Skip to content
Advertisements

2018 Roundup Of Cloud Computing Forecasts And Market Estimates

Cloud computing platforms and applications are proliferating across enterprises today, serving as the IT infrastructure driving new digital businesses. The following roundup of cloud computing forecasts and market estimates reflect a maturing global market for cloud services, with proven scale, speed and security to support new business models.

CIOs who are creating compelling business cases that rely on cloud platforms as a growth catalyst is the architects enabling these new business initiatives to succeed. The era of CIO strategist has arrived. Key takeaways include the following:

  • Amazon Web Services (AWS) accounted for 55% of the company’s operating profit in Q2, 2018, despite contributing only 12% to the company’s net sales. In Q1, 2018 services accounted for 40% of Amazon’s revenue, up from 26% three years earlier. Source: Cloud Business Drives Amazon’s Profits, Statista, July 27, 2018.

  • 80% of enterprises are both running apps on or experimenting with Amazon Web Services (AWS) as their preferred cloud platform. 67% of enterprises are running apps on (45%) and experimenting on (22%) the Microsoft Azure platform. 18% of enterprises are using Google’s Cloud Platform for applications today, with 23% evaluating the platform for future use. RightScale’s 2018 survey was included in the original data set Statista used to create the comparison. Source: Statista, Current and planned usage of public cloud platform services running applications worldwide in 2018. Please click on the graphic to expand for easier viewing.

  • Enterprise adoption of Microsoft Azure increased significantly from 43% to 58% attaining a 35% CAGR while AWS adoption increased from 59% to 68%. Enterprise respondents with future projects (the combination of experimenting and planning to use) show the most interest in Google (41%). Source: RightScale 2018 State of the Cloud Report. Please click on the graphic to expand for easier viewing.

  • Wikibon projects the True Private Cloud (TPC) worldwide market will experience a compound annual growth rate of 29.2%, reaching $262.4B by 2027. The firm predicts TPC growth will far outpace the infrastructure-as-a-service (IaaS) growth of 15.2% over the same period. A true private cloud is distinguished from a private cloud by the completeness of the integration of all aspects of the offering, including performance characteristics such as price, agility, and service breadth. Please see the source link for additional details on TPC. Source: Wikibon’s 2018 True Private Cloud Forecast and Market Shares. Please click on the graphic to expand for easier viewing.

  • Quality Control, Computer-Aided Engineering, and Manufacturing Execution Systems (MES) are the three most widely adopted systems in the cloud by discrete and process The survey also found that 60% of discrete and process manufacturers say their end users prefer the cloud over on-premise. Source: Amazon Web Services & IDC: Industrial Customers Are Ready For The Cloud – Now (PDF, 13 pp., no opt-in, sponsored by AWS). Please click on the graphic to expand for easier viewing.

  • The Worldwide Public Cloud Services Market is projected to grow by 17.3 3% in 2019 to total $206.2B, up from $175.8B in 2018 according to Gartner. In 2018 the market will grow a healthy 21% up from $145.3B in 2017 according to the research and advisory firm. Infrastructure-as-a-Service (IaaS) will be the fastest-growing segment of the market, forecasted to grow by 27.6% in 2019 to reach $39.5B, up from $31B in 2018. By 2022, Gartner expects that 90% of enterprises purchasing public cloud IaaS will do so from an integrated IaaS and Platform-as-a-Service (PaaS), and will use both the IaaS and PaaS capabilities from that provider. Source: Gartner Forecasts Worldwide Public Cloud Revenue to Grow 17.3 Percent in 2019.

  • More than $1.3T in IT spending will be directly or indirectly affected by the shift to cloud by 2022. 28% of spending within key enterprise IT markets will shift to the cloud by 2022, up from 19% in 2018. The largest cloud shift before 2018 occurred in application software, particularly driven by customer relationship management (CRM) software, with Salesforce dominating as the market leader. CRM has already reached a tipping point where a higher proportion of spending occurs in the cloud than in traditional software. Source: Gartner Says 28 Percent of Spending in Key IT Segments Will Shift to the Cloud by 2022.

  • IDC predicts worldwide Public Cloud Services Spending will reach $180B in 2018, an increase of 23.7% over 2017. According to IDC, the market is expected to achieve a five-year compound annual growth rate (CAGR) of 21.9% with public cloud services spending totaling $277B in 2021. The industries that are forecast to spend the most on public cloud services in 2018 are discrete manufacturing ($19.7B), professional services ($18.1B), and banking ($16.7B). The process manufacturing and retail industries are also expected to spend more than $10B each on public cloud services in 2018. These five industries will remain at the top in 2021 due to their continued investment in public cloud solutions. The industries that will see the fastest spending growth over the five-year forecast period are professional services (24.4% CAGR), telecom (23.3% CAGR), and banking (23.0% CAGR). Source: Worldwide Public Cloud Services Spending Forecast to Reach $160 Billion This Year, According to IDC.
  • Discrete Manufacturing is predicted to lead all industries on public cloud spending of $19.7B in 2018 according to IDC. Additional industries forecast to spend the most on public cloud services this year include Professional Services at $18.1B and Banking at $16.7B. The process manufacturing and retail industries are also expected to spend more than $10B each on public cloud services in 2018. According to IDC, these five industries will remain at the top in 2021 due to their continued investment in public cloud solutions. The industries that will see the fastest spending growth over the five-year forecast period are Professional Services with a 24.4% CAGR, Telecommunications with a 23.3% CAGR, and banking with a 23% CAGR. Source: Worldwide Public Cloud Services Spending Forecast to Reach $160 Billion This Year, According to IDC.

Additional Resources:

Advertisements

How AI & Machine Learning Are Redefining The War For Talent

These and many other fascinating insights are from Gartner’s recent research note, Cool Vendors in Human Capital Management for Talent Acquisition (PDF, 13 pp., client access reqd.) that illustrates how AI and machine learning are fundamentally redefining the war for talent. Gartner selected five companies that are setting a rapid pace of innovation in talent management, taking on Human Capital Management’s (HCM) most complex challenges. The five vendors Gartner mentions in the research note are AllyO, Eightfold, jobpal, Knack, and Vettd. Each has concentrated on creating and launching differentiated applications that address urgent needs enterprises have across the talent acquisition landscape. Gartner’s interpretation of the expanding Talent Acquisition Landscape is shown below (please click on the graphic to expand):

Source: Gartner, Cool Vendors in Human Capital Management for Talent Acquisition, Written by Jason Cerrato, Jeff Freyermuth, John Kostoulas, Helen Poitevin, Ron Hanscome. 7 September 2018

Company Growth Plans Are Accelerating The War For Talent

The average employee’s tenure at a cloud-based enterprise software company is 19 months; in the Silicon Valley, this trends to 14 months due to intense competition for talent according to C-level executives leading these companies. Fast-growing enterprise cloud computing companies and many other businesses like them need specific capabilities, skill sets, and associates who know how to unlearn old concepts and learn new ones. Today across tech and many other industries, every company’s growth strategy is predicated on how well they attract, engage, screen, interview, select and manage talent over associates’ lifecycles.

Of the five companies Gartner names as Cool Vendors in the field of Human Capital Management for Talent Acquisition, Eightfold is the only one achieving personalization at scale today. Attaining personalization at scale is essential if any growing business is going to succeed in attracting, acquiring and growing talent that can support their growth goals and strategies. Eightfold’s approach makes it possible to scale personalized responses to specific candidates in a company’s candidate community while defining the ideal candidate for each open position.

Gartner finds Eightfold noteworthy for its AI-based Talent Intelligence Platform that combines analysis of publicly available data, internal data repositories, HCM systems, ATS tools, and spreadsheets then creates ontologies based on organization-specific success criteria. Each ontology, or area of talent management interest, is customizable for further queries using the app’s easily understood and navigated user interface. Gartner also finds that Eightfold.ai is one of the first examples of a self-updating corporate candidate database. Profiles in the system are now continually updated using external data gathering, without applicants reapplying or submitting updated profiles. The Eightfold.ai Talent Intelligence Platform is shown below:

Taking A Data-Driven Approach to Improve Diversity

AI and machine learning have the potential to remove conscious and unconscious biases from hiring decisions, leading to hiring decisions based on capabilities and innate skills. Many CEOs and senior management teams are enthusiastically endorsing diversity programs yet struggling to make progress. AI and machine learning-based approaches like Eightfold’s can help to accelerate them to their diversity goals and attain a more egalitarian workplace. Data is the great equalizer, with a proven ability to eradicate conscious and unconscious biases from hiring decisions and enable true diversity by equally evaluating candidates based on their experience, growth potential and strengths.

Conclusion

At the center of every growing business’ growth plans is the need to attract, engage, recruit, and retain the highest quality employees possible. As future research in the field of HCM will show, the field is in crisis because it’s relying more on biases than solid data. Breaking through the barrier of conscious and unconscious biases will provide contextual intelligence of an applicant’s unique skills, capabilities and growth trajectories that are far beyond the scope of any resume or what an ATS can provide. The war for talent is being won today with data and insights that strip away biases to provide prospects who are ready for the challenges of helping their hiring companies grow.

58% Of All Healthcare Breaches Are Initiated By Insiders

  • 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today.
  • Ransomware leads all malicious code categories, responsible for 70% of breach attempt incidents.
  • Stealing laptops from medical professionals’ cars to obtain privileged access credentials to gain access and install malware on healthcare networks, exfiltrate valuable data or sabotage systems and applications are all common breach strategies.

These and many other fascinating insights are from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR). A copy of the study is available for download here (PDF, 20 pp., no opt-in).  The study is based on 1,368 incidents across 27 countries. Healthcare medical records were the focus of breaches, and the data victims were patients and their medical histories, treatment plans, and identities. The data comprising the report is a subset of Verizon’s Annual Data Breach Investigations Report (DBIR) and spans 2016 and 2017.

Why Healthcare Needs Zero Trust Security To Grow

One of the most compelling insights from the Verizon PHIDBR study is how quickly healthcare is becoming a digitally driven business with strong growth potential. What’s holding its growth back, however, is how porous healthcare digital security is. 66% of internal and external actors are abusing privileged access credentials to access databases and exfiltrate proprietary information, and 58% of breach attempts involve internal actors.

Solving the security challenges healthcare providers face is going to fuel faster growth. Digitally-enabled healthcare providers and fast-growing digital businesses in other industries are standardizing on Zero Trust Security (ZTS), which aims to protect every internal and external endpoint and attack surface. ZTS is based on four pillars, which include verifying the identity of every user, validating every device, limiting access and privilege, and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

Identities Need to Be Every Healthcare Providers’ New Security Perimeter

ZTS starts by defining a digital business’ security perimeter as every employees’ and patients’ identity, regardless of their location. Every login attempt, resource request, device operating system, and many other variables are analyzed using machine learning algorithms in real time to produce a risk score, which is used to empower Next-Gen Access (NGA).

The higher the risk score, the more authentication is required before providing access. Multi-Factor Authentication (MFA) is required first, and if a login attempt doesn’t pass, additional screening is requested up to shutting off an account’s access.

NGA is proving to be an effective strategy for thwarting stolen and sold healthcare provider’s privileged access credentials from gaining access to networks and systems, combining Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Centrify is one of the leaders in this field, with expertise in the healthcare industry.

NGA can also assure healthcare providers’ privileged access credentials don’t make the best seller list on the Dark Web. Another recent study from Accenture titled, “Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity” found that 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000. 24% of employees know of someone who has sold privileged credentials to outsiders, according to the survey. By verifying every login attempt from any location, NGA can thwart the many privilege access credentials for sale on the Dark Web.

The following are the key takeaways from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR):

  • 58% of healthcare security breach attempts involve inside actors, which makes it the leading industry for insider threats today. External actors are attempting 42% of healthcare breaches. Inside actors rely on their privileged access credentials or steal them from fellow employees to launch breaches the majority of the time. By utilizing NGA, healthcare providers can get this epidemic of internal security breaches under control by forcing verification for every access request, anywhere, on a 24/7 basis.

  • Most healthcare breaches are motivated by financial gain, with healthcare workers most often using patient data to commit tax return and credit fraud. Verizon found 876 total breach incidents initiated by healthcare insiders in 2017, leading all categories. External actors initiated 523 breach incidents, while partners initiated 109 breach incidents. 496 of all breach attempts are motivated by financial gain across internal, external and partner actors. Internal actors are known for attempting breaches for fun and curiosity-driven by interest in celebrities’ health histories that are accessible from the systems they use daily. When internal actors are collaborating with external actors and partners for financial gain and accessing confidential health records of patients, it’s time for healthcare providers to take a more aggressive stance on securing patient records with a Zero Trust approach.

  • Abusing privileged access credentials (66%) and abusing credentials and physical access points (17%) to gain unauthorized access comprise 82.9% of all misuse-based breach attempts and incidents. Verizon’s study accentuates that misuse of credentials and the breaching of physical access points with little or no security is intentional, deliberate and driven by financial gain the majority of the time. Internal, external and partner actors acting alone or in collaboration with each other know the easiest attack surface to exploit are accessed credentials, with database access being the goal half of the time. When there’s little to no protection on web application and payment card access points to a network, breaches happen. Shutting down privilege abuse starts with a solid ZTS strategy based on NGA where every login attempt is verified before access is granted and anomalies trigger MFA and further user validation. Please click on the graphic to expand it for easier reading.

  • 70.2% of all hacking attempts are based on stolen privileged access credentials (49.3%) combined with brute force to obtain credentials from POS terminals and controllers (20.9%). Hackers devise ingenious ways of stealing privileged access credentials, even resorting to hacking a POS terminal or controllers to get them. Healthcare insiders also steal credentials to gain access to mainframes, servers, databases and internal systems. Verizon’s findings below are supported by Accenture’s research showing that 18% of healthcare employees are willing to sell privileged access credentials and confidential data to unauthorized parties for as little as $500 to $1,000. Please click on the graphic to expand it for easier reading.

  • Hospitals are most often targeted for breaches using privileged access credentials followed by ambulatory health care services, the latter of which is seen as the most penetrable business via hacking and brute force credential acquisition. Verizon compared breach incidents by North American Industry Classification System (NAICS) and found privileged credential misuse is flourishing in hospitals where inside and outside actors seek to access databases and web applications. Internal, external and partner actors are concentrating on hospitals due to the massive scale of sensitive data they can attain with stolen privileged access credentials and quickly sell them or profit from them through fraudulent means. Verizon also says a favorite hacking strategy is to use USB drives to exfiltrate proprietary information and sell it to health professionals intent on launching competing clinics and practices. Please click on the graphic to expand it for easier reading.

Conclusion

With the same intensity they invest in returning patients to health, healthcare providers need to strengthen their digital security, and Zero Trust Security is the best place to start. ZTS begins with Next-Gen Access by not trusting a single device, login attempt, or privileged access credential for every attack surface protected. Every device’s login attempt, resource request, and access credentials are verified through NGA, thwarting the rampant misuse and hacking based on comprised privileged access credentials. The bottom line is, it’s time for healthcare providers to get in better security shape by adopting a Zero Trust approach.

Identities Are The New Security Perimeter

  • Privileged credentials for accessing an airport’s security system were recently for sale on the Dark Web for just $10, according to McAfee.
  • 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey.
  • Apple employees in Ireland have been offered as much as €20,000 ($22,878) in exchange for their privilege access credentials in 2016, according to Business Insider.
  • Privileged access credentials belonging to more than 1 million staff at a top UK law firm have been found for sale on the Dark Web.

There’s been a 135% year-over-year increase in financial data for sale on the Dark Web between the first half of 2017 and the first half of 2018. The Dark Web is now solidly established as a globally-based trading marketplace for a myriad of privileged credentials including access procedures with keywords, and corporate logins and passwords where transactions happen between anonymous buyers and sellers. It’s also the online marketplace of choice where disgruntled, angry employees turn to for revenge against employers. An employee at Honeywell, angry over not getting a raise, used the Dark Web as an intermediary to sell DEA satellite tracking system data he accessed from unauthorized accounts he created to Mexican drug cartels for $2M. He was caught in a sting operation, the breach was thwarted, and he was arrested.

Your Most Vulnerable Threat Surface Is A Best Seller

Sites on the Dark Web offer lucrative payment in bitcoin and other anonymous currencies for administrators’ accounts at leading European, UK and North American banking institutions and corporations. Employees are offering their privileged credentials for sale to the highest bidder out of anger, revenge or for financial gain anonymously from online auction sites.

Privileged access credentials are a best-seller because they provide the intruder with “the keys to the kingdom.” By leveraging a “trusted” identity, a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. This holds especially true when the organizations are not applying multi-factor authentication (MFA) or risk-based access controls to limit any type of lateral movement after unauthorized access. Without these security measures in place, hackers can quickly access any digital businesses’ most valuable systems to exfiltrate valuable data or sabotage systems and applications.

81% of all hacking-related breaches leverage either stolen and weak passwords, according to Verizon’s 2017 Data Breach Investigations Report. A recent study by Centrify and Dow Jones Customer Intelligence titled, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in), found that CEOs can reduce the risk of a security breach by rethinking their Identity and Access Management (IAM) strategies. 68% of executives whose companies experienced significant breaches in hindsight believe that the breach could have been prevented by implementing more mature identity and access management strategies.

In A Zero Trust World, Identities Are The New Security Perimeter

The buying and selling of privileged credentials are proliferating on the Dark Web today and will exponentially increase in the years to come. Digital businesses need to realize that dated concepts of trusted and untrusted domains have been rendered ineffective. Teams of hackers aren’t breaking into secured systems; they’re logging in.

Digital businesses who are effective in thwarting privileged credential access have standardized on Zero Trust Security (ZTS) to ensure every potentially compromised endpoint, and threat surface within and outside a company is protected. Not a single device, login attempt, resource requested or other user-based actions are trusted, they are verified through Next-Gen Access (NGA).

Zero Trust Security relies upon four pillars: real-time user verification, device validation, access and privilege limitation, while also learning and adapting to verified user behaviors. Leaders in this area such as Centrify are relying on machine learning technology to calculate risk scores based on a wide spectrum of variables that quantitatively define every access attempt, including device, operating system, location, time of day, and several other key factors.

Depending on their risk scores, users are asked to validate their true identity through MFA further. If there are too many login attempts, risk scores increase quickly, and the NGA platform will automatically block and disable an account. All this happens in seconds and is running on a 24/7 basis ― monitoring every attempted login from anywhere in the world.

A recent Forrester Research thought leadership paper titled, Adopt Next-Gen Access to Power Your Zero Trust Strategy (14 pp., PDF, opt-in), provides insights into how NGA enables ZTS to scale across enterprises, protecting every endpoint and threat surface. The study found 32% of enterprises are excelling at the four ZTS pillars of verifying the identity of every user, validating every device using Mobile Data Management (MDM) and Mobile App Management (MAM), limiting access and privileges and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

NGA is a proven strategy for thwarting stolen and sold privileged access credentials from gaining access to a digital business’ network and systems, combining Identity-as-a-Service, Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Forrester found that scalable Zero Trust Security strategies empowered by NGA lead to increased organization-wide productivity (71%), reduced overall risk (70%) and reduced cost on compliance initiatives (70%).

Additionally, insights gained from user behavior through machine learning allow for greater efficiency — both on reduced compliance (31% more confident) and overall security costs (40% more likely to be confident), as well through increased productivity for the organization (8% more likely to be confident). The following graphic from the study ranks respondents’ answers.

Conclusion

Making sure your company’s privileged access credentials don’t make the best seller list on the Dark Web starts with a strong, scalable ZTS strategy driven by NGA. Next-Gen Access continually learns the behaviors of verified users, solving a long-standing paradox of user experience in security and access management. However, every digital business needs to focus on how the four pillars of Zero Trust Security apply to them and how they can take a pragmatic, thorough approach to secure every threat surface they have.

Glassdoor’s 10 Highest Paying Tech Jobs Of 2018

  • Software Engineering Manager is the highest paying position with an average salary of $163,500 with 31,621 open positions on Glassdoor today.
  • Over 368,000 open positions are available across the 10 highest paying jobs on Glassdoor today.
  • $147,000 is the average salary of the top 10 tech jobs on Glassdoor today.
  • 12.7% of all open positions are for software engineers, making this job the most in-demand in tech today.

Glassdoor is best known for its candid, honest reviews of employers written anonymously by employees. It is now common practice and a good idea for anyone considering a position with a new employer to check them out on Glassdoor first. With nearly 40 million reviews on more than 770,000 companies. Glassdoor is now the 2nd most popular job site professionals rely on in the U.S., attracting approximately 59 million job seekers a month. The Chief Human Resources Officer of one of the largest and best-known cloud-based enterprise software companies told me recently she gets 2X more applications from Glassdoor for any given position than any other recruiting site or channel.

Earlier this month Glassdoor Economic Research published the results of research completed on how base pay compares between tech and non-tech jobs.  The research team gathered a sample of tech companies with at least 100 job postings on Glassdoor as of June 26, 2018. Glassdoor defined tech roles as those positions requiring knowledge of code, software or data. The study found the following to be the 10 highest paying tech jobs today:

Walmart eCommerce, Microsoft, Intel, Amazon, and Google have the highest concentration of tech jobs as a percentage of all positions open. Workday, Salesforce, Verizon, and IBM have the highest concentration of non-tech positions available today.

Source: Glassdoor Economic Research Blog, Landing a Non-Tech Job in Tech: Who’s Hiring Today? July 19, 2018

IoT Market Predicted To Double By 2021, Reaching $520B

  • Bain predicts the combined markets of the Internet of Things (IoT) will grow to about $520B in 2021, more than double the $235B spent in 2017.
  • Data center and analytics will be the fastest growing IoT segment, reaching a 50% Compound Annual Growth Rate (CAGR) from 2017 to 2021.
  • IoT customers are planning and executing more proof of concept pilots, with many balancing their expectations regarding broader adoption.
  • Cloud Service Providers (CSP) are emerging as influential providers of IoT services, consulting and analytics for enterprises, leaving smaller opportunities for other providers in niche industries.
  • Security, integration with existing technology and uncertain returns on investment are the three biggest barriers to great IoT adoption in the enterprise.
  • Bain sees the need for vendors to concentrate on a few core industries with greater intensity to deliver more targeted industry solutions.

Enterprises adopting IoT are finding that vendors aren’t making enough progress on lowering the most significant barriers to adoption in the areas of security, ease of integration with existing information technology (IT), operational technology (OT) systems and uncertain returns on investment. As a result, enterprises are extending their expectations of when their use cases will reach scale and delivered results. These and many other fascinating findings are from Bain’s latest IoT research brief, Unlocking Opportunities in the Internet of Things. The PDF is downloadable here (PDF, 12 pp, no opt-in).

Additional key takeaways the research brief include the following:

  • The combined markets of the Internet of Things (IoT) will grow to about $520B in 2021, more than double the $235B spent in 2017. Data center and analytics will be the fastest growing IoT segment, reaching a 50% Compound Annual Growth Rate (CAGR) from 2017 to 2021. System integration, data center and analytics, network, consumer devices, connectors (or things) and legacy embedded systems are the six core technology and solution areas of the IoT market. The following graphic compares the CAGR of each area in addition to defining the worldwide revenue for each category.

  • Enterprises are still optimistic about IoT’s business value and potential to deliver a positive ROI; however many are planning less extensive IoT implementations by 2020. Bain finds that enterprises are still running more proofs of concept than they were two years ago. They’ve also discovered that more customers are considering trying out new use cases: 60% in 2018 compared with fewer than 40% in 2016.

  • Security, integration with existing technology and uncertain returns on investment are the three biggest barriers to great IoT adoption. Bain found that enterprises would buy more IoT devices and pay up to 22% more on average for them if security concerns were addressed. Integration continues to be a barrier to greater IoT adoption as well. Bain found that vendors haven’t simplified the integration of IoT solutions into business processes or IT and OT as much as enterprises have expected. The report calls for vendors to invest in learning more about typical implementation challenges in their customers’ industries so they can suggest more strategic, end-to-end solutions.

  • IoT vendors including CSPs generating the most sales are concentrating on two to three industries to scale the depth of their expertise quickly.  More than 80% of vendors still target four to six industries which makes it difficult to reach an expertise and knowledge scale that wins new clients. Bain finds that when vendors and CSPs concentrate on two or three domains, they gain mastery of specific markets faster and can provide insights to enterprises more effectively. Gaining expertise in two to three core industries is also an excellent differentiation strategy for vendors and CSPs who compete against price-driven IoT service providers.

  • Interest in remote monitoring and real-time monitoring is flourishing in IoT making this one of the fastest-growing use case categories. Being able to monitor production systems to the machine or asset level remotely and having the option to turn the data stream into a real-time source of knowledge is a fast-growing area of IoT adoption today. Based on interviews with manufacturers the popularity of Overall Equipment Effectiveness (OEE) is growing, fueled by the options available for remote and real-time monitoring of production assets. Bain discovered that industrial equipment leader ABB bundles remote monitoring into its connected robotics systems and connected low-voltage networks, which allows customers to troubleshoot and quickly identify issues requiring greater attention.
  • Cloud Service Providers (CSP) are emerging as influential providers of IoT services, consulting and analytics for enterprises, leaving smaller opportunities for other providers in niche industries. Amazon Web Services (AWS) and Microsoft Azure have emerged as the dominant CSP leaders of the fast-moving global market for IoT software and solutions. Bain finds that CSPs are successful in lowering barriers to IoT adoption, allowing for simpler implementations and making it easier to try out new use cases and scale up quickly. The study finds that the broad horizontal services provide little optimization for industry-specific applications, leaving a significant opportunity for industry solutions from systems integrators, enterprise app developers, industry IoT specialists, device makers and telecommunications providers.

10 Ways To Improve Cloud ERP With AI And Machine Learning

Capitalizing on new digital business models and the growth opportunities they provide are forcing companies to re-evaluate ERP’s role. Made inflexible by years of customization, legacy ERP systems aren’t delivering what digital business models need today to scale and grow.

Legacy ERP systems were purpose-built to excel at production consistency first at the expense of flexibility and responsiveness to customers’ changing requirements. By taking a business case-based approach to integrating Artificial Intelligence (AI) and machine learning into their platforms, Cloud ERP providers can fill the gap legacy ERP systems can’t.

Closing Legacy ERP Gaps With Greater Intelligence And Insight

Companies need to be able to respond quickly to unexpected, unfamiliar and unforeseen dilemmas with smart decisions fast for new digital business models to succeed. That’s not possible today with legacy ERP systems. Legacy IT technology stacks and the ERP systems they are built on aren’t designed to deliver the data needed most.

That’s all changing fast. A clear, compelling business model and successful execution of its related strategies are what all successful Cloud ERP implementations share. Cloud ERP platforms and apps provide organizations the flexibility they need to prioritize growth plans over IT constraints. And many have taken an Application Programming Interface (API) approach to integrate with legacy ERP systems to gain the incremental data these systems provide. In today’s era of Cloud ERP, rip-and-replace isn’t as commonplace as reorganizing entire IT architectures for greater speed, scale, and customer transparency using cloud-first platforms.

New business models thrive when an ERP system is constantly learning. That’s one of the greatest gaps between what Cloud ERP platforms’ potential and where their legacy counterparts are today. Cloud platforms provide greater integration options and more flexibility to customize applications and improve usability which is one of the biggest drawbacks of legacy ERP systems. Designed to deliver results by providing AI- and machine learning insights, Cloud ERP platforms, and apps can rejuvenate ERP systems and their contributions to business growth.

The following are the 10 ways to improve Cloud ERP with AI and machine learning, bridging the information gap with legacy ERP systems:

  1. Cloud ERP platforms need to create and strengthen a self-learning knowledge system that orchestrates AI and machine learning from the shop floor to the top floor and across supplier networks. Having a cloud-based infrastructure that integrates core ERP Web Services, apps, and real-time monitoring to deliver a steady stream of data to AI and machine learning algorithms accelerates how quickly the entire system learns. The Cloud ERP platform integration roadmap needs to include APIs and Web Services to connect with the many suppliers and buyer systems outside the walls of a manufacturer while integrating with legacy ERP systems to aggregate and analyze the decades of data they have generated.

  1. Virtual agents have the potential to redefine many areas of manufacturing operations, from pick-by-voice systems to advanced diagnostics. Apple’s Siri, Amazon’s Alexa, Google Voice, and Microsoft Cortana have the potential to be modified to streamline operations tasks and processes, bringing contextual guidance and direction to complex tasks. An example of one task virtual agents are being used for today is guiding production workers to select from the correct product bin as required by the Bill of Materials. Machinery manufacturers are piloting voice agents that can provide detailed work instructions that streamline configure-to-order and engineer-to-order production. Amazon has successfully partnered with automotive manufacturers and has the most design wins as of today. They could easily replicate this success with machinery manufacturers.

