Data Meets Infrastructure: Sovereignty, Security, AI – Infrastructure Matters, Episode 46

Data Meets Infrastructure - Sovereignty, Security, AI | Infrastructure Matters, Episode 46

In this episode of Infrastructure Matters, hosts Camberley Bates, Steve Dickens and Krista Macomber check out the impact of data and the actions in terms of sovereignty, management, security all in the scope of the AI craze.

Key topics include:

  • The latest on data sovereignty, including where data resides and its ownership, particularly in the context of regulatory frameworks like the Digital Operational Resiliency Act (DORA) in Europe.
  • The meaning of Oracle’s recent billion-dollar investment in Spain, and the importance of data center locations and the concentration risks.
  • How has data management moved with the investment in AI, or has it?
  • How AI has is transforming the call centers and job satisfaction, an example of the power of AI
  • Quick review on Fortra, penetration testing and vulnerability validation and how being used to further protect enterprises.

You can watch the video of our conversation below, and be sure to visit our YouTube Channel and subscribe so you don’t miss an episode.

Listen to the audio here:

Or grab the audio on your favorite audio platform below:

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this webcast. The author does not hold any equity positions with any company mentioned in this webcast.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.


Camberley Bates: Good morning everyone, and welcome to Infrastructure Matters. I am your host, Camberley Bates today, and of course, I’m with my wonderful co-host, Krista Macomber and Steve Dickens. As we go into some of this holiday week, well, Steve, it’s not a holiday for you. You’re a Brit, we’re American.

Steven Dickens: I don’t celebrate July 4th. I don’t know why.

Camberley Bates: Oh, somebody’s celebrating. That’s your dog. The dog shows up.

Steven Dickens: Let’s keep rolling, the dog’s a part of the show by now.

Camberley Bates: We’re rolling the show. Okay. So welcome to Infrastructure Matters. I think we’re at number 46, which I think is amazing. We’ve got some cool stuff to go talk about. We’re going to touch on security, which we always seem to do. We’re going to touch on AI, which we also are seeming to do.

Steven Dickens: It’s 2024, we’ve got to talk about AI.

Camberley Bates: 2024.

Krista Macomber: That’s true.

Camberley Bates: Something like that. So here we go, the first thing that I wanted to bring up is that we were going to wax on a bit more about Sovereign Cloud, and we keep on hearing a bunch of items about bringing out Sovereign Cloud, where the element is. I had an interesting conversation with Equinix this week that is not necessarily Sovereign Cloud, but it has to do with that so I want to bring that up. It has to do with data and where you place your data and stuff. But Steven, I want to turn it over to you and let you bring up that topic.

Steven Dickens: Yeah, so it’s interesting. Oracle made some announcements this week. Investing a billion dollars in data center capacity and new features in Spain. So you’ve heard me talk on this pod, anybody who tracks my research notes knows I’ve been writing about this IBM investing in Canada, AWS and Oracle investing in Japan, Google investing, all of these guys are investing and it seems to be the cost of investments about a billion dollars. So that’s the watermark that you get through all of these. The one that interested me particularly in the Oracle announcements was the reference to DORA. That’s not Dora the Explorer.

That’s not Dora from a DevOps perspective. That’s the Digital Operational Resiliency Act in Europe. This is Europe getting ahead like it did with GDPR ahead of regulatory framework, which is going to bleed back into the US. And we’re already seeing this.This is the concentration risk that the EU regulators are seeing of the smaller countries collapse into something like an Equinix data center. And then what you see is you may have a multi-cloud strategy, but what you’ve got is a data center concentration risk. So I’ve been tracking with the UK banking regulators. They did some work probably two or three years ago now, which probably fed into DORA, but there’s obviously a EU-UK factor her, but probably fed in. There’s a couple of big Equinix data centers on the outskirts of London and all the banks were putting their cloud infrastructure into those two data centers. Well, that’s great that you’ve got infrastructure on AWS, you’ve got infrastructure on Google, you’ve got infrastructure on Microsoft, but if a terrorist blows up the Equinix data center, your multi-cloud strategy means nothing.

So DORA is a set of regulations, and we’ve been working with the mainframe guys on this because they’re obviously thinking about this most from a resiliency perspective is a data strategy. Where do I put third copies of data? Where do I put immutable copies? So there’s a backup and data protection component to this, but there’s also an operation resiliency mindset that the mainframe guys are obviously tuned into. But everybody else has got to think about where is the physical servers going to run? Where’s the workload going to run? What’s the time objective and recovery point objective? How do I think through this? So serverless is the high level of we don’t care about infrastructure. I hate that phrase because it always runs on a server somewhere.

If you look at that, we’ve abstracted too far away with serverless. This is the EU going, “We need you to get back to operational resilience. We need you to start thinking about this stuff because if it all goes bump in the middle of the night, stuff like banking’s got to work.” So it’s really interesting. It’s the first time I’ve seen one of these announcements around Sovereign Cloud specifically referenced DORA. There’s obviously the geopolitical piece of EU banks wanting their data in the EU and specifically Spanish banks wanting their data in Spain. Would Santander be comfortable putting their data in Paris? I don’t think so. Yes, they’re all part of the EU and you guys all call it Europe, but these are very distinctly different countries.

Camberley Bates: Spaniards don’t speak French? French don’t speak Spanish?

Steven Dickens: No, no. Unless you live in Andorra and you speak both because you’re up in the mountains in a ski resort. But all joking aside, the CIO of Santander is thinking very differently to the CIO of Credit Agricole about where do they put their infrastructure all while they’re European. So I think that just plays into it as well.

Camberley Bates: Very, very good. And the conversation that I had was not necessarily around sovereignty. Well, it was sovereignty, sovereignty being I own my own data kind of thing as opposed to…

Steven Dickens: That’s part of it. That’s part of it, I think.

Camberley Bates: As opposed to a country or that sort of thing. But we were talking about this concept of where data, and I’m going to move into the AI side of it, where the compute needs to move close to the data.

Steven Dickens: Well, I think that’s the other component. You’ve got the country part of sovereignty, but you’ve got the data ownership sovereignty, and I know you’ve guys look after that space more, but there’s two angles to this very definitely.

Camberley Bates: Yeah. And the data being such gravity and weight as well as expensive to store in as we’re finding in the cloud. So there’s been a tendency to want to store it onto your own systems, but then how do you deal with your own systems, to your own data being able to access AWS, Google, Microsoft, and flip between them?

And that is one of the unique things that had been tracking quite some time, but also was getting more or less an update about where things were on this with the Equinix piece where you’re using that interconnect that Equinix has, that allows you to, from an AI standpoint, stick that box right there with the data and be able to go and flex as a data scientist into any cloud that you want to go into. That’s very, very powerful.

Steven Dickens: Well, I think the key for me, and we keep saying this phrase, move the AI to the data, not the data to the AI. I think this is why I’m seeing Oracle doing so well with it’s Cloud@Customer and its Exadata and its Exascale connectivity to OCI. Where I see those guys, they made some heat wave announcements this week, Ron covered those. I think there’s just a general trend. This is bringing Vector and other capabilities into the classic Oracle portfolio. People are going to be bringing AI to the data, not vice versa.

So whether that’s the physical location of the data, whether that’s which database the data’s in, what the services that connects to it, there’s lots of things to unpack around that piece. But data ingress and egress fees are huge. I’m not going to go move my multi-terabyte, multi-petabyte data store off-prem into the public cloud just to connect an LLM to it. It’s going to cost a small fortune and, Krista, you know this better than I do, a whole bunch of other data management and security problems when you move that data.

Camberley Bates: Yep.

Steven Dickens: It’s interesting. I pivoted to you there. How are you seeing that from a data protection, data management data security perspective?

Krista Macomber: Yeah, I would agree, Steven, with all the comments from you and Camberley and just going back to your initial comments, I actually really do love talking about resiliency because that’s really what it’s about.

Steven Dickens: You’re a partner in crime with me on this topic, don’t you?

Krista Macomber: Right? It’s interesting. A lot of the data protection companies are really leaning into that message, and I think it’s for a good reason, right? Because it’s about not only inhibiting the attackers from getting in, but also minimizing the impact in terms of data loss and downtime. And so it’s interesting because regulations like DORA, they’re almost providing a framework for companies when we think about resiliency. So it’s almost setting the stage for what the best practices are. And another component that you were alluding to was it is not just about the technology, but it’s about the processes as well. So it’s about, okay, making sure that we all have our plan in place for what our individual roles are when a cyber incident occurs and when we need to recover.

And I’ll just add as well, you touched on basically your service levels for recovery point objective, recovery time objective, how long are you down, how much of your data loss? And what’s tricky is that it’s in many cases it’s best efforts. We’ve been talking about this for years now in the context of these cyber attacks because they all look and act a little bit different and it’s going to depend on what exactly was impacted. So it’s almost not completely upending, but it’s certainly, I would say when we think about data protection, disaster recovery, it’s really changed the game. And I would say it’s really changed how we think about it really.

Steven Dickens: It’s almost as if there needs to be a podcast that describes how infrastructure matters.

Camberley Bates: So then when I was tying the pieces together, we started talking sovereignty, which sovereignty was all about where the data resides. We started talking about AI issues, about moving the compute to where the… Talking about resiliency and recoverability and it’s about where the data is, and then we’re finally getting into that point of cybersecurity, et cetera, and how all this is tying around. Maybe Data Matters, not Infrastructure Matters.

Steven Dickens: Oh, I feel a sister podcast coming on. I wondered where you were going with that then for a moment, I could see your wheels turning.

Camberley Bates: Okay, so here’s the next one. So I know this week we had some briefing calls with Tohisi. Some of the stuff is roadmap work that we’re talking with them about, but some of it is current on the Gaia. I keep saying Gaia because we have this company here in Boulder that pronounces it that way. But so Gaia and what they’re doing with that, which has all to do with data classification and visibility, and it’s interesting how you’ve got Oracle and the Sovereign Cloud as we’re in placing things, but they’re all a little tied together about data matters.

Krista Macomber: Right?

Camberley Bates: Go ahead, Krista.

Krista Macomber: Sure. Yeah, and to your point, Camberley, we can’t talk much in specifics because a lot of it really was forward-looking, but I think Gaia is a very interesting use case because right off the bat, Cohesity has really been leading into retrieval, augmented generation, RAG, to really enhance the context of the insights that it is returning back to the user by using Cohesity Gaia. So we really had a great conversation with them regarding, again, some of their future plans, but also really just some of the security considerations when we think about using a tool like Gaia. Because there really are either two sides of the coin. Of course there’s the ability to use AI to enhance operations on a daily basis, but then there’s also the ability to use Gaia or other AI tools in general for more of a chatbot assistant type feature.

And to your point, Camberley, when we think about the fact that it is really aligned around the data classification, the ability to return for highly contextual insights, I would say the data privacy is always a concern with AI. So how do I make sure that I have the proper access controls and things of that nature in place to make sure that I as a user, I’m not able to access sensitive or compliance data that I’m not supposed to access. So we have certainly leaned into them on some of those conversations as well. And again, a lot coming in the roadmap, but certainly there’s a lot of conversations we’re having in those areas these days.

Camberley Bates: So continuing on our two themes, talking about AI infrastructure, Steve, you’re going to talk a little bit about AI infrastructure and espouse on a little bit about what we’re seeing with this Lenovo or maybe HPE space stuff that’s going on.

Steven Dickens: So we covered Discover last week from here. I’ve been spending a whole bunch of time with Lenovo this week with what they’re calling AI for all campaign and trying to dig into the details. It’s nothing specific around a particular announcement, it’s just what I see an industry trend. I was chatting to one of the press about specifically Lenovo and what they’re doing and some of their announcements. I think for me it’s curation. It’s around people not knowing where to start. I know I’ve got to do something, but I don’t know what that something is. Lenovo is doing a great job of pulling together 165 different applications in its AI innovators program. HPE is doing a really good job with its private cloud for AI T-shirt sized models.

I think if we speak to enterprise architects as we do, they know they’ve got to do something and they know they’ve got to do it fast. It’s interesting, Lenovo even calls it services FastStart. So I think there’s this whole piece, and as I say, there’s nothing specifically from an announcement point of view. It’s more around where is the market right now. I think from a maturity point of view, we’ve gone past the do I need to do something phase and we’re now into, I know I need to do something. What is that something and how do I get started fast? And I think that from the vendors and you are better plugged into Dell than I am, but I’m certainly seeing that from HPE and Lenovo. You seeing it on the storage side, Camberley?

Camberley Bates: Well, I think already we’re a little bit beyond even slightly where you are. Many of the companies have already started on the initial pieces. And the easiest place to start, of course we’ve talked about this before, is in programming, in coding. So they’ve gone there and now they’re getting their experiments up and we’re seeing maybe some of the chatbots not performing the way they want to. So they’re having to go back to and retrain, regroup, re-whatever. And we’re at that stage of starting to learn the limitations, learn the requirements, learn how do you build and how you bring up. And so we’re seeing some of those first guys getting out there. Within that, the other people that are coming up behind them are saying, “How fast can I move on that infrastructure?” And that’s why we’re seeing these companies, whether it’s Oracle, HPE, Lenovo, Dell, and even NetApp.

The storage people are bringing systems together and that can deploy quicker than if I built up my own system myself. And so even Equinix, it talks about what they’re trying to bring to market in terms of the AI solutions that are in the market. So it is overall, that infrastructure piece of it is how do I make that easier? And heck, we saw this back when we were putting up the websites for the first time in 2000, right? Websites were very difficult to put up to a certain extent at that point in time. So once we could containerize it or put it in a box and ship it out, then all of a sudden we could see the proliferation of e-commerce, et cetera. That was everything that we all scratched our heads about at that point in time, but then it exploded from that point on.

Steven Dickens: It’s interesting you mentioned chatbots there. I spent some time with the team at Five9, they’re a contact center company. I stay connected to these guys because obviously the cloud infrastructure piece is where we spend the majority of our time. And Keith Kirkpatrick on our team focuses on the software as a service, guys, but I stay connected to Five9. It’s really interesting as we talk about use cases for AI, one of those is in the call center. I think it’s now in my top three of most obvious things you should go do. You should be using AI for developers, you should be using AI for chatbots, you should be using it in your call center. But the conversation I had with those guys was really fascinating.

There’s two perspectives in the market and it plays into the is AI killing jobs high level narrative that we hear in the market? I don’t see it that way at all, and I don’t see it that way in the call center. I see it in a way of those call center teams, all of us call into call centers and I had a fantastic experience with United that I posted on X about. We’re all looking for that moment where amazing service, this person saved me 1,500 bucks on a flight to Japan. She was fantastic giving us advice about how to connect from various airports. And it was just an amazing case study of experience, Kudos to the Premier 1K team at United. But I see it as an ability to unlock, and this was the whole conversation with Five9, it’s a cheat code. It unlocks a 30 to 50% productivity.

I think the smartest organizations are going to look at that unlocking of AI productivity and go, “I could do two things. I could reduce the number of people in my call center by 30 to 50%, or I can increase the service, reduce wait times, unlock that premier service, that project I’ve always wanted to do or do some innovation in the call center.” And I think the smart organizations are going to do the latter, not take the reduction. So I don’t spend much time in the call center space, but it was fascinating for me, the briefing and the discussion we had around how the downstream effect of the work we’re doing at an infrastructure level is finding its way through into the call center and how there’s an opportunity to innovate, add value, improve service, and do all those things using this technology.

Camberley Bates: Well, if you look at call centers, one of the big things about call centers is turnover. Depending upon the kind of call center you have, you could probably have over 120% or more turnover later, so if what I can do is make call center operations more tenable, more engaging, more I’m assisting and I can have more of a reward of what my work is, which is what happens when somebody helps somebody else. Whenever we’re helping somebody else, we get all the Kudos back to ourselves about good about something that we’ve done for somebody. And that goes up from a call center person.

If I’m able to do that and that call center person or whoever that service person is is able to streamline the systems that they’re having to navigate, which often they are having to navigate stuff, this is how this works. Especially when you’re talking to an airline agent and she’s going through this system and this system and “Let me look at this”. Things was like, God forbid what she’s working on in front of her, or he. I shouldn’t just say a single gender here, but so the easier that we make that the more streamlined and more information we can give people to make their own decisions, they feel like they’re more in control of the life and they’re bringing more value back to the people. And that’s what makes those jobs important and meaningful.

Steven Dickens: I haven’t thought of it from the actual agent, I was thinking of it from the consumer, but you make a really good point there, Camberley.

Camberley Bates: Yeah, it’s a job satisfaction situation, and I think that is really super important.

Krista Macomber: Which in turn will help the end consumer be happier as well.

Steven Dickens: Virtual circle, right? Exactly.

Camberley Bates: Absolutely, that you have…

Steven Dickens: Exactly.

Camberley Bates: Yeah. So let’s see what else we’ve got on our list. Here we talked about, but there’s one… Okay, so we weren’t going to talk about this, but I think it’s a cool discussion. And that was the penetration testing conversation that you had, which is I think still goes into this discussion we’re having from a Sovereign Cloud and all that kind of thing, because this is the black hat-white hat thing that’s going on, right?

Krista Macomber: Yep, exactly. Exactly. So this particular conversation, it was with a company called Fortra. As I’m expanding my coverage of cybersecurity, I’m definitely broadening the companies I work with and for a company like Fortra, they play in many areas of the security market. So I’ve been trying to chunk off pieces and have conversations in specific areas. And so they gave me an overview of their solution and they support, and I have my notes over here if I’m glancing over, but they support effectively two components.

One being vulnerability validation, and the other being your more standard penetration testing. The ability to identify attacks can attempt that brute force there. The stat that really stood out with me is, so going back to the discussion we were having at the start around compliance, they did say that they’re supporting that for audits, and they have customers that will maybe one year do their penetration for testing for their audit in-house and then outsource it the next year. And so they think they’re in good shape, but they said for one client, they did not disclose who it was, but Fortra identified about approximately 300 credentials that were compromised, and approximately one third of those were admin related.

Camberley Bates: That was a bad morning for the CIO to get that report.

Steven Dickens: Yeah.

Krista Macomber: Right?

Steven Dickens: Geez. That’s terrible.

Krista Macomber: So yes. So that was really the stat that I walked away with and I think it’s just staggering. You think you’re in good shape, but the threat landscape is evolving so quickly. And in particular, the fact that one third of those were admin related, that’s what we’re seeing attackers are focusing on today. They’re focusing on those legitimate credentials trying to log in versus hack in, and that’s how they’re really looking to gain access to critical infrastructure. So definitely it was a very interesting conversation and I think really hit the nail on the head in terms of a lot of the critical issues that we’re seeing from a security perspective these days.

Camberley Bates: Yeah. Okay. Well, that wraps another day. Thank you very, very much for tuning in. Thank you Steve and Krista. This has been a great conversation this morning. Don’t forget to click and like and pass on and share and all those things that you’re supposed to do with our incredible podcast. And we thank you very, very much for tuning in because we’ve got a super great following. So it is very rewarding to be able to do this. Have a great day.

Krista Macomber: Thank you.

Other Insights from The Futurum Group:

Oracle’s $1B Investment in Spain: Enhancing Data Sovereignty & Resilience

The Rise of Sovereign Cloud in a Dynamic Geopolitical Landscape

DORA Compliance and Resiliency for the Mainframe: Proactive Strategies for Operational Continuity

Author Information

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data center practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

Krista holds a Bachelor of Arts in English Journalism with a minor in Business Administration from the University of New Hampshire.

Camberley brings over 25 years of executive experience leading sales and marketing teams at Fortune 500 firms. Before joining The Futurum Group, she led the Evaluator Group, an information technology analyst firm as Managing Director.

Her career has spanned all elements of sales and marketing including a 360-degree view of addressing challenges and delivering solutions was achieved from crossing the boundary of sales and channel engagement with large enterprise vendors and her own 100-person IT services firm.

Camberley has provided Global 250 startups with go-to-market strategies, creating a new market category “MAID” as Vice President of Marketing at COPAN and led a worldwide marketing team including channels as a VP at VERITAS. At GE Access, a $2B distribution company, she served as VP of a new division and succeeded in growing the company from $14 to $500 million and built a successful 100-person IT services firm. Camberley began her career at IBM in sales and management.

She holds a Bachelor of Science in International Business from California State University – Long Beach and executive certificates from Wellesley and Wharton School of Business.

Regarded as a luminary at the intersection of technology and business transformation, Steven Dickens is the Vice President and Practice Leader for Hybrid Cloud, Infrastructure, and Operations at The Futurum Group. With a distinguished track record as a Forbes contributor and a ranking among the Top 10 Analysts by ARInsights, Steven's unique vantage point enables him to chart the nexus between emergent technologies and disruptive innovation, offering unparalleled insights for global enterprises.

Steven's expertise spans a broad spectrum of technologies that drive modern enterprises. Notable among these are open source, hybrid cloud, mission-critical infrastructure, cryptocurrencies, blockchain, and FinTech innovation. His work is foundational in aligning the strategic imperatives of C-suite executives with the practical needs of end users and technology practitioners, serving as a catalyst for optimizing the return on technology investments.

Over the years, Steven has been an integral part of industry behemoths including Broadcom, Hewlett Packard Enterprise (HPE), and IBM. His exceptional ability to pioneer multi-hundred-million-dollar products and to lead global sales teams with revenues in the same echelon has consistently demonstrated his capability for high-impact leadership.

Steven serves as a thought leader in various technology consortiums. He was a founding board member and former Chairperson of the Open Mainframe Project, under the aegis of the Linux Foundation. His role as a Board Advisor continues to shape the advocacy for open source implementations of mainframe technologies.


Latest Insights:

The Six Five team discusses Sequoia/A16Z/Goldman rain on the AI parade.
The Six Five team discusses Oracle & Palantir Foundry & AI Platform.
The Six Five team discusses AWS Summit New York 2024.