CXO

Management of Enterprises with Cloud, Mobile Devices, Personal Cloud, SaaS, PaaS, IaaS, IoT and APIs

The traditional tools for Enterprise Asset management and app management, performance management are challenged by the cloud.   Existing security tools are inadequate and are challenged by the new aspects of Enterprise Virtualization and new technology.  These new aspects:

  1. Personal Cloud
  2. SaaS Applications
  3. PaaS
  4. IaaS services
  5. Mobile Devices
  6. IoT Devices
  7. APIs and Cloud Services, Web Services
  8. Mobile Apps

These technologies turn traditional enterprise 4-walls paradigm security management into “Swiss Cheese.”   In many cases traditional Enterprise management tools are incapable of dealing with these new capabilities at all.

As a result Enterprises have taken on new applications to help manage some of these technologies in a one-off approach.  MDM mobile device management software is one tool used.   Most organizations employ best practices training for employees on most of the other technologies or depend on the vendor of those technologies to provide sufficient management information.   Frequently these management consoles or information are not integrated.

In some cases it may be possible to extend traditional Enterprise performance management and asset management to include some of the new technologies but most companies simply depend on employees to follow best practices or ignore the shadow IT problem and hope for the best.  Some are vigilant in trying to discourage shadow IT resulting in probably much less productivity of employees and the enterprise itself or turn employees seeking productivity into rogue employees.

The virtual enterprise needs a new set of management tools that are designed to manage devices, applications and services in a cloud world and provide security and management of the “holey” enterprise.

This is the “New Enterprise” and in fact many enterprises today may already be completely virtual.   This means traditional Enterprise Asset Management tools more focused on hardware are useless.  They have no traditional hardware to manage.

What we need is a new “Asset Management, performance management, operations management” capability that includes all these technologies above as a unified set of tools in our new virtual world.

Since I don’t know of any tool that exists that combines all these features I am going to dream for a bit about what such a tool would entail and what it’s requirements would be.

First, the tool would have to understand all 7 of the technologies listed above.     A lot of the products share common characteristics that makes a centralized administration, monitoring and usage sensible.   All of the assets mentioned have a set of url’s, login’s, key’s, security tokens or certificates and since they are all of the cloud type they all have APIs except possibly Mobile Apps.

All of these virtual services are multi-tenant and / or user specific.   Most of them can have many instances in an enterprise owned by different groups in the company or different individuals.   They all have the need to be tracked in usage and when compromised or a departure occurs they need to be cleaned or repurposed.

One can imagine an asset store which allows you to add easily any asset of the above types.   Ideally, the tool would automatically discover services when possible or interface to APIs periodically to update the list of known devices or virtual services and applications being used.

There may be a cost to such tools and those costs should be tracked.   When new employees come onboard you may need to allocate some of these services and devices, similarly when they leave this has to be backed out.   Ideally you should be able to organize the assets by numerous tags, such as location, group, type of asset.   You should be able to aggregate costs, usage, incidents, instances or any other metric that makes sense.

Many assets of this type are related to each other.   For instance a number of personal cloud services may be linked to an individual.   Devices, apps may also be linked to an individual.  Devices may be linked to an office or part of an office.   For physical devices it would be good to be able to locate the devices on a map.   For virtual services it would be good to have summaries of the riskiness of the data they contain, what kinds of threats have taken place or down time incidents.  For mobile apps it would be good to be able to see the dependency on APIs, so that if an API is experiencing a problem we can assume the app dependent on it will experience a problem.

I would think a good feature would be to track the version of the firmware or app for each service or instance being used.  It should be possible to force upgrade of devices and applications if needed.

One of the major benefits of such an overarching management application would be to help account for all the holes in the organization where information can go, to provide a way to isolate and govern that information separate from the employees personal services.   Possibly to track the content or purge it when needed.

The system would also be useful for helping manage large numbers of IoT devices, their dependencies on each other and other services.  It would be integrated with device management so that upgrades could be systematically applied and vulnerabilities understood.

It should support the social aspects of these assets helping employees find assets and understand how to use them.

I believe this kind of asset management platform is essential for the new virtual enterprise.   I have been saying for a while we need a way to operate with the cloud and the inevitable swiss cheese this makes of Enterprise security.

I see the future of these types of tools as critical to the Enterprise adoption of cloud and IoT in the future.

Other Articles you may find interesting like this:

Put it in the Store – The new paradigm of enterprise social asset sharing and reuse: Just put it in the store.