  1. Design in the Internet of Things (IoT) support at the data structure level to realize quick wins as data collection pilots go live and scale. Cloud ERP platforms have the potential to capitalize on the massive data stream IoT devices are generating today by designing in support at the data structure level first. Providing IoT-based data to AI and machine learning apps continually will bridge the intelligence gap many companies face today as they pursue new business models. Capgemini has provided an analysis of IoT use cases shown below, highlighting how production asset maintenance and asset tracking are quick wins waiting to happen. Cloud ERP platforms can accelerate them by designing in IoT support.

  1. AI and machine learning can provide insights into how Overall Equipment Effectiveness (OEE) can be improved that aren’t apparent today. Manufacturers will welcome the opportunity to have greater insights into how they can stabilize then normalize OEE performance across their shop floors. When a Cloud ERP platform serves as an always-learning knowledge system, real-time monitoring data from machinery and production assets provide much-needed insights into areas for improvement and what’s going well on the shop floor.

  1. Designing machine learning algorithms into track-and-traceability to predict which lots from which suppliers are most likely to be of the highest or lowest quality. Machine learning algorithms excel at finding patterns in diverse data sets by continually applying constraint-based algorithms. Suppliers vary widely in their quality and delivery schedule performance levels. Using machine learning, it’s possible to create a track-and-trace application that could indicate which lot from which supplier is the riskiest and those that are of exceptional quality as well.
  2. Cloud ERP providers need to pay attention to how they can help close the configuration gap that exists between PLM, CAD, ERP and CRM systems by using AI and machine learning. The most successful product configuration strategies rely on a single, lifecycle-based view of product configurations. They’re able to alleviate the conflicts between how engineering designs a product with CAD and PLM, how sales & marketing sell it with CRM, and how manufacturing builds it with an ERP system. AI and machine learning can enable configuration lifecycle management and avert lost time and sales, streamlining CPQ and product configuration strategies in the process.
  3. Improving demand forecasting accuracy and enabling better collaboration with suppliers based on insights from machine learning-based predictive models is attainable with higher quality data. By creating a self-learning knowledge system, Cloud ERP providers can vastly improve data latency rates that lead to higher forecast accuracy. Factoring in sales, marketing, and promotional programs further fine-tunes forecast accuracy.
  4. Reducing equipment breakdowns and increasing asset utilization by analyzing machine-level data to determine when a given part needs to be replaced. It’s possible to capture a steady stream of data on each machine’s health level using sensors equipped with an IP address. Cloud ERP providers have a great opportunity to capture machine-level data and use machine learning techniques to find patterns in production performance by using a production floor’s entire data set. This is especially important in process industries where machinery breakdowns lead to lost sales. Oil refineries are using machine learning models comprise more than 1,000 variables related to material input, output and process perimeters including weather conditions to estimate equipment failures.
  5. Implementing self-learning algorithms that use production incident reports to predict production problems on assembly lines needs to happen in Cloud ERP platforms. A local aircraft manufacturer is doing this today by using predictive modeling and machine learning to compare past incident reports. With legacy ERP systems these problems would have gone undetected and turned into production slowdowns or worse, the line having to stop.
  6. Improving product quality by having machine learning algorithms aggregate, analyze and continually learn from supplier inspection, quality control, Return Material Authorization (RMA) and product failure data. Cloud ERP platforms are in a unique position of being able to scale across the entire lifecycle of a product and capture quality data from the supplier to the customer. With legacy ERP systems manufacturers most often rely on an analysis of scrap materials by type or caused followed by RMAs. It’s time to get to the truth about why products fail, and machine learning can deliver the insights to get there.

IBM’s 2018 Data Breach Study Shows Why We’re In A Zero Trust World Now

  • Digital businesses that lost less than 1% of their customers due to a data breach incurred a cost of $2.8M, and if 4% or more were lost the cost soared to $6M.
  • U.S. based breaches are the most expensive globally, costing on average $7.91M with the highest global notification cost as well, $740,000.
  • A typical data breach costs a company $3.86M, up 6.4% from $3.62M last year.
  • Digital businesses that have security automation can minimize the costs of breaches by $1.55M versus those businesses who are not ($2.88M versus $4.43M).
  • 48% of all breaches are initiated by malicious or criminal attacks.
  • Mean-time-to-identify (MTTI) a breach is 197 days, and the mean-time-to-contain (MTTC) is 69 days.

These and many other insights into the escalating costs of security breaches are from the 2018 Cost of a Data Breach Study sponsored by IBM Security with research independently conducted by Ponemon Institute LLC. The report is downloadable here (PDF, 47 pp. no opt-in).

The study is based on interviews with more than 2,200 compliance, data protection and IT professionals from 477 companies located in 15 countries and regions globally who have experienced a data breach in the last 12 months. This is the first year the use of Internet of Things (IoT) technologies and security automation are included in the study. The study also defines mega breaches as those involving over 1 million records and costing $40M or more. Please see pages 5, 6 and 7 of the study for specifics on the methodology.

The report is a quick read and the data provided is fascinating. One can’t help but reflect on how legacy security technologies designed to protect digital businesses decades ago isn’t keeping up with the scale, speed and sophistication of today’s breach attempts. The most common threat surface attacked is compromised privileged credential access. 81% of all breaches exploit identity according to an excellent study from Centrify and Dow Jones Customer Intelligence, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in).

The bottom line from the IBM, Centrify and many other studies is that we’re in a Zero Trust Security (ZTS) world now and the sooner a digital business can excel at it, the more protected they will be from security threats. ZTS begins with Next-Gen Access (NGA) by recognizing that every employee’s identity is the new security perimeter for any digital business.

Key takeaways from the study include the following:

  • U.S. based breaches are the most expensive globally, costing on average $7.91M, more than double the global average of $3.86M. Nations in the Middle East have the second-most expensive breaches globally, averaging $5.31M, followed by Canada, where the average breach costs a digital business $4.74M. Globally a breach costs a digital business $3.86M this year, up from $3.62M last year. With the costs of breaches escalating so quickly and the cost of a breach in the U.S. leading all nations and outdistancing the global average 2X, it’s time for more digital businesses to consider a Zero Trust Security strategy. See Forrester Principal Analyst Chase Cunningham’s recent blog post What ZTX Means For Vendors And Users, from the Forrester Research blog for where to get started.

