Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/10/2010
05:51 PM
Bob Evans
Bob Evans
Commentary
50%
50%

Global CIO: 5 More Things Microsoft Must Do

Make some spicy acquistions (SAP? Tibco?) and seriously commit to cloud, data centers, and mobile.

1) Cloud Computing This whole concept, name, and approach rattle lots of folks at Microsoft because it threatens their entrenched territory and, quite frankly, the status they and their products have within Microsoft. What impact will the cloud have on the OS business? The desktop business? What about all those developers at Microsoft: do they do cloud, or do they despise it? Of particular concern is the prickliness Microsoft sometimes displays toward new models or new technologies that customers are eager to explore: recall that as Software as a Service began gaining incredible momentum and potential, Microsoft had to do its NIH thing and call its approach "Software plus Service," as if the company were still an undisputed king-maker and could dictate terminology and platforms by decree.

The ironic thing about cloud computing is that it plays precisely into the outcome that Bill Gates always touted with phrases like "computing for the masses" and his relentless drive to bring down the cost of computing. Over and over, I hear CIOs talking about how various cloud efforts have allowed them to cut deployment down from months or weeks to hours; from days to minutesand oftentimes, the cost implications are equally significant. Microsoft needs to jump into this pool with both feet and no water wings, proudly and loudly declaring it is going to become a cloud champion for customers across all of the company's core areas: the platform side, the connectivity side, the client side, and the applications side. No reservations, no hedging, no qualifications: if Microsoft tries to fudge its way in with a "top-secret 36-month migration/transition cannibalization-minimalization strategy," the quick and the hungry will ensure there's nothing close to a leadership spot for MS to pursue in 24 months, let alone 36.

2) Mobile Enterprise and Mobile Mindset. Mike Cuddy, the outstanding CIO at Toromont Industries, recently shared this big idea for some enterprise and enterprising IT vendor: "The cost of a netbook/low-end laptop is not much different from the cost of an un-contracted smartphone. What do we do with smartphones with they break? We pitch them into the recycle bin and buy new ones. Some IT vendor is going to get the bright idea to help corporate IT manage the future heterogeneous mobile device situation we are evolving to. In the past, we addressed support through standards, and ensuring consistency in end-user devices and software. I don't see how that will be possible the future. We will have many devices, with shorter life spans, with various networking components (wifi, hspa, lta, etc) , and application software that is constantly changing. These will need to be seamlessly managed, and it will not be easy." What better way for Microsoft to show the world it's 100% open? What better way for Microsoft to tie its deep-technology platforms and developer technologies into a massive global growth area? Why can't Microsoft create, manage, and sell the heck out of something it calls "the Enterprise Mobility Cloud," from which people can pull down to their mobile devices the apps, data, documents, files, and video they need across all those conflicting form-factors Cuddy mentions? Microsoft has always said it's in the platform businesswell this could be one a heckuva platform.

3) Data Centers. A few years ago, Microsoft began retooling its entire data-center philosophy to build the new type of muscle mass required to move more and more of its business online. In the course of those efforts, Microsoft has created some remarkable data-center prowess, exemplified perhaps in its mammoth Chicago data center that covers 700,000 square feet (about the size of Rob Preston's house) and cost the company $500 million (we analyzed this facility a few months agocheck out the link in the "Recommended Reading" section at the end of this column). Microsoft's got some other impressive facilities up and running or in the planning stages, and it's certainly looking to aggressively test new technologies and approaches on its way to becoming a world-class operator of giant data centers. And that's precisely the sort of expertise that lots and lots of companies are going to need in our always-on and always-online economyso Microsoft should think about parlaying that internal techie expertise into a commercial business along the lines of Microsoft Data Center Services. It would tie in nicely with the above-mentioned cloud and mobile opportunities, and would put Microsoft once more into a new and high-growth business that allows it to leverage the massive amount of intellectual capital and deep-tech expertise it has within its ranks.

4) Become the SaaS/On-Premise Integration King Everybody says this is a brutal problem, and it's going to get a whole lot worse before it shows any sign of improvement as SAP and Oracle and other applications company begin offering a wide range of SaaS and other on-demand apps to complement their traditional on-premises apps. Is integration a traditional Microsoft competency? Certainly notbut if Microsoft defines its future strategy by its tradition rather than market need, then it's goose is cooked. And look where such a business would place Microsoft: smack in the middle of conversations about enterprise apps (see next item), platforms (check), security (check), connectivity (check), databases (check), and strategici information management a la cloud and data centers (check and check). And I sure think CIOs would sit forward and say, "You're telling me that Microsoft is going to solve this problem for us? I need to hear this."

5) Acquisitions: SaaS, Integration, and Big Enterprise I'll break this out into those three groups:

 

Recommended Reading:

Previous
2 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11937
PUBLISHED: 2020-08-06
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
CVE-2020-15114
PUBLISHED: 2020-08-06
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting i...
CVE-2020-15136
PUBLISHED: 2020-08-06
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints func...
CVE-2020-15701
PUBLISHED: 2020-08-06
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.1...
CVE-2020-15702
PUBLISHED: 2020-08-06
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges....