The top 10 new opportunities for software-defined infrastructure technology

December 18th, 2014 by AnnMarie Jordan

Peter ffoulkes, Research Director for Servers and Cloud Computing

As enterprise customers prepare for a cloudy future, there is significant greenfield opportunity for cloud-enabling technology vendors in the next two-plus years. We are continuing to see the balance of attention shift away from hardware- to software-based technologies, with seven of the top 10 by new opportunity being software.

The rise of software-defined infrastructure

Looking into the next two years, the biggest decision for enterprises and the biggest opportunity for technology and service providers lies with the choice of cloud platform, with more than 30% of respondents planning to select a platform for first-time deployment in the next two-plus years. This is followed by service catalogs at 20%, converged infrastructure at 18%, usage-based reporting/accounting at 17% and hardware cloud appliances at 16%. While the hardware-oriented integrated platforms play a significant role, it is clear that software-defined infrastructure is in the ascendant from a strategic decision-making perspective.


Anecdotal commentary illustrates the degree of transition and variety of circumstances faced by TheInfoPro’s respondent community in making technology selections:

  • “Dramatically more [spending on cloud platform] this year. I will increase it by about eightfold. We have some large applications that now have confidence that the cloud can deliver what they need, instead of the datacenter. Instead of a second datacenter, the cloud. [Why now?] Cloud maturity.” – LE, Transportation
  • “[The service catalog is] in production, but nobody uses it. It’s easier to call, and it just hasn’t got that sort of traction yet. It’s like putting my kids in the candy store – they get all confused, don’t know what they want. It’s got its value, but requires internal maturity of folks.” – LE, Financial Services
  • “[Converged infrastructure is] just rolling into production. It’s got a lot of hype. I don’t think it’s the solution for everything, but the business sees it as the magic bullet we’ve been missing, speed of delivery on projects. [Everybody in the business] thinks it’s the holy grail. On the ground [in IT], we’re a bit more cynical about it [converged infrastructure]. The advantage of the converged infrastructure team – they can do everything themselves [storage, network, etc.]. Other teams have barriers in place to prevent efficient delivery, you have to do things in steps, wait on other teams. My personal opinion, removing silos will speed up delivery.” – LE, Services: Business/Accounting/Engineering
  • “We will explore [usage-based accounting] how to show the costs, which will dovetail with our switch to a resource consumption model. It will be tied into the capacity planning side.” – MSE, Telecom/Technology
  • “[For hardware cloud appliance:] We are still looking, HP may not be the correct fit. The performance was not good enough to justify the cost.” – LE, Education

Telecom/technology companies put their network budgets toward equipment

December 11th, 2014 by AnnMarie Jordan

Daniel Kennedy, Research Director for Information Security

The average respondent enterprise for the Wave 11 Networking Study reported dividing capital expenditures (including network equipment) and operational expenses (including human resources) on a 39/61% split. That split, however, is influenced by industries more heavily invested on the equipment side, notably telecom/technology at 58% of budget, and consumer goods/retail at 56% of budget. Financial services came in at only 30% of budget invested in capital assets while having the second-highest average budget among industry verticals. Healthcare/pharmaceuticals was first among industries in average network budget, while telecom/technology, education and materials/chemicals came in with the lowest network budgets on average.


Network budgets in general have continued a multi-year upswing, with 44% of network managers reporting increased budgets this year over 2013, while 21% saw a budget decrease. Next year is not quite as positive: 29% predict further budget increases, while 27% predict their budgets will be lower.

Network managers provided the following commentary on their 2014/2015 budgets:

  • “Switching and routing and the core. Need to update too much of it – rip and replace for a lot of it, and getting the budgeting for that stuff – oy, so many different things. Target breach causes us to rethink where we are every time; we want a crunchy hard outside, gooey inside that’s hard to navigate.” – LE, Consumer Goods/Retail
  • “Cost containment; our budgets are not getting any larger.” – LE, Education
  • “Identifying sources of certain network issues, for example finding bandwidth hogs. We are able to do it, albeit [with] a fairly manual process to get that information. There are a lot of tools that can automate, but without much of a budget to speak of, I’m kind of forced into finding ways to do without or maybe learning how to script a lot of things we do as manual processes to get the information we need.” – MSE, Transportation



One-fifth of enterprises have no written plan for a data breach

December 3rd, 2014 by AnnMarie Jordan

Daniel Kennedy, Research Director for Information Security

Home Depot, Michaels and even Goodwill lead a list of companies that have seen more than 78 million records exposed in data breaches so far this year, according to the Identity Theft Resource Center. Thirty-one percent (31%) of security managers in our study said breach avoidance was a key metric in this year’s Information Security Study; however, what may be even more important is the reaction to the data breach once it happens. Are the right monitoring systems in place to capture what happened? Did the company react appropriately and decisively to the understanding that customer records were breached?


Despite the well-publicized risk, a significant percentage of security teams, 21%, do not have a plan in place to deal with a data breach if it happens. That preparation should take the form of a data breach response plan – something that relevant parties, including information security, IT, legal/compliance and corporate communications/PR, draft together that describes the breach response team and its members and their responsibilities, and designates a point person for centralizing communications and interfacing with senior management. The plan should be agreed upon in a calm moment after different scenarios have been thought out and planned for. It should identify potential gaps in information needed during scenario planning, and ensure that the right monitoring and logging systems are in place to deliver critical information when most needed.

Quotes from security managers on breaches in general from the Wave 17 Information Security Study included the following:

  • “You have to approach security as not ‘If someone gets in…’ but ‘When someone gets in…’ Early response and monitoring is much more important than it used to be. When your data is breached, you need the devices and tools to detect it and take immediate action. I want to be completely honest: We are going to launch a product by the end of the year that will address APTs, so I’m heavily invested in this arena.” – MSE, Telecom/Technology
  • “There is no good way of knowing whether there are incidents or breaches. No way to identify these occurrences.” – MSE, Transportation
  • “[On public cloud security:] Oh, God help us! Nobody knows what to deploy. We should have been doing this six months ago. I’m just sitting back waiting for the big breach. Show me a winning vendor.” – LE, Industrial/Manufacturing
  • “None. I think right now everyone is waiting for the next big attack. Everyone is aware of the Target breach, just waiting for the next big event. The tools are there, it is just a lack of using what we have effectively.” – LE, Financial Services

Availability trumps all in network services

December 1st, 2014 by AnnMarie Jordan

Daniel Kennedy, Research Director for Information Security

In the Wave 11 Networking Study, roughly 41% of network managers noted an increase in spending on third-party networking services. These services included outsourcing network operations (12%), consulting services (9%), network monitoring (8%) and total outsourcing of all network services (7%). When it came to judging the effectiveness of these third-party engagements, no measurement came close to availability.


Forty-seven percent (47%) of network managers interviewed noted availability or uptime measurements as the key indicator for third-party services. In a three-way tie for second at 15% each were time to recovery, project completion, and ‘informal’ or no hard measurements.

Quotes from security managers on managing their third-party networking relationships included the following:

  • “The line of business has no local point of sale, so the business can’t be down. However, they are going to DSL for less spending. Basic uptime, time to repair, mean time to failure. Want to include more transactional performance metrics; speed metrics with QoS.” – LE, Consumer Goods/Retail
  • “Installation stuff, of course, is timeliness of getting it done. The firewall management is time to respond to change requests and time and accuracy of responding to incidents or problems.” – LE, Education
  • “We’ve got site response, four- to six-hour response times, uptime guarantee, throughput guarantees.” – LE, Energy/Utilities
  • “There are different SLAs. For a critical down situation, their SLA is to resolve within four hours. Sometimes, we have to get equipment from our main area flown or driven over here. For non-critical, it’s next day.” – LE, Industrial/Manufacturing

Cloud-native and collaborative apps: low-hanging fruit for public cloud providers

November 25th, 2014 by AnnMarie Jordan

Nikolay Yamakawa, Analyst for TheInfoPro

From now to 2016, the largest opportunities for public cloud providers lie in collaborative and cloud-native applications, while traditional workloads appear more in non-cloud and private cloud environments. Only about 25% of enterprise workloads are deployed in cloud environments today, but our study respondents estimate that 50% will move to the cloud in the next two years. During that time, private cloud shows higher expected adoption as a primary workload execution venue than hybrid and public cloud, but not for all workloads.

About 74% of large and midsize enterprises plan to use public cloud providers for cloud-native applications, and 45% will do the same for collaborative apps. Cloud-native apps often combine private and public data sources, such as databases and social media, to produce information-rich environments for customers. Collaborative apps include email/info sharing that enterprises may not want inside their firewalls. E-business hosting also presents public cloud providers with significant opportunities in the next two years, but with fewer commentators citing public cloud as a primary workload execution venue than for cloud-native and collaboration apps. Traditional workloads appear to be more suitable for non-cloud and private cloud, due to data-sensitivity and privacy concerns.

Currently, cloud-native and collaborative apps are the low-hanging fruit for public cloud providers, but there are opportunities in other areas as well. To maximize these opportunities, vendors should better understand considerations that large and midsize enterprises from different industry verticals have when it comes to moving specific workloads to the cloud.


Study respondents expressed the following considerations for using different execution venues for collaborative and cloud-native applications:

  • “[Collaborative apps:] It could be cheaper for us now, seeing the cost savings. Also allows us to rapidly grow the environment – these are things that are quite low risk, if they’re down.” – LE, Financial Services
  • “Office 365 – to simplify the environment and standardize operations.” – LE, Healthcare/Pharmaceuticals
  • “That’s already moving out to the public cloud. Microsoft 365 and Citrix are the two main ones. That was an infrastructure decision they had talked about for quite a long time. A lot of it was not having to maintain capacity for that infrastructure, monitoring, uptime, everything else.” – LE, Consumer Goods/Retail
  • “[Cloud-native apps:] Really because of features. Vendor is saying they support more features in their public hosted version rather than the on-premises version we’re using today that we want so we have to move to it.” – LE, Healthcare/Pharmaceuticals

Proofpoint to acquire social media security with Nexgate

November 21st, 2014 by AnnMarie Jordan

Daniel Kennedy, Research Director for Information Security

Proofpoint followed up its acquisition of NetCitadel this year, as well as Sendmail and Armorize Technologies last year, with the announcement October 23 of an agreement to acquire social media security provider Nexgate for $35m. Nexgate, founded in 2011, has a set of products designed to identify and inventory a company’s social media accounts. It also provides tools for managing those accounts – such as update/approve workflows and keeping trusted configurations in place – and provides monitoring to avoid problematic social updates associated with a company’s brand (e.g., updates from outside hackers or from disgruntled/inept employees).


Proofpoint is most often cited under email security solutions in the Wave 17 study, reflecting the company’s early and best-known value proposition, capturing about 6% of responses under anti-spam/email security. Proofpoint has a number of offerings under this umbrella, including email security, email encryption, message archiving and data-loss prevention (DLP) solutions around outbound messaging, offered via both on-premises and SaaS-based delivery.

Quotes from security managers about Proofpoint from the Wave 17 Information Security Study included the following:

  • “Don’t know if we’ll renew Proofpoint or go to Microsoft 365. Feedback I’ve gotten – it [Microsoft] may be adequate but not as feature-capable as Proofpoint, but [offers] tighter integration in 365 environment. Biggest pro is no cost, cheaper. I question their ability to truly protect the environment as well as some of the established brands in that space.” – LE, Consumer Goods/Retail
  • “We will evaluate Proofpoint. We have to see. Proofpoint, we had just the basic conversation. When salespeople move their lips, they’re lying, so we have to see. Proofpoint may close some potential gaps.” – LE, Education
  • “Doing a POC to move. I am an original Postini person who won’t buy into Google, so we’re evaluating Proofpoint.” – MSE, Telecom/Technology
  • “Proofpoint’s record management and archiving is quite exciting for me.” – MSE, Education

The inverse nature of external cloud storage

November 19th, 2014 by AnnMarie Jordan

Marco Coulter, Research Director for Storage

Enterprise technologies are commonly deployed first in large enterprises. Then, as the technology finds more customers and costs decrease, the technology moves down into usage by midsize and smaller enterprises. However, public cloud storage is exhibiting a reverse pattern. The largest enterprises are lagging behind midsize enterprises in adoption. There are some good reasons for this, but not all the inhibitors are business-based.

Larger enterprises have a choice. Compared to small and midsize enterprises, they are much better equipped to build private cloud storage environments. Normally, they are staffed with a larger team of skilled technicians and have sufficient budget flexibility to resource the endeavor.

When we compare current implementation in the accompanying chart, only 16% of large enterprises are using external cloud storage to support production workloads, while 27% of midsize enterprises already have external cloud storage in use. Even when we take longer-term plans into account, MSE implementations will still outpace implementations among LEs for the next 18 months.


The various industry verticals identify different inhibitors to using external cloud storage. Security and compliance were some of the best reasons to be cautious about moving data to external cloud storage, although they are becoming less of a justification as cloud providers increasingly provide compliant offerings. Where compliance sets geographic boundaries, it will require a greater investment from providers to introduce new datacenters.

Some large enterprises may just be biding their time. Cloud economics do not always compete with internal architectures where the workloads are not elastic enough to see a benefit from hourly chargeback. Other storage professionals see the technology as immature compared to the hardened architectures developed internally.

On-premises cloud storage is seeing the opposite adoption path; it is being more heavily taken on by large enterprises than by midsize ones.

Narrative comments reveal that reasons for avoiding or deferring external cloud adoption range from specific legal guidance to simple reluctance.

  • “‘We’ve already investigated that. Conclusion was that we have so many different PCI and SEC compliances that the plan is to build our own private cloud.” – LE, Telecom/Technology
  • “When we talk about what’s happened and lawyers tell us … it’s illegal to put ITAR data in other countries and cheaper cloud can’t guarantee it won’t be stored out of the country. We just can’t trust it really. So no cloud.” – LE, Education
  • “No [external cloud] today. If we have a use case where the economics work, we’re willing to go there. Not averse to the model, but most of our demands are persistent, not elastic. The economics still favor an internal capitalized solution.” – LE, Financial Services
  • “Not gonna be able to get it cheaper outside. And a large firm already has alternate sites. I get it for small and medium-size businesses that don’t have infrastructure, but we do.” – LE, Financial Services
  • “Over the next few years, we expect cloud storage will be easier to get to. … Right now it’s still not very user-friendly to use.” – LE, Industrial/Manufacturing
  • “We’re against any cloud thing or any off-site thing.” – LE, Services: Business/Accounting/Engineering

Enterprise cloud platforms gather momentum: Watch OpenStack and ‘don’t blink!’

November 17th, 2014 by AnnMarie Jordan

Peter ffoulkes, Research Director for Servers and Cloud Computing


With the IT industry experiencing the biggest transformation since the introduction of the IBM PC in the early 1980s, it is not surprising to see some tectonic scale shifts happening. Some investment companies consider the big-name datacenter companies such as Cisco, EMC, HP, IBM and Oracle as zombies – the walking dead. The question has been asked: “If you had to pick one that might possibly survive, which would it be?” The answer lies in their ability to transform into major suppliers for a cloudy future.

‘If cloud is the future, which platform should I embark from?’

That, indeed, is the question. In our recently completed – and yet-to-be-published – enterprise platform study, the OpenStack community appears to be perceived as a light at the end of the tunnel in the enterprise journey toward the cloud and is gathering momentum like an oncoming freight train.

As part of 451 Research’s Customer Insight service, new data from the recent Wave 14 Servers and Virtualization Study shows cloud platforms as the technology with the greatest upside opportunity for first-time adoption in the next two-plus years at 31% of respondents, 10 percentage points ahead of service catalogs, the next-highest technology. As the development and deployment environment for future enterprise workloads, the choice of cloud platform is a critical strategic decision, probably the most important choice enterprises will make in the next two years.

Twelve short months ago, VMware was the leader for cloud platforms, with 12% in use and 19% in plan. Just a year later, in-plan consideration for VMware-based cloud platforms has dropped from 19% to 16%, while the OpenStack community planned usage has doubled from 7% to 14%, nipping at the heels of VMware. It should be noted that this survey was completed prior to VMware’s announcement of its ‘VMware Integrated OpenStack’ offering, and that the OpenStack Community numbers do not include VMware. In addition, since this data is based upon vendor citations, the OpenStack community numbers may include some legacy technologies offered by the community members and, thus, represent a best-case scenario for OpenStack. Either way, the data supporting the growing momentum behind OpenStack is compelling.

Anecdotal commentary illustrates the early-stage thoughts expressed by TheInfoPro’s respondent community about cloud platforms and OpenStack:

  • “Cloud platform, looking at HP, OpenStack, IBM, as well as some others. Right now we’re testing VCAC.” – LE, Financial Services
  • “Shifting from CloudStack to OpenStack.” – LE, Other
  • “They are looking to sunset vCloud Director, the front end we use. Will retire it in favor of direct access.” – LE, Services: Business/Accounting/Engineering
  • “OpenStack (RHAT) – frankly, the team here is still trying to figure out how and why to use OpenStack. Take Research out of the equation, and VMware is the overwhelmingly dominant hypervisor. There’s this push to get out to AWS for public cloud, for reasons that may not be coherent. OpenStack is an attempt to build an open source private cloud, but I’m not sure we have the use cases for that.” – LE, Education
  • “OpenStack – in our calendar, we have a bit of a lull in January and will pilot OpenStack for about three months to see how it might fit into our strategy. The VMware licensing takes a big bite, and this could be a cost-efficiency solution for us. Will look at Hyper-V at the same time.” – MSE, Public Sector

NAC heats up

November 14th, 2014 by AnnMarie Jordan

Daniel Kennedy, Research Director for Information Security

Network access control (NAC) is seeing renewed interest in the current mobile computing environment, where security and system requirements must be enforced on guest laptops, and increasingly on employee-owned mobile devices. As a result, NAC sits atop the Wave 11 Information Security Study’s Network Technology Heat Index. This ranking is more a reflection of interest than implementation. In other words, most of our respondents’ NAC plans are in the long-term or past-long-term range, indicating a penciled-in plan to deploy NAC, rather than projects currently under way.


NAC shows short-term growth potential of 7 percentage points, with an additional 13% of interviewed network managers penciling NAC into their longer-term plans. Somewhat stagnant as recently as 2010, NAC has received increased attention due to issues in managing mobility and guest networks. One-fourth of network managers with the technology in place plan to spend more on it in 2015. Cisco retains a sizable lead in both in-use and in-plan implementations of NAC, with Aruba Networks having a growing but still-distant second position, and other players including ForeScout capturing enterprise share.

Quotes from network managers implementing NAC in 2014 included the following:

  • “It’s [NAC] creeping in. Because of the wireless devices, bring your own device, it’s forcing the issue that we have to have it be able to say ‘I’m sorry, you are not allowed here, you are only allowed here,’ and vice versa. We have BYOD in places we don’t want them right now.” – LE, Energy/Utilities
  • “Network security. We need a NAC solution.” – LE, Consumer Goods/Retail
  • “Using Cisco for end-user connections, but Aruba is the brains.” – LE, Consumer Goods/Retail
  • “We’re sticking to wireless, doing all our wireless stuff with it. Those things that go away and come back filthy.” – MSE, Energy/Utilities

VMware shows greatest future opportunity among self-service catalog alternatives

November 12th, 2014 by AnnMarie Jordan

Nikolay Yamakawa, Analyst for TheInfoPro

VMware took the lead in future project plans for self-service catalogs in the large and midsize enterprise space, which favored homegrown approaches for future deployments in our prior study. Pioneered by early adopters, the do-it-yourself approach continues to lead in implementations, but as digital infrastructures evolve, requiring more resources to maintain self-service catalogs, vendor-offered alternatives may gain traction. VMware currently shares second place with ServiceNow for implementations, but will become a close sole runner-up to homegrown approaches upon successful conversion of future project plans into use cases.

VMware is the main beneficiary of future project plans for self-service catalogs; these cited plans increased from 28% in 2H 2014 to 34% in 1H 2014. In-use implementations did not experience a similar uptick between the studies, with about one-quarter of respondents reporting deployments year over year. Spending intentions remain positive for the technology, with 23% planning to increase spending in 2014 and 29% in 2015, compared with just 1% and 3% planning spending cuts for the same time periods.

Given that there are more enterprises planning to implement self-service catalogs than those already using the technology today, there may be considerable changes on the vendor landscape in the future. VMware shows the highest future opportunity among self-service catalog alternatives at the moment, with many IT professionals having familiarity with the vendor’s technology from virtualization. Time will tell if VMware can convert future project plans into implementations as enterprises search for new, cost-efficient approaches to enable agile, automated and adaptable infrastructure.


Study respondents had the following commentary about their considerations for self-service catalogs:

  • “If VMware has an offering there [self-service catalogs], we’re so invested, we’ll look there first.” – MSE, Other
  • “There have been talks about it [a self-service catalog], but a lot of other things have to come first.” – LE, Consumer Goods/Retail
  • “[Self-service catalog is] part of cloud initiative; until we get that going, it’s not going to happen.” – MSE, Healthcare/Pharmaceuticals
  • “[Top projects:] Tangential to that is a project around overall IT service management; that has orchestration as part of it, but it also is defining the service catalog and publishing that catalog into self-provisioned services.” – LE, Consumer Goods/Retail