The Enterprise Store – App, API, Mobile

Here are some user stories for such an application:

User Story
Regular Employee see, search in a user friendly way the available external APIs, internal APIs I may use as well as mobile apps, web apps, SaaS services or other assets
Regular Employee to see, search or in a user friendly way see the relationship of assets to each other and to groupings or other individuals
Regular Employee See the all the virtual services and devices I use (or am registered for) and the health and status of all these virtual services and devices I use
Regular Employee See the usage and cost for the services I use
Regular Employee See other people’s comments, ratings, user docs and other information about any asset in the system
Regular Employee register services I use in the cloud such as google docs, dropbox, etc.. that may have corporate information on them and the credentials for the service
Regular Employee register IoT, Mobile devices I use
Regular Employee request an existing service, app, API for my use
Regular Employee inform that some service is compromised, in need of repair or will not be used anymore
Regular Employee to log a message with helpful advice, complaint, video, bug report or any content which would be usefully associated with an asset or group of assets
Regular Employee I can see the status of all my comments, tickets or other requests that are pending
Regular Employee I want to be notified via email or sms of incidents related to the assets I use
Regular Employee I can make a ticket request for a new asset type to be included in the store
Operations be able to do all that a regular employee can do for all assets or the assets I am responsible for
Operations be able to see more detailed health and status of all assets I am responsible for
Operations be able to act on behalf of a regular employee or set of regular employees to request, register or do any of the regular employee activities and that my acting on behalf of the employee is logged as well
Operations be able to go into the administrative API and perform tasks related to any asset including security, performance, upgrading
Operations be able to see the bigdata generated by the asset and perform queries against the logs and bigdata
Operations to be notified if any asset has a change of status or has something logged against it that may be of interest to me
Operations to be able to revoke instances, create instances of any service, set limits on the usage of services, devices or any asset
Operations to be able to configure new services or devices, allocate number of instances, security constraints and policies, fault tolerant policies, scaling policies, approval policies for requests for the services or devices
Operations to be able to move an asset to a different lifecycle stage such as from development to test to staging, production
Operations be able to configure the lifecycle of services or devices
Operations to create an incident, modify or cancel.  notify everyone involved with an asset affecting the availability, usage criteria and information about an eissue
Operations can set up SLA for any service or device
Developer be able to clone or create a new development environment for a service or device
Developer be able to set up continuous integration, test and deployment scripts
Developer be able to request the service or version of a service advance in its lifecycle
Developer be able to see all versions of the service or device I am working on and information related to the health or operation of that service or device
Developer be able to close a ticket related to services or devices I am responsible for
Developer to be able to examine in any depth the logs or other data associated with any service or device
Developer to be able to create or assign relationships between services and devices, to create new groups or tags associated with devices or services that links these or show a dependence
Developer to be able to create dashboards or analytical tools that themselves are services based on information and bigdata associated with services or devices
Developer be able to see more detailed health and status of all assets I am responsible for
Management to have configurable dashboards of operating metrics, costs, usage, incidents or other useful information for management
Management to be able to research history of the management data related to all assets
Management to see statistics and dashboards with respect to a single instance, the class of instances, the group responsible, the person responsible or any other tags associated with devices and services
Management to establish rules and policies for security,
Management to be able to configure new services or devices, allocate number of instances, security constraints and policies, fault tolerant policies, scaling policies, approval policies for requests for the services or devices
Overall the system must support numerous common personal cloud services, should enable automatic logon and scanning of content and activity to insure compliance, creation of accounts, deletion of accounts, transfer or copying of data
Overall the system must support numerous common SaaS applications and tie into their administrative and performance APIs to augment the information available in the dashboards
Overall the system must support numerous common internal use only APIs, external APIs we provide or provided by others, different tiers of usage, entitlement limitations or other policies around those APIs such as cost
Overall the system must support numerous common IaaS vendors and monitor usage, link to management APIs to be able to manage the IaaS infrastructure
Overall the system must support common PaaS platforms and enable monitoring of virtual containers, instances and tie those to assets in the store
Overall the system must support numerous common mobile devices and allow the MDM of those devices
Overall the system must support numerous common IoT devices and allow the MDM of those devices
Overall the system must support numerous common apps that users can download or come pre-configured for them
Overall the system should support any amount or type of content to be placed on the wall of an asset, group, tag or class
Overall the system should support security protocols, OAUTH2 and OPEN_ID or other protocols to support minimal need for the users to specify passwords or security themselves. In the case the service or device doesn’t support that then the system should be able to hold critical security information and invoke it to perform operations on behalf of the user
Overall the system should support an unlimited number of instances of devices or services even hundreds of thousands and to enable efficient management of large number of devices, services
Overall the system should support monitoring performance, be able to perform health checks automatically, create geofencing for devices, policy based management for deviations from the norm
Overall the system should support new user profiles with combinations of permissions and asset types not envisioned at this time
Advertisements

1 reply »

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s