  • The number of breached records is soaring in the U.S., the 3rd leading nation of breached records, 6,850 records above the global average. The Ponemon Institute found that the average size of a data breach increased 2.2% this year, with the U.S. leading all nations in breached records. It now takes an average of 266 days to identify and contain a breach (Mean-time-to-identify (MTTI) a breach is 197 days and the mean-time-to-contain (MTTC) is 69 days), so more digital businesses in the Middle East, India, and the U.S. should consider reorienting their security strategies to a Zero Trust Security Model.

  • French and U.S. digital businesses pay a heavy price in customer churn when a breach happens, among the highest in the world. The following graphic compares abnormally high customer churn rates, the size of the data breach, average total cost, and per capita costs by country.

  • U.S. companies lead the world in lost business caused by a security breach with $4.2M lost per incident, over $2M more than digital businesses from the Middle East. Ponemon found that U.S. digitally-based businesses pay an exceptionally high cost for customer churn caused by a data breaches. Factors contributing to the high cost of lost business include abnormally high turnover of customers, the high costs of acquiring new customers in the U.S., loss of brand reputation and goodwill. U.S. customers also have a myriad of competitive options and their loyalty is more difficult to preserve. The study finds that thanks to current notification laws, customers have a greater awareness of data breaches and have higher expectations regarding how the companies they are loyal to will protect customer records and data.

Conclusion

The IBM study foreshadows an increasing level of speed, scale, and sophistication when it comes to how breaches are orchestrated. With the average breach globally costing $4.36M and breach costs and lost customer revenue soaring in the U.S,. it’s clear we’re living in a world where Zero Trust should be the new mandate.

Zero Trust Security starts with Next-Gen Access to secure every endpoint and attack surface a digital business relies on for daily operations, and limit access and privilege to protect the “keys to the kingdom,” which gives hackers the most leverage. Security software providers including Centrify are applying advanced analytics and machine learning to thwart breaches and many other forms of attacks that seek to exploit weak credentials and too much privilege. Zero Trust is a proven way to stay at parity or ahead of escalating threats.

Zero Trust Security Is The Growth Catalyst IoT Needs

  • McKinsey predicts the Internet of Things (IoT) market will be worth $581B for ICT-based spend alone, growing at a Compound Annual Growth Rate (CAGR) between 7 and 15% according to their study Internet of Things The IoT opportunity – Are you ready to capture a once-in-a-lifetime value pool?
  • By 2020, Discrete Manufacturing, Transportation & Logistics and Utilities industries are projected to spend $40B each on IoT platforms, systems, and services according to Statista.
  • The Industrial Internet of Things (IIoT) market is predicted to reach $123B in 2021, attaining a CAGR of 7.3% through 2020 according to Accenture.

IoT is forecast to be one of the tech industry’s fastest-growing sectors in the next three to five years, as many market estimates like the ones above illustrate. The one factor that will fuel IoT to rapidly grow to new heights or deflate demand just as quickly is security across the myriad of endpoints.

Zero Trust Security (ZTS) is the force multiplier IoT needs to reach its true potential and must be designed into IoT networks if they are going to flex and scale for every endpoint and protect every threat surface.

IoT Needs A Security Wake-Up Call Now  

Industrial Control Systems (ICS) provides a cautionary tale for anyone who thinks enterprise networks don’t need endpoint security and the ability to control access from any point inside or outside an organization.

Chemical, electricity, food & beverage, gas, healthcare, oil, transportation, water services and other key infrastructure industries have relied on ICS applications and platforms for decades. They were designed to deliver reliability and uptime first with little if any effort put into securing them.

However, the glaring security gaps in ICS provide the following lessons for IoT adoption now and in the future:

  • Only digitally enable an endpoint that can verify if every person or device attempting access is authorized, down to the risk score and device level. ICS endpoints were added as fast as utility companies and manufacturers could enable them with speed of deployment, reliability measurement, and uptime being the highest priorities. Security wasn’t a priority with the results being predictable: now many nations’ power grids are vulnerable to attack due to this oversight. With IoT, utilities need to start designing in security to the sensor level using Next-Gen Access as the foundation, leveraging Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM) to enable Zero Trust strategies organization-wide. Next-Gen Access calculates a risk score predicated on previous authorized login and resource access patterns for each verified account.  When there is an anomaly in account credentials’ use, users are requested to verify with Multi-Factor Authentication (MFA).
  • An ICS doesn’t learn from security mistakes, while NGA gets smarter with every breach attempt. A typical ICS is designed to make operations more efficient and reliable, not secure. Even with many endpoints of an ICS being digitally-enabled today with device retrofitting common, security still isn’t a priority. Instead of digitally enabling IoT sensors purely for efficiency, Next-Gen Access needs to be designed in at the sensor level to protect entire networks. Zero Trust Security’s four main pillars are to verify the user, validate their device, limit access and privilege, and learn and adapt. Machine learning is relied on for learning and adapting in real-time to access requests and threats.
  • ICS assumes no bad actors exist while NGA knows how to stop them. Bad actors, or those who want to breach a system for financial gain or to harm a business, aren’t just outside. Verizon’s 2017 Data Breach Investigations Report finds that 25% of all breaches are initiated from inside an organization and 75% outside which makes NGA essential for attaining Zero Trust Security on an enterprise level. Of the ICS being protected today, the majority are reliant on trusted and untrusted domains, a security technology over two decades old. When organized crime, state-sponsored hacking organizations or internal employees can quickly compromise privileged credentials, entire utility systems are at risk.
  • Replacing security-obsolete ICS with IoT-based systems that have NGA designed in to flex for every person and device shuts down physical and digital attack vectors organization-wide. The strategic security plan for any IoT-enabled enterprise has to prioritize faster automated discovery, configuration and response if it’s going to survive against highly orchestrated attacks. NGA has proven effective at thwarting unauthorized privileged credential attacks while continually learning from usage patterns of authorized and unauthorized users.

