggest that it is unlikely that IBM's new CEO would encourage high Synergy. It seems more likely that the new model aims at isolating Platforms and Products which are not Core Products of "New IBM". 


Conclusions


The answers to the 4 Key questions in the previous section will decide the Mainframe's future.

Answers which imply no more Innovation and Development would signal End of Life of it.

End of Life means 5-10 years of declined market share and not immediate migration to other platforms.

Immediate migration is unrealistic even in case of decision to migrate immediately. 

Migration is complex, expansive and difficult to justify in Business terms. 


There are other scenarios. Some of them are better scenarios for Mainframe installations and employees.


Even in case of optimistic scenarios, after 60 years of IBM Mainframes, counting of the years until the Mainframe will be a small Niche platform has begun with IBM splitting into two companies.





 

Public Cloud Core Banking: Hype or Reality? - Revisited

  More than 4 years ago I was asked if Public Cloud Core Banking is a Hype or a Short Term Reality? If you had read the post, you would prob...