The Futurum Group's Statement on Israel

Infrastructure Complexity: Bridging the Gap Between IT Operations and Security – Infrastructure Matters Episode 15

Infrastructure Complexity: Bridging the Gap Between IT Operations and Security - Infrastructure Matters Episode 15

In this episode of Infrastructure Matters, hosts Steven Dickens and Krista Macomber discuss various topics related to the IT landscape. Key highlights include:

  • Veeam’s Acquisition of CT4 and the Future of Data Protection: A focus on the fragmentation and challenges in the field of data protection, emphasizing the proliferation of SaaS applications, public cloud resources, and on-premises data– specifically, Veeam’s acquisition of CT4 and the company’s Cirrus platform.
  • Nutanix’s product enhancements for ransomware detection and one-click recovery.
  • TeleSign’s Efforts in Security: TeleSign’s messaging platform, which seeks to streamline and secure the omnichannel interactions customers have with vendors, from email confirmations to multi-factor authentications.
  • Collaboration Between IT and Security Teams: Takeaways from research on C-level executives highlighting the need for IT and security teams to work together. This collaboration aims to address the sprawling data across hybrid cloud environments and the inherent risks.
  • Ransomware and AI: The potential of AI and anomaly detection in identifying ransomware attacks, highlighting the importance of tools that can identify threats early and act swiftly.

Overall, the episode underscores the significance of data protection and security in today’s complex, multi-cloud IT landscape.

You can watch the video of our conversation below, and be sure to visit our YouTube Channel and subscribe so you don’t miss an episode.

Listen to the audio here:

Or grab the audio on your favorite audio platform below:


Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this webcast. The author does not hold any equity positions with any company mentioned in this webcast.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.


Steven Dickens: Hello, and welcome to another episode of Infrastructure Matters. I’m one of your hosts here today, Steven Dickens. And I’m joined this week by Krista Macomber. Hey, Krista, welcome to the show.

Krista Macomber: Thanks so much, Steven.

Steven Dickens: We’re getting into a groove of doing these now. It’s either Camberley and you, or me and you and Camberley, or… We’re getting into a groove with these.

Krista Macomber: We definitely are, and I know some weeks we get all three of us, which is always great. But Camberley, she’s on a wonderful trip right now, I believe, over to Portugal. So, hopefully she’s taking a nice little disconnect from email and all that stuff, recharge the batteries and take in what sounds like will be a wonderful trip.

Steven Dickens: I know. I’m glad she’s not sending us photographs and lording it over us because I am very jealous, let’s put it that way.

Krista Macomber: Me too.

Steven Dickens: So, we’re going to keep the show rolling here. So, interesting week for news. I’m off on a few weeks’ worth of travel, so it’s been good to sort of track the news from home. What’s been top of mind for you this week, Krista, as we dive in here?

Krista Macomber: Yeah, Steven. So, there was a couple of announcements that I participated in writing some research notes on this week. I think from my perspective, probably the headlining news came out of Veeam this week. So, Veeam, they acquired this platform called Cirrus, like the cloud, and the company that developed it called CT4. And the relevance here is that it is going to give Veeam its own first-party offering for backup-as-a-service. Excuse me. This is a market that Veeam has played in through working with its cloud service provider partners and through having some offerings in cloud marketplace, like AWS and Azure, and they’ve gotten some great traction. When we think about also using this backup-as-a-service capability to protect SaaS applications, Microsoft 365 being one example. Veeam has been very proud of its traction, was an early mover in the space.

So, this is essentially going to give Veeam kind of that third option for customers to be able to buy backup-as-a-service directly from Veeam. So, it’s going to be really exciting to see the team from the company, CT4, that developed the platform is going to be reporting directly into Danny Allan, who is Veeam’s CTO. We had the wonderful opportunity to be pre-briefed by him. It’s always a great conversation with him. So, really just kind of charged up to see what comes out of this team moving forward.

Steven Dickens: So, is the right way to think about this, is it similar to what Commvault’s doing with Metallic? Is that the kind of… I mean obviously, these guys will be driving their own differentiation, but is that a simple way to think about it?

Krista Macomber: Yeah, so it’s definitely along a similar vein. I would say they will be competing against each other. So, it’s interesting, excuse me, Steven, about this Cirrus platform is essentially what it does is it actually front ends Veeam’s technology. So, actually, Cirrus was developed on top of Veeam’s existing backup offering for Microsoft 365. And what it does is it provides a completely cloud-native microservices-based front end for, again, that Veeam data mover and backup and recovery technology. So, yeah, they will compete against each other and that is, from my perspective, what is really interesting about the platform.

Steven Dickens: Yeah, I mean this place is certainly hotting up for sure. I think the Metallic platform’s really gone gangbusters for Commvault, so I’m kind of not surprised here. But it’s interesting the piece that you mentioned around moving from some of the marketplaces through to offering their own first-party solution. Is that how you see the market evolving more generally?

Krista Macomber: Yeah, I think in general, I do think it will. So, taking a little bit of a step back. So, I think the marketplace, that certainly is a great option for customers that want to just maybe slide their credit card, so to speak, and have maybe this more high-touch model on the part of the customer, where maybe they have to worry about managing their infrastructure, whether that be cloud infrastructure or on-premises. So, that with the Cirrus solution, it’s going to allow Veeam to directly manage that infrastructure from a storage perspective for the customer. So, it’s a great model for that.

And what I would add as well is that Veeam is still very much remaining committed to its cloud service provider partners. Danny Allan made sure to highlight that to us in our conversation with him. I know it was a part of the announcement as well. And that’s really because these partners can go ahead and add other managed services capabilities and functionalities on top of what will be the Cirrus by Veeam offering. So, it’s really the best of all worlds from my perspective for customers. And it really does reflect where we’re seeing, I would say data protection, but really, I know we’re the Infrastructure Matters Podcast, but really where we’re seeing infrastructure heading in general, which is again, having that flexibility so that customers can, excuse me, not only can consume it as they want, but also really look to their technology providers for whatever level of support they’re looking for, whether it be that upfront deployment, ongoing maintenance and management and things of that nature.

Steven Dickens: I think the optionality is the key takeaway here for me. Sometimes you’re going to want that to be in an AWS marketplace. Sometimes you’re going to want it on GCP. Other times you’re going to want to consume it as a first-party service because maybe you’re working in a different geography and there’s not a presence for one of those… And I mean, I think what we’re seeing, and this is probably why we record this podcast every week, is customers are looking for options, they’re looking for flexibility. Their infrastructure increasingly matters on how they provide it and how they’re, particularly from a ransomware perspective, backed up and got the data secure. So, I think one size fits all isn’t working for anybody as I see just more generally as a broad trend, and I think that just speaks to that overall point.

Krista Macomber: Absolutely. And I mean, you brought up the ransomware equation. And I think especially when we think about data backup, data recovery, it’s very critical to make that as seamless as we can and make sure those backups are there to make sure that recovery is possible in the event that we’re hit. So, what I think is particularly relevant when we think about backup-as-a-service is that oftentimes it is to protect some of these SaaS applications because users are wanting to consume that functionality as they are consuming their application. So, they’re looking at it as, “Okay, if I’m subscribing to Microsoft 365 in the cloud, and then I can kind of add on this cloud-based service for protection and not have to worry about it too much, then that’s just kind of a win all around.”

Steven Dickens: Yeah, exactly. Exactly. Any other news from you this week that stood out?

Krista Macomber: Yeah, yeah. So, one other thing also looking at really, I guess ransomware resiliency. So, Dave Raffo, on our team, and I, we had the opportunity to be briefed by . They had an announcement this week regarding the ability to identify ransomware through anomaly detection. So, that was really interesting. They also, alongside with that announcement, they added in a functionality for this, they call it one-click recovery, so the ability to recover more quickly from ransomware. And also, some visibility and visualization around permissions specifically and access control and things of that nature. So, we do have a research note coming out. Once it’s published, we’ll make sure to include that here in the show notes, like we’ll include the one from Veeam.

But from my standpoint where I see Nutanix fitting in here. So, when we think about identifying ransomware attacks and using anomaly detection, this has been an area that’s been very muddy because we have all the way from endpoint detection tools, all the way through really data-protection vendors, talking about the ability to identify attacks. So, it’s important to understand where within that flow certain tools are sitting. And for Nutanix, their ransomware identification is going to occur, essentially, once it has hit the production storage environment. So, the benefit is that ideally these threats are contained before they go ahead and impact the backup environment. So, that means that the threat can be identified more quickly, it can be contained more quickly. And then ideally, hopefully the customer is losing less data at the end of the day and they’re able to minimize the business downtime resulting from the attack. So, definitely an interesting conversation.

Steven Dickens: Yeah, for sure. Using AI, anomaly detection, I can see that being super-powered by AI. Is that the right way to think about it?

Krista Macomber: I think it’s a great opportunity there, Steven. To date, I think a lot of these tools would be a little bit more leaning towards machine learning, but I do think there’s an opportunity to continue to enhance those with some generative AI that is learning from the customer’s particular environment. I know, actually, I think it was last week, we may have spoken a little bit about a company called Halcyon that has an AI-supported ransomware engine. And that I think really does stand to not only learn more proactively from the environment, but if there’s a way without, of course, violating any data privacy laws, maybe for some of these models to learn from various customer environments to have a broader vantage point into the threat landscape. I think to use your terminology, potentially supercharging in that manner, I think could be a great use case for AI.

Steven Dickens: Yeah, if you’re learning across a bigger environment than just your own and then being able to apply that learning to your environment so that you can spot… You maybe seeing some patterns emerge in other environments, and you can bring that. That’s going to be super helpful, I think.

Krista Macomber: 100%. 100%.

Steven Dickens: Well, keeping the thread of security, we co-authored a note on some announcements that TeleSign-

Krista Macomber: Yes.

Steven Dickens: I mean I think for me, we all use email, we all get email from vendors and brands and various places. It was insightful for me to dig in. And we got briefed by the team, and then subsequently wrote a research note on that that we’ll put out a link in the show notes to. As we get these emails, maybe you’ve ordered something online and you need to do a confirmation or you want the shipping information or confirmation that you’ve… Or you are in the process of authenticating yourself and it’s, “Click on this link.” I think for me, we all do that in our daily lives, but it was really fascinating for me to dig in deep and understand how TeleSign, with it’s messaging platform and some of the capabilities they’ve launched, is just trying to remove some of that friction.

If you’re sending out thousands of emails and thousands of confirmation and thousands of security one-time password type requests, removing those tiny bits of friction for the end user, who’s maybe not tech-savvy at all, but then ensuring security on the backend for the brand is absolutely vital. So, I thought that was fascinating for me. You’re more of a security expert than me, but it was great to dig in and collaborate on that research note.

Krista Macomber: Yeah, 100%. And to have the opportunity to talk with the team at TeleSign. And I think maybe parallel that I might draw between that market and some of what we’ve been talking about is the complexity and the fragmentation. I know, Steven, you were alluding to it, all of these different channels that we all engage with on a daily basis just as part of our online presence. So, how do you make sure that those engagements are happening in a secure way? But then, as you were mentioning, Steven, not slow down the user or add any friction. It’s not necessarily something I had given a lot of thought to until we spoke with them, but definitely, as you’re mentioning, eye-opening just regarding that problem that they’re addressing. And I think it’s going to be interesting to continue to engage with them and see how that market continues to evolve as well.

Steven Dickens: Yeah, I mean you touched on it for me, it’s the omnichannel piece. You are on the website, it sends you a code to your phone to authenticate, then you’re getting in the email back to confirm your order. “Do you want to click here to…” There’s a follow-up survey, there’s a password reset. They might want to multi-channel authenticate you. They might want to send you something via text. They might want to send you something to an email. How you curate all of that from a security perspective? And as I say, it’s seamless and easy, doesn’t look weird for you. As the end user, you know what’s coming, you can trust the source, that you’re not clicking on nefarious websites or sort of backlinks. I mean we all kind of take it for granted, I think, but it’s absolutely vital. I mean the number of phishing attacks, the sort of multifactor authentication we have to do on a daily basis, knowing that you can go to a one-stop shop is vital.

Krista Macomber: 100%. Yeah. It’s probably still the most prominent way that hackers are getting in is the social engineering and phishing. And I think as consumers and users, we’ve probably all felt frustration at some point in time, whether it be not having that access be granted in a channel that is easy and streamlined for us, or if it’s just very cumbersome. So, I think for TeleSign, tackling that challenge, I think could be very important.

Steven Dickens: And making that seamless for the vendor at the backend or the brand. Yes, you can achieve all these outcomes, but if you’ve got to do that with five or six different systems on the backend, that’s kind of hard to pull off and the overhead goes up from an… And also, then you’ve got sort of handoff concerns between the various tools. So, having that one-stop shop was what I took away from that briefing.

Krista Macomber: 100%. Absolutely.

Steven Dickens: So, those are our news for the week. We’ve probably missed 100 announcements from the vendors. We’re in crazy fall event season. But the one project we’ve been working on for our deep dive, we’ve been working with one of the big backup vendors, talking to them and putting some research into market. And we’re a bit early to talk about that, but we’ve been doing some playbacks of some of the early findings. So, we’re not going to tell you who the vendor is yet. We’re going to tease you with that. But Krista, I thought you did a great job on the playback to the vendor. And I came away super excited by some of the data points, and that research will come out in a few weeks time and we’ll maybe talk about it again on the show. But I thought there was some things that were worthwhile sharing with the listeners, just even early, before we can talk about it more formally. Do you want to maybe just give us some of the high-level themes of what we did, and then we can bounce around?

Krista Macomber: Sure. Sure. So, Steven, to your point, not necessarily giving away specifics yet in terms of specific data points and things of that nature, but the summary of the study is that we wanted to look at senior executive level individuals sitting either within security or within IT operations, really trying to look at that C-suite where possible. Of course, not 100% of the respondents are, but they all were certainly fairly high level there. And really just to start to get some feedback regarding some of their pain points looking at data protection. Also, however, looking at how IT operations and security are collaborating together.

And I think from my perspective, Steven, that latter point is probably one of the key findings that we came out of from the study. So, I would say some of the headlines are that the C-level we found is they are recognizing this problem that data is sprawling across multi hybrid cloud environments, and that that is creating a direct risk and vulnerability when we think about resiliency against cyber attacks. So, what we’re seeing is that these two teams are beginning to collaborate. They have been over the last year begun to collaborate more proactively to address that pain point. So, that would be one of the major headlines there. And I know we asked-

Steven Dickens: It’s interesting you mentioned that. And sorry to cut in. We talk about dev, sec and ops and DevSecOps is the phrase that gets thrown out there. But in some of these huge enterprises, they’re still siloed teams. Maybe the tool vendors are talking about DevSecOps. But the fascinating piece for me, and I thought you phrased the questions really well in the survey to kind of tease the data out, was the collaboration at the operational level between those teams.

Krista Macomber: Yeah, and I think what we found was, essentially, where these teams are at is they’re kind of getting… The high-level vision and goals are in place, so it’s, okay, we’re all on the same team here and we’re all working towards the same vision and the same desired outcomes. When we filter that down into kind of looking at, okay, how are systems being integrated? How are they working together on areas like tabletop exercises or incident response? Still some work remains there. Of course, it’s not all completely streamlined and perfect yet. But I think the fact that these two teams are talking to each other, those shared high-level objectives are in place. And all of this is being recognized at the C-suite level. I think that’s kind of what our team kept coming and coming back to is that this feedback is coming from the top down, and that’s really what’s notable and very relevant here.

Steven Dickens: The other thing that came through from the research for me was just the sheer fragmentation, the number of clouds, the number of SaaS applications. We spent a bunch of time with the vendor talking about the proliferation of SaaS vendors from a backup and security perspective. It’s just everywhere. Data’s scattered, there’s various SaaS applications. Some of the mission-critical, like a ServiceNow, or a Salesforce, or an SAP, right down to might be a small group of two or three people in one line of business using a really cheap and cheerful tool just to improve their workflow. You’ve got everything and just hundreds of SaaS applications all with data embedded in them somewhere. It’s a huge challenge. As we pulled on the thread in some of the research, that came through for me. And I think that’s going to be fascinating if we can break cover on the research for sure.

Krista Macomber: Absolutely. I mean, you think about, okay, how often is it that maybe line of business, they’re just kind of going and swiping their credit card because, “Oh, we need to use this particular SaaS application to support our website,” or something like that? And that might even be happening completely outside of the realm of control of these SecOps teams, not just IT operations, not just security, but I know you kind of mentioned the DevSecOps, they’re a similar idea, of course. So, how do we kind of wrangle control of that? How do we know what actually does even need to be protected at the end of the day? And all of this is happening against the backdrop of the fact that when we think about data protection solutions, this has already been very fragmented.

Customers already have three or four… Especially when we think about these large enterprises that have been in existence for some time now, they probably already have three, four, maybe even more data protection solutions that they’re using. And now, they’re looking at, okay, not only do we have some of these IaaS resources like EC2 for example, but now we have all of these SaaS applications that are running our business and we need to figure out what needs to be protected there and how to protect it, and how to fold that into what we’re already doing? It’s a big headache.

Steven Dickens: Yeah, for sure. I mean, we’ll talk about it when obviously the research breaks, but in a bit more detail. But I think that sort of fragmentation, multiple clouds, data on-prem, in multiple public clouds, in managed service providers. And then, you layer on the SaaS applications to bring to that infrastructure complexity. It’s a huge landscape to back up and ensure. And I mean you talked about the shadow IT swipe the credit card. You know for sure that that line of business is going to come back to the central IT function and go, “I’ve lost my data. Can you give me a backup?” And the central IT function’s going to go, “What data? You’re wanting me to do what with the backup?” And you can just imagine how that conversation’s going to go.

Krista Macomber: Yep. Data protection, unfortunately, it does tend to be the afterthought. And it’s always been a problem, but I think especially today based on, like we’ve been talking about, the sheer fragmentation of these applications, and also just how fast everything is moving. When we really think about it, how fast businesses are moving, how fast this proliferation is happening, it’s more difficult-

Steven Dickens: And then, you bring in AI and new applications and huge volumes of data. Is that in the public cloud? Where’s the data coming from? What are we doing from a cyber resiliency point of view? We’ve got this new AI-powered chatbot attached to our web or mobile interface, where’s that backed up? We’ve got customer interactions going on in that AI chatbot, who’s backing up those customer conversations? The level of complexity just keeps growing.

Krista Macomber: Absolutely. Absolutely. And it does not show signs of slowing down or stopping by any means.

Steven Dickens: It certainly doesn’t. Well, that’s a great way to wrap up. I mean, this is why we record this podcast every week, so much to talk about. Krista, always a pleasure to host the show with you.

Krista Macomber: Thank you, Steven, so much. You as well.

Steven Dickens: So, you’ve been watching another episode of Infrastructure Matters. We’ll see you next time. Please click and subscribe. Thanks very much for listening.

Other Insights from The Futurum Group:

Veeam Strengthens Its BUaaS Play with Cirrus

Nutanix Adds Ransomware Protection Inside Its Unified Storage for HCI

Telesign’s Messaging Platform Expansion

Breached Data by Telesign

Author Information

Regarded as a luminary at the intersection of technology and business transformation, Steven Dickens is the Vice President and Practice Leader for Hybrid Cloud, Infrastructure, and Operations at The Futurum Group. With a distinguished track record as a Forbes contributor and a ranking among the Top 10 Analysts by ARInsights, Steven's unique vantage point enables him to chart the nexus between emergent technologies and disruptive innovation, offering unparalleled insights for global enterprises.

Steven's expertise spans a broad spectrum of technologies that drive modern enterprises. Notable among these are open source, hybrid cloud, mission-critical infrastructure, cryptocurrencies, blockchain, and FinTech innovation. His work is foundational in aligning the strategic imperatives of C-suite executives with the practical needs of end users and technology practitioners, serving as a catalyst for optimizing the return on technology investments.

Over the years, Steven has been an integral part of industry behemoths including Broadcom, Hewlett Packard Enterprise (HPE), and IBM. His exceptional ability to pioneer multi-hundred-million-dollar products and to lead global sales teams with revenues in the same echelon has consistently demonstrated his capability for high-impact leadership.

Steven serves as a thought leader in various technology consortiums. He was a founding board member and former Chairperson of the Open Mainframe Project, under the aegis of the Linux Foundation. His role as a Board Advisor continues to shape the advocacy for open source implementations of mainframe technologies.

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data center practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

Krista holds a Bachelor of Arts in English Journalism with a minor in Business Administration from the University of New Hampshire.


Latest Insights:

Shopping Muse Uses Generative AI to Help Shoppers Find Just What They Need—Even Without the Exact Words to Describe It
Sherril Hanson, Senior Analyst at The Futurum Group, breaks down Dynamic Yield by Mastercard’s new personal shopping assistant solution, Shopping Muse, that can provide a personalized digital shopping experience.
On this episode of The Six Five – On The Road, hosts Daniel Newman and Patrick Moorhead welcome Chetan Kapoor, Director at AWS EC2 for a conversation on AWS Generative AI Infrastructure announced at AWS re:Invent.
A Deep Dive into Databricks’ RAG Tool Suite
Steven Dickens, VP and Practice Leader at The Futurum Group, shares his insights on Databricks' RAG suite and Vector Search service, which are reshaping AI application development.
Marvell Industry Analyst Day 2023 Sharpened Its Vision and Strategy to Drive Infrastructure Silicon Innovation Key to Advancing Accelerated Computing
The Futurum Group’s Ron Westfall believes Marvell is solidly positioned to drive infrastructure silicon innovation for accelerated computing throughout 2024 and beyond, especially as the advanced computing opportunity expands during AI’s ascent.