Conclusion

ICS have some of the most porous, incomplete security perimeters of any enterprise systems. 63% of all ICS-related vulnerabilities cause processing plants to lose control of operations, and 71% can obfuscate or block the view of operations immediately according to the Dragos Industrial Control Vulnerabilities 2017 in Review.  ICS needs an overhaul starting with Next-Gen Access, enabling Zero Trust Security across every employee and device that forms an organizations’ security perimeter.

Bain & Company released a study on the price elasticity of IoT-enabled products by security level. They found that 93% of the executives surveyed would pay an average of 22% more for devices with better security. Taken together, Bain estimates that improving security solutions for these devices could grow the IoT cybersecurity market by $9B to $11B.

The speed at which manufacturers are building smart, connected products accentuates the need for Zero Trust Security powered by Next-Gen Access from their inception. Security as an afterthought won’t be effective at the scale and pace of IoT.

Source: Bain Snap Chart, July 98, 2018 Better IoT Security Could Grow Device Market

 

Zero Trust Security Update From The SecurIT Zero Trust Summit

  • Identities, not systems, are the new security perimeter for any digital business, with 81% of breaches involving weak, default or stolen passwords.
  • 53% of enterprises feel they are more susceptible to threats since 2015.
  • 51% of enterprises suffered at least one breach in the past 12 months and malicious insider incidents increased 11% year-over-year.

These and many other fascinating insights are from SecurIT: the Zero Trust Summit for CIOs and CISOs held last month in San Francisco, CA. CIO and CSO produced the event that included informative discussions and panels on how enterprises are adopting Next-Gen Access (NGA) and enabling Zero Trust Security (ZTS). What made the event noteworthy were the insights gained from presentations and panels where senior IT executives from Akamai, Centrify, Cisco, Cylance, EdgeWise, Fortinet, Intel, Live Nation Entertainment and YapStone shared their key insights and lessons learned from implementing Zero Trust Security.

Zero Trust’s creator is John Kindervag, a former Forrester Analyst, and Field CTO at Palo Alto Networks.  Zero Trust Security is predicated on the concept that an organization doesn’t trust anything inside or outside its boundaries and instead verifies anything and everything before granting access. Please see Dr. Chase Cunningham’s excellent recent blog post, What ZTX means for vendors and users, for an overview of the current state of ZTS. Dr. Chase Cunningham is a Principal Analyst at Forrester.

Key takeaways from the Zero Trust Summit include the following:

  • Identities, not systems, are the new security perimeter for any digital business, with 81% of breaches involving weak, default or stolen passwords. Tom Kemp, Co-Founder, and CEO, Centrify, provided key insights into the current state of enterprise IT security and how existing methods aren’t scaling completely enough to protect every application, endpoint, and infrastructure of any digital business. He illustrated how $86B was spent on cybersecurity, yet a stunning 66% of companies were still breached. Companies targeted for breaches averaged five or more separate breaches already. The following graphic underscores how identities are the new enterprise perimeter, making NGA and ZTS a must-have for any digital business.

  • 53% of enterprises feel they are more susceptible to threats since 2015. Chase Cunningham’s presentation, Zero Trust and Why Does It Matter, provided insights into the threat landscape and a thorough definition of ZTX, which is the application of a Zero Trust framework to an enterprise. Dr. Cunningham is a Principal Analyst at Forrester Research serving security and risk professionals. Forrester found the percentage of enterprises who feel they are more susceptible to threats nearly doubled in two years, jumping from 28% in 2015 to 53% in 2017. Dr. Cunningham provided examples of how breaches have immediate financial implications on the market value of any business with specific focus on the Equifax breach.

Presented by Dr. Cunningham during SecurIT: the Zero Trust Summit for CIOs and CISOs

  • 51% of enterprises suffered at least one breach in the past 12 months and malicious insider incidents increased 11% year-over-year. 43% of confirmed breaches in the last 12 months are from an external attack, 24% from internal attacks, 17% are from third-party incidents and 16% from lost or stolen assets. Consistent with Verizon’s 2018 Data Breach Investigations Report use of privileged credential access is a leading cause of breaches today.

Presented by Dr. Cunningham during SecurIT: the Zero Trust Summit for CIOs and CISOs

                       

  • One of Zero Trust Security’s innate strengths is the ability to flex and protect the perimeter of any growing digital business at the individual level, encompassing workforce, customers, distributors, and Akamai, Cisco, EdgeWise, Fortinet, Intel, Live Nation Entertainment and YapStone each provided examples of how their organizations are relying on NGA to enable ZTS enterprise-wide. Every speaker provided examples of how ZTS delivers several key benefits including the following: First, ZTS reduces the time to breach detection and improves visibility throughout a network. Second, organizations provided examples of how ZTS is reducing capital and operational expenses for security, in addition to reducing the scope and cost of compliance initiatives. All companies presenting at the conference provided examples of how ZTS is enabling greater data awareness and insight, eliminating inter-silo finger-pointing over security responsibilities and for several, enabling digital business transformation. Every organization is also seeing ZTS thwart the exfiltration and destruction of their data.

Conclusion

The SecurIT: the Zero Trust Summit for CIOs and CISOs event encapsulated the latest advances in how NGA is enabling ZTS by having enterprises who are adopting the framework share their insights and lessons learned. It’s fascinating to see how Akamai, Cisco, Intel, Live Nation Entertainment, YapStone, and others are tailoring ZTS to their specific customer-driven goals. Each also shared their plans for growth and how security in general and NGA and ZTS specifically are protecting customer and company data to ensure growth continues, uninterrupted.

 

 

%d bloggers like this: